URL: https://blog.morphisec.com/threat-analysis-lua-malware
Submission Tags: @nominet_threat_intel ip-string-1st reference_article_link confidence_medium cluster_87925943 Search All
Submission: On October 09 via api from GB — Scanned from GB

Summary

This website contacted 51 IPs in 5 countries across 39 domains to perform 185 HTTP transactions. The main IP is 2606:2c40::c73c:671f, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is blog.morphisec.com.
TLS certificate: Issued by WE1 on September 10th 2024. Valid for: 3 months.
This is the only time blog.morphisec.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2606:2c40::c7... 209242 (CLOUDFLAR...)
63 199.60.103.31 209242 (CLOUDFLAR...)
2 104.18.90.62 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:2800:233... 15133 (EDGECAST)
2 2606:4700:440... 13335 (CLOUDFLAR...)
16 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
2 34.107.133.146 396982 (GOOGLE-CL...)
1 2a00:1450:400... 15169 (GOOGLE)
13 2400:52e0:1e0... 60068 (CDN77 _)
1 169.150.247.39 60068 (CDN77 _)
1 18.66.102.53 16509 (AMAZON-02)
4 157.240.253.1 32934 (FACEBOOK)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
3 3.126.181.126 16509 (AMAZON-02)
1 2600:9000:267... 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 172.67.10.172 13335 (CLOUDFLAR...)
1 13.33.187.74 16509 (AMAZON-02)
1 3 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
2 34.111.208.231 396982 (GOOGLE-CL...)
4 54.156.211.30 14618 (AMAZON-AES)
3 2a03:2880:f17... 32934 (FACEBOOK)
4 18.153.4.44 16509 (AMAZON-02)
5 146.75.120.157 54113 (FASTLY)
1 162.159.140.229 13335 (CLOUDFLAR...)
1 104.244.42.131 13414 (TWITTER)
1 104.244.42.8 13414 (TWITTER)
9 104.18.80.204 13335 (CLOUDFLAR...)
2 142.250.184.194 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2 142.250.185.132 15169 (GOOGLE)
1 2001:4860:480... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
2 142.250.186.67 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 18.203.150.108 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2600:9000:275... 16509 (AMAZON-02)
4 54.158.153.5 14618 (AMAZON-AES)
185 51
Apex Domain
Subdomains
Transfer
64 morphisec.com
blog.morphisec.com
www.morphisec.com
2 MB
19 hubspot.com
no-cache.hubspot.com — Cisco Umbrella Rank: 13634
js.hubspot.com — Cisco Umbrella Rank: 3554
app.hubspot.com — Cisco Umbrella Rank: 5859
cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 3687
forms.hubspot.com — Cisco Umbrella Rank: 5962
track.hubspot.com — Cisco Umbrella Rank: 2324
202 KB
14 cookiefirst.com
consent.cookiefirst.com — Cisco Umbrella Rank: 34664
edge.cookiefirst.com — Cisco Umbrella Rank: 39884
83 KB
9 hsforms.com
perf.hsforms.com — Cisco Umbrella Rank: 15226
forms.hsforms.com — Cisco Umbrella Rank: 4621
perf-na1.hsforms.com — Cisco Umbrella Rank: 3796
forms-na1.hsforms.com — Cisco Umbrella Rank: 7161
5 KB
6 trendemon.com
assets.trendemon.com — Cisco Umbrella Rank: 106503
trackingapi.trendemon.com — Cisco Umbrella Rank: 87399
68 KB
6 twitter.com
platform.twitter.com — Cisco Umbrella Rank: 1472
analytics.twitter.com — Cisco Umbrella Rank: 962
syndication.twitter.com — Cisco Umbrella Rank: 1829
31 KB
5 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 42
td.doubleclick.net — Cisco Umbrella Rank: 192
stats.g.doubleclick.net — Cisco Umbrella Rank: 136
3 KB
5 salesloft.com
scout-cdn.salesloft.com — Cisco Umbrella Rank: 11311
scout.salesloft.com — Cisco Umbrella Rank: 14552
4 KB
5 linkedin.com
platform.linkedin.com — Cisco Umbrella Rank: 3841
px.ads.linkedin.com — Cisco Umbrella Rank: 321
px4.ads.linkedin.com — Cisco Umbrella Rank: 6828
163 KB
4 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 180
155 KB
3 google.com
www.google.com — Cisco Umbrella Rank: 3
region1.analytics.google.com — Cisco Umbrella Rank: 4401
88 B
3 clearbitjs.com
x.clearbitjs.com — Cisco Umbrella Rank: 16255
45 KB
3 facebook.com
www.facebook.com — Cisco Umbrella Rank: 113
3 KB
3 techtarget.com
trk.techtarget.com — Cisco Umbrella Rank: 25487
ibc-flow.techtarget.com — Cisco Umbrella Rank: 23670
2 KB
3 snitcher.com
snid.snitcher.com — Cisco Umbrella Rank: 80606
25 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
300 KB
2 hscollectedforms.net
js.hscollectedforms.net — Cisco Umbrella Rank: 4567
forms.hscollectedforms.net — Cisco Umbrella Rank: 4719
25 KB
2 google.co.uk
www.google.co.uk — Cisco Umbrella Rank: 5087
127 B
2 inspectlet.com
cdn.inspectlet.com — Cisco Umbrella Rank: 13140
hn.inspectlet.com — Cisco Umbrella Rank: 13451
65 KB
2 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 877
script.hotjar.com — Cisco Umbrella Rank: 1177
61 KB
2 aplo-evnt.com
aplo-evnt.com — Cisco Umbrella Rank: 32656
2 hubspotusercontent-na1.net
7052064.fs1.hubspotusercontent-na1.net
1534169.fs1.hubspotusercontent-na1.net
51 KB
2 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 220
32 KB
2 hubspot.net
cdn2.hubspot.net — Cisco Umbrella Rank: 8959
4 KB
1 hubapi.com
api.hubapi.com — Cisco Umbrella Rank: 3483
801 B
1 hotjar.io
content.hotjar.io — Cisco Umbrella Rank: 6755
171 B
1 hs-banner.com
js.hs-banner.com — Cisco Umbrella Rank: 2172
26 KB
1 hsadspixel.net
js.hsadspixel.net — Cisco Umbrella Rank: 3176
4 KB
1 hs-analytics.net
js.hs-analytics.net — Cisco Umbrella Rank: 2191
26 KB
1 hsleadflows.net
js.hsleadflows.net — Cisco Umbrella Rank: 5740
92 KB
1 clearbit.com
app.clearbit.com — Cisco Umbrella Rank: 16819
1 KB
1 t.co
t.co — Cisco Umbrella Rank: 859
627 B
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 960
15 KB
1 clearbitscripts.com
tag.clearbitscripts.com — Cisco Umbrella Rank: 13413
5 KB
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 784
14 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 30
3 KB
1 apollo.io
assets.apollo.io — Cisco Umbrella Rank: 31382
2 KB
1 hsappstatic.net
static.hsappstatic.net — Cisco Umbrella Rank: 5807
5 KB
0 lltrck.com Failed
lltrck.com Failed
185 39
Domain Requested by
55 blog.morphisec.com blog.morphisec.com
cdn.inspectlet.com
13 consent.cookiefirst.com www.googletagmanager.com
consent.cookiefirst.com
www.morphisec.com
9 www.morphisec.com blog.morphisec.com
consent.cookiefirst.com
7 track.hubspot.com
7 no-cache.hubspot.com blog.morphisec.com
4 trackingapi.trendemon.com assets.trendemon.com
4 perf.hsforms.com blog.morphisec.com
4 platform.twitter.com blog.morphisec.com
platform.twitter.com
4 scout.salesloft.com scout-cdn.salesloft.com
4 connect.facebook.net blog.morphisec.com
connect.facebook.net
3 x.clearbitjs.com tag.clearbitscripts.com
3 www.facebook.com blog.morphisec.com
connect.facebook.net
3 px.ads.linkedin.com 1 redirects snap.licdn.com
3 snid.snitcher.com blog.morphisec.com
snid.snitcher.com
3 www.googletagmanager.com blog.morphisec.com
www.googletagmanager.com
2 assets.trendemon.com blog.morphisec.com
assets.trendemon.com
2 forms-na1.hsforms.com blog.morphisec.com
2 forms.hsforms.com blog.morphisec.com
2 cta-service-cms2.hubspot.com cdn.inspectlet.com
js.hubspot.com
2 www.google.co.uk blog.morphisec.com
2 www.google.com 1 redirects blog.morphisec.com
2 td.doubleclick.net www.googletagmanager.com
2 googleads.g.doubleclick.net www.googletagmanager.com
blog.morphisec.com
2 ibc-flow.techtarget.com trk.techtarget.com
2 aplo-evnt.com assets.apollo.io
2 cdnjs.cloudflare.com blog.morphisec.com
2 cdn2.hubspot.net blog.morphisec.com
1 forms.hubspot.com cdn.inspectlet.com
1 perf-na1.hsforms.com blog.morphisec.com
1 1534169.fs1.hubspotusercontent-na1.net blog.morphisec.com
1 forms.hscollectedforms.net cdn.inspectlet.com
1 api.hubapi.com cdn.inspectlet.com
1 content.hotjar.io cdn.inspectlet.com
1 app.hubspot.com cdn.inspectlet.com
1 js.hs-banner.com blog.morphisec.com
1 js.hsadspixel.net blog.morphisec.com
1 js.hscollectedforms.net blog.morphisec.com
1 js.hs-analytics.net blog.morphisec.com
1 js.hubspot.com blog.morphisec.com
1 js.hsleadflows.net blog.morphisec.com
1 stats.g.doubleclick.net www.googletagmanager.com
1 region1.analytics.google.com www.googletagmanager.com
1 syndication.twitter.com blog.morphisec.com
1 app.clearbit.com cdn.inspectlet.com
1 hn.inspectlet.com cdn.inspectlet.com
1 analytics.twitter.com blog.morphisec.com
1 t.co blog.morphisec.com
1 static.ads-twitter.com blog.morphisec.com
1 px4.ads.linkedin.com blog.morphisec.com
1 script.hotjar.com static.hotjar.com
1 cdn.inspectlet.com blog.morphisec.com
1 scout-cdn.salesloft.com blog.morphisec.com
1 trk.techtarget.com blog.morphisec.com
1 tag.clearbitscripts.com www.googletagmanager.com
1 snap.licdn.com blog.morphisec.com
1 static.hotjar.com www.googletagmanager.com
1 edge.cookiefirst.com consent.cookiefirst.com
1 fonts.googleapis.com blog.morphisec.com
1 assets.apollo.io blog.morphisec.com
1 static.hsappstatic.net blog.morphisec.com
1 7052064.fs1.hubspotusercontent-na1.net blog.morphisec.com
1 platform.linkedin.com blog.morphisec.com
0 lltrck.com Failed blog.morphisec.com
185 63
Subject Issuer Validity Valid
blog.morphisec.com
WE1
2024-09-10 -
2024-12-09
3 months crt.sh
hubspot.net
WE1
2024-10-07 -
2025-01-05
3 months crt.sh
cdnjs.cloudflare.com
WE1
2024-09-28 -
2024-12-27
3 months crt.sh
platform.linkedin.com
DigiCert SHA2 Secure Server CA
2024-06-13 -
2025-06-13
a year crt.sh
hubspotusercontent-na1.net
WE1
2024-10-07 -
2025-01-05
3 months crt.sh
hubspot.com
WE1
2024-10-03 -
2025-01-01
3 months crt.sh
hsappstatic.net
WE1
2024-09-06 -
2024-12-05
3 months crt.sh
*.google-analytics.com
WR2
2024-09-24 -
2024-12-17
3 months crt.sh
apollo.io
E5
2024-09-01 -
2024-11-30
3 months crt.sh
aplo-evnt.com
R10
2024-08-22 -
2024-11-20
3 months crt.sh
upload.video.google.com
WR2
2024-09-24 -
2024-12-17
3 months crt.sh
*.cookiefirst.com
Sectigo RSA Domain Validation Secure Server CA
2023-12-05 -
2024-12-16
a year crt.sh
www.morphisec.com
WE1
2024-09-10 -
2024-12-09
3 months crt.sh
*.hotjar.com
Amazon RSA 2048 M03
2024-05-22 -
2025-06-20
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2024-07-17 -
2024-10-15
3 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA
2023-12-13 -
2024-12-12
a year crt.sh
snid.snitcher.com
Amazon RSA 2048 M03
2024-07-17 -
2025-08-14
a year crt.sh
clearbitscripts.com
Amazon RSA 2048 M03
2024-05-11 -
2025-06-08
a year crt.sh
trk.techtarget.com
WE1
2024-09-20 -
2024-12-19
3 months crt.sh
salesloft.com
Sectigo RSA Domain Validation Secure Server CA
2024-03-20 -
2025-04-19
a year crt.sh
inspectlet.com
WE1
2024-08-13 -
2024-11-11
3 months crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA
2024-09-11 -
2025-03-11
6 months crt.sh
ibc-flow.techtarget.com
WR3
2024-08-28 -
2024-11-26
3 months crt.sh
clearbitjs.com
Amazon RSA 2048 M02
2024-02-15 -
2025-03-16
a year crt.sh
ads-twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-06-25 -
2025-06-24
a year crt.sh
*.twimg.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-06-24 -
2025-07-25
a year crt.sh
t.co
E5
2024-09-28 -
2024-12-27
3 months crt.sh
*.twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-08-19 -
2025-08-18
a year crt.sh
clearbit.com
Amazon RSA 2048 M03
2024-02-15 -
2025-03-16
a year crt.sh
syndication.twitter.com
R10
2024-08-23 -
2024-11-21
3 months crt.sh
hsforms.com
WE1
2024-08-12 -
2024-11-10
3 months crt.sh
*.g.doubleclick.net
WR2
2024-09-24 -
2024-12-17
3 months crt.sh
*.doubleclick.net
WR2
2024-09-24 -
2024-12-17
3 months crt.sh
*.google.co.uk
WR2
2024-09-24 -
2024-12-17
3 months crt.sh
hsleadflows.net
WE1
2024-09-29 -
2024-12-28
3 months crt.sh
hs-analytics.net
WE1
2024-10-07 -
2025-01-05
3 months crt.sh
hscollectedforms.net
WE1
2024-09-22 -
2024-12-21
3 months crt.sh
hsadspixel.net
WE1
2024-08-12 -
2024-11-10
3 months crt.sh
hs-banner.com
WE1
2024-09-24 -
2024-12-23
3 months crt.sh
*.google.com
WR2
2024-09-24 -
2024-12-17
3 months crt.sh
*.hotjar.io
Amazon ECDSA 256 M02
2024-01-31 -
2025-03-01
a year crt.sh
hubapi.com
WE1
2024-09-09 -
2024-12-08
3 months crt.sh
*.trendemon.com
SSL.com RSA SSL subCA
2024-06-18 -
2025-06-18
a year crt.sh

This page contains 7 frames:

Primary Page: https://blog.morphisec.com/threat-analysis-lua-malware
Frame ID: E1FD7FCF6C24C4FB8D66E74F12840AB3
Requests: 175 HTTP requests in this frame

Frame: https://www.morphisec.com/cf-bc-handler.html
Frame ID: 432D46CFBDF9B4617026D64AEC1B68BE
Requests: 2 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fblog.morphisec.com
Frame ID: 10D45A6BFF0F3F79509A751D5626A908
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/tweet_button.2f70fb173b9000da126c79afe2098f02.en.html
Frame ID: C442D26F35CDA157F4E1A6A542D4F40F
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/784310031?random=1728487343541&cv=11&fst=1728487343541&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a70z8897572158za200zb897572158&gcd=13t3t3t3t5l1&dma=0&tag_exp=101529666~101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&hn=www.googleadservices.com&frm=0&tiba=Not%20All%20Fun%20and%20Games%3A%20Lua%20Malware%20Targets%20Educational%20Sector%20and%20Student%20Gaming%20Engines&did=dNjAwYj&gdid=dNjAwYj&npa=0&pscdl=noapi&auid=589707303.1728487346&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Frame ID: C3706383BD290137D2976C941B5F9281
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-HFVX4VZHCS&gacid=2071232070.1728487346&gtm=45je4a70v897583451z8897572158za200zb897572158&dma=0&gcs=G111&gcd=13t3t3t3t5l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101671035~101747727&z=1295525306
Frame ID: 39185A4A3F5949E30FFE74DA0E8781DF
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/v3.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df5066685ff6e67824%26domain%3Dblog.morphisec.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.morphisec.com%252Ff3028aceaf4cf852f%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&layout=button_count&locale=en_US&sdk=joey
Frame ID: EB8157B79A155CC0EFD7D67D64279AD5
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Not All Fun and Games: Lua Malware Targets Educational Sector and Student Gaming Engines

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel="amphtml"

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/

Overall confidence: 100%
Detected patterns
  • js\.hs-analytics\.net/analytics

Overall confidence: 100%
Detected patterns
  • cdn\.inspectlet\.com

Overall confidence: 100%
Detected patterns
  • //platform\.linkedin\.com/in\.js

Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Overall confidence: 100%
Detected patterns
  • (?:/([\d.]+))?/slick(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • //platform\.twitter\.com/widgets\.js

Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

185
Requests

98 %
HTTPS

54 %
IPv6

39
Domains

63
Subdomains

51
IPs

5
Countries

3091 kB
Transfer

7196 kB
Size

47
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 92
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3607898&time=1728487344463&url=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3607898&time=1728487344463&url=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&e_ipv6=AQKMXaDXPXszpAAAAZJx38n4EpYCBa8KimDBTmlit_1sVRAB-bW1G4uIOpR4xkAAvvc
Request Chain 124
  • https://www.google.com/pagead/landing?gcs=G111&gcd=13t3t3t3t5l1&tag_exp=101529666~101671035~101747727&rnd=2065335649.1728487346&url=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&dma=0&npa=0&gtm=45He4a70n81PQBJZ8Kv897572158za200&auid=589707303.1728487346 HTTP 302
  • https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5l1&tag_exp=101529666~101671035~101747727&rnd=2065335649.1728487346&url=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&dma=0&npa=0&gtm=45He4a70n81PQBJZ8Kv897572158za200&auid=589707303.1728487346

185 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request threat-analysis-lua-malware
blog.morphisec.com/
156 KB
28 KB
Document
General
Full URL
https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671f , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
91be5f9284c0501b4dab3d49539ac1daafc9b64f5104031572cee4791d4db562
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
false
age
331
alt-svc
h3=":443"; ma=86400
cache-control
s-maxage=7200,max-age=5
cache-tag
CT-180426032289,CG-3742504875,P-1534169,L-111241817773,W-110459115301,W-110461035085,W-110617941043,W-17242827075,CW-109590708858,CW-111929326924,CW-148583664153,CW-6224157750,CW-96190736016,E-109591972187,E-109621200285,E-109629951254,E-109788822098,E-110333050473,E-110410292559,E-110414479364,E-110809165900,E-36272650673,E-6213834399,E-6224156614,E-6224925249,E-91587260036,MENU-110459115301,MENU-110461035085,MENU-110617941043,MENU-17242827075,PGS-ALL,SW-1,GC-109628533403,GC-111932574522
cf-cache-status
HIT
cf-ray
8cff5d99ded8cd26-LHR
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html;charset=utf-8
date
Wed, 09 Oct 2024 15:22:21 GMT
edge-cache-tag
CT-180426032289,CG-3742504875,P-1534169,L-111241817773,W-110459115301,W-110461035085,W-110617941043,W-17242827075,CW-109590708858,CW-111929326924,CW-148583664153,CW-6224157750,CW-96190736016,E-109591972187,E-109621200285,E-109629951254,E-109788822098,E-110333050473,E-110410292559,E-110414479364,E-110809165900,E-36272650673,E-6213834399,E-6224156614,E-6224925249,E-91587260036,MENU-110459115301,MENU-110461035085,MENU-110617941043,MENU-17242827075,PGS-ALL,SW-1,GC-109628533403,GC-111932574522
last-modified
Wed, 09 Oct 2024 14:26:50 GMT
link
</hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js>; rel=preload; as=script, </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script, </hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer-when-downgrade
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DS5nSdXeWdWfvM%2FacDjSbw1iEtK1KFYded6dB5dif4tZxSemELft2tkD31n0YAsoWvIG9Cj53DCGWH59xFtwLLwtt3APWG4K8IzdoSOLQIQZjOXTRoBNiITvuVrL8s1%2F4C2ITG%2Fx2kzUyYkvpK31XQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
origin, Accept-Encoding
x-content-type-options
nosniff
x-envoy-upstream-service-time
250
x-evy-trace-listener
listener_https
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-route-service-name
envoyset-translator
x-evy-trace-served-by-pod
iad02/cms-10-19-td/envoy-proxy-6f7bd6888-nj4hb
x-evy-trace-virtual-host
all
x-hs-cache-config
BrowserCache-5s-EdgeCache-7200s
x-hs-content-id
180426032289
x-hs-hub-id
1534169
x-hubspot-correlation-id
80b892a2-2493-4b47-b863-966d673d39ff
x-request-id
80b892a2-2493-4b47-b863-966d673d39ff
x-xss-protection
1
project.js
blog.morphisec.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/
2 KB
2 KB
Script
General
Full URL
https://blog.morphisec.com/hs/hsstatic/keyboard-accessible-menu-flyouts/static-1.17/bundles/project.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"ef84f26c310485299d6b75777414eddb"
age
393794
x-amz-version-id
gEenO44eZUewxnIWfgj9q6LB.g9OszNv
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rkrWik5mfqCfOiG6WirMqlPJAru9gZ8mFJm7UzZ2CygdJHQW3D66jKdAlWNmmiF67utQZoR4y96OAfzrXdh0KWKSFyTXTB%2FhWEYQ4pXA3lRjEeaqqcKgJEb2dWpx1TICGsUOXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
expires
Thu, 09 Oct 2025 15:22:21 GMT
alt-svc
h3=":443"; ma=86400
x-cache
RefreshHit from cloudfront
x-amz-cf-id
rP2atRVSrLy1r3QgSDedZKKzrsYKrDlZdA9iKvYOrhuqnBLtjsGLtg==
date
Wed, 09 Oct 2024 15:22:21 GMT
content-type
application/javascript
last-modified
Wed, 19 Aug 2020 22:24:11 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-replication-status
COMPLETED
cache-control
public, max-age=31536000
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via
1.1 0316c07369e8911f4fffe6ae5475e30c.cloudfront.net (CloudFront)
cf-ray
8cff5d9b6e997750-LHR
x-amz-cf-pop
LHR50-P6
server
cloudflare
x-amz-server-side-encryption
AES256
project.js
blog.morphisec.com/hs/hsstatic/cos-i18n/static-1.53/bundles/
1 KB
2 KB
Script
General
Full URL
https://blog.morphisec.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"61ca66de658cab9587e4636894680d5d"
age
14525792
x-amz-version-id
P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=joLEtj3V3IveEXv%2F80bZjTbSS4hRQLttj59LrKP8AFGpJ2899NAtFeiaToGL%2FeguhnMabC0uI8EeDQSQSZ24uZdnlq4BNBc0OigItspz96aqoD1dnU3FIF9u2xBAXYl2Oi2jaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
expires
Thu, 09 Oct 2025 15:22:21 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
rVf41lsVR0EmWYEF7ckt7NfzQgmrPHH6keF8Vw5SKhRGJugvT8eHRw==
date
Wed, 09 Oct 2024 15:22:21 GMT
content-type
application/javascript
last-modified
Tue, 09 Nov 2021 16:12:42 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-replication-status
COMPLETED
cache-control
public, max-age=31536000
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via
1.1 7e7605dff243a25ecb1590c5d7dcc7f0.cloudfront.net (CloudFront)
cf-ray
8cff5d9b6e9c7750-LHR
x-amz-cf-pop
LHR50-P6
server
cloudflare
x-amz-server-side-encryption
AES256
post_listing_asset.js
blog.morphisec.com/hs/hsstatic/AsyncSupport/static-1.122/js/
3 KB
2 KB
Script
General
Full URL
https://blog.morphisec.com/hs/hsstatic/AsyncSupport/static-1.122/js/post_listing_asset.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8e7902d12bed414b23fd30c7019fc0fe08d03b14984beb21e486aaa59135f803
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"d95d7dafd49a1edc76a47120c287b579"
age
17698599
x-amz-version-id
nC1hzr07YsutChb9rCwKsMoiyxip8lR7
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OdxXS37f3kfhfe%2Bc7CjIHeNghUrUntyZL4qf0TKyH3yDmtPH8CtjSUmNnEd4aiKx4Tq3iVOPE8wISviGI0%2BCV1VucS5aYkb9%2FxGeBKkdewKElHh6dVCn2lBfMY%2BHI949p50fgg%3D%3D"}],"group":"cf-nel","max_age":604800}
expires
Thu, 09 Oct 2025 15:22:21 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
vHWcGQUowr_m83oYQuMlka9wB8AkySC__xi2ecVIEKUHB8pTKScnbQ==
date
Wed, 09 Oct 2024 15:22:21 GMT
content-type
application/javascript
last-modified
Fri, 17 Dec 2021 15:26:10 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-replication-status
COMPLETED
cache-control
public, max-age=31536000
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via
1.1 e113eead8f453036dc06e859133ea1dc.cloudfront.net (CloudFront)
cf-ray
8cff5d9b6ea07750-LHR
x-amz-cf-pop
LHR50-P6
server
cloudflare
x-amz-server-side-encryption
AES256
v2.js
blog.morphisec.com/_hcms/forms/
484 KB
161 KB
Script
General
Full URL
https://blog.morphisec.com/_hcms/forms/v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
0200a7698afae38e9385f59706f2c5966fcd943aec1b0d47597fb65f319fa2b0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-request-id
5365ab1e-6836-4e80-9450-075eed8a4e2f
content-encoding
br
cf-cache-status
HIT
etag
W/"53fa063fb1734ce6bb187c96e7665972"
age
124
cache-tag
staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-amz-version-id
kLVNDW8Ykh6K0rP5.B3EI30fJIwAAkz3
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LqVq42Ae2hrmm%2B1M%2B%2FqecKKWS0ZTN2JKo5Jae6d8gybmMcmKwsrxzexa6wsFkYyCXypHgTHHQ5eKICFG%2FrJ1JDqOPg0OqJCMAUGvrvOTS9VEo6VusdsX27fVlbFe1vX70VV4iQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-evy-trace-listener
listener_https
x-amz-cf-id
R98SXrZh_1ayFsBRU5x0_cK1T9O-q3KygSCBC1iJt7ZMoUTjSkUSuQ==
x-hubspot-correlation-id
5365ab1e-6836-4e80-9450-075eed8a4e2f
content-type
application/javascript; charset=utf-8
last-modified
Mon, 30 Sep 2024 16:16:42 UTC
x-amz-replication-status
COMPLETED
x-evy-trace-route-service-name
envoyset-translator
cache-control
s-maxage=600, max-age=300
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-6c6dd6864-7m4br
x-envoy-upstream-service-time
0
x-hs-target-asset
forms-embed/static-1.6227/bundles/project-v2.js
server
cloudflare
x-evy-trace-virtual-host
all
x-amz-server-side-encryption
AES256
x-hs-cache-status
HIT
date
Wed, 09 Oct 2024 15:22:21 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.6227/bundles/project-v2.js&cfRay=8cb593af6d567797-CDG
via
1.1 16df6ade68382d048f8aad1f7e39da28.cloudfront.net (CloudFront)
cf-ray
8cff5d9b6ea57750-LHR
access-control-allow-origin
*
x-evy-trace-route-configuration
listener_https/all
x-amz-cf-pop
IAD12-P3
reset.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109591972187/1697111371858/2023/CSS/
1 KB
2 KB
Stylesheet
General
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109591972187/1697111371858/2023/CSS/reset.min.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
abd611420c0557b18c6fbd0dd66eb643fc3298fbaccd15e0a2ba9fdf78f2ca72
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-request-id
778cfb10-e4ce-4b3c-933d-c8e4b5cc7e33
content-encoding
gzip
cf-cache-status
HIT
etag
W/"fdc18c7998eab7f0173b18cbfee4df06"
age
1168
x-amz-version-id
LIGvZMYA2GuHTR7O2Z5oVj7c2QZI5kJK
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2ehyRB5S9ZsrwJlMw%2BJXpZPVcUTwX%2BNhlqEP0%2BbTDRFwkmh8voEAPe5gE%2BOtsmjCrY6bXF8I%2FEZKYwZAq9eVYIXuj%2BEtSJ6TNKa3QTDB%2B%2BNVt%2FEaWQghNJ2p1L1AI2yhbaFqOg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-evy-trace-listener
listener_https
x-amz-cf-id
oixw64Q3UZ-DOlTLFYeOk7_dKdKAeTuymVNbdJjFgsLmlp4pDziSwg==
x-hubspot-correlation-id
778cfb10-e4ce-4b3c-933d-c8e4b5cc7e33
content-type
text/css
last-modified
Thu, 12 Oct 2023 11:49:33 GMT
x-amz-replication-status
COMPLETED
x-evy-trace-route-service-name
envoyset-translator
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-54797cf595-nxgmh
x-envoy-upstream-service-time
209
x-amz-request-id
QJNG92XJKJ2S5V5Y
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type
text/plain
server
cloudflare
x-evy-trace-virtual-host
all
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:21 GMT
vary
origin, Accept-Encoding
x-amz-id-2
qR/oaWoQ4ZAdxK5I7lAAxL2iAxkxTos/A9s9wbPVRd0AXGErkmjSD8hkolu0Fy6dQranUOYM0OpPV57fS2cm4Zj5/HEaS31dXqeHqFeDwCE=
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
blog.morphisec.com
access-control-allow-credentials
false
via
1.1 51216641aa2cfdaadb386a6a151c2424.cloudfront.net (CloudFront)
cf-ray
8cff5d9b8ec77750-LHR
x-evy-trace-route-configuration
listener_https/all
x-amz-cf-pop
IAD61-P1
x-amz-meta-created-unix-time-millis
1697111372573
fonts.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/
6 KB
2 KB
Stylesheet
General
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
44bc30322b395963cf09e8fb1bee4d07e58d60599a82c4e821cf89ed36d0b786
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-request-id
057a8449-0421-4ae7-a647-a5ad3034e951
content-encoding
gzip
cf-cache-status
HIT
etag
W/"129a23607bce2eee640430d3bbfef277"
age
170
x-amz-version-id
dVLtzAKZg__B3uxHbu3a_2GX4VNB5e_S
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7XAJoBrf8Fk56hxdZCPAxQukQVL8S5rShToxTazQ140njK13nQ0nUxupDXGuyg4Dwz8r7DwBmirwR0AZMJ8OauiZ0WfAcg3o5lb7Za5h2JLk3fdURt91vOyZiya51kPdnOxzQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-evy-trace-listener
listener_https
x-amz-cf-id
O47wukNnZI_YnlKyJBJKOu4HDVXMALNhdCQlNEKCR6g1ERMdp306Bg==
x-hubspot-correlation-id
057a8449-0421-4ae7-a647-a5ad3034e951
content-type
text/css
last-modified
Wed, 05 Apr 2023 11:14:13 GMT
x-amz-replication-status
COMPLETED
x-evy-trace-route-service-name
envoyset-translator
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-656644bdb-lrfms
x-envoy-upstream-service-time
167
x-amz-request-id
WS9R9TZDVJ98YRZB
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type
text/plain
server
cloudflare
x-evy-trace-virtual-host
all
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:21 GMT
vary
origin, Accept-Encoding
x-amz-id-2
tuLkaSL5Z1fQLIIDpipfPP90FTCrUIY7LBK4tauu0EatuXWBxmglMmhbliSMZ2UQHRMESCtptYA=
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
blog.morphisec.com
access-control-allow-credentials
false
via
1.1 55b6418a8a2f714a67d8e4d292154ef2.cloudfront.net (CloudFront)
cf-ray
8cff5d9b8ece7750-LHR
x-evy-trace-route-configuration
listener_https/all
x-amz-cf-pop
IAD89-C1
x-amz-meta-created-unix-time-millis
1680693252902
custom.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109788822098/1682414589849/2023/CSS/
280 B
2 KB
Stylesheet
General
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109788822098/1682414589849/2023/CSS/custom.min.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d7c2ddb591f4a579e867624a9ac11234ee3b7ef13f41c743088d4b4d723b8461
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-request-id
8e032e6d-1522-428f-99f9-e711c4a366f0
content-encoding
br
cf-cache-status
HIT
etag
W/"5c5cddb5467e6fe854b7d0a6f51135e8"
age
170
x-amz-version-id
Tnt1z7gJRW9yvpi1rPu2tP7PpekG4_IL
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gCvEUGNRDdpA0Rlmq00PjgDzUCiBOC%2FrE2H%2F98ABYzSLBlKnvjt1TkvN80WniUFsGNdJdCgPWXv4fKSr1iGkurfu%2FPX1CTqU2fuhGzdZO4%2FLLvit3WYln%2BnjpRV2U6Zp8YBkXA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
RefreshHit from cloudfront
x-evy-trace-listener
listener_https
x-amz-cf-id
rtMHR6oPCou8YaiqCpyh87eBWOcpc6V6XlI8kSIGPiGmoNgMaUOIHw==
x-hubspot-correlation-id
8e032e6d-1522-428f-99f9-e711c4a366f0
content-type
text/css
last-modified
Tue, 25 Apr 2023 09:23:11 GMT
x-amz-replication-status
COMPLETED
x-evy-trace-route-service-name
envoyset-translator
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-54797cf595-6snpn
x-envoy-upstream-service-time
176
x-amz-request-id
VMKS0CFQGEH1W3SJ
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type
text/plain
server
cloudflare
x-evy-trace-virtual-host
all
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:21 GMT
vary
origin, Accept-Encoding
x-amz-id-2
GBGthOlnrE3AQ72WYxyhr3IZZdMrBbLA/xz1pKTqLHrT1SnJdFKAMNPNKPf7957xVSkvye2UsQA=
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
blog.morphisec.com
access-control-allow-credentials
false
via
1.1 281687fdef6568ba75a1a090e3b48e2a.cloudfront.net (CloudFront)
cf-ray
8cff5d9b8ed37750-LHR
x-evy-trace-route-configuration
listener_https/all
x-amz-cf-pop
IAD61-P1
x-amz-meta-created-unix-time-millis
1682414590689
slick.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110414479364/1681177548465/2023/CSS/
1 KB
2 KB
Stylesheet
General
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110414479364/1681177548465/2023/CSS/slick.min.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
71815070cf1baa5e8fe6694ab489c18374703c8fb1e11700f2530ccb8fb32d33
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-request-id
fe726919-0273-448f-934a-8bbcfec8fa46
content-encoding
gzip
cf-cache-status
HIT
etag
W/"50424795a4c8f41eaba805785dcd11a3"
age
170
x-amz-version-id
CSM7qjm5tr1tplGgJgxA9LlFMJy2.Rrt
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Tw77Me7oMrJJIDeBBKfuVQfObtbccRXNAemJbYmCKeUMc%2BBK2UPs1ccH1iH88%2Bj7rERJivqOYKjCPOQsWdgIxAJ6cch16h%2FWsNdcUv%2FnB2MRM%2BC0sXON7wOTIkXGJuknc2EjnA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
RefreshHit from cloudfront
x-evy-trace-listener
listener_https
x-amz-cf-id
b8ILdj0PWlIJ8V_znzxye4o74V3Mez5Xv4KcDdues8Dtwxxe7X0mag==
x-hubspot-correlation-id
fe726919-0273-448f-934a-8bbcfec8fa46
content-type
text/css
last-modified
Tue, 11 Apr 2023 01:45:50 GMT
x-amz-replication-status
COMPLETED
x-evy-trace-route-service-name
envoyset-translator
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-7849459c5c-6c69l
x-envoy-upstream-service-time
153
x-amz-request-id
2JWDMKJZQBB7VFC5
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type
text/plain
server
cloudflare
x-evy-trace-virtual-host
all
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:21 GMT
vary
origin, Accept-Encoding
x-amz-id-2
T77Kr0ygWhEE82PyHiC52Sv47veyJQrCnfrJqUUdImIWEdW6XshUAIGOK7+8u1rlTF9hJZEtN4U=
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
blog.morphisec.com
access-control-allow-credentials
false
via
1.1 6946167499a4b8f515865d62f0b0b284.cloudfront.net (CloudFront)
cf-ray
8cff5d9b8ed57750-LHR
x-evy-trace-route-configuration
listener_https/all
x-amz-cf-pop
IAD61-P1
x-amz-meta-created-unix-time-millis
1681177549173
module_109590708858_Header_-_Global.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1718666705155/
19 KB
5 KB
Stylesheet
General
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1718666705155/module_109590708858_Header_-_Global.min.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9ec3c84e8019f979befe03094b124908c617d66036668dade9e8edf77b239924
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-request-id
7e3e19c9-9995-4ff8-bdfc-fd2b0be4ef32
content-encoding
gzip
cf-cache-status
HIT
etag
W/"6e88b79d3c88ae7b7cdc87de63b2df5d"
age
170
x-amz-version-id
EmcCbP35dT6z.TbaRVMftxuobV7Ho9gP
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=s7wNw%2BmOpZkptODSjvC9z3KjSssDRCTqzbDtLupHeeqePUDM7iN0G4b9XRBd7tJO0jy1j7g2qKo2wvOkaWTouNVe4YeWqb0qKM21YxGSTLCIM1C3gTbU1SxciOgCHjgDiLwm%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
RefreshHit from cloudfront
x-evy-trace-listener
listener_https
x-amz-cf-id
VkTIW0bZfTcqV5f1MGfd96g5QKDK5QbIU7QMPMLaiih5o5OVjaTOjw==
x-hubspot-correlation-id
7e3e19c9-9995-4ff8-bdfc-fd2b0be4ef32
content-type
text/css
last-modified
Mon, 17 Jun 2024 23:25:06 GMT
x-amz-replication-status
COMPLETED
x-evy-trace-route-service-name
envoyset-translator
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-656644bdb-tjdnr
x-envoy-upstream-service-time
166
x-amz-request-id
FDBNXZ6E52JE4CRR
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type
text/plain
server
cloudflare
x-evy-trace-virtual-host
all
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:21 GMT
vary
origin, Accept-Encoding
x-amz-id-2
PtIb3Redxg6JGp6LH0ZQJvSr8Apxx2rcl0rolibJt4lNeZ+rBRh3yUSV/1SvU1xQ626cxJgvkkasM7uG+qFmivPkVwIyOY4KFV1UPyeVgbc=
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
blog.morphisec.com
access-control-allow-credentials
false
via
1.1 c6b0d1d85b2590c57ac754bf9e61944e.cloudfront.net (CloudFront)
cf-ray
8cff5d9b8edb7750-LHR
x-evy-trace-route-configuration
listener_https/all
x-amz-cf-pop
IAD89-C1
x-amz-meta-created-unix-time-millis
1718666705155
project.css
blog.morphisec.com/hs/hsstatic/BlogSocialSharingSupport/static-1.258/bundles/
720 B
1 KB
Stylesheet
General
Full URL
https://blog.morphisec.com/hs/hsstatic/BlogSocialSharingSupport/static-1.258/bundles/project.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf3e0ecae28a70c5e010c24c160321243efe54f497d49a6a8f31ca12ee7eb972
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"a81c70764750950eb72d4537c41e781f"
age
464565
x-amz-version-id
8ccI4weZqJTdCHtwNm3UqetXb_uUGb6Y
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LBaNcO2Wvk1ABOqmvywtRI6IGeBaOiqOZFa7X6WpSMi%2FzGREetCLnChQoooxpHSoKO1vkP10x%2FtGHd8OnS1s6gDzpNCIQj8wkgVYNRfCPrrB7mIUHBdNEXiaUR8A6DUBo538LA%3D%3D"}],"group":"cf-nel","max_age":604800}
expires
Thu, 09 Oct 2025 15:22:21 GMT
alt-svc
h3=":443"; ma=86400
x-cache
RefreshHit from cloudfront
x-amz-cf-id
oG1SWRvIW7MVcuMYLQJeervZ9nNKbx98UhOzqQyCgzjQB91kbEYQFg==
date
Wed, 09 Oct 2024 15:22:21 GMT
content-type
text/css
last-modified
Tue, 19 Mar 2024 20:21:22 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-replication-status
COMPLETED
cache-control
public, max-age=31536000
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via
1.1 027fb676af23e5e8545e552038c4e1b0.cloudfront.net (CloudFront)
cf-ray
8cff5d9b8ee07750-LHR
x-amz-cf-pop
LHR50-P6
server
cloudflare
x-amz-server-side-encryption
AES256
module_148583664153_Blog_Quiz.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/148583664153/1703224192160/
1 KB
2 KB
Stylesheet
General
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/148583664153/1703224192160/module_148583664153_Blog_Quiz.min.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
4e0a2edf9cc6b61a6576a95fe791ac7b4470577d68e0cc738a2f90d2d6416589
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-request-id
e4c99318-e24f-46b3-a83f-d5f3fdfd45da
content-encoding
gzip
cf-cache-status
HIT
etag
W/"5292316ee34f942adabf9639035cb5f1"
age
170
x-amz-version-id
YbKx_knHjcoCWj.kdAsSCG6ojGVZltfV
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KbUdi93ONFnzbWD3RNFRQ5I3FhI7964GOBB3cH4BaF7Vtp6cOhlkV13pi0S%2FuyUYshdK02e1cHgbdSR2tks3jTzl1lxY8JPOmNXiScv%2BADTdFBiAJFkNGcr5LPxsPWrWQXoWJA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
RefreshHit from cloudfront
x-evy-trace-listener
listener_https
x-amz-cf-id
pgqoFWUQqOWYpQrWd-0zjqucLx1ISibX3S_05n_6sQQEvU8jhE1jfg==
x-hubspot-correlation-id
e4c99318-e24f-46b3-a83f-d5f3fdfd45da
content-type
text/css
last-modified
Fri, 22 Dec 2023 05:49:53 GMT
x-amz-replication-status
COMPLETED
x-evy-trace-route-service-name
envoyset-translator
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-7849459c5c-bkstl
x-envoy-upstream-service-time
168
x-amz-request-id
8B7J6SBP63MJA809
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type
text/plain
server
cloudflare
x-evy-trace-virtual-host
all
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:21 GMT
vary
origin, Accept-Encoding
x-amz-id-2
umZskWftZm4E8buTPnO2ju/qP3STzxFoGo0b94Q2l6Zl2zB7TQ6Xd9RGOmMqsCOdMJuvBHhLAS0=
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
blog.morphisec.com
access-control-allow-credentials
false
via
1.1 40c1e5c4b3789c2ca411f57891da3fe4.cloudfront.net (CloudFront)
cf-ray
8cff5d9b8ee57750-LHR
x-evy-trace-route-configuration
listener_https/all
x-amz-cf-pop
IAD61-P1
x-amz-meta-created-unix-time-millis
1703224192160
module_-2712622_Site_Search_Input.min.css
cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1728407203234/
612 B
1 KB
Stylesheet
General
Full URL
https://cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1728407203234/module_-2712622_Site_Search_Input.min.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.90.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
401925a1114f7003121630392768d35516be54a4028f01024528aeae99a45a56

