blog.morphisec.com Open in urlscan Pro
2606:2c40::c73c:67e1 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates
Submission Tags: falconsandbox
Submission: On December 17 via api (December 17th 2024, 10:48:52 am UTC) from US — Scanned from US

Summary HTTP 190 Redirects Links 46 Behaviour Indicators

Summary

This website contacted 46 IPs in 4 countries across 36 domains to perform 190 HTTP transactions. The main IP is 2606:2c40::c73c:67e1, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare London, LLC, US. The main domain is blog.morphisec.com.
TLS certificate: Issued by WE1 on November 8th 2024. Valid for: 3 months.

This is the only time blog.morphisec.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
71	2606:2c40::c7... 2606:2c40::c73c:67e1	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare London)
2	2606:4700::68... 2606:4700::6812:593e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:2800:21f... 2606:2800:21f:edfc:49f9:c096:a5a7:75f2	15133 (EDGECAST) (EDGECAST)
2	2606:4700:440... 2606:4700:4400::6812:297c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
20	2606:4700::68... 2606:4700::6810:7574	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2607:f8b0:400... 2607:f8b0:4006:81e::2008	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:820::200a	15169 (GOOGLE) (GOOGLE)
2	2600:141b:1c0... 2600:141b:1c00:6::17df:d10d	20940 (AKAMAI-AS...) (AKAMAI-ASN1 Akamai International B.V.)
1	146.75.36.157 146.75.36.157	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6810:4869	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2a03:2880:f00... 2a03:2880:f00e:13:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
4	146.75.32.157 146.75.32.157	54113 (FASTLY) (FASTLY)
1	2606:4700::68... 2606:4700::6811:afc9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::6812:28f0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:8a11	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:df98	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:6bfe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	2a02:6ea0:c45... 2a02:6ea0:c454::1	60068 (CDN77 Dat...) (CDN77 Datacamp Limited)
7	2606:4700::68... 2606:4700::6812:50cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.66.0.227 172.66.0.227	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
2	18.208.7.233 18.208.7.233	14618 (AMAZON-AES) (AMAZON-AES)
5	2607:f8b0:400... 2607:f8b0:4006:823::2004	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:f06c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4 6	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2607:f8b0:400... 2607:f8b0:4006:809::2003	15169 (GOOGLE) (GOOGLE)
1	104.244.42.8 104.244.42.8	13414 (TWITTER) (TWITTER)
3	2a03:2880:f10... 2a03:2880:f10e:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	13.33.252.108 13.33.252.108	16509 (AMAZON-02) (AMAZON-02)
3	52.57.124.13 52.57.124.13	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:21d... 2600:9000:21dd:9000:7:d7d6:3c40:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6812:1247	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700:10:... 2606:4700:10::6816:38f5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	18.164.96.46 18.164.96.46	16509 (AMAZON-02) (AMAZON-02)
4	52.20.167.62 52.20.167.62	14618 (AMAZON-AES) (AMAZON-AES)
1	108.128.190.134 108.128.190.134	16509 (AMAZON-02) (AMAZON-02)
2	2600:9000:280... 2600:9000:2807:e400:2:7dc7:8f00:93a1	16509 (AMAZON-02) (AMAZON-02)
4	34.224.19.201 34.224.19.201	14618 (AMAZON-AES) (AMAZON-AES)
1	2607:f8b0:400... 2607:f8b0:4006:80f::2002	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:80a::2002	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:81e::200e	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4004:c21::9d	15169 (GOOGLE) (GOOGLE)
190	46

71 2606:2c40::c73c:67e1 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US)

blog.morphisec.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.morphisec.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:593e (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2800:21f:edfc:49f9:c096:a5a7:75f2 (United States)

ASN15133 (EDGECAST, US)

platform.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:4400::6812:297c (United States)

ASN13335 (CLOUDFLARENET, US)

7052064.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
1534169.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

20 2606:4700::6810:7574 (United States)

ASN13335 (CLOUDFLARENET, US)

no-cache.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4006:81e::2008 (United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:820::200a (United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:141b:1c00:6::17df:d10d (Secaucus, United States)

ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.36.157 (Reston, United States)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4869 (United States)

ASN13335 (CLOUDFLARENET, US)

scout-cdn.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a03:2880:f00e:13:face:b00c:0:3 (Toronto, Canada)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 146.75.32.157 (Ashburn, United States)

ASN54113 (FASTLY, US)

platform.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:afc9 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:28f0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:8a11 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:df98 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:6bfe (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 2a02:6ea0:c454::1 (New York, United States)

ASN60068 (CDN77 Datacamp Limited, GB)

consent.cookiefirst.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
edge.cookiefirst.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2606:4700::6812:50cc (United States)

ASN13335 (CLOUDFLARENET, US)

forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.66.0.227 (United States)

ASN13335 (CLOUDFLARENET, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.208.7.233 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-208-7-233.compute-1.amazonaws.com

scout.salesloft.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4006:823::2004 (United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:f06c (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:809::2003 (United States)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.8 (United States)

ASN13414 (TWITTER, US)

syndication.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f10e:83:face:b00c:0:25de (Toronto, Canada)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.33.252.108 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-252-108.jfk50.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.57.124.13 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-57-124-13.eu-central-1.compute.amazonaws.com

snid.snitcher.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21dd:9000:7:d7d6:3c40:93a1 (United States)

ASN16509 (AMAZON-02, US)

tag.clearbitscripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1247 (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6816:38f5 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.inspectlet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
hn.inspectlet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.164.96.46 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-164-96-46.jfk50.r.cloudfront.net

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.20.167.62 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-20-167-62.compute-1.amazonaws.com

x.clearbitjs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.clearbit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.128.190.134 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-190-134.eu-west-1.compute.amazonaws.com

content.hotjar.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:2807:e400:2:7dc7:8f00:93a1 (United States)

ASN16509 (AMAZON-02, US)

assets.trendemon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.224.19.201 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-224-19-201.compute-1.amazonaws.com

trackingapi.trendemon.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80f::2002 (United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:80a::2002 (United States)

ASN15169 (GOOGLE, US)

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:81e::200e (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4004:c21::9d (Washington, United States)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
71	morphisec.com blog.morphisec.com www.morphisec.com	1 MB
20	hubspot.com no-cache.hubspot.com — Cisco Umbrella Rank: 14744 js.hubspot.com — Cisco Umbrella Rank: 3653 app.hubspot.com — Cisco Umbrella Rank: 5921 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 3677 track.hubspot.com — Cisco Umbrella Rank: 2477 forms.hubspot.com — Cisco Umbrella Rank: 6196	195 KB
14	cookiefirst.com consent.cookiefirst.com — Cisco Umbrella Rank: 32152 edge.cookiefirst.com — Cisco Umbrella Rank: 37066	84 KB
8	linkedin.com 4 redirects platform.linkedin.com — Cisco Umbrella Rank: 3945 px.ads.linkedin.com — Cisco Umbrella Rank: 333 www.linkedin.com — Cisco Umbrella Rank: 676 px4.ads.linkedin.com — Cisco Umbrella Rank: 7032	165 KB
7	hsforms.com forms-na1.hsforms.com — Cisco Umbrella Rank: 7269 perf.hsforms.com — Cisco Umbrella Rank: 16907 forms.hsforms.com — Cisco Umbrella Rank: 4839 perf-na1.hsforms.com — Cisco Umbrella Rank: 3819	4 KB
6	trendemon.com assets.trendemon.com — Cisco Umbrella Rank: 116645 trackingapi.trendemon.com — Cisco Umbrella Rank: 88085	68 KB
6	google.com www.google.com — Cisco Umbrella Rank: 3 analytics.google.com — Cisco Umbrella Rank: 142	1 KB
6	twitter.com platform.twitter.com — Cisco Umbrella Rank: 1634 analytics.twitter.com — Cisco Umbrella Rank: 991 syndication.twitter.com — Cisco Umbrella Rank: 2069	31 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	334 KB
4	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 43 td.doubleclick.net — Cisco Umbrella Rank: 182 stats.g.doubleclick.net — Cisco Umbrella Rank: 135	3 KB
4	facebook.net connect.facebook.net — Cisco Umbrella Rank: 192	153 KB
3	clearbitjs.com x.clearbitjs.com — Cisco Umbrella Rank: 17923	45 KB
3	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 27058 ibc-flow.techtarget.com — Cisco Umbrella Rank: 24542	2 KB
3	snitcher.com snid.snitcher.com — Cisco Umbrella Rank: 91938	25 KB
3	facebook.com www.facebook.com — Cisco Umbrella Rank: 120	214 B
3	salesloft.com scout-cdn.salesloft.com — Cisco Umbrella Rank: 11366 scout.salesloft.com — Cisco Umbrella Rank: 14334	4 KB
2	inspectlet.com cdn.inspectlet.com — Cisco Umbrella Rank: 13784 hn.inspectlet.com — Cisco Umbrella Rank: 13863	65 KB
2	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 888 script.hotjar.com — Cisco Umbrella Rank: 1185	61 KB
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 4811 forms.hscollectedforms.net — Cisco Umbrella Rank: 4960	26 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 831	20 KB
2	hubspotusercontent-na1.net 7052064.fs1.hubspotusercontent-na1.net — Cisco Umbrella Rank: 20850 1534169.fs1.hubspotusercontent-na1.net	37 KB
2	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 225	32 KB
2	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 10169	4 KB
1	clearbit.com app.clearbit.com — Cisco Umbrella Rank: 18946	1 KB
1	hotjar.io content.hotjar.io — Cisco Umbrella Rank: 5577	171 B
1	clearbitscripts.com tag.clearbitscripts.com — Cisco Umbrella Rank: 14785	5 KB
1	gstatic.com www.gstatic.com	216 KB
1	hubapi.com api.hubapi.com — Cisco Umbrella Rank: 3690	1000 B
1	t.co t.co — Cisco Umbrella Rank: 904	628 B
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3341	4 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 5955	92 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2343	26 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2358	26 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 1016	16 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 29	3 KB
0	lltrck.com Failed lltrck.com Failed
190	36

	Domain	Requested by
62	blog.morphisec.com	blog.morphisec.com cdnjs.cloudflare.com
13	consent.cookiefirst.com	www.googletagmanager.com consent.cookiefirst.com www.morphisec.com
9	www.morphisec.com	blog.morphisec.com consent.cookiefirst.com
8	no-cache.hubspot.com	blog.morphisec.com
7	track.hubspot.com
5	px.ads.linkedin.com	3 redirects snap.licdn.com
5	www.google.com	blog.morphisec.com www.gstatic.com www.googletagmanager.com
5	www.googletagmanager.com	blog.morphisec.com www.googletagmanager.com
4	trackingapi.trendemon.com	assets.trendemon.com
4	platform.twitter.com	blog.morphisec.com platform.twitter.com
4	connect.facebook.net	blog.morphisec.com connect.facebook.net
3	x.clearbitjs.com	tag.clearbitscripts.com
3	snid.snitcher.com	blog.morphisec.com cdn.inspectlet.com
3	www.facebook.com	connect.facebook.net
3	perf.hsforms.com	blog.morphisec.com
2	td.doubleclick.net	www.googletagmanager.com
2	assets.trendemon.com	blog.morphisec.com assets.trendemon.com
2	ibc-flow.techtarget.com	trk.techtarget.com
2	scout.salesloft.com	scout-cdn.salesloft.com
2	forms-na1.hsforms.com	blog.morphisec.com
2	cta-service-cms2.hubspot.com	blog.morphisec.com js.hubspot.com
2	snap.licdn.com	blog.morphisec.com snap.licdn.com
2	cdnjs.cloudflare.com	blog.morphisec.com
2	cdn2.hubspot.net	blog.morphisec.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	analytics.google.com	www.googletagmanager.com
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	app.clearbit.com	cdn.inspectlet.com
1	hn.inspectlet.com	cdn.inspectlet.com
1	content.hotjar.io	script.hotjar.com
1	script.hotjar.com	static.hotjar.com
1	forms.hubspot.com	js.hsleadflows.net
1	cdn.inspectlet.com	blog.morphisec.com
1	trk.techtarget.com	blog.morphisec.com
1	tag.clearbitscripts.com	www.googletagmanager.com
1	static.hotjar.com	www.googletagmanager.com
1	edge.cookiefirst.com	consent.cookiefirst.com
1	syndication.twitter.com	blog.morphisec.com
1	perf-na1.hsforms.com	blog.morphisec.com
1	forms.hsforms.com	blog.morphisec.com
1	www.gstatic.com	www.google.com
1	px4.ads.linkedin.com	blog.morphisec.com
1	www.linkedin.com	1 redirects
1	1534169.fs1.hubspotusercontent-na1.net	blog.morphisec.com
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	api.hubapi.com	js.hsadspixel.net
1	analytics.twitter.com	blog.morphisec.com
1	t.co	blog.morphisec.com
1	app.hubspot.com	blog.morphisec.com
1	js.hubspot.com	blog.morphisec.com
1	js.hscollectedforms.net	blog.morphisec.com
1	js.hsadspixel.net	blog.morphisec.com
1	js.hsleadflows.net	blog.morphisec.com
1	js.hs-banner.com	blog.morphisec.com
1	js.hs-analytics.net	blog.morphisec.com
1	scout-cdn.salesloft.com	blog.morphisec.com
1	static.ads-twitter.com	blog.morphisec.com
1	fonts.googleapis.com	blog.morphisec.com
1	7052064.fs1.hubspotusercontent-na1.net	blog.morphisec.com
1	platform.linkedin.com	blog.morphisec.com
0	lltrck.com Failed	blog.morphisec.com
190	61

This site contains links to these domains. Also see Links.

Domain
support.morphisec.com
www.morphisec.com
engage.morphisec.com
twitter.com
labs.guard.io
azuremarketplace.microsoft.com
www.linkedin.com
www.youtube.com

Subject Issuer	Validity	Valid
blog.morphisec.com WE1	`2024-11-08` - `2025-02-06`	3 months	crt.sh
hubspot.net WE1	`2024-12-05` - `2025-03-05`	3 months	crt.sh
cdnjs.cloudflare.com WE1	`2024-11-26` - `2025-02-24`	3 months	crt.sh
platform.linkedin.com DigiCert SHA2 Secure Server CA	`2024-06-13` - `2025-06-13`	a year	crt.sh
hubspotusercontent-na1.net WE1	`2024-12-05` - `2025-03-05`	3 months	crt.sh
hubspot.com WE1	`2024-12-01` - `2025-03-01`	3 months	crt.sh
*.google-analytics.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
upload.video.google.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
www.morphisec.com WE1	`2024-11-08` - `2025-02-06`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2024-12-02` - `2025-12-01`	a year	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-25` - `2025-06-24`	a year	crt.sh
salesloft.com Sectigo RSA Domain Validation Secure Server CA	`2024-03-20` - `2025-04-19`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-09-25` - `2024-12-24`	3 months	crt.sh
*.twimg.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-24` - `2025-07-25`	a year	crt.sh
hs-analytics.net WE1	`2024-12-05` - `2025-03-05`	3 months	crt.sh
hs-banner.com WE1	`2024-11-22` - `2025-02-20`	3 months	crt.sh
hsleadflows.net WE1	`2024-11-27` - `2025-02-25`	3 months	crt.sh
hsadspixel.net WE1	`2024-12-08` - `2025-03-08`	3 months	crt.sh
hscollectedforms.net WE1	`2024-11-20` - `2025-02-18`	3 months	crt.sh
*.cookiefirst.com Sectigo RSA Domain Validation Secure Server CA	`2024-12-03` - `2025-12-16`	a year	crt.sh
hsforms.com WE1	`2024-12-08` - `2025-03-08`	3 months	crt.sh
t.co E6	`2024-11-26` - `2025-02-24`	3 months	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-10-07` - `2025-10-06`	a year	crt.sh
*.google.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
hubapi.com WE1	`2024-11-07` - `2025-02-05`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-10-14` - `2025-04-14`	6 months	crt.sh
*.gstatic.com WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
syndication.twitter.com R10	`2024-11-25` - `2025-02-23`	3 months	crt.sh
*.hotjar.com Amazon RSA 2048 M03	`2024-05-22` - `2025-06-20`	a year	crt.sh
snid.snitcher.com Amazon RSA 2048 M03	`2024-07-17` - `2025-08-14`	a year	crt.sh
clearbitscripts.com Amazon RSA 2048 M03	`2024-05-11` - `2025-06-08`	a year	crt.sh
trk.techtarget.com WE1	`2024-11-18` - `2025-02-16`	3 months	crt.sh
inspectlet.com WE1	`2024-12-08` - `2025-03-08`	3 months	crt.sh
ibc-flow.techtarget.com WR3	`2024-10-24` - `2025-01-22`	3 months	crt.sh
clearbitjs.com Amazon RSA 2048 M02	`2024-08-18` - `2025-09-16`	a year	crt.sh
*.hotjar.io Amazon ECDSA 256 M02	`2024-01-31` - `2025-03-01`	a year	crt.sh
clearbit.com Amazon RSA 2048 M03	`2024-08-19` - `2025-09-17`	a year	crt.sh
*.trendemon.com SSL.com RSA SSL subCA	`2024-06-18` - `2025-06-18`	a year	crt.sh
*.g.doubleclick.net WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh
*.doubleclick.net WR2	`2024-11-04` - `2025-01-27`	3 months	crt.sh

This page contains 10 frames:

Primary Page: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates
Frame ID: A531ACE9A034F9E5DFDC78C8B8B1A2F9
Requests: 178 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fblog.morphisec.com
Frame ID: 74D71A8948D6EAF040872C11F656D486
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2f70fb173b9000da126c79afe2098f02.en.html
Frame ID: 39305A7E9430C62663680E98CB4DB5C2
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9ibG9nLm1vcnBoaXNlYy5jb206NDQz&hl=en&v=zIriijn3uj5Vpknvt_LnfNbF&size=invisible&badge=inline&cb=3os50yd7cflv
Frame ID: B5942F721BDEB180895076CF7A8D492E
Requests: 1 HTTP requests in this frame

Frame: https://www.morphisec.com/cf-bc-handler.html
Frame ID: 24AC7D681EE9F2E935E6DAC055C9EED8
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/v3.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfa5a9ce153f4f3564%26domain%3Dblog.morphisec.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.morphisec.com%252Ff16a61a4c25a09089%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&layout=button_count&locale=en_US&sdk=joey
Frame ID: D51B65D1EF4CF0D2E023BA8809848C8E
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=zIriijn3uj5Vpknvt_LnfNbF&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm
Frame ID: E075EF511AB561421BA677D12F9131AC
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/784310031?random=1734432526382&cv=11&fst=1734432526382&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4cc1z8897572158za200zb897572158&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&hn=www.googleadservices.com&frm=0&tiba=CoinLurker%3A%20The%20Stealer%20Powering%20the%20Next%20Generation%20of%20Fake%20Updates&did=dNjAwYj&gdid=dNjAwYj&npa=0&pscdl=noapi&auid=23533487.1734432528&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: 46B6AE86A2AE6528E262E152A87DB00B
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-HFVX4VZHCS&gacid=1961934918.1734432528&gtm=45je4cc1v897583451z8897572158za200zb897572158&dma=0&gcs=G111&gcd=13t3t3t3t5l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178&z=1057614669
Frame ID: C3F8AD01D4B588D69DEF0874D64C925A
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4cc0/sw_iframe.html?origin=https%3A%2F%2Fblog.morphisec.com
Frame ID: 3FCCF59905366FF16E1845CCB6A2BFFD
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

CoinLurker: The Stealer Powering the Next Generation of Fake Updates

Detected technologies

AMP (JavaScript frameworks) Expand

Overall confidence: 100%
Detected patterns

<link rel="amphtml"

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Inspectlet (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.inspectlet\.com

Linkedin (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.linkedin\.com/in\.js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Slick (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

(?:/([\d.]+))?/slick(?:\.min)?\.js

Twitter (Widgets) Expand

Overall confidence: 100%
Detected patterns

//platform\.twitter\.com/widgets\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

190
Requests

98 %
HTTPS

69 %
IPv6

36
Domains

61
Subdomains

46
IPs

4
Countries

2842 kB
Transfer

7468 kB
Size

55
Cookies

46 Outgoing links

These are links going to different origins than the main page.

URL: https://support.morphisec.com/
Title: Support

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/partners
Title: Partners

Search URL Search Domain Scan URL

URL: https://engage.morphisec.com/experiencing-a-breach
Title: Under Attack?

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/products/
Title: Product Overview

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/morphisec-for-managed-services
Title: Morphisec for Managed Services

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/products/adaptive-exposure-management
Title: Adaptive Exposure Management

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/products/morphisec-windows-endpoint-protection
Title: Morphisec for Windows Endpoints

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/products/morphisec-windows-server-protection
Title: Morphisec for Windows Servers & Workloads

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/products/morphisec-linux-server-protection
Title: Morphisec for Linux Server Protection

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/incident-response-services
Title: Incident Response Services

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/moving-target-defense
Title: About Moving Target Defense

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/solutions/finance-industry
Title: Finance

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/solutions/hedge-funds-industry
Title: Hedge Funds

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/solutions/healthcare-industry
Title: Healthcare

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/solutions/tech-industry
Title: Technology

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/solutions/manufacturing-industry
Title: Manufacturing

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/solutions/legal-industry
Title: Legal

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/solutions/k-12-school-cybersecurity
Title: K-12 Education

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/solutions/small-business
Title: SMB

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/morphisec-microsoft-defender-av
Title: Microsoft Defender AV

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/morphisec-microsoft-defender-for-endpoint
Title: Microsoft Defender for Endpoint

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/products/virtual-desktop-infrastructure
Title: Virtual Desktop Protection

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/cloud-workload-protection
Title: Cloud Workload Protection

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/remote-employee-security
Title: Remote Employee Security

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/ransomware-prevention
Title: Ransomware Prevention

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/virtual-patch
Title: Virtual Patching and Compliance

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/supply-chain-attack-prevention
Title: Supply Chain Attack Protection

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/browser-attack-protection
Title: Browser Attack Protection

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/about-us
Title: About Us

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/news-and-events
Title: News & Events

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/careers
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/contact-us
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/resources
Title: Learning Center

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/morphisec-customer-corner
Title: Customer Stories

Search URL Search Domain Scan URL

URL: https://support.morphisec.com/hc/en-us
Title: Support

Search URL Search Domain Scan URL

URL: https://twitter.com/LNadav
Title: Twitter

Search URL Search Domain Scan URL

URL: https://labs.guard.io/etherhiding-hiding-web2-malicious-code-in-web3-smart-contracts-65ea78efad16
Title: EtherHiding

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/products/morphisec-vulnerability-management
Title: Morphisec Vulnerability Visibility & Prioritization

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/legal-compliance
Title: Privacy & Legal

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/schedule
Title: Contact Sales

Search URL Search Domain Scan URL

URL: https://azuremarketplace.microsoft.com/en-us/marketplace/apps/morphisec.morphisec_threat_prevention?tab=Overview
Title: Inquire via Azure

Search URL Search Domain Scan URL

URL: https://twitter.com/morphisec

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/morphisec

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCe48cR5xTxPJSYMjG-So7Rw

Search URL Search Domain Scan URL

URL: https://www.morphisec.com/privacy-policy/
Title: Privacy policy

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 118

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32136&time=1734432526396&li_adsId=f8d980f8-3623-4404-a28b-d194c370ac27&url=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32136&time=1734432526396&li_adsId=f8d980f8-3623-4404-a28b-d194c370ac27&url=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D32136%26time%3D1734432526396%26li_adsId%3Df8d980f8-3623-4404-a28b-d194c370ac27%26url%3Dhttps%253A%252F%252Fblog.morphisec.com%252Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32136&time=1734432526396&li_adsId=f8d980f8-3623-4404-a28b-d194c370ac27&url=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=32136&time=1734432526396&li_adsId=f8d980f8-3623-4404-a28b-d194c370ac27&url=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&cookiesTest=true&liSync=true&e_ipv6=AQJkkLAPYHd6ZwAAAZPUPBGNghyxsAfQbwMzKf8KohUTWhxbMpVpdtHPyE554Um0euQVWH8fvXb2FCnCcf4W2ZxwNNnIfQ0

190 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request coinlurker-the-stealer-powering-the-next-generation-of-fake-updates Show response
blog.morphisec.com/ 247 KB
26 KB 118ms
67ms Document
text/html 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae4b54eea835ff08fd0c443097ca4aae63b250097f38a659f945972252163b7a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=7200,max-age=5
cache-tag: CT-183781340986,CG-3742504875,P-1534169,L-111241817773,W-110459115301,W-110461035085,W-110617941043,W-17242827075,CW-109590708858,CW-111929326924,CW-148583664153,CW-6224157750,CW-96190736016,E-109591972187,E-109621200285,E-109629951254,E-109788822098,E-110333050473,E-110410292559,E-110414479364,E-110809165900,E-36272650673,E-6213834399,E-6224156614,E-6224925249,E-91587260036,MENU-110459115301,MENU-110461035085,MENU-110617941043,MENU-17242827075,PGS-ALL,SW-1,GC-109628533403,GC-111932574522
cf-cache-status: HIT
cf-ray: 8f3657b54d24438a-EWR
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html;charset=utf-8
date: Tue, 17 Dec 2024 10:48:45 GMT
edge-cache-tag: CT-183781340986,CG-3742504875,P-1534169,L-111241817773,W-110459115301,W-110461035085,W-110617941043,W-17242827075,CW-109590708858,CW-111929326924,CW-148583664153,CW-6224157750,CW-96190736016,E-109591972187,E-109621200285,E-109629951254,E-109788822098,E-110333050473,E-110410292559,E-110414479364,E-110809165900,E-36272650673,E-6213834399,E-6224156614,E-6224925249,E-91587260036,MENU-110459115301,MENU-110461035085,MENU-110617941043,MENU-17242827075,PGS-ALL,SW-1,GC-109628533403,GC-111932574522
last-modified: Tue, 17 Dec 2024 09:42:41 GMT
link: </hs/hsstatic/content-cwv-embed/static-1.1293/embed.js>; rel=preload; as=script, </hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js>; rel=preload; as=script, </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script, </hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
priority: u=0,i
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6omTMrcLMEzg%2FuMBIkOOkXM%2FcU4JfdMccRtL3pi8zOM1Fp79qjyDWRqUt1q5dq1QKv0yks23b1%2Fu%2BE%2BYpsvnpqe%2F1ls9Kkfys3YPZc8wZBEjZ3oLz6Hx9GbB25habp0T8QRKcb0bA7uZtQW%2FgmkZjw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfExtPri
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 182
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/cms-10-19-td/envoy-proxy-55cf57c567-kvtfn
x-evy-trace-virtual-host: all
x-hs-cache-config: BrowserCache-5s-EdgeCache-7200s
x-hs-content-id: 183781340986
x-hs-hub-id: 1534169
x-hubspot-correlation-id: 3103adab-0b46-477b-841d-9c512feb4c82
x-request-id: 3103adab-0b46-477b-841d-9c512feb4c82
x-xss-protection: 1

GET
H3 200 embed.js Show response
blog.morphisec.com/hs/hsstatic/content-cwv-embed/static-1.1293/ 13 KB
6 KB 72ms
71ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/hsstatic/content-cwv-embed/static-1.1293/embed.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb5224674e43d02db0037517f4aa29ba5ce9ddd0672e513cc7289714ba657522

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"f667e53d5752ee2e5759f3dfaf20d330"
age: 1660128
x-amz-version-id: AFGFBaAC1397GFbOapH2DRIkjQ_NaZzY
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TrGTLlNb7Q5XGivJc65d1Zv6B7xZidJx%2FNeZ2fx2%2F%2BGbSA1gXtpmEcJMg9vZYE7bjX4oYhGRIW%2BF3Vb3Bo%2F2bWueKs6uSmiJWnNXOMWYc%2FvQLn1H4%2F8m2qGwhMco2Me9WeNNycfw1fA%2B9z0MpgxsHw%3D%3D"}],"group":"cf-nel","max_age":604800}
expires: Wed, 17 Dec 2025 10:48:45 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: G70Hp3iBWbj5ZT7OBx3TBzj6m0KndrM3ZcdVa1TL0qEwQfwd5G33Xw==
date: Tue, 17 Dec 2024 10:48:45 GMT
content-type: application/javascript
last-modified: Mon, 23 Sep 2024 19:59:06 GMT
vary: accept-encoding
priority: u=1,i=?0
server-timing: cfExtPri
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 c790ffcab27717f283a6e87f31c6d65a.cloudfront.net (CloudFront)
cf-ray: 8f3657b5cd68438a-EWR
x-amz-cf-pop: JFK50-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 project.js Show response
blog.morphisec.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/ 2 KB
1 KB 73ms
71ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"ef84f26c310485299d6b75777414eddb"
age: 1553335
x-amz-version-id: gEenO44eZUewxnIWfgj9q6LB.g9OszNv
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7GnSeMg9FkWohFjb69DA1qcUnmJnli1ezkPnzQhsf0Do%2FaSu1MIhmtXn0107un%2BCZbisEofL3AQp9i7z5Gu29QN9XsqucDPliz1KDcclPvXNMWgCBO8xT9NPHJgZh%2Fzh9qi%2FyYYWqgS%2FpvVpzex%2B3w%3D%3D"}],"group":"cf-nel","max_age":604800}
expires: Wed, 17 Dec 2025 10:48:45 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: 9G0naJye3Coup0yq6HMfzqe3F_4CgKJid14ZRHAaaNBhFT5VImIfrQ==
date: Tue, 17 Dec 2024 10:48:45 GMT
content-type: application/javascript
last-modified: Wed, 19 Aug 2020 22:24:11 GMT
vary: accept-encoding
priority: u=1,i=?0
server-timing: cfExtPri
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 54798bbc2ce3e33c706761634ac87e48.cloudfront.net (CloudFront)
cf-ray: 8f3657b5cd6a438a-EWR
x-amz-cf-pop: JFK50-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 project.js Show response
blog.morphisec.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
2 KB 73ms
72ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"61ca66de658cab9587e4636894680d5d"
age: 1568507
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=weQtpcLyTPZrtQdmhl75gKpC43mbpfjxuTV6vApWqsYBbWBamri36EQuiOSCz0dkZGysM8KEFp7XNHv4EscVPal1DxzG2ccg6uEBWlOFuB8XCL%2FkK5fmOpINPPwSBa32YuCiYm7BzVZsx64JEN4TxA%3D%3D"}],"group":"cf-nel","max_age":604800}
expires: Wed, 17 Dec 2025 10:48:45 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: 2wrrKS7-rq1SydqfVxg63XSytJ2OnXIVUGhKrcaTxvUq_UdOs5EF3g==
date: Tue, 17 Dec 2024 10:48:45 GMT
content-type: application/javascript
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
vary: accept-encoding
priority: u=1,i=?0
server-timing: cfExtPri
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 2301ef513d768666e30ce282b9045098.cloudfront.net (CloudFront)
cf-ray: 8f3657b5cd6b438a-EWR
x-amz-cf-pop: JFK50-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 post_listing_asset.js Show response
blog.morphisec.com/hs/hsstatic/AsyncSupport/static-1.122/js/ 3 KB
2 KB 54ms
53ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e7902d12bed414b23fd30c7019fc0fe08d03b14984beb21e486aaa59135f803

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"d95d7dafd49a1edc76a47120c287b579"
age: 1204051
x-amz-version-id: nC1hzr07YsutChb9rCwKsMoiyxip8lR7
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=onBpbiVcEAhe6jZs3Du4Nmztmqy1LFmS%2Bq4QAnPE0Ar3wUETVxUJ0LhAwLhrT%2F7x6fIurxuudlrIkYOmztwcNx81C7Mx1fkOJAnFdgQCT0tLbMnBr1lSmPGJE1PkiQwN5Yr0xRZCMYtF4u2S2JP%2FZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
expires: Wed, 17 Dec 2025 10:48:45 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: MgQ239v6z5zD9XD9lGVCDed0gyb8wUq41PdJLEL4hK1zh40cbdpOJA==
date: Tue, 17 Dec 2024 10:48:45 GMT
content-type: application/javascript
last-modified: Fri, 17 Dec 2021 15:26:10 GMT
vary: accept-encoding
priority: u=1,i=?0
server-timing: cfExtPri
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 153c5cd2b3e635613d0a2fa0f107993a.cloudfront.net (CloudFront)
cf-ray: 8f3657b5cd6d438a-EWR
x-amz-cf-pop: JFK50-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 v2.js Show response
blog.morphisec.com/_hcms/forms/ 485 KB
161 KB 56ms
55ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb14dfe8ae5aaa4a01824e5fc91c51fb3302150e6143796961e266017ac39817

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-request-id: f7ba497c-4930-42cb-8f84-1f02f7fd878f
content-encoding: br
cf-cache-status: HIT
etag: W/"558de7b20c531aa81c999732b3c69474"
age: 535
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-amz-version-id: nL.3tgVnBfE9VUOI2CFVsUxrNJIPlAAW
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tectGmrd8PqvDFZBL3UK4vUtCkZKrDg%2FL%2FT3vpL2hmEG5AMu5z2GVyQ%2FX%2Fg04c5RZnmCfHm22PUngkd0tuRGeKhwb0Ac4AwTynx0uKpPTqsf3dAIdyuSKBWBR2iA3cYPMrO%2BzblCJ893fja63iKEOw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: vG9HdHQwJ_CYhEtRoonse1C1GDxZ3ubK6YKYSQlnuDdFdqFrsDxatQ==
x-hubspot-correlation-id: f7ba497c-4930-42cb-8f84-1f02f7fd878f
content-type: application/javascript; charset=utf-8
last-modified: Thu, 12 Dec 2024 15:46:41 UTC
priority: u=1,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-q6sv6
x-envoy-upstream-service-time: 3
x-hs-target-asset: forms-embed/static-1.6926/bundles/project-v2.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
x-hs-cache-status: HIT
date: Tue, 17 Dec 2024 10:48:45 GMT
vary: accept-encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.6926/bundles/project-v2.js&cfRay=8f11614a7a8b139d-MIA
via: 1.1 53b70ac9dc46d1c13992b291cf22a9aa.cloudfront.net (CloudFront)
cf-ray: 8f3657b5cd6e438a-EWR
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H3 200 reset.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109591972187/1697111371858/2023/CSS/ 1 KB
2 KB 57ms
56ms Stylesheet
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109591972187/1697111371858/2023/CSS/reset.min.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

abd611420c0557b18c6fbd0dd66eb643fc3298fbaccd15e0a2ba9fdf78f2ca72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-request-id: fcd1f8a9-0776-4b89-a124-eb12d7458ade
content-encoding: gzip
cf-cache-status: HIT
etag: W/"fdc18c7998eab7f0173b18cbfee4df06"
age: 1044
x-amz-version-id: LIGvZMYA2GuHTR7O2Z5oVj7c2QZI5kJK
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4JeqY2u1XlNGM2jOy650HjOZPe6%2F7X%2BroMWkkthkHDe77fCyyoN6PEYrYnyDkEqCfJHRhkJNqerukBkIQ25vNIxYfKnX0pMHPvHLaKMxofSufejeHbS%2FENu7q2KbXN1lNWdM9ymJEfoXoHNU7Hcavw%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: be6JvVL7rFYbwGL3oXoIRBHh48YUUW_VT9AD70IPCFnfuFACDim5Ww==
x-hubspot-correlation-id: fcd1f8a9-0776-4b89-a124-eb12d7458ade
content-type: text/css
last-modified: Thu, 12 Oct 2023 11:49:33 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-679cd85c5c-q9n7k
x-envoy-upstream-service-time: 179
x-amz-request-id: CN6HQSHSAR6ZG2GY
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:45 GMT
vary: origin, Accept-Encoding
x-amz-id-2: WUNY4QM8wVmqV4H5nTpqKsXIBpguwEOnksPF1k9OsKfSW7NK4xJl0vfRAHQdDe4H9gajZqpnO+U=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: blog.morphisec.com
access-control-allow-credentials: false
via: 1.1 f3131b940cd6fd6a885d42f83a5b3a42.cloudfront.net (CloudFront)
cf-ray: 8f3657b5cd72438a-EWR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD61-P3
x-amz-meta-created-unix-time-millis: 1697111372573

GET
H3 200 fonts.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/ 6 KB
2 KB 64ms
61ms Stylesheet
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

44bc30322b395963cf09e8fb1bee4d07e58d60599a82c4e821cf89ed36d0b786

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-request-id: 5ecce500-78dd-4875-984a-35ac99c17009
content-encoding: gzip
cf-cache-status: HIT
etag: W/"129a23607bce2eee640430d3bbfef277"
age: 1044
x-amz-version-id: dVLtzAKZg__B3uxHbu3a_2GX4VNB5e_S
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=houPKR3S%2Bd6YDKBImBuElPctrzxbqGodALgEte0QAcVlkJKyav%2FyXWa1SnQ33DE0mJYmavjNuk9RYDYlm3ePYzzWdss67QXGwT%2BxU988D0EYM6n73x2uqiTZU3acA%2FUFQ5tHh0fvlzxu8Nro%2BQwRvA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: 8ES-JnJ2gRFWBcs6dyfCM1C7qaJmXI_Wavul_RRc29eyk4yiZ_v7Pg==
x-hubspot-correlation-id: 5ecce500-78dd-4875-984a-35ac99c17009
content-type: text/css
last-modified: Wed, 05 Apr 2023 11:14:13 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6548769dcd-5f7tz
x-envoy-upstream-service-time: 189
x-amz-request-id: Y7MHJMCD9FHF7YJY
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:45 GMT
vary: origin, Accept-Encoding
x-amz-id-2: yG7zeFDkJKmWNQytE68Qv9a0OV5mf75UhB/wdiWg84qfiHqikxHoafPIFveIf91ab9SuQKFC73o=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: blog.morphisec.com
access-control-allow-credentials: false
via: 1.1 f2c051917a765f1d1a1cd2ce1622adb8.cloudfront.net (CloudFront)
cf-ray: 8f3657b5cd76438a-EWR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1680693252902

GET
H3 200 custom.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109788822098/1682414589849/2023/CSS/ 280 B
2 KB 64ms
58ms Stylesheet
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109788822098/1682414589849/2023/CSS/custom.min.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d7c2ddb591f4a579e867624a9ac11234ee3b7ef13f41c743088d4b4d723b8461

