urlscan.io logo urlscan.io
SecurityTrails logo

blog.kandji.io Open in urlscan Pro
199.60.103.29  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://email.kandji.io/e3t/Ctc/ZS+113/cC6HP04/VWqgBP73WT4TN6R71kv1L-BfW8LzBkh5dFt9FN2QYvzF3l5QzW6N1vHY6lZ3lHW2GglnH5wps...
Effective URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjz...
Submission: On May 06 via manual from IT — Scanned from IT
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 25 IPs in 3 countries across 22 domains to perform 86 HTTP transactions. The main IP is 199.60.103.29, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is blog.kandji.io.
TLS certificate: Issued by E1 on March 11th 2024. Valid for: 3 months.
This is the only time blog.kandji.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 2 199.60.103.227 209242 (CLOUDFLAR...)
22 199.60.103.29 209242 (CLOUDFLAR...)
1 13.32.27.103 16509 (AMAZON-02)
11 104.19.178.52 13335 (CLOUDFLAR...)
11 104.16.117.116 13335 (CLOUDFLAR...)
1 104.17.172.91 13335 (CLOUDFLAR...)
5 142.250.181.232 15169 (GOOGLE)
3 172.64.146.132 13335 (CLOUDFLAR...)
1 104.18.32.137 13335 (CLOUDFLAR...)
1 172.64.153.27 13335 (CLOUDFLAR...)
1 104.17.128.172 13335 (CLOUDFLAR...)
1 104.16.160.168 13335 (CLOUDFLAR...)
6 52.45.196.192 14618 (AMAZON-AES)
2 104.18.80.204 13335 (CLOUDFLAR...)
3 216.239.32.36 15169 (GOOGLE)
1 173.194.76.154 15169 (GOOGLE)
3 142.250.185.131 15169 (GOOGLE)
1 104.18.240.108 13335 (CLOUDFLAR...)
1 2.21.20.139 20940 (AKAMAI-ASN1)
1 2 142.250.185.162 15169 (GOOGLE)
2 2 216.58.206.66 15169 (GOOGLE)
2 2 142.250.184.228 15169 (GOOGLE)
3 5 13.107.42.14 8068 (MICROSOFT...)
2 157.240.253.1 32934 (FACEBOOK)
1 157.240.252.35 32934 (FACEBOOK)
1 204.79.197.237 8068 (MICROSOFT...)
86 25
2    199.60.103.227 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
email.kandji.io
22    199.60.103.29 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
blog.kandji.io
1    13.32.27.103 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-103.fra56.r.cloudfront.net
ob.testrobotflower.com
11    104.19.178.52 (None, )

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
11    104.16.117.116 (None, )

ASN13335 (CLOUDFLARENET, US)
no-cache.hubspot.com
app.hubspot.com
track.hubspot.com
1    104.17.172.91 (None, )

ASN13335 (CLOUDFLARENET, US)
static.hsappstatic.net
5    142.250.181.232 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f8.1e100.net
www.googletagmanager.com
3    172.64.146.132 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)
5058330.fs1.hubspotusercontent-na1.net
1    104.18.32.137 (None, )

ASN13335 (CLOUDFLARENET, US)
geolocation.onetrust.com
1    172.64.153.27 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-banner.com
1    104.17.128.172 (None, )

ASN13335 (CLOUDFLARENET, US)
js.hsadspixel.net
1    104.16.160.168 (None, )

ASN13335 (CLOUDFLARENET, US)
js.hs-analytics.net
6    52.45.196.192 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-45-196-192.compute-1.amazonaws.com
obs.testrobotflower.com
2    104.18.80.204 (None, )

ASN13335 (CLOUDFLARENET, US)
forms.hsforms.com
forms-na1.hsforms.com
3    216.239.32.36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
1    173.194.76.154 (United States)

ASN15169 (GOOGLE, US)
PTR: ws-in-f154.1e100.net
stats.g.doubleclick.net
3    142.250.185.131 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f3.1e100.net
www.google.it
1    104.18.240.108 (None, )

ASN13335 (CLOUDFLARENET, US)
api.hubapi.com
1    2.21.20.139 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-21-20-139.deploy.static.akamaitechnologies.com
snap.licdn.com
2    142.250.185.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s51-in-f2.1e100.net
www.googleadservices.com
2    216.58.206.66 (United States)