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-evy-trace-virtual-host
all
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-request-id
a621c28b-47a6-47a9-acab-b7e6c20b42d5
content-encoding
br
cf-cache-status
HIT
etag
W/"c708989561e0cdbfcf996d1b7f47482c"
age
80011
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4bVXhFFHdvJuWzilolYz8nNbhCqrG1zeip%2FoQmnDdy2glhK%2BdH6EI4LxhVbO%2BUdDJ1%2FLBsv9nDwG6AnG4p8Gad2MILvG8jbJ3PRb1Mk8PFDPOXgZJ5%2FaJn6A7Avpa1Y742g%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET
x-amz-storage-class
INTELLIGENT_TIERING
x-evy-trace-listener
listener_https
date
Wed, 09 Oct 2024 15:22:21 GMT
x-hubspot-correlation-id
a621c28b-47a6-47a9-acab-b7e6c20b42d5
content-type
text/css
last-modified
Tue, 08 Oct 2024 17:06:44 GMT
vary
Accept-Encoding
x-amz-replication-status
COMPLETED
x-evy-trace-route-service-name
envoyset-translator
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-cdn2-td/envoy-proxy-7dc48645dd-8ljk5
x-envoy-upstream-service-time
332
cf-ray
8cff5d9bff20949d-LHR
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
access-control-allow-origin
*
x-evy-trace-route-configuration
listener_https/all
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
server
cloudflare
x-amz-meta-created-unix-time-millis
1728407203234
x-amz-server-side-encryption
AES256
rss_post_listing.css
blog.morphisec.com/hs/hsstatic/AsyncSupport/static-1.122/sass/
910 B
1 KB
Stylesheet
General
Full URL
https://blog.morphisec.com/hs/hsstatic/AsyncSupport/static-1.122/sass/rss_post_listing.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"e1b521ec14a912d6d385c21388ec7d79"
age
6054896
x-amz-version-id
YluxiXaQWSQWC28IUPv3NXYXDi68ylxl
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zQZhKrj4Grt%2FxAljqzcZ0Dymx0qJft3It7E48yNOHIP%2FHzyfKpaElMPMsONAyRE9avOgjb9z4MKkhWrcEsc7bvaGULbzwuOJafjg0Pr1tBeR4v5UZ38CN09UYWTBx4WyisT7bA%3D%3D"}],"group":"cf-nel","max_age":604800}
expires
Thu, 09 Oct 2025 15:22:21 GMT
alt-svc
h3=":443"; ma=86400
x-cache
RefreshHit from cloudfront
x-amz-cf-id
kiPqPXCjvtXivaC4z-7Hoh6dl2LbO8wQQyQk7sgoB3ImzMbMi10YDg==
date
Wed, 09 Oct 2024 15:22:21 GMT
content-type
text/css
last-modified
Fri, 17 Dec 2021 15:26:10 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-replication-status
COMPLETED
cache-control
public, max-age=31536000
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via
1.1 027fb676af23e5e8545e552038c4e1b0.cloudfront.net (CloudFront)
cf-ray
8cff5d9b8ee97750-LHR
x-amz-cf-pop
LHR50-P6
server
cloudflare
x-amz-server-side-encryption
AES256
module_111929326924_Footer_Global_2023.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/111929326924/1718631910284/
4 KB
3 KB
Stylesheet
General
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/111929326924/1718631910284/module_111929326924_Footer_Global_2023.min.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
4c1113b143de12d58d3771cbddb3a4e7c76580a89ea241479cc9bd5288fd2fd0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-request-id
1c55e93a-33d9-4456-abcb-afb6d58f7c7b
content-encoding
gzip
cf-cache-status
HIT
etag
W/"a5ec360241c57fd3faa2fbc7878eba90"
age
170
x-amz-version-id
jCxWLjuzpDes5PguwdA4b48KQVfcw1n0
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=amxOyR33ilFFft9idb%2FJ3mceqzXgNlaJl%2BuCBn9o%2Bqu%2FMQFnIivDAOD1tnuHNt4L3EZJR24jLW70wzEsNy7HdIqGLF9QSHYxc1k%2Bdn0f%2BOhda5dgsUJn5sGC%2FBXLtudHeZS3SA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-evy-trace-listener
listener_https
x-amz-cf-id
xt5_fHBs73ntbuBh26gqSfQZYtSxdZ4WZGoFTNgyHLxHGd1jL_t8-g==
x-hubspot-correlation-id
1c55e93a-33d9-4456-abcb-afb6d58f7c7b
content-type
text/css
last-modified
Mon, 17 Jun 2024 13:45:11 GMT
x-amz-replication-status
COMPLETED
x-evy-trace-route-service-name
envoyset-translator
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-7849459c5c-vrglg
x-envoy-upstream-service-time
252
x-amz-request-id
5WKMMZZ87HRANP69
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type
text/plain
server
cloudflare
x-evy-trace-virtual-host
all
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:21 GMT
vary
origin, Accept-Encoding
x-amz-id-2
UmU5wWUluMb309rqE3V5ZDISLTg9rr3qr9T7LTyCU+7yWAOkGa3MlK4W4w5US9R0U5Xv57S/e196C7IgCBvThTAIF8rqKYjqLI4V8/ndlcY=
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
blog.morphisec.com
access-control-allow-credentials
false
via
1.1 7b32163caf7e91fe96df7bbeaa58c0f8.cloudfront.net (CloudFront)
cf-ray
8cff5d9b8eeb7750-LHR
x-evy-trace-route-configuration
listener_https/all
x-amz-cf-pop
IAD89-C1
x-amz-meta-created-unix-time-millis
1718631910284
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/
87 KB
28 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

cf-cdnjs-via
cfworker/kv
content-encoding
br
cf-cache-status
HIT
etag
"5eb09ed3-15d84"
age
48618
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IPBJUlI8zC1uiCys%2FoFIZ6G1H45ez0bFdmqa4K7S8UmriV%2Bq9U75o8iP0wNWKapBpxuQTYQoEKZdGlDRUZSuEmNCyeJob63l7WSi8fSYeNqJNC90md9V1oLYBr8TNX3XaWOnDDElEfjMTq1VkFeDIXFX"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Mon, 29 Sep 2025 15:22:21 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 09 Oct 2024 15:22:21 GMT
content-type
application/javascript; charset=utf-8
last-modified
Mon, 04 May 2020 23:01:39 GMT
vary
Accept-Encoding
strict-transport-security
max-age=15780000
cache-control
public, max-age=30672000
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
8cff5d9e1eb971a2-LHR
accept-ranges
bytes
access-control-allow-origin
*
content-length
27958
server
cloudflare
jquery-migrate.min.js
cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.3.1/
11 KB
4 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.3.1/jquery-migrate.min.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
89bf8cdea73ce776d6b81d03837bc7f04af5e3946b839a3c0bfbf3094ad3f7be
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

cf-cdnjs-via
cfworker/kv
content-encoding
br
cf-cache-status
HIT
etag
"5ef3fc71-2b0b"
age
526089
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uQmtCjzlRHrUwTtAMbBm2LwhWmjtu4Ux8SHso1%2Fk0qbYxvd6Hlhg6%2FGUIiKthUCW4%2FQhWTBaBHTZGFPsGvxcAtvqIN8Lvs%2FqgLTL1HB9e8RE845lSkWFpaVq1uk7obffJm6wyex03atYML9zN%2FX%2FJg0M"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Mon, 29 Sep 2025 15:22:21 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 09 Oct 2024 15:22:21 GMT
content-type
application/javascript; charset=utf-8
last-modified
Thu, 25 Jun 2020 01:22:57 GMT
vary
Accept-Encoding
strict-transport-security
max-age=15780000
cache-control
public, max-age=30672000
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
8cff5d9e1ebb71a2-LHR
accept-ranges
bytes
access-control-allow-origin
*
content-length
3592
server
cloudflare
custom.min.js
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/91587260036/1680774296271/2020_-_UIS_-_Template_Folders/Vendor_JS/
723 B
2 KB
Script
General
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/91587260036/1680774296271/2020_-_UIS_-_Template_Folders/Vendor_JS/custom.min.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d00e54d87cce777c78c59c446e01bc3bcaabca266daa6463181dd527c98738e9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-request-id
cbf0ba47-bd60-4d1a-8a8b-ae750c4cbfbd
content-encoding
br
cf-cache-status
HIT
etag
W/"aa1f7340688642df1a14a1ed11c7650d"
age
170
x-amz-version-id
E6pXkgaUwSKGBww5g6OhIUrjEzq.3zLC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yzC2D0I0WrdBWKErZV3%2FfPjCw%2BD8qVyf98lPGqlprVcIIfJtpOI3XaG1eXuQW7sPZ4Y%2FUyc5%2F58DDw3fMimXQ58nEGJAYZaM%2FLbPg62JNG9CypELVEa5wqZw4ZWa8vshzxOpRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
RefreshHit from cloudfront
x-evy-trace-listener
listener_https
x-amz-cf-id
D5nQ90MRjUAkMIQYA-LqqKskhYafQGUxCNFcFutQ-S6N6F5yfDzd4g==
x-hubspot-correlation-id
cbf0ba47-bd60-4d1a-8a8b-ae750c4cbfbd
content-type
application/javascript; charset=utf-8
last-modified
Thu, 06 Apr 2023 09:44:57 GMT
x-amz-replication-status
COMPLETED
x-evy-trace-route-service-name
envoyset-translator
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-7849459c5c-ffn2h
x-envoy-upstream-service-time
318
x-amz-request-id
V612D2Q0VTHBTYAR
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type
text/plain
server
cloudflare
x-evy-trace-virtual-host
all
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:21 GMT
vary
origin, Accept-Encoding
x-amz-id-2
5gdT8hzhjFKCgFUbpLJ0TTHBrKa3TrWkdsd/8Okz31uUgXSieu1b7R7fuDAjhzz661KDpaPVAPfmn7Bauiul2TPpZKX30BF/Q9meVsatRXU=
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
blog.morphisec.com
access-control-allow-credentials
false
via
1.1 14d757a67b913f1bc93427e69819362c.cloudfront.net (CloudFront)
cf-ray
8cff5d9b8ef07750-LHR
x-evy-trace-route-configuration
listener_https/all
x-amz-cf-pop
IAD89-C1
x-amz-meta-created-unix-time-millis
1680774296492
font-awesome.min.css
blog.morphisec.com/hubfs/dynamic_esg/css/
20 KB
6 KB
Stylesheet
General
Full URL
https://blog.morphisec.com/hubfs/dynamic_esg/css/font-awesome.min.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d2d09c4a39acf0339c9697b5837fec5bb2bfb9f92677ac2133640b900f91925c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

content-encoding
br
cf-cache-status
HIT
etag
W/"aede50e4be8da8450a046f9d293e57a5"
age
309266
cache-tag
F-5753530423,FD-5753372182,P6R6f,FLS
x-amz-version-id
t80ZTUuyC2UKWRLSZGKnunSDBqf49hOf
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KHtqRZHA18nDNDcczMhcnOkfiBcsF5d%2B6%2B7vsK9vB4Z5MNThwSKVw3CHiFz0%2FLPjp6izuxkbD%2BexEQ6FWKBUi5mXDLkUPTM%2BcKq52C3in1NBl90MCmeX%2Fdwb%2F6q24dRT3giIvQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET
alt-svc
h3=":443"; ma=86400
x-cache
RefreshHit from cloudfront
x-amz-cf-id
Ks1sEQsqKNX7vdVlcv7rheJlvePJ-6W0tL7D9siRfokCIotvq6iI9A==
date
Wed, 09 Oct 2024 15:22:21 GMT
content-type
text/css
last-modified
Wed, 02 May 2018 21:34:26 GMT
vary
Accept-Encoding
x-amz-id-2
DrbryIhjqQClrNdUpEn/BXAV3Kz5LRYqqBxGYjlj+bjEB/38k55+Gbw11V2Iy+MsST9pVMgvBvQ0BOjh4y3CesjBrvmaxrm2
strict-transport-security
max-age=31536000; includeSubDomains; preload
edge-cache-tag
F-5753530423,FD-5753372182,P6R6f,FLS
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via
1.1 2c9382933d14baedd47f7fd736589872.cloudfront.net (CloudFront)
cf-ray
8cff5d9b8ef37750-LHR
x-amz-request-id
W2465ZZ0QZK4TC8V
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
access-control-allow-origin
*
x-amz-meta-cache-tag
F-5753530423,FD-5753372182,P6R6f,FLS
x-amz-cf-pop
LHR3-C2
server
cloudflare
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
in.js
platform.linkedin.com/
510 KB
160 KB
Script
General
Full URL
https://platform.linkedin.com/in.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:66b5:799a:7cd3:f74d:7071 , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (ama/48B6) /
Resource Hash
f16a9696b3176614d3fe439def6fd9754fd489877999517b99b3b2f265cb7990
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

content-encoding
gzip
age
182
x-cdn-proto
HTTP2
x-li-fabric
prod-lva1
x-content-type-options
nosniff
expires
Wed, 09 Oct 2024 16:19:20 GMT
x-li-proto
http/1.1
x-cache
HIT
date
Wed, 09 Oct 2024 15:22:21 GMT
content-type
text/javascript; charset=UTF-8
x-cdn-client-ip-version
IPV6
vary
Accept-Encoding
last-modified
Wed, 09 Oct 2024 15:19:19 GMT
x-li-pop
prod-lva1-x
cache-control
public, max-age=3600
x-cdn
ECST
x-li-uuid
AAYkDMceSiDQ1FstOYmE4g==
accept-ranges
bytes
content-length
163630
server
ECAcc (ama/48B6)
layout.min.css
7052064.fs1.hubspotusercontent-na1.net/hub/7052064/hub_generated/template_assets/1728401847182/hubspot/hubspot_default/shared/responsive/
4 KB
2 KB
Stylesheet
General
Full URL
https://7052064.fs1.hubspotusercontent-na1.net/hub/7052064/hub_generated/template_assets/1728401847182/hubspot/hubspot_default/shared/responsive/layout.min.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
356bb4bf2245a68ee5de5732b5574260dd2016a2c3987e17ad97fb2586a883d1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-evy-trace-virtual-host
all
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-request-id
69446372-97bc-4e9d-a5ff-1e94a7c94981
content-encoding
gzip
cf-cache-status
HIT
etag
W/"fda5882b24ca5a84d04d090722dc713b"
age
85441
access-control-allow-methods
GET
x-amz-storage-class
INTELLIGENT_TIERING
x-evy-trace-listener
listener_https
date
Wed, 09 Oct 2024 15:22:21 GMT
x-hubspot-correlation-id
69446372-97bc-4e9d-a5ff-1e94a7c94981
content-type
text/css
last-modified
Tue, 08 Oct 2024 15:37:28 GMT
vary
Accept-Encoding
x-amz-replication-status
COMPLETED
x-evy-trace-route-service-name
envoyset-translator
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
timing-allow-origin
7052064.fs1.hubspotusercontent-na1.net
x-evy-trace-served-by-pod
iad02/cms-cdn2-td/envoy-proxy-7dc48645dd-lpw4m
x-envoy-upstream-service-time
195
cf-ray
8cff5d9c0fdecd15-LHR
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
access-control-allow-origin
*
x-evy-trace-route-configuration
listener_https/all
x-amz-cf-pop
IAD61-P1
x-hs-alternate-content-type
text/plain
server
cloudflare
x-amz-meta-created-unix-time-millis
1728401847785
x-amz-server-side-encryption
AES256
old-style.min.css
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110809165900/1726781333453/2023/CSS/
121 KB
32 KB
Stylesheet
General
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110809165900/1726781333453/2023/CSS/old-style.min.css
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
49a19088059cbcf9b342b648af5ecf0d0f664b34a576c05270068479ea088eba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-request-id
eae7b495-8b0a-4361-9553-72d786bc6ab3
content-encoding
gzip
cf-cache-status
HIT
etag
W/"cd0e91ee10a01899e11a8245d7a6320f"
age
170
x-amz-version-id
CerXIDPjf4vPsw6fbUbC7Xx214qx1XGK
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F8NRLdGrZuPITpnybzFf8AZqt3NNWOLQ%2BrHjhBJaYDtEZ4aHpFyxn%2Bo0vlyAitJIsaKt3x60Wt3e3wErCIpJmeX6z%2BlpfG4A2HkbBHCdt9haPq9pIk6teFuwx2mKBPYaCsDsdw%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-evy-trace-listener
listener_https
x-amz-cf-id
ElOcYRp8tJL3EYgVJbq89G6S44zQzipvqyyZxtuop4vCyGTHjW2TtA==
x-hubspot-correlation-id
eae7b495-8b0a-4361-9553-72d786bc6ab3
content-type
text/css
last-modified
Thu, 19 Sep 2024 21:28:55 GMT
x-amz-replication-status
COMPLETED
x-evy-trace-route-service-name
envoyset-translator
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-54797cf595-95lsc
x-envoy-upstream-service-time
218
x-amz-request-id
S3Z6SV2E12NZV4K2
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type
text/plain
server
cloudflare
x-evy-trace-virtual-host
all
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:21 GMT
vary
origin, Accept-Encoding
x-amz-id-2
oNfpPeWHKta/Vrt8Xy0N6zYbUeo3pRelqrFe/lEgc+ZdzbpRZcZPhiXGogX34Zw8XWsyd4qPF4+IIKuixExr5GtnNmZcuFQK
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
blog.morphisec.com
access-control-allow-credentials
false
via
1.1 a47a23f37fc6f8e50c6d5f0b1b9273c6.cloudfront.net (CloudFront)
cf-ray
8cff5d9b8ef57750-LHR
x-evy-trace-route-configuration
listener_https/all
x-amz-cf-pop
IAD61-P1
x-amz-meta-created-unix-time-millis
1726781334937
6359793e-b232-4b79-9da5-b929fc3dc7aa.png
no-cache.hubspot.com/cta/default/1534169/
1 KB
2 KB
Image
General
Full URL
https://no-cache.hubspot.com/cta/default/1534169/6359793e-b232-4b79-9da5-b929fc3dc7aa.png
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3dd258baa6cbc14c2a6a22803337f584d9fd08907952e766c0d33527d9ae302c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

cf-cache-status
DYNAMIC
etag
"d67c5c6f4a83307d5e5d860c371477ce"
x-amz-version-id
Ouhh5h43kAs48TTY36jwxtD8FIsDpel5
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=66Gl44vtEHbSfLKh0ipoPpLHjGuf3TwSt7T2n77VEPmfERY054sGP7sRjAiU1Txib198sJ5Q5saPlxwW6TtdjX7LGNBmnr4nbNSlkG%2Bnto7mzSOMKQMOSz%2BQq91yXxYHIwnJd5hY6ZIiehc4DiVFdffD"}],"group":"cf-nel","max_age":604800}
date
Wed, 09 Oct 2024 15:22:21 GMT
content-type
image/png
last-modified
Wed, 21 Aug 2024 16:17:28 GMT
x-amz-id-2
UlMSTxGpHCY75uCBWSWe+d6Sj5ahUnIrCZW5mUiQTTKjYj8Vioj1Fy1NUrlWAn79ocyybigCFEs=
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
no-cache, no-store
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
MSXXZERHSNBGQJEA
cf-ray
8cff5d9c0ec9955d-LHR
accept-ranges
bytes
content-length
1291
server
cloudflare
x-amz-server-side-encryption
AES256
current.js
blog.morphisec.com/hs/cta/cta/
18 KB
8 KB
Script
General
Full URL
https://blog.morphisec.com/hs/cta/cta/current.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9b34472454a67e2705d29014c5ea272cddec174db345229c373857be332f2fc9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-request-id
faeda234-05a6-46d2-84b8-defa35668f62
content-encoding
br
cf-cache-status
HIT
etag
W/"59f666a740cf922a2cdc5afdbe6eb1e1"
age
392
cache-tag
staticjsapp-CtaEmbed-cloudflare-web-prod,staticjsapp-prod
x-amz-version-id
oAMP7cd9aSlpdrw0TZCti3.MDFK4IaPw
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BuS7HN0mZ6iXnvLBlBo4tMw4xruHz%2BadigES41xtkrgVi7t2XTcER6FReiRG9L4RZHTjnzz4ekvqGVx4BM33KzXivWQD149bkZM9gtkLZaScZgfAQhwnPAc10p9lzIz%2BSxh%2B6w%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-evy-trace-listener
listener_https
x-amz-cf-id
um4wEtGuyhIl3EUja1zwek1AbJMtLZf8nzbQYkUO2AeeiWtbFKOEbg==
x-hubspot-correlation-id
faeda234-05a6-46d2-84b8-defa35668f62
content-type
application/javascript; charset=utf-8
last-modified
Tue, 08 Oct 2024 15:43:01 UTC
x-amz-replication-status
COMPLETED
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=600
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-6c6dd6864-g2jhv
x-envoy-upstream-service-time
3
x-hs-target-asset
cta-embed-js/static-1.322/bundles/current.js
server
cloudflare
x-evy-trace-virtual-host
all
x-amz-server-side-encryption
AES256
x-hs-cache-status
MISS
date
Wed, 09 Oct 2024 15:22:21 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=cta-embed-js/static-1.322/bundles/current.js&cfRay=8cf74d51a72dcd25-CDG
via
1.1 3d4bfc42e9575ee1f9559241c9e3f464.cloudfront.net (CloudFront)
cf-ray
8cff5d9b8ef77750-LHR
x-evy-trace-route-configuration
listener_https/all
x-amz-cf-pop
IAD12-P3
Morphisec-Logo.svg
blog.morphisec.com/hubfs/
5 KB
3 KB
Image
General
Full URL
https://blog.morphisec.com/hubfs/Morphisec-Logo.svg
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7336afe3d92703a1b35e780301c688426c74d5a8c3d9cd1794d3370d763e58d3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
all
content-encoding
br
cf-cache-status
HIT
etag
W/"765cc8beac4cc28676c6e847214549f8"
age
86712
cache-tag
F-163965048881,P-1534169,FLS-ALL
x-amz-version-id
CLh4I1f8H1fjYE.XdVDUvmpXn1gHCWyp
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NSskS7kwV%2FCczhRw%2BnKwhgROozwc%2FSneIilNyhKvI8yexDdA%2BUVv3nyOn7vwbGx%2BK0NdlboRrT0tVlP%2BpnhHRK1L5eJt55MZ0WbyDzof5IEok9D7o%2FiPfEkS7cukmNgd1h1ebw%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
RefreshHit from cloudfront
x-amz-cf-id
MLYNzWkaUVlFS-0vP0e9ALI-q4GODUJlDeNDTLnWp9KE9VEFTIPTyg==
content-type
image/svg+xml
last-modified
Tue, 09 Apr 2024 20:39:11 GMT
x-amz-meta-index-tag
all
x-amz-replication-status
COMPLETED
edge-cache-tag
F-163965048881,P-1534169,FLS-ALL
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id
34X8ZRQ4YXSZDGJW
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag
F-163965048881,P-1534169,FLS-ALL
x-hs-alternate-content-type
text/plain
server
cloudflare
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
access-control-allow-methods
GET
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:23 GMT
vary
Accept-Encoding
x-amz-id-2
ZBM4CX0n8AFDcl497+YqdAzbnfhvrgazMfhvzeuZNf/BuWnb0Sp4CW+IetVl34ezpNYLTnOZDB0=
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-meta-access-tag
public-indexable
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
via
1.1 2c9382933d14baedd47f7fd736589872.cloudfront.net (CloudFront)
cf-ray
8cff5da658947750-LHR
access-control-allow-origin
*
x-amz-cf-pop
LHR3-C2
x-amz-meta-created-unix-time-millis
1712695150225
3c83d6d5-0c56-47b7-8aee-ae6edf73c360.png
no-cache.hubspot.com/cta/default/1534169/
2 KB
2 KB
Image
General
Full URL
https://no-cache.hubspot.com/cta/default/1534169/3c83d6d5-0c56-47b7-8aee-ae6edf73c360.png
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3d0faa1510d3999ee6ce630052e0f8c562acc8b69380ceb4e7f812aaa4c5303f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

cf-cache-status
DYNAMIC
etag
"3d5f63abc7db36507720723f2c0d0e15"
x-amz-version-id
ulKQMNoMzME6ZWTBPDeq_A_qJjzsu_Xz
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FA1bZkXa92A89ZNKbmmIA2rAd8OuAxUR15o%2Ft1otKV19W1XK0AfUMgbOQ7Q2aMKKT%2BwfWOGsipzp%2FECfnXDOqeVM0PjZv3dYO4xprSDBF4lbifc7rIeyYzhPRC1jqshlwgtVmkONCOl5VP1ILKplH3HY"}],"group":"cf-nel","max_age":604800}
date
Wed, 09 Oct 2024 15:22:21 GMT
content-type
image/png
last-modified
Wed, 05 Apr 2023 16:30:06 GMT
x-amz-id-2
53LQ4AZIIkJLb5SEmLi3mK4E+uOT6Qub9iSYhTIwpqS3XEcu/jixcBjwseG0PYOebM6+NLqhVXk=
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
no-cache, no-store
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
MSXZ5DSZSZSTMKJ2
cf-ray
8cff5d9d186e955d-LHR
accept-ranges
bytes
content-length
1631
server
cloudflare
x-amz-server-side-encryption
AES256
d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3.png
no-cache.hubspot.com/cta/default/1534169/
1 KB
2 KB
Image
General
Full URL
https://no-cache.hubspot.com/cta/default/1534169/d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3.png
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
be96a16025bfbe78bed5a7475f5877696f919dcf9b37939866f8c2d47af7976c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

cf-cache-status
DYNAMIC
etag
"eacaba2cc1bbf4de2a43469ab485d45e"
x-amz-version-id
null
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ySrMMqS2bGkyJgSpnHXZ%2B5RFxayMDL2to88uvHNtEYhUujDWm6ABwN5uS%2FwP9l1GLs6XEO9HBgDOPqKOJ%2FFTQCY6NpOjOJWbNuQyh8Z8%2Bo2MgNGYy%2FxNG5OYtOTMoHtbii%2BlB0QZ8jqCT0b03tPveduq"}],"group":"cf-nel","max_age":604800}
date
Wed, 09 Oct 2024 15:22:22 GMT
content-type
image/png
last-modified
Fri, 18 Nov 2022 14:30:06 GMT
x-amz-id-2
F4/dtagAqLzauoWRaNKUDwzpMKvsjo2THX0+3CoDOF2jkFn/MPaOwha8fK6y4r8Oz9EIIl9CZ/k=
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
no-cache, no-store
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
RB0DSE6QDCVQ26ZA
cf-ray
8cff5d9e1a35955d-LHR
accept-ranges
bytes
content-length
1384
server
cloudflare
x-amz-server-side-encryption
AES256
50832359-01e9-4911-98db-45bd66a69b90.png
no-cache.hubspot.com/cta/default/1534169/
60 KB
61 KB
Image
General
Full URL
https://no-cache.hubspot.com/cta/default/1534169/50832359-01e9-4911-98db-45bd66a69b90.png
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bdb17dbb3eb2f9a26dc0c33535af1d64aef891de84678432ff9ce4164dee0129
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

cf-cache-status
DYNAMIC
etag
"b36d03a2583fd1a3488810555f189367"
x-amz-version-id
7iezgOO_yt8SnS6EB8NVobNNpNze7mW2
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sgskyPMhPsoOuGyY9GrvUuT5jpbCAmg4WtYKELsuia81HI%2Be%2BHgiGejWOIdHJ69KG0EsUGR9T4aXzcRdKmjh2c05RpJZjRcRrtsLXYZlOrFMI%2Bt00JsgVcgAm4QrarHKvssdHQnj6%2Ba7SnqcAOotJOQV"}],"group":"cf-nel","max_age":604800}
date
Wed, 09 Oct 2024 15:22:23 GMT
content-type
image/png
last-modified
Fri, 05 Jan 2024 21:53:46 GMT
x-amz-id-2
K1dHdU4/pBBHx/cxpz5PAFdHa0pskM3Kxv7mMZmzLBgx/AvC4zhyPc0b1dCY6iIANT0/agRKHxU=
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
no-cache, no-store
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
EXZKKDZ0KEYN893P
cf-ray
8cff5da65ae4955d-LHR
accept-ranges
bytes
content-length
61714
server
cloudflare
x-amz-server-side-encryption
AES256
e098d357-1710-4cfe-8901-19c93de122f4.png
no-cache.hubspot.com/cta/default/1534169/
95 KB
96 KB
Image
General
Full URL
https://no-cache.hubspot.com/cta/default/1534169/e098d357-1710-4cfe-8901-19c93de122f4.png
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e5b1ceffda14543118fcc1d2d886fa5049d579ef1d139a7e94efbe9368fa9235
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

cf-cache-status
DYNAMIC
etag
"a015821c789fe4047a66a1cb79283ff8"
x-amz-version-id
a5wEPE_vNxVsuUiF6y0jYUWP_0fr7ZRz
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yqisCdg6cgg63FF0Q7PbNwsLRrj486fk2OCwaEdGnKoRoyHht9mNxEom%2BRpHD6Hzv%2F%2F5p8wVZReeFuWb3dQOC8Y%2BukErsM0YgdtLGzLrdCuhF3Edj5QPdRl9k1k4jDtCzGjRBDSr5pGemhYF6mXETzn6"}],"group":"cf-nel","max_age":604800}
date
Wed, 09 Oct 2024 15:22:23 GMT
content-type
image/png
last-modified
Fri, 28 Jun 2024 20:36:24 GMT
x-amz-id-2
4wR1+bCArGLYk8efNcooMRNOoAwcuOPN7a1TaBEM9pLXODJ589UAaAfvClm8QJ80sKq6XEx6FBE=
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
no-cache, no-store
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
EXZVKBQP1TG8W4P3
cf-ray
8cff5da65ae9955d-LHR
accept-ranges
bytes
content-length
97240
server
cloudflare
x-amz-server-side-encryption
AES256
x_twitter_icon.svg
blog.morphisec.com/hubfs/
460 B
2 KB
Image
General
Full URL
https://blog.morphisec.com/hubfs/x_twitter_icon.svg
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f1d760682f66979c85193208c7d10daddd5d3e74c6c148bef442a203d330cb22
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
all
content-encoding
br
cf-cache-status
HIT
etag
W/"c7279b34bfee002c148f828d14255c4f"
age
86711
cache-tag
F-141944464032,P-1534169,FLS-ALL
x-amz-version-id
8OVftkuv4j6Khff8Nb5oAG2Y32IjKCXk
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FxQH6Me1tbEEHWINOE3qxTyrSSKfH0j5uD%2BoXc5autlY8G2rN1fa1kKWHWt%2Bv8DL3R8QUUNUK2l7j%2Fh7c9qSJSpJrVZWGs5D557MT%2FKhAUhbGFE%2BIU3rkWLDfSaaMVFfJmIffw%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
s6_kGrjVauKP8GQHkNwVWZfbDeLbK2Rcga08mslr0pgT7cuPGouf8Q==
content-type
image/svg+xml
last-modified
Wed, 25 Oct 2023 14:16:04 GMT
x-amz-meta-index-tag
all
x-amz-replication-status
COMPLETED
edge-cache-tag
F-141944464032,P-1534169,FLS-ALL
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id
RXE9SXBQG3X4FKYG
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag
F-141944464032,P-1534169,FLS-ALL
x-hs-alternate-content-type
text/plain
server
cloudflare
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
access-control-allow-methods
GET
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:23 GMT
vary
Accept-Encoding
x-amz-id-2
pteC/ocNYgA/iZ21Em5Smqc/SU8xQDtSRHHUrkt2Q/mZetrHlVAHAKHB9ybvBzXvApGG8HY35YwhXjhM2gXD6WFSLvZYBYjNxgf/p2eq+Uo=
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
via
1.1 253e41640534a8ebde4c0b8e13b25d54.cloudfront.net (CloudFront)
cf-ray
8cff5da658957750-LHR
access-control-allow-origin
*
x-amz-cf-pop
LHR3-C2
x-amz-meta-created-unix-time-millis
1698243363640
linkedin_icon.svg
blog.morphisec.com/hubfs/
628 B
2 KB
Image
General
Full URL
https://blog.morphisec.com/hubfs/linkedin_icon.svg
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c9492eab132c2db0eaef81fea1bb719d8e3f5a11a32f7ebeeea5af202cd4e5c7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
all
content-encoding
br
cf-cache-status
HIT
etag
W/"3ef5ac1f024120437e19fcc4abf556d8"
age
86711
cache-tag
F-141945428832,P-1534169,FLS-ALL
x-amz-version-id
Bq5Mo6REJV_bnwvIwff4zb93JWXV7_WO
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5jyxHuRFIFZXZ77Pi1LCJZZ%2FfLICWyKQwtncz31ovjJS2iAhcjn3K7F7ImQY8MWT1qUDUopn6ZtcO4dsp%2FMQPAaQ%2Fjy3%2Bz7%2BvuXHJn0NEjQBw%2BkPGGh2nyCXZ2HN3so4ZtFxHg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
RefreshHit from cloudfront
x-amz-cf-id
oABL-jHPWceQgpXm7FdXsodceEj-SzTMbYxp564h_hwTf0jJANam7Q==
content-type
image/svg+xml
last-modified
Wed, 25 Oct 2023 14:16:04 GMT
x-amz-meta-index-tag
all
x-amz-replication-status
COMPLETED
edge-cache-tag
F-141945428832,P-1534169,FLS-ALL
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id
NB854WBNHQNT2TWZ
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag
F-141945428832,P-1534169,FLS-ALL
x-hs-alternate-content-type
text/plain
server
cloudflare
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
access-control-allow-methods
GET
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:23 GMT
vary
Accept-Encoding
x-amz-id-2
gbCb7+6RwKyUjb5yEAEMx1jYG7XMUtY6LCqE5ybjkXUnRb+tFgFqqa0irjvEFBXM1ye+tzXE3a/80YCSUW9Nfw==
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
via
1.1 9a0da3962832290b2dd219763f12257a.cloudfront.net (CloudFront)
cf-ray
8cff5da6589a7750-LHR
access-control-allow-origin
*
x-amz-cf-pop
LHR3-C2
x-amz-meta-created-unix-time-millis
1698243363623
youtube_icon.svg
blog.morphisec.com/hubfs/
642 B
2 KB
Image
General
Full URL
https://blog.morphisec.com/hubfs/youtube_icon.svg
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
76dd9ffb1b604b0ad3f128d2fe014cc22f934ed40ae792ef9b4600a17866aeb2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
all
content-encoding
br
cf-cache-status
HIT
etag
W/"ced4da2370fbc2016321a375dbbed68b"
age
86711
cache-tag
F-141945248869,P-1534169,FLS-ALL
x-amz-version-id
sJlFqbLZ7aHbNE_.KGb6N9TqRjJsKyuv
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wYGzWFfPjLd5BUjyxbTluLTuKALkuqaDgJv0A1x6QOeLxwnoe%2FxNs0yF5WX7rXqKR1qnQjr3yUAH1Vg3UJ4MT0E3xC1SGJHZFLhjlZ9VZhkLp0%2BiSW7bhOk%2Bfph8VRgnk8fd4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
RefreshHit from cloudfront
x-amz-cf-id
g-KbuLwOf9AYUghAm9nS5O1aDnTJBKc-vuZDLCs2ikLioh2_dAKHoQ==
content-type
image/svg+xml
last-modified
Wed, 25 Oct 2023 14:16:04 GMT
x-amz-meta-index-tag
all
x-amz-replication-status
COMPLETED
edge-cache-tag
F-141945248869,P-1534169,FLS-ALL
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id
NB8AMV46FMB63TEF
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag
F-141945248869,P-1534169,FLS-ALL
x-hs-alternate-content-type
text/plain
server
cloudflare
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
access-control-allow-methods
GET
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:23 GMT
vary
Accept-Encoding
x-amz-id-2
tNNSf8fp7OAEG4/VH8q5ULCSAFuipje26Vn4ZCtxd0wPohsAKgRfE1KFfLbi1ELKxfp43Ml4gWI=
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
via
1.1 b61e218bc35668646b673c626203e5d4.cloudfront.net (CloudFront)
cf-ray
8cff5da6589c7750-LHR
access-control-allow-origin
*
x-amz-cf-pop
LHR3-C2
x-amz-meta-created-unix-time-millis
1698243363649
embed.js
static.hsappstatic.net/content-cwv-embed/static-1.1293/
13 KB
5 KB
Script
General
Full URL
https://static.hsappstatic.net/content-cwv-embed/static-1.1293/embed.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:ae5b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cb5224674e43d02db0037517f4aa29ba5ce9ddd0672e513cc7289714ba657522
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