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-request-id: 3e287ec6-25c6-4e60-b11a-cc4f3515fcbc
content-encoding: br
cf-cache-status: HIT
etag: W/"5c5cddb5467e6fe854b7d0a6f51135e8"
age: 1044
x-amz-version-id: Tnt1z7gJRW9yvpi1rPu2tP7PpekG4_IL
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8PZ9Ub2j4BZTOdRsfIsoSMKlfGUBtSWiCNDVxgOWM%2Bl4sokIvmvqimaFo4%2BYxuHRLYADi9NCvYbIpZBjqREE%2FnWBLh6eNKcRoaFhUAaKMtRzgTENYcF4%2B6lNHJ4fBHpU7a6SXu1EtpkKrN4didFJqw%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: 4uBZUjgo6Q3aoWYKSQeu2B5PS944db_7GtWTnmkfa6e17o-L6FwdKQ==
x-hubspot-correlation-id: 3e287ec6-25c6-4e60-b11a-cc4f3515fcbc
content-type: text/css
last-modified: Tue, 25 Apr 2023 09:23:11 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6548769dcd-zn5t2
x-envoy-upstream-service-time: 199
x-amz-request-id: YM0K5Y6EV5QHNHFB
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:45 GMT
vary: origin, Accept-Encoding
x-amz-id-2: JRpv27AJx+5QCI2pYfVCUPl3dxnEavA/7P4WHocm7AxtZCfQOL+sopaDXsgRe+3g7TpN6cM86Ps=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: blog.morphisec.com
access-control-allow-credentials: false
via: 1.1 88b63cb2f8aab28c7291262ffc15282e.cloudfront.net (CloudFront)
cf-ray: 8f3657b5dd79438a-EWR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1682414590689

GET
H3 200 slick.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110414479364/1681177548465/2023/CSS/ 1 KB
2 KB 70ms
63ms Stylesheet
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110414479364/1681177548465/2023/CSS/slick.min.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

71815070cf1baa5e8fe6694ab489c18374703c8fb1e11700f2530ccb8fb32d33

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-request-id: 0da81ed1-bf13-43ac-a3c8-c12bee4865b4
content-encoding: gzip
cf-cache-status: HIT
etag: W/"50424795a4c8f41eaba805785dcd11a3"
age: 1044
x-amz-version-id: CSM7qjm5tr1tplGgJgxA9LlFMJy2.Rrt
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2jqFngExLEQRy6NM8Qajs7sDTDUMeUM24Eggt9e30%2BdHc4IkjJggTF4rDbuzlEEFhOZFhVGMp7J65I993H8yk%2FZoIe63MPtAPYbJ04HofFqL2pQiq9ifwhXjucENFKxxpxgJ5W%2B9AcmHWAlWaNlxgg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: IzJz1nFKJ2r-m0U66q92mL-haaIGhcXCh4IyKypYkJCLf_WTOYsSMw==
x-hubspot-correlation-id: 0da81ed1-bf13-43ac-a3c8-c12bee4865b4
content-type: text/css
last-modified: Tue, 11 Apr 2023 01:45:50 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6548769dcd-tsm68
x-envoy-upstream-service-time: 292
x-amz-request-id: QS72YSM7B9EQDHTC
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:45 GMT
vary: origin, Accept-Encoding
x-amz-id-2: 8tHcZ8rnHg8OYhnyG//7UgBNX0WTEllYAGmPvdf3EMkLrRGZmFX7qH4cskJrzk1aDOlxREZve8g=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: blog.morphisec.com
access-control-allow-credentials: false
via: 1.1 5c91d033409cd7607633594f94b09064.cloudfront.net (CloudFront)
cf-ray: 8f3657b5dd7c438a-EWR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1681177549173

GET
H3 200 module_109590708858_Header_-_Global.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1718666705155/ 19 KB
5 KB 53ms
47ms Stylesheet
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1718666705155/module_109590708858_Header_-_Global.min.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ec3c84e8019f979befe03094b124908c617d66036668dade9e8edf77b239924

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-request-id: f3df97f8-89e8-4ff3-9770-16451e177a8c
content-encoding: gzip
cf-cache-status: HIT
etag: W/"6e88b79d3c88ae7b7cdc87de63b2df5d"
age: 2931
x-amz-version-id: EmcCbP35dT6z.TbaRVMftxuobV7Ho9gP
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PuiWe%2BUNThy3HE%2BVJ3z9bIgOmlnsCfTcZs9YxY65AB4zu16Kl5hhD%2BFREXOmga%2Fcz99QAin6hNPgYF%2FhHdxI54CEG1ygLAiFY67YTTzJfnauyv9PWUh5%2FX8bMgm%2FjT%2Fioahfu8TGHScvjmExq7ZknQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: xNs8LRQIal-BciH12MCr7sKqSYsA8nmKpnh4MId1SE9uM0EggnmSFQ==
x-hubspot-correlation-id: f3df97f8-89e8-4ff3-9770-16451e177a8c
content-type: text/css
last-modified: Mon, 17 Jun 2024 23:25:06 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6548769dcd-kfcdw
x-envoy-upstream-service-time: 159
x-amz-request-id: THMA7QJYGK1QNYY2
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:45 GMT
vary: origin, Accept-Encoding
x-amz-id-2: 0JSMJjI1R8sXR90kV7fXh748hRwXx9MqpjElPjcrdplGbyw0M/IE80xa2pbvQQvgWcX0ozWXdII=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: blog.morphisec.com
access-control-allow-credentials: false
via: 1.1 041a4887d523cabe8177e269cc358162.cloudfront.net (CloudFront)
cf-ray: 8f3657b5dd7f438a-EWR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1718666705155

GET
H3 200 project.css
blog.morphisec.com/hs/hsstatic/BlogSocialSharingSupport/static-1.258/bundles/ 720 B
1 KB 70ms
63ms Stylesheet
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/hsstatic/BlogSocialSharingSupport/static-1.258/bundles/project.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf3e0ecae28a70c5e010c24c160321243efe54f497d49a6a8f31ca12ee7eb972

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"a81c70764750950eb72d4537c41e781f"
age: 1820511
x-amz-version-id: 8ccI4weZqJTdCHtwNm3UqetXb_uUGb6Y
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZiIIFXOktjq99pXNvxISUB%2FVkfsuV%2BuY9HsqrrBqEmfLaAzV1wMUu%2BAPCvuhjrhbx53UeXg4uqHcWfIIUD2jpbX6tacGVX%2FcvD97lIYykpqSIx3IzTqqaqanJDNC8TkZzH8YUU1nvilJw4LpiIJ9GQ%3D%3D"}],"group":"cf-nel","max_age":604800}
expires: Wed, 17 Dec 2025 10:48:45 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: xFWYjPv-PeaTpKdxfCpz46XTpwLbq9B0pfezHJJbQJOTDO4ta-ZqYg==
date: Tue, 17 Dec 2024 10:48:45 GMT
content-type: text/css
last-modified: Tue, 19 Mar 2024 20:21:22 GMT
vary: Accept-Encoding
priority: u=0,i=?0
server-timing: cfExtPri
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 d33ed2107293e32734a96656b820e092.cloudfront.net (CloudFront)
cf-ray: 8f3657b5dd81438a-EWR
x-amz-cf-pop: JFK50-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 module_148583664153_Blog_Quiz.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/148583664153/1703224192160/ 1 KB
2 KB 75ms
69ms Stylesheet
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/148583664153/1703224192160/module_148583664153_Blog_Quiz.min.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4e0a2edf9cc6b61a6576a95fe791ac7b4470577d68e0cc738a2f90d2d6416589

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-request-id: f053bba8-61db-43df-bde6-d350308b2353
content-encoding: gzip
cf-cache-status: HIT
etag: W/"5292316ee34f942adabf9639035cb5f1"
age: 2931
x-amz-version-id: YbKx_knHjcoCWj.kdAsSCG6ojGVZltfV
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J4H7OW5bxZfFwyiLvwJ%2BAlhoz10c5h2YuLjdJF%2FwI%2BgYRGEPimBMGfS4JPW1JwIn6bfV9S57bnYDVHlZEAv0QTUtKHDakfBps0NydgGtpcYWtfNvjkiiAciviUFADI30v5CwkAp8kEzwxLVJKcwCeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: KdU3HS1ygHZcBDPxrzmoRvXUI2YZEsBCB_sp46c_5uEo1GAtsTznzg==
x-hubspot-correlation-id: f053bba8-61db-43df-bde6-d350308b2353
content-type: text/css
last-modified: Fri, 22 Dec 2023 05:49:53 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5689dcb94b-dq4fz
x-envoy-upstream-service-time: 170
x-amz-request-id: XDAZ57BCP92Q2YCE
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:45 GMT
vary: origin, Accept-Encoding
x-amz-id-2: 3qo8OkJK70gKKa2VuD4qyR50pXJJLWJYzPD0g23FnDf9bvV/kDg3woN6pTdxzHkoWMlQTjt/PVk=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: blog.morphisec.com
access-control-allow-credentials: false
via: 1.1 50f5f6b4e0025748bb74dce1db44c750.cloudfront.net (CloudFront)
cf-ray: 8f3657b5dd83438a-EWR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1703224192160

GET
H3 200 module_-2712622_Site_Search_Input.min.css
cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1734374893710/ 612 B
2 KB 36ms
25ms Stylesheet
text/css 2606:4700::6812:593e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1734374893710/module_-2712622_Site_Search_Input.min.css
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:593e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 401925a1114f7003121630392768d35516be54a4028f01024528aeae99a45a56

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-request-id: bfff0313-0d35-41fd-b768-c42d3f6e8cb8
content-encoding: br
cf-cache-status: HIT
etag: W/"c708989561e0cdbfcf996d1b7f47482c"
age: 57548
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=u6Wk5l%2Bq3qCX34ctBE%2BwJ9eapiy0%2Fo0mdU5pSLwRuQ3nv2zayowgT3JUwPeZrcQeIG9iNj9aNOESCzZZO0WtOgh2BWaH1dgeWoqdZAXwAoPqmTyRq1h2JCL9iXLuokdizzXNRF2XP7Ll1cTYp78%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
x-hubspot-correlation-id: bfff0313-0d35-41fd-b768-c42d3f6e8cb8
content-type: text/css
last-modified: Mon, 16 Dec 2024 18:48:14 GMT
priority: u=0,i=?0
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-7b656c968b-hq2tj
x-envoy-upstream-service-time: 189
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:45 GMT
vary: Accept-Encoding
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f3657b5da054397-EWR
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD61-P1
x-amz-meta-created-unix-time-millis: 1734374893710

GET
H3 200 rss_post_listing.css
blog.morphisec.com/hs/hsstatic/AsyncSupport/static-1.122/sass/ 910 B
1 KB 64ms
59ms Stylesheet
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/hsstatic/AsyncSupport/static-1.122/sass/rss_post_listing.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"e1b521ec14a912d6d385c21388ec7d79"
age: 1464631
x-amz-version-id: YluxiXaQWSQWC28IUPv3NXYXDi68ylxl
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bjQo5lqwHmQ3%2BVhUMCyBVTlSAQPQqcvws8TEr%2BL8Tq%2BLj6%2BQGJW2%2Fhth6R2G9C0p7jSOPZEz7tr4JIi7uhKfteC3iJ8%2B%2BfEOjz5h%2FN83NfJkYodaAj1legPYhRPPSKFmOi2ZgaAMbdCfodNfMwq0JQ%3D%3D"}],"group":"cf-nel","max_age":604800}
expires: Wed, 17 Dec 2025 10:48:45 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: wfwWBp-veKHbB7FWvIgVn4zKNgRH5DVVM-e7BBLgm_KqHSndg6lCJA==
date: Tue, 17 Dec 2024 10:48:45 GMT
content-type: text/css
last-modified: Fri, 17 Dec 2021 15:26:10 GMT
vary: Accept-Encoding
priority: u=0,i=?0
server-timing: cfExtPri
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 c790ffcab27717f283a6e87f31c6d65a.cloudfront.net (CloudFront)
cf-ray: 8f3657b5dd85438a-EWR
x-amz-cf-pop: JFK50-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 module_111929326924_Footer_Global_2023.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/111929326924/1718631910284/ 4 KB
3 KB 66ms
60ms Stylesheet
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/111929326924/1718631910284/module_111929326924_Footer_Global_2023.min.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4c1113b143de12d58d3771cbddb3a4e7c76580a89ea241479cc9bd5288fd2fd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-request-id: 01f7ad1a-a5dd-46d1-9a1b-a496ea915510
content-encoding: gzip
cf-cache-status: HIT
etag: W/"a5ec360241c57fd3faa2fbc7878eba90"
age: 2931
x-amz-version-id: jCxWLjuzpDes5PguwdA4b48KQVfcw1n0
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CZVig3O3XXXu6EIkfB8rZaT0XaAtTMhzvaGmRV%2BqTbKG%2BcK%2BL79PoNfkMgbt5DIybzH%2BpewJrp9nr2Cf14y1HV3k5nv5yEkoquUEIkwXCbnhqRk30CsNxUPSxQsxAuxbmVzgwVRpJfjIRymp61d4Vg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: 1wTDPCig9ggMxrjOvso9MXY3v9MebHLvpHvwlwXt2ApV84ogeMzZPA==
x-hubspot-correlation-id: 01f7ad1a-a5dd-46d1-9a1b-a496ea915510
content-type: text/css
last-modified: Mon, 17 Jun 2024 13:45:11 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6548769dcd-4nj7j
x-envoy-upstream-service-time: 227
x-amz-request-id: ERDCKYXCEC41QENE
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:45 GMT
vary: origin, Accept-Encoding
x-amz-id-2: Xdn2G21Y5+WeP+y4ucoghA7LVRFF5iDm0mdHmDr+f3+orzyRWwfvNZvilQ9GdxkSZxHRR0VM1ek=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: blog.morphisec.com
access-control-allow-credentials: false
via: 1.1 7fc4d53a17d950b206cd9fccf1108b8a.cloudfront.net (CloudFront)
cf-ray: 8f3657b5dd88438a-EWR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1718631910284

GET
H3 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/ 87 KB
28 KB 24ms
13ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "5eb09ed3-15d84"
age: 561522
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=J3PqXoOZ%2Bq3pHaoncA9%2BDNjW%2Bp%2FcntHYsNued5QNpPmUb57X388OL1XJwI3twRUEg3kEuG%2FvKGkyesA5QMrwYiADjpMgi1xjlr7xFNijlUpsfaoqv6YpS1dycb6vuRXsVhEfqPagzORJ8fE3Llv2ARFu"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Sun, 07 Dec 2025 10:48:45 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Tue, 17 Dec 2024 10:48:45 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 04 May 2020 23:01:39 GMT
vary: Accept-Encoding
priority: u=1,i=?0
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8f3657b5de8b0f6f-EWR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 27958
server: cloudflare

GET
H3 200 jquery-migrate.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.3.1/ 11 KB
4 KB 26ms
15ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.3.1/jquery-migrate.min.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89bf8cdea73ce776d6b81d03837bc7f04af5e3946b839a3c0bfbf3094ad3f7be

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "5ef3fc71-2b0b"
age: 1179577
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RIwihBI75248hFywmN%2B1p9idAgJ1DnAjvOJdQE9XXhmJO7eySkF9x1zUMlB%2FDBFszXhui%2BqWxluZwNsPukzrbDtGImX%2BN9tYjgD1rHMN7%2Bg7uxz%2B1QEbkkqqAmhKpBFNNerhW846%2FHlAj9lS4U%2F29s1c"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Sun, 07 Dec 2025 10:48:45 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Tue, 17 Dec 2024 10:48:45 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 25 Jun 2020 01:22:57 GMT
vary: Accept-Encoding
priority: u=1,i=?0
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8f3657b5de8d0f6f-EWR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 3592
server: cloudflare

GET
H3 200 custom.min.js Show response
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/91587260036/1680774296271/2020_-_UIS_-_Template_Folders/Vendor_JS/ 723 B
2 KB 76ms
71ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/91587260036/1680774296271/2020_-_UIS_-_Template_Folders/Vendor_JS/custom.min.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d00e54d87cce777c78c59c446e01bc3bcaabca266daa6463181dd527c98738e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-request-id: 3bcac1a4-f810-4020-a27f-168f62aa8f3f
content-encoding: br
cf-cache-status: HIT
etag: W/"aa1f7340688642df1a14a1ed11c7650d"
age: 1044
x-amz-version-id: E6pXkgaUwSKGBww5g6OhIUrjEzq.3zLC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FMxwYYd%2FMFPPSql0TRMAStyysgAcB9tKLCqFvGsF6PHWnBcUQa%2BSZyYLdX3gf0ESnqECGjC9qXMeJBw0jrSrv4x%2FdpF6hMiYvNirU5mvAZBJcaPq%2B5k3q5dAZWYgJiJYtxHeCaMyi5upVjym8KW6QA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: P-dkPqzoY15X2ueMJ6QBzON96cwY-8UBjBUevEVkIARemNJhIfIs7g==
x-hubspot-correlation-id: 3bcac1a4-f810-4020-a27f-168f62aa8f3f
content-type: application/javascript; charset=utf-8
last-modified: Thu, 06 Apr 2023 09:44:57 GMT
priority: u=1,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6548769dcd-vpsfj
x-envoy-upstream-service-time: 167
x-amz-request-id: BKZ3429243C70Q9C
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:45 GMT
vary: origin, Accept-Encoding
x-amz-id-2: ROt7j8u8NFR1K+mDYsjugCU/zdV+0edv0mEyDphBtx+KtUSHtUKa6mS9L0fiF9uz+qfBJduUVEM=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: blog.morphisec.com
access-control-allow-credentials: false
via: 1.1 ed8e6c4476f2632eef2c7ce856161af0.cloudfront.net (CloudFront)
cf-ray: 8f3657b5dd8a438a-EWR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1680774296492

GET
H3 200 font-awesome.min.css
blog.morphisec.com/hubfs/dynamic_esg/css/ 20 KB
6 KB 63ms
59ms Stylesheet
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hubfs/dynamic_esg/css/font-awesome.min.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2d09c4a39acf0339c9697b5837fec5bb2bfb9f92677ac2133640b900f91925c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

content-encoding: br
cf-cache-status: HIT
etag: W/"aede50e4be8da8450a046f9d293e57a5"
age: 1711340
cache-tag: F-5753530423,FD-5753372182,P6R6f,FLS
x-amz-version-id: t80ZTUuyC2UKWRLSZGKnunSDBqf49hOf
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qd3yRtUDTEGtMG1Sn4ALKNZ0jHOGYBzH6k3tbNAIPgliqUXBgdLyc%2BNb2mg1cbWyy%2FR8L0L9vDOGl%2BzRuIZSrLQ7cejxoPr6px9cMiEqkNdLOruvqSXjQ6Z%2FfZtcZx2g9Wwof98jxXReMHvKppUf3A%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: LOPKgc0L3syAI4KlTxp4s2PljEEBLAdkIoo0VHLVwlUf17K-hUy8rg==
content-type: text/css
last-modified: Wed, 02 May 2018 21:34:26 GMT
priority: u=0,i=?0
server-timing: cfExtPri
edge-cache-tag: F-5753530423,FD-5753372182,P6R6f,FLS
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: GAVNQY4Y3JS3RME2
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-5753530423,FD-5753372182,P6R6f,FLS
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
access-control-allow-methods: GET
date: Tue, 17 Dec 2024 10:48:45 GMT
vary: Accept-Encoding
x-amz-id-2: yvbC2k7lAXdm/te/qE0JsNEiwALJz0oIVNoNVGUdaTOw2bajpVXb8QbPXlPBe5hOIheXv72bUu0=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 a99ebae546aae4a2f6278081e3adcd10.cloudfront.net (CloudFront)
cf-ray: 8f3657b5dd8b438a-EWR
access-control-allow-origin: *
x-amz-cf-pop: BOS50-C3

GET
H2 200 in.js Show response
platform.linkedin.com/ 511 KB
160 KB 54ms
9ms Script
text/javascript 2606:2800:21f:edfc:49f9:c096:a5a7:75f2
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://platform.linkedin.com/in.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2606:2800:21f:edfc:49f9:c096:a5a7:75f2 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (nyd/D173) /

Resource Hash

df321b4ad30f5f4d65fca54b59846168a3f89059e14d1349d5d5903a431d11d3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

content-encoding: gzip
age: 1765
x-cdn-proto: HTTP2
x-li-fabric: prod-lva1
x-content-type-options: nosniff
expires: Tue, 17 Dec 2024 11:19:20 GMT
x-li-proto: http/1.1
x-cache: HIT
date: Tue, 17 Dec 2024 10:48:45 GMT
content-type: text/javascript; charset=UTF-8
x-cdn-client-ip-version: IPV6
vary: Accept-Encoding
last-modified: Tue, 17 Dec 2024 10:19:20 GMT
x-li-pop: prod-lva1-x
cache-control: public, max-age=3600
x-cdn: ECST
x-li-uuid: AAYpdKFYChgZBQOfQe2Sqw==
accept-ranges: bytes
content-length: 163883
server: ECAcc (nyd/D173)

GET
H2 200 layout.min.css
7052064.fs1.hubspotusercontent-na1.net/hub/7052064/hub_generated/template_assets/1734374829598/hubspot/hubspot_default/shared/responsive/ 4 KB
2 KB 41ms
25ms Stylesheet
text/css 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://7052064.fs1.hubspotusercontent-na1.net/hub/7052064/hub_generated/template_assets/1734374829598/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 356bb4bf2245a68ee5de5732b5574260dd2016a2c3987e17ad97fb2586a883d1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-request-id: 58c23eac-bd7a-4d6c-bef0-025893281aba
content-encoding: gzip
cf-cache-status: HIT
etag: W/"fda5882b24ca5a84d04d090722dc713b"
age: 57655
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
x-evy-trace-listener: listener_https
date: Tue, 17 Dec 2024 10:48:45 GMT
x-hubspot-correlation-id: 58c23eac-bd7a-4d6c-bef0-025893281aba
content-type: text/css
last-modified: Mon, 16 Dec 2024 18:47:11 GMT
vary: Accept-Encoding
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
timing-allow-origin: 7052064.fs1.hubspotusercontent-na1.net
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-7b656c968b-twr7m
x-envoy-upstream-service-time: 194
cf-ray: 8f3657b5e978429d-EWR
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD61-P1
x-hs-alternate-content-type: text/plain
server: cloudflare
x-amz-meta-created-unix-time-millis: 1734374830261
x-amz-server-side-encryption: AES256

GET
H3 200 old-style.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110809165900/1726781333453/2023/CSS/ 121 KB
32 KB 62ms
59ms Stylesheet
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110809165900/1726781333453/2023/CSS/old-style.min.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

49a19088059cbcf9b342b648af5ecf0d0f664b34a576c05270068479ea088eba

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-request-id: 5df2df30-7ceb-47c3-a45a-8bccc70b09f9
content-encoding: gzip
cf-cache-status: HIT
etag: W/"cd0e91ee10a01899e11a8245d7a6320f"
age: 2931
x-amz-version-id: CerXIDPjf4vPsw6fbUbC7Xx214qx1XGK
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V%2BqFkhbGZTrXlhB9lkRH9MvKg9WlrF%2FhAImxzIT%2BOQ9bBDiaDdcI0UEi52r67C3oo6aNYMPCTZL6Z3Or0G4aCoo1EYmeEPsRk0kVS70s2eIt1ca8%2F0nK8g6Q8ek5%2FfX4Gfvl7bIjudUsMAWPtLAtBw%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: WJpDwdzMZ23axWsbiDyEK25DeGq6E4OZTOvMN-ZWR0RCIc8JK3OT0g==
x-hubspot-correlation-id: 5df2df30-7ceb-47c3-a45a-8bccc70b09f9
content-type: text/css
last-modified: Thu, 19 Sep 2024 21:28:55 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5689dcb94b-rwc79
x-envoy-upstream-service-time: 222
x-amz-request-id: KT344PABSSNRR68J
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:45 GMT
vary: origin, Accept-Encoding
x-amz-id-2: Euy4rdUkeQLYzmdBeWQSsHJGTazMcvoSJ3K/6K/1JOL4223vbGMcCCcjM0akgPcM/7pXsyoBLvA=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: blog.morphisec.com
access-control-allow-credentials: false
via: 1.1 50f5f6b4e0025748bb74dce1db44c750.cloudfront.net (CloudFront)
cf-ray: 8f3657b5dd8c438a-EWR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1726781334937

GET
H2 200 6359793e-b232-4b79-9da5-b929fc3dc7aa.png
no-cache.hubspot.com/cta/default/1534169/ 1 KB
2 KB 91ms
67ms Image
image/png 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/1534169/6359793e-b232-4b79-9da5-b929fc3dc7aa.png

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3dd258baa6cbc14c2a6a22803337f584d9fd08907952e766c0d33527d9ae302c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

cf-cache-status: DYNAMIC
etag: "d67c5c6f4a83307d5e5d860c371477ce"
x-amz-version-id: Ouhh5h43kAs48TTY36jwxtD8FIsDpel5
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uv4TjHz8n4X3vC6bpgK4UdYowVU23NaMzOvJdGssLW0RZmfSyP2MqUP%2Bs3v%2Bev225oH%2BpNMYcfVcnEBetevd4IZmh7whyBS9NO7S7VT88Df5TUjfbEI%2BjeA6yHACY5WOHkEIUMVZG%2FZ0SE5o0MCAFTjY"}],"group":"cf-nel","max_age":604800}
date: Tue, 17 Dec 2024 10:48:45 GMT
content-type: image/png
last-modified: Wed, 21 Aug 2024 16:17:28 GMT
x-amz-id-2: cU3AESISEib3bSvgEzA7i1y7xpT45zGxsI+9uDF3XF8lzZ+4jVR4kM5rTd1tfmhDhbTQM1Fe/+M=
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 2N5AN1GF7GF2PJ81
cf-ray: 8f3657b5fcef7d14-EWR
accept-ranges: bytes
content-length: 1291
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 current.js Show response
blog.morphisec.com/hs/cta/cta/ 19 KB
8 KB 74ms
72ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/cta/cta/current.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5f6e5a772649ae72f766174a853fb5e403ea5b24f50b604ac2530475af1a8208

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-request-id: a0e1ce9b-d4fb-4c84-861b-a739c058bcd2
content-encoding: br
cf-cache-status: HIT
etag: W/"b0928abe0d4cbd5b3e6717e0b0d3ddeb"
age: 238
cache-tag: staticjsapp-CtaEmbed-cloudflare-web-prod,staticjsapp-prod
x-amz-version-id: XkQXV__rLSX9HsSer6izlPk_QOOoa.4F
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=G7TB1Aal8HCVqB2Q43Yps7TtWq1RRKJJhwtVyVrQCRJcBjbsIvSnJ1iFy6XmdR6XxkHzvf90B6I8%2FC83UgrLAawwwRKr5XYIh1ClBGZMoVCP3XNO%2FK6kQCq%2FA%2FV51sWD3Te8eh7f7S5t3fmKp0jJFg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: t8THkg_WttjSDaNkVe_lDHybEfFPrqf9rGbAzeO4Uv3PdoZN_QDEbQ==
x-hubspot-correlation-id: a0e1ce9b-d4fb-4c84-861b-a739c058bcd2
content-type: application/javascript; charset=utf-8
last-modified: Wed, 11 Dec 2024 21:00:55 UTC
priority: u=2,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-mglm2
x-envoy-upstream-service-time: 0
x-hs-target-asset: cta-embed-js/static-1.339/bundles/current.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
x-hs-cache-status: HIT
date: Tue, 17 Dec 2024 10:48:45 GMT
vary: accept-encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=cta-embed-js/static-1.339/bundles/current.js&cfRay=8f3651e1d1270f5f-EWR
via: 1.1 c3d335addde48969fafe25d4064cee80.cloudfront.net (CloudFront)
cf-ray: 8f3657b5dd8d438a-EWR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H3 200 Morphisec-Logo.svg
blog.morphisec.com/hubfs/ 5 KB
3 KB 44ms
40ms Image
image/svg+xml 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.morphisec.com/hubfs/Morphisec-Logo.svg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7336afe3d92703a1b35e780301c688426c74d5a8c3d9cd1794d3370d763e58d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"765cc8beac4cc28676c6e847214549f8"
age: 1711340
cache-tag: F-163965048881,P-1534169,FLS-ALL
x-amz-version-id: CLh4I1f8H1fjYE.XdVDUvmpXn1gHCWyp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FHEbaHxi2mfyTKNGSXrE8QejpvV9kv16su0n9ldTqotFOnrnzBNDsf8uT8C5ingBfJP%2BkhKzMzAc8C5KtOBjf2HReCts9DXzRJxz8lhA7fydNCxorluGargqlApIW2bk3R8bwIIV9pPdZt1FEYd9xw%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: 4gve3vt-yFg3SYFshfRVM0kizT3sWUNr10oNP-bsi8DM5eEYJEo8kg==
content-type: image/svg+xml
last-modified: Tue, 09 Apr 2024 20:39:11 GMT
priority: u=3,i
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-163965048881,P-1534169,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 5G7DX9C8HDRH86A9
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-163965048881,P-1534169,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:45 GMT
vary: Accept-Encoding
x-amz-id-2: ORvfjRzpWc/dheKMQSZfmHoW9/XUVWANd4PMoWjNFn4tozmKDBgm68o2vpnUzevHr8x3QOFRnUc=
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-meta-access-tag: public-indexable
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 57c102c70e75a901dd116fc5d46f5524.cloudfront.net (CloudFront)
cf-ray: 8f3657b6ce30438a-EWR
access-control-allow-origin: *
x-amz-cf-pop: BOS50-C3
x-amz-meta-created-unix-time-millis: 1712695150225

GET
H2 200 3c83d6d5-0c56-47b7-8aee-ae6edf73c360.png
no-cache.hubspot.com/cta/default/1534169/ 2 KB
2 KB 40ms
40ms Image
image/png 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/1534169/3c83d6d5-0c56-47b7-8aee-ae6edf73c360.png

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d0faa1510d3999ee6ce630052e0f8c562acc8b69380ceb4e7f812aaa4c5303f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

cf-cache-status: DYNAMIC
etag: "3d5f63abc7db36507720723f2c0d0e15"
x-amz-version-id: ulKQMNoMzME6ZWTBPDeq_A_qJjzsu_Xz
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rKpwJ5%2F%2Bv2unOILA1h4i7RXVJOZ5Ce5%2FHgEXtlGoJr8zBr9EASRSfU4fTnhvKOwVFBydEZKktdpmdSP6ts7wi6Zmc%2B6n8Pifr%2BWZ%2BT%2BSx%2BDeTNrL%2Bucz0A5uFq38YYb%2FNSHeC0FNXQwPWno%2B0R%2FSMSjW"}],"group":"cf-nel","max_age":604800}
date: Tue, 17 Dec 2024 10:48:45 GMT
content-type: image/png
last-modified: Wed, 05 Apr 2023 16:30:06 GMT
x-amz-id-2: HtJZXJ1twpaGNg41UQuzVCXvRDhyfuHHrKHHlYnT2hSsIEl7p2suywIK83qF70su58y3AWOGLzw=
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 2N58X8WW5Q99RR2R
cf-ray: 8f3657b65d247d14-EWR
accept-ranges: bytes
content-length: 1631
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3.png
no-cache.hubspot.com/cta/default/1534169/ 1 KB
2 KB 64ms
63ms Image
image/png 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/1534169/d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3.png

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be96a16025bfbe78bed5a7475f5877696f919dcf9b37939866f8c2d47af7976c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

cf-cache-status: DYNAMIC
etag: "eacaba2cc1bbf4de2a43469ab485d45e"
x-amz-version-id: null
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7fq6xZOZhGEHfMlXr27X3vJnn9ChMltog7qJF2QVjnLE1V%2FFmKIKvp4saW7OR8o00OTbznCujfGWCFMCeLP7bXFVChcy%2FHorTm6X2328s6OPkGCc9sAAkYsYbUezmXnM88JwovL%2Bb4GcH84WnfFNKDlT"}],"group":"cf-nel","max_age":604800}
date: Tue, 17 Dec 2024 10:48:45 GMT
content-type: image/png
last-modified: Fri, 18 Nov 2022 14:30:06 GMT
x-amz-id-2: sFCGisTnuVcp7Xft/jxn5Us/ymB843YQ+Ur22iPgGCsMnO/rMICiFuORFiSgkQwwxb6311T0jIk=
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 2N58GR78Q13Q003G
cf-ray: 8f3657b66d2f7d14-EWR
accept-ranges: bytes
content-length: 1384
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 198719b5-e849-4d9f-9c75-3c203074b57f.png
no-cache.hubspot.com/cta/default/1534169/ 10 KB
10 KB 73ms
67ms Image
image/png 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/1534169/198719b5-e849-4d9f-9c75-3c203074b57f.png

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d897dc64c205a7afbb9d49e069bd306af94a7737a26d18fd8863bf36b13ea914

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

cf-cache-status: DYNAMIC
etag: "ef4de03505bccc4e5ec98e54ab56ba94"
x-amz-version-id: NzuVUMrXhg8jb20ROcciG7OXdImBjMet
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2Hx0o5o5wlJBCHuvRvdHFoNMR%2BxcXdWBMbqx92ydzwlJ6F6ZMs2hqysGO6SnhpSfDSv8Q2h%2BkwNg639uq97lUarwCKE5HpEjIrA9TGGWpAFG7F1ZkZ2ktRrl9MhQK4OnLg89%2Fyk2ui1vJckOHSMVAjpR"}],"group":"cf-nel","max_age":604800}
date: Tue, 17 Dec 2024 10:48:45 GMT
content-type: image/png
last-modified: Wed, 11 Dec 2024 21:13:04 GMT
x-amz-id-2: JAF7ZHoH/SWOxON38LV2pVQd46Cd0B/wBkG7cqm/AWns9TSBAKePTLlOmfL1J6sUjcumbOIeIp0=
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 2N55T2300CR9VR4J
cf-ray: 8f3657b6cdad7d14-EWR
accept-ranges: bytes
content-length: 10020
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 c0c8d819-c7bc-43c9-a80b-7db9c88cd5ab.png
no-cache.hubspot.com/cta/default/1534169/ 42 KB
42 KB 46ms
40ms Image
image/png 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/1534169/c0c8d819-c7bc-43c9-a80b-7db9c88cd5ab.png

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60bd6bad64c21fc8b1d3f6bf3fa261780974e6b0489a67a1d02db33fb4c9b7b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

cf-cache-status: DYNAMIC
etag: "52f2133547882c1af4bd99b776191ea7"
x-amz-version-id: mQywM4EnlQtO1rXgIPZZ_ORcxGxdaqep
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OKGunLRkLcLO1p%2BilzGMNyHdgUc26qVGuxOvlzWPF8sF2zO4oHaN%2F%2BZq1yPHGzbQvOCE2Hj2NaPly5DNt%2FbGz2NNF15orz0DT7JpMKxs7TxWnrGSvLmD%2FSZbWh%2B%2BLwqr7kCcNdo3%2FDpAG7uHdPDx7ppY"}],"group":"cf-nel","max_age":604800}
date: Tue, 17 Dec 2024 10:48:45 GMT
content-type: image/png
last-modified: Fri, 05 Jan 2024 21:55:07 GMT
x-amz-id-2: NDBNSYqgGvx8uRJL+RsGWOQ4ojY0Gz9rnEoL7rqUEXEtLWOSDs0h2qQmUbQP5pjnD6nsuwZAPG8=
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 2N55QBGFH8NW8HZ6
cf-ray: 8f3657b6cdb17d14-EWR
accept-ranges: bytes
content-length: 42909
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 e098d357-1710-4cfe-8901-19c93de122f4.png
no-cache.hubspot.com/cta/default/1534169/ 95 KB
96 KB 58ms
52ms Image
image/png 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/1534169/e098d357-1710-4cfe-8901-19c93de122f4.png

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e5b1ceffda14543118fcc1d2d886fa5049d579ef1d139a7e94efbe9368fa9235

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

cf-cache-status: DYNAMIC
etag: "a015821c789fe4047a66a1cb79283ff8"
x-amz-version-id: a5wEPE_vNxVsuUiF6y0jYUWP_0fr7ZRz
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bk7Di%2BNcFQkRpVy5qV4s6i%2B2kqPchdxyDWKeyPiHLFBGYAMw1BozSyHbidJxTVmOatJDYw6OjXSMxmlI0WcX%2FvknFPqBpODTNSTYCuDuesvuoMJhlssiJBSdUA%2F8e9hIxi1ZqlfhM3m%2FDvVk6qcBJv9l"}],"group":"cf-nel","max_age":604800}
date: Tue, 17 Dec 2024 10:48:45 GMT
content-type: image/png
last-modified: Fri, 28 Jun 2024 20:36:24 GMT
x-amz-id-2: tc+w/jbR2JZw+eZhzURkPaPiTy6wUXteDb98iCQK9vOCsW8rs/T/4O/1uA4gDz5MuPS8BvBWerg=
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 2N50T4BBDVTFEADV
cf-ray: 8f3657b6cdb47d14-EWR
accept-ranges: bytes
content-length: 97240
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 x_twitter_icon.svg
blog.morphisec.com/hubfs/ 460 B
2 KB 28ms
25ms Image
image/svg+xml 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.morphisec.com/hubfs/x_twitter_icon.svg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1d760682f66979c85193208c7d10daddd5d3e74c6c148bef442a203d330cb22

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"c7279b34bfee002c148f828d14255c4f"
age: 1711340
cache-tag: F-141944464032,P-1534169,FLS-ALL
x-amz-version-id: 8OVftkuv4j6Khff8Nb5oAG2Y32IjKCXk
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nH0Vq5EBV9xqPWeuGu%2B0Y4I8s18A1diXeEdhkeAU7g%2BqtmoLpJH%2Bt17rF79dYvLCy7P208KSLr4ltMfYh%2F%2BqSqfO2T8XaLz8rPrNbgcyrGAMR1g9UFt1wWEHWt4CclGkzGM4AIpfIWvhEVyltm6XgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: qY8BMedSOa1hhUJWQRpTJ7eN22khqpw9TKnzAwa18u3savhKtMvPAA==
content-type: image/svg+xml
last-modified: Wed, 25 Oct 2023 14:16:04 GMT
priority: u=3,i
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-141944464032,P-1534169,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 4NG2GR4MR55F3ZY4
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-141944464032,P-1534169,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:45 GMT
vary: Accept-Encoding
x-amz-id-2: D5WjjthdLWCiDBMv6IV1ULeQW4gT5qv0D2WXU+wLrr2irLQ5iiIGjyJFc9Gz0td18HecGKcl6HAdaAK9g5IiOILF3sbsePYY4qQ23kB2xIw=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 cdf9da8a64fb0b6f66e4c21a885dbf7a.cloudfront.net (CloudFront)
cf-ray: 8f3657b6ce31438a-EWR
access-control-allow-origin: *
x-amz-cf-pop: BOS50-C3
x-amz-meta-created-unix-time-millis: 1698243363640