ASN15169 (GOOGLE, US)
PTR: mil07s08-in-f2.1e100.net
googleads.g.doubleclick.net
2    142.250.184.228 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f4.1e100.net
www.google.com
5    13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
www.linkedin.com
2    157.240.253.1 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-fra5.fbcdn.net
connect.facebook.net
1    157.240.252.35 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-fra3.facebook.com
www.facebook.com
1    204.79.197.237 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
Apex Domain
Subdomains		 Transfer
24 kandji.io
email.kandji.io
blog.kandji.io
514 KB
11 hubspot.com
no-cache.hubspot.com — Cisco Umbrella Rank: 12774 Failed
app.hubspot.com — Cisco Umbrella Rank: 5794
track.hubspot.com — Cisco Umbrella Rank: 2393
11 KB
11 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 312
162 KB
7 testrobotflower.com
ob.testrobotflower.com — Cisco Umbrella Rank: 364650
obs.testrobotflower.com — Cisco Umbrella Rank: 301542
40 KB
5 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 338
www.linkedin.com — Cisco Umbrella Rank: 619
3 KB
5 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 3095
www.google.com — Cisco Umbrella Rank: 2
372 B
5 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
497 KB
3 google.it
www.google.it — Cisco Umbrella Rank: 27048
670 B
3 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 89
googleads.g.doubleclick.net — Cisco Umbrella Rank: 35
292 B
3 hubspotusercontent-na1.net
5058330.fs1.hubspotusercontent-na1.net
215 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 183
72 KB
2 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 126
2 KB
2 hsforms.com
forms.hsforms.com — Cisco Umbrella Rank: 4333
forms-na1.hsforms.com — Cisco Umbrella Rank: 6937
2 KB
1 bing.com
bat.bing.com — Cisco Umbrella Rank: 345
13 KB
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 101
274 B
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 803
17 KB
1 hubapi.com
api.hubapi.com — Cisco Umbrella Rank: 3473
1 KB
1 hs-analytics.net
js.hs-analytics.net — Cisco Umbrella Rank: 2225
21 KB
1 hsadspixel.net
js.hsadspixel.net — Cisco Umbrella Rank: 3146
4 KB
1 hs-banner.com
js.hs-banner.com — Cisco Umbrella Rank: 2189
23 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 533
318 B
1 hsappstatic.net
static.hsappstatic.net — Cisco Umbrella Rank: 5709
6 KB
86 22
Domain Requested by
22 blog.kandji.io email.kandji.io
blog.kandji.io
cdn2.hubspot.net
11 cdn.cookielaw.org blog.kandji.io
cdn.cookielaw.org
8 track.hubspot.com
6 obs.testrobotflower.com ob.testrobotflower.com
blog.kandji.io
5 www.googletagmanager.com blog.kandji.io
www.googletagmanager.com
js.hsadspixel.net
4 px.ads.linkedin.com 2 redirects blog.kandji.io
snap.licdn.com
3 www.google.it blog.kandji.io
3 region1.analytics.google.com www.googletagmanager.com
3 5058330.fs1.hubspotusercontent-na1.net blog.kandji.io
2 connect.facebook.net js.hsadspixel.net
connect.facebook.net
2 www.google.com 2 redirects
2 googleads.g.doubleclick.net 2 redirects
2 www.googleadservices.com 1 redirects www.googletagmanager.com
2 no-cache.hubspot.com blog.kandji.io
2 email.kandji.io 1 redirects
1 bat.bing.com www.googletagmanager.com
1 www.facebook.com
1 www.linkedin.com 1 redirects
1 snap.licdn.com js.hsadspixel.net
1 api.hubapi.com js.hsadspixel.net
1 stats.g.doubleclick.net www.googletagmanager.com
1 forms-na1.hsforms.com blog.kandji.io
1 forms.hsforms.com blog.kandji.io
1 js.hs-analytics.net blog.kandji.io
1 js.hsadspixel.net blog.kandji.io
1 js.hs-banner.com blog.kandji.io
1 app.hubspot.com blog.kandji.io
1 geolocation.onetrust.com cdn.cookielaw.org
1 static.hsappstatic.net blog.kandji.io
1 ob.testrobotflower.com blog.kandji.io
86 30
Subject Issuer Validity Valid
email.kandji.io
E1		 2024-03-11 -
2024-06-09		 3 months crt.sh
blog.kandji.io
E1		 2024-03-11 -
2024-06-09		 3 months crt.sh
*.testrobotflower.com
Amazon RSA 2048 M02		 2023-07-18 -
2024-08-16		 a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3		 2024-03-01 -
2024-12-31		 10 months crt.sh
hubspot.com
Cloudflare Inc ECC CA-3		 2024-01-06 -
2024-12-31		 a year crt.sh
hsappstatic.net
E1		 2024-03-10 -
2024-06-08		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2024-04-16 -
2024-07-09		 3 months crt.sh
hubspotusercontent-na1.net
Cloudflare Inc ECC CA-3		 2023-12-26 -
2024-12-25		 a year crt.sh
onetrust.com
Cloudflare Inc ECC CA-3		 2023-11-13 -
2024-11-12		 a year crt.sh
hs-banner.com
E1		 2024-04-01 -
2024-06-30		 3 months crt.sh
hsadspixel.net
E1		 2024-04-16 -
2024-07-15		 3 months crt.sh
hs-analytics.net
GTS CA 1P5		 2024-04-13 -
2024-07-12		 3 months crt.sh
hsforms.com
GTS CA 1P5		 2024-04-17 -
2024-07-16		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2024-04-16 -
2024-07-09		 3 months crt.sh
*.google.it
GTS CA 1C3		 2024-04-16 -
2024-07-09		 3 months crt.sh
hubapi.com
E1		 2024-05-04 -
2024-08-02		 3 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA		 2023-12-13 -
2024-12-12		 a year crt.sh
*.googleadservices.com
GTS CA 1C3		 2024-04-16 -
2024-07-09		 3 months crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA		 2024-01-30 -
2024-07-30		 6 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-02-13 -
2024-05-13		 3 months crt.sh
www.bing.com
Microsoft Azure TLS Issuing CA 02		 2024-05-01 -
2024-06-27		 2 months crt.sh

This page contains 1 frames:

Primary Page: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Frame ID: 2A11EAE5C5629637EF00719F088F80B8
Requests: 86 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware

Page URL History Show full URLs

  1. https://email.kandji.io/e3t/Ctc/ZS+113/cC6HP04/VWqgBP73WT4TN6R71kv1L-BfW8LzBkh5dFt9FN2QYvzF3l5QzW6N1... Page URL
  2. https://email.kandji.io/events/public/v1/encoded/track/tc/ZS+113/cC6HP04/VWqgBP73WT4TN6R71kv1L-BfW8L... HTTP 307
    https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • js\.hs-analytics\.net/analytics
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js
Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js