content-encoding
gzip
cf-cache-status
HIT
x-amz-version-id
AFGFBaAC1397GFbOapH2DRIkjQ_NaZzY
etag
W/"f667e53d5752ee2e5759f3dfaf20d330"
age
471733
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CtXwDpRTFXu5mxmPuMA3OOnOW2%2BJSbXZI%2BAIGZSXXLKCA39M82rXQz0XsOeoy5UNaww09WpbQkjdCxXCl4MRZ3iCjtfGEjZ5505hXI9dyxJgsy7oCqYZ671ozkiGVduykmwdv64bg79D14alVlZmO%2FYnk5c%3D"}],"group":"cf-nel","max_age":604800}
expires
Thu, 09 Oct 2025 15:22:23 GMT
x-cache
Miss from cloudfront
x-amz-cf-id
ialkeDDsQ4J9oa8KWkuPKZsIg-It7KMCt_nJlOdWvq2De-ujET_f7A==
date
Wed, 09 Oct 2024 15:22:23 GMT
content-type
application/javascript
last-modified
Mon, 23 Sep 2024 19:59:06 GMT
vary
Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-replication-status
COMPLETED
cache-control
public, max-age=31536000
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via
1.1 0316c07369e8911f4fffe6ae5475e30c.cloudfront.net (CloudFront)
cf-ray
8cff5da6cf4a7701-LHR
x-amz-cf-pop
LHR50-P6
server
cloudflare
x-amz-server-side-encryption
AES256
svgConvert.min.js
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109629951254/1680697800041/2023/js/
668 B
2 KB
Script
General
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109629951254/1680697800041/2023/js/svgConvert.min.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
46c7b6ee01c236fd8d98d0b7c8f00fba85340c3432932e624d44f7663aef8513
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-request-id
01267464-31d4-43a6-a861-46b187dc5427
content-encoding
br
cf-cache-status
HIT
etag
W/"1cb72e618cce9cc73c57265e9b726362"
age
171
x-amz-version-id
SZXdPmhYHKeWP0u0ggYIHYhJ0L5KYvd5
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0kb1CtfE14XAZSAGebTSRb6YElywndEXA9gR4LO2JrctLE2Z6EuZle%2BcR9Kw5tg8%2FEyfarXEasx%2FE8mPRRYTYBk%2FlzPQ0JTHk7KzUjF8Q4bAvSOzm1SldxM1DjEF4YBQRzEONQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
RefreshHit from cloudfront
x-evy-trace-listener
listener_https
x-amz-cf-id
VhWS-ezXd8eEm7gMkUI885gqB3tN6cHoMIvkE8x2GBzhClX8iEGiZA==
x-hubspot-correlation-id
01267464-31d4-43a6-a861-46b187dc5427
content-type
application/javascript; charset=utf-8
last-modified
Wed, 05 Apr 2023 12:30:01 GMT
x-amz-replication-status
COMPLETED
x-evy-trace-route-service-name
envoyset-translator
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-656644bdb-lrfms
x-envoy-upstream-service-time
150
x-amz-request-id
698XNMSNT54TC3V1
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type
text/plain
server
cloudflare
x-evy-trace-virtual-host
all
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:22 GMT
vary
origin, Accept-Encoding
x-amz-id-2
IAdAsb4P0gUlHIB8qDJ6vO9vidHdokx+OYvyCZk8IFSXmPvWOu+TRQRBS9FPOss1CsunM+ZFR2mXpP5eKsqOzoMu3Wk9xAXQ
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
blog.morphisec.com
access-control-allow-credentials
false
via
1.1 50f5f6b4e0025748bb74dce1db44c750.cloudfront.net (CloudFront)
cf-ray
8cff5da04e317750-LHR
x-evy-trace-route-configuration
listener_https/all
x-amz-cf-pop
IAD89-C1
x-amz-meta-created-unix-time-millis
1680697800276
lottie-player.min.js
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110333050473/1681491230914/2023/js/
359 KB
95 KB
Script
General
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110333050473/1681491230914/2023/js/lottie-player.min.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
40943198e5e26cbcf474c1ed0846442abc4398198117de5251a8840fb421cd13
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-request-id
90a79a12-0d5c-4b3f-8cef-0d8a2f53d8db
content-encoding
br
cf-cache-status
HIT
etag
W/"9540cac57a5805fdde520bb1869134b2"
age
172
x-amz-version-id
CTo5DkzSjS7Z2UMEH7W3RDGvw45iU9vL
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Xw0mR2D3zbZ6xlZ%2BofuQtBaMXqOH31ryxc%2BCjFsJRzaisyQrp0anVOnMevIrX0JyslpegMaS2nI7OiwTskW7GzYgq40YngWfK7IGo9VlQtq2LJ1Z35%2FWJucK0FeGRrU5P1DX2w%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-evy-trace-listener
listener_https
x-amz-cf-id
fvJJsMjh91dxHYgpwFtHt0ClgoMduacrQWuxPz1372GZDxr76QWEdA==
x-hubspot-correlation-id
90a79a12-0d5c-4b3f-8cef-0d8a2f53d8db
content-type
application/javascript; charset=utf-8
last-modified
Fri, 14 Apr 2023 16:53:53 GMT
x-amz-replication-status
COMPLETED
x-evy-trace-route-service-name
envoyset-translator
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-7849459c5c-nnksg
x-envoy-upstream-service-time
211
x-amz-request-id
VBNEWCK9TZWPMYQF
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type
text/plain
server
cloudflare
x-evy-trace-virtual-host
all
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:23 GMT
vary
origin, Accept-Encoding
x-amz-id-2
nrHqngU1gheAKyzjbiDwTE+BziDQilWfJjSA89bpaV0zhYJTWCtIoaIZcII+gpcclsSEJzDIdgVe8WeNKBUsbw==
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
blog.morphisec.com
access-control-allow-credentials
false
via
1.1 40b60aeaf88b52755048e453b78f096e.cloudfront.net (CloudFront)
cf-ray
8cff5da6488b7750-LHR
x-evy-trace-route-configuration
listener_https/all
x-amz-cf-pop
IAD61-P1
x-amz-meta-created-unix-time-millis
1681491232806
slick.min.js
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110410292559/1681177460359/2023/js/
42 KB
12 KB
Script
General
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110410292559/1681177460359/2023/js/slick.min.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6b011f48059b6591b0d266a9abdf45d9263e702059d29a207e770ddb87b49c72
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-request-id
1da69ec5-181d-46ae-9468-24ee587dbbc1
content-encoding
br
cf-cache-status
HIT
etag
W/"f6085c5be1a35b91955cf9abd5b2b0ea"
age
172
x-amz-version-id
uoS3eYGmK1dPCzG_bq7yGgNyq7YIozdd
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8Z5Gm0KdbeC9FNHxzsY7EyUZPzkeqKNd%2Bn9EUTYrQVIZQqsLNUWq5xyTCtxNjfwAeNUpraXaKyLPbzAmSZNYwfXF7OhdfwJaEZnaq8JFr8uDehE1kYsyayv0srtav9vLXuY3qQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
RefreshHit from cloudfront
x-evy-trace-listener
listener_https
x-amz-cf-id
5JTh9n30MkOEioe26IYwI66IJAzSsriNNCC-5jSdOcgP_XsmGGqnpw==
x-hubspot-correlation-id
1da69ec5-181d-46ae-9468-24ee587dbbc1
content-type
application/javascript; charset=utf-8
last-modified
Tue, 11 Apr 2023 01:44:21 GMT
x-amz-replication-status
COMPLETED
x-evy-trace-route-service-name
envoyset-translator
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-54797cf595-ftsxn
x-envoy-upstream-service-time
223
x-amz-request-id
0FH6984CA5EM9B26
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type
text/plain
server
cloudflare
x-evy-trace-virtual-host
all
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:23 GMT
vary
origin, Accept-Encoding
x-amz-id-2
aAu6jiIE/hp4fGSWic0sr7gGc5lg7yM8VNHcKfcRKB3gUiYW2EP41fy6PSQMyi+pOAy92rysLTk=
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
blog.morphisec.com
access-control-allow-credentials
false
via
1.1 13f73562b215175ddd75c2902ae36650.cloudfront.net (CloudFront)
cf-ray
8cff5da6588d7750-LHR
x-evy-trace-route-configuration
listener_https/all
x-amz-cf-pop
IAD61-P1
x-amz-meta-created-unix-time-millis
1681177460907
module_109590708858_Header_-_Global.min.js
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1718666704342/
1 KB
2 KB
Script
General
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1718666704342/module_109590708858_Header_-_Global.min.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b28f2758dd0c48fa0e8e33ccfee02f1b581b93484aae2af63190df3d4bcc068f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-request-id
0a6fe8cb-3973-4c8b-9c5c-5c463f67e000
content-encoding
br
cf-cache-status
HIT
etag
W/"48cafa9929e94f1a90da5d8bff870b98"
age
172
x-amz-version-id
Z8bW_Nc0jF3khU_5_zx9kQwF.kZyIvdN
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Zj6pU%2Bv2P7NroMrgPvcr8cirZyNfndlRDOwVOlsMNmGd8XWc78Bbt4%2Fsok365fl7D2GMjsbx4cjsaLCiaWh5ULAwLaY97WiAckhIzHNAhVnvn5ByjsjfOh7pFgUzMs96uIuOIw%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-evy-trace-listener
listener_https
x-amz-cf-id
iLzv9KHt6iRfXCpbnW5oXzGKkZUK7y-SPwgt4UK2i5znR048wJbbOQ==
x-hubspot-correlation-id
0a6fe8cb-3973-4c8b-9c5c-5c463f67e000
content-type
application/javascript; charset=utf-8
last-modified
Mon, 17 Jun 2024 23:25:05 GMT
x-amz-replication-status
COMPLETED
x-evy-trace-route-service-name
envoyset-translator
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-54797cf595-k2wrb
x-envoy-upstream-service-time
193
x-amz-request-id
Y0MXT8Z8P8N3T3JX
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type
text/plain
server
cloudflare
x-evy-trace-virtual-host
all
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:23 GMT
vary
origin, Accept-Encoding
x-amz-id-2
BO0aFY990nlG9D7XCLSn9LVtiJYZn1wyyz/yP5OqF91k+ngm5/WKNXT88Jg99IrCzLkioD0UKvk=
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
blog.morphisec.com
access-control-allow-credentials
false
via
1.1 eb9a7c491927f70f3921f0803caae61c.cloudfront.net (CloudFront)
cf-ray
8cff5da658917750-LHR
x-evy-trace-route-configuration
listener_https/all
x-amz-cf-pop
IAD61-P1
x-amz-meta-created-unix-time-millis
1718666704342
module_-2712622_Site_Search_Input.min.js
cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1728407202488/
4 KB
2 KB
Script
General
Full URL
https://cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1728407202488/module_-2712622_Site_Search_Input.min.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.90.62 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
863886e2347be57cf71d7ed3fc614593e94bbce61858cd8c0761ba7a78d2ace4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-evy-trace-virtual-host
all
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-request-id
0f3881af-38b9-4e7a-86eb-7056e3f7038a
content-encoding
br
cf-cache-status
HIT
etag
W/"f9134a973469f840bf03f740af92c65f"
age
80060
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ljvlzQ7Y4d5%2B8E5D0g%2BnL%2BbRG239NK2klf9mza7lvQTgyWLYRGTTIs93HDCSRgvnWqE9TFUEz56RJXU7ZdnKyGhv18IMGaS9Pmha2yVoT7V9RtQbAqzan0VSz6ncsbf2k%2Bw%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET
x-amz-storage-class
INTELLIGENT_TIERING
x-evy-trace-listener
listener_https
date
Wed, 09 Oct 2024 15:22:23 GMT
x-hubspot-correlation-id
0f3881af-38b9-4e7a-86eb-7056e3f7038a
content-type
application/javascript; charset=utf-8
last-modified
Tue, 08 Oct 2024 17:06:43 GMT
vary
Accept-Encoding
x-amz-replication-status
COMPLETED
x-evy-trace-route-service-name
envoyset-translator
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-cdn2-td/envoy-proxy-7dc48645dd-lpw4m
x-envoy-upstream-service-time
237
cf-ray
8cff5da65839949d-LHR
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
access-control-allow-origin
*
x-evy-trace-route-configuration
listener_https/all
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
server
cloudflare
x-amz-meta-created-unix-time-millis
1728407202488
x-amz-server-side-encryption
AES256
lazyload-min.min.js
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/36272650673/1603042259630/2020_-_UIS_-_Template_Folders/Vendor_JS/
8 KB
4 KB
Script
General
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/36272650673/1603042259630/2020_-_UIS_-_Template_Folders/Vendor_JS/lazyload-min.min.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6cb079eb01e730c435ef0b80f62f636245fa0f8f0e86c144935e42a8dd12a545
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-request-id
8633dc77-bfe5-4d62-86c1-3d96ed46d39b
content-encoding
br
cf-cache-status
HIT
etag
W/"67744f609bc5dbc8a0fb9fe0d5005f25"
age
1170
x-amz-version-id
4SGyaLwa93KERwdBmZy9UM4.3aqx9djg
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oHdsNs2gbE6tiYmJbL55fuXTNgvjCfJcYMyXXUFKBDwMdpS5wRXWmjo4Ns8Di6SPPOuOajvBSRk9UIO1YUV%2FCPj6xq2Q8ib8yNsx4cW7nLjIhGefB1CkoEO5r5hLFLuCjOqHdA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
RefreshHit from cloudfront
x-evy-trace-listener
listener_https
x-amz-cf-id
HoIZAwOtTskaCYK-JyYx6L0x1_j-BYS0H4AAZ9mShFk_9iIDU-m59Q==
x-hubspot-correlation-id
8633dc77-bfe5-4d62-86c1-3d96ed46d39b
content-type
application/javascript; charset=utf-8
last-modified
Sun, 18 Oct 2020 17:31:00 GMT
x-amz-replication-status
COMPLETED
x-evy-trace-route-service-name
envoyset-translator
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-7849459c5c-ljp77
x-envoy-upstream-service-time
158
x-amz-request-id
BH1AX5NMZ39HE8C0
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type
text/plain
server
cloudflare
x-evy-trace-virtual-host
all
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
date
Wed, 09 Oct 2024 15:22:23 GMT
vary
origin, Accept-Encoding
x-amz-id-2
NPqGTIEcUAanOJX2Vt8bBRj7pIy5fShlTNGDUsxIq3srtiYW1KEKr7pyXOQJsT0JsI5RLyESVd2JNVCUN0oflz8wUwpk1Rth
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
blog.morphisec.com
access-control-allow-credentials
false
via
1.1 782e548cb0b1b64c63d995fc59568b48.cloudfront.net (CloudFront)
cf-ray
8cff5da6589e7750-LHR
x-evy-trace-route-configuration
listener_https/all
x-amz-cf-pop
IAD89-P2
x-amz-meta-created-unix-time-millis
1603042259630
vide.js
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6224156614/1569821730014/Morphisec/Coded_Files/
4 KB
3 KB
Script
General
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6224156614/1569821730014/Morphisec/Coded_Files/vide.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
be3950dab42791bb50d60a09c80869ba8c86f7dab74eff23b91a365d0c710831
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-request-id
b74a5e1a-4249-40e2-9b6c-d7767f892fe8
content-encoding
br
cf-cache-status
HIT
etag
W/"901e2d8fd2af243d3d8dd68e38fa22da"
age
1170
x-amz-version-id
xCDhIWpBzbsqxgnqK8jsUmPM_UWe2ml.
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aMl%2FnTo4AVZHHGg6YTJXovdkWol5hMHDrU2gzoaVNYM7KUWLuTcf%2Bskr4%2B96bVqFjhntfTVn4Jeldb3lKbkPrf%2FoRTZU3Yrq7GyPR9a%2FYBxdM1jqafGEefS5JZiyo3kvg8kZOg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
RefreshHit from cloudfront
x-evy-trace-listener
listener_https
x-amz-cf-id
8H1X61fXwz0TIZahQtq_NvdHY4xEa0OeGxNTet17wgZA-uj6eI225Q==
x-hubspot-correlation-id
b74a5e1a-4249-40e2-9b6c-d7767f892fe8
content-type
application/javascript; charset=utf-8
last-modified
Mon, 30 Sep 2019 05:35:31 GMT
x-evy-trace-route-service-name
envoyset-translator
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-54797cf595-8gfzl
x-envoy-upstream-service-time
188
x-amz-request-id
5JPGFANV69JF2SEP
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
server
cloudflare
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-virtual-host
all
date
Wed, 09 Oct 2024 15:22:23 GMT
vary
origin, Accept-Encoding
x-amz-id-2
HTg0ORvKmC1waQXmvh9WqCbZx9QUgDfSTsq4FMwUghtbcuGL+6LMivS6KYo1kM+rts28CpWR+JM=
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
blog.morphisec.com
access-control-allow-credentials
false
via
1.1 b0785dd15b9c7ed21cde8fa5e473d0a2.cloudfront.net (CloudFront)
cf-ray
8cff5da658a07750-LHR
x-evy-trace-route-configuration
listener_https/all
x-amz-cf-pop
IAD61-P1
magnificpopup.js
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6224925249/1569821730326/Morphisec/Coded_Files/
20 KB
9 KB
Script
General
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6224925249/1569821730326/Morphisec/Coded_Files/magnificpopup.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-request-id
84b2289e-4d67-4874-8f85-9607ac061ca0
content-encoding
br
cf-cache-status
HIT
etag
W/"ba6cf724c8bb1cf5b084e79ff230626e"
age
172
x-amz-version-id
AenlXmDNTXiJmWpCG4hF_X9US4k8ofw.
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sFyqKWRfc0dffFl4ULfGdtMd6L5uVhiSUzn2qWVDox%2BSdMs%2BmZlloyfJSeW33tyuajyux2xyHMRPAJAnS90rOiBSTuPH7cyu0BW4c8kuBYs0TcrgOKV%2Bb2tMWcnnRP%2FMYMWl4w%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
RefreshHit from cloudfront
x-evy-trace-listener
listener_https
x-amz-cf-id
OSUo2jak0LK19o2mTzbLJjmBTL0AaU2QhrpR-Oc65KZQzQIaFVekuQ==
x-hubspot-correlation-id
84b2289e-4d67-4874-8f85-9607ac061ca0
content-type
application/javascript; charset=utf-8
last-modified
Mon, 30 Sep 2019 05:35:31 GMT
x-evy-trace-route-service-name
envoyset-translator
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-54797cf595-nxgmh
x-envoy-upstream-service-time
183
x-amz-request-id
XMM6YHXCM1GT32ER
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
server
cloudflare
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-virtual-host
all
date
Wed, 09 Oct 2024 15:22:23 GMT
vary
origin, Accept-Encoding
x-amz-id-2
82CFTpidcr+z46VX8TmLYvJ0QRedAEKYpDNafJVGap00lXD1dUnfP2qkzugjIkKO6SOoOC+d5ss=
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
blog.morphisec.com
access-control-allow-credentials
false
via
1.1 b0785dd15b9c7ed21cde8fa5e473d0a2.cloudfront.net (CloudFront)
cf-ray
8cff5da658a17750-LHR
x-evy-trace-route-configuration
listener_https/all
x-amz-cf-pop
IAD61-P1
Morphisec_Sept2018_script.min.js
blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6213834399/1671716921459/Morphisec/Coded_Files/
166 KB
43 KB
Script
General
Full URL
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/6213834399/1671716921459/Morphisec/Coded_Files/Morphisec_Sept2018_script.min.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
1c5f683908c190d5f9f618337d8d7c586d735f1ace24afdc81208dbf52a5f45c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-request-id
88aa4c7f-b0cb-4822-b1e2-c96817bb4c95
content-encoding
br
cf-cache-status
HIT
etag
W/"f7327c38d9f5aeef245b0ee300152178"
age
1169
x-amz-version-id
YMjvkoc5EhQ12za.7KqifcSwG8LKYS3S
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kz08KGld5Unu2a%2FOEIJpDOYS5%2Fno8G0cqnnVmZ3afW0vW5Xh3frLVs1XgkDtW7ECwdR2HHwmPyXPC1jLVbxjL%2BIQXrXbmsJ75zvfGKZLC%2BkEnNtOVCxxYTxv1lvQm38x4WbvFg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
RefreshHit from cloudfront
x-evy-trace-listener
listener_https
x-amz-cf-id
3xK2UoqrHaC-0frIP2wYWwJORWrBjkorFzKCyEjIA1hHOF2rK5qpfQ==
x-hubspot-correlation-id
88aa4c7f-b0cb-4822-b1e2-c96817bb4c95
content-type
application/javascript; charset=utf-8
last-modified
Thu, 22 Dec 2022 13:48:43 GMT
x-amz-replication-status
COMPLETED
x-evy-trace-route-service-name
envoyset-translator
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-7849459c5c-vj5j8
x-envoy-upstream-service-time
143
x-amz-request-id
05HFDXQACQVE2B7R
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type
text/plain
server
cloudflare
x-evy-trace-virtual-host
all
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:23 GMT
vary
origin, Accept-Encoding
x-amz-id-2
62Hdv0hS1Gdom23p8bdVYKUGo+lPPq61WBUPfWSswTkFCYS/mKJhQ6kzUEqzB0ji0UKnATDQLCI=
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
blog.morphisec.com
access-control-allow-credentials
false
via
1.1 281687fdef6568ba75a1a090e3b48e2a.cloudfront.net (CloudFront)
cf-ray
8cff5da658a47750-LHR
x-evy-trace-route-configuration
listener_https/all
x-amz-cf-pop
IAD61-P1
x-amz-meta-created-unix-time-millis
1671716922383
1534169.js
blog.morphisec.com/hs/scriptloader/
3 KB
1 KB
Script
General
Full URL
https://blog.morphisec.com/hs/scriptloader/1534169.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3d90d199030c5ae24a21d47b53d7548f1dd4e799494a67ef4fcb3a7f4abc60fe
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

access-control-max-age
3600
content-encoding
br
cf-cache-status
HIT
cf-bgj
minify
age
10
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pcSryZMNMocHwg1LTGLmCz74g5H4P4B3p74crphM7OFmSdt%2FsKvZe890Hb8d059pqPS%2FLoMHFkETe9Jx2HElDRZFmkG0eVL65irnI%2BOphwZj8q1ZYSOYFCg6VhY2cj2eqKGZcw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Wed, 09 Oct 2024 15:23:53 GMT
cf-polished
origSize=3054
alt-svc
h3=":443"; ma=86400
date
Wed, 09 Oct 2024 15:22:23 GMT
x-hubspot-correlation-id
09282d11-fe63-4dd8-a2a4-52925968e005
content-type
application/javascript;charset=utf-8
last-modified
Wed, 09 Oct 2024 15:21:37 GMT
vary
origin, Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
upgrade-insecure-requests
cache-control
public, max-age=90
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials
true
cf-ray
8cff5da658a67750-LHR
server
cloudflare
index.js
blog.morphisec.com/hs/hsstatic/HubspotToolsMenu/static-1.354/js/
12 KB
5 KB
Script
General
Full URL
https://blog.morphisec.com/hs/hsstatic/HubspotToolsMenu/static-1.354/js/index.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
42c7e51d284cd7256caf3bfebf641141876657ea0d6e5588ac7e69dce1e9cf7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

content-encoding
gzip
cf-cache-status
HIT
etag
W/"3ef0deda0631561665e95645daf500a2"
age
4133063
x-amz-version-id
O3iI8Pl3bd7LIBbSsE98q3XHW8vfw5hp
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bq%2FaXjuXUhkaJde0XJYwnMGy3oNcNZHQoilKe4rzncU8a1HL3OV9cXJkmIdfz6xej6wmAbQD4hG4M0qZFmpjiwRX1TBlyjESNFV%2F7HPRK87hOT9l%2B4HQKyNM5vSyQg9Towy4mQ%3D%3D"}],"group":"cf-nel","max_age":604800}
expires
Thu, 09 Oct 2025 15:22:23 GMT
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
Myu8xb8hRGFqc16zQkMAYvOeELoFxtA6WP_zod8VqltzLnGRT1rT4w==
date
Wed, 09 Oct 2024 15:22:23 GMT
content-type
application/javascript
last-modified
Wed, 21 Aug 2024 20:24:20 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-replication-status
COMPLETED
cache-control
public, max-age=31536000
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via
1.1 0316c07369e8911f4fffe6ae5475e30c.cloudfront.net (CloudFront)
cf-ray
8cff5da658a77750-LHR
x-amz-cf-pop
LHR50-P6
server
cloudflare
x-amz-server-side-encryption
AES256
gtm.js
www.googletagmanager.com/
333 KB
110 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PQBJZ8K
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
69df84d5e1d0f3d6789177fde1307841293c2b79c88f96151e5c13d5a8b1e1b7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires
Wed, 09 Oct 2024 15:22:23 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 09 Oct 2024 15:22:23 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Wed, 09 Oct 2024 15:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
112290
x-xss-protection
0
server
Google Tag Manager
tracker.iife.js
assets.apollo.io/micro/website-tracker/
3 KB
2 KB
Script
General
Full URL
https://assets.apollo.io/micro/website-tracker/tracker.iife.js?nocache=9gvygp
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:27d5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2039d204f18247df88a0f132f35fe67f9e52ee7268515ead1647c611f737ba07

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-goog-metageneration
1
access-control-expose-headers
*
content-encoding
gzip
x-goog-hash
crc32c=I3tUEw==, md5=SC6zvnW2DshviOm8MzN+iA==
etag
"482eb3be75b60ec86f88e9bc33337e88"
age
80602
cf-cache-status
HIT
x-goog-stored-content-encoding
gzip
expires
Wed, 08 Oct 2025 12:34:41 GMT
x-goog-stored-content-length
1168
date
Wed, 09 Oct 2024 15:22:23 GMT
content-type
application/javascript
last-modified
Mon, 12 Feb 2024 19:05:14 GMT
vary
Accept-Encoding
x-guploader-uploadid
ABPtcPoNXGo944qEh6W741_k9o0pYW6eaCos6js3ISaSoPc2zCqVAmPrPAfFjgHb5X8pVvbJ1_a3_yM_UA
cache-control
public, max-age=31439538
x-goog-storage-class
MULTI_REGIONAL
cf-ray
8cff5da6cdfb93ec-LHR
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1707764714580510
content-length
1168
server
cloudflare
track_request
aplo-evnt.com/api/v1/intent_pixel/
0
0
Fetch
General
Full URL
https://aplo-evnt.com/api/v1/intent_pixel/track_request?app_id=6631240b51083801c780181a
Requested by
Host: assets.apollo.io
URL: https://assets.apollo.io/micro/website-tracker/tracker.iife.js?nocache=9gvygp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.133.146 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
146.133.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' chrome-extension://alhgpfoeiimagjlnfekdhkjlkiomcapa chrome-extension://ececkagaccnfmkopaiemklekhoimmgpn *.salesforce.com *.lightning.force.com
Strict-Transport-Security max-age=3600
X-Content-Type-Options nosniff
X-Frame-Options ALLOWALL

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

strict-transport-security
max-age=3600
x-transaction-id
65b4f96c07c7f36e0eafb6710127f848
access-control-max-age
7200
cache-control
no-cache
content-security-policy
frame-ancestors 'self' chrome-extension://alhgpfoeiimagjlnfekdhkjlkiomcapa chrome-extension://ececkagaccnfmkopaiemklekhoimmgpn *.salesforce.com *.lightning.force.com
access-control-allow-methods
GET, POST, PUT, PATCH, DELETE, OPTIONS
x-content-type-options
nosniff
via
1.1 google
status
204 No Content
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 09 Oct 2024 15:22:23 GMT
vary
Origin
server
nginx
x-frame-options
ALLOWALL
track_request
aplo-evnt.com/api/v1/intent_pixel/ Frame
0
0
Preflight
General
Full URL
https://aplo-evnt.com/api/v1/intent_pixel/track_request?app_id=6631240b51083801c780181a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.133.146 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
146.133.107.34.bc.googleusercontent.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://blog.morphisec.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
GET, POST, PUT, PATCH, DELETE, OPTIONS
access-control-allow-origin
*
access-control-max-age
7200
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache
content-length
0
date
Wed, 09 Oct 2024 15:22:23 GMT
server
nginx
status
200 OK
via
1.1 google
css2
fonts.googleapis.com/
57 KB
3 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Open+Sans:ital,wght@0,300;0,400;0,600;0,700;0,800;1,300;1,400;1,600;1,700;1,800&display=swap
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110809165900/1726781333453/2023/CSS/old-style.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
f322afdaf7184e4ddd7fca589f89cdd7e2e2721dffbf8abed7cb1eca88b0915f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/110809165900/1726781333453/2023/CSS/old-style.min.css

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Wed, 09 Oct 2024 15:22:23 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 09 Oct 2024 15:22:23 GMT
content-type
text/css; charset=utf-8
last-modified
Wed, 09 Oct 2024 14:35:09 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
consent.js
consent.cookiefirst.com/sites/blog.morphisec.com-66e189ea-c6b6-4303-9c8a-423cc0c43c31/
3 KB
2 KB
Script
General
Full URL
https://consent.cookiefirst.com/sites/blog.morphisec.com-66e189ea-c6b6-4303-9c8a-423cc0c43c31/consent.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQBJZ8K
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
Cookie First CDN-DE1-1081 /
Resource Hash
38be945806c4060aed4bbd54257f42345603271d5a4c9fd1ea7d018092b77e5a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

cdn-status
200
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
content-encoding
br
etag
"66fcc919-a39"
cdn-fileserver
750
date
Wed, 09 Oct 2024 15:22:23 GMT
cdn-storageserver
DE-676
last-modified
Wed, 02 Oct 2024 04:16:25 GMT
content-type
application/javascript
vary
Accept-Encoding
cdn-cache
HIT
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-requestpullcode
200
cdn-cachedat
10/02/2024 04:21:46
cache-control
public, max-age=30
cdn-requestpullsuccess
True
visitor-location
GB
cdn-requesttime
2
cdn-uid
d602dab6-3f92-4809-a378-608fd2b89403
cdn-requestid
14d17953fd35c54f28b98a369d69dbbe
cdn-pullzone
236985
cdn-proxyver
1.04
access-control-allow-origin
*
cdn-edgestorageid
1081
server
Cookie First CDN-DE1-1081
cdn-requestcountrycode
GB
js
www.googletagmanager.com/gtag/
307 KB
104 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-HFVX4VZHCS&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQBJZ8K
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1f7e31b5094eaba804e8c52b36200eb5ac94cb0b03979a2bed47fc19fcc1a1ba
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Wed, 09 Oct 2024 15:22:23 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 09 Oct 2024 15:22:23 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
106455
x-xss-protection
0
server
Google Tag Manager
js
www.googletagmanager.com/gtag/
237 KB
85 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-784310031&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQBJZ8K
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
69258fea8ac8eaae4518520a5ff969c31a4d83ba722d7d13ca260e462d538a6b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Wed, 09 Oct 2024 15:22:23 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 09 Oct 2024 15:22:23 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Wed, 09 Oct 2024 15:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
86970
x-xss-protection
0
server
Google Tag Manager
Montserrat-Regular.woff2
www.morphisec.com/hubfs/fonts/
64 KB
66 KB
Font
General
Full URL
https://www.morphisec.com/hubfs/fonts/Montserrat-Regular.woff2
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3437637c88e40ab5f57b1e37129d03ebb7594a6fc8ea56061284c93f8088beb8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://blog.morphisec.com
Referer
https://blog.morphisec.com/

Response headers

x-robots-tag
all
cf-cache-status
HIT
etag
"6b8307d4d485772acfa7afe8265fb942"
age
86711
cache-tag
F-109620535302,FD-109627043208,P-1534169,FLS-ALL
x-amz-version-id
nSDGlIqPXu9uV3l2fdqqNA5m3fzDIOo2
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q5DRaxh1vKekcG6W25ziq3ICDIvCzMQ408s0IUtF0TEm72hz0WvgM%2FvUPj8zfR1LctXQqzZNbXnSlECQAkIwofJqexiMqE3s4A4Y0HYHGFyDa24U9Qr%2B31WN0oPCstUPjnJD"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
RefreshHit from cloudfront
x-amz-cf-id
edSZv_Y6xED895JbDc3tHgB2l4lBSDPGQYIrS3u56p068vbgoVVS_g==
content-type
application/font-woff2
last-modified
Wed, 05 Apr 2023 11:12:00 GMT
x-amz-meta-index-tag
all
x-amz-replication-status
COMPLETED
edge-cache-tag
F-109620535302,FD-109627043208,P-1534169,FLS-ALL
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id
20PSDXCKECK9EXWC
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
accept-ranges
bytes
x-amz-meta-cache-tag
F-109620535302,FD-109627043208,P-1534169,FLS-ALL
content-length
65900
x-hs-alternate-content-type
text/plain
server
cloudflare
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
access-control-allow-methods
GET
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:23 GMT
vary
Accept-Encoding
x-amz-id-2
Ye9nvyPUJUzg2lOK13mfZauTSeZusKzoViywKcYuhxbfghVQyV+p+ivkXstX89/0oOfDPb+Fbw4RvYc3igGQK/w22fyxE1F/TX3FaUt9hrc=
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
via
1.1 c2eeef4f658b2933c525a8c9b2d5c896.cloudfront.net (CloudFront)
cf-ray
8cff5da93b524052-LHR
access-control-allow-origin
*
x-amz-cf-pop
LHR3-C2
x-amz-meta-created-unix-time-millis
1680693119101
3c83d6d5-0c56-47b7-8aee-ae6edf73c360.png
no-cache.hubspot.com/cta/default/1534169/
2 KB
2 KB
Image
General
Full URL
https://no-cache.hubspot.com/cta/default/1534169/3c83d6d5-0c56-47b7-8aee-ae6edf73c360.png
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3d0faa1510d3999ee6ce630052e0f8c562acc8b69380ceb4e7f812aaa4c5303f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

cf-cache-status
DYNAMIC
etag
"3d5f63abc7db36507720723f2c0d0e15"
x-amz-version-id
ulKQMNoMzME6ZWTBPDeq_A_qJjzsu_Xz
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2Y6kr70VJQ7PwUg1BUvfg61G6z0UqQGC%2Fd%2FMGLRIN%2BbfA%2FRz13uvRMCgTFW4PDmu8qCSjCimqJYCMARsEMFn1xjr4cQ%2Fq3JKcUxIVQTpByKFrPxp176hC6aZIqiyf43ixPc3NDpxJwricodBZm2FR8cb"}],"group":"cf-nel","max_age":604800}
date
Wed, 09 Oct 2024 15:22:23 GMT
content-type
image/png
last-modified
Wed, 05 Apr 2023 16:30:06 GMT
x-amz-id-2
W6gN/YXuxukHoVep0dhyiebjSAIm8g3OJL+ym9zVvcRx42DrDiZK/tbIHOZbOePerBg49mLMQtY=
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
no-cache, no-store
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
EXZZ6P9BMHJ1ZEPV
cf-ray
8cff5da8ceba955d-LHR
accept-ranges
bytes
content-length
1631
server
cloudflare
x-amz-server-side-encryption
AES256
d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3.png
no-cache.hubspot.com/cta/default/1534169/
1 KB
2 KB
Image
General
Full URL
https://no-cache.hubspot.com/cta/default/1534169/d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3.png
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
be96a16025bfbe78bed5a7475f5877696f919dcf9b37939866f8c2d47af7976c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

cf-cache-status
DYNAMIC
etag
"eacaba2cc1bbf4de2a43469ab485d45e"
x-amz-version-id
null
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tdvg2mUWHir%2BKciE8ye4wEBeGWolnCf6Q4tJ0Iu9kgaMlc4laEMH1ZBN8fo0FITzl5q%2BF%2B%2FenkJajRY6dzY789l1GmNCKuxUEWmKMxoqGhUrLGs85HVfKPBzyLeQjfh2mA2Yr0BALZdKuj2477LUfJwa"}],"group":"cf-nel","max_age":604800}
date
Wed, 09 Oct 2024 15:22:23 GMT
content-type
image/png
last-modified
Fri, 18 Nov 2022 14:30:06 GMT
x-amz-id-2
YEsvFGebdVXyzeba/39reQCdlMURGSyPv6EgSnGEb7ovQ71aVM2CswmZDbDSg+SvZaMr5a4uJjU=
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
no-cache, no-store
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-request-id
EXZSGH0DVX4FMB35
cf-ray
8cff5da8cebe955d-LHR
accept-ranges
bytes
content-length
1384
server
cloudflare
x-amz-server-side-encryption
AES256
arrow.svg
www.morphisec.com/hubfs/
271 B
2 KB
Image
General
Full URL
https://www.morphisec.com/hubfs/arrow.svg
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1718666705155/module_109590708858_Header_-_Global.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8178a23344ec8e9b3f599125e10c07ec57bd94f1790a8b5b04f16d11747faded
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/