GET
H3 200 linkedin_icon.svg
blog.morphisec.com/hubfs/ 628 B
2 KB 31ms
28ms Image
image/svg+xml 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.morphisec.com/hubfs/linkedin_icon.svg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c9492eab132c2db0eaef81fea1bb719d8e3f5a11a32f7ebeeea5af202cd4e5c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"3ef5ac1f024120437e19fcc4abf556d8"
age: 1711340
cache-tag: F-141945428832,P-1534169,FLS-ALL
x-amz-version-id: Bq5Mo6REJV_bnwvIwff4zb93JWXV7_WO
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NB1IHmkbjjRgWPXK%2FONzzfyYP54M7paJ4xx3nm9jjb2cFaXkv8RxmWEzlVAj3cI8%2B5T5vgm6i0vh%2Bk3QpRwJl4x2dqePQckKmaRUKOT2FhILwWn4H5LYLYbnHaQtkT0hGOzJAilBxaPx8SmD4tJFoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: KXSuqO-0AhubOJXxgWGKuINKswdUCj-sNzDf2I80qNDbn8aWMgt0dA==
content-type: image/svg+xml
last-modified: Wed, 25 Oct 2023 14:16:04 GMT
priority: u=3,i
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-141945428832,P-1534169,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: FFQP9GJACBQQMVW0
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-141945428832,P-1534169,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:45 GMT
vary: Accept-Encoding
x-amz-id-2: i3OX/49SpPN3em4YaAaLgaWLuMyhoBqHor0HN3Cy3XuibYrLwpxTL4STACkYB4KUmztxSIjKmb4=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 4b2497bf0366f1ebe274abf11e893ff2.cloudfront.net (CloudFront)
cf-ray: 8f3657b6ce32438a-EWR
access-control-allow-origin: *
x-amz-cf-pop: BOS50-C3
x-amz-meta-created-unix-time-millis: 1698243363623

GET
H3 200 youtube_icon.svg
blog.morphisec.com/hubfs/ 642 B
2 KB 31ms
28ms Image
image/svg+xml 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.morphisec.com/hubfs/youtube_icon.svg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

76dd9ffb1b604b0ad3f128d2fe014cc22f934ed40ae792ef9b4600a17866aeb2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"ced4da2370fbc2016321a375dbbed68b"
age: 1711340
cache-tag: F-141945248869,P-1534169,FLS-ALL
x-amz-version-id: sJlFqbLZ7aHbNE_.KGb6N9TqRjJsKyuv
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uyiIEnee5PJs8Ecdz7uKi8tP8U%2FNAjarsuea02n7jb4gDM6wZTHC5j5XDqofaBwUEGtuR5EYYUbewmMURut9yR%2FcVA2SJcrSK4YjXq6ZyQNrB7YqI7L8%2BYT5sgt5XM941OEWPjm4QIst9Az2v6zm8A%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: IEZmXDsUJBkbjhMbc0h2QZaj5DB0iU-4U_xFgox-NQf5GxC7Jx1mRg==
content-type: image/svg+xml
last-modified: Wed, 25 Oct 2023 14:16:04 GMT
priority: u=3,i
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-141945248869,P-1534169,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: FFQGD2VXPD9PPAQX
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-141945248869,P-1534169,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:45 GMT
vary: Accept-Encoding
x-amz-id-2: A3EG5JchP05Wr5rYJQ6dvYoBjsIXi3793zXGndGCJ9mL+cGxEzyPCcCAT1POiI1dy3tr8fN/MjKesXWAnL0lyBdktYAzKpp8
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 2c00b6f1d42245c6c3867cc4dfa7f32e.cloudfront.net (CloudFront)
cf-ray: 8f3657b6ce33438a-EWR
access-control-allow-origin: *
x-amz-cf-pop: BOS50-C3
x-amz-meta-created-unix-time-millis: 1698243363649

GET
H3 200 svgConvert.min.js Show response
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109629951254/1680697800041/2023/js/ 668 B
2 KB 28ms
28ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109629951254/1680697800041/2023/js/svgConvert.min.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

46c7b6ee01c236fd8d98d0b7c8f00fba85340c3432932e624d44f7663aef8513

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-request-id: 0fab4bea-62bf-41e0-ad7b-ca1d9efa5569
content-encoding: br
cf-cache-status: HIT
etag: W/"1cb72e618cce9cc73c57265e9b726362"
age: 2930
x-amz-version-id: SZXdPmhYHKeWP0u0ggYIHYhJ0L5KYvd5
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xR8MNnhABZMJ9KEO%2FlFJFwgJfcsJp1wNRkARsaQi6keKp2Z4q%2F7Ofe98Dbpw%2BOCp5xVDlQGGE2DpcO57ZltcEPfu99HGAvxY%2BgHb93EaFGS5Jzz2s%2BPm5w4VdFkQQxSE8NpB2WBuUoVObzVpvdGhAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: ADWZCAv1dzm3mBcLAJFGKBbGzkB1JAhhQVDgJiU2lnxobA_u-qOubg==
x-hubspot-correlation-id: 0fab4bea-62bf-41e0-ad7b-ca1d9efa5569
content-type: application/javascript; charset=utf-8
last-modified: Wed, 05 Apr 2023 12:30:01 GMT
priority: u=2,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-6548769dcd-5xqvw
x-envoy-upstream-service-time: 216
x-amz-request-id: BX11ZQHTWQJ8EWYT
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:45 GMT
vary: origin, Accept-Encoding
x-amz-id-2: 07MQKxo/N8shU7hy950W8QvIMOlpM+jO9kZyvIGTkPlkzWUuzIBuG2i/ASCF55uz29+xATUYpW9kWhLfAju58iFF/MUeCe+2
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: blog.morphisec.com
access-control-allow-credentials: false
via: 1.1 fba666ceffdeb316c8edf476d8994bd4.cloudfront.net (CloudFront)
cf-ray: 8f3657b69e15438a-EWR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1680697800276

GET
H3 200 lottie-player.min.js Show response
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110333050473/1681491230914/2023/js/ 359 KB
95 KB 32ms
30ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110333050473/1681491230914/2023/js/lottie-player.min.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

40943198e5e26cbcf474c1ed0846442abc4398198117de5251a8840fb421cd13

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-request-id: 6c5961d2-5df0-4833-b178-6cce24945d14
content-encoding: br
cf-cache-status: HIT
etag: W/"9540cac57a5805fdde520bb1869134b2"
age: 1043
x-amz-version-id: CTo5DkzSjS7Z2UMEH7W3RDGvw45iU9vL
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1jkxmR2BR52KtrPPAMTy%2Fc9Xb8kvMxsnRHKR0uHf5oz3xECjNX5vEbKOXqaBY4eoFssNo7D%2BOk72PUp30kja6wHeKwPnA8svcqK%2BakTj4CzgFmHefxG1Xic2kDdyGU9VVBdOkn7qZYXBGbZH8MbsVA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: V9jd0dtfB7cVu5fLjX73gnEdBnBkNySHvWnCXVzhebJtA6A1niaMVQ==
x-hubspot-correlation-id: 6c5961d2-5df0-4833-b178-6cce24945d14
content-type: application/javascript; charset=utf-8
last-modified: Fri, 14 Apr 2023 16:53:53 GMT
priority: u=2,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5689dcb94b-s4nhk
x-envoy-upstream-service-time: 146
x-amz-request-id: JMNQR00GF4XSQAMK
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:45 GMT
vary: origin, Accept-Encoding
x-amz-id-2: YVtw4W2R2oGzyPwbiQKnK9++wDBrtDr65nZT3Gaj8IaZSi3A2mSQs+ciWl/Jb64Su0+GK7JwjeGBFBw8Ag3CLNiJ/J8L1lCKCNGQ+VRadxE=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: blog.morphisec.com
access-control-allow-credentials: false
via: 1.1 417c242b19212928b079740e6dd8f54c.cloudfront.net (CloudFront)
cf-ray: 8f3657b6ce2b438a-EWR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1681491232806

GET
H3 200 slick.min.js Show response
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110410292559/1681177460359/2023/js/ 42 KB
12 KB 33ms
31ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110410292559/1681177460359/2023/js/slick.min.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6b011f48059b6591b0d266a9abdf45d9263e702059d29a207e770ddb87b49c72

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-request-id: adbb9ef7-ebd9-4545-b681-85d01eeec194
content-encoding: br
cf-cache-status: HIT
etag: W/"f6085c5be1a35b91955cf9abd5b2b0ea"
age: 2930
x-amz-version-id: uoS3eYGmK1dPCzG_bq7yGgNyq7YIozdd
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FOkBSMhkFW5tmhFVYoK8W891EkFuy9wBgDGhYLEE9Zzamc8hgWRd75NXalyIopIldTgBTflFjB7pGS03U3go8Fj8y2UZKTVT7Fo18aRAQOtkhkVARM60KuJlI3aCEDSlDJ5LrLwkerdaLJrNz%2B0VmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: IWSGgqiKJA41EAsFXefeSrRZl3eCg9FGrR8jkHqduBl7WLtCahy-rQ==
x-hubspot-correlation-id: adbb9ef7-ebd9-4545-b681-85d01eeec194
content-type: application/javascript; charset=utf-8
last-modified: Tue, 11 Apr 2023 01:44:21 GMT
priority: u=2,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5689dcb94b-twx7j
x-envoy-upstream-service-time: 161
x-amz-request-id: WTP2R72MCQFTDCGM
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:45 GMT
vary: origin, Accept-Encoding
x-amz-id-2: X+5Hjx9Xp6lEu10elb45ZJEk3Apgo05wkLBKuK85AZqSigxB+bImHgU66QYZT8jb+Iis4AK1fIM=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: blog.morphisec.com
access-control-allow-credentials: false
via: 1.1 841dfa6074cf4b3b0718988f088a4ac2.cloudfront.net (CloudFront)
cf-ray: 8f3657b6ce2e438a-EWR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1681177460907

GET
H3 200 module_109590708858_Header_-_Global.min.js Show response
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1718666704342/ 1 KB
2 KB 42ms
38ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1718666704342/module_109590708858_Header_-_Global.min.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b28f2758dd0c48fa0e8e33ccfee02f1b581b93484aae2af63190df3d4bcc068f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-request-id: 2af0cca0-83e3-4fb3-a181-855816ef6404
content-encoding: br
cf-cache-status: HIT
etag: W/"48cafa9929e94f1a90da5d8bff870b98"
age: 2930
x-amz-version-id: Z8bW_Nc0jF3khU_5_zx9kQwF.kZyIvdN
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FK2czDb4y%2FJSAiD0dq896l7GXQ8bKcUgHzWPCk1uHlVEGEgR%2F1lqjXY93z2UuoZjQidlXHV0wnHtEWzv4wRg7egPVOSuQZDumyOFpJInItcifLO2LbIvD29RRasIkMJF9%2BQ4NC3dxxtdwvY7H4goCA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: Kg55uZPRwER8Y0nIGJBsngzo8QNS1WId7B8rO3Qn-Wx33T16ZzXR5g==
x-hubspot-correlation-id: 2af0cca0-83e3-4fb3-a181-855816ef6404
content-type: application/javascript; charset=utf-8
last-modified: Mon, 17 Jun 2024 23:25:05 GMT
priority: u=2,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-54797cf595-h2p2t
x-envoy-upstream-service-time: 201
x-amz-request-id: 96CB4DZNPVND9V1Q
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:45 GMT
vary: origin, Accept-Encoding
x-amz-id-2: k8wqP3r3StsJ0yjI6sQYTu0TrELhtxujROqAhXsOZbrKZyAH80aAVOsq6/3mOSo5M4KIs9l5Ri0=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: blog.morphisec.com
access-control-allow-credentials: false
via: 1.1 5084a25d91022b55b5acf281581c6444.cloudfront.net (CloudFront)
cf-ray: 8f3657b6ce2f438a-EWR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD61-P1
x-amz-meta-created-unix-time-millis: 1718666704342

GET
H3 200 module_-2712622_Site_Search_Input.min.js Show response
cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1734374892971/ 5 KB
3 KB 27ms
23ms Script
application/javascript 2606:4700::6812:593e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1734374892971/module_-2712622_Site_Search_Input.min.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:593e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 56c3ee10dba81c31dadcd1781559711d6a793a5245c37e2ea06cd1908c563b59

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-request-id: 7074b8c8-53b1-4e4d-8c11-7860802db8d3
content-encoding: br
cf-cache-status: HIT
etag: W/"b2a108d787f40c352b379d72e3d71347"
age: 57529
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3WP7wfa0Fasmjq1Iy8ZfAQKjK%2FJsjnm2hmOEbPYfQYpb0M6fbbEhliOkETzQnuH%2BV9c6QvBPQnS5TeV95aKT2SqYpIIIr2VldoRZqy%2Bk1UJybSvsqUaW7smu03dhwsfEYzdh7fiJXQgt4eNCxG0%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
x-hubspot-correlation-id: 7074b8c8-53b1-4e4d-8c11-7860802db8d3
content-type: application/javascript; charset=utf-8
last-modified: Mon, 16 Dec 2024 18:48:13 GMT
priority: u=2,i=?0
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-7b656c968b-sxtr7
x-envoy-upstream-service-time: 188
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:45 GMT
vary: Accept-Encoding
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cf-ray: 8f3657b6caab4397-EWR
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD61-P1
x-amz-meta-created-unix-time-millis: 1734374892971

GET
H3 200 lazyload-min.min.js Show response
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/36272650673/1603042259630/2020_-_UIS_-_Template_Folders/Vendor_JS/ 8 KB
4 KB 42ms
39ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/36272650673/1603042259630/2020_-_UIS_-_Template_Folders/Vendor_JS/lazyload-min.min.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6cb079eb01e730c435ef0b80f62f636245fa0f8f0e86c144935e42a8dd12a545

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-request-id: c13b7519-b6da-430a-ad1d-60eeb99e5fba
content-encoding: br
cf-cache-status: HIT
etag: W/"67744f609bc5dbc8a0fb9fe0d5005f25"
age: 1043
x-amz-version-id: 4SGyaLwa93KERwdBmZy9UM4.3aqx9djg
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d0mXgnZD1AO6NmdN0kNwydJKYBJTPnm1dE9VahjLV%2BZvYioZA4tBekgv4B01HLsjHodJYvGj9j3jHxDnp9g3sgvUkus8WsvCBocvRSHBy7GhgtkTNqLEKBqDHlXZno2OuKxuP6mhhda52v59NzD4Ww%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: qmZQ8BLknxTTWSWlwefCKmMusSObUE_Dn-rOmso7taXjuG49H2NlYA==
x-hubspot-correlation-id: c13b7519-b6da-430a-ad1d-60eeb99e5fba
content-type: application/javascript; charset=utf-8
last-modified: Sun, 18 Oct 2020 17:31:00 GMT
priority: u=3,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-679cd85c5c-d8n8d
x-envoy-upstream-service-time: 151
x-amz-request-id: RB53QN997SMSRZ2H
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
date: Tue, 17 Dec 2024 10:48:45 GMT
vary: origin, Accept-Encoding
x-amz-id-2: 32ijzorRcU9gImvfggZn77aeEiXL2DbQgDejd1YahsGPcFgGKFuMLFGuYQRZjNNIr8rEQAB7cZo=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: blog.morphisec.com
access-control-allow-credentials: false
via: 1.1 7b32163caf7e91fe96df7bbeaa58c0f8.cloudfront.net (CloudFront)
cf-ray: 8f3657b6ce36438a-EWR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1603042259630

GET
H3 200 vide.js Show response
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6224156614/1569821730014/Morphisec/Coded_Files/ 4 KB
3 KB 38ms
35ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6224156614/1569821730014/Morphisec/Coded_Files/vide.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be3950dab42791bb50d60a09c80869ba8c86f7dab74eff23b91a365d0c710831

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-request-id: 3973ab84-ac3c-47f9-be6b-a4097f2daf44
content-encoding: br
cf-cache-status: HIT
etag: W/"901e2d8fd2af243d3d8dd68e38fa22da"
age: 1043
x-amz-version-id: xCDhIWpBzbsqxgnqK8jsUmPM_UWe2ml.
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dFstd%2BAQDKHyvSYSo0Ux4t6i1ODSZ7XSAphhMrhkodBtvEmagai5T2UjhiDEueddkwVFUrghRsxEZGqaFv%2F6EbT8iH%2FOy6dVTghx4iykkr5eiMM9w5fddtvlBeOZSvskK5oxY8pmVT%2FatKTzp24pCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: QN3mMM6hIVs0p6eYMZnsFBXEoE0lgKYfT3G0CxiHg4aaTzo6hUUwug==
x-hubspot-correlation-id: 3973ab84-ac3c-47f9-be6b-a4097f2daf44
content-type: application/javascript; charset=utf-8
last-modified: Mon, 30 Sep 2019 05:35:31 GMT
priority: u=3,i=?0
server-timing: cfExtPri
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5689dcb94b-24cm9
x-envoy-upstream-service-time: 135
x-amz-request-id: CGMW8SCH0J2E9ZXD
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-virtual-host: all
date: Tue, 17 Dec 2024 10:48:45 GMT
vary: origin, Accept-Encoding
x-amz-id-2: Od9FlYCMeHu/hCAobU4T48iUefa8aSsq31HCbBCb1DpzdnWZoMlGVBfcY5Almn9I++Um99AnmUo=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: blog.morphisec.com
access-control-allow-credentials: false
via: 1.1 417c242b19212928b079740e6dd8f54c.cloudfront.net (CloudFront)
cf-ray: 8f3657b6ce37438a-EWR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1

GET
H3 200 magnificpopup.js Show response
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6224925249/1569821730326/Morphisec/Coded_Files/ 20 KB
9 KB 33ms
31ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6224925249/1569821730326/Morphisec/Coded_Files/magnificpopup.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-request-id: f47d2fa1-9d29-42f0-a901-4d88d25cb4d9
content-encoding: br
cf-cache-status: HIT
etag: W/"ba6cf724c8bb1cf5b084e79ff230626e"
age: 2930
x-amz-version-id: AenlXmDNTXiJmWpCG4hF_X9US4k8ofw.
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QQlB3XdOoiHXhNVD2xCBvcgRGL5visoZaZEsLZ5oN24Ks5edNSOH7D1%2BRURsODQ0NnKdssBWDAeFfVVjcn7ag3V2rWRmAhcjIIHIowXREvLZk%2Fek%2FAuuXtXuHhLkC92%2BmKbqGytJbLU2wiLOZRjlMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: -ZE4RtdUGyqpxuf_NdUfCMN3vdf_tA4L-VTBS-wtBX2vxn7boZE3PA==
x-hubspot-correlation-id: f47d2fa1-9d29-42f0-a901-4d88d25cb4d9
content-type: application/javascript; charset=utf-8
last-modified: Mon, 30 Sep 2019 05:35:31 GMT
priority: u=3,i=?0
server-timing: cfExtPri
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5689dcb94b-twx7j
x-envoy-upstream-service-time: 171
x-amz-request-id: V7T3PJES3BSFHXKS
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-virtual-host: all
date: Tue, 17 Dec 2024 10:48:45 GMT
vary: origin, Accept-Encoding
x-amz-id-2: ug5Vze5OMKGxkBlo6YO3GtPYSQhZxNz6LExKAqWlGKnj53cGKEBbs5YnYYuU6OqbPjHhLWZQWxAQEIp6tKHd2mJyYXLQl1HxZcbcBlB1G8s=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: blog.morphisec.com
access-control-allow-credentials: false
via: 1.1 7dc4818c830423900ae855831181d2b8.cloudfront.net (CloudFront)
cf-ray: 8f3657b6ce38438a-EWR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1

GET
H3 200 Morphisec_Sept2018_script.min.js Show response
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6213834399/1671716921459/Morphisec/Coded_Files/ 166 KB
43 KB 42ms
40ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6213834399/1671716921459/Morphisec/Coded_Files/Morphisec_Sept2018_script.min.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1c5f683908c190d5f9f618337d8d7c586d735f1ace24afdc81208dbf52a5f45c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-request-id: 4bd35559-bf8d-4dfa-bce2-50845ecd65cb
content-encoding: br
cf-cache-status: HIT
etag: W/"f7327c38d9f5aeef245b0ee300152178"
age: 1043
x-amz-version-id: YMjvkoc5EhQ12za.7KqifcSwG8LKYS3S
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Cqnmda7V9F%2FB%2FC5uM%2F8VeGHPIVbc4E2krnGkQr1hON5bJ2bCzG58YhiSYktLZw90X%2BTx7h8d0uAnv5LOj0gAa8Mw%2BvT1iDYvgZWFX7SsFmilqfm9gCGVXm5reqthRzvYPgD%2Bcp33OwBt1ETMmXCbCg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: UzPeqDKduqI_EgKkOLlyCzoK7yWLiL5HkY4jU7yy4bejwrVbfQHGbw==
x-hubspot-correlation-id: 4bd35559-bf8d-4dfa-bce2-50845ecd65cb
content-type: application/javascript; charset=utf-8
last-modified: Thu, 22 Dec 2022 13:48:43 GMT
priority: u=3,i=?0
server-timing: cfExtPri
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-5689dcb94b-fqbkq
x-envoy-upstream-service-time: 233
x-amz-request-id: 6E6HY61BX2NZV59Y
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:45 GMT
vary: origin, Accept-Encoding
x-amz-id-2: Sg6uzTDjwcHDHvfQOE+Ts8NxHP3a0Q7V/dV8xB6n5OklEbiOQvMMK0P0v/ak9FC1KyvFHyRL1g0=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: blog.morphisec.com
access-control-allow-credentials: false
via: 1.1 2e50d9b1ee017f302768660f02b7418e.cloudfront.net (CloudFront)
cf-ray: 8f3657b6ce39438a-EWR
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1671716922383

GET
H3 200 1534169.js Show response
blog.morphisec.com/hs/scriptloader/ 3 KB
2 KB 86ms
83ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/scriptloader/1534169.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

079b0eeae54d172db6026ffdb5ec43396a8a821b3e01b2cebabccebc006c66ee

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

access-control-max-age: 3600
content-encoding: gzip
cf-cache-status: EXPIRED
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sUm4Yx1VWP10k3K1ol9OULCKE0fP3dJh6fvaLuE5p0zcnHthDIiuz4g5R9wDiD66k0tfrgqv8Yi6Vuraazu68c9wXfsf7%2BmWE3R64RqfcqfXdPodqKQZ2drJroij9sTZEMTksXxeWCb%2F7Hp8rYcqlg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Tue, 17 Dec 2024 10:50:15 GMT
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Tue, 17 Dec 2024 10:48:45 GMT
x-hubspot-correlation-id: 70aa0466-0f80-40c3-bfe4-49b104bb547e
content-type: application/javascript;charset=utf-8
last-modified: Tue, 17 Dec 2024 10:48:45 GMT
vary: origin, Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=90
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: true
cf-ray: 8f3657b6ce3a438a-EWR
accept-ranges: bytes
access-control-allow-origin: https://blog.morphisec.com
content-length: 704
server: cloudflare

GET
H3 200 index.js Show response
blog.morphisec.com/hs/hsstatic/HubspotToolsMenu/static-1.354/js/ 12 KB
5 KB 32ms
30ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/hsstatic/HubspotToolsMenu/static-1.354/js/index.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

42c7e51d284cd7256caf3bfebf641141876657ea0d6e5588ac7e69dce1e9cf7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"3ef0deda0631561665e95645daf500a2"
age: 1138255
x-amz-version-id: O3iI8Pl3bd7LIBbSsE98q3XHW8vfw5hp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WgutYB3XC8ww%2FLby0oPb2FyKbKySIdKvhLyVu4uX5ifZ%2Ba1co%2FZogQdWdIfmlYQvvtYW4fhsvQ%2BRx0R%2BEMibimpW7E0168lNcfxB6UGtwR328HoTFyOzwMVQKJrqM5LhxYkZJnZGIoLdFzMIT6n%2Fow%3D%3D"}],"group":"cf-nel","max_age":604800}
expires: Wed, 17 Dec 2025 10:48:45 GMT
alt-svc: h3=":443"; ma=86400
x-cache: Hit from cloudfront
x-amz-cf-id: ZfZOzuTYCydlsSFJ7m7UX9Kvsn4fBoj9Ux3IzMg3sb2x2Vg8qzWBMw==
date: Tue, 17 Dec 2024 10:48:45 GMT
content-type: application/javascript
last-modified: Wed, 21 Aug 2024 20:24:20 GMT
vary: accept-encoding
priority: u=3,i=?0
server-timing: cfExtPri
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 6741f9acf28bc52b25f06e9986a71e26.cloudfront.net (CloudFront)
cf-ray: 8f3657b6ce3b438a-EWR
x-amz-cf-pop: JFK50-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 349 KB
116 KB 57ms
36ms Script
application/javascript 2607:f8b0:4006:81e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PQBJZ8K

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9249d1ef1169e99b4692229543497047ae7ebccbbb7e2b587a63977faee58bcf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires: Tue, 17 Dec 2024 10:48:45 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 17 Dec 2024 10:48:45 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 17 Dec 2024 09:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 117685
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 font-awesome.min.css
blog.morphisec.com/hubfs/dynamic_esg/css/ 20 KB
1 KB 38ms
34ms Other
text/css 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hubfs/dynamic_esg/css/font-awesome.min.css

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2d09c4a39acf0339c9697b5837fec5bb2bfb9f92677ac2133640b900f91925c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

content-encoding: br
cf-cache-status: HIT
x-amz-version-id: t80ZTUuyC2UKWRLSZGKnunSDBqf49hOf
age: 1711340
cache-tag: F-5753530423,FD-5753372182,P6R6f,FLS
etag: W/"aede50e4be8da8450a046f9d293e57a5"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=49bvtFzo8M4Zkk5kFw09KNWP6aqeyfJWU1j9ndL%2BpaB%2BzwMgdzYUtwZhzz11on8bS0cNP5FJjOvc8OXOjYJpZzLOy9Cz%2FqOH%2F7LXplRDDzie84XS4sLoJ57lhF%2FdriA9ty%2BcnLMXSApxpW%2B8ClIeug%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: LOPKgc0L3syAI4KlTxp4s2PljEEBLAdkIoo0VHLVwlUf17K-hUy8rg==
last-modified: Wed, 02 May 2018 21:34:26 GMT
content-type: text/css
priority: u=4,i
server-timing: cfExtPri
edge-cache-tag: F-5753530423,FD-5753372182,P6R6f,FLS
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: GAVNQY4Y3JS3RME2
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-5753530423,FD-5753372182,P6R6f,FLS
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
access-control-allow-methods: GET
date: Tue, 17 Dec 2024 10:48:45 GMT
vary: Accept-Encoding
x-amz-id-2: yvbC2k7lAXdm/te/qE0JsNEiwALJz0oIVNoNVGUdaTOw2bajpVXb8QbPXlPBe5hOIheXv72bUu0=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 a99ebae546aae4a2f6278081e3adcd10.cloudfront.net (CloudFront)
cf-ray: 8f3657b6ce3c438a-EWR
access-control-allow-origin: *
x-amz-cf-pop: BOS50-C3

GET
H2 200 css2
fonts.googleapis.com/ 59 KB
3 KB 48ms
24ms Stylesheet
text/css 2607:f8b0:4006:820::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;0,800;1,300;1,400;1,600;1,700;1,800&display=swap

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110809165900/1726781333453/2023/CSS/old-style.min.css

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

c2ffcc23e70888f086bd6621dbf457f6b4f0f99b4d92e4fa2ca4cd0e9b2792e6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110809165900/1726781333453/2023/CSS/old-style.min.css

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Tue, 17 Dec 2024 10:48:45 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 17 Dec 2024 10:48:45 GMT
content-type: text/css; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified: Tue, 17 Dec 2024 10:04:18 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

GET
H3 200 Montserrat-Regular.woff2
www.morphisec.com/hubfs/fonts/ 64 KB
66 KB 110ms
36ms Font
application/font-woff2 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.morphisec.com/hubfs/fonts/Montserrat-Regular.woff2

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3437637c88e40ab5f57b1e37129d03ebb7594a6fc8ea56061284c93f8088beb8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://blog.morphisec.com
Referer: https://blog.morphisec.com/

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "6b8307d4d485772acfa7afe8265fb942"
age: 1711285
cache-tag: F-109620535302,FD-109627043208,P-1534169,FLS-ALL
x-amz-version-id: nSDGlIqPXu9uV3l2fdqqNA5m3fzDIOo2
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BljLaC2w5Z8C3xIFoi2J965w1mWgWPRS0qWYF4Y1XWl8sHnfDRfP5ysC%2BB%2BMeB51PulZtvzcL0UKLgqrPUBB1FtDjLcST6c0A1C%2BICp%2FHSMbSCpyyhZt0DYsbnwglL%2Fdx6EPna%2B5%2BJJFKdej%2FGBN"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: VYgZHhWeQOVlRnAiRlxa7TSSzHl8xaXoMzqbZhq7o8YPsaSJJ8OUQQ==
content-type: application/font-woff2
last-modified: Wed, 05 Apr 2023 11:12:00 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-109620535302,FD-109627043208,P-1534169,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 4A8EH30WAC60X9EM
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-109620535302,FD-109627043208,P-1534169,FLS-ALL
content-length: 65900
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:46 GMT
vary: Accept-Encoding
x-amz-id-2: CZveTzGew9ClEKhZ6cj1Prp4WlTU/r7pmovNnDelwsHH534TAphY805gncA73FytJ6V697uyyxY=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 a4edf08fb593b7ca4fee9a64018a186e.cloudfront.net (CloudFront)
cf-ray: 8f3657b79eb4421f-EWR
access-control-allow-origin: *
x-amz-cf-pop: JFK52-P1
x-amz-meta-created-unix-time-millis: 1680693119101

GET
H2 200 3c83d6d5-0c56-47b7-8aee-ae6edf73c360.png
no-cache.hubspot.com/cta/default/1534169/ 2 KB
2 KB 40ms
40ms Image
image/png 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/1534169/3c83d6d5-0c56-47b7-8aee-ae6edf73c360.png

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d0faa1510d3999ee6ce630052e0f8c562acc8b69380ceb4e7f812aaa4c5303f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

cf-cache-status: DYNAMIC
etag: "3d5f63abc7db36507720723f2c0d0e15"
x-amz-version-id: ulKQMNoMzME6ZWTBPDeq_A_qJjzsu_Xz
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ibX1rpwVshwuym49hfV3K1G429FgSD1RI8%2Bh5hcy3pulPplK%2Fikfhbm7tBRWIR%2B4V2GB83o%2F1dcZ9UDbFzc8sNUV7y8S8DH1owhPZolhSZVUf4FBnYHZfW1TYSod49tXZDsMuplBA4jEqX4qRFlsDhy4"}],"group":"cf-nel","max_age":604800}
date: Tue, 17 Dec 2024 10:48:45 GMT
content-type: image/png
last-modified: Wed, 05 Apr 2023 16:30:06 GMT
x-amz-id-2: m0/IZ7TZkv+dk15Uz9NGU+qEBsTUhrxMd4BZzyQp1fgTUIWkh5N+WTVodBbOSS9o4+vEzWzOj+E=
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 2N56416T1NWRT7JY
cf-ray: 8f3657b73e097d14-EWR
accept-ranges: bytes
content-length: 1631
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3.png
no-cache.hubspot.com/cta/default/1534169/ 1 KB
2 KB 38ms
38ms Image
image/png 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/1534169/d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3.png

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be96a16025bfbe78bed5a7475f5877696f919dcf9b37939866f8c2d47af7976c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

cf-cache-status: DYNAMIC
etag: "eacaba2cc1bbf4de2a43469ab485d45e"
x-amz-version-id: null
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eLzNDlnZqoshuFCgohdRTCZN10UC5bwmaI43yHOdUnQK7kq2Di3YF3vVoNE0ttVHGyLO21Kh70lbienQjtTUg6RA9fQBzJqFvH9lH5zIbQMopGpjF3hxq5ahuvQ0zl7h2DU1qygUp3xTzxwUyz8ujlyW"}],"group":"cf-nel","max_age":604800}
date: Tue, 17 Dec 2024 10:48:45 GMT
content-type: image/png
last-modified: Fri, 18 Nov 2022 14:30:06 GMT
x-amz-id-2: Av0HPfD0ezYj+m2yA0r5zU682Lm3o7OAum4yDBezU8p59vOevloK54LZNSOM18QWMIDNh7/5Sdw=
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 2N56JZW7SPTP3PKY
cf-ray: 8f3657b73e0b7d14-EWR
accept-ranges: bytes
content-length: 1384
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 Morphisec-Logo.svg
blog.morphisec.com/hubfs/ 5 KB
1 KB 25ms
24ms Other
image/svg+xml 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hubfs/Morphisec-Logo.svg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7336afe3d92703a1b35e780301c688426c74d5a8c3d9cd1794d3370d763e58d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
x-amz-version-id: CLh4I1f8H1fjYE.XdVDUvmpXn1gHCWyp
age: 1711340
cache-tag: F-163965048881,P-1534169,FLS-ALL
etag: W/"765cc8beac4cc28676c6e847214549f8"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=thEuHbzhs2zdyYKTOolRA2pfLxzO1BIA97boYkT70UWv8Vp6HPUevJMRiafSzvY6BHcT03o4%2F%2B6rAet4D3zEaNywe7Jx15pOfE7623L6M6hcKBvTWyQhFZvegOiDNFH8em2BfsMSyQ8hYzZgEq8WPA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: 4gve3vt-yFg3SYFshfRVM0kizT3sWUNr10oNP-bsi8DM5eEYJEo8kg==
last-modified: Tue, 09 Apr 2024 20:39:11 GMT
content-type: image/svg+xml
priority: u=4,i
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-163965048881,P-1534169,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 5G7DX9C8HDRH86A9
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-163965048881,P-1534169,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:45 GMT
vary: Accept-Encoding
x-amz-id-2: ORvfjRzpWc/dheKMQSZfmHoW9/XUVWANd4PMoWjNFn4tozmKDBgm68o2vpnUzevHr8x3QOFRnUc=
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-meta-access-tag: public-indexable
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 57c102c70e75a901dd116fc5d46f5524.cloudfront.net (CloudFront)
cf-ray: 8f3657b73e7a438a-EWR
access-control-allow-origin: *
x-amz-cf-pop: BOS50-C3
x-amz-meta-created-unix-time-millis: 1712695150225

GET
H3 200 arrow.svg
www.morphisec.com/hubfs/ 271 B
2 KB 75ms
31ms Image
image/svg+xml 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.morphisec.com/hubfs/arrow.svg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1718666705155/module_109590708858_Header_-_Global.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8178a23344ec8e9b3f599125e10c07ec57bd94f1790a8b5b04f16d11747faded

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"4e0f4888e02de418e83ed88b0fb6b77b"
age: 1711340
cache-tag: F-109679247133,P-1534169,FLS-ALL
x-amz-version-id: NbewtlYhb0U79FAEY4s37zmrf8HRhCTq
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TwKa0LGEY0dj%2FkyzS4YA496VyH3K8vck4j5JLrZRmNkrAdsetxBvLLsyzhynq7xzlsTE6wUYx%2F3Tj%2BlHAdpv8hEbXocpDv6ZFnRYkHgZZqbeHSkrXeaPu1Y11NFjFENGM6YuTQVyiCOSjSo0he%2F0"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: QdEBb1buyEX57gqy8fsp-OyNIUC3dCi2WU5teSeNo2RVdZgInAhSCQ==
content-type: image/svg+xml
last-modified: Wed, 05 Apr 2023 16:07:16 GMT
priority: u=1,i
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-109679247133,P-1534169,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: FFQRGYFCC2MWHSJQ
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-109679247133,P-1534169,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:46 GMT
vary: Accept-Encoding
x-amz-id-2: i5V3gHkb02X7ZKQ9HPmX0hc51WhIwrEQyUDY5dVPc8GssPjGx7WKPXyJUSoEc1GgzbQb59ozEE8TQ2IS8DB7a2F+PHhwHgMlMgD0xy+fyFg=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 089e5c15dadcbb072411e849a9c5d404.cloudfront.net (CloudFront)
cf-ray: 8f3657b799ff41db-EWR
access-control-allow-origin: *
x-amz-cf-pop: BOS50-C3
x-amz-meta-created-unix-time-millis: 1680710835406

GET
H3 200 arrow-white.svg
blog.morphisec.com/hubfs/ 349 B
2 KB 26ms
26ms Image
image/svg+xml 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.morphisec.com/hubfs/arrow-white.svg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d19d09e24c8a6da58f2db0561d49f8719a08c9d80561578116bf155a615bd98a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"60bbbc0bc1edd1fb7cca1a100a63be01"
age: 1711339
cache-tag: F-109627044436,P-1534169,FLS-ALL
x-amz-version-id: KMw_AMABoswm8oNvOvnloHZvZpdq9inh
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BeyM5s6Zi86f%2Bv2E6zd6kX%2BerBT4LqGi%2FRS0ww0dZd2CtKaDdqdK5yICB5zg6YblTVwYX2Ba%2FuyePQSJd%2FjoIVv2AkhBTLyX4M%2F4FQ45cAH%2F7gSudNx8Kbd5r3fWsHsSvsAbfwIusyC49ug1c1%2BOeQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: jjvvf-mVV7mGx7esEzG8XYKqxM7XvWpFADuOcvoYD-BNSzZs1aYbnw==
content-type: image/svg+xml
last-modified: Wed, 05 Apr 2023 11:35:44 GMT
priority: u=3,i
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-109627044436,P-1534169,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: ASSHXZGXE8E1779J
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-109627044436,P-1534169,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:45 GMT
vary: Accept-Encoding
x-amz-id-2: YHB5BBanp1Ut2K1NGZ7WQVZJ2SroQOQmuWSkYzFS8EqBoVavX3Ta94w1Gr3RMqa9dPqYjFN3RY4=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 02b6cda388999c13e8a7c7e31ef67764.cloudfront.net (CloudFront)
cf-ray: 8f3657b75e86438a-EWR
access-control-allow-origin: *
x-amz-cf-pop: BOS50-C3
x-amz-meta-created-unix-time-millis: 1680694543135

GET
H3 200 cybersecurity%20threat%20research%20blog.jpg
blog.morphisec.com/hubfs/ 4 KB
5 KB 23ms
23ms Image
image/webp 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.morphisec.com/hubfs/cybersecurity%20threat%20research%20blog.jpg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ad5d4193328e2083398686d67b7e67b9d7ab9b935d745746d186c33d07bf4a65