Page Statistics

86
Requests

93 %
HTTPS

0 %
IPv6

22
Domains

30
Subdomains

25
IPs

3
Countries

1601 kB
Transfer

4169 kB
Size

30
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://email.kandji.io/e3t/Ctc/ZS+113/cC6HP04/VWqgBP73WT4TN6R71kv1L-BfW8LzBkh5dFt9FN2QYvzF3l5QzW6N1vHY6lZ3lHW2GglnH5wpsmkW4nPXvK8ZvgKlW3T20sg51-mxVVLRyS34PKQYkW5mFSCn6QBQ9VW73sPTl2TryRNW905C5G6CMFBQW3fJG4L4nPnzzW7BVB7R8Pjl4-W6lPm8d3yb04XW36LNWk370_y9W4V3dZ09fwGfsW1Z3gKY3qSCyyW8z2bzR6s5RNdW2S0DWs7P_DC7W6yBNgl5V-FgPW5jH_ww2TDmF6W7CS3-H8gpHgVN5b7FCnhWb5wW97_vVT4ZXjBgW5GNlf51nlr4FW1sPpgZ5sjFfDf8yQVCd04 Page URL
  2. https://email.kandji.io/events/public/v1/encoded/track/tc/ZS+113/cC6HP04/VWqgBP73WT4TN6R71kv1L-BfW8LzBkh5dFt9FN2QYvzF3l5QzW6N1vHY6lZ3lHW2GglnH5wpsmkW4nPXvK8ZvgKlW3T20sg51-mxVVLRyS34PKQYkW5mFSCn6QBQ9VW73sPTl2TryRNW905C5G6CMFBQW3fJG4L4nPnzzW7BVB7R8Pjl4-W6lPm8d3yb04XW36LNWk370_y9W4V3dZ09fwGfsW1Z3gKY3qSCyyW8z2bzR6s5RNdW2S0DWs7P_DC7W6yBNgl5V-FgPW5jH_ww2TDmF6W7CS3-H8gpHgVN5b7FCnhWb5wW97_vVT4ZXjBgW5GNlf51nlr4FW1sPpgZ5sjFfDf8yQVCd04?_ud=764e9629-8d47-492c-8e48-8d8062a038b1&_jss=1&_fl=8&_pl=5&_hc=17&_lg=en-US,en&_plt=Win32&_scr=1600,1200 HTTP 307
    https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 53
  • https://www.googleadservices.com/pagead/conversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0 HTTP 302
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0&ct_cookie_present=false&random=1379474090&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAg&pscrd=IhMI-MGAuND4hQMVr02kBB0uEwpAMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs68AFodHRwczovL2Jsb2cua2FuZGppLmlvL21hbHdhcmUtY3Vja29vLWluZm9zdGVhbGVyLXNweXdhcmU_dXRtX21lZGl1bT1lbWFpbCZfaHNlbmM9cDJBTnF0ei05akRzckZOZGQ5ZE5yTkRKRllLZ1F2VnZlZklqemdIcTU1UlRqM3ZDa0FybHoyY0JyOHBETE5WbE0xX3p5TmVfU2p5cFowTzJfSElKb2JSMzh2WU96UEpmaGJFZyZfaHNtaT0zMDU1MjI1NjQmdXRtX2NvbnRlbnQ9MzA1NTIyNTY0JnV0bV9zb3VyY2U9aHNfZW1haWw HTTP 302
  • https://www.google.com/pagead/1p-conversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0&ct_cookie_present=false&random=1379474090&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAg&pscrd=IhMI-MGAuND4hQMVr02kBB0uEwpAMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs68AFodHRwczovL2Jsb2cua2FuZGppLmlvL21hbHdhcmUtY3Vja29vLWluZm9zdGVhbGVyLXNweXdhcmU_dXRtX21lZGl1bT1lbWFpbCZfaHNlbmM9cDJBTnF0ei05akRzckZOZGQ5ZE5yTkRKRllLZ1F2VnZlZklqemdIcTU1UlRqM3ZDa0FybHoyY0JyOHBETE5WbE0xX3p5TmVfU2p5cFowTzJfSElKb2JSMzh2WU96UEpmaGJFZyZfaHNtaT0zMDU1MjI1NjQmdXRtX2NvbnRlbnQ9MzA1NTIyNTY0JnV0bV9zb3VyY2U9aHNfZW1haWw&is_vtc=1&cid=CAQSGwB7FLtqZVLIh41F6FxFHml1XhqqVYLO4mGuXA&random=786467031 HTTP 302
  • https://www.google.it/pagead/1p-conversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0&ct_cookie_present=false&random=1379474090&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAg&pscrd=IhMI-MGAuND4hQMVr02kBB0uEwpAMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs68AFodHRwczovL2Jsb2cua2FuZGppLmlvL21hbHdhcmUtY3Vja29vLWluZm9zdGVhbGVyLXNweXdhcmU_dXRtX21lZGl1bT1lbWFpbCZfaHNlbmM9cDJBTnF0ei05akRzckZOZGQ5ZE5yTkRKRllLZ1F2VnZlZklqemdIcTU1UlRqM3ZDa0FybHoyY0JyOHBETE5WbE0xX3p5TmVfU2p5cFowTzJfSElKb2JSMzh2WU96UEpmaGJFZyZfaHNtaT0zMDU1MjI1NjQmdXRtX2NvbnRlbnQ9MzA1NTIyNTY0JnV0bV9zb3VyY2U9aHNfZW1haWw&is_vtc=1&cid=CAQSGwB7FLtqZVLIh41F6FxFHml1XhqqVYLO4mGuXA&random=786467031&ipr=y
Request Chain 58
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1329610&time=1714984853759&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1329610&time=1714984853759&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&cookiesTest=true HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1329610%26time%3D1714984853759%26url%3Dhttps%253A%252F%252Fblog.kandji.io%252Fmalware-cuckoo-infostealer-spyware%253Futm_medium%253Demail%2526_hsenc%253Dp2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg%2526_hsmi%253D305522564%2526utm_content%253D305522564%2526utm_source%253Dhs_email%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1329610&time=1714984853759&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&cookiesTest=true&liSync=true
Request Chain 59
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/781421631/?random=1588862562&cv=11&fst=1714984853753&bg=ffffff&guid=ON&async=1&gtm=45be4510v885711243za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&label=1lluCKXMhqUZEL-YzvQC&hn=www.googleadservices.com&frm=0&tiba=Malware%3A%20Cuckoo%20Behaves%20Like%20Cross%20Between%20Infostealer%20and%20Spyware&did=dZTQ1Zm&gdid=dZTQ1Zm&gtm_ee=1&npa=1&pscdl=noapi&auid=1216541928.1714984854&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&ec_mode=a&fdr=SA&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&sscte=1&crd=CJW3sQIIscGxAgiwwbECCLnBsQIIl8GxAg&pscrd=IhMIhMOEuND4hQMVLFOkBB2U_g_2MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs68AFodHRwczovL2Jsb2cua2FuZGppLmlvL21hbHdhcmUtY3Vja29vLWluZm9zdGVhbGVyLXNweXdhcmU_dXRtX21lZGl1bT1lbWFpbCZfaHNlbmM9cDJBTnF0ei05akRzckZOZGQ5ZE5yTkRKRllLZ1F2VnZlZklqemdIcTU1UlRqM3ZDa0FybHoyY0JyOHBETE5WbE0xX3p5TmVfU2p5cFowTzJfSElKb2JSMzh2WU96UEpmaGJFZyZfaHNtaT0zMDU1MjI1NjQmdXRtX2NvbnRlbnQ9MzA1NTIyNTY0JnV0bV9zb3VyY2U9aHNfZW1haWw HTTP 302
  • https://www.google.com/pagead/1p-conversion/781421631/?random=1588862562&cv=11&fst=1714984853753&bg=ffffff&guid=ON&async=1&gtm=45be4510v885711243za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&label=1lluCKXMhqUZEL-YzvQC&hn=www.googleadservices.com&frm=0&tiba=Malware%3A%20Cuckoo%20Behaves%20Like%20Cross%20Between%20Infostealer%20and%20Spyware&did=dZTQ1Zm&gdid=dZTQ1Zm&gtm_ee=1&npa=1&pscdl=noapi&auid=1216541928.1714984854&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&ec_mode=a&fdr=SA&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&sscte=1&crd=CJW3sQIIscGxAgiwwbECCLnBsQIIl8GxAg&pscrd=IhMIhMOEuND4hQMVLFOkBB2U_g_2MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs68AFodHRwczovL2Jsb2cua2FuZGppLmlvL21hbHdhcmUtY3Vja29vLWluZm9zdGVhbGVyLXNweXdhcmU_dXRtX21lZGl1bT1lbWFpbCZfaHNlbmM9cDJBTnF0ei05akRzckZOZGQ5ZE5yTkRKRllLZ1F2VnZlZklqemdIcTU1UlRqM3ZDa0FybHoyY0JyOHBETE5WbE0xX3p5TmVfU2p5cFowTzJfSElKb2JSMzh2WU96UEpmaGJFZyZfaHNtaT0zMDU1MjI1NjQmdXRtX2NvbnRlbnQ9MzA1NTIyNTY0JnV0bV9zb3VyY2U9aHNfZW1haWw&is_vtc=1&cid=CAQSGwB7FLtqXd4z10gc_l-9pUIdAwFFdSy-spSW0g&random=1605115005 HTTP 302
  • https://www.google.it/pagead/1p-conversion/781421631/?random=1588862562&cv=11&fst=1714984853753&bg=ffffff&guid=ON&async=1&gtm=45be4510v885711243za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&label=1lluCKXMhqUZEL-YzvQC&hn=www.googleadservices.com&frm=0&tiba=Malware%3A%20Cuckoo%20Behaves%20Like%20Cross%20Between%20Infostealer%20and%20Spyware&did=dZTQ1Zm&gdid=dZTQ1Zm&gtm_ee=1&npa=1&pscdl=noapi&auid=1216541928.1714984854&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&ec_mode=a&fdr=SA&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&sscte=1&crd=CJW3sQIIscGxAgiwwbECCLnBsQIIl8GxAg&pscrd=IhMIhMOEuND4hQMVLFOkBB2U_g_2MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs68AFodHRwczovL2Jsb2cua2FuZGppLmlvL21hbHdhcmUtY3Vja29vLWluZm9zdGVhbGVyLXNweXdhcmU_dXRtX21lZGl1bT1lbWFpbCZfaHNlbmM9cDJBTnF0ei05akRzckZOZGQ5ZE5yTkRKRllLZ1F2VnZlZklqemdIcTU1UlRqM3ZDa0FybHoyY0JyOHBETE5WbE0xX3p5TmVfU2p5cFowTzJfSElKb2JSMzh2WU96UEpmaGJFZyZfaHNtaT0zMDU1MjI1NjQmdXRtX2NvbnRlbnQ9MzA1NTIyNTY0JnV0bV9zb3VyY2U9aHNfZW1haWw&is_vtc=1&cid=CAQSGwB7FLtqXd4z10gc_l-9pUIdAwFFdSy-spSW0g&random=1605115005&ipr=y