Response headers

x-robots-tag
all
content-encoding
br
cf-cache-status
HIT
etag
W/"4e0f4888e02de418e83ed88b0fb6b77b"
age
86711
cache-tag
F-109679247133,P-1534169,FLS-ALL
x-amz-version-id
NbewtlYhb0U79FAEY4s37zmrf8HRhCTq
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I4CE6v4U1pj2J3NVks8tp8MXRYeLKuy6AEsQ7zK5gwWBwWtogDyf8DvNQKR9MB17aHj4IYQwaPA8%2Fy7Vver6PpxeoZuWADr%2F9AxLYuaEI%2BbbwFCeuvNm1YhcOriWfSAluQca"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
RefreshHit from cloudfront
x-amz-cf-id
zleBpdySRZZqwav_jcZLDssNeOnd3htXLTuhAyykrjJpp1gMzDeznw==
content-type
image/svg+xml
last-modified
Wed, 05 Apr 2023 16:07:16 GMT
x-amz-meta-index-tag
all
x-amz-replication-status
COMPLETED
edge-cache-tag
F-109679247133,P-1534169,FLS-ALL
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id
8GK15PFBNEN5EGDG
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag
F-109679247133,P-1534169,FLS-ALL
x-hs-alternate-content-type
text/plain
server
cloudflare
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
access-control-allow-methods
GET
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:23 GMT
vary
Accept-Encoding
x-amz-id-2
Mp6c/KChHhJ7xXBsEaS2cSkQzvg5I70WDLQpsn9QfQwZ2a4++VgVHl63ot4a/Ik7Ce+/8+Bqfw8=
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
via
1.1 f5d0d7ef1ae798041bd732fc0f8e6dae.cloudfront.net (CloudFront)
cf-ray
8cff5da93cea94c6-LHR
access-control-allow-origin
*
x-amz-cf-pop
LHR3-C2
x-amz-meta-created-unix-time-millis
1680710835406
arrow-white.svg
blog.morphisec.com/hubfs/
349 B
1 KB
Image
General
Full URL
https://blog.morphisec.com/hubfs/arrow-white.svg
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d19d09e24c8a6da58f2db0561d49f8719a08c9d80561578116bf155a615bd98a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
all
content-encoding
br
cf-cache-status
HIT
etag
W/"60bbbc0bc1edd1fb7cca1a100a63be01"
age
86712
cache-tag
F-109627044436,P-1534169,FLS-ALL
x-amz-version-id
KMw_AMABoswm8oNvOvnloHZvZpdq9inh
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yHDHrBhvxmXPxrulmYunTxvmD%2BD2zsbNAxFDa4Oz5OSXUn53ZkB%2BVLZ902Om7omQg3xVcyY%2F1HBjhMvm84hRsBa9fiNG%2FvKYjLG48wj4gzHuKKDs7EK0iynOcHHIcLBl90zWfw%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
AyAOKWB0eOS52pQciqx1qsHO4TvqgyrPuTd4Npsy4z8QFNKx1sfvFg==
content-type
image/svg+xml
last-modified
Wed, 05 Apr 2023 11:35:44 GMT
x-amz-meta-index-tag
all
x-amz-replication-status
COMPLETED
edge-cache-tag
F-109627044436,P-1534169,FLS-ALL
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id
SXBQ63W6RDV2GT5Y
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag
F-109627044436,P-1534169,FLS-ALL
x-hs-alternate-content-type
text/plain
server
cloudflare
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
access-control-allow-methods
GET
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:23 GMT
vary
Accept-Encoding
x-amz-id-2
9uKXy21+zYF0zIfZHyugux74o8i5WM/EovcvfRdTf/OS8AuiwXYbeAW6M5oa4iNVz/vmabKWR28=
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
via
1.1 b61e218bc35668646b673c626203e5d4.cloudfront.net (CloudFront)
cf-ray
8cff5da8dc467750-LHR
access-control-allow-origin
*
x-amz-cf-pop
LHR3-C2
x-amz-meta-created-unix-time-millis
1680694543135
cybersecurity%20threat%20research%20blog.jpg
blog.morphisec.com/hubfs/
4 KB
5 KB
Image
General
Full URL
https://blog.morphisec.com/hubfs/cybersecurity%20threat%20research%20blog.jpg
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ad5d4193328e2083398686d67b7e67b9d7ab9b935d745746d186c33d07bf4a65
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
all
cf-cache-status
HIT
etag
"2b7b7ed7eb036c12623f2218a7bab31b"
age
86710
cache-tag
F-129397473892,P-1534169,FLS-ALL
x-amz-version-id
c0ZTjM3EuQi57sUJlqRjc9N65oFUDRbx
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pL9AeM3QhMKvOrQoxwrhlLenfvtg02njzmCVLqRmcjxlgJE8r%2Bpzx02IEpNdAvkRcmcEyPS1792WCN46E1PZNYZT%2F%2BVL%2BgDuT%2FtVPeQAcmtrmGN%2FYH%2F%2F9bcsyq6Y5CLAkB6Nxg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
RefreshHit from cloudfront
x-amz-cf-id
Ujq7iuzhm8Ww_5RNWguMKqLT37kEKt5z7w1s9Z8vqyUQPGr-ESIC7A==
content-type
image/webp
content-disposition
inline; filename="cybersecurity%20threat%20research%20blog.webp"
last-modified
Thu, 10 Aug 2023 11:55:30 GMT
x-amz-meta-index-tag
all
x-amz-replication-status
COMPLETED
edge-cache-tag
F-129397473892,P-1534169,FLS-ALL
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id
8GK6PW0YJDVEM73H
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
accept-ranges
bytes
x-amz-meta-cache-tag
F-129397473892,P-1534169,FLS-ALL
content-length
3770
x-hs-alternate-content-type
text/plain
server
cloudflare
x-amz-server-side-encryption
AES256
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
access-control-allow-methods
GET
x-amz-storage-class
INTELLIGENT_TIERING
cf-polished
qual=85, origFmt=jpeg, origSize=26491
date
Wed, 09 Oct 2024 15:22:23 GMT
vary
Accept, Accept-Encoding
x-amz-id-2
Vu7la2tFy4oWjFPuSqf/baR2BlGRSAiZqRSSSPEl4VwPPFPB7N8yMOFr7iZ9mb0pfp22lx87CN+F1+EUt6y/Pg==
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
via
1.1 f715245c12dc1f6bdadc387db50e442c.cloudfront.net (CloudFront)
cf-ray
8cff5da8dc497750-LHR
access-control-allow-origin
*
x-amz-cf-pop
LHR3-C2
x-amz-meta-created-unix-time-millis
1691668529263
footer-bg-01.svg
blog.morphisec.com/hubfs/
1010 B
2 KB
Image
General
Full URL
https://blog.morphisec.com/hubfs/footer-bg-01.svg
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
afebc654252e2e6725166fd88386decd2d62cbae24cf76f93af01051afcd22bf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
all
content-encoding
br
cf-cache-status
HIT
etag
W/"2ede0c7ada32266a0c611cfc210050ce"
age
86710
cache-tag
F-110476466060,P-1534169,FLS-ALL
x-amz-version-id
_gIdfKK3n3930Ooq3mAnm0BVYetLtdSX
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Y28F%2BJ2c53cahC1t5MqQJxo%2BUuyYV399BfwOwyDFgtplrWsID2zXwAMBIcD3zw436DFWbwvfH%2BL%2BmNGkMva5auT6wYHPICgA3hLNfehyzro6LbZ6bo1nV4IWSqFcOPfBxwWIjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
RefreshHit from cloudfront
x-amz-cf-id
MqlzBbsnnlXoIZWQ-jCFfzbYdu6c5fUD6T3NCecCh3V-PJGviqyUsA==
content-type
image/svg+xml
last-modified
Tue, 11 Apr 2023 13:55:41 GMT
x-amz-meta-index-tag
all
x-amz-replication-status
COMPLETED
edge-cache-tag
F-110476466060,P-1534169,FLS-ALL
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id
20PN1BZBWPHZST3G
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag
F-110476466060,P-1534169,FLS-ALL
x-hs-alternate-content-type
text/plain
server
cloudflare
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
access-control-allow-methods
GET
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:23 GMT
vary
Accept-Encoding
x-amz-id-2
xai+6mVF+5qP1APgjJnrnXe9rPmlbyS3b3HSN0DSFhlDKXCYNMpoRlZ2V3ZVEnZFkrtuAuOKOVJY7SA1cxuoZmHD8zwc8gny
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
via
1.1 e11502649b2fdd9cb3960f027c8c1ea2.cloudfront.net (CloudFront)
cf-ray
8cff5da8dc4d7750-LHR
access-control-allow-origin
*
x-amz-cf-pop
LHR3-C2
x-amz-meta-created-unix-time-millis
1681221340353
Montserrat-SemiBold.woff2
www.morphisec.com/hubfs/fonts/
65 KB
66 KB
Font
General
Full URL
https://www.morphisec.com/hubfs/fonts/Montserrat-SemiBold.woff2
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f3d8c648b4ec40e2369730c552db76ad40994c6dd489ff87b28f6fc1ea2ced96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://blog.morphisec.com
Referer
https://blog.morphisec.com/

Response headers

x-robots-tag
all
cf-cache-status
HIT
etag
"09e9af57c990afbf2833f00d90880b6b"
age
86711
cache-tag
F-109621325689,FD-109627043208,P-1534169,FLS-ALL
x-amz-version-id
N4AY2AcWVnuw91nHKeLaBhsvto1u2FqE
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oQPE4rCHOgMxOJkRa6MhkETqzSpammbXiaC9R7stLXzLO0h0zvk3a%2FnH5HQ%2FDzs3ga%2F2PDceBeriTcKd2%2Beof3w1mdKkZJeiBbWrZpoh8oi715GRXy%2BYPdSKdK2C2h%2Bp4XGr"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
RefreshHit from cloudfront
x-amz-cf-id
FN9Tkyyjz2HIP3nA7OEuNuzFmBd1lcIhviqU4BCSHgKfszYA28Hc1A==
content-type
application/font-woff2
last-modified
Wed, 05 Apr 2023 11:12:00 GMT
x-amz-meta-index-tag
all
x-amz-replication-status
COMPLETED
edge-cache-tag
F-109621325689,FD-109627043208,P-1534169,FLS-ALL
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id
B440T553P35NE0N2
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
accept-ranges
bytes
x-amz-meta-cache-tag
F-109621325689,FD-109627043208,P-1534169,FLS-ALL
content-length
66104
x-hs-alternate-content-type
text/plain
server
cloudflare
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
access-control-allow-methods
GET
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:23 GMT
vary
Accept-Encoding
x-amz-id-2
u0iw+/26DOCIwboMWPAw1CPQLmHSoYwR3EQngmw8RkURbRFSouewwylVqaGxfvQZffXkBB3eEVjZL7HwJFPM9EuhpesMNAWiQnUMppoHGHg=
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
via
1.1 9a0da3962832290b2dd219763f12257a.cloudfront.net (CloudFront)
cf-ray
8cff5da93b564052-LHR
access-control-allow-origin
*
x-amz-cf-pop
LHR3-C2
x-amz-meta-created-unix-time-millis
1680693119436
Montserrat-Light.woff2
www.morphisec.com/hubfs/fonts/
64 KB
65 KB
Font
General
Full URL
https://www.morphisec.com/hubfs/fonts/Montserrat-Light.woff2
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
636ecb5784f08327b02a785d4bbd25f44b0eeb98b3a8391ec47c0af6b87554a8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://blog.morphisec.com
Referer
https://blog.morphisec.com/

Response headers

x-robots-tag
all
cf-cache-status
HIT
etag
"aab897981ce728bf9faaf8d7e9273e82"
age
86712
cache-tag
F-109627043216,FD-109627043208,P-1534169,FLS-ALL
x-amz-version-id
pc80gFZ4d8MJD6P02C8Utp.DAeRoai1s
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RH2dkuiu76cZKnv7bbmUiCYGjEh0rwOXgcMdsDTXSSV1bgkgYYlNigHNtec8AlYVvUJbO0HAYUBb3o0dCawNMoTiWM4he6dSYC3qJpK5KaEz9pbSGk2NiNrfDG7knVEUTaZs"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
RefreshHit from cloudfront
x-amz-cf-id
wOn-wkej7iUojCb6RnCBLPR9RutMHpOWmvJhMJCmmOy8ikLbXZTUHg==
content-type
application/font-woff2
last-modified
Wed, 05 Apr 2023 11:12:00 GMT
x-amz-meta-index-tag
all
x-amz-replication-status
COMPLETED
edge-cache-tag
F-109627043216,FD-109627043208,P-1534169,FLS-ALL
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id
B44FJH6TPBFEF9AV
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
accept-ranges
bytes
x-amz-meta-cache-tag
F-109627043216,FD-109627043208,P-1534169,FLS-ALL
content-length
65268
x-hs-alternate-content-type
text/plain
server
cloudflare
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
access-control-allow-methods
GET
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:23 GMT
vary
Accept-Encoding
x-amz-id-2
kByvYUsb4vZ1mPt+1eko8EuEA8+qhYdcYkKlLT/omXziRFsJ7EaqIv2YRo/zU78WrtfeJPp1wTc=
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
via
1.1 07b994ddf00f39c9e5b18a963a695fd4.cloudfront.net (CloudFront)
cf-ray
8cff5da93b514052-LHR
access-control-allow-origin
*
x-amz-cf-pop
LHR3-C2
x-amz-meta-created-unix-time-millis
1680693119255
Montserrat-Medium.woff2
www.morphisec.com/hubfs/fonts/
64 KB
66 KB
Font
General
Full URL
https://www.morphisec.com/hubfs/fonts/Montserrat-Medium.woff2
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d4d476694bb5382da2de611b3b716fbed22fcd64d18753111b6d15a28667fd24
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://blog.morphisec.com
Referer
https://blog.morphisec.com/

Response headers

x-robots-tag
all
cf-cache-status
HIT
etag
"16c1a5b7a2037ec2bad9740c8b0ff8ee"
age
86711
cache-tag
F-109620535301,FD-109627043208,P-1534169,FLS-ALL
x-amz-version-id
FUjuK6I4k.9p.Gx8MyhsJW6pvpTlo4q4
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vd9X8YccVMaiv37FRyJb0JirDDSf2Dr2lShV9UTrqBAF4I8eAqSOBeU4MqMQ%2Fonpt5xfg0gr3KkdUv5wl8i2SFlkX2gT6XwLcUoHOYrXpCBAx3jSOMxd0PMBTsDPKw1E0UcD"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
RefreshHit from cloudfront
x-amz-cf-id
DfTSC4gci-ZCyH53-D-I0NJVOCVGvDGQZvTJu2r05T6N3zBl7UH6tg==
content-type
application/font-woff2
last-modified
Wed, 05 Apr 2023 11:12:00 GMT
x-amz-meta-index-tag
all
x-amz-replication-status
COMPLETED
edge-cache-tag
F-109620535301,FD-109627043208,P-1534169,FLS-ALL
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id
B448YR365CS6QA3C
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
accept-ranges
bytes
x-amz-meta-cache-tag
F-109620535301,FD-109627043208,P-1534169,FLS-ALL
content-length
66036
x-hs-alternate-content-type
text/plain
server
cloudflare
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
access-control-allow-methods
GET
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:23 GMT
vary
Accept-Encoding
x-amz-id-2
YCgx6s1YzRfC5IX58Lv4HuW1kA6HVmcDdhmDcC+3SJ7Bv9T6q7rgJvg1yEbapISLiI6aom/T7Kk=
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
via
1.1 1977dea801f0741d1661725223f1ca34.cloudfront.net (CloudFront)
cf-ray
8cff5da93b4e4052-LHR
access-control-allow-origin
*
x-amz-cf-pop
LHR3-C2
x-amz-meta-created-unix-time-millis
1680693119004
Montserrat-ExtraBold.woff2
www.morphisec.com/hubfs/fonts/
65 KB
67 KB
Font
General
Full URL
https://www.morphisec.com/hubfs/fonts/Montserrat-ExtraBold.woff2
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/template_assets/109621200285/1680693252014/2023/Fonts/fonts.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c8dfa70f0dccd44f1f69659a7d4715aef17d48c4a8f88d4868b919fc9aabb453
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://blog.morphisec.com
Referer
https://blog.morphisec.com/

Response headers

x-robots-tag
all
cf-cache-status
HIT
etag
"4e861b47db165af12ec0447c91b0167f"
age
88050
cache-tag
F-109628007973,FD-109627043208,P-1534169,FLS-ALL
x-amz-version-id
Ai1BLbuGpLfH9Dc8qMneVI9MZINf4ZFA
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zYowreS889mE9pv7%2BsqFyxDDnglMol%2BzW9JM1dBBP32y2Pqb89PhUiyORZaLglcjaxtPerfOp87vcAbR4otv222LMsDoJOuJWWy%2FI22NSzkeUIZRNhcwn5iyf2aqgx%2BL%2F44w"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
RefreshHit from cloudfront
x-amz-cf-id
lNLHaY17srA-ea3FMDHq3qGHlrnqQP_CBaY31mIhVkxOmXeErTfmww==
content-type
application/font-woff2
last-modified
Wed, 05 Apr 2023 11:12:00 GMT
x-amz-meta-index-tag
all
x-amz-replication-status
COMPLETED
edge-cache-tag
F-109628007973,FD-109627043208,P-1534169,FLS-ALL
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id
B448GF6F4AM1DQTV
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
accept-ranges
bytes
x-amz-meta-cache-tag
F-109628007973,FD-109627043208,P-1534169,FLS-ALL
content-length
66876
x-hs-alternate-content-type
text/plain
server
cloudflare
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
access-control-allow-methods
GET
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:23 GMT
vary
Accept-Encoding
x-amz-id-2
p1584HwV8GixZGd/67FKln2XLurY0S0aiprB9IaCH2dV/eDfOgDZ8sHIL6qaIf/ZW1Pau9uWj9JG0Mt1h/VkFFtMW3pwYjqJ
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
via
1.1 1d01c9eafefacaa6322fccd6199f781c.cloudfront.net (CloudFront)
cf-ray
8cff5da93b534052-LHR
access-control-allow-origin
*
x-amz-cf-pop
LHR3-C2
x-amz-meta-created-unix-time-millis
1680693119362
search_icon.svg
blog.morphisec.com/hubfs/
350 B
1 KB
Image
General
Full URL
https://blog.morphisec.com/hubfs/search_icon.svg
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
939c1b1420c9dcd654cf23e16482d791454288ca4ff1059fb8839412cc29b2a5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
all
content-encoding
br
cf-cache-status
HIT
etag
W/"3d95f4288550b5cf8de25c3fedbd715b"
age
86712
cache-tag
F-109619762806,P-1534169,FLS-ALL
x-amz-version-id
1GYCNZt2jwANbtrTaH7YaF79VqL7t05m
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=skGdtlltif3DjA4EHU5mswkYrWzDWd2R6Csjpd7uTUdoSYfN30eu6H95nLKG0OPGGUkAX9QUovA%2FZxkFEylitnU5WdpelN9lr%2F00xK5a%2FBiokrx%2FQ8STQvFWGS0O5W%2FDuDmt1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
fFcUPnpUCdx7hYYGaa61t_z4AGHpNtsgKVkBv9dbxXrjJXa2Mg4y9w==
content-type
image/svg+xml
last-modified
Wed, 05 Apr 2023 10:44:27 GMT
x-amz-meta-index-tag
all
x-amz-replication-status
COMPLETED
edge-cache-tag
F-109619762806,P-1534169,FLS-ALL
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id
SXBY3Z6SVT4FXTX3
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag
F-109619762806,P-1534169,FLS-ALL
x-hs-alternate-content-type
text/plain
server
cloudflare
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
access-control-allow-methods
GET
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:23 GMT
vary
Accept-Encoding
x-amz-id-2
gk87Jk5WF0Me7uPzHBaaHxVctsc05hmdf8qAnrJj0WnK+c+/KaqCmD5n7iWdSQpdVTfBinOLYr7pCcUCMfkbxmoNvEa/03vW341HSZnC3T0=
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
via
1.1 02b64e603ed38c4fa65e6d087701f8de.cloudfront.net (CloudFront)
cf-ray
8cff5da90ca17750-LHR
access-control-allow-origin
*
x-amz-cf-pop
LHR3-C2
x-amz-meta-created-unix-time-millis
1680691466397
blog.svg
blog.morphisec.com/hubfs/
797 B
2 KB
Image
General
Full URL
https://blog.morphisec.com/hubfs/blog.svg
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3e8357cc1fe184a45255c2831770245aa454c3e957dfe3df6a0ee789ac77e01
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
all
content-encoding
br
cf-cache-status
HIT
etag
W/"8d9f2f91fe33b0b94a5bef7287c3abbf"
age
86712
cache-tag
F-109682604959,P-1534169,FLS-ALL
x-amz-version-id
ijpJM2MB9gHe5XFpk9UWNXBHqcRn_Olq
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d3vrWyDaLkiipJOzKzRrBMQSHHMxLsXEwW4A3%2FIJ24hZqGYRHTZQ5o4lP22HcLSqOY%2F3b0ajFTwU4G65MshfdK%2BtFmHMEcormi0qXt3j9QZ9KJcOXaI9FdLtBb0tb8AYcoKpDA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
XLXRUqYH8ANLv-xO2jo0t5fpPY7LF0KmkqMLgxkhjXVKdPmaJuQPsg==
content-type
image/svg+xml
last-modified
Wed, 05 Apr 2023 16:17:05 GMT
x-amz-meta-index-tag
all
x-amz-replication-status
COMPLETED
edge-cache-tag
F-109682604959,P-1534169,FLS-ALL
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id
SXBW5DKYHXQTM7M7
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag
F-109682604959,P-1534169,FLS-ALL
x-hs-alternate-content-type
text/plain
server
cloudflare
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
access-control-allow-methods
GET
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:23 GMT
vary
Accept-Encoding
x-amz-id-2
bxi0vyWLio1DExAwmGoautzwARjN0z4AlY0TD3V7SA/vPZbBJ6LPBDIKB+dfHoI1Ks/NK23+8MQ=
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
via
1.1 c5e8408e2914e204df7d18fc961818b4.cloudfront.net (CloudFront)
cf-ray
8cff5da90cad7750-LHR
access-control-allow-origin
*
x-amz-cf-pop
LHR3-C2
x-amz-meta-created-unix-time-millis
1680711424510
Lua%20Malware%20-blog_1200x628_v.2.1.png
blog.morphisec.com/hs-fs/hubfs/
662 KB
663 KB
Image
General
Full URL
https://blog.morphisec.com/hs-fs/hubfs/Lua%20Malware%20-blog_1200x628_v.2.1.png?width=1200&height=628&name=Lua%20Malware%20-blog_1200x628_v.2.1.png
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3d93d5144aa92ce528b62411b356b19acf53b1d20b2600f4daa2ae1e0ec6f6d6
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

cf-cache-status
HIT
etag
"cfXYesKW21JotJbGYZsLEir74cP85LQoHV409H_JZsDQ:b58566989374e54f2e194c84be613b97"
cache-tag
F-180445670815,P-1534169,FLS-ALL
cf-resized
internal=ok/m q=0 n=694+106 c=0+0 v=2024.10.0 l=677738 f=false
cf-bgj
imgq:100,h2pri
x-content-type-options
nosniff
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SsqDXn70T%2FtoFdDCIslcPmzN%2FQY%2FWbTNhRNWwTS4cV3ceokfkfNjdmUNIjD8Ii%2BmEWARN8O8M%2BYLEZd%2FLM%2BIdkHDxaFeNMXhUZHaO4C%2Bk01U%2BRHye7JkFkOgPOtUP1H7GKSIfQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
date
Wed, 09 Oct 2024 15:22:23 GMT
content-type
image/webp
last-modified
Mon, 07 Oct 2024 19:34:57 GMT
vary
Accept, Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via
1.1 9fdd5bd72604beaad36fa6d3b5b0ff10.cloudfront.net (CloudFront)
cf-ray
8cff5da90cb57750-LHR
accept-ranges
bytes
access-control-allow-origin
*
content-length
677738
server
cloudflare
Lua%20Malware%20Diagram%202.png
blog.morphisec.com/hs-fs/hubfs/
18 KB
19 KB
Image
General
Full URL
https://blog.morphisec.com/hs-fs/hubfs/Lua%20Malware%20Diagram%202.png?width=790&height=628&name=Lua%20Malware%20Diagram%202.png
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9eca9cd8976d44f3a71fccbaa9b2c0e343611b00738a1cd4b44f8d48c532f493
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

cf-cache-status
HIT
etag
"cf1dIBKCxAlhekXpZCnh-JLofYCPwaSN6FlKuS4-jODQ:19b0e4586753569c64a1d3ec1536c50d"
cache-tag
F-180531580480,P-1534169,FLS-ALL
cf-resized
internal=ok/m q=0 n=659+244 c=0+0 v=2024.10.0 l=18804 f=false
cf-bgj
imgq:86,h2pri
x-content-type-options
nosniff
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HPBcSAV8%2B0vyfolXYBTIb9igUm7O68AJiA06kX7wD1I27fY%2Fp0OgpZMo2%2B8cWsx69VwTV%2FYnVHjnodZ%2BczPHFdAXO3B2mIJc7xuHpRJ8%2FI938z%2BzVz8KvU4Z4WfyzIkhOteFRg%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
date
Wed, 09 Oct 2024 15:22:23 GMT
content-type
image/webp
last-modified
Tue, 08 Oct 2024 17:38:10 GMT
vary
Accept, Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via
1.1 e7cf9a8aaf525a2173517459ff93701e.cloudfront.net (CloudFront)
cf-ray
8cff5da90cbe7750-LHR
accept-ranges
bytes
access-control-allow-origin
*
content-length
18804
server
cloudflare
banner.no-autoblock.js
consent.cookiefirst.com/
101 KB
35 KB
Script
General
Full URL
https://consent.cookiefirst.com/banner.no-autoblock.js
Requested by
Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/sites/blog.morphisec.com-66e189ea-c6b6-4303-9c8a-423cc0c43c31/consent.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
Cookie First CDN-DE1-1081 /
Resource Hash
6efc82fc06418713bde2d45d6d3fc18db88c9bf93c8bde58543f4f220a50d34e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

cdn-status
200
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
content-encoding
br
etag
"66febcbf-19235"
cdn-fileserver
588
date
Wed, 09 Oct 2024 15:22:23 GMT
cdn-storageserver
DE-639
last-modified
Thu, 03 Oct 2024 15:48:15 GMT
content-type
application/javascript
vary
Accept-Encoding
cdn-cache
HIT
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-requestpullcode
200
cdn-cachedat
10/03/2024 15:58:50
cache-control
public, max-age=1200
cdn-requestpullsuccess
True
visitor-location
GB
cdn-requesttime
0
cdn-uid
d602dab6-3f92-4809-a378-608fd2b89403
cdn-requestid
af53065f61a8531aa5bb95b420763aa4
cdn-pullzone
236985
cdn-proxyver
1.04
access-control-allow-origin
*
cdn-edgestorageid
1081
server
Cookie First CDN-DE1-1081
cdn-requestcountrycode
GB
version.json
consent.cookiefirst.com/sites/blog.morphisec.com-66e189ea-c6b6-4303-9c8a-423cc0c43c31/
44 B
810 B
Fetch
General
Full URL
https://consent.cookiefirst.com/sites/blog.morphisec.com-66e189ea-c6b6-4303-9c8a-423cc0c43c31/version.json?v=1728487343655
Requested by
Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
Cookie First CDN-DE1-1081 /
Resource Hash
b24536168c724b20d776f3fcef84511dd5986de04f1aafba6d219bf1d73fec08

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

cdn-status
200
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
content-encoding
br
etag
"66fcc919-2c"
cdn-fileserver
588
date
Wed, 09 Oct 2024 15:22:23 GMT
cdn-storageserver
DE-382
last-modified
Wed, 02 Oct 2024 04:16:25 GMT
content-type
application/json
vary
Accept-Encoding
cdn-cache
MISS
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-requestpullcode
200
cdn-cachedat
10/09/2024 15:22:23
cache-control
public, max-age=10
cdn-requestpullsuccess
True
visitor-location
GB
cdn-requesttime
0
cdn-uid
d602dab6-3f92-4809-a378-608fd2b89403
cdn-requestid
42f383210970f836d86e20cfda8920f7
cdn-pullzone
236985
cdn-proxyver
1.04
access-control-allow-origin
*
cdn-edgestorageid
1079
server
Cookie First CDN-DE1-1081
cdn-requestcountrycode
GB
location
edge.cookiefirst.com/prod/
67 B
489 B
Fetch
General
Full URL
https://edge.cookiefirst.com/prod/location?origin=blog.morphisec.com
Requested by
Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
169.150.247.39 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
169-150-247-39.bunnyinfra.net
Software
BunnyCDN-DE1-1082 /
Resource Hash
8c2aedcef33401bf99f0ac5cc335423d2bfb1edb20e5bbf2bddcc24fdc728421

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

cdn-status
200
date
Wed, 09 Oct 2024 15:22:23 GMT
content-type
application/json; charset=utf-8
cdn-cachedat
10/09/2024 15:22:23
cdn-cache
BYPASS
cdn-requestpullcode
200
cache-control
public, max-age=1200
cdn-requestpullsuccess
True
cdn-requesttime
1
cdn-uid
d602dab6-3f92-4809-a378-608fd2b89403
cdn-requestid
62903d653ee3a511900d031dd8517103
cdn-pullzone
717911
cdn-proxyver
1.04
access-control-allow-origin
https://blog.morphisec.com
content-length
67
cdn-edgestorageid
1082
server
BunnyCDN-DE1-1082
cdn-requestcountrycode
GB
cf-bc-handler.html
www.morphisec.com/ Frame 432D
360 B
1 KB
Document
General
Full URL
https://www.morphisec.com/cf-bc-handler.html
Requested by
Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c8f61ff99bdb7078fb9a587059822d308fa9f3e5f9765101876426ab9c4363cc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/threat-analysis-lua-malware
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-methods
GET
access-control-allow-origin
*
age
86712
alt-svc
h3=":443"; ma=86400
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
cache-tag
F-95081226133,P-1534169,FLS-ALL
cf-cache-status
HIT
cf-ray
8cff5dabd8f694c6-LHR
content-encoding
br
content-type
text/html
date
Wed, 09 Oct 2024 15:22:24 GMT
edge-cache-tag
F-95081226133,P-1534169,FLS-ALL
last-modified
Mon, 12 Dec 2022 16:53:21 GMT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fzVJyL5k3NVkhI5QC4cqhLuqPZff7ogrTiE0mosezdk4f%2BvztiK1DRw0KgwPqIvmwMAALbwmGIst%2FOj2r1b327WrWL31YUglgu8AiMOImb%2B9o0E7AKKQMeVHbTebfKABs3hB"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
vary
Accept-Encoding
via
1.1 84e2de61192ccb090a6d645d1117e3ea.cloudfront.net (CloudFront)
x-amz-cf-id
frjctij-r8qmiFZ9Sl2fkx4tpoEgUU1w-ItmkwcTIVCkvXxxiAFL5g==
x-amz-cf-pop
LHR3-C2
x-amz-id-2
j9mT0vAR9L1+qof/kekNdWNWkA/zKHLMDws0WcyS8UwWa/PD+K2Mz/VCzkGk2Jx9g3fP4ubqpFs=
x-amz-meta-cache-tag
F-95081226133,P-1534169,FLS-ALL
x-amz-meta-created-unix-time-millis
1670864000194
x-amz-meta-index-tag
all
x-amz-replication-status
COMPLETED
x-amz-request-id
1Q4H2TFFR5GFXMG9
x-amz-server-side-encryption
AES256
x-amz-storage-class
INTELLIGENT_TIERING
x-amz-version-id
6goLS1KRlaJxTu_k6uCFvNA00uRjo5Yl
x-cache
RefreshHit from cloudfront
x-hs-alternate-content-type
text/plain
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
x-robots-tag
all
bc-handler.min.js
consent.cookiefirst.com/bulk/ Frame 432D
577 B
1 KB
Script
General
Full URL
https://consent.cookiefirst.com/bulk/bc-handler.min.js?v=1728487344087
Requested by
Host: www.morphisec.com
URL: https://www.morphisec.com/cf-bc-handler.html
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
Cookie First CDN-DE1-1081 /
Resource Hash
d27825196ad091987820f3ead157595d5a5e482b8849982da00b9395a6f590bb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.morphisec.com/

Response headers

cdn-status
200
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
content-encoding
br
etag
"664e0597-241"
cdn-fileserver
599
date
Wed, 09 Oct 2024 15:22:24 GMT
cdn-storageserver
DE-383
last-modified
Wed, 22 May 2024 14:47:51 GMT
content-type
application/javascript
vary
Accept-Encoding
cdn-cache
MISS
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-requestpullcode
200
cdn-cachedat
10/09/2024 15:22:24
cache-control
public, max-age=31919000
cdn-requestpullsuccess
True
visitor-location
GB
cdn-requesttime
0
cdn-uid
d602dab6-3f92-4809-a378-608fd2b89403
cdn-requestid
bca2cbee7eb7a17d7c8706033da74463
cdn-pullzone
236985
cdn-proxyver
1.04
access-control-allow-origin
*
cdn-edgestorageid
1081
server
Cookie First CDN-DE1-1081
cdn-requestcountrycode
GB
lang-widget-en.json
consent.cookiefirst.com/sites/blog.morphisec.com-66e189ea-c6b6-4303-9c8a-423cc0c43c31/
13 KB
5 KB
Fetch
General
Full URL
https://consent.cookiefirst.com/sites/blog.morphisec.com-66e189ea-c6b6-4303-9c8a-423cc0c43c31/lang-widget-en.json?v=ec5ead77-9124-4c77-be61-71e8e48ff6e5
Requested by
Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
Cookie First CDN-DE1-1081 /
Resource Hash
e87978b552cbe6214a20f0be6d366b9ffb523989bfbeb46f49852d3d961adad7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

cdn-status
200
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
content-encoding
br
etag
"66fcc919-34f9"
cdn-fileserver
588
date
Wed, 09 Oct 2024 15:22:24 GMT
cdn-storageserver
DE-639
last-modified
Wed, 02 Oct 2024 04:16:25 GMT
content-type
application/json
vary
Accept-Encoding
cdn-cache
HIT
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-requestpullcode
200
cdn-cachedat
10/02/2024 04:21:47
cache-control
public, max-age=31919000
cdn-requestpullsuccess
True
visitor-location
GB
cdn-requesttime
0
cdn-uid
d602dab6-3f92-4809-a378-608fd2b89403
cdn-requestid
4b83a7c5d1c080917a269a693353d7e1
cdn-pullzone
236985
cdn-proxyver
1.04
access-control-allow-origin
*
cdn-edgestorageid
1079
server
Cookie First CDN-DE1-1081
cdn-requestcountrycode
GB
hotjar-3506314.js
static.hotjar.com/c/
13 KB
5 KB
Script
General
Full URL
https://static.hotjar.com/c/hotjar-3506314.js?sv=7
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQBJZ8K
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.102.53 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-102-53.fra56.r.cloudfront.net
Software
/
Resource Hash
7fe2cb1527f99acc0618e80a9e62ef095c80eec4ba411d58e5faa1b9ec516bf6
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

content-encoding
br
etag
W/4d47cf8ddc0b32dae58810d50ca06f65
age
10
x-content-type-options
nosniff
x-cache-hit
1
x-cache
Hit from cloudfront
x-amz-cf-id
BE1uIsapwJguHRiSOPw8xiNNc2vEuthwzsf_71VQOeCsDuQQAJZuqQ==
date
Wed, 09 Oct 2024 15:22:14 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
max-age=60
cross-origin-resource-policy
cross-origin
via
1.1 c2e56cd54e2593df95ccca8a6d98c958.cloudfront.net (CloudFront)
access-control-allow-origin
*
x-amz-cf-pop
FRA56-P2
fbevents.js
connect.facebook.net/en_US/
226 KB
58 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.253.1 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-fra5.fbcdn.net
Software
/
Resource Hash
48ba1993011db4834882d81b2153753437607292f704a6543d4466c0f6d1372a
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'unsafe-inline' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 09 Oct 2024 15:22:24 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'unsafe-inline' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=42, rtx=0, c=23, mss=1232, tbw=4405, tp=9, tpl=0, uplat=1, ullat=-1
pragma
public
x-fb-debug
PzuDrSt4U7tdGdiKMyTMqO2IX2tVg8VUyu7F9qJSNnHmiSVwI7ceNS0D47f2RhBNO7HjUTcb3MgknWblW3QPEg==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
59131
x-xss-protection
0
origin-agent-cluster
?1
insight.min.js
snap.licdn.com/li.lms-analytics/
40 KB
14 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:10::210:a9a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

cache-control
max-age=38842
content-encoding
gzip
x-cdn
AKAM
x-content-type-options
nosniff
accept-ranges
bytes
content-length
14628
date
Wed, 09 Oct 2024 15:22:24 GMT
last-modified
Thu, 22 Aug 2024 10:43:55 GMT
content-type
application/javascript;charset=utf-8
vary
Accept-Encoding
x-amz-server-side-encryption
AES256
8424750.js
snid.snitcher.com/
24 KB
25 KB
Script
General
Full URL
https://snid.snitcher.com/8424750.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.181.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-181-126.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
47437aff3fa69a45a21004a9e4da120d5a12d61b853df4226587f9d3443b3856

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

apigw-requestid
fY3jmhzRliAEJnw=
cache-control
max-age=1800, private
access-control-allow-origin
*
content-length
24918
x-vapor-base64-encode
True
date
Wed, 09 Oct 2024 15:22:24 GMT
content-type
application/javascript
tags.js
tag.clearbitscripts.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/
17 KB
5 KB
Script
General
Full URL
https://tag.clearbitscripts.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/tags.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PQBJZ8K
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2670:6e00:7:d7d6:3c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Clearbit /
Resource Hash
3fc6f43f8d589a8e68a0242c1b868cc5219f5bd368d1b960af52716a8541dfec
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
cache-control
private, max-age=600
content-encoding
gzip
etag
W/"4dc4ea822cc55aa67719411f6076fcbc"
x-envoy-response-flags
-
x-content-type-options
nosniff
via
1.1 ae80ccab7109b5d2f1c1ee784af203a6.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
x-amz-cf-id
6jb5wKYrRFxmoxyF4kJPoHp56aqU6ageMBW7BtnJJub-Zsvy54DYHw==
date
Wed, 09 Oct 2024 15:22:24 GMT
content-type
application/javascript;charset=utf-8
vary
Accept-Encoding
server
Clearbit
x-amz-cf-pop
FRA56-P9
lt-v3.js
lltrck.com/scripts/
0
0

tracking.js
trk.techtarget.com/
3 KB
2 KB
Script
General
Full URL
https://trk.techtarget.com/tracking.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:1347 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
Security Headers
Name Value
Strict-Transport-Security max-age=0; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

strict-transport-security
max-age=0; includeSubDomains; preload
cache-control
public, max-age=1200
content-encoding
br
cf-bgj
minify
cf-cache-status
HIT
age
44848
via
1.1 google
cf-ray
8cff5dae3d4fcdc2-LHR
expires
Wed, 09 Oct 2024 15:42:24 GMT
date
Wed, 09 Oct 2024 15:22:24 GMT
content-type
text/javascript
last-modified
Tue, 13 Dec 2022 15:01:39 GMT
vary
Accept-Encoding
server
cloudflare
sl.js
scout-cdn.salesloft.com/
6 KB
3 KB
Script
General
Full URL
https://scout-cdn.salesloft.com/sl.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:4869 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

content-encoding
br
cf-cache-status
HIT
x-amz-version-id
6anzvBQcvmaBDc8BSO9zI6Th.IIiwArc
etag
W/"d74cc4825c8e333b2116da3fcc649db1"
age
1764
x-content-type-options
nosniff
expires
Wed, 09 Oct 2024 19:22:24 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 09 Oct 2024 15:22:24 GMT
content-type
application/javascript
last-modified
Mon, 13 Dec 2021 16:28:37 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
x-amz-id-2
o4rFnWcFPgowPsonZ0BrR8/5qSOV41n7ioZNO3Lbp/IGKnBS4V0NlZ4QiSS+gp5l0hfsGawfryU=
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
public, max-age=14400
x-amz-request-id
JMJNC6ZB34H335Z5
cf-ray
8cff5dae6e3ecd31-LHR
access-control-allow-origin
*
server
cloudflare
162.13f2.c.js
consent.cookiefirst.com/banner/v2.14.50/static-main-no-autoblock/
6 KB
3 KB
Script
General
Full URL
https://consent.cookiefirst.com/banner/v2.14.50/static-main-no-autoblock/162.13f2.c.js
Requested by
Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
Cookie First CDN-DE1-1081 /
Resource Hash
bdd1d266ae01452fc70f49bd77332953f6c48465656b6060852062924a0f7e6f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

cdn-status
200
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
content-encoding
br
etag
"66febcbf-1804"
cdn-fileserver
817
date
Wed, 09 Oct 2024 15:22:24 GMT
cdn-storageserver
DE-676
last-modified
Thu, 03 Oct 2024 15:48:15 GMT
content-type
application/javascript
vary
Accept-Encoding
cdn-cache
HIT
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-requestpullcode
200
cdn-cachedat
10/03/2024 15:48:15
cache-control
public, max-age=31919000
cdn-requestpullsuccess
True
visitor-location
GB
cdn-requesttime
0
cdn-uid
d602dab6-3f92-4809-a378-608fd2b89403
cdn-requestid
695764e2b407ff2bf38323c926438600
cdn-pullzone
236985
cdn-proxyver
1.04
access-control-allow-origin
*
cdn-edgestorageid
1082
server
Cookie First CDN-DE1-1081
cdn-requestcountrycode
GB
345.e308.c.css
consent.cookiefirst.com/banner/v2.14.50/static-main-no-autoblock/
19 KB
6 KB
Stylesheet
General
Full URL
https://consent.cookiefirst.com/banner/v2.14.50/static-main-no-autoblock/345.e308.c.css
Requested by
Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
Cookie First CDN-DE1-1081 /
Resource Hash
ba7dc0cc2741341a8134b4446d67e2068ac2c211a9f774c92d55ce3a6b32220d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

cdn-status
200
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
content-encoding
br
etag
"66febcbe-4db7"
cdn-fileserver
817
date
Wed, 09 Oct 2024 15:22:24 GMT
cdn-storageserver
DE-637
last-modified
Thu, 03 Oct 2024 15:48:14 GMT
content-type
text/css
vary
Accept-Encoding
cdn-cache
HIT
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-requestpullcode
200
cdn-cachedat
10/05/2024 03:56:21
cache-control
public, max-age=31919000
cdn-requestpullsuccess
True
visitor-location
GB
cdn-requesttime
1
cdn-uid
d602dab6-3f92-4809-a378-608fd2b89403
cdn-requestid
dbaf70a9b942165f4c69e775b2aad647
cdn-pullzone
236985
cdn-proxyver
1.04
access-control-allow-origin
*
cdn-edgestorageid
1081
server
Cookie First CDN-DE1-1081
cdn-requestcountrycode
GB
345.f38b.c.js
consent.cookiefirst.com/banner/v2.14.50/static-main-no-autoblock/
15 KB
6 KB
Script
General
Full URL
https://consent.cookiefirst.com/banner/v2.14.50/static-main-no-autoblock/345.f38b.c.js
Requested by
Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
Cookie First CDN-DE1-1081 /
Resource Hash
76a0ba788a9e1c9a498af794e2cb82d3133d31b4492540c0f7984e1c74421669