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "2b7b7ed7eb036c12623f2218a7bab31b"
age: 1227739
cache-tag: F-129397473892,P-1534169,FLS-ALL
x-amz-version-id: c0ZTjM3EuQi57sUJlqRjc9N65oFUDRbx
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mlQaLPb0YILnQF7VjfChwwTR6cV9p34huqQ01TNjA5jArUePiPUswAg0TqJxNcOuk1Y%2BrQryap58CTBiCODrnoQIF%2BcZYt%2F7UoKjVArhsO6jGNP6pHtozXnYbtqM4ZFDoQFiQcSg0r0f5ZkmnMrCjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: 13c8j1Kd65Bcm7K4hGFzLI8XDdud-bouqpldBBn4DL0y51iEPWc3zA==
content-type: image/webp
content-disposition: inline; filename="cybersecurity%20threat%20research%20blog.webp"
last-modified: Thu, 10 Aug 2023 11:55:30 GMT
priority: u=3,i
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-129397473892,P-1534169,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
server-timing: cfExtPri
x-amz-request-id: DG1W9TG5Z5WM5AXQ
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-129397473892,P-1534169,FLS-ALL
content-length: 3770
x-hs-alternate-content-type: text/plain
server: cloudflare
x-amz-server-side-encryption: AES256
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
cf-polished: qual=85, origFmt=jpeg, origSize=26491
date: Tue, 17 Dec 2024 10:48:45 GMT
vary: Accept, Accept-Encoding
x-amz-id-2: p18PlPEMWjMYktRthZ93VZOdIbLsyHwPxZh7DJPMaMm2FlrQDiLVtfTIkaT5OSsRv7VzYrIv1a8=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 64d968aa0a0b58a1d00cb142d02b0ac0.cloudfront.net (CloudFront)
cf-ray: 8f3657b75e88438a-EWR
access-control-allow-origin: *
x-amz-cf-pop: JFK52-P1
x-amz-meta-created-unix-time-millis: 1691668529263

GET
H3 200 footer-bg-01.svg
blog.morphisec.com/hubfs/ 1010 B
2 KB 26ms
26ms Image
image/svg+xml 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.morphisec.com/hubfs/footer-bg-01.svg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

afebc654252e2e6725166fd88386decd2d62cbae24cf76f93af01051afcd22bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"2ede0c7ada32266a0c611cfc210050ce"
age: 1711339
cache-tag: F-110476466060,P-1534169,FLS-ALL
x-amz-version-id: _gIdfKK3n3930Ooq3mAnm0BVYetLtdSX
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wZB04QFSKkPliQsdLvWAZJxvTMJj4G9NzkFF848%2FGKKRONzcvCe8GzNzoi0iMY3JYiwiG2Vhf9ITvRV5g8gIxys145KD5YnOGojgO7p6VmyC2Gd2gZNR3wNDiV7Nc5GTJ2PLZnSFdvDajec6Sjb%2B6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: gMbQR2GOa69FtD0slDfba69sBGoD86Q-hlquYtPGH4zyjhCesd7KXA==
content-type: image/svg+xml
last-modified: Tue, 11 Apr 2023 13:55:41 GMT
priority: u=3,i
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-110476466060,P-1534169,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: ASSZ4PTTQMSP0AW2
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-110476466060,P-1534169,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:46 GMT
vary: Accept-Encoding
x-amz-id-2: eRKwYZTRdK3H8aflAC2rD12m+UcJ5C4+7MuRr1pWhqU6IiN0QgBLReqvrYl9G4erwuu3jbsx1zfM7nrXZzrP/GNlfDaU/MZZkDGE9XcpRLQ=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 13d3731e042da4eb724047055086bf24.cloudfront.net (CloudFront)
cf-ray: 8f3657b75e8b438a-EWR
access-control-allow-origin: *
x-amz-cf-pop: BOS50-C3
x-amz-meta-created-unix-time-millis: 1681221340353

GET
H3 200 Montserrat-SemiBold.woff2
www.morphisec.com/hubfs/fonts/ 65 KB
66 KB 36ms
30ms Font
application/font-woff2 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.morphisec.com/hubfs/fonts/Montserrat-SemiBold.woff2

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f3d8c648b4ec40e2369730c552db76ad40994c6dd489ff87b28f6fc1ea2ced96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://blog.morphisec.com
Referer: https://blog.morphisec.com/

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "09e9af57c990afbf2833f00d90880b6b"
age: 1711285
cache-tag: F-109621325689,FD-109627043208,P-1534169,FLS-ALL
x-amz-version-id: N4AY2AcWVnuw91nHKeLaBhsvto1u2FqE
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ifc18DkH29i7pQjNKUsqFu8yvSX%2BOMTSZIjRmppHvd7Arl3buB4fXOzVoY49v2NgZogr6S8lovpGJGqGL68c7GGsHGhiJjNXWoZ9sbqgsBaQWhprKaPGibEVK5xMz03wmgfpqSyhZvy66SOUw6lZ"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: f9XUfXamM1ihtQT-Y4HZDs8GlgOAES8yw9lcz1rOC00YIZVqNpfITQ==
content-type: application/font-woff2
last-modified: Wed, 05 Apr 2023 11:12:00 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-109621325689,FD-109627043208,P-1534169,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: GAVMA3HQ8Z2280FH
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-109621325689,FD-109627043208,P-1534169,FLS-ALL
content-length: 66104
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:46 GMT
vary: Accept-Encoding
x-amz-id-2: +9OHAKKDjINBLG3OfvOt5bREkukRrIyyQkyACsMrupLspmONB8LvT1RtadC0YOx129DX+z08/kg=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 6c1e463b1907685097cce9e63f1cf75a.cloudfront.net (CloudFront)
cf-ray: 8f3657b79eb3421f-EWR
access-control-allow-origin: *
x-amz-cf-pop: JFK52-P1
x-amz-meta-created-unix-time-millis: 1680693119436

GET
H3 200 Montserrat-Light.woff2
www.morphisec.com/hubfs/fonts/ 64 KB
65 KB 38ms
32ms Font
application/font-woff2 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.morphisec.com/hubfs/fonts/Montserrat-Light.woff2

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

636ecb5784f08327b02a785d4bbd25f44b0eeb98b3a8391ec47c0af6b87554a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://blog.morphisec.com
Referer: https://blog.morphisec.com/

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "aab897981ce728bf9faaf8d7e9273e82"
age: 1711285
cache-tag: F-109627043216,FD-109627043208,P-1534169,FLS-ALL
x-amz-version-id: pc80gFZ4d8MJD6P02C8Utp.DAeRoai1s
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QMDTyvW%2BmnTUsxbp%2FWFJ8RW1GNY%2BGr%2FaYMO%2BL3XhV4hjgFNqDcjpC9IONaIQ4xwr4UrhAFDk4Ka%2FSQ%2BjOI21rpK%2BEgsFGKdAcjmr40WmGVeInJ54bUvLvbgxStLeRHIrbDujcIUFdYdtOaZcYbnZ"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: P3DRP3ckIosZnOAArUlHeazm4GMq2cGI3Hth2msHhDEv-kKbloZtmw==
content-type: application/font-woff2
last-modified: Wed, 05 Apr 2023 11:12:00 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-109627043216,FD-109627043208,P-1534169,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 1NK4DN86Y9ZHNAJ8
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-109627043216,FD-109627043208,P-1534169,FLS-ALL
content-length: 65268
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:46 GMT
vary: Accept-Encoding
x-amz-id-2: uGiu9gXu8zI1iIXv+dN6EbUmMSqFZjCaQ168MN/90Mk8+eb792R6jzM6CFtcTrHA6GxsAhJas/8=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 e328ac0201f987aaffe67063ed27028c.cloudfront.net (CloudFront)
cf-ray: 8f3657b79eb6421f-EWR
access-control-allow-origin: *
x-amz-cf-pop: JFK52-P1
x-amz-meta-created-unix-time-millis: 1680693119255

GET
H3 200 Montserrat-Medium.woff2
www.morphisec.com/hubfs/fonts/ 64 KB
67 KB 46ms
40ms Font
application/font-woff2 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.morphisec.com/hubfs/fonts/Montserrat-Medium.woff2

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d4d476694bb5382da2de611b3b716fbed22fcd64d18753111b6d15a28667fd24

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://blog.morphisec.com
Referer: https://blog.morphisec.com/

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "16c1a5b7a2037ec2bad9740c8b0ff8ee"
age: 1711285
cache-tag: F-109620535301,FD-109627043208,P-1534169,FLS-ALL
x-amz-version-id: FUjuK6I4k.9p.Gx8MyhsJW6pvpTlo4q4
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZuezTPVLTRcDW4xFlt8%2BX8ij%2B%2BJR8b3PVwEUrUc2qOT6QjQs253S0CW0oG15M9zykvlc053GeyPngw2hFpO55GazVEv%2FjBlvZ%2B43pBe%2FpiAHDsp7VUP2zg%2BwW2ZU7GPe%2FlrPihQsLQjYEDtIgD2y"}],"group":"cf-nel","max_age":604800}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=YJL5hMH8bYG3eTV0byYAiVZP19YhJylmB7fbHAKIY68-1734432526-1.0.1.1-ULOIFqkpqfPtuoAY0AajaULjfnCg5E4wSbKxxMeu6zIYIkblxdGKaqzQCaK5Hy4RHWrGGeEld7K8ykd63K3e9mjwflTNiLKqEFnCI5rerr66WWlf1n4KB69nPkVcoN6RylS27VzWNKFuyEyPaKlMoH85wAWrjMKp.5Lwkall8YY"}],"group":"cf-csp-endpoint","max_age":86400}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: gflmOUEs-Zy1qQH6CKEoIBZnfwaUz-7NA6yp4XiObcr8p2nkWlcPGQ==
content-type: application/font-woff2
last-modified: Wed, 05 Apr 2023 11:12:00 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-109620535301,FD-109627043208,P-1534169,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 1NK9F1D3SZPCPTZV
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-109620535301,FD-109627043208,P-1534169,FLS-ALL
content-length: 66036
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:46 GMT
vary: Accept-Encoding
x-amz-id-2: xvATJd1xE5i+D7H2gGLfKhNiGP12CDIQCk+eK8hYdYgMbVxsCuRw4eSM+sMq30K7hcQRknk/Eahmn0ekVJA3aVnN+YWrybN5
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
content-security-policy-report-only: script-src 'none'; connect-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=YJL5hMH8bYG3eTV0byYAiVZP19YhJylmB7fbHAKIY68-1734432526-1.0.1.1-ULOIFqkpqfPtuoAY0AajaULjfnCg5E4wSbKxxMeu6zIYIkblxdGKaqzQCaK5Hy4RHWrGGeEld7K8ykd63K3e9mjwflTNiLKqEFnCI5rerr66WWlf1n4KB69nPkVcoN6RylS27VzWNKFuyEyPaKlMoH85wAWrjMKp.5Lwkall8YY; report-to cf-csp-endpoint
via: 1.1 f7b469bae3f4a6418a1a6a50a32d318c.cloudfront.net (CloudFront)
cf-ray: 8f3657b79eb5421f-EWR
access-control-allow-origin: *
x-amz-cf-pop: JFK52-P1
x-amz-meta-created-unix-time-millis: 1680693119004

GET
H3 200 search_icon.svg
blog.morphisec.com/hubfs/ 350 B
2 KB 29ms
28ms Image
image/svg+xml 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.morphisec.com/hubfs/search_icon.svg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

939c1b1420c9dcd654cf23e16482d791454288ca4ff1059fb8839412cc29b2a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"3d95f4288550b5cf8de25c3fedbd715b"
age: 1711340
cache-tag: F-109619762806,P-1534169,FLS-ALL
x-amz-version-id: 1GYCNZt2jwANbtrTaH7YaF79VqL7t05m
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zIxqqBQoMT5iGgb17xYWxljkzExXcf17HMplfq6Ldj859uEGlqajlHpca9Y2F8tJZyVBcxAdCwXWZg9woEBE6KtflQI8oneV7EJQqpciVlvGPdg%2FMQJqmE6ewmIKn00%2FZaeRN%2BLIZISNlFbxw7tzLg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: ZSVNT1VGjD6gSK_H1cM-YH1aZTvVFMZvYbRvNcTfyPyPI6lZ5ZsvwQ==
content-type: image/svg+xml
last-modified: Wed, 05 Apr 2023 10:44:27 GMT
priority: u=3,i
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-109619762806,P-1534169,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: ASSY3JQWKP5BHH0B
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-109619762806,P-1534169,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:46 GMT
vary: Accept-Encoding
x-amz-id-2: nB9kxBJl3ZWSyu89pggOXDZV9EcGbPWy2NkkKrVgbRRa5ZzCJfzXd2wBSfTHqr/NhiPxTKekVeNgIljeCshhe5od70i5n/o2
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 91eb669b324fcf57d0d220d8dbaa9964.cloudfront.net (CloudFront)
cf-ray: 8f3657b79eb2438a-EWR
access-control-allow-origin: *
x-amz-cf-pop: BOS50-C3
x-amz-meta-created-unix-time-millis: 1680691466397

GET
H3 200 blog.svg
blog.morphisec.com/hubfs/ 797 B
2 KB 32ms
30ms Image
image/svg+xml 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.morphisec.com/hubfs/blog.svg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3e8357cc1fe184a45255c2831770245aa454c3e957dfe3df6a0ee789ac77e01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"8d9f2f91fe33b0b94a5bef7287c3abbf"
age: 1711340
cache-tag: F-109682604959,P-1534169,FLS-ALL
x-amz-version-id: ijpJM2MB9gHe5XFpk9UWNXBHqcRn_Olq
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kKbZzHk8PozlxCcWtyBjBErwnfuCsD7w2dH%2B6IZXAao4Qav7s7ggPoREhyZjLCKtkJGPFE%2FwjX9QmHo42CbI7x%2Fls860bUnOe%2B87r0pScNuyXYv%2BLXzzJ%2BXstSLvlU2vHBSX9pemyzXh065hTrReKg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: keUqpgIxR0dx9FF_gih13ns3k7JUSiVB5glaKYKcbPOsged4jgJ1hg==
content-type: image/svg+xml
last-modified: Wed, 05 Apr 2023 16:17:05 GMT
priority: u=3,i
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-109682604959,P-1534169,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: ASSQ9A3CGP68Y3WK
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-109682604959,P-1534169,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:46 GMT
vary: Accept-Encoding
x-amz-id-2: LC2OGTair17DSSSzGOKtgZCJKpLXpx1edumQTnBEkWS55YnaVvPTqWtAmzXydNIdnlAm55yYDlc=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 368d984ddaa7c541b8ba1a87edd0e52e.cloudfront.net (CloudFront)
cf-ray: 8f3657b79eb4438a-EWR
access-control-allow-origin: *
x-amz-cf-pop: BOS50-C3
x-amz-meta-created-unix-time-millis: 1680711424510

GET
H3 200 CoinLurker%20The%20stealer%20powering%20the%20next%20generation%20of%20fake%20updates.png
blog.morphisec.com/hs-fs/hubfs/ 168 KB
170 KB 26ms
24ms Image
image/webp 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.morphisec.com/hs-fs/hubfs/CoinLurker%20The%20stealer%20powering%20the%20next%20generation%20of%20fake%20updates.png?width=1200&height=628&name=CoinLurker%20The%20stealer%20powering%20the%20next%20generation%20of%20fake%20updates.png

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d97180952ebaa2570c0d21bc74e1778b19fa5bcb6a1ac09b0daa585c82c01e29

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

cf-cache-status: HIT
etag: "cf18GMBQMA-wXwtIcjTN3B5-EBP85LQoHV409H_JZsDQ:0c5fcc4cf06ff9e227679254d1008a15"
cache-tag: F-183947056689,P-1534169,FLS-ALL
cf-resized: internal=ok/h q=0 n=24+225 c=0+0 v=2024.12.1 l=172336 f=false
cf-bgj: imgq:100,h2pri
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a%2FqdFkhs4%2FhjIu11wXokFhIYM9FKk8J6bFAZcvzodbFy1yVKsUcY3WcMmyt9w0dhIrXlkTSdd72ZcMPCEn69gClc9JQT1JlM0UJz7GF9t%2BJW6MRN9yERapaJKK4r9EruqJGgqKZpVP5SAYnonB2w0g%3D%3D"}],"group":"cf-nel","max_age":604800}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=.OPlYRS7SjWr8UAn60vmYy.K3eoTjtCswEl2Q26b19w-1734432526-1.0.1.1-Noxy.f3y00lo13kcUj2ER0jDR3_FIB8Gtn7OdP0xNRGgGg..Di1dryEssUx8cqiIM5qrk54K7P8Oi1G_jE4YndfknixUuYywVt6CamIG5y5ienDU_CeoP2lDMDUL2dS4cMAPvEigp1.Zr4_.IyzEqwljHabfo1tgHNls2e.hB5o"}],"group":"cf-csp-endpoint","max_age":86400}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Tue, 17 Dec 2024 10:48:46 GMT
content-type: image/webp
last-modified: Mon, 16 Dec 2024 14:38:36 GMT
vary: Accept, Accept-Encoding
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=.OPlYRS7SjWr8UAn60vmYy.K3eoTjtCswEl2Q26b19w-1734432526-1.0.1.1-Noxy.f3y00lo13kcUj2ER0jDR3_FIB8Gtn7OdP0xNRGgGg..Di1dryEssUx8cqiIM5qrk54K7P8Oi1G_jE4YndfknixUuYywVt6CamIG5y5ienDU_CeoP2lDMDUL2dS4cMAPvEigp1.Zr4_.IyzEqwljHabfo1tgHNls2e.hB5o; report-to cf-csp-endpoint
via: 1.1 f875ba0ddbd90a5e7c9a82af3af607f6.cloudfront.net (CloudFront)
cf-ray: 8f3657b79eb5438a-EWR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 172336
server: cloudflare

GET
H3 200 Fake%20Browser%20Update%20Webview2%20GUI.png
blog.morphisec.com/hs-fs/hubfs/ 20 KB
21 KB 31ms
29ms Image
image/webp 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.morphisec.com/hs-fs/hubfs/Fake%20Browser%20Update%20Webview2%20GUI.png?width=684&height=515&name=Fake%20Browser%20Update%20Webview2%20GUI.png

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f4d3fcf8da239351a654840bbd4eadd26b839d40a8086343cc58f24c68b3281

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

cf-cache-status: HIT
etag: "cfSPyibXkSNZlIehhcmj6LFPZNvLmmApi06cPGK3IlDQ:dbc0c41e0e790353a5cfdf8f07551d44"
cache-tag: F-183782186043,P-1534169,FLS-ALL
cf-resized: internal=ok/h q=0 n=22+71 c=17+53 v=2024.12.1 l=20656 f=false
cf-bgj: imgq:86,h2pri
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7UHziM%2FpzUVdGQieOAIvUsiNC5ecn1wRatCiBuVZZz3dzKnLPUS9Ui%2FHNF6EHDIdQh3gGu2wT7fp5HKpl7rHWntb5TGuhS4jJqApzxKPgNhB9l6PtvJ131kfvyNauyOSSytLuVQF2ZLfOR7rAS0Xgg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Tue, 17 Dec 2024 10:48:46 GMT
content-type: image/webp
last-modified: Wed, 11 Dec 2024 21:01:25 GMT
vary: Accept, Accept-Encoding
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 df10d763492b2272b777b93e70e1f4a4.cloudfront.net (CloudFront)
cf-ray: 8f3657b79eb7438a-EWR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 20656
server: cloudflare

GET
H3 200 x_twitter_icon.svg
blog.morphisec.com/hubfs/ 460 B
1 KB 29ms
28ms Other
image/svg+xml 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hubfs/x_twitter_icon.svg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f1d760682f66979c85193208c7d10daddd5d3e74c6c148bef442a203d330cb22

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
x-amz-version-id: 8OVftkuv4j6Khff8Nb5oAG2Y32IjKCXk
age: 1711341
cache-tag: F-141944464032,P-1534169,FLS-ALL
etag: W/"c7279b34bfee002c148f828d14255c4f"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GnB9RReprP46NOUZs3EE3nOSHCqwKADcGzNH%2FX%2B7%2Fxlt23Iqcm%2B%2B8k2B1asn0OfQpbm%2BqhFOY20XRQVvBXAu9yuBY9Rgm2k7oEUk3KbK0to%2BY7lHyty%2B7y0JkPNIg02agkTwbuBTosZpXEKJ7UsHZg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: qY8BMedSOa1hhUJWQRpTJ7eN22khqpw9TKnzAwa18u3savhKtMvPAA==
last-modified: Wed, 25 Oct 2023 14:16:04 GMT
content-type: image/svg+xml
priority: u=4,i
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-141944464032,P-1534169,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 4NG2GR4MR55F3ZY4
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-141944464032,P-1534169,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:46 GMT
vary: Accept-Encoding
x-amz-id-2: D5WjjthdLWCiDBMv6IV1ULeQW4gT5qv0D2WXU+wLrr2irLQ5iiIGjyJFc9Gz0td18HecGKcl6HAdaAK9g5IiOILF3sbsePYY4qQ23kB2xIw=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 cdf9da8a64fb0b6f66e4c21a885dbf7a.cloudfront.net (CloudFront)
cf-ray: 8f3657b79eb8438a-EWR
access-control-allow-origin: *
x-amz-cf-pop: BOS50-C3
x-amz-meta-created-unix-time-millis: 1698243363640

GET
H3 200 linkedin_icon.svg
blog.morphisec.com/hubfs/ 628 B
1 KB 28ms
27ms Other
image/svg+xml 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hubfs/linkedin_icon.svg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c9492eab132c2db0eaef81fea1bb719d8e3f5a11a32f7ebeeea5af202cd4e5c7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
x-amz-version-id: Bq5Mo6REJV_bnwvIwff4zb93JWXV7_WO
age: 1711341
cache-tag: F-141945428832,P-1534169,FLS-ALL
etag: W/"3ef5ac1f024120437e19fcc4abf556d8"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4mrPbwP6bo4uGYn0wgU%2BGMvmDGHpkE43PgRjD4aLZr9QcCkBH%2FdMTFKTRGROZ5fyN84U3TxDdPLUSFVRRHtSdPwC3DZQnI39xzVtYhmcncvvTCobcPA8VUhR5Xe%2BFCLueW5tXYlko%2F51H%2B6LqASJGg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: KXSuqO-0AhubOJXxgWGKuINKswdUCj-sNzDf2I80qNDbn8aWMgt0dA==
last-modified: Wed, 25 Oct 2023 14:16:04 GMT
content-type: image/svg+xml
priority: u=4,i
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-141945428832,P-1534169,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: FFQP9GJACBQQMVW0
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-141945428832,P-1534169,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:46 GMT
vary: Accept-Encoding
x-amz-id-2: i3OX/49SpPN3em4YaAaLgaWLuMyhoBqHor0HN3Cy3XuibYrLwpxTL4STACkYB4KUmztxSIjKmb4=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 4b2497bf0366f1ebe274abf11e893ff2.cloudfront.net (CloudFront)
cf-ray: 8f3657b79eba438a-EWR
access-control-allow-origin: *
x-amz-cf-pop: BOS50-C3
x-amz-meta-created-unix-time-millis: 1698243363623

GET
H3 200 youtube_icon.svg
blog.morphisec.com/hubfs/ 642 B
1 KB 29ms
28ms Other
image/svg+xml 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hubfs/youtube_icon.svg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

76dd9ffb1b604b0ad3f128d2fe014cc22f934ed40ae792ef9b4600a17866aeb2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
x-amz-version-id: sJlFqbLZ7aHbNE_.KGb6N9TqRjJsKyuv
age: 1711341
cache-tag: F-141945248869,P-1534169,FLS-ALL
etag: W/"ced4da2370fbc2016321a375dbbed68b"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3vOT82dFmXE3Dy%2Fj98SFp8jnVDG7AhILr8wBFKS4dcqL6lomSY0JUrmZBMtYMZsTpn3LqDT%2F1WRfuHMFx9LqIXNVbV52gaR03JZyqcFWNeXtdCYM268%2Bv29NZdBKIPmCnA03l%2FNQQjUG%2F1ZnCHNEjA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: IEZmXDsUJBkbjhMbc0h2QZaj5DB0iU-4U_xFgox-NQf5GxC7Jx1mRg==
last-modified: Wed, 25 Oct 2023 14:16:04 GMT
content-type: image/svg+xml
priority: u=4,i
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-141945248869,P-1534169,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: FFQGD2VXPD9PPAQX
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-141945248869,P-1534169,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:46 GMT
vary: Accept-Encoding
x-amz-id-2: A3EG5JchP05Wr5rYJQ6dvYoBjsIXi3793zXGndGCJ9mL+cGxEzyPCcCAT1POiI1dy3tr8fN/MjKesXWAnL0lyBdktYAzKpp8
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 2c00b6f1d42245c6c3867cc4dfa7f32e.cloudfront.net (CloudFront)
cf-ray: 8f3657b79ebb438a-EWR
access-control-allow-origin: *
x-amz-cf-pop: BOS50-C3
x-amz-meta-created-unix-time-millis: 1698243363649

GET
H3 200 json Show response
blog.morphisec.com/_hcms/forms/embed/v3/form/1534169/37b11fda-a2aa-4805-9c0e-bae8eaccd6b7/ 11 KB
4 KB 89ms
88ms XHR
application/json 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/_hcms/forms/embed/v3/form/1534169/37b11fda-a2aa-4805-9c0e-bae8eaccd6b7/json?hs_static_app=forms-embed&hs_static_app_version=1.6926&X-HubSpot-Static-App-Info=forms-embed-1.6926

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3ec54fffb204b5f57f1addd8dd9c876b4968ab050d17607038727d6a252c4d4a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: a12baa93-17f8-4bb4-a40b-0cf8d01410f4
access-control-expose-headers: X-Origin-Hublet
content-encoding: br
cf-cache-status: DYNAMIC
x-origin-hublet: na1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nXVx45Gca6UlFpVOX1wZg1J%2FT6vKtfRYbv7vYRTFJdhYIHkMhSFdCWM7UY2EPTk4AWnb4IPhVx6mXJg8UTY6dT5wWwRD3XdaWhPjBwRFBIVdwtXoJRwPbyOlAFx6pnCboIpPbjFoI2NXzvvuxWX1ag%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: OPTIONS, GET
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Tue, 17 Dec 2024 10:48:46 GMT
x-hubspot-correlation-id: a12baa93-17f8-4bb4-a40b-0cf8d01410f4
content-type: application/json;charset=utf-8
vary: origin, Accept-Encoding
priority: u=1,i
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 18
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-btm5z
access-control-allow-credentials: false
cf-ray: 8f3657b7fef1438a-EWR
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 38ms
4ms Script
application/javascript 2600:141b:1c00:6::17df:d10d
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:1c00:6::17df:d10d Secaucus, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Resource Hash

5615cdac4c30b1fb905891f5de1e1dcf7745b6b0ec88cfc89360ee48fc240977

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

cache-control: max-age=40205
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 5114
date: Tue, 17 Dec 2024 10:48:46 GMT
last-modified: Wed, 11 Dec 2024 08:31:33 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 57 KB
16 KB 42ms
7ms Script
application/javascript 146.75.36.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.36.157 Reston, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: d4963b8afebfa0063b5d17b4c80f49bce702a37ea5c9b91bb3c996bb9dea4b60

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

vary: Accept-Encoding,Host
cache-control: no-cache
content-encoding: gzip
etag: "4328e910de583ad53b3a7a76455af005+gzip"
accept-ranges: bytes
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length: 15926
date: Tue, 17 Dec 2024 10:48:46 GMT
x-tw-cdn: FT
last-modified: Tue, 29 Oct 2024 01:22:31 GMT
content-type: application/javascript; charset=utf-8
x-served-by: cache-iad-kcgs7200102-IAD
x-amz-server-side-encryption: AES256

GET
H2 200 sl.js Show response
scout-cdn.salesloft.com/ 6 KB
3 KB 54ms
12ms Script
application/javascript 2606:4700::6810:4869
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://scout-cdn.salesloft.com/sl.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:4869 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

content-encoding: br
cf-cache-status: HIT
x-amz-version-id: 6anzvBQcvmaBDc8BSO9zI6Th.IIiwArc
etag: W/"d74cc4825c8e333b2116da3fcc649db1"
age: 6731
x-content-type-options: nosniff
expires: Tue, 17 Dec 2024 14:48:46 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 17 Dec 2024 10:48:46 GMT
content-type: application/javascript
last-modified: Mon, 13 Dec 2021 16:28:37 GMT
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
x-amz-id-2: m5eJk9jh8arLb54x38vlFw5K9s54lhNfMAzW8bR2kyXgbfay0RZwKUnAHpNqR0u1c98+PqaPDWQ=
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=14400
x-amz-request-id: CVF9F7SRWNH38D6W
cf-ray: 8f3657b83e317cac-EWR
access-control-allow-origin: *
server: cloudflare

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 3 KB
2 KB 39ms
17ms Script
application/x-javascript 2a03:2880:f00e:13:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f00e:13:face:b00c:0:3 Toronto, Canada, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

7bdd108cc01fd2295d4c04020e5163d2e7a160c42839083a6216d847a2ed1313

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

content-md5: GGBqZ+s+MlGAN4Gx0Lgzcg==
access-control-expose-headers: X-FB-Content-MD5
content-encoding: gzip
etag: "455a43afd68faa8d93fb79654125b496"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Tue, 17 Dec 2024 11:06:55 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 17 Dec 2024 10:48:46 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-content-md5: 6b4b466ed5e647a88bf95df49e9c76d8
cache-control: public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=14, rtx=0, c=23, mss=1232, tbw=4520, tp=9, tpl=0, uplat=0, ullat=-1
x-fb-debug: 9yP00+OSe6R/av5vyKHsS5jie/+/sqripJjvTsdKx1iHRuJjGBtrk7OLfmOP/39hkCuyq/sEH0rMHyCL+X9+1w==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
access-control-allow-origin: *
content-length: 1686
origin-agent-cluster: ?1

GET
H2 200 widgets.js Show response
platform.twitter.com/ 91 KB
27 KB 44ms
8ms Script
application/javascript 146.75.32.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.32.157 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

content-encoding: gzip
etag: "824beb891744db98ccbd3a456e59e0f7+gzip"
access-control-allow-methods: GET
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
date: Tue, 17 Dec 2024 10:48:46 GMT
last-modified: Mon, 11 Dec 2023 17:20:28 GMT
vary: Accept-Encoding
x-served-by: cache-iad-kjyo7100176-IAD
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=1800
tw-cdn: FT
accept-ranges: bytes
access-control-allow-origin: *
content-length: 27597
x-amz-server-side-encryption: AES256

GET
H2 200 1534169.js Show response
js.hs-analytics.net/analytics/1734432300000/ 75 KB
26 KB 84ms
61ms Script
text/javascript 2606:4700::6811:afc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1734432300000/1534169.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:afc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4dfd5527da83604d3337f60fa00d7aedfd8020fb48c376777dc573c83110668e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-amz-server-side-encryption: AES256
x-request-id: 17284a9f-32d4-4c4d-81c9-d451ea86a912
content-encoding: gzip
cf-cache-status: MISS
etag: W/"3cf05929447775d0ae7efaf3e9761897"
x-amz-version-id: null
expires: Tue, 17 Dec 2024 10:53:46 GMT
x-evy-trace-listener: listener_https
date: Tue, 17 Dec 2024 10:48:46 GMT
x-hubspot-correlation-id: 17284a9f-32d4-4c4d-81c9-d451ea86a912
content-type: text/javascript
last-modified: Tue, 22 Oct 2024 20:38:56 GMT
vary: origin, Accept-Encoding
x-amz-id-2: ydbgHaSNYOcH8NYVodWRBlqnkttMUMb96u4rn5M52tq45giJrXmUSiFcyBvhv7kuAbC8m4ar2wQ=
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-8586d94f84-2bzl2
x-envoy-upstream-service-time: 36
access-control-allow-credentials: false
x-amz-request-id: FYQ49CW48EQX83JZ
cf-ray: 8f3657b82bbdf797-EWR
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/1534169/ 71 KB
26 KB 72ms
59ms Script
text/javascript 2606:4700:4400::6812:28f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/1534169/banner.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:28f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ae0393f48f5412e3124cafc47dd3e8b7bd39a6eb1f2517883c8b175df4df6334

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-evy-trace-virtual-host: all
access-control-max-age: 604800
x-request-id: c29a3365-59f8-4a33-9cdf-30f92a725634
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
content-encoding: gzip
cf-cache-status: REVALIDATED
etag: W/"850933666a1091136679efb21afc00bc"
x-amz-version-id: JBubI2iZXhfvR9NjtL2LPV82OaUIjqI9
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
expires: Tue, 17 Dec 2024 10:53:46 GMT
x-evy-trace-listener: listener_https
date: Tue, 17 Dec 2024 10:48:46 GMT
x-hubspot-correlation-id: c29a3365-59f8-4a33-9cdf-30f92a725634
content-type: text/javascript; charset=UTF-8
last-modified: Wed, 24 Apr 2024 13:11:59 GMT
vary: origin, Accept-Encoding
x-amz-id-2: i9LRwKfXRA2KfouFyLmygiA7Cz1oLOgixeaq9vj12ZqRQxuFEZYYDiWMrpf70qY2CEEsjUo6iiY=
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
timing-allow-origin: *
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6685c9958f-jg42k
x-envoy-upstream-service-time: 27
access-control-allow-credentials: true
x-amz-request-id: 55B5ZF7FG6Y530CP
cf-ray: 8f3657b82f998c72-EWR
access-control-allow-origin: https://blog.morphisec.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 550 KB
92 KB 37ms
13ms Script
application/javascript 2606:4700::6812:8a11
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8a11 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7da57a437a999e2503178063a85ca9557211686f50d7671db0142a2ceb3095d2

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://blog.morphisec.com
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-request-id: b56e9899-c692-45ce-8b5e-f6ef4dc5f664
content-encoding: gzip
cf-cache-status: HIT
x-amz-version-id: PqQn.3x38ZWRmSYb9J2u1wYA9Etnh36Z
etag: W/"e9829c28fae41e369bd948323746cc37"
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
age: 65313
x-content-type-options: nosniff
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: vYTdWBUFXGa6QgymYxrkanA9NjEL2Fq1JELOo5BjJp5cPFaUl7M2Ig==
x-hubspot-correlation-id: b56e9899-c692-45ce-8b5e-f6ef4dc5f664
content-type: application/javascript; charset=utf-8
last-modified: Thu, 12 Dec 2024 15:49:15 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=86400, max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-56k8s
x-envoy-upstream-service-time: 40
x-hs-target-asset: lead-flows-js/static-1.2121/bundle/main/lead-flows-release.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
access-control-max-age: 3000
access-control-allow-methods: GET
x-hs-cache-status: MISS
date: Tue, 17 Dec 2024 10:48:46 GMT
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.2121/bundle/main/lead-flows-release.js&cfRay=8f173422ae97c9a1-IAD
via: 1.1 3c43e000c50d5633eb558057710f3c54.cloudfront.net (CloudFront)
cf-ray: 8f3657b83dbc43cb-EWR
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 28ms
14ms Script
application/javascript 2606:4700::6811:df98
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:df98 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

eef7476c879379d694804e834bd6a5846522e845dc6840a8865708d738ecc4c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-evy-trace-virtual-host: all
x-request-id: bab29780-cc89-45d4-9e2a-5ab8fbd9ec27
content-encoding: gzip
cf-cache-status: HIT
etag: W/"5a023b4ebce089a46ec78957af69d1dc"
x-amz-version-id: Eq3Vi4Lxt5mAu9cQfYoFVm.V_pB.IUhz
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
age: 481
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-hs-cache-status: MISS
x-amz-cf-id: 9ewL6FqGAdNUNKBi9dDWiK0uzr4LN0lO-uA9eu0XDrXKmblOsIxiKQ==
date: Tue, 17 Dec 2024 10:48:46 GMT
x-hubspot-correlation-id: bab29780-cc89-45d4-9e2a-5ab8fbd9ec27
content-type: application/javascript; charset=utf-8
last-modified: Mon, 16 Dec 2024 20:39:16 UTC
vary: accept-encoding
x-evy-trace-listener: listener_https
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-xqtv6
x-envoy-upstream-service-time: 5
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.987/bundles/pixels-release.js&cfRay=8f318a206ed2428e-IAD
via: 1.1 53b70ac9dc46d1c13992b291cf22a9aa.cloudfront.net (CloudFront)
cf-ray: 8f3657b82bbd4332-EWR
x-evy-trace-route-configuration: listener_https/all
x-hs-target-asset: adsscriptloaderstatic/static-1.987/bundles/pixels-release.js
x-amz-cf-pop: IAD12-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 70 KB
25 KB 50ms
37ms Script
application/javascript 2606:4700::6810:6bfe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscollectedforms.net/collectedforms.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6bfe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1764bc84ea6abe91f1634b73a5a6c0ebff400461dfea6a4040bd0c03d86caa8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://blog.morphisec.com
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-request-id: 16ca452a-76f2-4a9b-b405-ed8fcb86620f
content-encoding: gzip
cf-cache-status: EXPIRED
x-amz-version-id: 8IiNiFnnn0n9avBP.k8Mr32sZxpD8Dx_
etag: W/"ceb8bcb73e5536d8416735a3977d227a"
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: TORFsl_kTrrPziIb0t9MtB53feQYvljIjUsyQsc7fAb3xDcVKGNZ4Q==
x-hubspot-correlation-id: 16ca452a-76f2-4a9b-b405-ed8fcb86620f
content-type: application/javascript; charset=utf-8
last-modified: Mon, 09 Dec 2024 13:03:17 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-fndvb
x-envoy-upstream-service-time: 9
x-hs-target-asset: collected-forms-embed-js/static-1.1112/bundles/project.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
access-control-max-age: 3000
access-control-allow-methods: GET
x-hs-cache-status: MISS
date: Tue, 17 Dec 2024 10:48:46 GMT
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.1112/bundles/project.js&cfRay=8ef554bd5c82391a-ORD
via: 1.1 16df6ade68382d048f8aad1f7e39da28.cloudfront.net (CloudFront)
cf-ray: 8f3657b82fbf1851-EWR
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 84 KB
25 KB 55ms
43ms Script
application/javascript 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