86 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
VWqgBP73WT4TN6R71kv1L-BfW8LzBkh5dFt9FN2QYvzF3l5QzW6N1vHY6lZ3lHW2GglnH5wpsmkW4nPXvK8ZvgKlW3T20sg51-mxVVLRyS34PKQYkW5mFSCn6QBQ9VW73sPTl2TryRNW905C5G6CMFBQW3fJG4L4nPnzzW7BVB7R8Pjl4-W6lPm8d3yb04XW36LNW...
email.kandji.io/e3t/Ctc/ZS+113/cC6HP04/ 		8 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://email.kandji.io/e3t/Ctc/ZS+113/cC6HP04/VWqgBP73WT4TN6R71kv1L-BfW8LzBkh5dFt9FN2QYvzF3l5QzW6N1vHY6lZ3lHW2GglnH5wpsmkW4nPXvK8ZvgKlW3T20sg51-mxVVLRyS34PKQYkW5mFSCn6QBQ9VW73sPTl2TryRNW905C5G6CMFBQW3fJG4L4nPnzzW7BVB7R8Pjl4-W6lPm8d3yb04XW36LNWk370_y9W4V3dZ09fwGfsW1Z3gKY3qSCyyW8z2bzR6s5RNdW2S0DWs7P_DC7W6yBNgl5V-FgPW5jH_ww2TDmF6W7CS3-H8gpHgVN5b7FCnhWb5wW97_vVT4ZXjBgW5GNlf51nlr4FW1sPpgZ5sjFfDf8yQVCd04
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept-Language
it-IT,it;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-credentials
false
alt-svc
h3=":443"; ma=86400
cf-cache-status
MISS
cf-ray
87f7aafc893e5232-MXP
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html;charset=utf-8
date
Mon, 06 May 2024 08:40:52 GMT
last-modified
Mon, 06 May 2024 08:40:52 GMT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=V0pvuLyzAtO9%2F0sEB6SLOhpqyDHVtvtLEI8iFrpwsEvqq0SxI7Wg8V9nWneY1MSd6gc0Uk2gF86CexiXzhvslarMZ2cXY8%2BqNEtd1P6nIyxHjvpJMaXTrrKw9GXt%2Bna9DQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
origin, Accept-Encoding
x-content-type-options
nosniff
x-envoy-upstream-service-time
6
x-evy-trace-listener
listener_https
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-route-service-name
envoyset-translator
x-evy-trace-served-by-pod
iad02/event-tracking-td/envoy-proxy-544dd46489-7cxbk
x-evy-trace-virtual-host
all
x-hubspot-correlation-id
4d5e9833-4d61-48a6-bceb-6fdd5838be0c
x-request-id
4d5e9833-4d61-48a6-bceb-6fdd5838be0c
x-robots-tag
none
Primary Request malware-cuckoo-infostealer-spyware
blog.kandji.io/
Redirect Chain
  • https://email.kandji.io/events/public/v1/encoded/track/tc/ZS+113/cC6HP04/VWqgBP73WT4TN6R71kv1L-BfW8LzBkh5dFt9FN2QYvzF3l5QzW6N1vHY6lZ3lHW2GglnH5wpsmkW4nPXvK8ZvgKlW3T20sg51-mxVVLRyS34PKQYkW5mFSCn6QBQ...
  • https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=30552256...
162 KB
37 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Requested by
Host: email.kandji.io
URL: https://email.kandji.io/e3t/Ctc/ZS+113/cC6HP04/VWqgBP73WT4TN6R71kv1L-BfW8LzBkh5dFt9FN2QYvzF3l5QzW6N1vHY6lZ3lHW2GglnH5wpsmkW4nPXvK8ZvgKlW3T20sg51-mxVVLRyS34PKQYkW5mFSCn6QBQ9VW73sPTl2TryRNW905C5G6CMFBQW3fJG4L4nPnzzW7BVB7R8Pjl4-W6lPm8d3yb04XW36LNWk370_y9W4V3dZ09fwGfsW1Z3gKY3qSCyyW8z2bzR6s5RNdW2S0DWs7P_DC7W6yBNgl5V-FgPW5jH_ww2TDmF6W7CS3-H8gpHgVN5b7FCnhWb5wW97_vVT4ZXjBgW5GNlf51nlr4FW1sPpgZ5sjFfDf8yQVCd04
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
644edde68282b32d2ea7a7e94f0601801c8509b6bff2c7aff3c2e09ed3b25899
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Accept-Language
it-IT,it;q=0.9;q=0.9
Referer
https://email.kandji.io/e3t/Ctc/ZS+113/cC6HP04/VWqgBP73WT4TN6R71kv1L-BfW8LzBkh5dFt9FN2QYvzF3l5QzW6N1vHY6lZ3lHW2GglnH5wpsmkW4nPXvK8ZvgKlW3T20sg51-mxVVLRyS34PKQYkW5mFSCn6QBQ9VW73sPTl2TryRNW905C5G6CMFBQW3fJG4L4nPnzzW7BVB7R8Pjl4-W6lPm8d3yb04XW36LNWk370_y9W4V3dZ09fwGfsW1Z3gKY3qSCyyW8z2bzR6s5RNdW2S0DWs7P_DC7W6yBNgl5V-FgPW5jH_ww2TDmF6W7CS3-H8gpHgVN5b7FCnhWb5wW97_vVT4ZXjBgW5GNlf51nlr4FW1sPpgZ5sjFfDf8yQVCd04
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-credentials
false
alt-svc
h3=":443"; ma=86400
cache-control
s-maxage=7200,max-age=5
cache-tag
CT-159120097439,CT-163759176078,CT-165936097429,CT-27579410748,CG-6850365017,P-5058330,CW-127157693999,CW-95831149845,CW-95982514497,CW-95984958073,CW-96856054340,E-95659790937,E-95659796768,E-95659796773,E-95660243592,E-95660429163,E-95663097226,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-118553034663
cf-cache-status
MISS
cf-ray
87f7ab001c4b0d55-MXP
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html;charset=utf-8
date
Mon, 06 May 2024 08:40:52 GMT
edge-cache-tag
CT-159120097439,CT-163759176078,CT-165936097429,CT-27579410748,CG-6850365017,P-5058330,CW-127157693999,CW-95831149845,CW-95982514497,CW-95984958073,CW-96856054340,E-95659790937,E-95659796768,E-95659796773,E-95660243592,E-95660429163,E-95663097226,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-118553034663
last-modified
Mon, 06 May 2024 08:40:52 GMT
link
</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer-when-downgrade
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=svecqGd%2F%2FdZXhxV458XVFbOX3r8vF%2F4ZJnbMijxfLT3t19bp2Wp%2BtTP1chjAUgChvm4lM999TMbXGD0tdgciGRpuEUv5Z%2FzYkxXo8cqX%2B%2Fl0HHEgggsu26l4YMgsKfBQ"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
origin, Accept-Encoding
x-content-type-options
nosniff
x-envoy-upstream-service-time
123
x-evy-trace-listener
listener_https
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-route-service-name
envoyset-translator
x-evy-trace-served-by-pod
iad02/cms-30-39-td/envoy-proxy-5f8479db84-tx4mf
x-evy-trace-virtual-host
all
x-hs-cache-config
BrowserCache-5s-EdgeCache-7200s
x-hs-content-id
165936097429
x-hs-hub-id
5058330
x-hubspot-correlation-id
a8757e9e-44bd-443c-9719-7497a96359bd
x-request-id
a8757e9e-44bd-443c-9719-7497a96359bd