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

cdn-status
200
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
content-encoding
br
etag
"66febcbe-3b13"
cdn-fileserver
728
date
Wed, 09 Oct 2024 15:22:24 GMT
cdn-storageserver
DE-636
last-modified
Thu, 03 Oct 2024 15:48:14 GMT
content-type
application/javascript
vary
Accept-Encoding
cdn-cache
HIT
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-requestpullcode
200
cdn-cachedat
10/03/2024 15:48:15
cache-control
public, max-age=31919000
cdn-requestpullsuccess
True
visitor-location
GB
cdn-requesttime
0
cdn-uid
d602dab6-3f92-4809-a378-608fd2b89403
cdn-requestid
c9dabd52a3c012d54d84ce7cf06b9730
cdn-pullzone
236985
cdn-proxyver
1.04
access-control-allow-origin
*
cdn-edgestorageid
1082
server
Cookie First CDN-DE1-1081
cdn-requestcountrycode
GB
ui.1790.c.css
consent.cookiefirst.com/banner/v2.14.50/static-main-no-autoblock/
15 KB
5 KB
Stylesheet
General
Full URL
https://consent.cookiefirst.com/banner/v2.14.50/static-main-no-autoblock/ui.1790.c.css
Requested by
Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
Cookie First CDN-DE1-1081 /
Resource Hash
df4046988638fbeffc42c1cdef8173da32fdfac013160c034c4acc5f93be0388

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

cdn-status
200
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
content-encoding
br
etag
"66febcbe-3bff"
cdn-fileserver
728
date
Wed, 09 Oct 2024 15:22:24 GMT
cdn-storageserver
DE-588
last-modified
Thu, 03 Oct 2024 15:48:14 GMT
content-type
text/css
vary
Accept-Encoding
cdn-cache
HIT
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-requestpullcode
200
cdn-cachedat
10/03/2024 15:48:15
cache-control
public, max-age=31919000
cdn-requestpullsuccess
True
visitor-location
GB
cdn-requesttime
0
cdn-uid
d602dab6-3f92-4809-a378-608fd2b89403
cdn-requestid
9615066d7be26a695d31bf32b7205332
cdn-pullzone
236985
cdn-proxyver
1.04
access-control-allow-origin
*
cdn-edgestorageid
1080
server
Cookie First CDN-DE1-1081
cdn-requestcountrycode
GB
ui.353e.c.js
consent.cookiefirst.com/banner/v2.14.50/static-main-no-autoblock/
46 KB
16 KB
Script
General
Full URL
https://consent.cookiefirst.com/banner/v2.14.50/static-main-no-autoblock/ui.353e.c.js
Requested by
Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
Cookie First CDN-DE1-1081 /
Resource Hash
1ba3e04dc2c81134d261f4672efe516c36e7eed4d9da96e82667f055b276bd68

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

cdn-status
200
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
content-encoding
br
etag
"66febcbe-b634"
cdn-fileserver
818
date
Wed, 09 Oct 2024 15:22:24 GMT
cdn-storageserver
DE-634
last-modified
Thu, 03 Oct 2024 15:48:14 GMT
content-type
application/javascript
vary
Accept-Encoding
cdn-cache
HIT
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-requestpullcode
200
cdn-cachedat
10/03/2024 15:48:15
cache-control
public, max-age=31919000
cdn-requestpullsuccess
True
visitor-location
GB
cdn-requesttime
0
cdn-uid
d602dab6-3f92-4809-a378-608fd2b89403
cdn-requestid
6200ed26246b189d63cc211916783cec
cdn-pullzone
236985
cdn-proxyver
1.04
access-control-allow-origin
*
cdn-edgestorageid
1082
server
Cookie First CDN-DE1-1081
cdn-requestcountrycode
GB
233.362b.c.css
consent.cookiefirst.com/banner/v2.14.50/static-main-no-autoblock/
127 B
829 B
Stylesheet
General
Full URL
https://consent.cookiefirst.com/banner/v2.14.50/static-main-no-autoblock/233.362b.c.css
Requested by
Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
Cookie First CDN-DE1-1081 /
Resource Hash
e7902b56545718b3f9dcc015b4acab60270239d559b0adaae9e5c81dd95a89a1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

cdn-status
200
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
content-encoding
br
etag
"66febcbe-7f"
cdn-fileserver
817
date
Wed, 09 Oct 2024 15:22:24 GMT
cdn-storageserver
DE-635
last-modified
Thu, 03 Oct 2024 15:48:14 GMT
content-type
text/css
vary
Accept-Encoding
cdn-cache
HIT
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-requestpullcode
200
cdn-cachedat
10/03/2024 15:48:15
cache-control
public, max-age=31919000
cdn-requestpullsuccess
True
visitor-location
GB
cdn-requesttime
0
cdn-uid
d602dab6-3f92-4809-a378-608fd2b89403
cdn-requestid
37650c369a7c55e7238cf211efa868c9
cdn-pullzone
236985
cdn-proxyver
1.04
access-control-allow-origin
*
cdn-edgestorageid
1081
server
Cookie First CDN-DE1-1081
cdn-requestcountrycode
GB
233.8420.c.js
consent.cookiefirst.com/banner/v2.14.50/static-main-no-autoblock/
96 B
854 B
Script
General
Full URL
https://consent.cookiefirst.com/banner/v2.14.50/static-main-no-autoblock/233.8420.c.js
Requested by
Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
Cookie First CDN-DE1-1081 /
Resource Hash
b364babb52cb930beb7e5e61f549d739c155b2f8a24415bb8b401b0d6cb3eddb

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

cdn-status
200
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
content-encoding
br
etag
"66febcbe-60"
cdn-fileserver
861
date
Wed, 09 Oct 2024 15:22:24 GMT
cdn-storageserver
DE-638
last-modified
Thu, 03 Oct 2024 15:48:14 GMT
content-type
application/javascript
vary
Accept-Encoding
cdn-cache
HIT
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-requestpullcode
200
cdn-cachedat
10/03/2024 15:48:15
cache-control
public, max-age=31919000
cdn-requestpullsuccess
True
visitor-location
GB
cdn-requesttime
0
cdn-uid
d602dab6-3f92-4809-a378-608fd2b89403
cdn-requestid
f58684597f95411b2ae7cea616d4d4b5
cdn-pullzone
236985
cdn-proxyver
1.04
access-control-allow-origin
*
cdn-edgestorageid
1082
server
Cookie First CDN-DE1-1081
cdn-requestcountrycode
GB
inspectlet.js
cdn.inspectlet.com/
188 KB
65 KB
Script
General
Full URL
https://cdn.inspectlet.com/inspectlet.js?wid=3274945&r=480135
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.10.172 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5d554121551df68e414c85920b6541d2e92251a189ff19a4b1f8dffe97ce1cb5

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1728487334&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&s=g8Wx7bOcyr2bQX0vyUrV8oyOWZTfVPXF4y%2BFYT23eM0%3D
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
cache-control
s-maxage=60, max-age=14400
content-encoding
br
cf-cache-status
HIT
age
10
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1728487334&sid=c46efe9b-d3d2-4a0c-8c76-bfafa16c5add&s=g8Wx7bOcyr2bQX0vyUrV8oyOWZTfVPXF4y%2BFYT23eM0%3D"}]}
via
1.1 vegur
cf-ray
8cff5dae796a35da-LHR
date
Wed, 09 Oct 2024 15:22:24 GMT
content-type
text/javascript;charset=UTF-8
last-modified
Wed, 09 Oct 2024 15:22:14 GMT
vary
Accept-Encoding
server
cloudflare
styles.css
consent.cookiefirst.com/sites/blog.morphisec.com-66e189ea-c6b6-4303-9c8a-423cc0c43c31/
1 KB
1 KB
Fetch
General
Full URL
https://consent.cookiefirst.com/sites/blog.morphisec.com-66e189ea-c6b6-4303-9c8a-423cc0c43c31/styles.css?v=ec5ead77-9124-4c77-be61-71e8e48ff6e5
Requested by
Host: consent.cookiefirst.com
URL: https://consent.cookiefirst.com/banner.no-autoblock.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1081:1 , Germany, ASN60068 (CDN77 _, GB),
Reverse DNS
Software
Cookie First CDN-DE1-1081 /
Resource Hash
cf1d86ae566e620f5f69c4627e1859d61567555afbc78c397876cde4760c7dad

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

cdn-status
200
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, visitor-location
content-encoding
br
etag
"66fcc919-5e1"
cdn-fileserver
588
date
Wed, 09 Oct 2024 15:22:24 GMT
cdn-storageserver
DE-383
last-modified
Wed, 02 Oct 2024 04:16:25 GMT
content-type
text/css
vary
Accept-Encoding
cdn-cache
HIT
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match, traceparent
cdn-requestpullcode
200
cdn-cachedat
10/02/2024 04:21:47
cache-control
public, max-age=31919000
cdn-requestpullsuccess
True
visitor-location
GB
cdn-requesttime
1
cdn-uid
d602dab6-3f92-4809-a378-608fd2b89403
cdn-requestid
b062b5177481524770cbb144fd6090f3
cdn-pullzone
236985
cdn-proxyver
1.04
access-control-allow-origin
*
cdn-edgestorageid
1082
server
Cookie First CDN-DE1-1081
cdn-requestcountrycode
GB
885880844953016
connect.facebook.net/signals/config/
76 KB
15 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/885880844953016?v=2.9.170&r=stable&domain=blog.morphisec.com&hme=d82868061a8c707cd31395a3055e7449daa03bd520872727258c39e6af34523e&ex_m=70%2C120%2C106%2C110%2C61%2C4%2C99%2C69%2C16%2C96%2C88%2C51%2C54%2C171%2C174%2C186%2C182%2C183%2C185%2C29%2C100%2C53%2C77%2C184%2C166%2C169%2C179%2C180%2C187%2C130%2C41%2C34%2C142%2C15%2C50%2C193%2C192%2C132%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C92%2C17%2C14%2C95%2C91%2C90%2C107%2C52%2C109%2C39%2C108%2C30%2C93%2C26%2C167%2C170%2C139%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C101%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C103%2C102%2C104%2C97%2C10%2C20%2C3%2C38%2C74%2C19%2C85%2C56%2C83%2C33%2C73%2C0%2C94%2C32%2C82%2C87%2C47%2C46%2C86%2C37%2C5%2C89%2C81%2C44%2C35%2C84%2C2%2C36%2C63%2C42%2C105%2C45%2C79%2C68%2C111%2C60%2C59%2C31%2C98%2C58%2C55%2C49%2C78%2C72%2C24%2C112
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.253.1 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-fra5.fbcdn.net
Software
/
Resource Hash
2c304da20239ac2bf31e51fdac55d583eda51d17ba8a1d3a646bff6f3d2dac04
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'unsafe-inline' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 09 Oct 2024 15:22:24 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'unsafe-inline' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=43, rtx=0, c=74, mss=1232, tbw=67235, tp=63, tpl=0, uplat=63, ullat=0
pragma
public
x-fb-debug
a799CnTGt4nLmv/DVrSFIKXPRHzcvba/pM3Strh7wq4nWNsk1BKDWxYa2z+vR2HcfK5Y8WbeOTyve7MMPVIXZw==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
cross-origin-opener-policy-report-only
restrict-properties;report-to="coop_report"
x-xss-protection
0
origin-agent-cluster
?1
modules.720d0264984b164946ff.js
script.hotjar.com/
224 KB
56 KB
Script
General
Full URL
https://script.hotjar.com/modules.720d0264984b164946ff.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-3506314.js?sv=7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.74 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-74.fra60.r.cloudfront.net
Software
/
Resource Hash
c1eec6939693de2560a7cd2cb9bd833745efddbaa9887d4fa32464c44a3fbd33
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
none
content-encoding
br
etag
"2bc2d25972a7d1d4abf498f97b5d89f1"
age
7397
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-amz-cf-id
K3bAMWjzzBDXDdyltPnD_zDEg3EYWUsAfNJ0uyqfu-kH7G_Cj-WpFw==
date
Wed, 09 Oct 2024 13:19:07 GMT
content-type
application/javascript; charset=utf-8
last-modified
Wed, 09 Oct 2024 13:18:39 GMT
vary
Accept-Encoding
strict-transport-security
max-age=2592000; includeSubDomains
cache-control
max-age=31536000
cross-origin-resource-policy
cross-origin
via
1.1 32c1b1f3aed1f2411468b70713ad6556.cloudfront.net (CloudFront)
accept-ranges
bytes
access-control-allow-origin
*
content-length
56538
x-amz-cf-pop
FRA60-P9
attribution_trigger
px.ads.linkedin.com/
2 B
813 B
XHR
General
Full URL
https://px.ads.linkedin.com/attribution_trigger?pid=3607898&time=1728487344463&url=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
*
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-li-pop
afd-prod-lor1-x
content-encoding
gzip
x-fs-uuid
0006240cd22cd93d76b093fc70ac5c56
x-msedge-ref
Ref A: DAA014B5A46B41DBBA4F77E5BA305D6D Ref B: LON04EDGE0808 Ref C: 2024-10-09T15:22:24Z
x-li-fabric
prod-lor1
x-restli-protocol-version
1.0.0
access-control-allow-methods
GET, OPTIONS
x-li-uuid
AAYkDNIs2T12sJP8cKxcVg==
x-li-proto
http/2
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
date
Wed, 09 Oct 2024 15:22:24 GMT
content-type
application/json
access-control-allow-headers
*
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3607898&time=1728487344463&url=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3607898&time=1728487344463&url=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&e_ipv6=AQKMXaDXPXszpAAAAZJx38n4EpYCBa8KimDBTmlit_1s...
0
265 B
Image
General
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3607898&time=1728487344463&url=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&e_ipv6=AQKMXaDXPXszpAAAAZJx38n4EpYCBa8KimDBTmlit_1sVRAB-bW1G4uIOpR4xkAAvvc
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

linkedin-action
1
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 94C66B6AE63B4E6DA1A8DA6B500D6361 Ref B: LTSEDGE2115 Ref C: 2024-10-09T15:22:24Z
x-li-fabric
prod-lor1
x-li-uuid
AAYkDNIwzjmyMx7+9o7bjg==
x-li-proto
http/2
x-cache
CONFIG_NOCACHE
content-length
0
date
Wed, 09 Oct 2024 15:22:24 GMT
content-type
application/javascript

Redirect headers

linkedin-action
1
x-li-pop
afd-prod-lor1-x
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3607898&time=1728487344463&url=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&e_ipv6=AQKMXaDXPXszpAAAAZJx38n4EpYCBa8KimDBTmlit_1sVRAB-bW1G4uIOpR4xkAAvvc
x-msedge-ref
Ref A: 0D9F836BAB6743DAB22DD7D1062BE564 Ref B: LON04EDGE0608 Ref C: 2024-10-09T15:22:24Z
x-li-fabric
prod-lor1
x-li-uuid
AAYkDNIs11IZSPOmzWuzBQ==
x-li-proto
http/2
x-cache
CONFIG_NOCACHE
content-length
0
date
Wed, 09 Oct 2024 15:22:24 GMT
gif.gif
ibc-flow.techtarget.com/a/
43 B
447 B
XHR
General
Full URL
https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=17762897&r=1728487344465&ref=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&version=2.4
Requested by
Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
231.208.111.34.bc.googleusercontent.com
Software
nginx/1.20.2 /
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
ibc_rate_tier
17762897
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-goog-metageneration
1
x-goog-hash
crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
etag
"fc94fb0c3ed8a8f909dbc7630a0987ff"
access-control-allow-methods
GET, POST, OPTIONS
x-goog-stored-content-encoding
identity
expires
Wed, 09 Oct 2024 16:22:24 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
43
date
Wed, 09 Oct 2024 15:22:24 GMT
content-type
image/gif
last-modified
Thu, 08 Dec 2022 21:19:29 GMT
vary
Origin
x-guploader-uploadid
AHmUCY1dYGiFdXILDHgClks9bFGHXql3NsokbeLMUsf9GmcNXOvI_kegQztHH_no3V2eCbN1XYR6iCRbAQ
access-control-allow-headers
ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
cache-control
public, max-age=3600
x-goog-storage-class
STANDARD
via
1.1 google
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1670534369365034
content-length
43
server
nginx/1.20.2
gif.gif
ibc-flow.techtarget.com/a/ Frame
0
0
Preflight
General
Full URL
https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=17762897&r=1728487344465&ref=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&version=2.4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
231.208.111.34.bc.googleusercontent.com
Software
nginx/1.20.2 /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
ibc_rate_tier
Access-Control-Request-Method
GET
Origin
https://blog.morphisec.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-length
0
content-type
text/html; charset=UTF-8
date
Wed, 09 Oct 2024 15:22:24 GMT
expires
Wed, 09 Oct 2024 15:22:24 GMT
server
nginx/1.20.2
vary
Origin
via
1.1 google
x-guploader-uploadid
AHmUCY0SpuyvdmD2Ii5kZHvspXNwJ4QAxTzXhfGJcwxyCSb5rZQfh9L_CnVS8_ALN3eNcgdtQw0Ad1AHMw
r
scout.salesloft.com/
41 B
359 B
XHR
General
Full URL
https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0IjoxMDQ1MTF9.eiHnDZAhBhx__pSttlATzaQdSltPIpahvpYGdr_Bfrg
Requested by
Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.156.211.30 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-156-211-30.compute-1.amazonaws.com
Software
/
Resource Hash
aa011ed383cb780028a85caaa0dda67dce19b0f4bc596f4f708d1857015c1362
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-request-id
6a2afa9b825430a74373edb7aa5d55d7
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
access-control-allow-methods
GET
access-control-allow-origin
https://blog.morphisec.com
content-length
41
date
Wed, 09 Oct 2024 15:22:24 GMT
content-type
application/json; charset=utf-8
/
www.facebook.com/tr/
0
274 B
Image
General
Full URL
https://www.facebook.com/tr/?id=885880844953016&ev=PageView&dl=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&rl=&if=false&ts=1728487344574&sw=1600&sh=1200&v=2.9.170&r=stable&ec=0&o=12318&fbp=fb.1.1728487344572.924433052207725667&cs_est=true&ler=empty&cdl=API_unavailable&it=1728487344448&coo=false&rqm=GET
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=42, rtx=0, c=10, mss=1297, tbw=2918, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Wed, 09 Oct 2024 15:22:24 GMT
content-type
text/plain
server
proxygen-bolt
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/
67 B
3 KB
Image
General
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=885880844953016&ev=PageView&dl=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&rl=&if=false&ts=1728487344574&sw=1600&sh=1200&v=2.9.170&r=stable&ec=0&o=12318&fbp=fb.1.1728487344572.924433052207725667&cs_est=true&ler=empty&cdl=API_unavailable&it=1728487344448&coo=false&rqm=FGET
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

content-encoding
zstd
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7423796614266449781"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 09 Oct 2024 15:22:24 GMT
content-type
image/png
vary
Accept-Encoding
x-fb-debug
6wfe3rJ79EIUHdimxZW1np7F7uF564kfNJDySmUYdu+yE/UbvnURmXeo1KSGulbcAzh4aMWAiQ7hAgWJ8sCxRw==
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7423796614266449781", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
cache-control
private, no-store, no-cache, must-revalidate
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=48, rtx=0, c=13, mss=1297, tbw=3236, tp=-1, tpl=-1, uplat=204, ullat=0
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?0
verify
snid.snitcher.com/ Frame
0
0
Preflight
General
Full URL
https://snid.snitcher.com/verify
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.181.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-181-126.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://blog.morphisec.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
0
apigw-requestid
fY3jqhkaliAEJKQ=
cache-control
no-cache, private
date
Wed, 09 Oct 2024 15:22:24 GMT
vary
Access-Control-Request-Method, Access-Control-Request-Headers
verify
snid.snitcher.com/
6 B
148 B
XHR
General
Full URL
https://snid.snitcher.com/verify
Requested by
Host: snid.snitcher.com
URL: https://snid.snitcher.com/8424750.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.126.181.126 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-126-181-126.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
d9ea8a8cab935e18796b1a064b1644c0f5db2d967a60e5f7cb8b37066b2399a4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

apigw-requestid
fY3jrhL0liAEJ9g=
access-control-allow-origin
*
cache-control
no-cache, private
content-length
6
date
Wed, 09 Oct 2024 15:22:24 GMT
content-type
application/json
destinations.min.js
x.clearbitjs.com/v2/pk_5fe48b59baf6bb406e34c9012803b845/
0
44 B
Script
General
Full URL
https://x.clearbitjs.com/v2/pk_5fe48b59baf6bb406e34c9012803b845/destinations.min.js
Requested by
Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/tags.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.153.4.44 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-153-4-44.eu-central-1.compute.amazonaws.com
Software
Clearbit /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
cache-control
private, max-age=600
x-envoy-response-flags
-
x-content-type-options
nosniff
content-length
0
date
Wed, 09 Oct 2024 15:22:25 GMT
content-type
application/javascript;charset=utf-8
server
Clearbit
tracking.min.js
x.clearbitjs.com/v2/pk_5fe48b59baf6bb406e34c9012803b845/
168 KB
45 KB
Script
General
Full URL
https://x.clearbitjs.com/v2/pk_5fe48b59baf6bb406e34c9012803b845/tracking.min.js
Requested by
Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/tags.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.153.4.44 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-153-4-44.eu-central-1.compute.amazonaws.com
Software
Clearbit /
Resource Hash
e87be82092a8e1a5544ef566ba1a636162eecb31e33095c6f17eb06c87cc2efb
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
cache-control
private, max-age=600
content-encoding
gzip
x-envoy-response-flags
-
x-content-type-options
nosniff
date
Wed, 09 Oct 2024 15:22:24 GMT
content-type
application/javascript;charset=utf-8
vary
Accept-Encoding
server
Clearbit
forms.js
x.clearbitjs.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/
0
0
Script
General
Full URL
https://x.clearbitjs.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/forms.js?page_path=%2Fthreat-analysis-lua-malware
Requested by
Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/tags.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.153.4.44 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-153-4-44.eu-central-1.compute.amazonaws.com
Software
Clearbit /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
content-length
0
date
Wed, 09 Oct 2024 15:22:24 GMT
content-type
application/javascript;charset=utf-8
x-envoy-response-flags
-
server
Clearbit
x-content-type-options
nosniff
json
blog.morphisec.com/_hcms/forms/embed/v3/form/1534169/37b11fda-a2aa-4805-9c0e-bae8eaccd6b7/
11 KB
4 KB
XHR
General
Full URL
https://blog.morphisec.com/_hcms/forms/embed/v3/form/1534169/37b11fda-a2aa-4805-9c0e-bae8eaccd6b7/json?hs_static_app=forms-embed&hs_static_app_version=1.6227&X-HubSpot-Static-App-Info=forms-embed-1.6227
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/_hcms/forms/v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3082df389b7e7f0df5792063851476de56ff133dbb9af89ecf00666bbe9c73ec
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
none
access-control-max-age
180
x-request-id
1adb5139-0de6-48e8-90eb-758ab9db11b0
access-control-expose-headers
X-Origin-Hublet
content-encoding
br
cf-cache-status
DYNAMIC
x-origin-hublet
na1
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5H1OF845E035Qsg8pDPVb7hfv5QzX8Xckkwa7VSvERFKKsLVXCVjPV5d8frRmuawOU%2BVTM6x2jtG8flJ9W%2F9SXCwk2vXnQcjOiWHoH%2FOFpcbBY%2FoNOH7rA3nJvzyky5vtIj9jw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
OPTIONS, GET
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-evy-trace-listener
listener_https
date
Wed, 09 Oct 2024 15:22:24 GMT
x-hubspot-correlation-id
1adb5139-0de6-48e8-90eb-758ab9db11b0
content-type
application/json;charset=utf-8
vary
origin, Accept-Encoding
access-control-allow-headers
*
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
upgrade-insecure-requests
cache-control
max-age=0, no-cache, no-store
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-envoy-upstream-service-time
22
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-5485db5487-n724b
access-control-allow-credentials
false
cf-ray
8cff5db078567750-LHR
x-evy-trace-route-configuration
listener_https/all
server
cloudflare
x-evy-trace-virtual-host
all
uwt.js
static.ads-twitter.com/
56 KB
15 KB
Script
General
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

vary
Accept-Encoding,Host
cache-control
no-cache
content-encoding
gzip
etag
"bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
accept-ranges
bytes
x-cache
HIT, HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
content-length
15412
date
Wed, 09 Oct 2024 15:22:24 GMT
x-tw-cdn
FT
last-modified
Fri, 22 Mar 2024 21:07:24 GMT
content-type
application/javascript; charset=utf-8
x-served-by
cache-iad-kiad7000168-IAD, cache-fra-etou8220075-FRA
x-amz-server-side-encryption
AES256
sdk.js
connect.facebook.net/en_US/
3 KB
2 KB
Script
General
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.253.1 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-fra5.fbcdn.net
Software
/
Resource Hash
20fd0cba2e4f9cf703f731eb958f5b45bb3170edbe99216cb91b27ce8b7477b6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

content-md5
+ebX+/HAfQKw7SHVQfrMyg==
access-control-expose-headers
X-FB-Content-MD5
content-encoding
gzip
etag
"f0b75d6536af876d6767b8183e08c20d"
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Wed, 09 Oct 2024 15:25:51 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 09 Oct 2024 15:22:24 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-content-md5
5c0806419622da045d1788e0c725278f
cache-control
public,max-age=1200,stale-while-revalidate=3600
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=43, rtx=0, c=87, mss=1232, tbw=83091, tp=78, tpl=0, uplat=0, ullat=-1
x-fb-debug
ZjuE3XQtjL+AgtFIgwNIziHB9Rw8gXqTj7AfbcZE3Bxyu4POqiHudu4UVtbh08Q95vd9TCMLiXnk65pfbg/Liw==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
access-control-allow-origin
*
content-length
1687
origin-agent-cluster
?1
widgets.js
platform.twitter.com/
91 KB
27 KB
Script
General
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

content-encoding
gzip
etag
"824beb891744db98ccbd3a456e59e0f7+gzip"
access-control-allow-methods
GET
x-cache
HIT, HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
date
Wed, 09 Oct 2024 15:22:24 GMT
last-modified
Mon, 11 Dec 2023 17:20:28 GMT
vary
Accept-Encoding
x-served-by
cache-iad-kcgs7200137-IAD, cache-fra-etou8220063-FRA
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=1800
tw-cdn
FT
accept-ranges
bytes
access-control-allow-origin
*
content-length
27597
x-amz-server-side-encryption
AES256
/
px.ads.linkedin.com/wa/
0
623 B
XHR
General
Full URL
https://px.ads.linkedin.com/wa/
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://blog.morphisec.com/threat-analysis-lua-malware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
*
Content-Type
text/plain;charset=UTF-8

Response headers

linkedin-action
1
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 994057EA2BCF4A5CAC23568DC3C97D43 Ref B: LON04EDGE0608 Ref C: 2024-10-09T15:22:24Z
x-li-fabric
prod-ltx1
access-control-allow-credentials
true
x-li-uuid
AAYkDNIvUHFZeE9/BS9HnA==
x-li-proto
http/2
access-control-allow-origin
https://blog.morphisec.com
x-cache
CONFIG_NOCACHE
date
Wed, 09 Oct 2024 15:22:24 GMT
vary
Origin
r
scout.salesloft.com/
41 B
358 B
XHR
General
Full URL
https://scout.salesloft.com/r?tid=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0IjoxMDQ1MTF9.eiHnDZAhBhx__pSttlATzaQdSltPIpahvpYGdr_Bfrg
Requested by
Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.156.211.30 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-156-211-30.compute-1.amazonaws.com
Software
/
Resource Hash
aa011ed383cb780028a85caaa0dda67dce19b0f4bc596f4f708d1857015c1362
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-request-id
e965da0392aee073e81ffd8da560df8a
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
access-control-allow-methods
GET
access-control-allow-origin
https://blog.morphisec.com
content-length
41
date
Wed, 09 Oct 2024 15:22:24 GMT
content-type
application/json; charset=utf-8
sdk.js
connect.facebook.net/en_US/
283 KB
81 KB
Script
General
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=51081372b2a8927fc54774ec17f1dbb7
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.253.1 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-fra5.fbcdn.net
Software
/
Resource Hash
ced6b77df208559dcdb6dbd28c53a78aac17dfe25efc148f039e936bdce25aa7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://blog.morphisec.com
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

content-md5
xHBvbJqkAfz6glfZHu99RQ==
access-control-expose-headers
X-FB-Content-MD5
content-encoding
gzip
etag
"8bdc2ad6c373940160d10d28c32c6d6e"
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Thu, 09 Oct 2025 13:26:52 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 09 Oct 2024 15:22:24 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-content-md5
06b96f0f24399fc80d78bc98289f3fbe
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=42, rtx=0, c=23, mss=1232, tbw=4406, tp=9, tpl=0, uplat=0, ullat=-1
x-fb-debug
cWUsMrMyhpiklSRpepP+W8IWV22p5YlkW8RS7yMQ1/21IBkGKPMBJX4uImy7Ijz8c61JpHmpMNIqh/xssQ3Umg==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
access-control-allow-origin
*
content-length
82675
origin-agent-cluster
?1
1d437a1a-cd3f-4d75-9097-a963b6059f7c
https://blog.morphisec.com/
43 B
0
Image
General
Full URL
blob:https://blog.morphisec.com/1d437a1a-cd3f-4d75-9097-a963b6059f7c
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/gif
Content-Length
43
i
scout.salesloft.com/
48 B
466 B
XHR
General
Full URL
https://scout.salesloft.com/i
Requested by
Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.156.211.30 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-156-211-30.compute-1.amazonaws.com
Software
/
Resource Hash
e376097f5d443b3a750b0d1f1b78717d58b819501aef3fdac38403290d617072
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-request-id
54623a5666b58a4085e4afa761fbe085
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
access-control-allow-methods
GET
access-control-allow-origin
https://blog.morphisec.com
content-length
48
date
Wed, 09 Oct 2024 15:22:24 GMT
content-type
application/json; charset=utf-8
adsct
t.co/i/
43 B
627 B
Image
General
Full URL
https://t.co/i/adsct?bci=3&eci=2&event_id=45364306-f365-4ff9-86ce-3d0100798d94&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=993239aa-b2a5-4ac7-86b4-b069ec25e23f&tw_document_href=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxrig&type=javascript&version=2.3.30
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
162.159.140.229 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare tsa_f /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

strict-transport-security
max-age=0
x-transaction-id
140f51c42b14c05c
cache-control
no-cache, no-store, max-age=0
x-connection-hash
8e9cd70072b9e0acebe819ff1649f14b06c09b51a8952f479cea5a2bb25e3715
cf-cache-status
DYNAMIC
cf-ray
8cff5db24d4c7714-LHR
x-response-time
114
content-length
43
date
Wed, 09 Oct 2024 15:22:25 GMT
content-type
image/gif;charset=utf-8
perf
7402827104
server
cloudflare tsa_f
adsct
analytics.twitter.com/i/
43 B
394 B
Image
General
Full URL
https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=45364306-f365-4ff9-86ce-3d0100798d94&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=993239aa-b2a5-4ac7-86b4-b069ec25e23f&tw_document_href=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxrig&type=javascript&version=2.3.30
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.131 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_f /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

strict-transport-security
max-age=631138519
x-transaction-id
8648cca6ed6dd3a5
cache-control
no-cache, no-store, max-age=0
x-connection-hash
ae490efbb236588371ef8be8bab83d98a062be87be11c7b67f7214894e42b5f1
x-response-time
114
content-length
43
date
Wed, 09 Oct 2024 15:22:24 GMT
perf
7402827104
content-type
image/gif;charset=utf-8
server
tsa_f
widget_iframe.2f70fb173b9000da126c79afe2098f02.html
platform.twitter.com/widgets/ Frame 10D4
0
0
Document
General
Full URL
https://platform.twitter.com/widgets/widget_iframe.2f70fb173b9000da126c79afe2098f02.html?origin=https%3A%2F%2Fblog.morphisec.com
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://blog.morphisec.com/threat-analysis-lua-malware
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
public, max-age=315360000
content-encoding
gzip
content-length
105429
content-type
text/html; charset=utf-8
date
Wed, 09 Oct 2024 15:22:24 GMT
etag
"81267302efdfb3e4524a22631a8fc99e+gzip"
last-modified
Mon, 11 Dec 2023 17:19:49 GMT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
tw-cdn
FT
vary
Accept-Encoding
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-served-by
cache-iad-kiad7000164-IAD, cache-fra-etou8220037-FRA
i
scout.salesloft.com/
48 B
467 B
XHR
General
Full URL
https://scout.salesloft.com/i
Requested by
Host: scout-cdn.salesloft.com
URL: https://scout-cdn.salesloft.com/sl.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
54.156.211.30 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-156-211-30.compute-1.amazonaws.com
Software
/
Resource Hash
ff9e67f6d9b08402c790b1e6dec2c83e721141841291c9ba47671c9c7eb82599
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-request-id
11dab5f86cbbb59c9733b1988a4f8dfc
access-control-expose-headers
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
access-control-allow-methods
GET
access-control-allow-origin
https://blog.morphisec.com
content-length
48
date
Wed, 09 Oct 2024 15:22:25 GMT
content-type
application/json; charset=utf-8
3274945
hn.inspectlet.com/ginit/
26 B
687 B
XHR
General
Full URL
https://hn.inspectlet.com/ginit/3274945
Requested by
Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=3274945&r=480135
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
172.67.10.172 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
d0b1cb1455ecf8ab5a7eb203460cc7ff790df097c5907eb3d27ff7344282517e

Request headers

Referer
https://blog.morphisec.com/threat-analysis-lua-malware
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json, text/javascript, */*; q=0.01
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

cf-cache-status
DYNAMIC
etag
W/"1a-SbP85p8orEJpLUh6vRJ6Iw"
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1728487345&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=zHZk5C%2BRc%2FFSTJaPfzSq0sSKCOOTqYBNUnSyy3P%2B3ts%3D"}]}
access-control-allow-methods
GET, POST
alt-svc
h3=":443"; ma=86400
date
Wed, 09 Oct 2024 15:22:25 GMT
content-type
application/json; charset=utf-8
access-control-allow-headers
X-Requested-With, Content-Type
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1728487345&sid=af571f24-03ee-46d1-9f90-ab9030c2c74c&s=zHZk5C%2BRc%2FFSTJaPfzSq0sSKCOOTqYBNUnSyy3P%2B3ts%3D
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
cache-control
no-cache
access-control-allow-credentials
true
via
1.1 vegur
cf-ray
8cff5db26f6435da-LHR
access-control-allow-origin
https://blog.morphisec.com
content-length
26
x-powered-by
Express
server
cloudflare
p
app.clearbit.com/v1/
16 B
1 KB
XHR
General
Full URL
https://app.clearbit.com/v1/p
Requested by
Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=3274945&r=480135
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.153.4.44 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-153-4-44.eu-central-1.compute.amazonaws.com
Software
Clearbit /
Resource Hash
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-max-age
7200
access-control-expose-headers
content-encoding
gzip
x-envoy-response-flags
-
access-control-allow-credentials
true
access-control-allow-methods
GET, POST, OPTIONS
content-security-policy-report-only
default-src 'self'; script-src 'unsafe-inline' 'report-sample' 'self' https://browser.sentry-cdn.com https://cdn.amplitude.com/libs/amplitude-5.2.2-min.gz.js https://cdn.clearbit.com https://cdn.segment.com/analytics.js/v1/auzWlbWIBrAsKnGQIiT0X3IjfZyepgW5/analytics.min.js https://checkout.stripe.com https://connect.facebook.net https://edge.fullstory.com/s/fs.js https://fast.appcues.com https://www.google-analytics.com/analytics.js https://x.clearbitjs.com https://cdn.clearbit.com https://*.commandbar.com; style-src 'unsafe-inline' 'report-sample' 'self' https://cdn.clearbit.com https://*.commandbar.com https://fast.appcues.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.amplitude.com https://*.commandbar.com https://api.segment.io https://checkout.stripe.com https://rs.fullstory.com https://www.google-analytics.com wss://api.appcues.net https://stats.g.doubleclick.net https://sentry.io https://logo.clearbit.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://*.commandbar.com https://checkout.stripe.com; img-src 'self' https://*.commandbar.com https://*.stripe.com data: https://cdn.clearbit.com https://images.ctfassets.net https://logo.clearbit.com https://www.facebook.com https://connect.facebook.net https://www.google.com https://unpkg.com/react-flag-kit https://cloudfront.net/v1/avatars https://*.googleusercontent.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
x-content-type-options
nosniff
access-control-allow-origin
https://blog.morphisec.com
date
Wed, 09 Oct 2024 15:22:24 GMT
content-type
application/json
vary
Accept-Encoding, Origin
server
Clearbit
button.856debeac157d9669cf51e73a08fbc93.js
platform.twitter.com/js/
8 KB
3 KB
Script
General
Full URL
https://platform.twitter.com/js/button.856debeac157d9669cf51e73a08fbc93.js
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
426e16d014775c77916610f675f58880874c645817ed26d01873dde3466e6007

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

content-encoding
gzip
etag
"fdf02dd038ed38dbf3c240d56262af0c+gzip"
access-control-allow-methods
GET
x-cache
HIT, HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
date
Wed, 09 Oct 2024 15:22:25 GMT
last-modified
Mon, 11 Dec 2023 17:19:47 GMT
vary
Accept-Encoding
x-served-by
cache-iad-kcgs7200086-IAD, cache-fra-etou8220063-FRA
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=315360000
tw-cdn
FT
accept-ranges
bytes
access-control-allow-origin
*
content-length
2620
x-amz-server-side-encryption
AES256
tweet_button.2f70fb173b9000da126c79afe2098f02.en.html
platform.twitter.com/widgets/ Frame C442
0
0
Document
General
Full URL
https://platform.twitter.com/widgets/tweet_button.2f70fb173b9000da126c79afe2098f02.en.html
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