674d5ab1e2c5a783115e67fabc4805ac2e8a83d48eb6a1ad3535c23a959a1801

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://blog.morphisec.com
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-request-id: 7b4e4c12-b7ae-4f38-b1d6-c36b76c2d577
content-encoding: gzip
cf-cache-status: EXPIRED
x-amz-version-id: _83IngeMtzUuERab6QgcByX86005NyG0
etag: W/"03686003e4860757c17ae65c11ab8ea4"
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MnQV1XSf2%2FwRxxY4aAtNhE7k3p5gxyarPYzCKr4LTTtpf%2B7i6GrI2eYH6%2B0fWE0A5Gl5p8ql25LQssNV4Q2NH8vlYEAXcIuDjabGaIg93a9otaQVcNxWG7%2F0GI%2FDRf1hOU0U3P8NsQDe7VP5"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: rbnRwTTi2V4xoNagrlbOeOtYwmrSKFLd22yZxA9wU8KYRf6ev-CNOA==
x-hubspot-correlation-id: 7b4e4c12-b7ae-4f38-b1d6-c36b76c2d577
content-type: application/javascript; charset=utf-8
last-modified: Fri, 13 Dec 2024 12:10:35 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-qg7nx
x-envoy-upstream-service-time: 8
x-hs-target-asset: web-interactives-embed/static-2.1996/bundles/project.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
access-control-max-age: 3000
access-control-allow-methods: GET
x-hs-cache-status: MISS
date: Tue, 17 Dec 2024 10:48:46 GMT
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1996/bundles/project.js&cfRay=8f15f2ce68d643b3-IAD
via: 1.1 3042bd56e0ca0a7910df89f6b5e95e9e.cloudfront.net (CloudFront)
cf-ray: 8f3657b84e861a1f-EWR
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H2 204 has-permission-json Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
676 B 72ms
70ms XHR
text/plain 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission-json?portalId=1534169

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/hsstatic/HubspotToolsMenu/static-1.354/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-request-id: e0f5a9b7-db7d-466a-bfca-bd1b656e58ea
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
access-control-allow-methods: GET
x-content-type-options: no-sniff
x-evy-trace-listener: listener_https
date: Tue, 17 Dec 2024 10:48:46 GMT
x-hubspot-correlation-id: e0f5a9b7-db7d-466a-bfca-bd1b656e58ea
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=8f3657b81ecc7d14&resource=unknown"
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-6x4xc
x-envoy-upstream-service-time: 4
access-control-allow-credentials: true
cf-ray: 8f3657b81ecc7d14-EWR
access-control-allow-origin: https://blog.morphisec.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 postlisting Show response
blog.morphisec.com/_hcms/ 14 KB
3 KB 47ms
47ms XHR
application/json 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/_hcms/postlisting?blogId=3742504875&maxLinks=10&listingType=recent&orderByViews=false&hs-expires=1765964561&hs-version=2&hs-signature=AJ2IBuHdG3B3_5mDc5cAzcNS9Ixc-onW3g&currentUrl=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2dec0530b1a91aaea81d978cf2c968438c1b3c35b9562ec13c2e465f81c54843

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: none
x-request-id: 7337ee5e-de5d-4e87-bc6a-30197e3bc731
content-encoding: gzip
cf-cache-status: HIT
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yiIu1FdY%2FluURKn41ceq7mXGvmuR9Q1tzx59MS3IJdIc5c5Wzi2TYw%2FZHR1eEFyKgoba2%2FCNNiMePDQ2NZtWE%2FaIEN2kbw7iU%2BfEEEWBMCUGf0Z59rKX8ETFbM%2FHvq2gRlUxsxNK1HLpiii51xFYnw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Tue, 17 Dec 2024 10:48:46 GMT
x-hubspot-correlation-id: 7337ee5e-de5d-4e87-bc6a-30197e3bc731
content-type: application/json;charset=utf-8
last-modified: Tue, 17 Dec 2024 09:49:11 GMT
vary: origin, Accept-Encoding
priority: u=1,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
x-evy-trace-route-service-name: envoyset-translator
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-10-19-td/envoy-proxy-55cf57c567-qwkj9
x-envoy-upstream-service-time: 23
access-control-allow-credentials: false
cf-ray: 8f3657b81f28438a-EWR
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 consent.js Show response
consent.cookiefirst.com/sites/blog.morphisec.com-66e189ea-c6b6-4303-9c8a-423cc0c43c31/ 3 KB
2 KB 134ms
101ms Script
application/javascript 2a02:6ea0:c454::1
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiefirst.com/sites/blog.morphisec.com-66e189ea-c6b6-4303-9c8a-423cc0c43c31/consent.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQBJZ8K
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c454::1 New York, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: Cookie First CDN-NY1-885 /
Resource Hash: 1fe0bc1d9a1c1cbe91a73f0a0c9aaedfdbea60a59ea6d0b3043c6a32e1f0dbdc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
content-encoding: br
etag: "674bcde6-a39"
cdn-fileserver: 750
date: Tue, 17 Dec 2024 10:48:46 GMT
cdn-storageserver: DE-679
last-modified: Sun, 01 Dec 2024 02:45:58 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: REVALIDATED
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-requestpullcode: 200
cdn-cachedat: 12/06/2024 11:55:06
cache-control: public, max-age=30
cdn-requestpullsuccess: True
visitor-location: US
cdn-requesttime: 0
cdn-uid: d602dab6-3f92-4809-a378-608fd2b89403
cdn-requestid: 1a17088d4416cb92c1d9067f973602a8
cdn-pullzone: 236985
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 885
server: Cookie First CDN-NY1-885
cdn-requestcountrycode: US

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 394 KB
129 KB 32ms
30ms Script
application/javascript 2607:f8b0:4006:81e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-HFVX4VZHCS&l=dataLayer&cx=c&gtm=45He4cc1v897572158za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQBJZ8K

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7c96cf83f01988ba16fac36d470e9def94e057cf27c0862fc7f4e34f78e7fc6a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Tue, 17 Dec 2024 10:48:46 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 17 Dec 2024 10:48:46 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 131571
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 250 KB
90 KB 26ms
25ms Script
application/javascript 2607:f8b0:4006:81e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-784310031&l=dataLayer&cx=c&gtm=45He4cc1v897572158za200

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQBJZ8K

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

cdc7252a3b872aa14de24f70abfc1d759c601941108a32d4954171527f635b1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Tue, 17 Dec 2024 10:48:46 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 17 Dec 2024 10:48:46 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Tue, 17 Dec 2024 09:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 91495
x-xss-protection: 0
server: Google Tag Manager

GET
H3 200 arrow-white.svg Show response
blog.morphisec.com/hubfs/ 349 B
1 KB 28ms
27ms XHR
image/svg+xml 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hubfs/arrow-white.svg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d19d09e24c8a6da58f2db0561d49f8719a08c9d80561578116bf155a615bd98a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/xml, text/xml, */*; q=0.01

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
x-amz-version-id: KMw_AMABoswm8oNvOvnloHZvZpdq9inh
age: 1711340
cache-tag: F-109627044436,P-1534169,FLS-ALL
etag: W/"60bbbc0bc1edd1fb7cca1a100a63be01"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RrW1jruPlAgqCg6ZNsMcGCCDa%2Fwh17tQyuhr8yUO5XAwO5ENKT%2FctDcgqoimBwtlA3z1Jvm5ZlSRXVZKcomPweam%2FBoeGIGtCFI8FhokU8y23QCAZRTdey3%2BxqEk0EFrri5%2BWMNEWxQk8E6afVkfow%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: jjvvf-mVV7mGx7esEzG8XYKqxM7XvWpFADuOcvoYD-BNSzZs1aYbnw==
last-modified: Wed, 05 Apr 2023 11:35:44 GMT
content-type: image/svg+xml
priority: u=1,i
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-109627044436,P-1534169,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: ASSHXZGXE8E1779J
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-109627044436,P-1534169,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:46 GMT
vary: Accept-Encoding
x-amz-id-2: YHB5BBanp1Ut2K1NGZ7WQVZJ2SroQOQmuWSkYzFS8EqBoVavX3Ta94w1Gr3RMqa9dPqYjFN3RY4=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 02b6cda388999c13e8a7c7e31ef67764.cloudfront.net (CloudFront)
cf-ray: 8f3657b89f8a438a-EWR
access-control-allow-origin: *
x-amz-cf-pop: BOS50-C3
x-amz-meta-created-unix-time-millis: 1680694543135

GET
H3 200 arrow-white.svg Show response
blog.morphisec.com/hubfs/ 349 B
1 KB 50ms
22ms XHR
image/svg+xml 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hubfs/arrow-white.svg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d19d09e24c8a6da58f2db0561d49f8719a08c9d80561578116bf155a615bd98a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/xml, text/xml, */*; q=0.01

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
x-amz-version-id: KMw_AMABoswm8oNvOvnloHZvZpdq9inh
age: 1711340
cache-tag: F-109627044436,P-1534169,FLS-ALL
etag: W/"60bbbc0bc1edd1fb7cca1a100a63be01"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bhw%2BzBjzmDm8m7BqFghTxzeTMxB5%2FDQSoZWlx8RNhpjvVOKsPIcjHjlhYDwEnODBqwu3zu1Ro4BJgNrDB1HlXSILQ8D3Uda%2Bd3iJxKF8TeVd1caXNIYB045aJgdo7VjxFqAcj95YkygKc7MP%2BmrJUg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: jjvvf-mVV7mGx7esEzG8XYKqxM7XvWpFADuOcvoYD-BNSzZs1aYbnw==
last-modified: Wed, 05 Apr 2023 11:35:44 GMT
content-type: image/svg+xml
priority: u=1,i
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-109627044436,P-1534169,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: ASSHXZGXE8E1779J
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-109627044436,P-1534169,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:46 GMT
vary: Accept-Encoding
x-amz-id-2: YHB5BBanp1Ut2K1NGZ7WQVZJ2SroQOQmuWSkYzFS8EqBoVavX3Ta94w1Gr3RMqa9dPqYjFN3RY4=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 02b6cda388999c13e8a7c7e31ef67764.cloudfront.net (CloudFront)
cf-ray: 8f3657b8cfae438a-EWR
access-control-allow-origin: *
x-amz-cf-pop: BOS50-C3
x-amz-meta-created-unix-time-millis: 1680694543135

GET
H3 200 close.svg Show response
blog.morphisec.com/hubfs/ 543 B
2 KB 25ms
24ms XHR
image/svg+xml 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hubfs/close.svg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3a4850f556812a808a87669edcc26eecd8abc3e0a35178b57e9049c4271c9117

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/xml, text/xml, */*; q=0.01

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"613d5e657a45fdd73680a2a43b1810a9"
age: 1711340
cache-tag: F-109618525080,P-1534169,FLS-ALL
x-amz-version-id: ojcPDMW2kfX705kNgng7YRySVuOGEcf5
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m0em6NP%2F%2F8XnBihkxn2LctQlO3dAVYasWa%2FJdb2nxPOAc8BsO4hjgHnhry9Asx6EMvIlEY1wPdNfHbPYkJSaYXxb%2FqnBPrmNbgloIIncJQT0Uk3%2BPqSicoMfPeeIWovCBkoBoufwLhypvjjZrQ2shg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: 2QEbmrfwbVNI6MMUcaRsg0pho0xb2y0VxRL5m13QS31Oe7xaY0es9w==
content-type: image/svg+xml
last-modified: Wed, 05 Apr 2023 10:26:18 GMT
priority: u=1,i
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-109618525080,P-1534169,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: ASSGWVEHR2J1G0F2
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-109618525080,P-1534169,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:46 GMT
vary: Accept-Encoding
x-amz-id-2: SNa1dVa2ope6taozhC8E5s403L7bJ7PhXDwcGvB7baVxOT2TrB7IKkXFhcy4eyKIQSKic2y+hNC4TGWID/75hRTHBbeF9Bsz47GrTI2FhkA=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 ab45458dab4686c7513ac68c73537168.cloudfront.net (CloudFront)
cf-ray: 8f3657b89f8b438a-EWR
access-control-allow-origin: *
x-amz-cf-pop: BOS50-C3
x-amz-meta-created-unix-time-millis: 1680690377289

GET
H3 200 search_icon.svg Show response
blog.morphisec.com/hubfs/ 350 B
1 KB 31ms
30ms XHR
image/svg+xml 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hubfs/search_icon.svg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

939c1b1420c9dcd654cf23e16482d791454288ca4ff1059fb8839412cc29b2a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/xml, text/xml, */*; q=0.01

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
x-amz-version-id: 1GYCNZt2jwANbtrTaH7YaF79VqL7t05m
age: 1711340
cache-tag: F-109619762806,P-1534169,FLS-ALL
etag: W/"3d95f4288550b5cf8de25c3fedbd715b"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SalPI%2B2Lw5%2BOf3qljHY%2Bo334djP%2Fr1A7nNYNwXF5lCcgBPMWJWHjAcv2UXmtw8I4gTKQ2MeceCNCClxDQ0irrwnBlGDVTsLnn5nsiF6R%2B7GihEKeJ9H86TRr11Iji697rjt4JS%2Bw%2Fa7RFeOStKACgQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: ZSVNT1VGjD6gSK_H1cM-YH1aZTvVFMZvYbRvNcTfyPyPI6lZ5ZsvwQ==
last-modified: Wed, 05 Apr 2023 10:44:27 GMT
content-type: image/svg+xml
priority: u=1,i
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-109619762806,P-1534169,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: ASSY3JQWKP5BHH0B
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-109619762806,P-1534169,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:46 GMT
vary: Accept-Encoding
x-amz-id-2: nB9kxBJl3ZWSyu89pggOXDZV9EcGbPWy2NkkKrVgbRRa5ZzCJfzXd2wBSfTHqr/NhiPxTKekVeNgIljeCshhe5od70i5n/o2
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 91eb669b324fcf57d0d220d8dbaa9964.cloudfront.net (CloudFront)
cf-ray: 8f3657b89f8e438a-EWR
access-control-allow-origin: *
x-amz-cf-pop: BOS50-C3
x-amz-meta-created-unix-time-millis: 1680691466397

GET
H3 200 blog.svg Show response
blog.morphisec.com/hubfs/ 797 B
2 KB 29ms
28ms XHR
image/svg+xml 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hubfs/blog.svg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3e8357cc1fe184a45255c2831770245aa454c3e957dfe3df6a0ee789ac77e01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/xml, text/xml, */*; q=0.01

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
x-amz-version-id: ijpJM2MB9gHe5XFpk9UWNXBHqcRn_Olq
age: 1711340
cache-tag: F-109682604959,P-1534169,FLS-ALL
etag: W/"8d9f2f91fe33b0b94a5bef7287c3abbf"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Npmsr%2F0qKL053frjcQHkuRw3lR6y%2F0oYSKvgvxI0vts5xo6sZAFFZhz0D%2B%2F%2FJ9oWFXOwUFQrFY%2BAe8dubT4jTcfBWAAuASulINxUej6PKhVvq15i%2FXtYN0H6K0mheupmc4dhRmzDbH4jk6Ijv8trjQ%3D%3D"}],"group":"cf-nel","max_age":604800}, {"endpoints":[{"url":"https:\/\/csp-reporting.cloudflare.com\/cdn-cgi\/script_monitor\/report?m=QvyxWYYv6AZ3OhCKfZqemK1QgCYXUASC2.HE.mUOJhI-1734432526-1.0.1.1-jgRs02mbjZ0P4MSrT6nLo4.7GMcvVwuWZZuM4Eh7ohf8sjA83xeISWyuJBirRxNM9LVE4VsjHKbnW1xAV4SFIpkrNi3lGw8tzHUZqNcCjuKZRU1HbuZkxcZ.tBCGTikMNqyqpRLwMOxlpyXsHcq.R9BjqvzJ54PNXLjFx2mixsM"}],"group":"cf-csp-endpoint","max_age":86400}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: keUqpgIxR0dx9FF_gih13ns3k7JUSiVB5glaKYKcbPOsged4jgJ1hg==
last-modified: Wed, 05 Apr 2023 16:17:05 GMT
content-type: image/svg+xml
priority: u=1,i
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-109682604959,P-1534169,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: ASSQ9A3CGP68Y3WK
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-109682604959,P-1534169,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:46 GMT
vary: Accept-Encoding
x-amz-id-2: LC2OGTair17DSSSzGOKtgZCJKpLXpx1edumQTnBEkWS55YnaVvPTqWtAmzXydNIdnlAm55yYDlc=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
content-security-policy-report-only: script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=QvyxWYYv6AZ3OhCKfZqemK1QgCYXUASC2.HE.mUOJhI-1734432526-1.0.1.1-jgRs02mbjZ0P4MSrT6nLo4.7GMcvVwuWZZuM4Eh7ohf8sjA83xeISWyuJBirRxNM9LVE4VsjHKbnW1xAV4SFIpkrNi3lGw8tzHUZqNcCjuKZRU1HbuZkxcZ.tBCGTikMNqyqpRLwMOxlpyXsHcq.R9BjqvzJ54PNXLjFx2mixsM; report-to cf-csp-endpoint
via: 1.1 368d984ddaa7c541b8ba1a87edd0e52e.cloudfront.net (CloudFront)
cf-ray: 8f3657b89f90438a-EWR
access-control-allow-origin: *
x-amz-cf-pop: BOS50-C3
x-amz-meta-created-unix-time-millis: 1680711424510

GET
H3 200 search_icon.svg Show response
blog.morphisec.com/hubfs/ 350 B
1 KB 57ms
26ms XHR
image/svg+xml 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hubfs/search_icon.svg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

939c1b1420c9dcd654cf23e16482d791454288ca4ff1059fb8839412cc29b2a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/xml, text/xml, */*; q=0.01

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
x-amz-version-id: 1GYCNZt2jwANbtrTaH7YaF79VqL7t05m
age: 1711340
cache-tag: F-109619762806,P-1534169,FLS-ALL
etag: W/"3d95f4288550b5cf8de25c3fedbd715b"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ow6ibjUjzPOf4hkFpBxzeL9D5KzwVyPd1rpzAPzxteOgMpvMzRc0y46SSqvbxT60BhqbfJxrRXLZjd1A4a2CdwXTq8%2BT%2FePrqfbUGy%2B1vQOUBE%2FcoNuKy43Hr6budn5V94u92JJAEc%2BlLispG%2B354g%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: ZSVNT1VGjD6gSK_H1cM-YH1aZTvVFMZvYbRvNcTfyPyPI6lZ5ZsvwQ==
last-modified: Wed, 05 Apr 2023 10:44:27 GMT
content-type: image/svg+xml
priority: u=1,i
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-109619762806,P-1534169,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: ASSY3JQWKP5BHH0B
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-109619762806,P-1534169,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:46 GMT
vary: Accept-Encoding
x-amz-id-2: nB9kxBJl3ZWSyu89pggOXDZV9EcGbPWy2NkkKrVgbRRa5ZzCJfzXd2wBSfTHqr/NhiPxTKekVeNgIljeCshhe5od70i5n/o2
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 91eb669b324fcf57d0d220d8dbaa9964.cloudfront.net (CloudFront)
cf-ray: 8f3657b8cfb6438a-EWR
access-control-allow-origin: *
x-amz-cf-pop: BOS50-C3
x-amz-meta-created-unix-time-millis: 1680691466397

GET
H3 200 blog.svg Show response
blog.morphisec.com/hubfs/ 797 B
1 KB 51ms
22ms XHR
image/svg+xml 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hubfs/blog.svg

Requested by

Host: cdnjs.cloudflare.com
URL: https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b3e8357cc1fe184a45255c2831770245aa454c3e957dfe3df6a0ee789ac77e01

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/xml, text/xml, */*; q=0.01

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
x-amz-version-id: ijpJM2MB9gHe5XFpk9UWNXBHqcRn_Olq
age: 1711340
cache-tag: F-109682604959,P-1534169,FLS-ALL
etag: W/"8d9f2f91fe33b0b94a5bef7287c3abbf"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h7GL6clABlsFT09liqmuADFdC77FvThcB67q28tzRDrke5sIgavsl%2BwS9fO5FuamKBkCRN3PGFLQQw8HtoKbmPl5MAPN6W00O7nJc9yrBDmfWtjyItJjOUWFn0zBOyai4Yub3TW4HkhHGoRN4R2kLw%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: keUqpgIxR0dx9FF_gih13ns3k7JUSiVB5glaKYKcbPOsged4jgJ1hg==
last-modified: Wed, 05 Apr 2023 16:17:05 GMT
content-type: image/svg+xml
priority: u=1,i
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-109682604959,P-1534169,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: ASSQ9A3CGP68Y3WK
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-109682604959,P-1534169,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:46 GMT
vary: Accept-Encoding
x-amz-id-2: LC2OGTair17DSSSzGOKtgZCJKpLXpx1edumQTnBEkWS55YnaVvPTqWtAmzXydNIdnlAm55yYDlc=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
content-security-policy-report-only: script-src 'none'; report-uri https://csp-reporting.cloudflare.com/cdn-cgi/script_monitor/report?m=QvyxWYYv6AZ3OhCKfZqemK1QgCYXUASC2.HE.mUOJhI-1734432526-1.0.1.1-jgRs02mbjZ0P4MSrT6nLo4.7GMcvVwuWZZuM4Eh7ohf8sjA83xeISWyuJBirRxNM9LVE4VsjHKbnW1xAV4SFIpkrNi3lGw8tzHUZqNcCjuKZRU1HbuZkxcZ.tBCGTikMNqyqpRLwMOxlpyXsHcq.R9BjqvzJ54PNXLjFx2mixsM; report-to cf-csp-endpoint
via: 1.1 368d984ddaa7c541b8ba1a87edd0e52e.cloudfront.net (CloudFront)
cf-ray: 8f3657b8cfb0438a-EWR
access-control-allow-origin: *
x-amz-cf-pop: BOS50-C3
x-amz-meta-created-unix-time-millis: 1680711424510

GET
H2 200 cta-json Show response
cta-service-cms2.hubspot.com/ctas/v2/public/cs/ 18 KB
5 KB 107ms
103ms XHR
application/json 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-json?canon=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&pageId=183781340986&pid=1534169&sv=cta-embed-js-static-1.339&rdy=1&cos=1&df=t&pg=6359793e-b232-4b79-9da5-b929fc3dc7aa&pg=3c83d6d5-0c56-47b7-8aee-ae6edf73c360&pg=d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3&pg=3c83d6d5-0c56-47b7-8aee-ae6edf73c360&pg=d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3&pg=198719b5-e849-4d9f-9c75-3c203074b57f&pg=c0c8d819-c7bc-43c9-a80b-7db9c88cd5ab&pg=e098d357-1710-4cfe-8901-19c93de122f4

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

51c5dea99a003cec5f059f3544010eacb1bfbd835fe5fdaec85cc0260020ec29

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: noindex, follow
access-control-max-age: 180
x-request-id: 3a119f96-3891-4de2-8dba-2044e8d0b946
access-control-expose-headers: X-Origin-Hublet
content-encoding: gzip
cf-cache-status: DYNAMIC
x-origin-hublet: na1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PG%2FoUTGvZsOIY2VKcysiJNmg3ocZ5ZDleILvMG7%2FUhTMwe%2FNwfSyBbpYVfSV%2FmzhVE%2B6eUVGU4jXL2k5N2uk38%2BtcaXRbfTPnTD1tLjNpSPIbVJEJW8f9y6SXX21acAA9rQIo3KrSuEJjOs4kVuHkcQl%2FySep36Eqy0%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: OPTIONS, GET
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Tue, 17 Dec 2024 10:48:46 GMT
x-hubspot-correlation-id: 3a119f96-3891-4de2-8dba-2044e8d0b946
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-zpgzg
x-envoy-upstream-service-time: 75
access-control-allow-credentials: true
cf-ray: 8f3657b8af197d14-EWR
access-control-allow-origin: https://blog.morphisec.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
918 B 50ms
29ms Image
image/gif 2606:4700::6812:50cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:50cc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: none
x-request-id: 9e426911-f516-4a55-a587-25a1986767df
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Tue, 17 Dec 2024 10:48:46 GMT
x-hubspot-correlation-id: 9e426911-f516-4a55-a587-25a1986767df
content-type: image/gif
vary: origin
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-wwjgh
x-envoy-upstream-service-time: 1
access-control-allow-credentials: false
cf-ray: 8f3657b8ff5643a7-EWR
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 insight.old.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 7ms
6ms Script
application/javascript 2600:141b:1c00:6::17df:d10d
AKAMAI-ASN1 Akama...

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.old.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:141b:1c00:6::17df:d10d Secaucus, United States, ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL),

Reverse DNS

Software

Resource Hash

e6b8a90a2870483ace67380ff4a64b39bfecb7952a432393470d76a6614fc62c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

cache-control: max-age=67572
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 14634
date: Tue, 17 Dec 2024 10:48:46 GMT
last-modified: Mon, 02 Dec 2024 19:22:52 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET
H3 200 sdk.js Show response
connect.facebook.net/en_US/ 254 KB
75 KB 20ms
19ms Script
application/x-javascript 2a03:2880:f00e:13:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/sdk.js?hash=3cdb13a2ae94e24a4a90caa01f41821a

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f00e:13:face:b00c:0:3 Toronto, Canada, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

e5ac2698e0bccae79538f4a1d4a03e8d52a1857a393aeb200faa8a86eacbd139

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://blog.morphisec.com
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

content-md5: rDXjLNtrZ3J97Y+NHR5wFg==
access-control-expose-headers: X-FB-Content-MD5
content-encoding: gzip
etag: "35cc4b173dbb73bea864ca7875ba8972"
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Wed, 17 Dec 2025 09:32:27 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 17 Dec 2024 10:48:46 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-content-md5: b00f770d78bcc35540e38bc723466e55
cache-control: public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: UNKNOWN; q=-1, rtt=-1, rtx=0, c=20, mss=1232, tbw=1889, tp=5, tpl=0, uplat=0, ullat=-1
x-fb-debug: ezoT67vvXyg9lS3Kon7DX8dtLJhMAtd+PLXpufJkWv3MrTV3IkMmUQtZIPmlYeWt1jaqYf8tc4Q/VIJncBgdhQ==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
access-control-allow-origin: *
content-length: 76613
origin-agent-cluster: ?1

GET
H2 200 adsct
t.co/i/ 43 B
628 B 87ms
65ms Image
image/gif 172.66.0.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&dv=Pacific%2FHonolulu%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2616%2624%261600%261200%260%26na&eci=2&event_id=70b5bb70-ba26-4dbc-827c-a8bd84ce383b&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=95b07cd5-ba1c-4368-a6a7-3d1cb6837fd4&tw_document_href=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxrig&type=javascript&version=2.3.31

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.0.227 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

strict-transport-security: max-age=0
x-transaction-id: dc138b24e699a6cd
cache-control: no-cache, no-store, max-age=0
x-connection-hash: ed33ff1f5c8f88903cb308ab93744c5fb7a6fb559b8ba2da456cc21db285c2e3
cf-cache-status: DYNAMIC
cf-ray: 8f3657b9189742af-EWR
x-response-time: 5
content-length: 43
date: Tue, 17 Dec 2024 10:48:46 GMT
content-type: image/gif;charset=utf-8
perf: 7402827104
server: cloudflare tsa_b

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
395 B 174ms
113ms Image
image/gif 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&dv=Pacific%2FHonolulu%26en-US%2Cen%26Google%20Inc.%26Linux%20x86_64%26255%261600%261200%2616%2624%261600%261200%260%26na&eci=2&event_id=70b5bb70-ba26-4dbc-827c-a8bd84ce383b&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=95b07cd5-ba1c-4368-a6a7-3d1cb6837fd4&tw_document_href=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxrig&type=javascript&version=2.3.31

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

strict-transport-security: max-age=631138519
x-transaction-id: 598071f1f67db139
cache-control: no-cache, no-store, max-age=0
x-connection-hash: fab33b5de573dbf72862ae50c0018b5186fa6ebf4694df3818cf371ab1957a65
x-response-time: 85
content-length: 43
date: Tue, 17 Dec 2024 10:48:45 GMT
perf: 7402827104
content-type: image/gif;charset=utf-8
server: tsa_b

GET
H2 200 widget_iframe.2f70fb173b9000da126c79afe2098f02.html
platform.twitter.com/widgets/ Frame 74D7 0
0 26ms
7ms Document
text/html 146.75.32.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fblog.morphisec.com
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.32.157 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: public, max-age=315360000
content-encoding: gzip
content-length: 105429
content-type: text/html; charset=utf-8
date: Tue, 17 Dec 2024 10:48:46 GMT
etag: "81267302efdfb3e4524a22631a8fc99e+gzip"
last-modified: Mon, 11 Dec 2023 17:19:49 GMT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
tw-cdn: FT
vary: Accept-Encoding
x-amz-server-side-encryption: AES256
x-cache: HIT
x-served-by: cache-iad-kjyo7100037-IAD

GET
H2 200 r Show response
scout.salesloft.com/ 41 B
359 B 53ms
10ms XHR
application/json 18.208.7.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0IjoxMDQ1MTF9.eiHnDZAhBhx__pSttlATzaQdSltPIpahvpYGdr_Bfrg

Requested by

Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

18.208.7.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-208-7-233.compute-1.amazonaws.com

Software

Resource Hash

aa011ed383cb780028a85caaa0dda67dce19b0f4bc596f4f708d1857015c1362

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-request-id: 2842ddcc9d4fb15923e68cc9058a03be
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://blog.morphisec.com
content-length: 41
date: Tue, 17 Dec 2024 10:48:46 GMT
content-type: application/json; charset=utf-8

GET
H3 200 enterprise.js Show response
www.google.com/recaptcha/ 2 KB
1 KB 41ms
25ms Script
text/javascript 2607:f8b0:4006:823::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise.js?&onload=hsRecaptchaLoaded_f489c7c3_3acb_4eca_9943_b5b6ff5b03a7&render=explicit&hl=en

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/_hcms/forms/v2.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ac70750a8ab8a0a1055a671aca726611489dc5dc36c6b27909c79c69d8febb40

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

cache-control: private, max-age=300
content-encoding: gzip
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
x-content-type-options: nosniff
expires: Tue, 17 Dec 2024 10:48:46 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
date: Tue, 17 Dec 2024 10:48:46 GMT
x-xss-protection: 0
content-type: text/javascript; charset=utf-8
server: ESF
x-frame-options: SAMEORIGIN

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 114 B
1000 B 61ms
48ms XHR
application/json 2606:4700::6812:f06c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=1534169

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f06c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cf1cb8930dbca6515121d94c81df4c6b2567c5021435ab4ac683abfc51768ec5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

access-control-max-age: 180
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SuyfMBmLS20Tc13d9nAEWfHhMnzpf%2FCq%2BgAFGTw1ISuEhajVCWNO5fJjsR4ErtfB%2FsbaCaG5b57%2B7C8RpkzkorJ%2Bk9Rc86AZpxWjwjrE4LSQiEq5OYhwrbesPjqHHpxhimVCjGsUxWX4dgTx"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options: nosniff
date: Tue, 17 Dec 2024 10:48:46 GMT
x-hubspot-correlation-id: 6f345d9a-2edf-411a-a11a-ef91026b8bc8
content-type: application/json;charset=utf-8
vary: origin, Accept-Encoding
access-control-allow-headers: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: false
cf-ray: 8f3657b98af143a0-EWR
access-control-allow-origin: https://blog.morphisec.com
server: cloudflare

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 61 B
1017 B 59ms
59ms Fetch
application/json 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=1534169&currentUrl=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&contentId=183781340986

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

027f9fef93a2d620715de7311a5bf674cb3df18a352d2a0a7266c147c157333f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: noindex, follow
access-control-max-age: 180
x-request-id: 48cf593d-1c81-45a8-adfc-1f62091f7940
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=E2CI1vpGMqgt41J%2Bi8hmI9JdNViUNB2LWBKE7BHQUlsNdM9GSLrgIYdsa34J1oXwU8bY9CfvgS2vq96cfSrpym8DmtlhLyy2ckjf%2F6up2C4Y0zf7Jq%2B%2BT%2FP7JWaTxmG637Mw00pA6aMS7SY8NC8ixJ3nYuCleYcphNY%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: OPTIONS, GET
x-evy-trace-listener: listener_https
date: Tue, 17 Dec 2024 10:48:46 GMT
x-hubspot-correlation-id: 48cf593d-1c81-45a8-adfc-1f62091f7940
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-btm5z
x-envoy-upstream-service-time: 7
access-control-allow-credentials: true
cf-ray: 8f3657b97f421a1f-EWR
access-control-allow-origin: https://blog.morphisec.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 133 B
638 B 36ms
34ms XHR
application/json 2606:4700::6810:6bfe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=1534169&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6bfe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1fbec94ad9621a43267c401bb53db7e0605c1a5fb4b666a613356bee7cb84d81

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: 4317a5f6-33c5-459b-8d75-730e73deacec
content-encoding: br
cf-cache-status: DYNAMIC
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Tue, 17 Dec 2024 10:48:46 GMT
x-hubspot-correlation-id: 4317a5f6-33c5-459b-8d75-730e73deacec
content-type: application/json;charset=utf-8
vary: Accept-Encoding
access-control-allow-headers: *
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-856d8787d5-xqtv6
x-envoy-upstream-service-time: 11
cf-ray: 8f3657b9c8501851-EWR
access-control-allow-origin: https://blog.morphisec.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 cta-loaded.js Show response
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 60ms
60ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3&lt=1734432525949&dt=1734432525951&at=1734432526358&ae=1&an=1

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: noindex, follow
x-request-id: 04310f0a-e27c-416c-9cab-3b457fd81377
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-origin-hublet: na1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wWrTXuyNG%2FQZGf6zH4LXAWwHVyRbx5dnfVWJnC%2FMsFOtq6v9bNAfUSQPmvZPkj4t7Bo3T5dMf1ZxlI23MR1xJJzSj8p13aHSDylwQb52TsN5XLb11LT%2FThphsvA%2BSFgWZ38PoCeScuQdKs86CFeleA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Tue, 17 Dec 2024 10:48:46 GMT
x-hubspot-correlation-id: 04310f0a-e27c-416c-9cab-3b457fd81377
content-type: application/javascript;charset=utf-8
last-modified: Tue, 17 Dec 2024 10:48:46 GMT
vary: origin, Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 4
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-zpgzg
cf-ray: 8f3657b9c859438a-EWR
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 0
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 cta-loaded.js Show response
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 53ms
53ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3&lt=1734432525949&dt=1734432525951&at=1734432526359&ae=1&an=1

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: noindex, follow
x-request-id: 52334739-79f4-46b9-959e-ce7b479ad083
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-origin-hublet: na1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R8RFu7N2GBx6XkEmOUp3l0hZmyjKSiilFU%2FlaWMLnzj7HfSVdyVtPohXbC59Yr0cGjhU9Ok2jft5fySRkO0C7%2BWKn1RX9SPD9j3n9fUbohsYPA6P3W1b3%2FLkU%2Bs8pfuDTErA9bQB0wKLmNKIwKGw8w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Tue, 17 Dec 2024 10:48:46 GMT
x-hubspot-correlation-id: 52334739-79f4-46b9-959e-ce7b479ad083
content-type: application/javascript;charset=utf-8
last-modified: Tue, 17 Dec 2024 10:48:46 GMT
vary: origin, Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 2
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-9cthp
cf-ray: 8f3657b9c85a438a-EWR
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 0
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 cta-loaded.js Show response
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 371ms
370ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=e098d357-1710-4cfe-8901-19c93de122f4&lt=1734432525957&dt=1734432525957&at=1734432526360&ae=1&an=1

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: noindex, follow
x-request-id: f92f1ae0-4c54-42eb-9e56-d8403bf0e469
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-origin-hublet: na1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qqG1DljAHHcjysa%2F37ZFOIQLVkL3iQ11nF8Fa1T0l5CfkXAac2TblN4cnVE9%2FUR3AVoEvjfLbLtWbFMG5x%2BEZu0%2FvWb8YXdK%2FAsHjkNKONvK9fwUkw%2BRlf3dpueAsb9NpAfmffv3EfEm37T%2Bh4F1tQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Tue, 17 Dec 2024 10:48:46 GMT
x-hubspot-correlation-id: f92f1ae0-4c54-42eb-9e56-d8403bf0e469
content-type: application/javascript;charset=utf-8
last-modified: Tue, 17 Dec 2024 10:48:46 GMT
vary: origin, Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 3
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-btm5z
cf-ray: 8f3657b9c85c438a-EWR
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 0
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 cta-loaded.js Show response
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 54ms
54ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=198719b5-e849-4d9f-9c75-3c203074b57f&lt=1734432525953&dt=1734432525953&at=1734432526360&ae=1&an=1

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: noindex, follow
x-request-id: 3b162d1b-413f-4839-80d7-3f303219e207
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-origin-hublet: na1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=glZbsn9ne%2FqnkzxiH6%2BdHcxIMORjrU30%2BzzyBV8ubVFx2N1AkPxfD7f7eSTu3bz%2F4bhaz4oa7lOO74QRW2CrGg%2F%2FirRWerqtkuH5KPaqu7sluymKsQGTIOqYV68IVRLCQqoc0nFhZMVSjgnS4yXQFg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Tue, 17 Dec 2024 10:48:46 GMT
x-hubspot-correlation-id: 3b162d1b-413f-4839-80d7-3f303219e207
content-type: application/javascript;charset=utf-8
last-modified: Tue, 17 Dec 2024 10:48:46 GMT
vary: origin, Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 3
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-pb78j
cf-ray: 8f3657b9c85e438a-EWR
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 0
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 cta-loaded.js Show response
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 51ms
50ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=3c83d6d5-0c56-47b7-8aee-ae6edf73c360&lt=1734432525949&dt=1734432525950&at=1734432526361&ae=1&an=1

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: noindex, follow
x-request-id: ccdf4507-04f9-4e42-ac06-bd7a245c851c
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-origin-hublet: na1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XuNev0WRjrOEHU6971Hs%2FtdxKt%2BgymkgNsPDWq%2BjfSy1GOywZOQf701QLeyprtVJJofXC6cqnztgQ34aGPlkwDS2yYrA6YupUfRP76WFDrTRl24cwKGVE%2BpxUuj%2Bt92YKGNTJTw%2FXAjcKzsDMSOoKw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Tue, 17 Dec 2024 10:48:46 GMT
x-hubspot-correlation-id: ccdf4507-04f9-4e42-ac06-bd7a245c851c
content-type: application/javascript;charset=utf-8
last-modified: Tue, 17 Dec 2024 10:48:46 GMT
vary: origin, Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 3
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-q5dzg
cf-ray: 8f3657b9c861438a-EWR
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 0
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 cta-loaded.js Show response
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 53ms
53ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=c0c8d819-c7bc-43c9-a80b-7db9c88cd5ab&lt=1734432525953&dt=1734432525953&at=1734432526362&ae=1&an=1

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: noindex, follow
x-request-id: 517c860d-87db-41eb-8255-4d3337d3bc14
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-origin-hublet: na1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2Se3x7Ty85%2F%2B9AjQbzD45R%2BrgHUGH6PMo7Ech2sKrFIRzcmyJg3gkYaJVm54MK3DhY1sdWC8u4fMIeKhFfIjUfieWZc2jS3T33OHQwA7RpvWZavykd98AP8vjvORF1aEV5wknpFx18OZncvkDPCPkQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Tue, 17 Dec 2024 10:48:46 GMT
x-hubspot-correlation-id: 517c860d-87db-41eb-8255-4d3337d3bc14
content-type: application/javascript;charset=utf-8
last-modified: Tue, 17 Dec 2024 10:48:46 GMT
vary: origin, Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 2
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-btm5z
cf-ray: 8f3657b9c863438a-EWR
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 0
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 cta-loaded.js Show response
blog.morphisec.com/hs/cta/ctas/v2/public/cs/ 0
1 KB 49ms
47ms Script
application/javascript 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=6359793e-b232-4b79-9da5-b929fc3dc7aa&lt=1734432525946&dt=1734432525947&at=1734432526362&ae=1&an=1