Redirect headers

access-control-allow-credentials
false
alt-svc
h3=":443"; ma=86400
cf-cache-status
MISS
cf-ray
87f7aafe2bdc5232-MXP
content-security-policy
upgrade-insecure-requests
date
Mon, 06 May 2024 08:40:52 GMT
link
<https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email>; rel="canonical"
location
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=diYWtoUmhRUWUQ11F44K%2F4YBXs1ET3fBmXQDgwIpowGi6bnrqWwAjQ9%2FD5fgQqTY19FnllmY00KHvIj12J9HE1yyLo1I%2F%2BKijo97fSnX1CbxvWP9eY6O9K3VW6oPJXUAsg%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000
vary
origin, Accept-Encoding
x-content-type-options
nosniff
x-envoy-upstream-service-time
33
x-evy-trace-listener
listener_https
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-route-service-name
envoyset-translator
x-evy-trace-served-by-pod
iad02/event-tracking-td/envoy-proxy-544dd46489-kkc4j
x-evy-trace-virtual-host
all
x-hubspot-correlation-id
5504a406-3da9-4981-bcd4-959c771f2746
x-request-id
5504a406-3da9-4981-bcd4-959c771f2746
x-robots-tag
none
project.js
blog.kandji.io/hs/hsstatic/cos-i18n/static-1.53/bundles/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.kandji.io/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:52 GMT
strict-transport-security
max-age=31536000
via
1.1 032d5acf8b9877b36c8078e2a86a3836.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
4016583
x-amz-cf-pop
MXP63-P3
x-amz-server-side-encryption
AES256
x-amz-version-id
P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
content-encoding
br
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 09 Nov 2021 16:12:42 GMT
server
cloudflare
etag
W/"61ca66de658cab9587e4636894680d5d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BkwylMhqVFkvhm6frAeZoJAlV%2FzrGndmgQhhRNnrRqR%2FdOABViUNMYzITZtn2Cyo5zE8E51KLW145YREBHY8gIouJg%2FKLau%2ByTZpeee7dbuLvYiPeBVraAt6Zdq%2F5nKm"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
87f7ab02d9580d55-MXP
x-amz-cf-id
g7aV13gIRreP17-H83ceFqxmrwJ42vExRh50bjxJmIYmj5Xmf3fj6Q==
expires
Tue, 06 May 2025 08:40:52 GMT
v2.js
blog.kandji.io/_hcms/forms/ 		482 KB
160 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.kandji.io/_hcms/forms/v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f171db8dc0eb7cec86c84ceac278dbf2fbe33770334635a2703186d14f4828b2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
7
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5064/bundles/project-v2.js&cfRay=87f7aacec78b522e-MXP
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"b0047a8901d8ed9f81db3dcb5982114e"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=600, max-age=300
x-hs-target-asset
forms-embed/static-1.5064/bundles/project-v2.js
date
Mon, 06 May 2024 08:40:52 GMT
strict-transport-security
max-age=31536000
via
1.1 1f1067e4f193aaabd2c24b99bcdc4e88.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-amz-version-id
4lHA5dnNobe4YqKec9CE2kPtPUzRSBNR
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
5ee9c194-5a9a-4c28-a4a8-12fff453e437
x-cache
Hit from cloudfront
cache-tag
staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
10
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
5ee9c194-5a9a-4c28-a4a8-12fff453e437
last-modified
Wed, 03 Apr 2024 11:15:05 UTC
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rCG8m4Sxdb%2FRag8r2wMC%2B0WD8zJ2ZGBsjz1iwQy2bwOpa%2BDpzRvXxICPvQva6YJ2Ls6fVJO8lv5DnxKQzD97SxiT%2BmpHhzYRR%2FO1%2BUxlAbfCzoqO2Qbqoj%2FMFEpBJ8zW"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status
MISS
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-68b7f7fbff-rcvgx
cf-ray
87f7ab02d95e0d55-MXP
x-amz-cf-id
MmaGMMJxBw6nQnd4G1HluRBmovPSY-abA5B_NEw_tTaE3e3rRpR1ew==
130ddaec76c305292f6ec30ebef2d5ce.js
ob.testrobotflower.com/i/ 		102 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ob.testrobotflower.com/i/130ddaec76c305292f6ec30ebef2d5ce.js
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.27.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-27-103.fra56.r.cloudfront.net
Software
Caddy /
Resource Hash
d283751d00bb83e4a94384ffe42fff66fcb83c4c84b055dc0eecfbb1351eac9a