Referer
https://blog.morphisec.com/threat-analysis-lua-malware
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-methods
GET
access-control-allow-origin
*
cache-control
public, max-age=315360000
content-encoding
gzip
content-length
12332
content-type
text/html; charset=utf-8
date
Wed, 09 Oct 2024 15:22:25 GMT
etag
"e29e65db7bf0a096587728e1faacfd9c+gzip"
last-modified
Mon, 11 Dec 2023 17:19:48 GMT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
tw-cdn
FT
vary
Accept-Encoding
x-amz-server-side-encryption
AES256
x-cache
HIT, HIT
x-served-by
cache-iad-kjyo7100127-IAD, cache-fra-etou8220037-FRA
embeds
syndication.twitter.com/i/jot/
43 B
292 B
Image
General
Full URL
https://syndication.twitter.com/i/jot/embeds?l=%7B%22widget_origin%22%3A%22https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware%22%2C%22widget_frame%22%3Afalse%2C%22widget_site_screen_name%22%3A%22morphisec%22%2C%22language%22%3A%22en%22%2C%22message%22%3A%22m%3Anocount%3A%22%2C%22_category_%22%3A%22tfw_client_event%22%2C%22triggered_on%22%3A1728487345369%2C%22dnt%22%3Afalse%2C%22client_version%22%3A%222615f7e52b7e0%3A1702314776716%22%2C%22format_version%22%3A1%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22button%22%2C%22section%22%3A%22share%22%2C%22action%22%3A%22impression%22%7D%7D&session_id=0b3d6891dcc5ae92f7b3db04037ffb185580362d
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.8 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_f /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

content-type
image/gif
strict-transport-security
max-age=631138519
x-transaction-id
08a6277178b5fe5c
cache-control
must-revalidate, max-age=600
x-connection-hash
178de25f3904eb85611e36ed0f3f2f015adbc07a983e8e65282d2971d40d22d5
x-response-time
116
content-length
43
date
Wed, 09 Oct 2024 15:22:25 GMT
last-modified
Wed, 09 Oct 2024 15:22:25 GMT
perf
7402827104
vary
Origin
server
tsa_f
counters.gif
perf.hsforms.com/embed/v3/
35 B
929 B
Image
General
Full URL
https://perf.hsforms.com/embed/v3/counters.gif?key=cta-render-timeout&value=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
none
x-request-id
d8372d43-c2ea-4b99-ac2e-10132347a259
access-control-expose-headers
X-Origin-Hublet
cf-cache-status
MISS
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-evy-trace-listener
listener_https
date
Wed, 09 Oct 2024 15:22:25 GMT
x-hubspot-correlation-id
d8372d43-c2ea-4b99-ac2e-10132347a259
content-type
image/gif
vary
origin, Accept-Encoding
last-modified
Wed, 09 Oct 2024 15:22:25 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=0, no-cache, no-store
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-5485db5487-56dgq
x-envoy-upstream-service-time
3
access-control-allow-credentials
false
cf-ray
8cff5db5af3bcd21-LHR
accept-ranges
bytes
x-evy-trace-route-configuration
listener_https/all
content-length
35
server
cloudflare
x-evy-trace-virtual-host
all
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/784310031/
6 KB
2 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/784310031/?random=1728487343541&cv=11&fst=1728487343541&bg=ffffff&guid=ON&async=1&gtm=45be4a70z8897572158za200zb897572158&gcd=13t3t3t3t5l1&dma=0&tag_exp=101529666~101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&hn=www.googleadservices.com&frm=0&tiba=Not%20All%20Fun%20and%20Games%3A%20Lua%20Malware%20Targets%20Educational%20Sector%20and%20Student%20Gaming%20Engines&did=dNjAwYj&gdid=dNjAwYj&npa=0&pscdl=noapi&auid=589707303.1728487346&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-784310031&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
cafe /
Resource Hash
ba5d279dfeb14b2aee4a840c027735d34e2459f6829fb0ea682153300fde54c5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

cache-control
no-cache, must-revalidate
timing-allow-origin
*
content-encoding
br
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
2420
date
Wed, 09 Oct 2024 15:22:25 GMT
x-xss-protection
0
content-type
text/javascript; charset=UTF-8
content-disposition
attachment; filename="f.txt"
server
cafe
784310031
td.doubleclick.net/td/rul/ Frame C370
0
0
Document
General
Full URL
https://td.doubleclick.net/td/rul/784310031?random=1728487343541&cv=11&fst=1728487343541&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4a70z8897572158za200zb897572158&gcd=13t3t3t3t5l1&dma=0&tag_exp=101529666~101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&hn=www.googleadservices.com&frm=0&tiba=Not%20All%20Fun%20and%20Games%3A%20Lua%20Malware%20Targets%20Educational%20Sector%20and%20Student%20Gaming%20Engines&did=dNjAwYj&gdid=dNjAwYj&npa=0&pscdl=noapi&auid=589707303.1728487346&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-784310031&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.morphisec.com/threat-analysis-lua-malware
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 09 Oct 2024 15:22:25 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
landing
googleads.g.doubleclick.net/pagead/
Redirect Chain
  • https://www.google.com/pagead/landing?gcs=G111&gcd=13t3t3t3t5l1&tag_exp=101529666~101671035~101747727&rnd=2065335649.1728487346&url=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&dm...
  • https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5l1&tag_exp=101529666~101671035~101747727&rnd=2065335649.1728487346&url=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-l...
42 B
65 B
Ping
General
Full URL
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5l1&tag_exp=101529666~101671035~101747727&rnd=2065335649.1728487346&url=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&dma=0&npa=0&gtm=45He4a70n81PQBJZ8Kv897572158za200&auid=589707303.1728487346
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Server
142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s11-in-f2.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
content-length
42
date
Wed, 09 Oct 2024 15:22:25 GMT
x-xss-protection
0
content-type
image/gif
server
cafe

Redirect headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
location
https://googleads.g.doubleclick.net/pagead/landing?gcs=G111&gcd=13t3t3t3t5l1&tag_exp=101529666~101671035~101747727&rnd=2065335649.1728487346&url=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&dma=0&npa=0&gtm=45He4a70n81PQBJZ8Kv897572158za200&auid=589707303.1728487346
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Wed, 09 Oct 2024 15:22:25 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
collect
region1.analytics.google.com/g/
0
0
Fetch
General
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-HFVX4VZHCS&gtm=45je4a70v897583451z8897572158za200zb897572158&_p=1728487343044&_gaz=1&gcs=G111&gcd=13t3t3t3t5l1&npa=0&dma=0&tag_exp=101671035~101747727&gdid=dNjAwYj&cid=2071232070.1728487346&ul=en-gb&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_s=1&sid=1728487343&sct=1&seg=0&dl=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&dt=Not%20All%20Fun%20and%20Games%3A%20Lua%20Malware%20Targets%20Educational%20Sector%20and%20Student%20Gaming%20Engines&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=4547
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HFVX4VZHCS&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://blog.morphisec.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 09 Oct 2024 15:22:25 GMT
content-type
text/plain
server
Golfe2
collect
stats.g.doubleclick.net/g/
0
556 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-HFVX4VZHCS&cid=2071232070.1728487346&gtm=45je4a70v897583451z8897572158za200zb897572158&aip=1&dma=0&gcs=G111&gcd=13t3t3t3t5l1&npa=0&frm=0&tag_exp=101671035~101747727
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HFVX4VZHCS&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9c Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://blog.morphisec.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 09 Oct 2024 15:22:25 GMT
content-type
text/plain
server
Golfe2
rul
td.doubleclick.net/td/ga/ Frame 3918
0
0
Document
General
Full URL
https://td.doubleclick.net/td/ga/rul?tid=G-HFVX4VZHCS&gacid=2071232070.1728487346&gtm=45je4a70v897583451z8897572158za200zb897572158&dma=0&gcs=G111&gcd=13t3t3t3t5l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101671035~101747727&z=1295525306
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HFVX4VZHCS&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:811::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.morphisec.com/threat-analysis-lua-malware
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-encoding
br
content-length
16
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Wed, 09 Oct 2024 15:22:25 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
ga-audiences
www.google.co.uk/ads/
42 B
63 B
Image
General
Full URL
https://www.google.co.uk/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-HFVX4VZHCS&cid=2071232070.1728487346&gtm=45je4a70v897583451z8897572158za200zb897572158&aip=1&dma=0&gcs=G111&gcd=13t3t3t3t5l1&npa=0&frm=0&tag_exp=101671035~101747727&tag_exp=101671035~101747727&z=1800604886
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Wed, 09 Oct 2024 15:22:25 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
leadflows.js
js.hsleadflows.net/
550 KB
92 KB
Script
General
Full URL
https://js.hsleadflows.net/leadflows.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:8c11 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d44882ab82adeef2856a0d52fb54bb70e472be45d50aa3a16b4cb39223391a99
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://blog.morphisec.com
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-request-id
0bb82c6d-2100-4206-a4d9-385254148417
content-encoding
gzip
cf-cache-status
HIT
etag
W/"ce26171eff05376a1b746efbb809f7f6"
x-amz-version-id
1P48dmUoAxkQ57N6qBxgDzS3oBmZAXBF
cache-tag
staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
age
17898
x-content-type-options
nosniff
x-cache
Miss from cloudfront
x-evy-trace-listener
listener_https
x-amz-cf-id
kzS_KJjPt-B1W0MYz7Ulo4AC0n3RuiirjDb_jvW-8wZRyoeze2lkzQ==
x-hubspot-correlation-id
0bb82c6d-2100-4206-a4d9-385254148417
content-type
application/javascript; charset=utf-8
last-modified
Wed, 09 Oct 2024 10:17:06 UTC
x-amz-replication-status
COMPLETED
x-evy-trace-route-service-name
envoyset-translator
cache-control
s-maxage=86400, max-age=0
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-6c6dd6864-jtkd6
x-envoy-upstream-service-time
31
x-hs-target-asset
lead-flows-js/static-1.1724/bundle/main/lead-flows-release.js
server
cloudflare
x-evy-trace-virtual-host
all
x-amz-server-side-encryption
AES256
access-control-max-age
3000
access-control-allow-methods
GET
x-hs-cache-status
MISS
date
Wed, 09 Oct 2024 15:22:25 GMT
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1724/bundle/main/lead-flows-release.js&cfRay=8cfd9fddf9b5b3ab-CDG
via
1.1 3d4bfc42e9575ee1f9559241c9e3f464.cloudfront.net (CloudFront)
cf-ray
8cff5db6e91b4136-LHR
access-control-allow-origin
*
x-evy-trace-route-configuration
listener_https/all
x-amz-cf-pop
IAD12-P3
web-interactives-embed.js
js.hubspot.com/
83 KB
25 KB
Script
General
Full URL
https://js.hubspot.com/web-interactives-embed.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6b0fdaa32feffbdbd15bda3619624e0aa8e1d647fd720e31b7645654e7fb551e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://blog.morphisec.com
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-request-id
99cbcbd9-61fa-4517-bd2d-1c0da0986a95
content-encoding
gzip
cf-cache-status
HIT
etag
W/"6b513baaf4c77cddc702f596c3dd62d9"
x-amz-version-id
ntxqQzn.1wWRtdFp_E4nJAhKHFNI4WSr
cache-tag
staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
age
173
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QnyPtuJxP%2BuX324y4EOtB7Q1OJ4nT0hSxx6887z%2BQqAowJIX5j7jNZ%2FU645f1L%2BgqUYcbX5dXphSLWJ74kIDn1DZor4ldNbmeQQVgH9bssX1bkU4JO%2Bexr9zOG301awIZvkcv7JDc8X0d4kT"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-evy-trace-listener
listener_https
x-amz-cf-id
RwoQNukVdnyGf_Z9iCcvJm168Pf79ioncBo1RRzTb53GKhs0xmGS1g==
x-hubspot-correlation-id
99cbcbd9-61fa-4517-bd2d-1c0da0986a95
content-type
application/javascript; charset=utf-8
last-modified
Fri, 04 Oct 2024 11:58:06 UTC
x-amz-replication-status
COMPLETED
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=600
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-6c6dd6864-xtzpv
x-envoy-upstream-service-time
5
x-hs-target-asset
web-interactives-embed/static-2.1554/bundles/project.js
server
cloudflare
x-evy-trace-virtual-host
all
x-amz-server-side-encryption
AES256
access-control-max-age
3000
access-control-allow-methods
GET
x-hs-cache-status
MISS
date
Wed, 09 Oct 2024 15:22:25 GMT
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1554/bundles/project.js&cfRay=8cd56500c87c60fc-CDG
via
1.1 76e55a2361219fb19722e949475d1844.cloudfront.net (CloudFront)
cf-ray
8cff5db6e8ef93ee-LHR
access-control-allow-origin
*
x-evy-trace-route-configuration
listener_https/all
x-amz-cf-pop
IAD12-P3
1534169.js
js.hs-analytics.net/analytics/1728487200000/
75 KB
26 KB
Script
General
Full URL
https://js.hs-analytics.net/analytics/1728487200000/1534169.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:afc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4dfd5527da83604d3337f60fa00d7aedfd8020fb48c376777dc573c83110668e

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-amz-server-side-encryption
AES256
x-request-id
d3527f6d-15ea-4d17-9c93-044aa77e0f2d
content-encoding
gzip
cf-cache-status
HIT
etag
W/"3cf05929447775d0ae7efaf3e9761897"
x-amz-version-id
null
age
8
expires
Wed, 09 Oct 2024 15:27:17 GMT
x-evy-trace-listener
listener_https
date
Wed, 09 Oct 2024 15:22:25 GMT
x-hubspot-correlation-id
d3527f6d-15ea-4d17-9c93-044aa77e0f2d
content-type
text/javascript
last-modified
Tue, 01 Oct 2024 15:28:24 GMT
vary
origin, Accept-Encoding
x-amz-id-2
tmx+P+2cN4GmsMuoafhn3tb5WSkRS+ne/zmk0G+hGPVy3urkdP3x1LCmgz0ZK/WVTCnHEHl1wxE=
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=300,public
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-75d7846cb8-6dxq5
x-envoy-upstream-service-time
95
access-control-allow-credentials
false
x-amz-request-id
4VCPNT843S18G773
cf-ray
8cff5db6e8f86331-LHR
x-evy-trace-route-configuration
listener_https/all
server
cloudflare
x-evy-trace-virtual-host
all
collectedforms.js
js.hscollectedforms.net/
69 KB
25 KB
Script
General
Full URL
https://js.hscollectedforms.net/collectedforms.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6efe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
77080938572095bddc311784e1c284e7cd12268f46946aff94d04a43a53dffc9
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://blog.morphisec.com
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-request-id
627547bb-7291-4ba4-8753-6d133ff4e67e
content-encoding
gzip
cf-cache-status
HIT
x-amz-version-id
lfSnPi6du9uQQl9EfUkg_44QCbCVLa2H
etag
W/"48bb5c8a01043eceaf45e65d5c98950b"
cache-tag
staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
age
173
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-evy-trace-listener
listener_https
x-amz-cf-id
6fKFcZ_IPqXlzyWnDwpjpMks2RW93ZmMc___hvR4c9JkYQCvF45DRQ==
x-hubspot-correlation-id
627547bb-7291-4ba4-8753-6d133ff4e67e
content-type
application/javascript; charset=utf-8
last-modified
Thu, 12 Sep 2024 08:47:39 UTC
x-amz-replication-status
COMPLETED
x-evy-trace-route-service-name
envoyset-translator
cache-control
s-maxage=600, max-age=300
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-6c6dd6864-7m4br
x-envoy-upstream-service-time
8
x-hs-target-asset
collected-forms-embed-js/static-1.772/bundles/project.js
server
cloudflare
x-evy-trace-virtual-host
all
x-amz-server-side-encryption
AES256
access-control-max-age
3000
access-control-allow-methods
GET
x-hs-cache-status
MISS
date
Wed, 09 Oct 2024 15:22:25 GMT
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.772/bundles/project.js&cfRay=8cb658f45d5366c1-CDG
via
1.1 e8eec15d9551dd475d4c478f9fbb5f04.cloudfront.net (CloudFront)
cf-ray
8cff5db6eda1653c-LHR
access-control-allow-origin
*
x-evy-trace-route-configuration
listener_https/all
x-amz-cf-pop
IAD12-P3
fb.js
js.hsadspixel.net/
6 KB
4 KB
Script
General
Full URL
https://js.hsadspixel.net/fb.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:80ac , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
86687f3e5f5afdcf3625c8dde9300bb27a5715ae747f119a1a4c8f89064c254c
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-evy-trace-virtual-host
all
x-request-id
0569ac9a-aef2-496b-a3ec-ba1d36daed7f
content-encoding
gzip
cf-cache-status
HIT
etag
W/"df55045bc18928673797ec8f36531ce2"
x-amz-version-id
fkDbXM_kB0FZ912HTkyCuMu2yw0VZYTm
cache-tag
staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
age
579
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-hs-cache-status
HIT
x-amz-cf-id
WqqaCjGCqomUMU3-mH1pDLqqOdz5DUNEKjGCYlrF8oUyhOK4wLGcVQ==
date
Wed, 09 Oct 2024 15:22:25 GMT
x-hubspot-correlation-id
0569ac9a-aef2-496b-a3ec-ba1d36daed7f
content-type
application/javascript; charset=utf-8
last-modified
Wed, 02 Oct 2024 14:25:36 UTC
vary
Accept-Encoding
x-evy-trace-listener
listener_https
x-amz-replication-status
COMPLETED
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=600
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-6c6dd6864-cb7cl
x-envoy-upstream-service-time
0
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.602/bundles/pixels-release.js&cfRay=8cc56bf5197e8895-AMS
via
1.1 1f1067e4f193aaabd2c24b99bcdc4e88.cloudfront.net (CloudFront)
cf-ray
8cff5db6ee8f63ed-LHR
x-evy-trace-route-configuration
listener_https/all
x-hs-target-asset
adsscriptloaderstatic/static-1.602/bundles/pixels-release.js
x-amz-cf-pop
IAD12-P3
server
cloudflare
x-amz-server-side-encryption
AES256
banner.js
js.hs-banner.com/v2/1534169/
71 KB
26 KB
Script
General
Full URL
https://js.hs-banner.com/v2/1534169/banner.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/scriptloader/1534169.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9310 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ae0393f48f5412e3124cafc47dd3e8b7bd39a6eb1f2517883c8b175df4df6334

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-evy-trace-virtual-host
all
access-control-max-age
604800
x-request-id
861328e2-245d-4d82-a3bb-d249179bff59
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
content-encoding
gzip
cf-cache-status
HIT
etag
W/"850933666a1091136679efb21afc00bc"
x-amz-version-id
JBubI2iZXhfvR9NjtL2LPV82OaUIjqI9
age
173
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
expires
Wed, 09 Oct 2024 15:24:32 GMT
x-evy-trace-listener
listener_https
date
Wed, 09 Oct 2024 15:22:25 GMT
x-hubspot-correlation-id
861328e2-245d-4d82-a3bb-d249179bff59
content-type
text/javascript; charset=UTF-8
last-modified
Wed, 24 Apr 2024 13:11:59 GMT
vary
origin, Accept-Encoding
x-amz-id-2
w8QaOEnUnT2mqWyQH9RYNx3B3HfPBj3QJMbkjxe1Y/a0xMsj9Qvbw0C407aOoHZ8ApJWnKQ0AYc=
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=300,public
timing-allow-origin
*
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-7bfb89fbf6-647fb
x-envoy-upstream-service-time
53
access-control-allow-credentials
true
x-amz-request-id
H1YTMW8EDYJTMNSD
cf-ray
8cff5db6f94b886d-LHR
access-control-allow-origin
https://blog.morphisec.com
x-evy-trace-route-configuration
listener_https/all
server
cloudflare
x-amz-server-side-encryption
AES256
/
www.google.com/pagead/1p-user-list/784310031/
42 B
64 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/784310031/?random=1728487343541&cv=11&fst=1728486000000&bg=ffffff&guid=ON&async=1&gtm=45be4a70z8897572158za200zb897572158&gcd=13t3t3t3t5l1&dma=0&tag_exp=101529666~101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&hn=www.googleadservices.com&frm=0&tiba=Not%20All%20Fun%20and%20Games%3A%20Lua%20Malware%20Targets%20Educational%20Sector%20and%20Student%20Gaming%20Engines&did=dNjAwYj&gdid=dNjAwYj&npa=0&pscdl=noapi&auid=589707303.1728487346&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfyM-3iG6SHVteNL7a2S1G_c-GpnvDMA&random=420356323&rmt_tld=0&ipr=y
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.132 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f4.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Wed, 09 Oct 2024 15:22:25 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
/
www.google.co.uk/pagead/1p-user-list/784310031/
42 B
64 B
Image
General
Full URL
https://www.google.co.uk/pagead/1p-user-list/784310031/?random=1728487343541&cv=11&fst=1728486000000&bg=ffffff&guid=ON&async=1&gtm=45be4a70z8897572158za200zb897572158&gcd=13t3t3t3t5l1&dma=0&tag_exp=101529666~101671035~101747727&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&hn=www.googleadservices.com&frm=0&tiba=Not%20All%20Fun%20and%20Games%3A%20Lua%20Malware%20Targets%20Educational%20Sector%20and%20Student%20Gaming%20Engines&did=dNjAwYj&gdid=dNjAwYj&npa=0&pscdl=noapi&auid=589707303.1728487346&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dgtag.config&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfyM-3iG6SHVteNL7a2S1G_c-GpnvDMA&random=420356323&rmt_tld=1&ipr=y
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.67 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

content-security-policy
script-src 'none'; object-src 'none'
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Wed, 09 Oct 2024 15:22:25 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
has-permission-json
app.hubspot.com/content-tools-menu/api/v1/tools-menu/
0
675 B
XHR
General
Full URL
https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission-json?portalId=1534169
Requested by
Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=3274945&r=480135
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options no-sniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-request-id
c4b682ae-5148-498b-94f3-eab6b530f0c7
cf-cache-status
DYNAMIC
x-hs-worker-debug-mode
false
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
access-control-allow-methods
GET
x-content-type-options
no-sniff
x-evy-trace-listener
listener_https
date
Wed, 09 Oct 2024 15:22:25 GMT
x-hubspot-correlation-id
c4b682ae-5148-498b-94f3-eab6b530f0c7
vary
origin, Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
reporting-endpoints
default="https://send.hsbrowserreports.com/csp/reports?cfRay=8cff5db6ee9b955d&resource=unknown"
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=0
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-6c6dd6864-nhz9k
x-envoy-upstream-service-time
5
access-control-allow-credentials
true
cf-ray
8cff5db6ee9b955d-LHR
access-control-allow-origin
https://blog.morphisec.com
x-evy-trace-route-configuration
listener_https/all
server
cloudflare
x-evy-trace-virtual-host
all
/
content.hotjar.io/
56 B
171 B
XHR
General
Full URL
https://content.hotjar.io/?site_id=3506314&gzip=1
Requested by
Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=3274945&r=480135
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.203.150.108 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-203-150-108.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e1fda34133ef19f71d722d57ff8616295c0b5d2a057fc006eabd891b09609a61

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain; charset=UTF-8
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

access-control-max-age
86400
access-control-allow-origin
*
content-length
56
date
Wed, 09 Oct 2024 15:22:26 GMT
content-type
application/json
postlisting
blog.morphisec.com/_hcms/
12 KB
3 KB
XHR
General
Full URL
https://blog.morphisec.com/_hcms/postlisting?blogId=3742504875&maxLinks=10&listingType=recent&orderByViews=false&hs-expires=1760020010&hs-version=2&hs-signature=AJ2IBuF68E2yW5jVgARjodEpWQABwmNM7g&currentUrl=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware
Requested by
Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=3274945&r=480135
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3895ab8d362b012eae1b2f012addbab6b496d592d17d73a9a8485af2444fb1e5
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
none
x-request-id
19a7ac7e-e7e6-46b0-9ac3-ed3fc95269a4
content-encoding
gzip
cf-cache-status
HIT
age
8
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hq7OlpWh%2FiKcwUSJzxBSBkhgSU923O7A3tQrOlUG6G%2F9YASltbs8%2FdUg9XyGc8%2Biq0W1Dum2hsv%2F10ybl7%2F0hWasUxdRe1yYqA0o1lCYekjl1mAxnw62bhjYVWyXVXw3XoIBeA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-evy-trace-listener
listener_https
date
Wed, 09 Oct 2024 15:22:25 GMT
x-hubspot-correlation-id
19a7ac7e-e7e6-46b0-9ac3-ed3fc95269a4
content-type
application/json;charset=utf-8
last-modified
Wed, 09 Oct 2024 14:26:51 GMT
vary
origin, Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
upgrade-insecure-requests
x-evy-trace-route-service-name
envoyset-translator
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-10-19-td/envoy-proxy-6f7bd6888-t6xt6
x-envoy-upstream-service-time
27
access-control-allow-credentials
false
cf-ray
8cff5db76acc7750-LHR
x-evy-trace-route-configuration
listener_https/all
server
cloudflare
x-evy-trace-virtual-host
all
share_button.php
www.facebook.com/v3.0/plugins/ Frame EB81
0
0
Document
General
Full URL
https://www.facebook.com/v3.0/plugins/share_button.php?app_id=&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df5066685ff6e67824%26domain%3Dblog.morphisec.com%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fblog.morphisec.com%252Ff3028aceaf4cf852f%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&layout=button_count&locale=en_US&sdk=joey
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=51081372b2a8927fc54774ec17f1dbb7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://blog.morphisec.com/threat-analysis-lua-malware
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
private, no-cache, no-store, must-revalidate
content-encoding
zstd
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-type
text/html; charset="utf-8"
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
date
Wed, 09 Oct 2024 15:22:26 GMT
document-policy
force-load-at-top
expires
Sat, 01 Jan 2000 00:00:00 GMT
facebook-api-version
v15.0
origin-agent-cluster
?0
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
pragma
no-cache
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7423796619528562743"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7423796619528562743", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
strict-transport-security
max-age=15552000; preload
vary
Accept-Encoding
x-content-type-options
nosniff
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=42, rtx=0, c=10, mss=1297, tbw=2883, tp=-1, tpl=-1, uplat=82, ullat=0
x-fb-debug
xGqf/SelzbM4suk7GJUurdEIjND3ED8XV5UQMy2rEDxsWY7/m8NF9LCuJHs6AuD4hV/vc+9icXoxFb9kcVGrbQ==
x-xss-protection
0
arrow-white.svg
blog.morphisec.com/hubfs/
349 B
0
XHR
General
Full URL
https://blog.morphisec.com/hubfs/arrow-white.svg
Requested by
Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=3274945&r=480135
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d19d09e24c8a6da58f2db0561d49f8719a08c9d80561578116bf155a615bd98a

Request headers

Referer
https://blog.morphisec.com/threat-analysis-lua-malware
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/xml, text/xml, */*; q=0.01

Response headers

x-robots-tag
all
content-encoding
br
cf-cache-status
HIT
etag
W/"60bbbc0bc1edd1fb7cca1a100a63be01"
age
86712
cache-tag
F-109627044436,P-1534169,FLS-ALL
x-amz-version-id
KMw_AMABoswm8oNvOvnloHZvZpdq9inh
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yHDHrBhvxmXPxrulmYunTxvmD%2BD2zsbNAxFDa4Oz5OSXUn53ZkB%2BVLZ902Om7omQg3xVcyY%2F1HBjhMvm84hRsBa9fiNG%2FvKYjLG48wj4gzHuKKDs7EK0iynOcHHIcLBl90zWfw%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
AyAOKWB0eOS52pQciqx1qsHO4TvqgyrPuTd4Npsy4z8QFNKx1sfvFg==
content-type
image/svg+xml
last-modified
Wed, 05 Apr 2023 11:35:44 GMT
x-amz-meta-index-tag
all
x-amz-replication-status
COMPLETED
edge-cache-tag
F-109627044436,P-1534169,FLS-ALL
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id
SXBQ63W6RDV2GT5Y
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag
F-109627044436,P-1534169,FLS-ALL
x-hs-alternate-content-type
text/plain
server
cloudflare
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
access-control-allow-methods
GET
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:23 GMT
vary
Accept-Encoding
x-amz-id-2
9uKXy21+zYF0zIfZHyugux74o8i5WM/EovcvfRdTf/OS8AuiwXYbeAW6M5oa4iNVz/vmabKWR28=
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
via
1.1 b61e218bc35668646b673c626203e5d4.cloudfront.net (CloudFront)
cf-ray
8cff5da8dc467750-LHR
access-control-allow-origin
*
x-amz-cf-pop
LHR3-C2
x-amz-meta-created-unix-time-millis
1680694543135
arrow-white.svg
blog.morphisec.com/hubfs/
349 B
0
XHR
General
Full URL
https://blog.morphisec.com/hubfs/arrow-white.svg
Requested by
Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=3274945&r=480135
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d19d09e24c8a6da58f2db0561d49f8719a08c9d80561578116bf155a615bd98a

Request headers

Referer
https://blog.morphisec.com/threat-analysis-lua-malware
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/xml, text/xml, */*; q=0.01

Response headers

x-robots-tag
all
content-encoding
br
cf-cache-status
HIT
etag
W/"60bbbc0bc1edd1fb7cca1a100a63be01"
age
86712
cache-tag
F-109627044436,P-1534169,FLS-ALL
x-amz-version-id
KMw_AMABoswm8oNvOvnloHZvZpdq9inh
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yHDHrBhvxmXPxrulmYunTxvmD%2BD2zsbNAxFDa4Oz5OSXUn53ZkB%2BVLZ902Om7omQg3xVcyY%2F1HBjhMvm84hRsBa9fiNG%2FvKYjLG48wj4gzHuKKDs7EK0iynOcHHIcLBl90zWfw%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
AyAOKWB0eOS52pQciqx1qsHO4TvqgyrPuTd4Npsy4z8QFNKx1sfvFg==
content-type
image/svg+xml
last-modified
Wed, 05 Apr 2023 11:35:44 GMT
x-amz-meta-index-tag
all
x-amz-replication-status
COMPLETED
edge-cache-tag
F-109627044436,P-1534169,FLS-ALL
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id
SXBQ63W6RDV2GT5Y
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag
F-109627044436,P-1534169,FLS-ALL
x-hs-alternate-content-type
text/plain
server
cloudflare
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
access-control-allow-methods
GET
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:23 GMT
vary
Accept-Encoding
x-amz-id-2
9uKXy21+zYF0zIfZHyugux74o8i5WM/EovcvfRdTf/OS8AuiwXYbeAW6M5oa4iNVz/vmabKWR28=
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
via
1.1 b61e218bc35668646b673c626203e5d4.cloudfront.net (CloudFront)
cf-ray
8cff5da8dc467750-LHR
access-control-allow-origin
*
x-amz-cf-pop
LHR3-C2
x-amz-meta-created-unix-time-millis
1680694543135
close.svg
blog.morphisec.com/hubfs/
543 B
2 KB
XHR
General
Full URL
https://blog.morphisec.com/hubfs/close.svg
Requested by
Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=3274945&r=480135
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3a4850f556812a808a87669edcc26eecd8abc3e0a35178b57e9049c4271c9117
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://blog.morphisec.com/threat-analysis-lua-malware
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/xml, text/xml, */*; q=0.01

Response headers

x-robots-tag
all
content-encoding
br
cf-cache-status
HIT
etag
W/"613d5e657a45fdd73680a2a43b1810a9"
age
86714
cache-tag
F-109618525080,P-1534169,FLS-ALL
x-amz-version-id
ojcPDMW2kfX705kNgng7YRySVuOGEcf5
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8GzEMY9KB9vZg4XVSJwjlg8TWjvxEzBhKItC6hSD%2Fyo7N%2BDfE9u4Xtonc95acbCwHo2eSifqF742kSO6ElqogfgY3qb7mpVcLGyUc14iFCQdibrthu2qytyibXsliZxqfKRILQ%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
RefreshHit from cloudfront
x-amz-cf-id
xauhzhUTQ_xj1O-3qO7uBhq_i2jx2cgCdibQH8xaMDwnZzoktx-REg==
content-type
image/svg+xml
last-modified
Wed, 05 Apr 2023 10:26:18 GMT
x-amz-meta-index-tag
all
x-amz-replication-status
COMPLETED
edge-cache-tag
F-109618525080,P-1534169,FLS-ALL
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id
75Y85ET1PY81Q901
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag
F-109618525080,P-1534169,FLS-ALL
x-hs-alternate-content-type
text/plain
server
cloudflare
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
access-control-allow-methods
GET
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:25 GMT
vary
Accept-Encoding
x-amz-id-2
igYVLbEE8ulaMYmTRSzIseiyGyPKTSSJP/n82pKmHuBw+QhiJPvd6AvMWakqoTcjP8t6UJsLYCPiW9t9MfvdkA==
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
via
1.1 85b9b6c170ed4eb5bc514443bb4ade54.cloudfront.net (CloudFront)
cf-ray
8cff5db78b0d7750-LHR
access-control-allow-origin
*
x-amz-cf-pop
LHR3-C2
x-amz-meta-created-unix-time-millis
1680690377289
search_icon.svg
blog.morphisec.com/hubfs/
350 B
0
XHR
General
Full URL
https://blog.morphisec.com/hubfs/search_icon.svg
Requested by
Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=3274945&r=480135
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
939c1b1420c9dcd654cf23e16482d791454288ca4ff1059fb8839412cc29b2a5

Request headers

Referer
https://blog.morphisec.com/threat-analysis-lua-malware
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/xml, text/xml, */*; q=0.01

Response headers

x-robots-tag
all
content-encoding
br
cf-cache-status
HIT
etag
W/"3d95f4288550b5cf8de25c3fedbd715b"
age
86712
cache-tag
F-109619762806,P-1534169,FLS-ALL
x-amz-version-id
1GYCNZt2jwANbtrTaH7YaF79VqL7t05m
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=skGdtlltif3DjA4EHU5mswkYrWzDWd2R6Csjpd7uTUdoSYfN30eu6H95nLKG0OPGGUkAX9QUovA%2FZxkFEylitnU5WdpelN9lr%2F00xK5a%2FBiokrx%2FQ8STQvFWGS0O5W%2FDuDmt1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
fFcUPnpUCdx7hYYGaa61t_z4AGHpNtsgKVkBv9dbxXrjJXa2Mg4y9w==
content-type
image/svg+xml
last-modified
Wed, 05 Apr 2023 10:44:27 GMT
x-amz-meta-index-tag
all
x-amz-replication-status
COMPLETED
edge-cache-tag
F-109619762806,P-1534169,FLS-ALL
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id
SXBY3Z6SVT4FXTX3
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag
F-109619762806,P-1534169,FLS-ALL
x-hs-alternate-content-type
text/plain
server
cloudflare
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
access-control-allow-methods
GET
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:23 GMT
vary
Accept-Encoding
x-amz-id-2
gk87Jk5WF0Me7uPzHBaaHxVctsc05hmdf8qAnrJj0WnK+c+/KaqCmD5n7iWdSQpdVTfBinOLYr7pCcUCMfkbxmoNvEa/03vW341HSZnC3T0=
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
via
1.1 02b64e603ed38c4fa65e6d087701f8de.cloudfront.net (CloudFront)
cf-ray
8cff5da90ca17750-LHR
access-control-allow-origin
*
x-amz-cf-pop
LHR3-C2
x-amz-meta-created-unix-time-millis
1680691466397
blog.svg
blog.morphisec.com/hubfs/
797 B
0
XHR
General
Full URL
https://blog.morphisec.com/hubfs/blog.svg
Requested by
Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=3274945&r=480135
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3e8357cc1fe184a45255c2831770245aa454c3e957dfe3df6a0ee789ac77e01

Request headers

Referer
https://blog.morphisec.com/threat-analysis-lua-malware
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/xml, text/xml, */*; q=0.01

Response headers

x-robots-tag
all
content-encoding
br
cf-cache-status
HIT
etag
W/"8d9f2f91fe33b0b94a5bef7287c3abbf"
age
86712
cache-tag
F-109682604959,P-1534169,FLS-ALL
x-amz-version-id
ijpJM2MB9gHe5XFpk9UWNXBHqcRn_Olq
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d3vrWyDaLkiipJOzKzRrBMQSHHMxLsXEwW4A3%2FIJ24hZqGYRHTZQ5o4lP22HcLSqOY%2F3b0ajFTwU4G65MshfdK%2BtFmHMEcormi0qXt3j9QZ9KJcOXaI9FdLtBb0tb8AYcoKpDA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
XLXRUqYH8ANLv-xO2jo0t5fpPY7LF0KmkqMLgxkhjXVKdPmaJuQPsg==
content-type
image/svg+xml
last-modified
Wed, 05 Apr 2023 16:17:05 GMT
x-amz-meta-index-tag
all
x-amz-replication-status
COMPLETED
edge-cache-tag
F-109682604959,P-1534169,FLS-ALL
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id
SXBW5DKYHXQTM7M7
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag
F-109682604959,P-1534169,FLS-ALL
x-hs-alternate-content-type
text/plain
server
cloudflare
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
access-control-allow-methods
GET
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:23 GMT
vary
Accept-Encoding
x-amz-id-2
bxi0vyWLio1DExAwmGoautzwARjN0z4AlY0TD3V7SA/vPZbBJ6LPBDIKB+dfHoI1Ks/NK23+8MQ=
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
via
1.1 c5e8408e2914e204df7d18fc961818b4.cloudfront.net (CloudFront)
cf-ray
8cff5da90cad7750-LHR
access-control-allow-origin
*
x-amz-cf-pop
LHR3-C2
x-amz-meta-created-unix-time-millis
1680711424510
search_icon.svg
blog.morphisec.com/hubfs/
350 B
0
XHR
General
Full URL
https://blog.morphisec.com/hubfs/search_icon.svg
Requested by
Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=3274945&r=480135
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
939c1b1420c9dcd654cf23e16482d791454288ca4ff1059fb8839412cc29b2a5

Request headers

Referer
https://blog.morphisec.com/threat-analysis-lua-malware
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/xml, text/xml, */*; q=0.01

Response headers

x-robots-tag
all
content-encoding
br
cf-cache-status
HIT
etag
W/"3d95f4288550b5cf8de25c3fedbd715b"
age
86712
cache-tag
F-109619762806,P-1534169,FLS-ALL
x-amz-version-id
1GYCNZt2jwANbtrTaH7YaF79VqL7t05m
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=skGdtlltif3DjA4EHU5mswkYrWzDWd2R6Csjpd7uTUdoSYfN30eu6H95nLKG0OPGGUkAX9QUovA%2FZxkFEylitnU5WdpelN9lr%2F00xK5a%2FBiokrx%2FQ8STQvFWGS0O5W%2FDuDmt1Q%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
fFcUPnpUCdx7hYYGaa61t_z4AGHpNtsgKVkBv9dbxXrjJXa2Mg4y9w==
content-type
image/svg+xml
last-modified
Wed, 05 Apr 2023 10:44:27 GMT
x-amz-meta-index-tag
all
x-amz-replication-status
COMPLETED
edge-cache-tag
F-109619762806,P-1534169,FLS-ALL
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id
SXBY3Z6SVT4FXTX3
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag
F-109619762806,P-1534169,FLS-ALL
x-hs-alternate-content-type
text/plain
server
cloudflare
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
access-control-allow-methods
GET
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:23 GMT
vary
Accept-Encoding
x-amz-id-2
gk87Jk5WF0Me7uPzHBaaHxVctsc05hmdf8qAnrJj0WnK+c+/KaqCmD5n7iWdSQpdVTfBinOLYr7pCcUCMfkbxmoNvEa/03vW341HSZnC3T0=
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
via
1.1 02b64e603ed38c4fa65e6d087701f8de.cloudfront.net (CloudFront)
cf-ray
8cff5da90ca17750-LHR
access-control-allow-origin
*
x-amz-cf-pop
LHR3-C2
x-amz-meta-created-unix-time-millis
1680691466397
blog.svg
blog.morphisec.com/hubfs/
797 B
0
XHR
General
Full URL
https://blog.morphisec.com/hubfs/blog.svg
Requested by
Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=3274945&r=480135
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b3e8357cc1fe184a45255c2831770245aa454c3e957dfe3df6a0ee789ac77e01

Request headers

Referer
https://blog.morphisec.com/threat-analysis-lua-malware
X-Requested-With
XMLHttpRequest
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/xml, text/xml, */*; q=0.01