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: noindex, follow
x-request-id: 7ca09424-4d03-4719-bef9-331931dbc39c
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-origin-hublet: na1
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EvIRJ2peBGONygnyxM5KILjoEvk%2FGEAiYj0qNcGWpO%2F1VY2iUbfpit8EIeKLUBiuWUZ9PTzqOcJ2UM9ya5YnQwWMtPGnQC6pZG1mV7WXTxO4q3fZwHr%2BFTwZIbgP2CE1vpR16bqWjM18m%2Be%2BTJI2%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Tue, 17 Dec 2024 10:48:46 GMT
x-hubspot-correlation-id: 7ca09424-4d03-4719-bef9-331931dbc39c
content-type: application/javascript;charset=utf-8
last-modified: Tue, 17 Dec 2024 10:48:46 GMT
vary: origin, Accept-Encoding
priority: u=3,i=?0
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 5
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-dnfkd
cf-ray: 8f3657b9c866438a-EWR
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 0
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
610 B 53ms
40ms Image
image/gif 2606:4700::6812:50cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-json-success&value=1

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:50cc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: none
x-request-id: 6decd2b4-aa0e-47c4-afe0-7251b4aebd6e
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Tue, 17 Dec 2024 10:48:46 GMT
x-hubspot-correlation-id: 6decd2b4-aa0e-47c4-afe0-7251b4aebd6e
content-type: image/gif
vary: origin, Accept-Encoding
last-modified: Tue, 17 Dec 2024 10:48:46 GMT
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-6w44x
x-envoy-upstream-service-time: 3
access-control-allow-credentials: false
cf-ray: 8f3657b9dfe643a7-EWR
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
611 B 73ms
61ms Image
image/gif 2606:4700::6812:50cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-render-success&value=1

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:50cc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: none
x-request-id: dd8014e9-ad08-4109-8441-57827a882c68
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Tue, 17 Dec 2024 10:48:46 GMT
x-hubspot-correlation-id: dd8014e9-ad08-4109-8441-57827a882c68
content-type: image/gif
vary: origin, Accept-Encoding
last-modified: Tue, 17 Dec 2024 10:48:46 GMT
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-tffc2
x-envoy-upstream-service-time: 2
access-control-allow-credentials: false
cf-ray: 8f3657b9dfe543a7-EWR
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 CYBER%20RESILIENCY-280x280%D6%B9_v1.1.png
www.morphisec.com/hs-fs/hubfs/ 67 KB
68 KB 28ms
27ms Image
image/webp 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.morphisec.com/hs-fs/hubfs/CYBER%20RESILIENCY-280x280%D6%B9_v1.1.png?height=280&width=280

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c66f537de497e2306014e30c269b7d65e0671eec4b25e53120de90d627100f5

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

cf-cache-status: HIT
etag: "cfxjpKy-LQDu2K5cATPBvf7WurkryKNOHkFkb-FTMTDQ:a015821c789fe4047a66a1cb79283ff8"
cache-tag: F-171610370224,P-1534169,FLS-ALL
cf-resized: internal=ok/m q=0 n=230+199 c=1+198 v=2024.10.6 l=68558 f=false
cf-bgj: imgq:100,h2pri
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=S1WzwLU7A5r3V5N5ujjzq64a%2Fdeay1m71tU24OB9Ea8r9hwR0ncIYIXmAlPCAmPW8buK%2F9Q5dQZqmqM%2BPYp8W%2FKu4IOLf197iwOCw%2FihqbhJgMDs5jM%2B1OO6RLXpXnGH7UEeXmB6ag3c9lftHEhC"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Tue, 17 Dec 2024 10:48:46 GMT
content-type: image/webp
last-modified: Fri, 28 Jun 2024 20:35:53 GMT
vary: Accept, Accept-Encoding
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 a4edf08fb593b7ca4fee9a64018a186e.cloudfront.net (CloudFront)
cf-ray: 8f3657b9cb8341db-EWR
accept-ranges: bytes
access-control-allow-origin: *
content-length: 68558
server: cloudflare

GET
H2 200 a8b85f6e-5b92-440b-9490-8f52fe151636.png
1534169.fs1.hubspotusercontent-na1.net/hubfs/1534169/hub_generated/resized/ 34 KB
35 KB 61ms
46ms Image
image/webp 2606:4700:4400::6812:297c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://1534169.fs1.hubspotusercontent-na1.net/hubfs/1534169/hub_generated/resized/a8b85f6e-5b92-440b-9490-8f52fe151636.png
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 648318e55febdac418f0f8a23db309f81c273a66c5eb41a8aab85b29bebcdc9f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "52f2133547882c1af4bd99b776191ea7"
age: 675669
cache-tag: P-1534169,FLS-ALL
x-amz-version-id: aXW8S0NNcXgP1skXixHskKHTqJIbr4lJ
x-cache: RefreshHit from cloudfront
x-amz-cf-id: ANKWdR0C-L40FQekuSn21UHbGrsC52X69Oy1t8bl1G2T1IY2N2YSMQ==
content-type: image/webp
content-disposition: inline; filename="a8b85f6e-5b92-440b-9490-8f52fe151636.webp"
last-modified: Fri, 05 Jan 2024 21:55:06 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: P-1534169,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: QW2VSTGGJ59V36VE
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: P-1534169,FLS-ALL
content-length: 34660
x-hs-alternate-content-type: text/plain
server: cloudflare
x-amz-server-side-encryption: AES256
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
cf-polished: origFmt=png, origSize=42909
date: Tue, 17 Dec 2024 10:48:46 GMT
vary: Accept, Accept-Encoding
x-amz-id-2: 52HN45ajSVmGnvPFUFyZ7S7GxM4fvGereWjWcX61L/aKRI3bOFSKXmE8qOxaWUfPCyHf4ISGdXA=
timing-allow-origin: 1534169.fs1.hubspotusercontent-na1.net
via: 1.1 368d984ddaa7c541b8ba1a87edd0e52e.cloudfront.net (CloudFront)
cf-ray: 8f3657b9dc76429d-EWR
access-control-allow-origin: *
x-amz-cf-pop: BOS50-C3
x-amz-meta-created-unix-time-millis: 1704491705781

GET
H2 200 i Show response
scout.salesloft.com/ 48 B
466 B 12ms
12ms XHR
application/json 18.208.7.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://scout.salesloft.com/i

Requested by

Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

18.208.7.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-208-7-233.compute-1.amazonaws.com

Software

Resource Hash

13f26112a965660ad5a6037bfc230a90e114f1f8bda6f2b66391b2ed6d8791f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-request-id: e2500ab504f0a92cd356b7b4e29d113d
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
access-control-allow-methods: GET
access-control-allow-origin: https://blog.morphisec.com
content-length: 48
date: Tue, 17 Dec 2024 10:48:46 GMT
content-type: application/json; charset=utf-8

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
569 B 32ms
31ms Image
image/gif 2606:4700::6812:50cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:50cc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: none
x-request-id: 53d90a96-b631-4286-b803-8f6724473ea1
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Tue, 17 Dec 2024 10:48:46 GMT
x-hubspot-correlation-id: 53d90a96-b631-4286-b803-8f6724473ea1
content-type: image/gif
vary: origin
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-b6qgf
x-envoy-upstream-service-time: 4
access-control-allow-credentials: false
cf-ray: 8f3657b9dfe043a7-EWR
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 204 td
www.googletagmanager.com/ 0
18 B 17ms
17ms Image
text/plain 2607:f8b0:4006:81e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.googletagmanager.com/td?id=AW-784310031&v=3&t=t&pid=217513361&dl=blog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&tdp=AW-784310031;;1;6;0&frm=0&rtg=97572158&slo=16&hlo=11&lst=1&pcid=97572158&z=0
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:81e::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgtc:59:0"}],}
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgtc:59:0
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
date: Tue, 17 Dec 2024 10:48:46 GMT
content-type: text/plain
server: Golfe2

GET
H3 200 arrow-white-1.svg
www.morphisec.com/hubfs/ 393 B
2 KB 32ms
31ms Image
image/svg+xml 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.morphisec.com/hubfs/arrow-white-1.svg

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1718666705155/module_109590708858_Header_-_Global.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f04b9db4570a8f016c3b42727fd56b2e8779876c8f6ee5fdcfabb4df25eb48b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"f6b8983a7a9f44be13760be2a7d47927"
age: 1711339
cache-tag: F-109682673984,P-1534169,FLS-ALL
x-amz-version-id: ZWYxcYkJ3fJQSXhQh1nDTahxfuzH5ivg
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9JQ9EiMLjGN%2BGa8Km370ubIAKzgWI2lEukascWy7PMZDBgxyYTX8SZRFT9%2FR%2BHXh03v07gcc4Voone8N4dRyn1rKKL%2BQlDkGQADcu%2FiERMsV5CcawwmO18zddzxk8iBKbU2yX220jZ7UJjJCxyJc"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: MOs2DqUOuWEnoSEBfYJy4deMhuq9A27XYnKWt5aSuyy8-m0uQbqldg==
content-type: image/svg+xml
last-modified: Wed, 05 Apr 2023 16:42:42 GMT
priority: u=3,i
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-109682673984,P-1534169,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 7HJVS7WYSP9CRBJ2
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-109682673984,P-1534169,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:46 GMT
vary: Accept-Encoding
x-amz-id-2: l/9RnqYljGqUKk3A+9Y8WV3Hb53NBZvwzF9G31LJVwcwkn/S+8mIUnG0N9EXf2QczpxB9z75hNk=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 5ce15dbc89c7affb5d3d695afd6d76c0.cloudfront.net (CloudFront)
cf-ray: 8f3657b9fb9e41db-EWR
access-control-allow-origin: *
x-amz-cf-pop: BOS50-C3
x-amz-meta-created-unix-time-millis: 1680712961922

GET
H3 200 Montserrat-ExtraBold.woff2
www.morphisec.com/hubfs/fonts/ 65 KB
67 KB 28ms
27ms Font
application/font-woff2 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.morphisec.com/hubfs/fonts/Montserrat-ExtraBold.woff2

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c8dfa70f0dccd44f1f69659a7d4715aef17d48c4a8f88d4868b919fc9aabb453

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://blog.morphisec.com
Referer: https://blog.morphisec.com/

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "4e861b47db165af12ec0447c91b0167f"
age: 1711273
cache-tag: F-109628007973,FD-109627043208,P-1534169,FLS-ALL
x-amz-version-id: Ai1BLbuGpLfH9Dc8qMneVI9MZINf4ZFA
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZAlkUO5tUmUBHTJ9PBCoMfGKAdDdtKGrVp3uvsc2Tt0%2BFeNWqnNeAjR4257KDiRPo84viyyh5xkxH18gskaZs%2BS4QzOeOMaxewLFPb7AwGBT3j2F6QDcOgzMI2zBvTbdHbMkKgpsgKdlyzE4lON4"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: z2hvMrNXy1n3yt0UuBjmwteT8-WfZPtHxVzzY2rpcT1f1v2ujksh_A==
content-type: application/font-woff2
last-modified: Wed, 05 Apr 2023 11:12:00 GMT
priority: u=0,i=?0
server-timing: cfExtPri
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-109628007973,FD-109627043208,P-1534169,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: GAVHPMQC2MNSQ6AR
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-109628007973,FD-109627043208,P-1534169,FLS-ALL
content-length: 66876
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Tue, 17 Dec 2024 10:48:46 GMT
vary: Accept-Encoding
x-amz-id-2: 2IcgaiO6qqDMDwQvhmOoUENTdYSdGApFEU7GxWv3oGOy3rgkucMmoJ33s5S3h7V+XkyufGqrqeA9U102p2SqJ7CCwclsnKSi/HG6CgYYj3E=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 df10d763492b2272b777b93e70e1f4a4.cloudfront.net (CloudFront)
cf-ray: 8f3657b9f89f421f-EWR
access-control-allow-origin: *
x-amz-cf-pop: JFK52-P1
x-amz-meta-created-unix-time-millis: 1680693119362

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
763 B 122ms
99ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=32136&time=1734432526396&url=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: *
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-li-pop: afd-prod-lor1-x
content-encoding: gzip
x-fs-uuid: 000629750aa07007650073a8051a06ff
x-msedge-ref: Ref A: 5B72FD02CD4347FD8F750E35F97A9FF9 Ref B: EWR311000106045 Ref C: 2024-12-17T10:48:46Z
x-li-fabric: prod-lor1
x-restli-protocol-version: 1.0.0
access-control-allow-methods: GET, OPTIONS
x-li-uuid: AAYpdQqgcAdlAHOoBRoG/w==
x-li-proto: http/2
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Tue, 17 Dec 2024 10:48:46 GMT
content-type: application/json
access-control-allow-headers: *

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32136&time=1734432526396&li_adsId=f8d980f8-3623-4404-a28b-d194c370ac27&url=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32136&time=1734432526396&li_adsId=f8d980f8-3623-4404-a28b-d194c370ac27&url=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D32136%26time%3D1734432526396%26li_adsId%3Df8d980f8-3623-4404-a28b-d194c370ac27%26...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=32136&time=1734432526396&li_adsId=f8d980f8-3623-4404-a28b-d194c370ac27&url=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=32136&time=1734432526396&li_adsId=f8d980f8-3623-4404-a28b-d194c370ac27&url=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the...

0
491 B

87ms
68ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=32136&time=1734432526396&li_adsId=f8d980f8-3623-4404-a28b-d194c370ac27&url=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&cookiesTest=true&liSync=true&e_ipv6=AQJkkLAPYHd6ZwAAAZPUPBGNghyxsAfQbwMzKf8KohUTWhxbMpVpdtHPyE554Um0euQVWH8fvXb2FCnCcf4W2ZxwNNnIfQ0
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

linkedin-action: 1
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: C01C111953CE4E9CA9AFEC25C490B0BC Ref B: EWR30EDGE1615 Ref C: 2024-12-17T10:48:46Z
x-li-fabric: prod-ltx1
x-li-uuid: AAYpdQql+UdtlcV/NKE77A==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Tue, 17 Dec 2024 10:48:46 GMT
content-type: application/javascript

Redirect headers

linkedin-action: 1
x-li-pop: afd-prod-ltx1-x
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=32136&time=1734432526396&li_adsId=f8d980f8-3623-4404-a28b-d194c370ac27&url=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&cookiesTest=true&liSync=true&e_ipv6=AQJkkLAPYHd6ZwAAAZPUPBGNghyxsAfQbwMzKf8KohUTWhxbMpVpdtHPyE554Um0euQVWH8fvXb2FCnCcf4W2ZxwNNnIfQ0
x-msedge-ref: Ref A: 123A4446C0674A68AC82BCF555A09C54 Ref B: EWR311000108027 Ref C: 2024-12-17T10:48:46Z
x-li-fabric: prod-ltx1
x-li-uuid: AAYpdQqkdZNAwx3pSs0bMg==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Tue, 17 Dec 2024 10:48:46 GMT

GET
H2 200 banner.no-autoblock.js Show response
consent.cookiefirst.com/ 101 KB
35 KB 4ms
3ms Script
application/javascript 2a02:6ea0:c454::1
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Requested by: Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/sites/blog.morphisec.com-66e189ea-c6b6-4303-9c8a-423cc0c43c31/consent.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c454::1 New York, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: Cookie First CDN-NY1-885 /
Resource Hash: b54327ee6fcabc302d4040a6f40bfecf80a3f31d9dc8c981cad27f6c42f1572f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
content-encoding: br
etag: "6752c4b0-19505"
cdn-fileserver: 588
date: Tue, 17 Dec 2024 10:48:46 GMT
cdn-storageserver: DE-679
last-modified: Fri, 06 Dec 2024 09:32:32 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-requestpullcode: 200
cdn-cachedat: 12/12/2024 16:25:27
cache-control: public, max-age=1200
cdn-requestpullsuccess: True
visitor-location: US
cdn-requesttime: 0
cdn-uid: d602dab6-3f92-4809-a378-608fd2b89403
cdn-requestid: cbac30945a7ec3d778e797c936988839
cdn-pullzone: 236985
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 885
server: Cookie First CDN-NY1-885
cdn-requestcountrycode: US

GET
H2 200 recaptcha__en.js Show response
www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/ 547 KB
216 KB 24ms
3ms Script
text/javascript 2607:f8b0:4006:809::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__en.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?&onload=hsRecaptchaLoaded_f489c7c3_3acb_4eca_9943_b5b6ff5b03a7&render=explicit&hl=en

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:809::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

b261530f05e272e18b5b5c86d860c4979c82b5b6c538e1643b3c94fc9ba76dd6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Origin: https://blog.morphisec.com
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

content-encoding: gzip
age: 61187
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
x-content-type-options: nosniff
expires: Tue, 16 Dec 2025 17:48:59 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 16 Dec 2024 17:48:59 GMT
last-modified: Tue, 10 Dec 2024 23:05:10 GMT
content-type: text/javascript
vary: Accept-Encoding
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
accept-ranges: bytes
access-control-allow-origin: *
content-length: 220882
x-xss-protection: 0
server: sffe

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
570 B 38ms
38ms Image
image/gif 2606:4700::6812:50cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=3

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:50cc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: none
x-request-id: cb598925-84e6-427c-8a20-c7152b722893
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Tue, 17 Dec 2024 10:48:46 GMT
x-hubspot-correlation-id: cb598925-84e6-427c-8a20-c7152b722893
content-type: image/gif
vary: origin
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-btm5z
x-envoy-upstream-service-time: 2
access-control-allow-credentials: false
cf-ray: 8f3657ba586b43a7-EWR
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 button.856debeac157d9669cf51e73a08fbc93.js Show response
platform.twitter.com/js/ 8 KB
3 KB 8ms
7ms Script
application/javascript 146.75.32.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/js/button.856debeac157d9669cf51e73a08fbc93.js
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.32.157 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 426e16d014775c77916610f675f58880874c645817ed26d01873dde3466e6007

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

content-encoding: gzip
etag: "fdf02dd038ed38dbf3c240d56262af0c+gzip"
access-control-allow-methods: GET
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
date: Tue, 17 Dec 2024 10:48:46 GMT
last-modified: Mon, 11 Dec 2023 17:19:47 GMT
vary: Accept-Encoding
x-served-by: cache-iad-kjyo7100176-IAD
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=315360000
tw-cdn: FT
accept-ranges: bytes
access-control-allow-origin: *
content-length: 2620
x-amz-server-side-encryption: AES256

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
308 B 76ms
75ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: *
Content-Type: text/plain;charset=UTF-8

Response headers

linkedin-action: 1
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 6EC93877FA7849F7B219A26C9E5A0F9F Ref B: EWR311000108027 Ref C: 2024-12-17T10:48:46Z
x-li-fabric: prod-ltx1
access-control-allow-credentials: true
x-li-uuid: AAYpdQqhVM5AB+EtCzuQnQ==
x-li-proto: http/2
access-control-allow-origin: https://blog.morphisec.com
x-cache: CONFIG_NOCACHE
date: Tue, 17 Dec 2024 10:48:46 GMT
vary: Origin

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
612 B 35ms
34ms Image
image/gif 2606:4700::6812:50cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:50cc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: none
x-request-id: 91018188-bfc5-4f1e-9034-a3c0b72ad0d2
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Tue, 17 Dec 2024 10:48:46 GMT
x-hubspot-correlation-id: 91018188-bfc5-4f1e-9034-a3c0b72ad0d2
content-type: image/gif
vary: origin, Accept-Encoding
last-modified: Tue, 17 Dec 2024 10:48:46 GMT
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-lnptw
x-envoy-upstream-service-time: 3
access-control-allow-credentials: false
cf-ray: 8f3657ba989443a7-EWR
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 version.json Show response
consent.cookiefirst.com/sites/blog.morphisec.com-66e189ea-c6b6-4303-9c8a-423cc0c43c31/ 44 B
810 B 150ms
144ms Fetch
application/json 2a02:6ea0:c454::1
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiefirst.com/sites/blog.morphisec.com-66e189ea-c6b6-4303-9c8a-423cc0c43c31/version.json?v=1734432526497
Requested by: Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c454::1 New York, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: Cookie First CDN-NY1-885 /
Resource Hash: 1f111bd9633701ea774d060ca1bb78117c6a5761249265cc45a4a6ca6699a807

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/json
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
content-encoding: br
etag: "674bcde6-2c"
cdn-fileserver: 599
date: Tue, 17 Dec 2024 10:48:46 GMT
cdn-storageserver: DE-676
last-modified: Sun, 01 Dec 2024 02:45:58 GMT
content-type: application/json
vary: Accept-Encoding
cdn-cache: MISS
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-requestpullcode: 200
cdn-cachedat: 12/17/2024 10:48:46
cache-control: public, max-age=15
cdn-requestpullsuccess: True
visitor-location: US
cdn-requesttime: 1
cdn-uid: d602dab6-3f92-4809-a378-608fd2b89403
cdn-requestid: eab5b0abef3bd0a0394d745474a797d6
cdn-pullzone: 236985
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 885
server: Cookie First CDN-NY1-885
cdn-requestcountrycode: US

GET
H2 200 tweet_button.2f70fb173b9000da126c79afe2098f02.en.html
platform.twitter.com/widgets/ Frame 3930 0
0 10ms
10ms Document
text/html 146.75.32.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://platform.twitter.com/widgets/tweet_button.2f70fb173b9000da126c79afe2098f02.en.html
Requested by: Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.32.157 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-methods: GET
access-control-allow-origin: *
cache-control: public, max-age=315360000
content-encoding: gzip
content-length: 12332
content-type: text/html; charset=utf-8
date: Tue, 17 Dec 2024 10:48:46 GMT
etag: "e29e65db7bf0a096587728e1faacfd9c+gzip"
last-modified: Mon, 11 Dec 2023 17:19:48 GMT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
tw-cdn: FT
vary: Accept-Encoding
x-amz-server-side-encryption: AES256
x-cache: HIT
x-served-by: cache-iad-kjyo7100037-IAD

GET
H2 200 embeds
syndication.twitter.com/i/jot/ 43 B
292 B 90ms
34ms Image
image/gif 104.244.42.8
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22morphisec%22%2C%22widget_creator_screen_name%22%3A%22LNadav%22%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1734432526508%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%222615f7e52b7e0%3A1702314776716%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=5b57c85e8c5c2e37dcaa666c83b9d4f7ea7afc87

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.8 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

content-type: image/gif
strict-transport-security: max-age=631138519
x-transaction-id: 416b32dcbdfb2a01
cache-control: must-revalidate, max-age=600
x-connection-hash: f77b35f4a3f555a7229f507dd84d9abbad55a681ef9e97ae4c7bcdd5fcf027ca
x-response-time: 6
content-length: 43
date: Tue, 17 Dec 2024 10:48:46 GMT
last-modified: Tue, 17 Dec 2024 10:48:46 GMT
perf: 7402827104
vary: Origin
server: tsa_b

GET
H3 200 anchor
www.google.com/recaptcha/enterprise/ Frame B594 0
0 49ms
41ms Document
text/html 2607:f8b0:4006:823::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm&co=aHR0cHM6Ly9ibG9nLm1vcnBoaXNlYy5jb206NDQz&hl=en&v=zIriijn3uj5Vpknvt_LnfNbF&size=invisible&badge=inline&cb=3os50yd7cflv

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-17MguS6cJKTcaaFojW9HwQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-17MguS6cJKTcaaFojW9HwQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
date: Tue, 17 Dec 2024 10:48:46 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 location Show response
edge.cookiefirst.com/prod/ 67 B
487 B 34ms
6ms Fetch
application/json 2a02:6ea0:c454::1
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://edge.cookiefirst.com/prod/location?origin=blog.morphisec.com
Requested by: Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c454::1 New York, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: BunnyCDN-NY1-885 /
Resource Hash: b45ccbf32d035de11892a90f51826c45e201927c582271f56acd251e014c16ab

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/json
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

cdn-status: 200
date: Tue, 17 Dec 2024 10:48:46 GMT
content-type: application/json; charset=utf-8
cdn-cachedat: 12/17/2024 10:48:46
cdn-cache: BYPASS
cdn-requestpullcode: 200
cache-control: public, max-age=1200
cdn-requestpullsuccess: True
cdn-requesttime: 0
cdn-uid: d602dab6-3f92-4809-a378-608fd2b89403
cdn-requestid: 3ca1cf41b8c5f468bcf03def0b342a10
cdn-pullzone: 717911
cdn-proxyver: 1.06
access-control-allow-origin: https://blog.morphisec.com
content-length: 67
cdn-edgestorageid: 885
server: BunnyCDN-NY1-885
cdn-requestcountrycode: US

GET
H3 200 cf-bc-handler.html Show response
www.morphisec.com/ Frame 24AC 360 B
1 KB 45ms
45ms Document
text/html 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.morphisec.com/cf-bc-handler.html

Requested by

Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c8f61ff99bdb7078fb9a587059822d308fa9f3e5f9765101876426ab9c4363cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-methods: GET
access-control-allow-origin: *
age: 1711338
alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cache-tag: F-95081226133,P-1534169,FLS-ALL
cf-cache-status: HIT
cf-ray: 8f3657bbdd2241db-EWR
content-encoding: br
content-type: text/html
date: Tue, 17 Dec 2024 10:48:46 GMT
edge-cache-tag: F-95081226133,P-1534169,FLS-ALL
last-modified: Mon, 12 Dec 2022 16:53:21 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
priority: u=0,i
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iJP2lfi4YWNCHgU5hMjfbM%2BW0IofJTkZyFleECcSzPpxr%2FOovy7I3Oekt5KBTKjwAQLw82rqr1ZPTgZg6YHwMY%2F3RKLt82AckoNnrz28adKEaIFFVrqvcfyYfP2h%2FyqZW6gbs1PyQLNevTP7aNmu"}],"group":"cf-nel","max_age":604800}
server: cloudflare
server-timing: cfExtPri
strict-transport-security: max-age=31536000; includeSubDomains; preload
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
vary: Accept-Encoding
via: 1.1 7d7ca86035bc3bfd0afe842de972bb66.cloudfront.net (CloudFront)
x-amz-cf-id: fiTViGsXNJj91PObjxa1xcIXIR2X1hh4wDvug3MzvTSquZF198NHDg==
x-amz-cf-pop: BOS50-C3
x-amz-id-2: vLB04Rttjwf6T+AD7bSmoxD+7yYCqU/9l9Yi7221JokUZQJ8ZGdd6bdnVGLw5Hj1/sJHrdC93z8=
x-amz-meta-cache-tag: F-95081226133,P-1534169,FLS-ALL
x-amz-meta-created-unix-time-millis: 1670864000194
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
x-amz-request-id: JKA4JFYKTDPBPVAG
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-version-id: 6goLS1KRlaJxTu_k6uCFvNA00uRjo5Yl
x-cache: Miss from cloudfront
x-hs-alternate-content-type: text/plain
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-robots-tag: all

GET
H2 200 bc-handler.min.js Show response
consent.cookiefirst.com/bulk/ Frame 24AC 577 B
1 KB 100ms
99ms Script
application/javascript 2a02:6ea0:c454::1
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiefirst.com/bulk/bc-handler.min.js?v=1734432526756
Requested by: Host: www.morphisec.com
URL: https://www.morphisec.com/cf-bc-handler.html
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c454::1 New York, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: Cookie First CDN-NY1-885 /
Resource Hash: d27825196ad091987820f3ead157595d5a5e482b8849982da00b9395a6f590bb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://www.morphisec.com/

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
content-encoding: br
etag: "664e0597-241"
cdn-fileserver: 599
date: Tue, 17 Dec 2024 10:48:46 GMT
cdn-storageserver: DE-382
last-modified: Wed, 22 May 2024 14:47:51 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: MISS
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-requestpullcode: 200
cdn-cachedat: 12/17/2024 10:48:46
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
visitor-location: US
cdn-requesttime: 0
cdn-uid: d602dab6-3f92-4809-a378-608fd2b89403
cdn-requestid: dee15a9def0ba96fef98589366f4267d
cdn-pullzone: 236985
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 885
server: Cookie First CDN-NY1-885
cdn-requestcountrycode: US

GET
H2 200 lang-widget-en.json Show response
consent.cookiefirst.com/sites/blog.morphisec.com-66e189ea-c6b6-4303-9c8a-423cc0c43c31/ 13 KB
5 KB 4ms
4ms Fetch
application/json 2a02:6ea0:c454::1
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiefirst.com/sites/blog.morphisec.com-66e189ea-c6b6-4303-9c8a-423cc0c43c31/lang-widget-en.json?v=d8641d64-68b2-4837-8e79-c388524e4c31
Requested by: Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c454::1 New York, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: Cookie First CDN-NY1-885 /
Resource Hash: 8e7992826262f9cdc8ff3eb0516bee93ac2e8f170792aa59947c334f11625bfc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/json
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
content-encoding: br
etag: "674bcde5-356c"
cdn-fileserver: 599
date: Tue, 17 Dec 2024 10:48:46 GMT
cdn-storageserver: DE-676
last-modified: Sun, 01 Dec 2024 02:45:57 GMT
content-type: application/json
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-requestpullcode: 200
cdn-cachedat: 12/06/2024 11:55:11
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
visitor-location: US
cdn-requesttime: 0
cdn-uid: d602dab6-3f92-4809-a378-608fd2b89403
cdn-requestid: 66863b26df7230d737d7442d70af2517
cdn-pullzone: 236985
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 885
server: Cookie First CDN-NY1-885
cdn-requestcountrycode: US

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
562 B 51ms
50ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1372317473&v=1.1&a=1534169&pi=183781340986&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&cpi=183781340986&cgi=3742504875&lpi=183781340986&lvi=183781340986&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&t=CoinLurker%3A+The+Stealer+Powering+the+Next+Generation+of+Fake+Updates&cts=1734432526873&vi=9044de6007d5c10c969678d42327e96e&nc=true&u=182053752.9044de6007d5c10c969678d42327e96e.1734432526869.1734432526869.1734432526869.1&b=182053752.1.1734432526869&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: none
x-request-id: f0b16b01-ecbe-4d3e-866a-8113da6f7ebd
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q3uBXmAmKy0zjIlb4OM5od2SfLbcWu8sZK91Uo8nFJ2nyEhZVhqTuZzAHcW9%2BZ8uJo%2BSagifl6VO0a3%2FQSlblh8uTV9xgiY24jX6Nc1pNk555F678W6ekFVFJkK1ScabFf%2FdzoGLL4U8NSB4y%2B1Z"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Tue, 17 Dec 2024 10:48:46 GMT
x-hubspot-correlation-id: f0b16b01-ecbe-4d3e-866a-8113da6f7ebd
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-c658cb6d4-4fj5f
x-envoy-upstream-service-time: 5
access-control-allow-credentials: false
cf-ray: 8f3657bd0abc7d14-EWR
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 counters.gif
perf.hsforms.com/embed/v3/ 35 B
613 B 83ms
83ms Image
image/gif 2606:4700::6812:50cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf.hsforms.com/embed/v3/counters.gif?key=cta-with-analytics&value=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:50cc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: none
x-request-id: 73fa600a-9b1b-4f0d-9b74-8d9286d4b536
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
server-timing: cfExtPri
date: Tue, 17 Dec 2024 10:48:46 GMT
x-hubspot-correlation-id: 73fa600a-9b1b-4f0d-9b74-8d9286d4b536
content-type: image/gif
vary: origin, Accept-Encoding
last-modified: Tue, 17 Dec 2024 10:48:46 GMT
priority: u=3,i
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-dnfkd
x-envoy-upstream-service-time: 2
access-control-allow-credentials: false
cf-ray: 8f3657bd0a3443a7-EWR
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
513 B 42ms
42ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=37b11fda-a2aa-4805-9c0e-bae8eaccd6b7&fci=f489c7c3-3acb-4eca-9943-b5b6ff5b03a7&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1372317473&v=1.1&a=1534169&pi=183781340986&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&cpi=183781340986&cgi=3742504875&lpi=183781340986&lvi=183781340986&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&t=CoinLurker%3A+The+Stealer+Powering+the+Next+Generation+of+Fake+Updates&cts=1734432526879&vi=9044de6007d5c10c969678d42327e96e&nc=true&u=182053752.9044de6007d5c10c969678d42327e96e.1734432526869.1734432526869.1734432526869.1&b=182053752.1.1734432526869&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: none
x-request-id: fc7de067-2e4e-43a0-8f62-1fc8c1bb756b
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WkKhpHHdu%2BmbHt6fpFejxMqrHSsYUQvCUFnVDKT8BJ23z96zqMdQuagMiAna%2F27F9gMR8L6URQxMkG4tVxzF2lihCnqCyKWqOr4t7dnD92p54M7mMbBPSJkA4ogpzG1w0Mlya1POojVtogsGRjO1"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Tue, 17 Dec 2024 10:48:46 GMT
x-hubspot-correlation-id: fc7de067-2e4e-43a0-8f62-1fc8c1bb756b
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-c658cb6d4-9fq2m
x-envoy-upstream-service-time: 7
access-control-allow-credentials: false
cf-ray: 8f3657bd0ac37d14-EWR
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
477 B 44ms
43ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=17&fi=37b11fda-a2aa-4805-9c0e-bae8eaccd6b7&fci=f489c7c3-3acb-4eca-9943-b5b6ff5b03a7&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1372317473&v=1.1&a=1534169&pi=183781340986&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&cpi=183781340986&cgi=3742504875&lpi=183781340986&lvi=183781340986&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&t=CoinLurker%3A+The+Stealer+Powering+the+Next+Generation+of+Fake+Updates&cts=1734432526879&vi=9044de6007d5c10c969678d42327e96e&nc=true&u=182053752.9044de6007d5c10c969678d42327e96e.1734432526869.1734432526869.1734432526869.1&b=182053752.1.1734432526869&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: none
x-request-id: c32a14b8-d483-41d4-80cd-64bad8a006cb
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BfW3S84SsHslCRtxLljXR%2BUXSe14kec4Yc9Id6Dfvf1rONROwnxwQZQQzU8KUM2CaOyFKqx8c8thzLsWY4oOjeNwRFLXAzjGHZvUvvWoXSz3DWRe4%2F2TmtTNaSewMiD3xQe3ET1Y0b44e6tX8qu8"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Tue, 17 Dec 2024 10:48:46 GMT
x-hubspot-correlation-id: c32a14b8-d483-41d4-80cd-64bad8a006cb
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-c658cb6d4-p98g6
x-envoy-upstream-service-time: 6
access-control-allow-credentials: false
cf-ray: 8f3657bd0ac67d14-EWR
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 share_button.php
www.facebook.com/v3.0/plugins/ Frame D51B 0
0 94ms
77ms Document
text/html 2a03:2880:f10e:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/v3.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfa5a9ce153f4f3564%26domain%3Dblog.morphisec.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.morphisec.com%252Ff16a61a4c25a09089%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&layout=button_count&locale=en_US&sdk=joey

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=3cdb13a2ae94e24a4a90caa01f41821a

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f10e:83:face:b00c:0:25de Toronto, Canada, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=86400
cache-control: private, no-cache, no-store, must-revalidate
content-encoding: zstd
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type: text/html; charset="utf-8"
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
date: Tue, 17 Dec 2024 10:48:46 GMT
document-policy: force-load-at-top
expires: Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version: v16.0
origin-agent-cluster: ?1
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
pragma: no-cache
priority: u=0,i
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7449330977462772063"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7449330977462772063", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
strict-transport-security: max-age=15552000; preload
vary: Accept-Encoding
x-content-type-options: nosniff
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=18, rtx=0, c=23, mss=1232, tbw=4516, tp=9, tpl=0, uplat=61, ullat=0
x-fb-debug: 2b+uLg24juQillNfW6mNgs6/fHrDnpvHkvXX5h8JpimlCfigfWDKzoyTf+nT25xvUjw2kIF737lxx2Kd54cq3A==
x-xss-protection: 0

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
523 B 43ms
42ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%22d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3%22%2C%22c5b10fd2-1f83-4c8f-b33b-106296dbd6da%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1372317473&v=1.1&a=1534169&pi=183781340986&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&cpi=183781340986&cgi=3742504875&lpi=183781340986&lvi=183781340986&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&t=CoinLurker%3A+The+Stealer+Powering+the+Next+Generation+of+Fake+Updates&cts=1734432526877&vi=9044de6007d5c10c969678d42327e96e&nc=true&u=182053752.9044de6007d5c10c969678d42327e96e.1734432526869.1734432526869.1734432526869.1&b=182053752.1.1734432526869&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: none
x-request-id: da828175-2819-4889-bf9c-42aeb58caf95
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f4GVDla23hC%2Fl%2F0BmWncLHef3k7hF91p%2Bez7MhkuEfiCKOB5FcR%2B%2FCo8w7TgbCU0%2FWNiB3qQX45TZ0Zudzm5B8J8QnKkTzm4XA6y4unkVn6KfyNQAQ7kARerhioDXMkpAdXefN8Xmw%2BIVbyBudaw"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Tue, 17 Dec 2024 10:48:46 GMT
x-hubspot-correlation-id: da828175-2819-4889-bf9c-42aeb58caf95
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-c658cb6d4-cn7xr
x-envoy-upstream-service-time: 8
access-control-allow-credentials: false
cf-ray: 8f3657bd4ae67d14-EWR
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
462 B 41ms
40ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%22e098d357-1710-4cfe-8901-19c93de122f4%22%2C%22f5374243-2466-4afb-8700-3d366c63bdf6%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1372317473&v=1.1&a=1534169&pi=183781340986&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&cpi=183781340986&cgi=3742504875&lpi=183781340986&lvi=183781340986&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&t=CoinLurker%3A+The+Stealer+Powering+the+Next+Generation+of+Fake+Updates&cts=1734432526878&vi=9044de6007d5c10c969678d42327e96e&nc=true&u=182053752.9044de6007d5c10c969678d42327e96e.1734432526869.1734432526869.1734432526869.1&b=182053752.1.1734432526869&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: none
x-request-id: c0589f2e-a0b2-4886-b595-5c2db15fafb8
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Vu%2FnKiPzb5U83aMrhaOTdET675Hk8FX7RdosuoHC6Bp1aYvnYjQ9X%2BC%2B7y7dY0ZMq3cDe5DurBa%2Bv9GK4nXU%2Burxqi4GLa7mu3le2hgY%2FH%2Fes2Fjk1Zp7b9ewV%2FT8JDeE6pAKpbdSAMNXb9xwnNS"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Tue, 17 Dec 2024 10:48:46 GMT
x-hubspot-correlation-id: c0589f2e-a0b2-4886-b595-5c2db15fafb8
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-c658cb6d4-rkp6r
x-envoy-upstream-service-time: 5
access-control-allow-credentials: false
cf-ray: 8f3657bd4ae77d14-EWR
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
587 B 46ms
45ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%223c83d6d5-0c56-47b7-8aee-ae6edf73c360%22%2C%2264affa5c-d696-47c5-9e88-09336d256046%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1372317473&v=1.1&a=1534169&pi=183781340986&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&cpi=183781340986&cgi=3742504875&lpi=183781340986&lvi=183781340986&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&t=CoinLurker%3A+The+Stealer+Powering+the+Next+Generation+of+Fake+Updates&cts=1734432526878&vi=9044de6007d5c10c969678d42327e96e&nc=true&u=182053752.9044de6007d5c10c969678d42327e96e.1734432526869.1734432526869.1734432526869.1&b=182053752.1.1734432526869&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: none
x-request-id: 9d44bc8d-b34e-46bf-a780-b6478ecaf965
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1WlqjH%2FdMDrmgn5AV4nbE%2B%2BbAR8lZh2zvKKIvQO5cTyEBlsEM3A1EZ%2BdRyNU89zpOoxJIXnt575rImeuri2ESW%2BZieJO95X24Po%2F3F3dh4Vljxkh1L7%2FHqLks%2FbABjmx625Jame9nhoKSidXzg7p"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Tue, 17 Dec 2024 10:48:46 GMT
x-hubspot-correlation-id: 9d44bc8d-b34e-46bf-a780-b6478ecaf965
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-c658cb6d4-6v7t5
x-envoy-upstream-service-time: 4
access-control-allow-credentials: false
cf-ray: 8f3657bd4ae87d14-EWR
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 hotjar-3506314.js Show response
static.hotjar.com/c/ 13 KB
6 KB 105ms
81ms Script
application/javascript 13.33.252.108
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-3506314.js?sv=7