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 05 May 2024 21:15:31 GMT
content-encoding
gzip
via
1.1 95adda0bdbd310a1a9e4f54f540543e2.cloudfront.net (CloudFront)
server
Caddy
x-amz-cf-pop
FRA56-C2
age
41315
etag
"19756-ENz7GeJ5OacvINSh5pe3h6UYor4"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript; charset=utf-8
cache-control
max-age=43200
content-length
38099
x-amz-cf-id
7BInz6ImnFByAVpDc1O7_F6O3U699XVagYXDgELxthDSsdmqZumVPA==
expires
Mon, 06 May 2024 09:12:18 GMT
OtAutoBlock.js
cdn.cookielaw.org/consent/52104b08-403c-474b-8e63-8560d38d0080/ 		50 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/52104b08-403c-474b-8e63-8560d38d0080/OtAutoBlock.js
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.178.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cea95b67c69f3eadce6a5ae44f8c92cdc25d9ecfd4f1f07abddbcc5609508f9e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 06 May 2024 08:40:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
62622
content-md5
cZ3p4H6Oo0yMk5k3IdT0MQ==
content-length
6819
x-ms-lease-status
unlocked
last-modified
Thu, 15 Jun 2023 16:56:03 GMT
server
cloudflare
etag
0x8DB6DC167708395
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
f03b4817-801e-007c-75bf-17177c000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
87f7ab031a914be2-MXP
expires
Tue, 07 May 2024 08:40:53 GMT
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.178.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6f08699117c1f15f6d35e7b4380d12d18a1881f075e177b5853b1017a3307544
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 06 May 2024 08:40:52 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
cfMMgqnnnYda745QhUdJrw==
age
1
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
6882
x-ms-lease-status
unlocked
last-modified
Thu, 02 May 2024 18:04:40 GMT
server
cloudflare
etag
0x8DC6AD2569D1DB7
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
81aa8688-601e-0010-3e74-9d778f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
87f7ab031a924be2-MXP
expires
Tue, 07 May 2024 08:40:52 GMT
kandji.min.css
blog.kandji.io/hs-fs/hub/5058330/hub_generated/template_assets/95659790937/1714606602095/Kandji_December2022/css/ 		78 KB
15 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://blog.kandji.io/hs-fs/hub/5058330/hub_generated/template_assets/95659790937/1714606602095/Kandji_December2022/css/kandji.min.css
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
608854bc9b4ff57f231d9b41b1b325b4a987f48eb56f26d928868acd8a2f30dc
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
1676
x-amz-request-id
F9HPZSY13693H32D
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
PENDING
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"bf6969b4ed04d4ea3ce545ba141380ad"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1714606603151
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Mon, 06 May 2024 08:40:52 GMT
strict-transport-security
max-age=31536000
via
1.1 b5e757a7da6f6fe6261f56a8a9646880.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
YQfeRzRYCP7qf_TbRR4YQdYoWaIep.Mc
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
fccf68c1-8cca-44eb-b1ca-a20ae782e7c0
x-cache
Miss from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
192
alt-svc
h3=":443"; ma=86400
x-amz-id-2
iCaDhGep/cYFMzAK1kDnzm5YnoMUv88l3WY7SEHajJCwd3B6Ze+2FZOKIP0UYYHyCVGofDqAGic=
x-evy-trace-route-configuration
listener_https/all
x-request-id
fccf68c1-8cca-44eb-b1ca-a20ae782e7c0
last-modified
Wed, 01 May 2024 23:36:44 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uzIrNL9Wf6z1UAkTQkwJPurRIE2srCl7Zvn%2Bsc%2FyE%2BCAzLVOJkRBerm5YbGev%2Bm3suqv70XhMTbfmnWyCWGkkta6fWSQrS00txoUW31mMn%2Bvnc951ZKfer91HJMmL1iA"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-656644bdb-7mxgq
access-control-allow-credentials
false
cf-ray
87f7ab02d9680d55-MXP
timing-allow-origin
blog.kandji.io
x-amz-cf-id
TzYK1goTY6genjB4tbroyyR_nWJHHGwaH9JPuAZCl_A5EDhoFssN5w==
2024.04.30%20Cuckoo%202.png
blog.kandji.io/hs-fs/hubfs/ 		17 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.kandji.io/hs-fs/hubfs/2024.04.30%20Cuckoo%202.png?width=672&height=347&name=2024.04.30%20Cuckoo%202.png
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c1567d2b9acd79cdc86589be269f601cbffcfa85dbee6ce63db97c8f3434da79
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:52 GMT
strict-transport-security
max-age=31536000
via
1.1 71d15e4317f9ba4644f6c17f42ef94c8.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-165961962245,P-5058330,FLS-ALL
alt-svc
h3=":443"; ma=86400
content-length
17258
cf-resized
internal=ok/m q=0 n=1113+0 c=82+118 v=2024.4.1 l=17258
last-modified
Tue, 30 Apr 2024 18:02:29 GMT
cf-bgj
imgq:86,h2pri
server
cloudflare
etag
"cf6yGpyB0EJrxo_quNgCZ1zhU7KVkZo0foeZqls5VvDQ:4d88a391e2bf20850f08bf6d422c3a96"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7HRghWMugnMy0Xat49TQ2eUAwgZlVRzBOmO3Om5Xy1w5I%2FcMEGu5dtC6P%2FbDG1V3oJIod4%2FmKcL0cvIDRF49O%2BjmTXjeeAYMDZpGlPCiVryxfJPvzQfSmgMm8nch9kEl"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
87f7ab02d96c0d55-MXP
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
Untitled%20design%20(1).png
blog.kandji.io/hs-fs/hubfs/ 		454 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.kandji.io/hs-fs/hubfs/Untitled%20design%20(1).png?width=80&height=80&name=Untitled%20design%20(1).png
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c77a58a32fba476a3d98e8200daea6916689fb18950cce6bd90e48e428caa6f0
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:53 GMT
strict-transport-security
max-age=31536000
via
1.1 e928b6930ba0ec9937ae31d26228b38a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-157917519700,P-5058330,FLS-ALL
alt-svc
h3=":443"; ma=86400
content-length
454
cf-resized
internal=ok/m q=0 n=876+0 c=3+21 v=2024.4.1 l=454
last-modified
Thu, 22 Feb 2024 00:19:39 GMT
cf-bgj
imgq:86,h2pri
server
cloudflare
etag
"cfPFm93phRdC7Z74QB4VwWNervO7f-n0uC5YAbC82nDQ:11eb812ee9d202f5c27ede07174a49a0"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X9A25tLu6GmkuTzzz8cUPEfxWv7e0CCA9Qfsaoqs52Epxz6a1oh2mojsBfFBVNwkiWlVkwon3M0HJwUOi11ebe0%2FDqkQ4ypuhfoDsP87PfauuBDP%2BWXl9HKAXjI0dlpg"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
87f7ab037a750d55-MXP
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
8bed3482-30c4-4ee2-85a9-6f0e2149b55c.png
no-cache.hubspot.com/cta/default/5058330/ 		0
0
current.js
blog.kandji.io/hs/cta/cta/ 		18 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.kandji.io/hs/cta/cta/current.js
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
34d753f84b9e400b537366e47a9ebe10ec0ed56abe34174795bec29127d2ed79
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
87
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=cta-embed-js/static-1.285/bundles/current.js&cfRay=87f7a8e530764c42-MXP
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"d86286755489ba85735d030c6a6ca5dc"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
max-age=600
x-hs-target-asset
cta-embed-js/static-1.285/bundles/current.js
date
Mon, 06 May 2024 08:40:53 GMT
strict-transport-security
max-age=31536000
via
1.1 9dc566ff42777d2cad8483451738f334.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-amz-version-id
.SaBlZes9qRhWaMqqCvaPXXAz4nOX23D
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
5b8c666c-287d-4001-864a-b2baf55b0a40
x-cache
Hit from cloudfront
cache-tag
staticjsapp-CtaEmbed-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
0
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
5b8c666c-287d-4001-864a-b2baf55b0a40
last-modified
Wed, 01 May 2024 11:35:03 UTC
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vZJWwqecX86Dkc7LbNiEmgDZZfku4rWgI8XjpNoNf0%2FtDrpdkF%2BaZNFrq%2FEdAOJmxZ7adfzotKAye23UATLvG11Srrbg7IR2f70J5Y1behpEHdULJG7wC8FyF4xqadtE"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status
HIT
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-68b7f7fbff-zjnrr
cf-ray
87f7ab034a120d55-MXP
x-amz-cf-id
-H2wuEoKbjwmrJQQsKg7Fxms5mB67rSDiCdFBuq6ty_fPp6_CQeXbg==
f9cbd4ff-31c8-46b4-914b-33c838de1b34.png
no-cache.hubspot.com/cta/default/5058330/ 		3 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://no-cache.hubspot.com/cta/default/5058330/f9cbd4ff-31c8-46b4-914b-33c838de1b34.png
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
631a0d62a719038670e8f56cc868da1bb3542376d251a781c6545cae129e2d7a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:53 GMT
x-amz-version-id
tTGyEO0tJlODKY_zmzUuuYcp.joigpwa
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-request-id
K0TEGDBGXY66Q5A9
x-amz-server-side-encryption
AES256
content-length
3266
x-amz-id-2
K2m7/S4EL8Nl4LtZr6jsXvTkl5kgIAIrseWJXOkscyqEss1E58Tt1D/8yiO1ZoM0h5gxQOmvA3o=
last-modified
Fri, 02 Jun 2023 18:06:17 GMT
server
cloudflare
etag
"842097bab8692619d1384bba926c1149"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5QL0t7LPinazv9YHRBT6dvlM%2BzVEp%2BbGCELMCSYhQFPS54YivdtgT0iAxFp%2Fwp3CenyQblH3UutQlbVofTBKJhfb7ddys7bVR6bSvt15f%2BoaDIQCJy8eweEe1hewbmBEF8u8O%2BZa"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