Response headers

x-robots-tag
all
content-encoding
br
cf-cache-status
HIT
etag
W/"8d9f2f91fe33b0b94a5bef7287c3abbf"
age
86712
cache-tag
F-109682604959,P-1534169,FLS-ALL
x-amz-version-id
ijpJM2MB9gHe5XFpk9UWNXBHqcRn_Olq
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=d3vrWyDaLkiipJOzKzRrBMQSHHMxLsXEwW4A3%2FIJ24hZqGYRHTZQ5o4lP22HcLSqOY%2F3b0ajFTwU4G65MshfdK%2BtFmHMEcormi0qXt3j9QZ9KJcOXaI9FdLtBb0tb8AYcoKpDA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
Miss from cloudfront
x-amz-cf-id
XLXRUqYH8ANLv-xO2jo0t5fpPY7LF0KmkqMLgxkhjXVKdPmaJuQPsg==
content-type
image/svg+xml
last-modified
Wed, 05 Apr 2023 16:17:05 GMT
x-amz-meta-index-tag
all
x-amz-replication-status
COMPLETED
edge-cache-tag
F-109682604959,P-1534169,FLS-ALL
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id
SXBW5DKYHXQTM7M7
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag
F-109682604959,P-1534169,FLS-ALL
x-hs-alternate-content-type
text/plain
server
cloudflare
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
access-control-allow-methods
GET
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:23 GMT
vary
Accept-Encoding
x-amz-id-2
bxi0vyWLio1DExAwmGoautzwARjN0z4AlY0TD3V7SA/vPZbBJ6LPBDIKB+dfHoI1Ks/NK23+8MQ=
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
via
1.1 c5e8408e2914e204df7d18fc961818b4.cloudfront.net (CloudFront)
cf-ray
8cff5da90cad7750-LHR
access-control-allow-origin
*
x-amz-cf-pop
LHR3-C2
x-amz-meta-created-unix-time-millis
1680711424510
cta-json
cta-service-cms2.hubspot.com/ctas/v2/public/cs/
14 KB
4 KB
XHR
General
Full URL
https://cta-service-cms2.hubspot.com/ctas/v2/public/cs/cta-json?canon=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&pageId=180426032289&pid=1534169&sv=cta-embed-js-static-1.322&rdy=1&cos=1&df=t&pg=6359793e-b232-4b79-9da5-b929fc3dc7aa&pg=3c83d6d5-0c56-47b7-8aee-ae6edf73c360&pg=d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3&pg=3c83d6d5-0c56-47b7-8aee-ae6edf73c360&pg=d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3&pg=50832359-01e9-4911-98db-45bd66a69b90&pg=e098d357-1710-4cfe-8901-19c93de122f4
Requested by
Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=3274945&r=480135
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
578fdbf648a09173cbc60ac70428e066f9c77b463cb04f79c86c4448e2b9e699
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
noindex, follow
access-control-max-age
180
x-request-id
111b3e90-d5d4-44d8-8ce5-f263609731aa
access-control-expose-headers
X-Origin-Hublet
content-encoding
gzip
cf-cache-status
DYNAMIC
x-origin-hublet
na1
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5vcl1t5lwH%2FIdDaw45ST7nv4SomotkiWzkIrElOiw0i9VF%2FdM7XJBJoTcIG%2F8eyMLHIk1HqKtIBtsVxAa3x1tljcTNiYkj2DBZzRETHnHnDP1U8ZqD1%2FanLGz0fe3H30S4jZxsj76v8jzguu6gv9AdezO47SO%2FG%2BMCo%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
OPTIONS, GET
x-content-type-options
nosniff
x-evy-trace-listener
listener_https
date
Wed, 09 Oct 2024 15:22:26 GMT
x-hubspot-correlation-id
111b3e90-d5d4-44d8-8ce5-f263609731aa
content-type
application/json;charset=utf-8
vary
origin
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=0, no-cache, no-store
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-5485db5487-n724b
x-envoy-upstream-service-time
54
access-control-allow-credentials
true
cf-ray
8cff5db79fe0955d-LHR
access-control-allow-origin
https://blog.morphisec.com
x-evy-trace-route-configuration
listener_https/all
server
cloudflare
x-evy-trace-virtual-host
all
json
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/
114 B
801 B
XHR
General
Full URL
https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=1534169
Requested by
Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=3274945&r=480135
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:f06c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf1cb8930dbca6515121d94c81df4c6b2567c5021435ab4ac683abfc51768ec5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

access-control-max-age
180
content-encoding
br
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kmmSaawYQFdPSpJJRDMuRA%2BpkM8BSvW3c%2BUv5xXxCq%2B4C12PLgA3pvbGpU3rMllZrJ%2B2L6GeZvmlhQqfi3TD6afFrMjtNe646dHOLXx%2FACg%2BsUm0abDB76B1cC3wQQS2vEIhpJltTfTp0hPZ"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options
nosniff
date
Wed, 09 Oct 2024 15:22:26 GMT
x-hubspot-correlation-id
76a9e0e3-7d87-4e93-a76c-07a08773264e
content-type
application/json;charset=utf-8
vary
origin, Accept-Encoding
access-control-allow-headers
*
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials
false
cf-ray
8cff5db82fbc6559-LHR
access-control-allow-origin
https://blog.morphisec.com
server
cloudflare
combinedConfigs
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/
95 B
1 KB
Fetch
General
Full URL
https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=1534169&currentUrl=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&contentId=180426032289
Requested by
Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f212e942ac33fd93669f03a55e2c0192224cdb6870b376fac8d3c5255cd01225
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
noindex, follow
access-control-max-age
180
x-request-id
2495148f-fb4f-403c-a2a7-4c3ff314ff08
content-encoding
br
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uAyNrPHJOSdQkNwGCagRPUj%2FWq4FdER81eOFYiJIRg0nmvmDMFMwRjRCBbEcLBECNKF9v9%2F9TlIMmKRBpAZ03um%2Fo6qtMogYCMLXb2uJdvvuc6VP%2Fhap1t%2FqTVfHw1QdRt%2F7QqT%2FjBjMoeZ7jLsQWqV0wVc7zmaBQI4%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
access-control-allow-methods
OPTIONS, GET
x-evy-trace-listener
listener_https
date
Wed, 09 Oct 2024 15:22:26 GMT
x-hubspot-correlation-id
2495148f-fb4f-403c-a2a7-4c3ff314ff08
content-type
application/json;charset=utf-8
vary
origin
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=0, no-cache, no-store
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-5485db5487-kjvw7
x-envoy-upstream-service-time
15
access-control-allow-credentials
true
cf-ray
8cff5db7db0a93ee-LHR
access-control-allow-origin
https://blog.morphisec.com
x-evy-trace-route-configuration
listener_https/all
server
cloudflare
x-evy-trace-virtual-host
all
json
forms.hscollectedforms.net/collected-forms/v1/config/
133 B
453 B
XHR
General
Full URL
https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=1534169&utk=
Requested by
Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=3274945&r=480135
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6efe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1fbec94ad9621a43267c401bb53db7e0605c1a5fb4b666a613356bee7cb84d81
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
none
access-control-max-age
180
x-request-id
454292f6-076c-4cc0-8c66-0388b8bb0763
content-encoding
br
cf-cache-status
DYNAMIC
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options
nosniff
x-evy-trace-listener
listener_https
date
Wed, 09 Oct 2024 15:22:26 GMT
x-hubspot-correlation-id
454292f6-076c-4cc0-8c66-0388b8bb0763
content-type
application/json;charset=utf-8
vary
Accept-Encoding
access-control-allow-headers
*
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=0
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-6c6dd6864-mrs7r
x-envoy-upstream-service-time
3
cf-ray
8cff5db80f51653c-LHR
access-control-allow-origin
https://blog.morphisec.com
x-evy-trace-route-configuration
listener_https/all
server
cloudflare
x-evy-trace-virtual-host
all
cta-loaded.js
blog.morphisec.com/hs/cta/ctas/v2/public/cs/
0
1 KB
Script
General
Full URL
https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3&lt=1728487343467&dt=1728487343468&at=1728487346036&ae=1&an=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
noindex, follow
x-request-id
a42ec540-0859-4cfc-b262-60f010a573a2
access-control-expose-headers
X-Origin-Hublet
cf-cache-status
MISS
x-origin-hublet
na1
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rh3XS%2Bb5pl6U5qvMmwEDO50gVbSypGLBiOFHBtoXASK%2BD5L9bPNtNANinv3xiSo9TQlzXnLR%2FyYAO%2FeeoKdg2NGQuLi7vwa6HO2T%2BuAVgLl6ziXw1B3%2F8S06Y33mzCL0%2FjpO7Q%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-evy-trace-listener
listener_https
date
Wed, 09 Oct 2024 15:22:26 GMT
x-hubspot-correlation-id
a42ec540-0859-4cfc-b262-60f010a573a2
content-type
application/javascript;charset=utf-8
last-modified
Wed, 09 Oct 2024 15:22:26 GMT
vary
origin, Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
upgrade-insecure-requests
cache-control
max-age=0, no-cache, no-store
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-envoy-upstream-service-time
2
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-5485db5487-b56ng
cf-ray
8cff5db8dce67750-LHR
accept-ranges
bytes
x-evy-trace-route-configuration
listener_https/all
content-length
0
server
cloudflare
x-evy-trace-virtual-host
all
cta-loaded.js
blog.morphisec.com/hs/cta/ctas/v2/public/cs/
0
1 KB
Script
General
Full URL
https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3&lt=1728487343467&dt=1728487343468&at=1728487346038&ae=1&an=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
noindex, follow
x-request-id
134494c2-c45b-4a5e-a173-13612274c7dd
access-control-expose-headers
X-Origin-Hublet
cf-cache-status
MISS
x-origin-hublet
na1
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rh1Yg39miVoZclUtbQSqQk%2Be%2F6aj36T4GdIj1xuPBjmu0i%2F090MtWE7nNEhgGjYAT%2BFfjbRn6lLqLpcA%2F2gUFBx8X2bIN7TvntgnVSFGRG%2FE1tHNr6WsAwkaAYyv5vbGPbIIbA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-evy-trace-listener
listener_https
date
Wed, 09 Oct 2024 15:22:26 GMT
x-hubspot-correlation-id
134494c2-c45b-4a5e-a173-13612274c7dd
content-type
application/javascript;charset=utf-8
last-modified
Wed, 09 Oct 2024 15:22:26 GMT
vary
origin, Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
upgrade-insecure-requests
cache-control
max-age=0, no-cache, no-store
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-envoy-upstream-service-time
2
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-5485db5487-7b6jk
cf-ray
8cff5db8dce87750-LHR
accept-ranges
bytes
x-evy-trace-route-configuration
listener_https/all
content-length
0
server
cloudflare
x-evy-trace-virtual-host
all
cta-loaded.js
blog.morphisec.com/hs/cta/ctas/v2/public/cs/
0
1 KB
Script
General
Full URL
https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=e098d357-1710-4cfe-8901-19c93de122f4&lt=1728487343472&dt=1728487343472&at=1728487346039&ae=1&an=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
noindex, follow
x-request-id
44d69c01-fc1c-40f6-a2b3-aea27c2dceb1
access-control-expose-headers
X-Origin-Hublet
cf-cache-status
MISS
x-origin-hublet
na1
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=N4eHZVlGlRl3GaU4OgrNVPPzzX%2BNAbA1AJaTpW4Y7%2Bt62dLAG3m8%2F2iYWIfDkmcdmaS7PrBkrf%2BSA3UiQsWP4rOEq0dsDpltPs5H%2BwUQA%2B%2BM1pncLj9YoFg6n3UGhjb%2B046ZKQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-evy-trace-listener
listener_https
date
Wed, 09 Oct 2024 15:22:26 GMT
x-hubspot-correlation-id
44d69c01-fc1c-40f6-a2b3-aea27c2dceb1
content-type
application/javascript;charset=utf-8
last-modified
Wed, 09 Oct 2024 15:22:26 GMT
vary
origin, Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
upgrade-insecure-requests
cache-control
max-age=0, no-cache, no-store
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-envoy-upstream-service-time
5
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-5485db5487-56dgq
cf-ray
8cff5db8dceb7750-LHR
accept-ranges
bytes
x-evy-trace-route-configuration
listener_https/all
content-length
0
server
cloudflare
x-evy-trace-virtual-host
all
cta-loaded.js
blog.morphisec.com/hs/cta/ctas/v2/public/cs/
0
1 KB
Script
General
Full URL
https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=3c83d6d5-0c56-47b7-8aee-ae6edf73c360&lt=1728487343467&dt=1728487343468&at=1728487346040&ae=1&an=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
noindex, follow
x-request-id
7cb473c4-88e3-41e2-b2c1-597a220f34c2
access-control-expose-headers
X-Origin-Hublet
cf-cache-status
MISS
x-origin-hublet
na1
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FR793dzvALGpxeWkuZ9YU%2FUKdS90x6BtGA7waUlKJYWxYsjQaDEZpUajZfEmrxSOutsIVsGdYb1zKJUMvrFL9psLXqXwA8AM%2FE8XUBZ63PvtAcpX41m9FY0T2YJcXNLsrhbR8Q%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-evy-trace-listener
listener_https
date
Wed, 09 Oct 2024 15:22:26 GMT
x-hubspot-correlation-id
7cb473c4-88e3-41e2-b2c1-597a220f34c2
content-type
application/javascript;charset=utf-8
last-modified
Wed, 09 Oct 2024 15:22:26 GMT
vary
origin, Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
upgrade-insecure-requests
cache-control
max-age=0, no-cache, no-store
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-envoy-upstream-service-time
5
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-5485db5487-6k24g
cf-ray
8cff5db8dcec7750-LHR
accept-ranges
bytes
x-evy-trace-route-configuration
listener_https/all
content-length
0
server
cloudflare
x-evy-trace-virtual-host
all
cta-loaded.js
blog.morphisec.com/hs/cta/ctas/v2/public/cs/
0
1 KB
Script
General
Full URL
https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=50832359-01e9-4911-98db-45bd66a69b90&lt=1728487343471&dt=1728487343471&at=1728487346041&ae=1&an=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
noindex, follow
x-request-id
0be489bb-8ae3-4ce1-9d82-306a27107407
access-control-expose-headers
X-Origin-Hublet
cf-cache-status
MISS
x-origin-hublet
na1
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nD16B8RH1U9hKC5Mti1sqpPzVSXT0IbFxTfD%2Fs7s44ht0Pmc3ncFvH39E3Ah9k%2BpR938M5rzR2NbTLwEWYe%2Bg17djf338v2%2FXtzUSoFWbXilwhUSQj3fEA9pcuW4NL35G5pZGg%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-evy-trace-listener
listener_https
date
Wed, 09 Oct 2024 15:22:26 GMT
x-hubspot-correlation-id
0be489bb-8ae3-4ce1-9d82-306a27107407
content-type
application/javascript;charset=utf-8
last-modified
Wed, 09 Oct 2024 15:22:26 GMT
vary
origin, Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
upgrade-insecure-requests
cache-control
max-age=0, no-cache, no-store
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-envoy-upstream-service-time
4
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-5485db5487-xd2r6
cf-ray
8cff5db8dcf07750-LHR
accept-ranges
bytes
x-evy-trace-route-configuration
listener_https/all
content-length
0
server
cloudflare
x-evy-trace-virtual-host
all
cta-loaded.js
blog.morphisec.com/hs/cta/ctas/v2/public/cs/
0
1 KB
Script
General
Full URL
https://blog.morphisec.com/hs/cta/ctas/v2/public/cs/cta-loaded.js?pid=1534169&pg=6359793e-b232-4b79-9da5-b929fc3dc7aa&lt=1728487343465&dt=1728487343465&at=1728487346041&ae=1&an=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs/cta/cta/current.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
noindex, follow
x-request-id
942dad48-dd72-4fd2-8791-74f94c17bd75
access-control-expose-headers
X-Origin-Hublet
cf-cache-status
MISS
x-origin-hublet
na1
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Nj7vajU0RCkyaT8RjKRTC7saPPUASy3GEP%2B%2FGQwtK9HTO%2FLRPz%2B79KXLmO9wP9p0SSrDfH20QqnY4IjTIk4wZKlroRlbTULzpcojQmKSu9jobI1Pc%2FGmj0PVcTKZ9R0fRp3u%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-evy-trace-listener
listener_https
date
Wed, 09 Oct 2024 15:22:26 GMT
x-hubspot-correlation-id
942dad48-dd72-4fd2-8791-74f94c17bd75
content-type
application/javascript;charset=utf-8
last-modified
Wed, 09 Oct 2024 15:22:26 GMT
vary
origin, Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
upgrade-insecure-requests
cache-control
max-age=0, no-cache, no-store
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-envoy-upstream-service-time
3
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-5485db5487-kjvw7
cf-ray
8cff5db8dcf57750-LHR
accept-ranges
bytes
x-evy-trace-route-configuration
listener_https/all
content-length
0
server
cloudflare
x-evy-trace-virtual-host
all
counters.gif
perf.hsforms.com/embed/v3/
35 B
581 B
Image
General
Full URL
https://perf.hsforms.com/embed/v3/counters.gif?key=cta-json-success&value=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
none
x-request-id
1fac8300-e6af-4ab6-83f6-e6eb6b951b4b
access-control-expose-headers
X-Origin-Hublet
cf-cache-status
MISS
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-evy-trace-listener
listener_https
date
Wed, 09 Oct 2024 15:22:26 GMT
x-hubspot-correlation-id
1fac8300-e6af-4ab6-83f6-e6eb6b951b4b
content-type
image/gif
vary
origin, Accept-Encoding
last-modified
Wed, 09 Oct 2024 15:22:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=0, no-cache, no-store
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-5485db5487-s8jjg
x-envoy-upstream-service-time
3
access-control-allow-credentials
false
cf-ray
8cff5db8dcd3cd21-LHR
accept-ranges
bytes
x-evy-trace-route-configuration
listener_https/all
content-length
35
server
cloudflare
x-evy-trace-virtual-host
all
counters.gif
perf.hsforms.com/embed/v3/
35 B
581 B
Image
General
Full URL
https://perf.hsforms.com/embed/v3/counters.gif?key=cta-render-success&value=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
none
x-request-id
c88472cf-3406-4478-ab8d-5da9987feb2d
access-control-expose-headers
X-Origin-Hublet
cf-cache-status
MISS
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-evy-trace-listener
listener_https
date
Wed, 09 Oct 2024 15:22:26 GMT
x-hubspot-correlation-id
c88472cf-3406-4478-ab8d-5da9987feb2d
content-type
image/gif
vary
origin, Accept-Encoding
last-modified
Wed, 09 Oct 2024 15:22:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=0, no-cache, no-store
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-5485db5487-bvdgh
x-envoy-upstream-service-time
6
access-control-allow-credentials
false
cf-ray
8cff5db8dce2cd21-LHR
accept-ranges
bytes
x-evy-trace-route-configuration
listener_https/all
content-length
35
server
cloudflare
x-evy-trace-virtual-host
all
CYBER%20RESILIENCY-280x280%D6%B9_v1.1.png
www.morphisec.com/hs-fs/hubfs/
67 KB
68 KB
Image
General
Full URL
https://www.morphisec.com/hs-fs/hubfs/CYBER%20RESILIENCY-280x280%D6%B9_v1.1.png?height=280&width=280
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c66f537de497e2306014e30c269b7d65e0671eec4b25e53120de90d627100f5
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

cf-cache-status
HIT
etag
"cfxjpKy-LQDu2K5cATPBvf7WurkryKNOHkFkb-FTMTDQ:a015821c789fe4047a66a1cb79283ff8"
cache-tag
F-171610370224,P-1534169,FLS-ALL
cf-resized
internal=ok/m q=0 n=780+208 c=1+206 v=2024.10.0 l=68558 f=false
cf-bgj
imgq:100,h2pri
x-content-type-options
nosniff
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uY6t9jppAVWBKS%2Fm4yaU7YN0xIGTNEsYVxCUIEg8%2FE7%2B9uXZmyp5jcaUm6E9ffJxuKTi9nF7rGfP6FlYWgvIh%2FBSML7B2v2F7hHrhLI6KJIIh97TWaV8K59Frhkv%2BiyrYAAE"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
date
Wed, 09 Oct 2024 15:22:26 GMT
content-type
image/webp
last-modified
Fri, 28 Jun 2024 20:35:53 GMT
vary
Accept, Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via
1.1 20405ed0e9ef5e72d636863d6d962362.cloudfront.net (CloudFront)
cf-ray
8cff5db8ef6794c6-LHR
accept-ranges
bytes
access-control-allow-origin
*
content-length
68558
server
cloudflare
56a9a031-1c6d-496d-bf54-2f7dd23c238d.png
1534169.fs1.hubspotusercontent-na1.net/hubfs/1534169/hub_generated/resized/
48 KB
49 KB
Image
General
Full URL
https://1534169.fs1.hubspotusercontent-na1.net/hubfs/1534169/hub_generated/resized/56a9a031-1c6d-496d-bf54-2f7dd23c238d.png
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:297c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0162462a1596df2c511e2121d2e9461d0c5428d003222afa704ad0905285de47

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
all
cf-cache-status
HIT
etag
"b36d03a2583fd1a3488810555f189367"
age
91773
cache-tag
P-1534169,FLS-ALL
x-amz-version-id
lSe6BTsYG02L_q3rGG9aoFWUIkoCs.m3
x-cache
RefreshHit from cloudfront
x-amz-cf-id
O-dDDeNdpU7I7YSvyacFs6GT40ZRsgDAdP5oxZ7JUMQguwDZ8bRZcA==
content-type
image/webp
content-disposition
inline; filename="56a9a031-1c6d-496d-bf54-2f7dd23c238d.webp"
last-modified
Fri, 05 Jan 2024 21:53:44 GMT
x-amz-meta-index-tag
all
x-amz-replication-status
COMPLETED
edge-cache-tag
P-1534169,FLS-ALL
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id
XSZ1VRQXZMNNH32N
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
accept-ranges
bytes
x-amz-meta-cache-tag
P-1534169,FLS-ALL
content-length
49476
x-hs-alternate-content-type
text/plain
server
cloudflare
x-amz-server-side-encryption
AES256
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
access-control-allow-methods
GET
x-amz-storage-class
INTELLIGENT_TIERING
cf-polished
origFmt=png, origSize=61714
date
Wed, 09 Oct 2024 15:22:26 GMT
vary
Accept, Accept-Encoding
x-amz-id-2
FGia3eDzVDBGZ3sRBNE7wLNk7p1BjVFnm3CeRMJZ4kCZSvkslwPG/S1ILSZmk5PVzK1dsXlM3Ow=
timing-allow-origin
1534169.fs1.hubspotusercontent-na1.net
via
1.1 413ef90aef49f5d16b73fdc70c292bda.cloudfront.net (CloudFront)
cf-ray
8cff5db8ee40cd15-LHR
access-control-allow-origin
*
x-amz-cf-pop
MAN51-P4
x-amz-meta-created-unix-time-millis
1704491623243
arrow-white-1.svg
www.morphisec.com/hubfs/
393 B
2 KB
Image
General
Full URL
https://www.morphisec.com/hubfs/arrow-white-1.svg
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/hs-fs/hub/1534169/hub_generated/module_assets/109590708858/1718666705155/module_109590708858_Header_-_Global.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9f04b9db4570a8f016c3b42727fd56b2e8779876c8f6ee5fdcfabb4df25eb48b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/

Response headers

x-robots-tag
all
content-encoding
br
cf-cache-status
HIT
etag
W/"f6b8983a7a9f44be13760be2a7d47927"
age
86713
cache-tag
F-109682673984,P-1534169,FLS-ALL
x-amz-version-id
ZWYxcYkJ3fJQSXhQh1nDTahxfuzH5ivg
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mScsMrtOFAiRTStM7oFEvRw1VT153q3orlGpMzXBkdKRHlJnoLrGXPDMJaxihyigL1zuyBCgHa6FhCU4orR0ujBwkJ7n6Gv6CjKvvLZP82JlrWv2FW73bs45A5LVCy4sZEih"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
RefreshHit from cloudfront
x-amz-cf-id
PZiD_GFKVMl46QspQmrezf6ktIT0Lh0_oPC10PGh_0ZMRUcq0ysmCA==
content-type
image/svg+xml
last-modified
Wed, 05 Apr 2023 16:42:42 GMT
x-amz-meta-index-tag
all
x-amz-replication-status
COMPLETED
edge-cache-tag
F-109682673984,P-1534169,FLS-ALL
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id
1Q4KNDH3PXBQ3C7Y
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag
F-109682673984,P-1534169,FLS-ALL
x-hs-alternate-content-type
text/plain
server
cloudflare
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption
AES256
access-control-allow-methods
GET
x-amz-storage-class
INTELLIGENT_TIERING
date
Wed, 09 Oct 2024 15:22:26 GMT
vary
Accept-Encoding
x-amz-id-2
ZwyVMGf39WD7nKoABZGOr560UinDE7AX9jEqGY9Lc/achzwovezKkQGvhww7Nwis9G+SBbqCRK0+o/TgdRlD+XZAgCn91nvarwfbYUdBdDU=
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
via
1.1 13381fd50efa5561b2ef8fff32bb471a.cloudfront.net (CloudFront)
cf-ray
8cff5db8ef6b94c6-LHR
access-control-allow-origin
*
x-amz-cf-pop
LHR3-C2
x-amz-meta-created-unix-time-millis
1680712961922
counters.gif
forms.hsforms.com/embed/v3/
35 B
541 B
Image
General
Full URL
https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=2
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
none
x-request-id
9343d841-4ded-4814-9db0-e9f267ff977c
access-control-expose-headers
X-Origin-Hublet
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-evy-trace-listener
listener_https
date
Wed, 09 Oct 2024 15:22:26 GMT
x-hubspot-correlation-id
9343d841-4ded-4814-9db0-e9f267ff977c
content-type
image/gif
vary
origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=0, no-cache, no-store
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-5485db5487-kjvw7
x-envoy-upstream-service-time
2
access-control-allow-credentials
false
cf-ray
8cff5db8fd27cd21-LHR
x-evy-trace-route-configuration
listener_https/all
content-length
35
server
cloudflare
x-evy-trace-virtual-host
all
counters.gif
perf-na1.hsforms.com/embed/v3/
35 B
581 B
Image
General
Full URL
https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
none
x-request-id
979e2269-4f8f-4ff5-b2f6-f2b36960c86e
access-control-expose-headers
X-Origin-Hublet
cf-cache-status
MISS
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-evy-trace-listener
listener_https
date
Wed, 09 Oct 2024 15:22:26 GMT
x-hubspot-correlation-id
979e2269-4f8f-4ff5-b2f6-f2b36960c86e
content-type
image/gif
vary
origin, Accept-Encoding
last-modified
Wed, 09 Oct 2024 15:22:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=0, no-cache, no-store
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-5485db5487-56dgq
x-envoy-upstream-service-time
3
access-control-allow-credentials
false
cf-ray
8cff5db91d83cd21-LHR
accept-ranges
bytes
x-evy-trace-route-configuration
listener_https/all
content-length
35
server
cloudflare
x-evy-trace-virtual-host
all
json
forms.hubspot.com/lead-flows-config/v1/config/
3 KB
2 KB
XHR
General
Full URL
https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=1534169&contentId=180426032289&currentUrl=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware
Requested by
Host: cdn.inspectlet.com
URL: https://cdn.inspectlet.com/inspectlet.js?wid=3274945&r=480135
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
75c1b7496ebe11648cb9e8024e480b625eedd00fd058e3dba4a06673ef20e0c6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
none
access-control-max-age
180
x-request-id
464be780-2c67-419f-8128-36bb042bd18b
content-encoding
gzip
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zNwBszN1uqw6RSdsypgNIKCqEWItmmsHIA1AhFpN2%2BPoozSnA5pPRiuyedjLN55uGHwemZHu%2FQxKVZ7qWVHkztU%2Fjq6qVdzZVlEkkZ9L6kh8A3xaxYr3wIwaiY0qgc%2FgbTijOFYioxg8EtdsGnuy"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-evy-trace-listener
listener_https
date
Wed, 09 Oct 2024 15:22:36 GMT
x-hubspot-correlation-id
464be780-2c67-419f-8128-36bb042bd18b
content-type
application/json;charset=utf-8
vary
origin
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=0, no-cache, no-store
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-5485db5487-hlmzt
x-envoy-upstream-service-time
38
access-control-allow-credentials
false
cf-ray
8cff5df669fb93ee-LHR
access-control-allow-origin
https://blog.morphisec.com
x-evy-trace-route-configuration
listener_https/all
content-length
1067
server
cloudflare
x-evy-trace-virtual-host
all
counters.gif
forms-na1.hsforms.com/embed/v3/
35 B
539 B
Image
General
Full URL
https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
none
x-request-id
92b39b05-a6e6-43d3-87f1-5a88738ab26b
access-control-expose-headers
X-Origin-Hublet
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-evy-trace-listener
listener_https
date
Wed, 09 Oct 2024 15:22:38 GMT
x-hubspot-correlation-id
92b39b05-a6e6-43d3-87f1-5a88738ab26b
content-type
image/gif
vary
origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=0, no-cache, no-store
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-5485db5487-jqzfq
x-envoy-upstream-service-time
4
access-control-allow-credentials
false
cf-ray
8cff5e057beecd21-LHR
x-evy-trace-route-configuration
listener_https/all
content-length
35
server
cloudflare
x-evy-trace-virtual-host
all
counters.gif
forms.hsforms.com/embed/v3/
35 B
539 B
Image
General
Full URL
https://forms.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
none
x-request-id
eaf6ff1f-f88b-40cb-bc41-68ff9f828674
access-control-expose-headers
X-Origin-Hublet
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-evy-trace-listener
listener_https
date
Wed, 09 Oct 2024 15:22:38 GMT
x-hubspot-correlation-id
eaf6ff1f-f88b-40cb-bc41-68ff9f828674
content-type
image/gif
vary
origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=0, no-cache, no-store
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-5485db5487-n724b
x-envoy-upstream-service-time
3
access-control-allow-credentials
false
cf-ray
8cff5e059c08cd21-LHR
x-evy-trace-route-configuration
listener_https/all
content-length
35
server
cloudflare
x-evy-trace-virtual-host
all
counters.gif
forms-na1.hsforms.com/embed/v3/
35 B
539 B
Image
General
Full URL
https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
none
x-request-id
999f0bc1-d27f-40f8-b37f-41c13f3d63fa
access-control-expose-headers
X-Origin-Hublet
cf-cache-status
DYNAMIC
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-evy-trace-listener
listener_https
date
Wed, 09 Oct 2024 15:22:38 GMT
x-hubspot-correlation-id
999f0bc1-d27f-40f8-b37f-41c13f3d63fa
content-type
image/gif
vary
origin
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=0, no-cache, no-store
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-5485db5487-j45xs
x-envoy-upstream-service-time
3
access-control-allow-credentials
false
cf-ray
8cff5e05ac1dcd21-LHR
x-evy-trace-route-configuration
listener_https/all
content-length
35
server
cloudflare
x-evy-trace-virtual-host
all
__ptq.gif
track.hubspot.com/
45 B
540 B
Image
General
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-gb&bfp=3754766307&v=1.1&a=1534169&pi=180426032289&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&cpi=180426032289&cgi=3742504875&lpi=180426032289&lvi=180426032289&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&t=Not+All+Fun+and+Games%3A+Lua+Malware+Targets+Educational+Sector+and+Student+Gaming+Engines&cts=1728487358724&vi=0f27b00ed51c22da6e154cff47387a21&nc=true&u=182053752.0f27b00ed51c22da6e154cff47387a21.1728487358722.1728487358722.1728487358722.1&b=182053752.1.1728487358722&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
none
x-request-id
18f00dd0-e455-46c5-8e5f-9928cff915ce
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=945MrbHywwF8dBFDaQfkRiy9l1EARnIi%2F9FodoTeGjffx55DTQ1JOYyPOcZw18qUG94HucMTU91RDFPFMe0uiWxJKCs%2FFRlpeEWJT5JKbos6JIi4ISLlMaST54PJ4EF4Msn%2BnXHF2jET%2BN4oYFyk"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-evy-trace-listener
listener_https
p3p
CP="NOI CUR ADM OUR NOR STA NID"
date
Wed, 09 Oct 2024 15:22:38 GMT
x-hubspot-correlation-id
18f00dd0-e455-46c5-8e5f-9928cff915ce
content-type
image/gif
vary
origin, Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
cache-control
no-cache, no-store, no-transform
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-689db97f95-8mkwb
x-envoy-upstream-service-time
7
access-control-allow-credentials
false
cf-ray
8cff5e082d5c955d-LHR
x-evy-trace-route-configuration
listener_https/all
content-length
45
server
cloudflare
x-evy-trace-virtual-host
all
counters.gif
perf.hsforms.com/embed/v3/
35 B
581 B
Image
General
Full URL
https://perf.hsforms.com/embed/v3/counters.gif?key=cta-with-analytics&value=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
none
x-request-id
dd53f001-d1fd-48c0-935f-f8ad9475df23
access-control-expose-headers
X-Origin-Hublet
cf-cache-status
MISS
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
x-evy-trace-listener
listener_https
date
Wed, 09 Oct 2024 15:22:38 GMT
x-hubspot-correlation-id
dd53f001-d1fd-48c0-935f-f8ad9475df23
content-type
image/gif
vary
origin, Accept-Encoding
last-modified
Wed, 09 Oct 2024 15:22:38 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=0, no-cache, no-store
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-5485db5487-7b6jk
x-envoy-upstream-service-time
3
access-control-allow-credentials
false
cf-ray
8cff5e082f3fcd21-LHR
accept-ranges
bytes
x-evy-trace-route-configuration
listener_https/all
content-length
35
server
cloudflare
x-evy-trace-virtual-host
all
__ptq.gif
track.hubspot.com/
45 B
549 B
Image
General
Full URL
https://track.hubspot.com/__ptq.gif?k=16&fi=793c7b55-5354-40a5-a09f-5c8f3e0c1a23&lfi=147151&ft=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-gb&bfp=3754766307&v=1.1&a=1534169&pi=180426032289&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&cpi=180426032289&cgi=3742504875&lpi=180426032289&lvi=180426032289&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&t=Not+All+Fun+and+Games%3A+Lua+Malware+Targets+Educational+Sector+and+Student+Gaming+Engines&cts=1728487358728&vi=0f27b00ed51c22da6e154cff47387a21&nc=true&u=182053752.0f27b00ed51c22da6e154cff47387a21.1728487358722.1728487358722.1728487358722.1&b=182053752.1.1728487358722&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
none
x-request-id
21d18b8a-e8cc-4ef7-8971-cfbacc9b39ee
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jAvLWaDxtJ1CEW79b%2FV%2BVV8UF8pHg5P4O15RqKpm5NzoyYVZFkFcr%2BPY6dwjXFb%2B%2FtrttP0yo5YYRLuJhxJaD8pCgvyTJaCmWcmJSi3OvO1rHrFgVXTxMj45u%2FuS16OpshKf%2FoYubrG5%2FxdwgCmR"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-evy-trace-listener
listener_https
p3p
CP="NOI CUR ADM OUR NOR STA NID"
date
Wed, 09 Oct 2024 15:22:38 GMT
x-hubspot-correlation-id
21d18b8a-e8cc-4ef7-8971-cfbacc9b39ee
content-type
image/gif
vary
origin, Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
cache-control
no-cache, no-store, no-transform
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-689db97f95-8bdvb
x-envoy-upstream-service-time
9
access-control-allow-credentials
false
cf-ray
8cff5e082d71955d-LHR
x-evy-trace-route-configuration
listener_https/all
content-length
45
server
cloudflare
x-evy-trace-virtual-host
all
__ptq.gif
track.hubspot.com/
45 B
416 B
Image
General
Full URL
https://track.hubspot.com/__ptq.gif?k=15&fi=37b11fda-a2aa-4805-9c0e-bae8eaccd6b7&fci=97befbbd-a4a7-4a6a-9d43-2c678f5ea200&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-gb&bfp=3754766307&v=1.1&a=1534169&pi=180426032289&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&cpi=180426032289&cgi=3742504875&lpi=180426032289&lvi=180426032289&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&t=Not+All+Fun+and+Games%3A+Lua+Malware+Targets+Educational+Sector+and+Student+Gaming+Engines&cts=1728487358729&vi=0f27b00ed51c22da6e154cff47387a21&nc=true&u=182053752.0f27b00ed51c22da6e154cff47387a21.1728487358722.1728487358722.1728487358722.1&b=182053752.1.1728487358722&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
none
x-request-id
ca1492a6-5b86-4cbe-90cf-a2809fe4f9ea
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gwi9v8QIF%2Fev8bI9Ae0dfvLfnEygRXFz%2B8T823iG1RWdyQWVS%2BUyfiCDYyAvDeN%2B8fnS8c7e%2BcSvR%2FPhBGZpgft%2FnkpGvwS9qixpISLImeh2vPhEYwLdNfW4AKkBM2mvtwluM1RZ%2FcMxxYkjpohr"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-evy-trace-listener
listener_https
p3p
CP="NOI CUR ADM OUR NOR STA NID"
date
Wed, 09 Oct 2024 15:22:38 GMT
x-hubspot-correlation-id
ca1492a6-5b86-4cbe-90cf-a2809fe4f9ea
content-type
image/gif
vary
origin, Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
cache-control
no-cache, no-store, no-transform
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-689db97f95-8mkwb
x-envoy-upstream-service-time
5
access-control-allow-credentials
false
cf-ray
8cff5e083d7f955d-LHR
x-evy-trace-route-configuration
listener_https/all
content-length
45
server
cloudflare
x-evy-trace-virtual-host
all
__ptq.gif
track.hubspot.com/
45 B
563 B
Image
General
Full URL
https://track.hubspot.com/__ptq.gif?k=17&fi=37b11fda-a2aa-4805-9c0e-bae8eaccd6b7&fci=97befbbd-a4a7-4a6a-9d43-2c678f5ea200&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-gb&bfp=3754766307&v=1.1&a=1534169&pi=180426032289&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&cpi=180426032289&cgi=3742504875&lpi=180426032289&lvi=180426032289&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&t=Not+All+Fun+and+Games%3A+Lua+Malware+Targets+Educational+Sector+and+Student+Gaming+Engines&cts=1728487358729&vi=0f27b00ed51c22da6e154cff47387a21&nc=true&u=182053752.0f27b00ed51c22da6e154cff47387a21.1728487358722.1728487358722.1728487358722.1&b=182053752.1.1728487358722&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
none
x-request-id
dd4750ed-39f8-4ae3-a453-fee51c1abd81
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4g%2FK2EaiQJmmpAX4q6Anq7jfk1y371LUer9Lt4p%2FF%2FFY4ZdIS4t58UpgwIxo4vQ7xJkLlg2MkvgwOMALfJ4fHmXIkWtQrK2oj4oFOYpkvYl7OKKuQch0GqqaENp%2BPOuuWM8IcpgiYGhmVcN8Vsyz"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-evy-trace-listener
listener_https
p3p
CP="NOI CUR ADM OUR NOR STA NID"
date
Wed, 09 Oct 2024 15:22:38 GMT
x-hubspot-correlation-id
dd4750ed-39f8-4ae3-a453-fee51c1abd81
content-type
image/gif
vary
origin, Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
cache-control
no-cache, no-store, no-transform
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-689db97f95-hlgfl
x-envoy-upstream-service-time
6
access-control-allow-credentials
false
cf-ray
8cff5e083d83955d-LHR
x-evy-trace-route-configuration
listener_https/all
content-length
45
server
cloudflare
x-evy-trace-virtual-host
all
__ptq.gif
track.hubspot.com/
45 B
439 B
Image
General
Full URL
https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%22d4f17ebf-d8a2-49c3-9bca-a8f8112b45f3%22%2C%22c5b10fd2-1f83-4c8f-b33b-106296dbd6da%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-gb&bfp=3754766307&v=1.1&a=1534169&pi=180426032289&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&cpi=180426032289&cgi=3742504875&lpi=180426032289&lvi=180426032289&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&t=Not+All+Fun+and+Games%3A+Lua+Malware+Targets+Educational+Sector+and+Student+Gaming+Engines&cts=1728487358727&vi=0f27b00ed51c22da6e154cff47387a21&nc=true&u=182053752.0f27b00ed51c22da6e154cff47387a21.1728487358722.1728487358722.1728487358722.1&b=182053752.1.1728487358722&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
none
x-request-id
3361e127-bff0-48a3-8cee-5692d478fe62
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mEPZd1B3tAhsG1aWzrZaFXFx4UCVAXCLtWQ5Io7rw9bx3rmABO6RX7Rdb2MFt%2BzEQtRig5Q%2Bct%2Bsqxiy%2F0v3RqzIT5mOe76i4yP75wYJrThJA51nAlsFZZ7HV7Ihf9%2BKBStauy4UTJPyrRUAsHHr"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-evy-trace-listener
listener_https
p3p
CP="NOI CUR ADM OUR NOR STA NID"
date
Wed, 09 Oct 2024 15:22:38 GMT
x-hubspot-correlation-id
3361e127-bff0-48a3-8cee-5692d478fe62
content-type
image/gif
vary
origin, Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
cache-control
no-cache, no-store, no-transform
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-689db97f95-cqcg5
x-envoy-upstream-service-time
4
access-control-allow-credentials
false
cf-ray
8cff5e083d91955d-LHR
x-evy-trace-route-configuration
listener_https/all
content-length
45
server
cloudflare
x-evy-trace-virtual-host
all
__ptq.gif
track.hubspot.com/
45 B
557 B
Image
General
Full URL
https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%22e098d357-1710-4cfe-8901-19c93de122f4%22%2C%22f5374243-2466-4afb-8700-3d366c63bdf6%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-gb&bfp=3754766307&v=1.1&a=1534169&pi=180426032289&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&cpi=180426032289&cgi=3742504875&lpi=180426032289&lvi=180426032289&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&t=Not+All+Fun+and+Games%3A+Lua+Malware+Targets+Educational+Sector+and+Student+Gaming+Engines&cts=1728487358728&vi=0f27b00ed51c22da6e154cff47387a21&nc=true&u=182053752.0f27b00ed51c22da6e154cff47387a21.1728487358722.1728487358722.1728487358722.1&b=182053752.1.1728487358722&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
none
x-request-id
41d9c62c-1170-4567-99b8-fc3e8554cffb
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sKE1KPSqMeVZDCqqhEsU4%2FyHNHv2aLO4pAfKrDXxO0EZ1KLKMc49ebi6PJPmRFztIgtInWxN2F5qyKiFuCvlFNWae9iYOLhjH1ai2zGzawwD1PoEgokCAyoCmIJ2uFiWJ9frK%2F19UAncikhW58sf"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-evy-trace-listener
listener_https
p3p
CP="NOI CUR ADM OUR NOR STA NID"
date
Wed, 09 Oct 2024 15:22:38 GMT
x-hubspot-correlation-id
41d9c62c-1170-4567-99b8-fc3e8554cffb
content-type
image/gif
vary
origin, Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
cache-control
no-cache, no-store, no-transform
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-689db97f95-cqcg5
x-envoy-upstream-service-time
5
access-control-allow-credentials
false
cf-ray
8cff5e083d94955d-LHR
x-evy-trace-route-configuration
listener_https/all
content-length
45
server
cloudflare
x-evy-trace-virtual-host
all
__ptq.gif
track.hubspot.com/
45 B
481 B
Image
General
Full URL
https://track.hubspot.com/__ptq.gif?k=12&aij=%5B%223c83d6d5-0c56-47b7-8aee-ae6edf73c360%22%2C%2264affa5c-d696-47c5-9e88-09336d256046%22%5D&rfc=8&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-gb&bfp=3754766307&v=1.1&a=1534169&pi=180426032289&ct=blog-post&ccu=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&cpi=180426032289&cgi=3742504875&lpi=180426032289&lvi=180426032289&lvc=en-us&pu=https%3A%2F%2Fblog.morphisec.com%2Fthreat-analysis-lua-malware&t=Not+All+Fun+and+Games%3A+Lua+Malware+Targets+Educational+Sector+and+Student+Gaming+Engines&cts=1728487358728&vi=0f27b00ed51c22da6e154cff47387a21&nc=true&u=182053752.0f27b00ed51c22da6e154cff47387a21.1728487358722.1728487358722.1728487358722.1&b=182053752.1.1728487358722&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
none
x-request-id
da835ee3-917c-410e-9e6a-c36fbc88ec5a
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B80Bu%2Bzzle%2B1F%2BmZ6fj0v7pYWJMlLgGveLwY50B6mlwGkiZEISWnn%2BmP8I2n7FrP59MywX%2F5vRWf1VlP11oSejjfJeiO27LcublIbkojAHc36PN9aZdH5CABbDamv0ze1NvVLD9VWansEmTwOkds"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-evy-trace-listener
listener_https
p3p
CP="NOI CUR ADM OUR NOR STA NID"
date
Wed, 09 Oct 2024 15:22:39 GMT
x-hubspot-correlation-id
da835ee3-917c-410e-9e6a-c36fbc88ec5a
content-type
image/gif
vary
origin, Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
cache-control
no-cache, no-store, no-transform
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-689db97f95-8mkwb
x-envoy-upstream-service-time
8
access-control-allow-credentials
false
cf-ray
8cff5e094fc2955d-LHR
x-evy-trace-route-configuration
listener_https/all
content-length
45
server
cloudflare
x-evy-trace-virtual-host
all
trends.min.js
assets.trendemon.com/tag/
301 KB
60 KB
Script
General
Full URL
https://assets.trendemon.com/tag/trends.min.js
Requested by
Host: blog.morphisec.com
URL: https://blog.morphisec.com/threat-analysis-lua-malware
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:275b:5600:2:7dc7:8f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
2408c002d9aa33f835f3d468e5ace993a1c12f6a0c09b4023b633387d5d7fff3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