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQBJZ8K

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.33.252.108 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-33-252-108.jfk50.r.cloudfront.net

Software

Resource Hash

215a727005705f3d2acf7c19a34a2998be3ef884277d704194b87cdcd8829544

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=60
content-encoding: br
etag: W/ac97fb857267f9717d7fdeefe62d548a
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
x-cache-hit: 1
via: 1.1 cfc9f11ee8d72e5bdd45ea3851048d52.cloudfront.net (CloudFront)
access-control-allow-origin: *
x-cache: RefreshHit from cloudfront
x-amz-cf-id: tmP1E2pD3skKktA8O4JIvT5uaVCUbSaLRiGtCCX_VrCIsMFURUotow==
date: Tue, 17 Dec 2024 10:48:47 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
x-amz-cf-pop: JFK50-P10

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 239 KB
61 KB 22ms
22ms Script
application/x-javascript 2a03:2880:f00e:13:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f00e:13:face:b00c:0:3 Toronto, Canada, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

240355f4e85792fb5c1e46a942e6d797a078d39f8717dfbab666e4e80cb4dd8d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src 'nonce-WOGRWDIU' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 17 Dec 2024 10:48:47 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: *;script-src 'nonce-WOGRWDIU' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=14, rtx=0, c=27, mss=1232, tbw=8896, tp=16, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: NH/gckzBn7Wsi/UeJLK+01EJNtznh+w/u2W/b0EGYWNolYOvgQ+tevvYG/JZQrviIzbd+eKD3zhjd9SLr3POhg==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
content-length: 62283
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 8424750.js Show response
snid.snitcher.com/ 24 KB
25 KB 458ms
253ms Script
application/javascript 52.57.124.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://snid.snitcher.com/8424750.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.57.124.13 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-124-13.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 035b971c9045324200a30a00be4bfeadff98cf532098493f973523698e6b6d7e

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

apigw-requestid: C7qKcg1rliAEMkw=
access-control-allow-origin: *
cache-control: max-age=1800, private
content-length: 24918
x-vapor-base64-encode: True
date: Tue, 17 Dec 2024 10:48:47 GMT
content-type: application/javascript

GET
H2 200 tags.js Show response
tag.clearbitscripts.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/ 17 KB
5 KB 130ms
82ms Script
application/javascript 2600:9000:21dd:9000:7:d7d6:3c40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.clearbitscripts.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/tags.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQBJZ8K

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:21dd:9000:7:d7d6:3c40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Clearbit /

Resource Hash

3fc6f43f8d589a8e68a0242c1b868cc5219f5bd368d1b960af52716a8541dfec

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: private, max-age=600
content-encoding: gzip
etag: W/"4dc4ea822cc55aa67719411f6076fcbc"
x-envoy-response-flags: -
x-content-type-options: nosniff
via: 1.1 0a84c1b70b100e694edd23e638bf7fa8.cloudfront.net (CloudFront)
x-cache: Miss from cloudfront
x-amz-cf-id: KFpgwqQ_r2J2-lvzJCbplYB0ron8FUVxuNWyhyCxWVjuk8tY6PfmRA==
date: Tue, 17 Dec 2024 10:48:46 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
server: Clearbit
x-amz-cf-pop: EWR53-C2

GET lt-v3.js
lltrck.com/scripts/ 0
0

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 70ms
37ms Script
text/javascript 2606:4700::6812:1247
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trk.techtarget.com/tracking.js

Requested by

Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1247 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

strict-transport-security: max-age=0; includeSubDomains; preload
cache-control: public, max-age=1200
content-encoding: br
cf-cache-status: HIT
age: 12726
via: 1.1 google
cf-ray: 8f3657be4a7e4337-EWR
expires: Tue, 17 Dec 2024 11:08:47 GMT
date: Tue, 17 Dec 2024 10:48:47 GMT
content-type: text/javascript
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 162.13f2.c.js Show response
consent.cookiefirst.com/banner/v2.14.54/static-main-no-autoblock/ 6 KB
3 KB 3ms
3ms Script
application/javascript 2a02:6ea0:c454::1
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiefirst.com/banner/v2.14.54/static-main-no-autoblock/162.13f2.c.js
Requested by: Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c454::1 New York, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: Cookie First CDN-NY1-885 /
Resource Hash: bdd1d266ae01452fc70f49bd77332953f6c48465656b6060852062924a0f7e6f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
content-encoding: br
etag: "6752c4b0-1804"
cdn-fileserver: 709
date: Tue, 17 Dec 2024 10:48:47 GMT
cdn-storageserver: DE-677
last-modified: Fri, 06 Dec 2024 09:32:32 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-requestpullcode: 200
cdn-cachedat: 12/06/2024 09:32:36
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
visitor-location: US
cdn-requesttime: 0
cdn-uid: d602dab6-3f92-4809-a378-608fd2b89403
cdn-requestid: a0b6d40d59029257f2f69030b48d39f4
cdn-pullzone: 236985
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 885
server: Cookie First CDN-NY1-885
cdn-requestcountrycode: US

GET
H2 200 345.e308.c.css
consent.cookiefirst.com/banner/v2.14.54/static-main-no-autoblock/ 19 KB
6 KB 4ms
3ms Stylesheet
text/css 2a02:6ea0:c454::1
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiefirst.com/banner/v2.14.54/static-main-no-autoblock/345.e308.c.css
Requested by: Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c454::1 New York, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: Cookie First CDN-NY1-885 /
Resource Hash: ba7dc0cc2741341a8134b4446d67e2068ac2c211a9f774c92d55ce3a6b32220d

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
content-encoding: br
etag: "6752c4b0-4db7"
cdn-fileserver: 861
date: Tue, 17 Dec 2024 10:48:47 GMT
cdn-storageserver: DE-634
last-modified: Fri, 06 Dec 2024 09:32:32 GMT
content-type: text/css
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-requestpullcode: 200
cdn-cachedat: 12/17/2024 04:32:26
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
visitor-location: US
cdn-requesttime: 0
cdn-uid: d602dab6-3f92-4809-a378-608fd2b89403
cdn-requestid: 79b6df4c2b8a90b8a1811eb6aa09ac70
cdn-pullzone: 236985
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 885
server: Cookie First CDN-NY1-885
cdn-requestcountrycode: US

GET
H2 200 345.8296.c.js Show response
consent.cookiefirst.com/banner/v2.14.54/static-main-no-autoblock/ 15 KB
6 KB 5ms
4ms Script
application/javascript 2a02:6ea0:c454::1
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiefirst.com/banner/v2.14.54/static-main-no-autoblock/345.8296.c.js
Requested by: Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c454::1 New York, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: Cookie First CDN-NY1-885 /
Resource Hash: 9ffeb84d46b2b5e4b08e58fe04b241abd896d871c6fb96ec02c18ac9f87646f6

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
content-encoding: br
etag: "6752c4b0-3ad3"
cdn-fileserver: 709
date: Tue, 17 Dec 2024 10:48:47 GMT
cdn-storageserver: DE-633
last-modified: Fri, 06 Dec 2024 09:32:32 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-requestpullcode: 200
cdn-cachedat: 12/12/2024 16:25:28
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
visitor-location: US
cdn-requesttime: 0
cdn-uid: d602dab6-3f92-4809-a378-608fd2b89403
cdn-requestid: f0209036643985fec6701aa804403f8d
cdn-pullzone: 236985
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 885
server: Cookie First CDN-NY1-885
cdn-requestcountrycode: US

GET
H2 200 ui.98c9.c.css
consent.cookiefirst.com/banner/v2.14.54/static-main-no-autoblock/ 15 KB
5 KB 6ms
5ms Stylesheet
text/css 2a02:6ea0:c454::1
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiefirst.com/banner/v2.14.54/static-main-no-autoblock/ui.98c9.c.css
Requested by: Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c454::1 New York, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: Cookie First CDN-NY1-885 /
Resource Hash: 742c9608b78f9a221b5b68a1868e68703402427a9af76f87093393e02015573f

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
content-encoding: br
etag: "6752c4af-3be6"
cdn-fileserver: 817
date: Tue, 17 Dec 2024 10:48:47 GMT
cdn-storageserver: DE-636
last-modified: Fri, 06 Dec 2024 09:32:31 GMT
content-type: text/css
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-requestpullcode: 200
cdn-cachedat: 12/06/2024 11:18:56
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
visitor-location: US
cdn-requesttime: 0
cdn-uid: d602dab6-3f92-4809-a378-608fd2b89403
cdn-requestid: a7e1daada8bba75a714689d6b8cc384e
cdn-pullzone: 236985
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 885
server: Cookie First CDN-NY1-885
cdn-requestcountrycode: US

GET
H2 200 ui.7502.c.js Show response
consent.cookiefirst.com/banner/v2.14.54/static-main-no-autoblock/ 46 KB
16 KB 5ms
5ms Script
application/javascript 2a02:6ea0:c454::1
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiefirst.com/banner/v2.14.54/static-main-no-autoblock/ui.7502.c.js
Requested by: Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c454::1 New York, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: Cookie First CDN-NY1-885 /
Resource Hash: 7b6c05da4a3bf310d031c91547f632bb2d2376abf08c403a40546220875aed51

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
content-encoding: br
etag: "6752c4af-b705"
cdn-fileserver: 817
date: Tue, 17 Dec 2024 10:48:47 GMT
cdn-storageserver: DE-587
last-modified: Fri, 06 Dec 2024 09:32:31 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-requestpullcode: 200
cdn-cachedat: 12/12/2024 22:52:17
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
visitor-location: US
cdn-requesttime: 0
cdn-uid: d602dab6-3f92-4809-a378-608fd2b89403
cdn-requestid: f9a92959e013729e68ca874913a3ef96
cdn-pullzone: 236985
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 885
server: Cookie First CDN-NY1-885
cdn-requestcountrycode: US

GET
H2 200 233.362b.c.css
consent.cookiefirst.com/banner/v2.14.54/static-main-no-autoblock/ 127 B
828 B 10ms
8ms Stylesheet
text/css 2a02:6ea0:c454::1
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiefirst.com/banner/v2.14.54/static-main-no-autoblock/233.362b.c.css
Requested by: Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c454::1 New York, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: Cookie First CDN-NY1-885 /
Resource Hash: e7902b56545718b3f9dcc015b4acab60270239d559b0adaae9e5c81dd95a89a1

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
content-encoding: br
etag: "6752c4b0-7f"
cdn-fileserver: 709
date: Tue, 17 Dec 2024 10:48:47 GMT
cdn-storageserver: DE-382
last-modified: Fri, 06 Dec 2024 09:32:32 GMT
content-type: text/css
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-requestpullcode: 200
cdn-cachedat: 12/06/2024 11:18:56
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
visitor-location: US
cdn-requesttime: 0
cdn-uid: d602dab6-3f92-4809-a378-608fd2b89403
cdn-requestid: 5e67d4595070de37bea2a4b5047f3f7c
cdn-pullzone: 236985
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 885
server: Cookie First CDN-NY1-885
cdn-requestcountrycode: US

GET
H2 200 233.8420.c.js Show response
consent.cookiefirst.com/banner/v2.14.54/static-main-no-autoblock/ 96 B
853 B 9ms
8ms Script
application/javascript 2a02:6ea0:c454::1
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiefirst.com/banner/v2.14.54/static-main-no-autoblock/233.8420.c.js
Requested by: Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c454::1 New York, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: Cookie First CDN-NY1-885 /
Resource Hash: b364babb52cb930beb7e5e61f549d739c155b2f8a24415bb8b401b0d6cb3eddb

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
content-encoding: br
etag: "6752c4b0-60"
cdn-fileserver: 709
date: Tue, 17 Dec 2024 10:48:47 GMT
cdn-storageserver: DE-677
last-modified: Fri, 06 Dec 2024 09:32:32 GMT
content-type: application/javascript
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-requestpullcode: 200
cdn-cachedat: 12/06/2024 11:18:56
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
visitor-location: US
cdn-requesttime: 0
cdn-uid: d602dab6-3f92-4809-a378-608fd2b89403
cdn-requestid: b8f8cc7d0ea25bca88ddd501671b236c
cdn-pullzone: 236985
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 885
server: Cookie First CDN-NY1-885
cdn-requestcountrycode: US

GET
H3 200 inspectlet.js Show response
cdn.inspectlet.com/ 188 KB
65 KB 114ms
90ms Script
text/javascript 2606:4700:10::6816:38f5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.inspectlet.com/inspectlet.js?wid=3274945&r=481786
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::6816:38f5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5d554121551df68e414c85920b6541d2e92251a189ff19a4b1f8dffe97ce1cb5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

content-encoding: br
cf-cache-status: EXPIRED
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1734432527&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&s=MTxzpCQ0Cey%2FkfAMxQw7odl%2BjnOxsNqWoYw5E7tGG9M%3D"}]}
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Tue, 17 Dec 2024 10:48:47 GMT
content-type: text/javascript;charset=UTF-8
last-modified: Tue, 17 Dec 2024 10:48:47 GMT
vary: Accept-Encoding
priority: u=3,i=?0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1734432527&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&s=MTxzpCQ0Cey%2FkfAMxQw7odl%2BjnOxsNqWoYw5E7tGG9M%3D
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
cache-control: s-maxage=60, max-age=14400
via: 1.1 vegur
cf-ray: 8f3657be987d199d-EWR
server: cloudflare

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 3 KB
2 KB 76ms
60ms XHR
application/json 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=1534169&utk=9044de6007d5c10c969678d42327e96e&__hstc=182053752.9044de6007d5c10c969678d42327e96e.1734432526869.1734432526869.1734432526869.1&__hssc=182053752.1.1734432526869&contentId=183781340986&currentUrl=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

548514a77d683e1378df0c7bb7585ef3eb91bff1975301269daa52a0c885cc1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: f2f73f31-badd-4de1-9a4b-2639bc2d28c1
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F432dRUrPwCZFFHDl80%2FyzP%2FaPYEje0uKhBLubtN2ejLYpKskAfBiYS72SmSjUzKsZLmSoouNWKelK6nNJc2EAjq0h8AxdTQLlxUTHQ1aHSgC%2BsamvSNEHmPWWU%2Fesvv%2FW4iWSPdkz%2BNANzFsJch"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-evy-trace-listener: listener_https
date: Tue, 17 Dec 2024 10:48:47 GMT
x-hubspot-correlation-id: f2f73f31-badd-4de1-9a4b-2639bc2d28c1
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-b967ccf5d-b6qgf
x-envoy-upstream-service-time: 25
access-control-allow-credentials: false
cf-ray: 8f3657be895f1a1f-EWR
access-control-allow-origin: https://blog.morphisec.com
x-evy-trace-route-configuration: listener_https/all
content-length: 1068
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 bframe
www.google.com/recaptcha/enterprise/ Frame E075 0
0 29ms
28ms Document
text/html 2607:f8b0:4006:823::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/bframe?hl=en&v=zIriijn3uj5Vpknvt_LnfNbF&k=6Ld_ad8ZAAAAAAqr0ePo1dUfAi0m4KPkCMQYwPPm

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/zIriijn3uj5Vpknvt_LnfNbF/recaptcha__en.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-6t0jNQz3uAx6R7VkYsBbgw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-6t0jNQz3uAx6R7VkYsBbgw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
date: Tue, 17 Dec 2024 10:48:47 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 885880844953016 Show response
connect.facebook.net/signals/config/ 78 KB
16 KB 79ms
78ms Script
application/x-javascript 2a03:2880:f00e:13:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/885880844953016?v=2.9.179&r=stable&domain=blog.morphisec.com&hme=b8122d5d96cd6f542162ba4f497489972d1ebe228d24c39d34f560e30ae932ce&ex_m=70%2C122%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C173%2C176%2C188%2C184%2C185%2C187%2C29%2C101%2C53%2C77%2C186%2C168%2C171%2C181%2C182%2C189%2C132%2C41%2C191%2C192%2C34%2C144%2C15%2C50%2C197%2C196%2C134%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C169%2C172%2C141%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f00e:13:face:b00c:0:3 Toronto, Canada, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

dcb093f4d22a7fda091541fc3489374777052ddfaba29b3e21d287221193eea1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src 'nonce-FXuVvr4i' .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

content-encoding: gzip
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 17 Dec 2024 10:48:47 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=31536000; preload; includeSubDomains
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src 'self' data: blob: *;script-src 'nonce-FXuVvr4i' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
cache-control: public, max-age=1200
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=15, rtx=0, c=65, mss=1232, tbw=73296, tp=71, tpl=0, uplat=62, ullat=0
pragma: public
x-fb-debug: 5N+bbqrRw9R0TSrwUm7ivsBWbgVnJtJ7daPuXspmj7uCiLPRxkW7f9YwgmCRIwDA7abPoVaLvacWL9nDwy4XAw==
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy: force-load-at-top
x-xss-protection: 0
origin-agent-cluster: ?1

GET
H2 200 gif.gif Show response
ibc-flow.techtarget.com/a/ 43 B
446 B 35ms
31ms XHR
image/gif 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=17762897&r=1734432527210&ref=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&version=2.4
Requested by: Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
ibc_rate_tier: 17762897
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-goog-metageneration: 1
x-goog-hash: crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
etag: "fc94fb0c3ed8a8f909dbc7630a0987ff"
access-control-allow-methods: GET, POST, OPTIONS
x-goog-stored-content-encoding: identity
expires: Tue, 17 Dec 2024 11:48:47 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 43
date: Tue, 17 Dec 2024 10:48:47 GMT
content-type: image/gif
last-modified: Thu, 08 Dec 2022 21:19:29 GMT
vary: Origin
x-guploader-uploadid: AFiumC7-6KkzVQLnli4WZEB2nDYR3GhqPx3ziYbqKLWPWXdXUhQW77JM3sWA__-GeNErTXcJ8JZxuss
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
cache-control: public, max-age=3600
x-goog-storage-class: STANDARD
via: 1.1 google
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1670534369365034
content-length: 43
server: nginx/1.20.2

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 40ms
23ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=17762897&r=1734432527210&ref=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://blog.morphisec.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Tue, 17 Dec 2024 10:48:47 GMT
expires: Tue, 17 Dec 2024 10:48:47 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: AFiumC680QeaQ6p7vsrMzGJRs1BqdeHfnbeOJBhVg6aLhemQfADPCxgALV9js0IX1OxruFWZj_Ym4i0

GET
H2 200 styles.css Show response
consent.cookiefirst.com/sites/blog.morphisec.com-66e189ea-c6b6-4303-9c8a-423cc0c43c31/ 1 KB
1 KB 48ms
48ms Fetch
text/css 2a02:6ea0:c454::1
CDN77 Datacamp Li...

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiefirst.com/sites/blog.morphisec.com-66e189ea-c6b6-4303-9c8a-423cc0c43c31/styles.css?v=d8641d64-68b2-4837-8e79-c388524e4c31
Requested by: Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:6ea0:c454::1 New York, United States, ASN60068 (CDN77 Datacamp Limited, GB),
Reverse DNS
Software: Cookie First CDN-NY1-885 /
Resource Hash: cf1d86ae566e620f5f69c4627e1859d61567555afbc78c397876cde4760c7dad

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

cdn-status: 200
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
content-encoding: br
etag: "674bcde5-5e1"
cdn-fileserver: 861
date: Tue, 17 Dec 2024 10:48:47 GMT
cdn-storageserver: DE-588
last-modified: Sun, 01 Dec 2024 02:45:57 GMT
content-type: text/css
vary: Accept-Encoding
cdn-cache: HIT
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-requestpullcode: 200
cdn-cachedat: 12/12/2024 16:33:44
cache-control: public, max-age=31919000
cdn-requestpullsuccess: True
visitor-location: US
cdn-requesttime: 0
cdn-uid: d602dab6-3f92-4809-a378-608fd2b89403
cdn-requestid: 98bd43dc0f33ac0b6ee806d3caa94c2f
cdn-pullzone: 236985
cdn-proxyver: 1.06
access-control-allow-origin: *
cdn-edgestorageid: 885
server: Cookie First CDN-NY1-885
cdn-requestcountrycode: US

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
436 B 47ms
46ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=16&fi=793c7b55-5354-40a5-a09f-5c8f3e0c1a23&lfi=147151&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1372317473&v=1.1&a=1534169&pi=183781340986&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&cpi=183781340986&cgi=3742504875&lpi=183781340986&lvi=183781340986&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&t=CoinLurker%3A+The+Stealer+Powering+the+Next+Generation+of+Fake+Updates&cts=1734432527222&vi=9044de6007d5c10c969678d42327e96e&nc=true&u=182053752.9044de6007d5c10c969678d42327e96e.1734432526869.1734432526869.1734432526869.1&b=182053752.1.1734432526869&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: none
x-request-id: 3431c9e7-4a6f-45d9-b56d-332ba9a92850
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hBdgIb7usgpGhjtXPjFLkBeH4f6sqX6X%2Fp3BlTknOBZOKU%2FYJvALOP8lh%2F2ZkIrRiM7LAw1R1WpEZ8LgedaGoNWNQtAMGeuMzn9F1eBxr2jGIL9VQhCKwXTtx5ZkUvurm6WO6W%2B2%2Bo84aKCWnxyU"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Tue, 17 Dec 2024 10:48:47 GMT
x-hubspot-correlation-id: 3431c9e7-4a6f-45d9-b56d-332ba9a92850
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-c658cb6d4-6v7t5
x-envoy-upstream-service-time: 5
access-control-allow-credentials: false
cf-ray: 8f3657bf2c1c7d14-EWR
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 modules.675199526fcb21f102e5.js Show response
script.hotjar.com/ 222 KB
56 KB 19ms
3ms Script
application/javascript 18.164.96.46
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.675199526fcb21f102e5.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-3506314.js?sv=7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.164.96.46 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-164-96-46.jfk50.r.cloudfront.net

Software

Resource Hash

e61c3520c8110a709d981083ddc93cf042c2d2ba25a21903b5df270edb3a05c5

Security Headers

Name	Value
Strict-Transport-Security	max-age=2592000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: none
content-encoding: br
etag: "787cb060b057c5d555662c23eb0e0d17"
age: 592900
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-amz-cf-id: sPrPAcdXDo10LBnEZyCeMJUCF5z3Y5ba0BPyrqgZs-fm5IQpgwaonw==
date: Tue, 10 Dec 2024 14:07:07 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 10 Dec 2024 14:06:32 GMT
vary: Accept-Encoding
strict-transport-security: max-age=2592000; includeSubDomains
cache-control: max-age=31536000
cross-origin-resource-policy: cross-origin
via: 1.1 6ea9421ec132e3640100792ef9535494.cloudfront.net (CloudFront)
accept-ranges: bytes
access-control-allow-origin: *
content-length: 56361
x-amz-cf-pop: JFK50-P5

GET
H2 200 destinations.min.js Show response
x.clearbitjs.com/v2/pk_5fe48b59baf6bb406e34c9012803b845/ 0
60 B 183ms
134ms Script
application/javascript 52.20.167.62
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://x.clearbitjs.com/v2/pk_5fe48b59baf6bb406e34c9012803b845/destinations.min.js

Requested by

Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/tags.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.20.167.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-20-167-62.compute-1.amazonaws.com

Software

Clearbit /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: private, max-age=600
x-envoy-response-flags: -
x-content-type-options: nosniff
content-length: 0
date: Tue, 17 Dec 2024 10:48:47 GMT
content-type: application/javascript;charset=utf-8
server: Clearbit

GET
H2 200 tracking.min.js Show response
x.clearbitjs.com/v2/pk_5fe48b59baf6bb406e34c9012803b845/ 168 KB
45 KB 211ms
163ms Script
application/javascript 52.20.167.62
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://x.clearbitjs.com/v2/pk_5fe48b59baf6bb406e34c9012803b845/tracking.min.js

Requested by

Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/tags.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.20.167.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-20-167-62.compute-1.amazonaws.com

Software

Clearbit /

Resource Hash

e87be82092a8e1a5544ef566ba1a636162eecb31e33095c6f17eb06c87cc2efb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
cache-control: private, max-age=600
content-encoding: gzip
x-envoy-response-flags: -
x-content-type-options: nosniff
date: Tue, 17 Dec 2024 10:48:46 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
server: Clearbit

GET
H2 404 forms.js
x.clearbitjs.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/ 0
0 167ms
120ms Script
application/javascript 52.20.167.62
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://x.clearbitjs.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/forms.js?page_path=%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Requested by

Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/tags.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.20.167.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-20-167-62.compute-1.amazonaws.com

Software

Clearbit /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-length: 0
date: Tue, 17 Dec 2024 10:48:46 GMT
content-type: application/javascript;charset=utf-8
x-envoy-response-flags: -
server: Clearbit
x-content-type-options: nosniff

GET
H3 200 /
www.facebook.com/tr/ 0
16 B 35ms
17ms Image
text/plain 2a03:2880:f10e:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=885880844953016&ev=PageView&dl=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&rl=&if=false&ts=1734432527267&sw=1600&sh=1200&v=2.9.179&r=stable&ec=0&o=4126&fbp=fb.1.1734432527265.559331805711661758&cs_est=true&ler=empty&cdl=API_unavailable&it=1734432527149&coo=false&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f10e:83:face:b00c:0:25de Toronto, Canada, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=15, rtx=0, c=23, mss=1232, tbw=4566, tp=10, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
access-control-allow-origin
alt-svc: h3=":443"; ma=86400
content-length: 0
date: Tue, 17 Dec 2024 10:48:47 GMT
content-type: text/plain
server: proxygen-bolt
priority: u=3,i

GET
H3 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
198 B 117ms
99ms Image
image/png 2a03:2880:f10e:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=885880844953016&ev=PageView&dl=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&rl=&if=false&ts=1734432527267&sw=1600&sh=1200&v=2.9.179&r=stable&ec=0&o=4126&fbp=fb.1.1734432527265.559331805711661758&cs_est=true&ler=empty&cdl=API_unavailable&it=1734432527149&coo=false&rqm=FGET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f10e:83:face:b00c:0:25de Toronto, Canada, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com .facebook.com .fbcdn.net;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

content-encoding: zstd
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7449330982211934859"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options: nosniff
expires: Sat, 01 Jan 2000 00:00:00 GMT
alt-svc: h3=":443"; ma=86400
date: Tue, 17 Dec 2024 10:48:47 GMT
content-type: image/png
vary: Accept-Encoding
x-fb-debug: rkzvDpJvoec5dXJETHUf+DvKMIJF0xUA32SlN8qxBhGruYBMsMiW1H4SxpbNihOo903gsjkSiZjAN4FthNePkw==
priority: u=3,i
x-frame-options: DENY
strict-transport-security: max-age=15552000; preload
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7449330982211934859", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'wasm-unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control: private, no-store, no-cache, must-revalidate
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=15, rtx=0, c=23, mss=1232, tbw=4934, tp=13, tpl=0, uplat=81, ullat=0
cross-origin-opener-policy: same-origin-allow-popups
pragma: no-cache
cross-origin-resource-policy: cross-origin
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy: force-load-at-top
cross-origin-opener-policy-report-only: restrict-properties;report-to="coop_report"
x-xss-protection: 0
origin-agent-cluster: ?1

POST
H2 200 / Show response
content.hotjar.io/ 56 B
171 B 423ms
234ms XHR
application/json 108.128.190.134
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://content.hotjar.io/?site_id=3506314&gzip=1
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.675199526fcb21f102e5.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 108.128.190.134 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-108-128-190-134.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: bd58f340e48da46e3ddb24c310aba202725dd99b5f0a86e0525b9b8d1b1c5ea5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain; charset=UTF-8
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

access-control-max-age: 86400
access-control-allow-origin: *
content-length: 56
date: Tue, 17 Dec 2024 10:48:47 GMT
content-type: application/json

GET
BLOB 200
OK 9680dc63-3ac6-47ba-8c6d-19f02e85b043
https://blog.morphisec.com/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://blog.morphisec.com/9680dc63-3ac6-47ba-8c6d-19f02e85b043
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer

Response headers

Content-Type: image/gif
Content-Length: 43

POST
H3 200 3274945 Show response
hn.inspectlet.com/ginit/ 26 B
712 B 46ms
32ms XHR
application/json 2606:4700:10::6816:38f5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://hn.inspectlet.com/ginit/3274945
Requested by: Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=3274945&r=481786
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:10::6816:38f5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: d0b1cb1455ecf8ab5a7eb203460cc7ff790df097c5907eb3d27ff7344282517e

Request headers

Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Accept: application/json, text/javascript, */*; q=0.01
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

cf-cache-status: DYNAMIC
etag: W/"1a-SbP85p8orEJpLUh6vRJ6Iw"
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1734432527&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=Svn76dIazP0jDumXEkafC%2FwSfV%2Fz9oqtUU3qX6iuIUM%3D"}]}
access-control-allow-methods: GET, POST
alt-svc: h3=":443"; ma=86400
server-timing: cfExtPri
date: Tue, 17 Dec 2024 10:48:47 GMT
content-type: application/json; charset=utf-8
priority: u=1,i
access-control-allow-headers: X-Requested-With, Content-Type
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1734432527&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=Svn76dIazP0jDumXEkafC%2FwSfV%2Fz9oqtUU3qX6iuIUM%3D
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
cache-control: no-cache
access-control-allow-credentials: true
via: 1.1 vegur
cf-ray: 8f3657c0a931199d-EWR
access-control-allow-origin: https://blog.morphisec.com
content-length: 26
x-powered-by: Express
server: cloudflare

POST
H2 200 p Show response
app.clearbit.com/v1/ 16 B
1 KB 141ms
108ms XHR
application/json 52.20.167.62
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://app.clearbit.com/v1/p

Requested by

Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=3274945&r=481786

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.20.167.62 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-20-167-62.compute-1.amazonaws.com

Software

Clearbit /

Resource Hash

c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
access-control-max-age: 7200
access-control-expose-headers
content-encoding: gzip
x-envoy-response-flags: -
access-control-allow-credentials: true
access-control-allow-methods: GET, POST, OPTIONS
content-security-policy-report-only: default-src 'self'; script-src 'unsafe-inline' 'report-sample' 'self' https://browser.sentry-cdn.com https://cdn.amplitude.com/libs/amplitude-5.2.2-min.gz.js https://cdn.clearbit.com https://cdn.segment.com/analytics.js/v1/auzWlbWIBrAsKnGQIiT0X3IjfZyepgW5/analytics.min.js https://checkout.stripe.com https://connect.facebook.net https://edge.fullstory.com/s/fs.js https://fast.appcues.com https://www.google-analytics.com/analytics.js https://x.clearbitjs.com https://cdn.clearbit.com https://*.commandbar.com; style-src 'unsafe-inline' 'report-sample' 'self' https://cdn.clearbit.com https://*.commandbar.com https://fast.appcues.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.amplitude.com https://*.commandbar.com https://api.segment.io https://checkout.stripe.com https://rs.fullstory.com https://www.google-analytics.com wss://api.appcues.net https://stats.g.doubleclick.net https://sentry.io https://logo.clearbit.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://*.commandbar.com https://checkout.stripe.com; img-src 'self' https://*.commandbar.com https://*.stripe.com data: https://cdn.clearbit.com https://images.ctfassets.net https://logo.clearbit.com https://www.facebook.com https://connect.facebook.net https://www.google.com https://unpkg.com/react-flag-kit https://cloudfront.net/v1/avatars https://*.googleusercontent.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
x-content-type-options: nosniff
access-control-allow-origin: https://blog.morphisec.com
date: Tue, 17 Dec 2024 10:48:46 GMT
content-type: application/json
vary: Accept-Encoding, Origin
server: Clearbit

GET
H2 200 trends.min.js Show response
assets.trendemon.com/tag/ 301 KB
60 KB 53ms
3ms Script
application/javascript 2600:9000:2807:e400:2:7dc7:8f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.trendemon.com/tag/trends.min.js
Requested by: Host: blog.morphisec.com
URL: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2807:e400:2:7dc7:8f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: b46d0e5c77e3f8284ded5f1387d7c17d3e7b8a829e24b9ec08911737e461827a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

vary: accept-encoding
content-encoding: gzip
etag: "b7e260e47980a9ada3906def2be7dcda"
age: 17134
via: 1.1 4c71f51c48fb1aec28bdb43b72260ca2.cloudfront.net (CloudFront)
accept-ranges: bytes
x-cache: Hit from cloudfront
content-length: 61292
x-amz-cf-id: 5IEdxSsWbHbU5vkU36Tfi4UQ3xl2poRTl5TJMWE0i6xGVX4UE1o25Q==
date: Tue, 17 Dec 2024 06:03:13 GMT
content-type: application/javascript
last-modified: Mon, 18 Nov 2024 12:10:10 GMT
server: AmazonS3
x-amz-cf-pop: JFK52-P6
x-amz-server-side-encryption: AES256

OPTIONS
H2 204 verify
snid.snitcher.com/ Frame 0
0 284ms
110ms Preflight 52.57.124.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://snid.snitcher.com/verify
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.57.124.13 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-124-13.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://blog.morphisec.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: POST
access-control-allow-origin: *
access-control-max-age: 0
apigw-requestid: C7qKiihgFiAEMCA=
cache-control: no-cache, private
date: Tue, 17 Dec 2024 10:48:47 GMT
vary: Access-Control-Request-Method, Access-Control-Request-Headers

POST
H2 200 verify Show response
snid.snitcher.com/ 6 B
148 B 232ms
230ms XHR
application/json 52.57.124.13
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://snid.snitcher.com/verify
Requested by: Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=3274945&r=481786
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.57.124.13 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-57-124-13.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: d9ea8a8cab935e18796b1a064b1644c0f5db2d967a60e5f7cb8b37066b2399a4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

apigw-requestid: C7qKji_9liAEMgw=
cache-control: no-cache, private
access-control-allow-origin: *
content-length: 6
date: Tue, 17 Dec 2024 10:48:48 GMT
content-type: application/json

GET
H2 200 2552 Show response
trackingapi.trendemon.com/api/settings/ 642 B
833 B 55ms
11ms Script
application/x-javascript 34.224.19.201
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://trackingapi.trendemon.com/api/settings/2552?callback=jsonp845458&vid=

Requested by

Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.224.19.201 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-224-19-201.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

194593e450ebdca2aad9d630e377cf663f0eafba28203343504de102ce607440

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-store,no-cache
content-length: 642
date: Tue, 17 Dec 2024 10:48:47 GMT
pragma: no-cache
content-type: application/x-javascript; charset=UTF-8
server: Kestrel

GET
H2 200 identity.min.js Show response
assets.trendemon.com/global/ 18 KB
6 KB 5ms
5ms Script
application/javascript 2600:9000:2807:e400:2:7dc7:8f00:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.trendemon.com/global/identity.min.js
Requested by: Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2807:e400:2:7dc7:8f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 1220bdf087a7b3b0f068e1dc2422c361ef11cf999ff8ea343573d9e5a7c19bdc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-amz-cf-pop: JFK52-P6
content-encoding: gzip
etag: W/"3f44b799c727cbac65d90f0779b8eb4e"
age: 62580
via: 1.1 4c71f51c48fb1aec28bdb43b72260ca2.cloudfront.net (CloudFront)
x-cache: Hit from cloudfront
x-amz-cf-id: bplFV__ahWiqa6qpA_EQBATKeI1ZxCfexmg6cg7xe57uCpBtYgIbfw==
date: Mon, 16 Dec 2024 17:25:48 GMT
content-type: application/javascript
vary: accept-encoding
server: AmazonS3
last-modified: Mon, 18 Nov 2024 12:10:15 GMT
x-amz-server-side-encryption: AES256

GET
H2 200 me Show response
trackingapi.trendemon.com/api/Identity/ 94 B
560 B 17ms
16ms Script
application/x-javascript 34.224.19.201
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://trackingapi.trendemon.com/api/Identity/me?accountId=2552&DomainCookie=17344325276790245&fingerPrint=ebcabff05724fd0c6b3671276f3229ef&callback=jsonp506254&vid=

Requested by

Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.224.19.201 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-224-19-201.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

dc6aa06f4335712c39e20a5bd72d346a25c3143b0cee9d38e4fb5deab6b06458

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-store,no-cache
content-length: 94
date: Tue, 17 Dec 2024 10:48:47 GMT
pragma: no-cache
content-type: application/x-javascript; charset=UTF-8
server: Kestrel

GET
H3 200 favicon.png
blog.morphisec.com/hubfs/ 6 KB
7 KB 38ms
38ms Other
image/webp 2606:2c40::c73c:67e1
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.morphisec.com/hubfs/favicon.png

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:67e1 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare London, LLC, US),