no-cache, no-store
accept-ranges
bytes
cf-ray
87f7ab037a1c0e0a-MXP
8b112eca-371f-41dd-bc10-130711c6d648.png
no-cache.hubspot.com/cta/default/5058330/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://no-cache.hubspot.com/cta/default/5058330/8b112eca-371f-41dd-bc10-130711c6d648.png
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
047ad7989bc75b72ad38301072330f4109f8225a4e34bdde8bfa790edd0d5a0e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:53 GMT
x-amz-version-id
f4WGBHOQ..wkPV9PgAGbh2HG2CnWNNPy
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-request-id
K0T747MGDPASS11V
x-amz-server-side-encryption
AES256
content-length
1286
x-amz-id-2
M2Wrai9UrvO/UPYaWkwMI05mu+4ZwEwo1sDpuPfLfVUjINdUyirgXsr0RS78Uw4eUoXsAfDOLBw=
last-modified
Fri, 08 Mar 2024 22:19:12 GMT
server
cloudflare
etag
"179d670d165cfa6f65deb404cccd7d89"
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WeOHM%2BZIprC0yyWcpvSzie87CGyM6G74wjmCI5Ugwtu9cnU2vRCZillPUzkFnE2xBut2cG%2FfD69nQw4cv1lQ%2Brcm%2BYH264HXCXVQxlif87MiL4pz6ouSuEmsec6ukyudOo7AeogT"}],"group":"cf-nel","max_age":604800}
content-type
image/png
cache-control
no-cache, no-store
accept-ranges
bytes
cf-ray
87f7ab037a1f0e0a-MXP
embed.js
static.hsappstatic.net/content-cwv-embed/static-1.840/ 		13 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hsappstatic.net/content-cwv-embed/static-1.840/embed.js
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.172.91 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9ee5c21fba72db5037f82a272693e5db4bb73ab1059a340dcffc9bee28f670c1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:53 GMT
x-amz-version-id
e_mEpsTIjne7IZWFj8MkYDmouI7jSgMC
via
1.1 b4a15133db3a2b8a3148547f5267d170.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
MXP63-P3
age
566853
x-amz-server-side-encryption
AES256
content-encoding
br
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Mon, 01 Apr 2024 16:01:41 GMT
server
cloudflare
etag
W/"3a4474324e070674ecd017b9d44b9c99"
vary
Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jkxk47Z1fO6uyCjVoKppKZioO5MYZtzlLZGmrB6%2BtydrdqdSENUudUYluhioOBF%2BW10bTgOE5reaj%2Bxkycl1pwihc%2Fcsv5ATTGHyJVArQxcP%2F3Zjb7DtMiP9BbDY%2FHLTSCpB40wA%2BP8%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
87f7ab03bb823744-MXP
x-amz-cf-id
rdLEt0ha9gDK_0bV5grWcd6vENHurwFawcl0UkZyKxEt3MTlQZQQFA==
expires
Tue, 06 May 2025 08:40:53 GMT
kandji.min.js
blog.kandji.io/hs-fs/hub/5058330/hub_generated/template_assets/95659796768/1710813313513/Kandji_December2022/js/ 		112 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.kandji.io/hs-fs/hub/5058330/hub_generated/template_assets/95659796768/1710813313513/Kandji_December2022/js/kandji.min.js
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
953e94dc295871bac70da3981c02f89826b126b77678c770426e26e2020731c8
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
1676
x-amz-request-id
2HV1TG40DR1BA6SN
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"4cb530e790831873094e7ee81d06938a"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1710813314427
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Mon, 06 May 2024 08:40:53 GMT
strict-transport-security
max-age=31536000
via
1.1 99baebf4b5bb631267dcfa82456151cc.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
tzPl9wZduJpEUTWWdXTe7fGP_WJ6sPj_
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
a8ac40e5-873a-4289-b0a7-f88f21e7b8b7
x-cache
Miss from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
144
alt-svc
h3=":443"; ma=86400
x-amz-id-2
QB4MDy1Ai+EP1ZD7/+3lTVUlvlwkd/boUzEwoLmMHl8Vemj+b7NE3SmHDrg/DKmmXM3pp0xGqJE=
x-evy-trace-route-configuration
listener_https/all
x-request-id
a8ac40e5-873a-4289-b0a7-f88f21e7b8b7
last-modified
Tue, 19 Mar 2024 01:55:15 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aAB5V5GpHhXnNBRLrzi3SDE544EREvgM%2BOkYpRyUOmWaqH55aYEMpyndvWFKjCW8586tLWUczJYTNnQoyCUAtMIzvmorVEo%2B7XqZI5vNcVdf0y9IuTs3zHX7PBYMMNmv"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-5c8495489f-wvfbh
access-control-allow-credentials
false
cf-ray
87f7ab037a710d55-MXP
timing-allow-origin
blog.kandji.io
x-amz-cf-id
rcwZzpbmC9EKDI6aae1xb1lwHXUw3-2df65nvq9Cc5BvTwDwKTD_QQ==
5058330.js
blog.kandji.io/hs/scriptloader/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.kandji.io/hs/scriptloader/5058330.js
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d23e50f2c4d31a5073c9e59f9c51defff2d03df85d3c55590f2ee4f2ddf6bb03
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:53 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
21
x-evy-trace-route-service-name
envoyset-translator
cf-polished
origSize=1497
x-hubspot-correlation-id
18d50e1b-44e9-47e5-a6aa-dfa664a10db0
content-encoding
br
x-envoy-upstream-service-time
14
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
18d50e1b-44e9-47e5-a6aa-dfa664a10db0
last-modified
Mon, 06 May 2024 08:40:32 GMT
cf-bgj
minify
server
cloudflare
vary
origin, Accept-Encoding
access-control-max-age
3600
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://blog.kandji.io
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-5d47c8d44f-xhdzq
cache-control
public, max-age=90
access-control-allow-credentials
true
x-evy-trace-virtual-host
all
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Q9IH2ae3isMidGRXbemDl%2B8dvjDBBk5drP7ruTf2EgK1UPk5v8lQVRL7xlfOJyd6xip2yqQZ44OysX6JpQhlXKvpWbcCmOGjNPqI1njHFCmPIUftVTpPl7YmOmNneVi9"}],"group":"cf-nel","max_age":604800}
cf-ray
87f7ab037a760d55-MXP
expires
Mon, 06 May 2024 08:42:23 GMT
index.js
blog.kandji.io/hs/hsstatic/HubspotToolsMenu/static-1.321/js/ 		12 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://blog.kandji.io/hs/hsstatic/HubspotToolsMenu/static-1.321/js/index.js
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f826bcac220a5475477ee65fae659b0d8292d038d180a122df67fadb6742ed52
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:53 GMT
strict-transport-security
max-age=31536000
via
1.1 71f808ad45a98980e167f452a2aaf882.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
991052
x-amz-cf-pop
MXP63-P3
x-amz-server-side-encryption
AES256
x-amz-version-id
1rlxLpliQ7bEVIEMqiesE48_Sx9RmqkP
content-encoding
br
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 20 Mar 2024 15:59:57 GMT
server
cloudflare
etag
W/"5885ac5129ee80f8b7e1e228e142587d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zNhP2wdwzDfEjcsmo4f9VNUNjV3Q8Fndi3qbEAJPaZaf%2Bro4M17oSGm3Aw78vLYrhDzivv1X6Atfyp2wbtBw%2FYEMv91nFH7OicOoGMaqSbE3tCti4pbYsZ2TIqQmm4Ue"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
87f7ab037a7a0d55-MXP
x-amz-cf-id
Q8xnKz9DMsv4gVl7Af7CYezRpDbqpCCj304G5ZhiXhF-CeK-GQGYHQ==
expires
Tue, 06 May 2025 08:40:53 GMT
52104b08-403c-474b-8e63-8560d38d0080.json
cdn.cookielaw.org/consent/52104b08-403c-474b-8e63-8560d38d0080/ 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/52104b08-403c-474b-8e63-8560d38d0080/52104b08-403c-474b-8e63-8560d38d0080.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.178.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8bb5b82601b4d9a2d5c0c2114554c057cfcbd14758cbfcc4caabcd22ad9abe6e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 06 May 2024 08:40:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
61574
content-md5
6BMqikelNA/grYiNXxYYUQ==
content-length
1508
x-ms-lease-status
unlocked
last-modified
Thu, 15 Jun 2023 16:56:03 GMT
server
cloudflare
etag
0x8DB6DC1675F9622
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
36884402-a01e-007b-7e03-247b1f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
87f7ab03af90523d-MXP
expires
Tue, 07 May 2024 08:40:53 GMT
gtm.js
www.googletagmanager.com/ 		334 KB
106 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-T7GZQ3L
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.232 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
436b104ce5adfece634678a9368b7227e42cc9a7e58b201eeadc5ed90ee43ec0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:53 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
108598
x-xss-protection
0
last-modified
Mon, 06 May 2024 06:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 06 May 2024 08:40:53 GMT
PPNeueMontreal-Variable.ttf
5058330.fs1.hubspotusercontent-na1.net/hubfs/5058330/raw_assets/public/Kandji_December2022/fonts/ 		190 KB
92 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://5058330.fs1.hubspotusercontent-na1.net/hubfs/5058330/raw_assets/public/Kandji_December2022/fonts/PPNeueMontreal-Variable.ttf
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/hs-fs/hub/5058330/hub_generated/template_assets/95659790937/1714606602095/Kandji_December2022/css/kandji.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.146.132 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
910f74967a8d03e18bdd8b4a46a1573653c71d374e9823f2d416d9bd250b1ea6