content-encoding
gzip
etag
"7226ef628fcaea5dad96b32f975afb3a"
age
67390
via
1.1 c0db8c417b5a375429fc7f3c54841604.cloudfront.net (CloudFront)
accept-ranges
bytes
x-cache
Hit from cloudfront
content-length
61290
x-amz-cf-id
Xtt-NXM66fxFbPtPa3kiqs6R9zBtAyGYMDecJnWOVgn0EZ2aB1x4lA==
date
Tue, 08 Oct 2024 20:39:29 GMT
content-type
application/javascript
last-modified
Mon, 23 Sep 2024 13:58:42 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P7
x-amz-server-side-encryption
AES256
favicon.png
blog.morphisec.com/hubfs/
6 KB
7 KB
Other
General
Full URL
https://blog.morphisec.com/hubfs/favicon.png
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.31 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
21b4725e42948eeab21e8cf6f0affb63ebc065012b4c7dff779e428ebd33a814
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-robots-tag
all
cf-cache-status
HIT
etag
"ea24d021ea3624ea4b240968cf888698"
age
86723
cache-tag
F-3821681143,P-1534169,FLS-ALL
x-amz-version-id
Cnv3wBnNrZaYmPSr18E5pTmPg2lCgt7t
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=whxUlAahHv0hY%2Bb97mOhLI6DRZFSZmOKtQlPVsjhN94qf%2FcZSILtxPQbxzDfjOr5O05Jgy3bf7BxVsdgDym0O6n03whSqWi5ZYHuYSwODscltQKL3KzaxYvbI2dXiXV48cMWVA%3D%3D"}],"group":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
x-cache
RefreshHit from cloudfront
x-amz-cf-id
E1qs35nMRF98btBBgIz7Dg457NX3veVdIx69-T103-KEBYBvCIE-8A==
content-type
image/webp
content-disposition
inline; filename="favicon.webp"
last-modified
Wed, 03 Apr 2024 17:46:43 GMT
x-amz-meta-index-tag
all
x-amz-replication-status
COMPLETED
edge-cache-tag
F-3821681143,P-1534169,FLS-ALL
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id
DGMB6VFWTW43ETPA
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
accept-ranges
bytes
x-amz-meta-cache-tag
F-3821681143,P-1534169,FLS-ALL
content-length
5908
server
cloudflare
x-amz-server-side-encryption
AES256
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
access-control-allow-methods
GET
x-amz-storage-class
INTELLIGENT_TIERING
cf-polished
origFmt=png, origSize=8707
date
Wed, 09 Oct 2024 15:22:38 GMT
vary
Accept, Accept-Encoding
x-amz-id-2
hEdcltjZvWDgjovdfSfksaJgM16hg3k9pR3nL+U5A8ZYviInnLdSscLHuLEfdfPltKGxiXjv85RNp0llwotOLQavSpDzEoJ3
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-meta-access-tag
public-indexable
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
via
1.1 5d21561f8325da91dd79188f8c919b08.cloudfront.net (CloudFront)
cf-ray
8cff5e08ffac7750-LHR
access-control-allow-origin
*
x-amz-cf-pop
LHR3-C2
x-amz-meta-created-unix-time-millis
1453980185925
2552
trackingapi.trendemon.com/api/settings/
642 B
781 B
Script
General
Full URL
https://trackingapi.trendemon.com/api/settings/2552?callback=jsonp855088&vid=
Requested by
Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.158.153.5 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-158-153-5.compute-1.amazonaws.com
Software
Kestrel /
Resource Hash
e4f3b78618fa55f7ec82536c41128173beae61a3a8922502416be4ee4fbd2c6f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

cache-control
no-store,no-cache
content-length
642
date
Wed, 09 Oct 2024 15:22:39 GMT
pragma
no-cache
content-type
application/x-javascript; charset=UTF-8
server
Kestrel
identity.min.js
assets.trendemon.com/global/
18 KB
6 KB
Script
General
Full URL
https://assets.trendemon.com/global/identity.min.js
Requested by
Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:275b:5600:2:7dc7:8f00:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
1220bdf087a7b3b0f068e1dc2422c361ef11cf999ff8ea343573d9e5a7c19bdc

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

x-amz-cf-pop
FRA60-P7
content-encoding
br
etag
W/"3f44b799c727cbac65d90f0779b8eb4e"
age
50058
via
1.1 c0db8c417b5a375429fc7f3c54841604.cloudfront.net (CloudFront)
x-cache
Hit from cloudfront
x-amz-cf-id
VJ_0tfxWi2JJMdPsffVB_295YS1fyYPJcr5eZNB5GWyVCqFd1KpQUw==
date
Wed, 09 Oct 2024 01:28:26 GMT
content-type
application/javascript
vary
Accept-Encoding
server
AmazonS3
last-modified
Mon, 23 Sep 2024 13:58:46 GMT
x-amz-server-side-encryption
AES256
me
trackingapi.trendemon.com/api/Identity/
94 B
510 B
Script
General
Full URL
https://trackingapi.trendemon.com/api/Identity/me?accountId=2552&DomainCookie=17284873593694957&fingerPrint=d8b5b6894231cd90d2f48db4c25b157d&callback=jsonp969130&vid=
Requested by
Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.158.153.5 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-158-153-5.compute-1.amazonaws.com
Software
Kestrel /
Resource Hash
224497d47c9f0b3603b8e822221c6f96128d1ae8a51ee4cf563d305d7636bd72

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

cache-control
no-store,no-cache
content-length
94
date
Wed, 09 Oct 2024 15:22:39 GMT
pragma
no-cache
content-type
application/x-javascript; charset=UTF-8
server
Kestrel
marketingautomation
trackingapi.trendemon.com/api/
93 B
230 B
Script
General
Full URL
https://trackingapi.trendemon.com/api/marketingautomation?AccountId=2552&ClientUrl=aHR0cHM6Ly9ibG9nLm1vcnBoaXNlYy5jb20vdGhyZWF0LWFuYWx5c2lzLWx1YS1tYWx3YXJl&CookieId=17284873593694957&MaCookie=MGYyN2IwMGVkNTFjMjJkYTZlMTU0Y2ZmNDczODdhMjE%3D&MaCookieName=aHVic3BvdHV0aw%3D%3D&MaName=hubspot&callback=jsonp84766&vid=2552:17284873593694957
Requested by
Host: assets.trendemon.com
URL: https://assets.trendemon.com/tag/trends.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.158.153.5 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-158-153-5.compute-1.amazonaws.com
Software
Kestrel /
Resource Hash
88410d8cbdcb2030b305402df0ecf59d38fc5b33c92337d8c4a642f1784d8a12

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

cache-control
no-store,no-cache
content-length
93
date
Wed, 09 Oct 2024 15:22:39 GMT
pragma
no-cache
content-type
application/x-javascript; charset=UTF-8
server
Kestrel
pageview
trackingapi.trendemon.com/api/events/
43 B
234 B
Image
General
Full URL
https://trackingapi.trendemon.com/api/events/pageview?accountId=2552&url=aHR0cHM6Ly9ibG9nLm1vcnBoaXNlYy5jb20vdGhyZWF0LWFuYWx5c2lzLWx1YS1tYWx3YXJl&cookie=17284873593694957&referral=&variant=&otwId=&otwItemId=&streamId=&streamContentId=&vid=2552:17284873593694957&r=1728487359589
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.158.153.5 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-158-153-5.compute-1.amazonaws.com
Software
Kestrel /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://blog.morphisec.com/threat-analysis-lua-malware

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
age
1691358
expires
Mon, 01 Jan 1990 00:00:00 GMT
content-length
43
date
Wed, 09 Oct 2024 15:22:39 GMT
content-type
image/gif
server
Kestrel

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
lltrck.com
URL
https://lltrck.com/scripts/lt-v3.js?llid=35958

Verdicts & Comments Add Verdict or Comment

218 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 function| $ function| jQuery object| dataLayer function| initApollo object| __core-js_shared__ object| Sslac object| IN function| u object| trackingFunctions object| google_tag_manager object| google_tag_data object| _hsq object| hbspt object| hsVars function| hs_i18n_log function| hs_i18n_substituteStrings function| hs_i18n_insertPlaceholders function| hs_i18n_getMessage function| onYouTubeIframeAPIReady string| src object| cf_s object| __COOKIE_BANNER_SETTINGS__ object| chunkCB function| addCFGTMConsentListener number| __COOKIE_BANNER_INIT_TIME__ function| gtag function| hj object| _hjSettings function| fbq function| _fbq string| _linkedin_partner_id object| _linkedin_data_partner_ids function| lintrk string| SnitchObject function| snid number| TRD_ACC_ID object| formalyze object| techtargetic string| SLScoutObject function| slscout object| __insp boolean| CF_visiblity object| CookieFirst function| cookiefirst_show_settings number| __inspld object| hjSiteSettings object| hjLazyModules function| hjBootstrap object| hjBootstrapCalled boolean| _already_called_lintrk string| snWid string| snSnid string| snHost object| snGaConnections number| pagetime_count string| page_uuid string| prevLocation string| session_uuid string| snid_id object| lottie-player object| reactiveElementVersions object| litHtmlVersions object| litElementVersions boolean| __clearbit_tagsjs object| clearbit function| parcelRequire object| ClearbitForms object| hubspot object| HubSpotForms object| hsFormsOnReady object| options object| hsPostListings function| hsPopulateListingFeed function| hsOnReadyPopulateListingFeed_508700655_1728484010659 function| twq object| ORIBILI object| FB object| regeneratorRuntime object| twttr object| __twttrll object| __twttr function| LazyLoad object| __buffer object| Base64i function| $i function| __insp_ object| __inspcr object| __inspm object| __inspq function| setZeroTimeout object| __inspels object| clearbitsq object| args string| method function| normalize object| GooglebQhCsO object| gaGlobal object| imgLazy function| stickyHeader function| playVid function| pauseVid function| setHeight function| mixitup object| _hsp boolean| PIXELS_RAN object| enabledEventSettings object| hsCookieBanner boolean| _hspb_loaded boolean| _hspb_ran object| __hsCollectedFormsDebug function| sanitizeKey boolean| _hstc_loaded object| hsCtasOnReady object| __PRIVATE__HubspotCtaClient object| hsCallsToActionsReady object| __hsWebInteractiveInstance object| hsConversationsOnReady object| HubSpotCallsToActions boolean| hubspot_web_interactives_running object| globalRoot function| bindToWindowOnError object| leadflows function| OutpostErrorReporter function| _registerAvailablePopup object| _availablePopups boolean| popupPoliceActive boolean| LEAD_FLOWS_RAN boolean| COMMON_SETUP_RAN boolean| LEAD_FLOW_DOCUMENT_READY_RAN boolean| _hstc_ran string| __hsUserToken number| expireDateTime function| $Trd_Base64 function| $Trd_i18n function| __awaiter function| __generator function| $Trd_Utils function| $Trd_Tools function| RecordsService function| __extends function| $Trd_UserPageHistory_Cook object| enRenderModes object| $Trd_InternalEventsTypes object| $Trd_TriggersEventsTypes function| mapBackendTriggers function| $Trd_Context function| $Trd_EnvironmentSettings function| $Trd_ClientCookie function| $Trd_CtaClientCookie function| $Trd_ButtonSelector object| Frequency object| UnitVisibiltyType object| UnitTypeId object| AceVariantType object| AceElementAction object| AceElementAddPosition object| AceElementAddType object| ElementReplaceType object| AceImageReplaceMode object| AceImageObjectFit object| CssSizeUnits object| AceTextAlign object| AcePosition object| AceElementDisplay object| AceBackgroundImageFit object| StreamContentType object| StreamContentDesktopPosition object| StreamContentThumbnailType object| StreamLayoutAutoLoadTrigger function| $Trd_Logger object| COOKIE_NAMES function| $Trd_Visitor string| LOCAL_STORAGE_ITEM_NAME function| $Trd_FormListener function| $Trd_UrlGrabber function| $Trd_Events function| $Trd_Pageview string| $TRD_MA_COOKIE_NAME object| $TRD_MA_COOKIE_NAME_MAP function| $Trd_MarketingAutomation function| $TRD_CtaComponent function| $TRD_CtaContentComponent function| $TRD_GenericLayoutComponent function| $TRD_FormLayoutComponent function| $TRD_RecommendationLayoutComponent function| $TRD_RecommendCarouselLayoutComponent function| $TRD_GenericScriptComponent function| $TRD_FastTextLayoutComponent function| __assign function| __spreadArray function| $Trd_StreamManager function| $TRD_SurveyLayoutComponent number| COOLOFF_DAYS_AFTER_CLOSE number| COOLOFF_MS_AFTER_CLOSE function| $Trd_ExperienceManager function| $TRD_ClientAppFactory function| $TRD_ClientApp function| $TRD_ClientAppDrift function| $TRD_ClientAppSixSense object| trdContext function| $Trd_AceManager string| TRD_HIDER_STYLE_ID function| $Trd_NApi object| TrendemonContext object| $trd_Context object| trd_api object| IdentityConfig function| $Trd_Identity

47 Cookies

Domain/Path Name / Value
.blog.morphisec.com/ Name: __cfruid
Value: 174471b1481386584cda4586af683fab34916f20-1728487341
.hubspot.com/ Name: __cf_bm
Value: 620wehTeOPBdn1fgIGmQ5PuaSLmkNJalypHHrCu7plU-1728487341-1.0.1.1-bNHgSuqRAvSyyyhi2VpNkfuYW0bPjmjaHEC8XFAnklNyhlpK8n2jyhkLE40C4mTWAyD5I5oTypW6O6TwWphECA
.hubspot.com/ Name: _cfuvid
Value: 9WMKGO54LpYGOzWxZIJqLnc4UnCtqKMpR4VdrZdMnTE-1728487341577-0.0.1.1-604800000
.apollo.io/ Name: __cf_bm
Value: buCrA1MB.wGlBArr1cmVWPfAfrB.RSgbbvjum67Ov20-1728487343-1.0.1.1-kzWN_7V.69wKvfkHL0g8pclqOW7KeqRPBbV2hfXR1IjPWhdcn4AUmd0eRODPhgyEM0VrVbzKf4GLhhp6xuSCwA
.blog.morphisec.com/ Name: __cf_bm
Value: owdCvzIhgJf.s3ZjDVDYS.ZDwhsYJ2RUAORxPzkIZAU-1728487341-1.0.1.1-eBzeqrTsOg1Xn5J_zOP0aRnmMVvp7yw3zpl0hw6s8CLBMk596EwN3_uCmr2WymqvhuptEKprzJAOZxnUXhmdAA
.www.morphisec.com/ Name: __cf_bm
Value: mq6DgxzE1VEZh85e3L7zWxPLWCaNkwlQ9VhNIv6Q7qA-1728487343-1.0.1.1-bSq9gBQ3BlfcISzUftffo5TCsq_WBKig_xGLK4dYhAYyg_SK.nTKfJyYSRnUht85OISXZ4hNl1HQLI5Ukoii9w
.www.morphisec.com/ Name: __cfruid
Value: d3832ea3339f9450515a23e669c61e1d6cf5d271-1728487343
.techtarget.com/ Name: __cf_bm
Value: H_doip6Yqxz3M36pmbZ1ZcjW8uqeB8b1Iad0ScRS67E-1728487344-1.0.1.1-T7XxR8eKkdPU__7CwIS7ZBKtLZTSGgZ3IM.9FiS1ehp47redQ5S_JRPmqoyMvAqJ.jtcbVC0F8U3WknkjnUyWQ
snid.snitcher.com/ Name: SNID
Value: eyJpdiI6ImlSNWZJanZUU1JZQ3N2NlB5YlhGSHc9PSIsInZhbHVlIjoia1huNjBBWWJvcWFTcGsyM1JVRWUvMGw4cVd2NjI1MkhNaURwa2o1VjJ6QVlTVUtTMEMvM2JXR2hqbnFKL1VWcUl1amJmVFhKRkRLalMzWnF5T2tqZ1pJSGtmT29WQ3Z6TWJWbG1GaVZYRUhkZnRvMzl4RjZJaDFobmo1OG1HTFoiLCJtYWMiOiJmODc3YTU5MTU4ZTNhY2IyOTgwNjg2MzdiZmExNWZjNjAxYjY2ZjYyNjg5ZWY2OTU1Y2RiNDdmOGQ0YzEyZDhjIiwidGFnIjoiIn0%3D
.morphisec.com/ Name: _fbp
Value: fb.1.1728487344572.924433052207725667
blog.morphisec.com/ Name: slireg
Value: https://scout.us2.salesloft.com
.linkedin.com/ Name: bcookie
Value: "v=2&5d37d81e-5ab2-4f62-8cec-9544efe3f1ce"
.linkedin.com/ Name: li_gc
Value: MTswOzE3Mjg0ODczNDQ7MjswMjHZY9IjYnSOVOjPNP+LRoR9p7f3bX7uBsioql5oYmek0g==
.linkedin.com/ Name: lidc
Value: "b=TGST00:s=T:r=T:a=T:p=T:g=3511:u=1:x=1:i=1728487344:t=1728573744:v=2:sig=AQFNF4DIQWNwlw8dqd_GeNT-qqcTcSoR"
blog.morphisec.com/ Name: slirequested
Value: true
.morphisec.com/ Name: __insp_wid
Value: 3274945
.morphisec.com/ Name: __insp_slim
Value: 1728487345009
.morphisec.com/ Name: __insp_nv
Value: true
.morphisec.com/ Name: __insp_targlpu
Value: aHR0cHM6Ly9ibG9nLm1vcnBoaXNlYy5jb20vdGhyZWF0LWFuYWx5c2lzLWx1YS1tYWx3YXJl
.morphisec.com/ Name: __insp_targlpt
Value: Tm90IEFsbCBGdW4gYW5kIEdhbWVzOiBMdWEgTWFsd2FyZSBUYXJnZXRzIEVkdWNhdGlvbmFsIFNlY3RvciBhbmQgU3R1ZGVudCBHYW1pbmcgRW5naW5lcw%3D%3D
.morphisec.com/ Name: cb_user_id
Value: null
.morphisec.com/ Name: cb_group_id
Value: null
.morphisec.com/ Name: cb_anonymous_id
Value: %225f031a37-65dc-4834-a1a6-708c849aab9b%22
.twitter.com/ Name: personalization_id
Value: "v1_IuBLIm8/WJzSXxwmv/aTtA=="
blog.morphisec.com/ Name: sliguid
Value: 487d8d49-b656-4e8b-87f6-83e7bea755ad
.t.co/ Name: muc_ads
Value: 96507247-6b73-4677-957f-1ef827c1057e
.t.co/ Name: __cf_bm
Value: SBb.AWUoRRIb15H1Xyb2A5I4huGOhLjZuZCd4P4t2t0-1728487345-1.0.1.1-123yl4naTXf8YnWHm9cDyP50gUIlsgJLKAjQOX5clUnW5tVnFGjZVd1hKWJ30bOcWCAJkh8.FBt9kzNGRKAA1g
.morphisec.com/ Name: __insp_norec_sess
Value: true
.morphisec.com/ Name: _gcl_au
Value: 1.1.589707303.1728487346
.morphisec.com/ Name: _ga_HFVX4VZHCS
Value: GS1.1.1728487343.1.0.1728487343.60.0.0
.morphisec.com/ Name: _ga
Value: GA1.1.2071232070.1728487346
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.hsforms.com/ Name: __cf_bm
Value: BRsVrynBDsSzUODKWuz2ECxakvYcvcmeoBmBPEIFxAc-1728487345-1.0.1.1-3NjfH_f6rbeInLwr7YBZw1mqN33O42ipQ8wZi9WonObpU_FgUDVTA.pRkTqJ2t_cXlOlmNeDFtGmWQJJSZPcfg
.hsforms.com/ Name: _cfuvid
Value: ubAc41j79kpJgebB6ZwppkMlmOL.pqKaVD7Pgu6THUk-1728487345680-0.0.1.1-604800000
.morphisec.com/ Name: _hjSessionUser_3506314
Value: eyJpZCI6IjZmMWE2ZTNlLTNjMDItNTgxYS04MTNiLWMzZWI5MTI4MDk2YyIsImNyZWF0ZWQiOjE3Mjg0ODczNDU3MjgsImV4aXN0aW5nIjp0cnVlfQ==
.morphisec.com/ Name: _hjSession_3506314
Value: eyJpZCI6IjM2MTNmMmE3LWI2MzUtNDY2Zi1iYTc1LWM0MjI1OTRjNWUxZiIsImMiOjE3Mjg0ODczNDU3MjksInMiOjEsInIiOjEsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
.morphisec.com/ Name: __hstc
Value: 182053752.0f27b00ed51c22da6e154cff47387a21.1728487358722.1728487358722.1728487358722.1
.morphisec.com/ Name: hubspotutk
Value: 0f27b00ed51c22da6e154cff47387a21
.morphisec.com/ Name: __hssrc
Value: 1
.morphisec.com/ Name: __hssc
Value: 182053752.1.1728487358722
.morphisec.com/ Name: trd_cid
Value: 17284873593694957
trackingapi.trendemon.com/ Name: trd_gavid_2552
Value: 17284873593694957
trackingapi.trendemon.com/ Name: trd_gvid
Value: 17284873593694957
trackingapi.trendemon.com/ Name: trd_vid_2552
Value: 2552%3A17284873593694957
.morphisec.com/ Name: trd_vid_l
Value: 2552%3A17284873593694957
.morphisec.com/ Name: trd_vuid_l
Value: 2717678618066736691
.morphisec.com/ Name: trd_ma_cookie
Value: MGYyN2IwMGVkNTFjMjJkYTZlMTU0Y2ZmNDczODdhMjE%3D

1 Console Messages

Source Level URL
Text
network error URL: https://x.clearbitjs.com/v1/pk_5fe48b59baf6bb406e34c9012803b845/forms.js?page_path=%2Fthreat-analysis-lua-malware
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

1534169.fs1.hubspotusercontent-na1.net
7052064.fs1.hubspotusercontent-na1.net
analytics.twitter.com
api.hubapi.com
aplo-evnt.com
app.clearbit.com
app.hubspot.com
assets.apollo.io
assets.trendemon.com
blog.morphisec.com
cdn.inspectlet.com
cdn2.hubspot.net
cdnjs.cloudflare.com
connect.facebook.net
consent.cookiefirst.com
content.hotjar.io
cta-service-cms2.hubspot.com
edge.cookiefirst.com
fonts.googleapis.com
forms-na1.hsforms.com
forms.hscollectedforms.net
forms.hsforms.com
forms.hubspot.com
googleads.g.doubleclick.net
hn.inspectlet.com
ibc-flow.techtarget.com
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
js.hscollectedforms.net
js.hsleadflows.net
js.hubspot.com
lltrck.com
no-cache.hubspot.com
perf-na1.hsforms.com
perf.hsforms.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
scout-cdn.salesloft.com
scout.salesloft.com
script.hotjar.com
snap.licdn.com
snid.snitcher.com
static.ads-twitter.com
static.hotjar.com
static.hsappstatic.net
stats.g.doubleclick.net
syndication.twitter.com
t.co
tag.clearbitscripts.com
td.doubleclick.net
track.hubspot.com
trackingapi.trendemon.com
trk.techtarget.com
www.facebook.com
www.google.co.uk
www.google.com
www.googletagmanager.com
www.morphisec.com
x.clearbitjs.com
lltrck.com
104.18.80.204
104.18.90.62
104.244.42.131
104.244.42.8
13.107.42.14
13.33.187.74
142.250.184.194
142.250.185.132
142.250.186.67
146.75.120.157
157.240.253.1
162.159.140.229
169.150.247.39
172.67.10.172
18.153.4.44
18.203.150.108
18.66.102.53
199.60.103.31
2001:4860:4802:34::36
2400:52e0:1e00::1081:1
2600:9000:2670:6e00:7:d7d6:3c40:93a1
2600:9000:275b:5600:2:7dc7:8f00:93a1
2606:2800:233:66b5:799a:7cd3:f74d:7071
2606:2c40::c73c:671f
2606:4700:10::6814:27d5
2606:4700:4400::6812:297c
2606:4700:4400::ac40:9310
2606:4700::6810:4869
2606:4700::6810:6efe
2606:4700::6810:7574
2606:4700::6810:7674
2606:4700::6811:180e
2606:4700::6811:80ac
2606:4700::6811:ae5b
2606:4700::6811:afc9
2606:4700::6812:1347
2606:4700::6812:8c11
2606:4700::6812:f06c
2620:1ec:21::14
2a00:1450:4001:800::200a
2a00:1450:4001:80b::2008
2a00:1450:4001:811::2002
2a00:1450:400c:c00::9c
2a02:26f0:3500:10::210:a9a
2a03:2880:f176:181:face:b00c:0:25de
3.126.181.126
34.107.133.146
34.111.208.231
54.156.211.30
54.158.153.5
0162462a1596df2c511e2121d2e9461d0c5428d003222afa704ad0905285de47
0200a7698afae38e9385f59706f2c5966fcd943aec1b0d47597fb65f319fa2b0
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
1220bdf087a7b3b0f068e1dc2422c361ef11cf999ff8ea343573d9e5a7c19bdc
173460e89e6a7244218badae2016f65c48a3eae9d400802273eeca18b07336f1
1ba3e04dc2c81134d261f4672efe516c36e7eed4d9da96e82667f055b276bd68
1c5f683908c190d5f9f618337d8d7c586d735f1ace24afdc81208dbf52a5f45c
1f7e31b5094eaba804e8c52b36200eb5ac94cb0b03979a2bed47fc19fcc1a1ba
1fbec94ad9621a43267c401bb53db7e0605c1a5fb4b666a613356bee7cb84d81
2039d204f18247df88a0f132f35fe67f9e52ee7268515ead1647c611f737ba07
20fd0cba2e4f9cf703f731eb958f5b45bb3170edbe99216cb91b27ce8b7477b6
21b4725e42948eeab21e8cf6f0affb63ebc065012b4c7dff779e428ebd33a814
224497d47c9f0b3603b8e822221c6f96128d1ae8a51ee4cf563d305d7636bd72
2408c002d9aa33f835f3d468e5ace993a1c12f6a0c09b4023b633387d5d7fff3
2c304da20239ac2bf31e51fdac55d583eda51d17ba8a1d3a646bff6f3d2dac04
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
3082df389b7e7f0df5792063851476de56ff133dbb9af89ecf00666bbe9c73ec
3437637c88e40ab5f57b1e37129d03ebb7594a6fc8ea56061284c93f8088beb8
356bb4bf2245a68ee5de5732b5574260dd2016a2c3987e17ad97fb2586a883d1
3895ab8d362b012eae1b2f012addbab6b496d592d17d73a9a8485af2444fb1e5
38be945806c4060aed4bbd54257f42345603271d5a4c9fd1ea7d018092b77e5a
3a4850f556812a808a87669edcc26eecd8abc3e0a35178b57e9049c4271c9117
3c66f537de497e2306014e30c269b7d65e0671eec4b25e53120de90d627100f5
3d0faa1510d3999ee6ce630052e0f8c562acc8b69380ceb4e7f812aaa4c5303f
3d90d199030c5ae24a21d47b53d7548f1dd4e799494a67ef4fcb3a7f4abc60fe
3d93d5144aa92ce528b62411b356b19acf53b1d20b2600f4daa2ae1e0ec6f6d6
3dd258baa6cbc14c2a6a22803337f584d9fd08907952e766c0d33527d9ae302c
3fc6f43f8d589a8e68a0242c1b868cc5219f5bd368d1b960af52716a8541dfec
3fddc6d28aba3c13d64cfd4847c333ff48c71d4a5a58bd1a0494ca6ae8ac1bb4
401925a1114f7003121630392768d35516be54a4028f01024528aeae99a45a56
40943198e5e26cbcf474c1ed0846442abc4398198117de5251a8840fb421cd13
426e16d014775c77916610f675f58880874c645817ed26d01873dde3466e6007
42c7e51d284cd7256caf3bfebf641141876657ea0d6e5588ac7e69dce1e9cf7e
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44bc30322b395963cf09e8fb1bee4d07e58d60599a82c4e821cf89ed36d0b786
46c7b6ee01c236fd8d98d0b7c8f00fba85340c3432932e624d44f7663aef8513
47437aff3fa69a45a21004a9e4da120d5a12d61b853df4226587f9d3443b3856
48ba1993011db4834882d81b2153753437607292f704a6543d4466c0f6d1372a
49a19088059cbcf9b342b648af5ecf0d0f664b34a576c05270068479ea088eba
4a007af67f716c30c8848ab0ad0bfaab8a5fcf3e36dedf918b59c9429d522440
4c1113b143de12d58d3771cbddb3a4e7c76580a89ea241479cc9bd5288fd2fd0
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
4dfd5527da83604d3337f60fa00d7aedfd8020fb48c376777dc573c83110668e
4e0a2edf9cc6b61a6576a95fe791ac7b4470577d68e0cc738a2f90d2d6416589
578fdbf648a09173cbc60ac70428e066f9c77b463cb04f79c86c4448e2b9e699
5d554121551df68e414c85920b6541d2e92251a189ff19a4b1f8dffe97ce1cb5
636ecb5784f08327b02a785d4bbd25f44b0eeb98b3a8391ec47c0af6b87554a8
69258fea8ac8eaae4518520a5ff969c31a4d83ba722d7d13ca260e462d538a6b
69df84d5e1d0f3d6789177fde1307841293c2b79c88f96151e5c13d5a8b1e1b7
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b011f48059b6591b0d266a9abdf45d9263e702059d29a207e770ddb87b49c72
6b0fdaa32feffbdbd15bda3619624e0aa8e1d647fd720e31b7645654e7fb551e
6cb079eb01e730c435ef0b80f62f636245fa0f8f0e86c144935e42a8dd12a545
6efc82fc06418713bde2d45d6d3fc18db88c9bf93c8bde58543f4f220a50d34e
71815070cf1baa5e8fe6694ab489c18374703c8fb1e11700f2530ccb8fb32d33
723fbf8d73cd4e75f64f7d21558585aa1658b11332e87bd288f6987e398ecfb4
7336afe3d92703a1b35e780301c688426c74d5a8c3d9cd1794d3370d763e58d3
75c1b7496ebe11648cb9e8024e480b625eedd00fd058e3dba4a06673ef20e0c6
76a0ba788a9e1c9a498af794e2cb82d3133d31b4492540c0f7984e1c74421669
76dd9ffb1b604b0ad3f128d2fe014cc22f934ed40ae792ef9b4600a17866aeb2
77080938572095bddc311784e1c284e7cd12268f46946aff94d04a43a53dffc9
7fe2cb1527f99acc0618e80a9e62ef095c80eec4ba411d58e5faa1b9ec516bf6
8178a23344ec8e9b3f599125e10c07ec57bd94f1790a8b5b04f16d11747faded
863886e2347be57cf71d7ed3fc614593e94bbce61858cd8c0761ba7a78d2ace4
86687f3e5f5afdcf3625c8dde9300bb27a5715ae747f119a1a4c8f89064c254c
88410d8cbdcb2030b305402df0ecf59d38fc5b33c92337d8c4a642f1784d8a12
89bf8cdea73ce776d6b81d03837bc7f04af5e3946b839a3c0bfbf3094ad3f7be
8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed
8c2aedcef33401bf99f0ac5cc335423d2bfb1edb20e5bbf2bddcc24fdc728421
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8e7902d12bed414b23fd30c7019fc0fe08d03b14984beb21e486aaa59135f803
91be5f9284c0501b4dab3d49539ac1daafc9b64f5104031572cee4791d4db562
939c1b1420c9dcd654cf23e16482d791454288ca4ff1059fb8839412cc29b2a5
9b34472454a67e2705d29014c5ea272cddec174db345229c373857be332f2fc9
9ec3c84e8019f979befe03094b124908c617d66036668dade9e8edf77b239924
9eca9cd8976d44f3a71fccbaa9b2c0e343611b00738a1cd4b44f8d48c532f493
9f04b9db4570a8f016c3b42727fd56b2e8779876c8f6ee5fdcfabb4df25eb48b
aa011ed383cb780028a85caaa0dda67dce19b0f4bc596f4f708d1857015c1362
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
abd611420c0557b18c6fbd0dd66eb643fc3298fbaccd15e0a2ba9fdf78f2ca72
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad5d4193328e2083398686d67b7e67b9d7ab9b935d745746d186c33d07bf4a65
ae0393f48f5412e3124cafc47dd3e8b7bd39a6eb1f2517883c8b175df4df6334
afebc654252e2e6725166fd88386decd2d62cbae24cf76f93af01051afcd22bf
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b24536168c724b20d776f3fcef84511dd5986de04f1aafba6d219bf1d73fec08
b28f2758dd0c48fa0e8e33ccfee02f1b581b93484aae2af63190df3d4bcc068f
b364babb52cb930beb7e5e61f549d739c155b2f8a24415bb8b401b0d6cb3eddb
b3e8357cc1fe184a45255c2831770245aa454c3e957dfe3df6a0ee789ac77e01
ba5d279dfeb14b2aee4a840c027735d34e2459f6829fb0ea682153300fde54c5
ba7dc0cc2741341a8134b4446d67e2068ac2c211a9f774c92d55ce3a6b32220d
bdb17dbb3eb2f9a26dc0c33535af1d64aef891de84678432ff9ce4164dee0129
bdd1d266ae01452fc70f49bd77332953f6c48465656b6060852062924a0f7e6f
be3950dab42791bb50d60a09c80869ba8c86f7dab74eff23b91a365d0c710831
be96a16025bfbe78bed5a7475f5877696f919dcf9b37939866f8c2d47af7976c
c1eec6939693de2560a7cd2cb9bd833745efddbaa9887d4fa32464c44a3fbd33
c8dfa70f0dccd44f1f69659a7d4715aef17d48c4a8f88d4868b919fc9aabb453
c8f61ff99bdb7078fb9a587059822d308fa9f3e5f9765101876426ab9c4363cc
c9492eab132c2db0eaef81fea1bb719d8e3f5a11a32f7ebeeea5af202cd4e5c7
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
cb5224674e43d02db0037517f4aa29ba5ce9ddd0672e513cc7289714ba657522
ced6b77df208559dcdb6dbd28c53a78aac17dfe25efc148f039e936bdce25aa7
cf1cb8930dbca6515121d94c81df4c6b2567c5021435ab4ac683abfc51768ec5
cf1d86ae566e620f5f69c4627e1859d61567555afbc78c397876cde4760c7dad
cf3e0ecae28a70c5e010c24c160321243efe54f497d49a6a8f31ca12ee7eb972
d00e54d87cce777c78c59c446e01bc3bcaabca266daa6463181dd527c98738e9
d0b1cb1455ecf8ab5a7eb203460cc7ff790df097c5907eb3d27ff7344282517e
d19d09e24c8a6da58f2db0561d49f8719a08c9d80561578116bf155a615bd98a
d27825196ad091987820f3ead157595d5a5e482b8849982da00b9395a6f590bb
d2d09c4a39acf0339c9697b5837fec5bb2bfb9f92677ac2133640b900f91925c
d44882ab82adeef2856a0d52fb54bb70e472be45d50aa3a16b4cb39223391a99
d4d476694bb5382da2de611b3b716fbed22fcd64d18753111b6d15a28667fd24
d7c2ddb591f4a579e867624a9ac11234ee3b7ef13f41c743088d4b4d723b8461
d9ea8a8cab935e18796b1a064b1644c0f5db2d967a60e5f7cb8b37066b2399a4
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
df4046988638fbeffc42c1cdef8173da32fdfac013160c034c4acc5f93be0388
e1fda34133ef19f71d722d57ff8616295c0b5d2a057fc006eabd891b09609a61
e376097f5d443b3a750b0d1f1b78717d58b819501aef3fdac38403290d617072
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4f3b78618fa55f7ec82536c41128173beae61a3a8922502416be4ee4fbd2c6f
e5b1ceffda14543118fcc1d2d886fa5049d579ef1d139a7e94efbe9368fa9235
e7902b56545718b3f9dcc015b4acab60270239d559b0adaae9e5c81dd95a89a1
e87978b552cbe6214a20f0be6d366b9ffb523989bfbeb46f49852d3d961adad7
e87be82092a8e1a5544ef566ba1a636162eecb31e33095c6f17eb06c87cc2efb
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f16a9696b3176614d3fe439def6fd9754fd489877999517b99b3b2f265cb7990
f1d760682f66979c85193208c7d10daddd5d3e74c6c148bef442a203d330cb22
f212e942ac33fd93669f03a55e2c0192224cdb6870b376fac8d3c5255cd01225
f322afdaf7184e4ddd7fca589f89cdd7e2e2721dffbf8abed7cb1eca88b0915f
f3d8c648b4ec40e2369730c552db76ad40994c6dd489ff87b28f6fc1ea2ced96
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fb56af9f7623a55839dfb9cf019b05664a62e1b41671d925f3ed587c506443b5
ff9e67f6d9b08402c790b1e6dec2c83e721141841291c9ba47671c9c7eb82599