Reverse DNS

Software

cloudflare /

Resource Hash

21b4725e42948eeab21e8cf6f0affb63ebc065012b4c7dff779e428ebd33a814

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "ea24d021ea3624ea4b240968cf888698"
age: 1711340
cache-tag: F-3821681143,P-1534169,FLS-ALL
x-amz-version-id: Cnv3wBnNrZaYmPSr18E5pTmPg2lCgt7t
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=awhVA5FGJKSm2YSfobBBXwvewlI2S7RBOZH1sy%2F0XfNPgVRAnqeRMl08CfJQd5xodoWIbTtQNMxR4G2C7vJCwncuoTRSEEuNRCpjaIsQLrSMUnOtIJjnzVdonpDLR9QQ9cP2eeM4rZMdXVX0vXEhbQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: t3ZSsS9v6zqTkw0QRkisBU0VfLlSIpI4Wug8-Q1Xsh1qZbiOX3zXdg==
content-type: image/webp
content-disposition: inline; filename="favicon.webp"
last-modified: Wed, 03 Apr 2024 17:46:43 GMT
priority: u=1,i
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-3821681143,P-1534169,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
server-timing: cfExtPri
x-amz-request-id: MAAW2P2DTRVE9K4K
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-3821681143,P-1534169,FLS-ALL
content-length: 5908
server: cloudflare
x-amz-server-side-encryption: AES256
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
cf-polished: origFmt=png, origSize=8707
date: Tue, 17 Dec 2024 10:48:47 GMT
vary: Accept, Accept-Encoding
x-amz-id-2: 1pgdZ+XTy2mR/jof0pLjo6do+wJdbTrjtDk0g0UwkROYO0FMcCw+bDLjDDC7N9XNkza7BopHsLlQERRPAVPxzcGcoZtm9OQqdLrucll22gg=
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-meta-access-tag: public-indexable
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 cdf9da8a64fb0b6f66e4c21a885dbf7a.cloudfront.net (CloudFront)
cf-ray: 8f3657c28eee438a-EWR
access-control-allow-origin: *
x-amz-cf-pop: BOS50-C3
x-amz-meta-created-unix-time-millis: 1453980185925

GET
H2 200 marketingautomation Show response
trackingapi.trendemon.com/api/ 93 B
282 B 16ms
16ms Script
application/x-javascript 34.224.19.201
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://trackingapi.trendemon.com/api/marketingautomation?AccountId=2552&ClientUrl=aHR0cHM6Ly9ibG9nLm1vcnBoaXNlYy5jb20vY29pbmx1cmtlci10aGUtc3RlYWxlci1wb3dlcmluZy10aGUtbmV4dC1nZW5lcmF0aW9uLW9mLWZha2UtdXBkYXRlcw%3D%3D&CookieId=17344325276790245&MaCookie=OTA0NGRlNjAwN2Q1YzEwYzk2OTY3OGQ0MjMyN2U5NmU%3D&MaCookieName=aHVic3BvdHV0aw%3D%3D&MaName=hubspot&callback=jsonp83896&vid=2552:17344325276790245

Requested by

Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.224.19.201 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-224-19-201.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

65840f3213c096a93e93e3bffb4d6d0def039ac4f5a3d767f34787fbc0949443

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-store,no-cache
content-length: 93
date: Tue, 17 Dec 2024 10:48:47 GMT
pragma: no-cache
content-type: application/x-javascript; charset=UTF-8
server: Kestrel

GET
H2 200 pageview
trackingapi.trendemon.com/api/events/ 43 B
286 B 90ms
89ms Image
image/gif 34.224.19.201
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://trackingapi.trendemon.com/api/events/pageview?accountId=2552&url=aHR0cHM6Ly9ibG9nLm1vcnBoaXNlYy5jb20vY29pbmx1cmtlci10aGUtc3RlYWxlci1wb3dlcmluZy10aGUtbmV4dC1nZW5lcmF0aW9uLW9mLWZha2UtdXBkYXRlcw%3D%3D&cookie=17344325276790245&referral=&variant=&otwId=&otwItemId=&streamId=&streamContentId=&vid=2552:17344325276790245&r=1734432527782

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.224.19.201 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-224-19-201.compute-1.amazonaws.com

Software

Kestrel /

Resource Hash

b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
age: 1691358
expires: Mon, 01 Jan 1990 00:00:00 GMT
content-length: 43
date: Tue, 17 Dec 2024 10:48:47 GMT
content-type: image/gif
server: Kestrel

POST
H3 200 collect
www.google.com/ccm/ 0
0 24ms
23ms Ping
text/plain 2607:f8b0:4006:823::2004
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&scrsrc=www.googletagmanager.com&frm=0&rnd=1550035499.1734432528&dt=CoinLurker%3A%20The%20Stealer%20Powering%20the%20Next%20Generation%20of%20Fake%20Updates&auid=23533487.1734432528&navt=n&npa=0&gtm=45He4cc1v897572158za200&gcs=G111&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&tft=1734432528426&tfd=2831&apve=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQBJZ8K
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2607:f8b0:4006:823::2004 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/784310031/ 5 KB
2 KB 40ms
26ms Script
text/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/784310031/?random=1734432526382&cv=11&fst=1734432526382&bg=ffffff&guid=ON&async=1&gtm=45be4cc1z8897572158za200zb897572158&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&hn=www.googleadservices.com&frm=0&tiba=CoinLurker%3A%20The%20Stealer%20Powering%20the%20Next%20Generation%20of%20Fake%20Updates&did=dNjAwYj&gdid=dNjAwYj&npa=0&pscdl=noapi&auid=23533487.1734432528&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-784310031&l=dataLayer&cx=c&gtm=45He4cc1v897572158za200

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

48ba2714b695a9758199b721db260f3bb14cd0ca2f81ae6b94c578c81d46beea

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
content-encoding: br
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length: 2332
date: Tue, 17 Dec 2024 10:48:48 GMT
x-xss-protection: 0
content-type: text/javascript; charset=UTF-8
content-disposition: attachment; filename="f.txt"
server: cafe

GET
H2 200 784310031
td.doubleclick.net/td/rul/ Frame 46B6 0
0 46ms
27ms Document
text/html 2607:f8b0:4006:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/784310031?random=1734432526382&cv=11&fst=1734432526382&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4cc1z8897572158za200zb897572158&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&hn=www.googleadservices.com&frm=0&tiba=CoinLurker%3A%20The%20Stealer%20Powering%20the%20Next%20Generation%20of%20Fake%20Updates&did=dNjAwYj&gdid=dNjAwYj&npa=0&pscdl=noapi&auid=23533487.1734432528&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-784310031&l=dataLayer&cx=c&gtm=45He4cc1v897572158za200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 17 Dec 2024 10:48:48 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 204 collect
analytics.google.com/g/ 0
0 37ms
17ms Fetch
text/plain 2607:f8b0:4006:81e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-HFVX4VZHCS&gtm=45je4cc1v897583451z8897572158za200zb897572158&_p=1734432525817&_gaz=1&gcs=G111&gcd=13t3t3t3t5l1&npa=0&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&gdid=dNjAwYj&cid=1961934918.1734432528&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1734432526&sct=1&seg=0&dl=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&dt=CoinLurker%3A%20The%20Stealer%20Powering%20the%20Next%20Generation%20of%20Fake%20Updates&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2855
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HFVX4VZHCS&l=dataLayer&cx=c&gtm=45He4cc1v897572158za200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://blog.morphisec.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 17 Dec 2024 10:48:48 GMT
content-type: text/plain
server: Golfe2

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
547 B 46ms
19ms Ping
text/plain 2607:f8b0:4004:c21::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-HFVX4VZHCS&cid=1961934918.1734432528&gtm=45je4cc1v897583451z8897572158za200zb897572158&aip=1&dma=0&gcs=G111&gcd=13t3t3t3t5l1&npa=0&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HFVX4VZHCS&l=dataLayer&cx=c&gtm=45He4cc1v897572158za200
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:4004:c21::9d Washington, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://blog.morphisec.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 17 Dec 2024 10:48:48 GMT
content-type: text/plain
server: Golfe2

GET
H2 200 rul
td.doubleclick.net/td/ga/ Frame C3F8 0
0 27ms
22ms Document
text/html 2607:f8b0:4006:80a::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/ga/rul?tid=G-HFVX4VZHCS&gacid=1961934918.1734432528&gtm=45je4cc1v897583451z8897572158za200zb897572158&dma=0&gcs=G111&gcd=13t3t3t3t5l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101925629~102067555~102067808~102081485~102198178&z=1057614669

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HFVX4VZHCS&l=dataLayer&cx=c&gtm=45He4cc1v897572158za200

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::2002 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Tue, 17 Dec 2024 10:48:48 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 sw_iframe.html
www.googletagmanager.com/static/service_worker/4cc0/ Frame 3FCC 0
0 15ms
6ms Document
text/html 2607:f8b0:4006:81e::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/static/service_worker/4cc0/sw_iframe.html?origin=https%3A%2F%2Fblog.morphisec.com

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQBJZ8K

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:81e::2008 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 124187
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 1476
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy: cross-origin
date: Mon, 16 Dec 2024 00:19:01 GMT
expires: Tue, 16 Dec 2025 00:19:01 GMT
last-modified: Thu, 12 Dec 2024 10:18:00 GMT
report-to: {"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server: sffe
service-worker-allowed: /static/service_worker
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 /
www.google.com/pagead/1p-user-list/784310031/ 42 B
64 B 23ms
23ms Image
image/gif 2607:f8b0:4006:823::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/784310031/?random=1734432526382&cv=11&fst=1734429600000&bg=ffffff&guid=ON&async=1&gtm=45be4cc1z8897572158za200zb897572158&gcd=13t3t3t3t5l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102198178&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.morphisec.com%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates&hn=www.googleadservices.com&frm=0&tiba=CoinLurker%3A%20The%20Stealer%20Powering%20the%20Next%20Generation%20of%20Fake%20Updates&did=dNjAwYj&gdid=dNjAwYj&npa=0&pscdl=noapi&auid=23533487.1734432528&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwCa7L7dgGPEpLsLM7Cftl1e9TdHRRdkUgmEHg&random=3783878199&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2004 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
Referer: https://blog.morphisec.com/coinlurker-the-stealer-powering-the-next-generation-of-fake-updates

Response headers

content-security-policy: script-src 'none'; object-src 'none'
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Tue, 17 Dec 2024 10:48:48 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: lltrck.com
URL: https://lltrck.com/scripts/lt-v3.js?llid=35958

Verdicts & Comments Add Verdict or Comment

225 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

55 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.google.com/recaptcha	1970-01-21 06:06:24	Name: _GRECAPTCHA Value: 09AJNbFncieEilptsJcpSq140Woka2FKdCJWAzRXHXcetiHux5E8BchH16LKCT93HSgNON7Bs1X3URfeOvu28gjHs
.blog.morphisec.com/	1970-01-21 01:47:14	Name: __cf_bm Value: Ln_tEfCosliI6jYALL_OfnxUSAhXlYor9mpnpbStLuI-1734432525-1.0.1.1-igzFtkhed1iSnlTZeUUR74uBJfE7kCEPHTEYSBSFO0EGb4fW5kCVbUnolcin7BCeHOHqrq8rWWWLQkVZiVtm1A
.blog.morphisec.com/	1969-12-31 23:59:59	Name: _cfuvid Value: zvgx3niZwNIXE69Gt9MJpncMc5ZgxgKJa2daW4vlTXw-1734432525711-0.0.1.1-604800000
.hubspot.net/	1970-01-21 01:47:14	Name: __cf_bm Value: ZWhbEJ0GwKyvm46OHeuQuf53WgQNB5i6cXsn6MNC7p4-1734432525-1.0.1.1-CRpf3VqRQgDsDDWw4SOtYkGJBXfm_Rwfk2t0LsqqDqrHdxeLvIrS6WRrYwUiuwkE1S.Q.84n_M_BQ5a4ck.QPw
.hubspotusercontent-na1.net/	1970-01-21 01:47:14	Name: __cf_bm Value: pcFqTIXqI8JHTANyJBcRX.Rvr.OJRxwlIZeeLAHNCCA-1734432525-1.0.1.1-8k7ZC3QSXTOhAp_EdOywrxgup4.NcCpXAcyh8pHnDuCwIPaub2q5e5GT_UXiLKcqhX0.U3.mGpLKptVMsv.mOw
.hubspot.com/	1970-01-21 01:47:14	Name: __cf_bm Value: UUPRJLOASFFTkrJxdWwy_U.9IUjw3jLjzAQmOcnDqN8-1734432525-1.0.1.1-03kd0DAyxCK_PJg3IaCxm.BAn4b9ztAw_d4Ca0cL6CSFwVgrPzXBMSqzv4_2S7wQBlYV8mU6sqORhMLoL8IjuA
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: KjYWXTt8U1AAoQLp38k5e1R3weQ9iCSoTfVKsjMGAcQ-1734432525851-0.0.1.1-604800000
.www.morphisec.com/	1970-01-21 01:47:14	Name: __cf_bm Value: 0BwgmU3JzBA9phUpOL4JBqus9KKJ9mDZqpAXtqN_sEc-1734432526-1.0.1.1-VF9KbsizooqheY58tfzy9QXwXVpqNzwbp7PgDriJwb66QxFEKidTwj6ErmvzfLuGpxHdZKmkZvIEyrs3TJVu_g
.www.morphisec.com/	1969-12-31 23:59:59	Name: _cfuvid Value: BFfLrujpW3RROMYoT8UWnzvz7AWihLkYhSy8mlcOyfw-1734432526043-0.0.1.1-604800000
.hsadspixel.net/	1970-01-21 01:47:14	Name: __cf_bm Value: 5gEURiZrZTsp4wUxEfIaaVUA4PEgm614CwRB7T01hxQ-1734432526-1.0.1.1-ijSCtAwzL9PPqRy_pDL6BhtgIfmU5AZ57Ewqle.95gCnVbYAiY8qXggS_TNZjtp145qCuf7FAuZxgHLxKkzA1A
.hs-banner.com/	1970-01-21 01:47:14	Name: __cf_bm Value: YhC_0PPoWcSnG6LXUrWrLSmQSD3QQTSoSRai4REVxSM-1734432526-1.0.1.1-bLUZK0CgkUlv.iP2U.i9rA.iRn33yiDCCR4I74G6vqODyD6d_q.QOPZp_y3ZeivvBI.1EPIqeaSHFxvk4W2wTw
.hs-analytics.net/	1970-01-21 01:47:14	Name: __cf_bm Value: OzAA9oXEFmFpf77mXDFHfGsDtmJSLrS6c5fuNEIcJeY-1734432526-1.0.1.1-8yqbWVrMCjScQZkU7uD2H90UKjCPtpJBOIn.p8dK42kw69hN7S2PKPi_EE4NiuFEBBTkZf2QMRSz02JQGXgfWQ
.hsforms.com/	1970-01-21 01:47:14	Name: __cf_bm Value: WRRflF3Bym0RmVsYhcIV9WCtxz9VlQLcxUV7NiLCRh0-1734432526-1.0.1.1-4vXW0kyjsugGTXr.xx.lKQJL74y8GuFffBCEfvn2yU285e9ngM1CFL_wA67E4NVGMUaQbK8Vi8pD6ellVDan5w
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: .J_1bmE.RYGTvwR4NQdaUglMAQZmgpMJZREF9jx1f9w-1734432526255-0.0.1.1-604800000
.t.co/	1970-01-21 11:23:12	Name: muc_ads Value: 9d5b9d2c-3dd0-4eed-b8cd-557d4c5c8c54
.t.co/	1970-01-21 01:47:14	Name: __cf_bm Value: cg4CX.4O8B9k7jzON9jjJfv5wOF7Ijac98shuyJPJL4-1734432526-1.0.1.1-8NQQApU1eABub4ehxMx0vmvu2brVFGGzbzvgzfXz.Jb9gsclAsOB2b04DWGgEBtmA0fkgSCPY43i_qXAwbEDYA
blog.morphisec.com/	1970-01-21 01:57:17	Name: slireg Value: https://scout.us2.salesloft.com
.twitter.com/	1970-01-21 11:23:12	Name: personalization_id Value: "v1_TkFhpQAkDKPrpMNPM0BXAQ=="
blog.morphisec.com/	1970-01-21 10:32:48	Name: sliguid Value: 7e2a302a-a18f-4936-9968-cc380921d256
blog.morphisec.com/	1970-01-21 10:32:48	Name: slirequested Value: true
.linkedin.com/	1970-01-21 03:56:48	Name: li_sugr Value: 6ebb4aeb-0598-4623-9b79-2b9769dc8d66
.linkedin.com/	1970-01-21 01:48:38	Name: lidc Value: "b=TGST00:s=T:r=T:a=T:p=T:g=3554:u=1:x=1:i=1734432526:t=1734518926:v=2:sig=AQFCP6mmnK3aa-JlrxN7aSjU-ZU7XU8L"
.linkedin.com/	1970-01-21 02:30:24	Name: UserMatchHistory Value: AQJ_xD1HxAyuBwAAAZPUPBDGOGYWupUuGEmrhDCoMPQ2iPxme5Ct6jG_R0ZKw4y2WLyDhgVpg_skow
.linkedin.com/	1970-01-21 02:30:24	Name: AnalyticsSyncHistory Value: AQIFFw8Lc31MzgAAAZPUPBDG6GMl80_xPE-Y_3z2xRCfZfkrFycqs3VBz7fQSnW8-v2x3cRFoIuc7KybtF_ARQ
.linkedin.com/	1970-01-21 10:32:48	Name: bcookie Value: "v=2&7af1fe25-6374-4a22-830a-c23683dbd980"
.www.linkedin.com/	1970-01-21 10:32:48	Name: bscookie Value: "v=1&2024121710484624dbf6c5-19cf-4ecc-8e3c-8cd7dd808b60AQEzdVcoIaVp8oOxf5j4axZKtpFcZDam"
.morphisec.com/	1970-01-21 06:06:24	Name: __hstc Value: 182053752.9044de6007d5c10c969678d42327e96e.1734432526869.1734432526869.1734432526869.1
.morphisec.com/	1970-01-21 06:06:24	Name: hubspotutk Value: 9044de6007d5c10c969678d42327e96e
.morphisec.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.morphisec.com/	1970-01-21 01:47:14	Name: __hssc Value: 182053752.1.1734432526869
.techtarget.com/	1970-01-21 01:47:14	Name: __cf_bm Value: nQ20wWgnhSyj2tTMLX9ruQNABWQTiE8aFM2h.iDD71w-1734432527-1.0.1.1-IXbNQhcgHlrl9C1LC.7Bo6f9l2KbXwEGDv6NqtjuJFxrssduQ6LgdoXzF7IRAWN7mvGjxMxS.KsCiUNQ03xvng
.morphisec.com/	1970-01-21 03:56:48	Name: _fbp Value: fb.1.1734432527265.559331805711661758
.morphisec.com/	1970-01-21 10:32:48	Name: _hjSessionUser_3506314 Value: eyJpZCI6IjQ2YjYzYThiLWJlZDQtNTA3Yy1iMGUwLTIxNzFjODUxYzU4MCIsImNyZWF0ZWQiOjE3MzQ0MzI1MjczMTIsImV4aXN0aW5nIjp0cnVlfQ==
.morphisec.com/	1970-01-21 01:47:14	Name: _hjSession_3506314 Value: eyJpZCI6IjcyYzkyZWM1LWJkMjItNDkyOS04YjRiLWVjMzVhNDVmMjA4ZSIsImMiOjE3MzQ0MzI1MjczMTMsInMiOjEsInIiOjEsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
.morphisec.com/	1970-01-21 10:32:48	Name: __insp_wid Value: 3274945
.morphisec.com/	1970-01-21 10:32:48	Name: __insp_slim Value: 1734432527448
.morphisec.com/	1970-01-21 10:32:48	Name: __insp_nv Value: true
.morphisec.com/	1970-01-21 10:32:48	Name: __insp_targlpu Value: aHR0cHM6Ly9ibG9nLm1vcnBoaXNlYy5jb20vY29pbmx1cmtlci10aGUtc3RlYWxlci1wb3dlcmluZy10aGUtbmV4dC1nZW5lcmF0aW9uLW9mLWZha2UtdXBkYXRlcw%3D%3D
.morphisec.com/	1970-01-21 10:32:48	Name: __insp_targlpt Value: Q29pbkx1cmtlcjogVGhlIFN0ZWFsZXIgUG93ZXJpbmcgdGhlIE5leHQgR2VuZXJhdGlvbiBvZiBGYWtlIFVwZGF0ZXM%3D
.morphisec.com/	1970-01-21 10:32:48	Name: cb_user_id Value: null
.morphisec.com/	1970-01-21 10:32:48	Name: cb_group_id Value: null
.morphisec.com/	1970-01-21 10:32:48	Name: cb_anonymous_id Value: %2257ca2053-3e4d-4efa-bbeb-d5528b3589e9%22
.morphisec.com/	1970-01-21 10:32:48	Name: __insp_norec_sess Value: true
snid.snitcher.com/	1970-01-21 11:23:12	Name: SNID Value: eyJpdiI6IkN4Y3c0aUE4RHB3YXFKdFdPVklJd2c9PSIsInZhbHVlIjoiQUdnR1RNSkxkdzhGZytxZGNvUFhkUllTcStaSVBPNzlYQ1NLWCsxdnY0V0oxOWplOWVkem51MUYzekp6MlUxbFF0bVk2MzhvcFRuZjVVQ09yekZjUmlTc0c2UENIRC95VmNDOUR1U3h6S2VsSWhWanU2bU5SVDBVTStHbEs1QnUiLCJtYWMiOiJmNjE4NTljMzlhNWU1N2I0NWNiNTUxNjFiNzJhMzVkZjg5NWVkYjViYjUwMGYzMzllMjBhNjlmN2U2NjNkZjJlIiwidGFnIjoiIn0%3D
.morphisec.com/	1970-01-21 10:32:48	Name: trd_cid Value: 17344325276790245
trackingapi.trendemon.com/	1970-01-21 11:23:12	Name: trd_gavid_2552 Value: 17344325276790245
trackingapi.trendemon.com/	1970-01-21 11:23:12	Name: trd_gvid Value: 17344325276790245
trackingapi.trendemon.com/	1970-01-21 11:23:12	Name: trd_vid_2552 Value: 2552%3A17344325276790245
.morphisec.com/	1970-01-21 10:32:48	Name: trd_vid_l Value: 2552%3A17344325276790245
.morphisec.com/	1970-01-21 10:32:48	Name: trd_vuid_l Value: 5517491155944723978
.morphisec.com/	1970-01-21 01:47:55	Name: trd_ma_cookie Value: OTA0NGRlNjAwN2Q1YzEwYzk2OTY3OGQ0MjMyN2U5NmU%3D
.morphisec.com/	1970-01-21 03:56:48	Name: _gcl_au Value: 1.1.23533487.1734432528
.morphisec.com/	1970-01-21 11:23:12	Name: _ga_HFVX4VZHCS Value: GS1.1.1734432526.1.0.1734432526.60.0.0
.morphisec.com/	1970-01-21 11:23:12	Name: _ga Value: GA1.1.1961934918.1734432528
.doubleclick.net/	1970-01-21 01:47:13	Name: test_cookie Value: CheckForPermission

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://x.clearbitjs.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/forms.js?page_path=%2Fcoinlurker-the-stealer-powering-the-next-generation-of-fake-updates Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Xss-Protection	1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1534169.fs1.hubspotusercontent-na1.net
7052064.fs1.hubspotusercontent-na1.net
analytics.google.com
analytics.twitter.com
api.hubapi.com
app.clearbit.com
app.hubspot.com
assets.trendemon.com
blog.morphisec.com
cdn.inspectlet.com
cdn2.hubspot.net
cdnjs.cloudflare.com
connect.facebook.net
consent.cookiefirst.com
content.hotjar.io
cta-service-cms2.hubspot.com
edge.cookiefirst.com
fonts.googleapis.com
forms-na1.hsforms.com
forms.hscollectedforms.net
forms.hsforms.com
forms.hubspot.com
googleads.g.doubleclick.net
hn.inspectlet.com
ibc-flow.techtarget.com
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hscollectedforms.net
js.hsleadflows.net
js.hubspot.com
lltrck.com
no-cache.hubspot.com
perf-na1.hsforms.com
perf.hsforms.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
px4.ads.linkedin.com
scout-cdn.salesloft.com
scout.salesloft.com
script.hotjar.com
snap.licdn.com
snid.snitcher.com
static.ads-twitter.com
static.hotjar.com
stats.g.doubleclick.net
syndication.twitter.com
t.co
tag.clearbitscripts.com
td.doubleclick.net
track.hubspot.com
trackingapi.trendemon.com
trk.techtarget.com
www.facebook.com
www.google.com
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
www.morphisec.com
x.clearbitjs.com
lltrck.com
104.244.42.67
104.244.42.8
108.128.190.134
13.107.42.14
13.33.252.108
146.75.32.157
146.75.36.157
172.66.0.227
18.164.96.46
18.208.7.233
2600:141b:1c00:6::17df:d10d
2600:9000:21dd:9000:7:d7d6:3c40:93a1
2600:9000:2807:e400:2:7dc7:8f00:93a1
2606:2800:21f:edfc:49f9:c096:a5a7:75f2
2606:2c40::c73c:67e1
2606:4700:10::6816:38f5
2606:4700:4400::6812:28f0
2606:4700:4400::6812:297c
2606:4700::6810:4869
2606:4700::6810:6bfe
2606:4700::6810:7574
2606:4700::6811:180e
2606:4700::6811:afc9
2606:4700::6811:df98
2606:4700::6812:1247
2606:4700::6812:50cc
2606:4700::6812:593e
2606:4700::6812:8a11
2606:4700::6812:f06c
2607:f8b0:4004:c21::9d
2607:f8b0:4006:809::2003
2607:f8b0:4006:80a::2002
2607:f8b0:4006:80f::2002
2607:f8b0:4006:81e::2008
2607:f8b0:4006:81e::200e
2607:f8b0:4006:820::200a
2607:f8b0:4006:823::2004
2620:1ec:21::14
2a02:6ea0:c454::1
2a03:2880:f00e:13:face:b00c:0:3
2a03:2880:f10e:83:face:b00c:0:25de
34.111.208.231
34.224.19.201
52.20.167.62
52.57.124.13
027f9fef93a2d620715de7311a5bf674cb3df18a352d2a0a7266c147c157333f
035b971c9045324200a30a00be4bfeadff98cf532098493f973523698e6b6d7e
079b0eeae54d172db6026ffdb5ec43396a8a821b3e01b2cebabccebc006c66ee
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
1220bdf087a7b3b0f068e1dc2422c361ef11cf999ff8ea343573d9e5a7c19bdc
13f26112a965660ad5a6037bfc230a90e114f1f8bda6f2b66391b2ed6d8791f0
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1
1764bc84ea6abe91f1634b73a5a6c0ebff400461dfea6a4040bd0c03d86caa8b
194593e450ebdca2aad9d630e377cf663f0eafba28203343504de102ce607440
1c5f683908c190d5f9f618337d8d7c586d735f1ace24afdc81208dbf52a5f45c
1f111bd9633701ea774d060ca1bb78117c6a5761249265cc45a4a6ca6699a807
1fbec94ad9621a43267c401bb53db7e0605c1a5fb4b666a613356bee7cb84d81
1fe0bc1d9a1c1cbe91a73f0a0c9aaedfdbea60a59ea6d0b3043c6a32e1f0dbdc
215a727005705f3d2acf7c19a34a2998be3ef884277d704194b87cdcd8829544
21b4725e42948eeab21e8cf6f0affb63ebc065012b4c7dff779e428ebd33a814
240355f4e85792fb5c1e46a942e6d797a078d39f8717dfbab666e4e80cb4dd8d
2dec0530b1a91aaea81d978cf2c968438c1b3c35b9562ec13c2e465f81c54843
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3437637c88e40ab5f57b1e37129d03ebb7594a6fc8ea56061284c93f8088beb8
356bb4bf2245a68ee5de5732b5574260dd2016a2c3987e17ad97fb2586a883d1
3a4850f556812a808a87669edcc26eecd8abc3e0a35178b57e9049c4271c9117
3c66f537de497e2306014e30c269b7d65e0671eec4b25e53120de90d627100f5
3d0faa1510d3999ee6ce630052e0f8c562acc8b69380ceb4e7f812aaa4c5303f
3dd258baa6cbc14c2a6a22803337f584d9fd08907952e766c0d33527d9ae302c
3ec54fffb204b5f57f1addd8dd9c876b4968ab050d17607038727d6a252c4d4a
3fc6f43f8d589a8e68a0242c1b868cc5219f5bd368d1b960af52716a8541dfec
3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4
401925a1114f7003121630392768d35516be54a4028f01024528aeae99a45a56
40943198e5e26cbcf474c1ed0846442abc4398198117de5251a8840fb421cd13
426e16d014775c77916610f675f58880874c645817ed26d01873dde3466e6007
42c7e51d284cd7256caf3bfebf641141876657ea0d6e5588ac7e69dce1e9cf7e
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44bc30322b395963cf09e8fb1bee4d07e58d60599a82c4e821cf89ed36d0b786
46c7b6ee01c236fd8d98d0b7c8f00fba85340c3432932e624d44f7663aef8513
48ba2714b695a9758199b721db260f3bb14cd0ca2f81ae6b94c578c81d46beea
49a19088059cbcf9b342b648af5ecf0d0f664b34a576c05270068479ea088eba
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440
4c1113b143de12d58d3771cbddb3a4e7c76580a89ea241479cc9bd5288fd2fd0
4dfd5527da83604d3337f60fa00d7aedfd8020fb48c376777dc573c83110668e
4e0a2edf9cc6b61a6576a95fe791ac7b4470577d68e0cc738a2f90d2d6416589
51c5dea99a003cec5f059f3544010eacb1bfbd835fe5fdaec85cc0260020ec29
548514a77d683e1378df0c7bb7585ef3eb91bff1975301269daa52a0c885cc1c
5615cdac4c30b1fb905891f5de1e1dcf7745b6b0ec88cfc89360ee48fc240977
56c3ee10dba81c31dadcd1781559711d6a793a5245c37e2ea06cd1908c563b59
5d554121551df68e414c85920b6541d2e92251a189ff19a4b1f8dffe97ce1cb5
5f6e5a772649ae72f766174a853fb5e403ea5b24f50b604ac2530475af1a8208
60bd6bad64c21fc8b1d3f6bf3fa261780974e6b0489a67a1d02db33fb4c9b7b6
636ecb5784f08327b02a785d4bbd25f44b0eeb98b3a8391ec47c0af6b87554a8
648318e55febdac418f0f8a23db309f81c273a66c5eb41a8aab85b29bebcdc9f
65840f3213c096a93e93e3bffb4d6d0def039ac4f5a3d767f34787fbc0949443
674d5ab1e2c5a783115e67fabc4805ac2e8a83d48eb6a1ad3535c23a959a1801
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b011f48059b6591b0d266a9abdf45d9263e702059d29a207e770ddb87b49c72
6cb079eb01e730c435ef0b80f62f636245fa0f8f0e86c144935e42a8dd12a545
71815070cf1baa5e8fe6694ab489c18374703c8fb1e11700f2530ccb8fb32d33
723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4
7336afe3d92703a1b35e780301c688426c74d5a8c3d9cd1794d3370d763e58d3
742c9608b78f9a221b5b68a1868e68703402427a9af76f87093393e02015573f
76dd9ffb1b604b0ad3f128d2fe014cc22f934ed40ae792ef9b4600a17866aeb2
7b6c05da4a3bf310d031c91547f632bb2d2376abf08c403a40546220875aed51
7bdd108cc01fd2295d4c04020e5163d2e7a160c42839083a6216d847a2ed1313
7c96cf83f01988ba16fac36d470e9def94e057cf27c0862fc7f4e34f78e7fc6a
7da57a437a999e2503178063a85ca9557211686f50d7671db0142a2ceb3095d2
8178a23344ec8e9b3f599125e10c07ec57bd94f1790a8b5b04f16d11747faded
89bf8cdea73ce776d6b81d03837bc7f04af5e3946b839a3c0bfbf3094ad3f7be
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8e7902d12bed414b23fd30c7019fc0fe08d03b14984beb21e486aaa59135f803
8e7992826262f9cdc8ff3eb0516bee93ac2e8f170792aa59947c334f11625bfc
8f4d3fcf8da239351a654840bbd4eadd26b839d40a8086343cc58f24c68b3281
9249d1ef1169e99b4692229543497047ae7ebccbbb7e2b587a63977faee58bcf
939c1b1420c9dcd654cf23e16482d791454288ca4ff1059fb8839412cc29b2a5
9ec3c84e8019f979befe03094b124908c617d66036668dade9e8edf77b239924
9f04b9db4570a8f016c3b42727fd56b2e8779876c8f6ee5fdcfabb4df25eb48b
9ffeb84d46b2b5e4b08e58fe04b241abd896d871c6fb96ec02c18ac9f87646f6
aa011ed383cb780028a85caaa0dda67dce19b0f4bc596f4f708d1857015c1362
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
abd611420c0557b18c6fbd0dd66eb643fc3298fbaccd15e0a2ba9fdf78f2ca72
ac70750a8ab8a0a1055a671aca726611489dc5dc36c6b27909c79c69d8febb40
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad5d4193328e2083398686d67b7e67b9d7ab9b935d745746d186c33d07bf4a65
ae0393f48f5412e3124cafc47dd3e8b7bd39a6eb1f2517883c8b175df4df6334
ae4b54eea835ff08fd0c443097ca4aae63b250097f38a659f945972252163b7a
afebc654252e2e6725166fd88386decd2d62cbae24cf76f93af01051afcd22bf
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b261530f05e272e18b5b5c86d860c4979c82b5b6c538e1643b3c94fc9ba76dd6
b28f2758dd0c48fa0e8e33ccfee02f1b581b93484aae2af63190df3d4bcc068f
b364babb52cb930beb7e5e61f549d739c155b2f8a24415bb8b401b0d6cb3eddb
b3e8357cc1fe184a45255c2831770245aa454c3e957dfe3df6a0ee789ac77e01
b45ccbf32d035de11892a90f51826c45e201927c582271f56acd251e014c16ab
b46d0e5c77e3f8284ded5f1387d7c17d3e7b8a829e24b9ec08911737e461827a
b54327ee6fcabc302d4040a6f40bfecf80a3f31d9dc8c981cad27f6c42f1572f
ba7dc0cc2741341a8134b4446d67e2068ac2c211a9f774c92d55ce3a6b32220d
bd58f340e48da46e3ddb24c310aba202725dd99b5f0a86e0525b9b8d1b1c5ea5
bdd1d266ae01452fc70f49bd77332953f6c48465656b6060852062924a0f7e6f
be3950dab42791bb50d60a09c80869ba8c86f7dab74eff23b91a365d0c710831
be96a16025bfbe78bed5a7475f5877696f919dcf9b37939866f8c2d47af7976c
c2ffcc23e70888f086bd6621dbf457f6b4f0f99b4d92e4fa2ca4cd0e9b2792e6
c8dfa70f0dccd44f1f69659a7d4715aef17d48c4a8f88d4868b919fc9aabb453
c8f61ff99bdb7078fb9a587059822d308fa9f3e5f9765101876426ab9c4363cc
c9492eab132c2db0eaef81fea1bb719d8e3f5a11a32f7ebeeea5af202cd4e5c7
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
cb14dfe8ae5aaa4a01824e5fc91c51fb3302150e6143796961e266017ac39817
cb5224674e43d02db0037517f4aa29ba5ce9ddd0672e513cc7289714ba657522
cdc7252a3b872aa14de24f70abfc1d759c601941108a32d4954171527f635b1c
cf1cb8930dbca6515121d94c81df4c6b2567c5021435ab4ac683abfc51768ec5
cf1d86ae566e620f5f69c4627e1859d61567555afbc78c397876cde4760c7dad
cf3e0ecae28a70c5e010c24c160321243efe54f497d49a6a8f31ca12ee7eb972
d00e54d87cce777c78c59c446e01bc3bcaabca266daa6463181dd527c98738e9
d0b1cb1455ecf8ab5a7eb203460cc7ff790df097c5907eb3d27ff7344282517e
d19d09e24c8a6da58f2db0561d49f8719a08c9d80561578116bf155a615bd98a
d27825196ad091987820f3ead157595d5a5e482b8849982da00b9395a6f590bb
d2d09c4a39acf0339c9697b5837fec5bb2bfb9f92677ac2133640b900f91925c
d4963b8afebfa0063b5d17b4c80f49bce702a37ea5c9b91bb3c996bb9dea4b60
d4d476694bb5382da2de611b3b716fbed22fcd64d18753111b6d15a28667fd24
d7c2ddb591f4a579e867624a9ac11234ee3b7ef13f41c743088d4b4d723b8461
d897dc64c205a7afbb9d49e069bd306af94a7737a26d18fd8863bf36b13ea914
d97180952ebaa2570c0d21bc74e1778b19fa5bcb6a1ac09b0daa585c82c01e29
d9ea8a8cab935e18796b1a064b1644c0f5db2d967a60e5f7cb8b37066b2399a4
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dc6aa06f4335712c39e20a5bd72d346a25c3143b0cee9d38e4fb5deab6b06458
dcb093f4d22a7fda091541fc3489374777052ddfaba29b3e21d287221193eea1
df321b4ad30f5f4d65fca54b59846168a3f89059e14d1349d5d5903a431d11d3
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5ac2698e0bccae79538f4a1d4a03e8d52a1857a393aeb200faa8a86eacbd139
e5b1ceffda14543118fcc1d2d886fa5049d579ef1d139a7e94efbe9368fa9235
e61c3520c8110a709d981083ddc93cf042c2d2ba25a21903b5df270edb3a05c5
e6b8a90a2870483ace67380ff4a64b39bfecb7952a432393470d76a6614fc62c
e7902b56545718b3f9dcc015b4acab60270239d559b0adaae9e5c81dd95a89a1
e87be82092a8e1a5544ef566ba1a636162eecb31e33095c6f17eb06c87cc2efb
eef7476c879379d694804e834bd6a5846522e845dc6840a8865708d738ecc4c3
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f1d760682f66979c85193208c7d10daddd5d3e74c6c148bef442a203d330cb22
f3d8c648b4ec40e2369730c552db76ad40994c6dd489ff87b28f6fc1ea2ced96
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5

blog.morphisec.com Open in urlscan Pro 2606:2c40::c73c:67e1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

190 Requests

98 %HTTPS

69 %IPv6

36 Domains

61 Subdomains

46 IPs

4 Countries

2842 kBTransfer

7468 kBSize

55 Cookies

46 Outgoing links

Redirected requests

190 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

blog.morphisec.com Open in urlscan Pro
2606:2c40::c73c:67e1 Public Scan

Screenshot
Live screenshot

Full Image

190
Requests

98 %
HTTPS

69 %
IPv6

36
Domains

61
Subdomains

46
IPs

4
Countries

2842 kB
Transfer

7468 kB
Size

55
Cookies

190 HTTP transactions
0 data transactions