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/
Origin
https://blog.kandji.io
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-encoding
br
x-amz-meta-cache-tag
F-95662839379,FD-95664176134,P-5058330,FLS-ALL
age
728717
x-amz-request-id
15CB1YHMM0F12WFW
x-amz-server-side-encryption
AES256
edge-cache-tag
F-95662839379,FD-95664176134,P-5058330,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
W/"61d5f1a1a93cc2b08ca4fc4032b9df1e"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
font/ttf
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1671243819749
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
none
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Mon, 06 May 2024 08:40:53 GMT
via
1.1 7c3241a948c4d88d2b9d7793615eaf0c.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-version-id
LseMZwrny9avZzv6GoE3a9pheWcyZ0eh
x-amz-cf-pop
MXP64-C2
x-hs-alternate-content-type
text/plain
x-cache
Miss from cloudfront
cache-tag
F-95662839379,FD-95664176134,P-5058330,FLS-ALL
x-amz-meta-index-tag
none
x-amz-storage-class
INTELLIGENT_TIERING
x-amz-id-2
IEzOpIMVEVYzaiDjBavXBMIlIWRfAkNbyZq2LnPt1fKvJ4DyAaQCFe6T2OdgCO0U0qIIOrjundA=
last-modified
Sat, 17 Dec 2022 02:23:40 GMT
server
cloudflare
cf-ray
87f7ab044fe70e29-MXP
timing-allow-origin
5058330.fs1.hubspotusercontent-na1.net
x-amz-cf-id
oJ99PKqDftrEMaUhbkU7UyfR8AC6nFn5NmuS0ArN0npgYD-q8yU1vQ==
First%20screenshot_shadow.png
blog.kandji.io/hs-fs/hubfs/ 		80 KB
81 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.kandji.io/hs-fs/hubfs/First%20screenshot_shadow.png?width=895&height=700&name=First%20screenshot_shadow.png
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d9164e39d63790c8764c886c09d0299cc3a3f13f42bf55f1b4cbdc4eea6c6359
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:53 GMT
strict-transport-security
max-age=31536000
via
1.1 121c88058ec4bc13c2348ddff26afc98.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-165936926823,P-5058330,FLS-ALL
alt-svc
h3=":443"; ma=86400
content-length
82046
cf-resized
internal=ok/m q=0 n=797+195 c=0+0 v=2024.4.1 l=82046
last-modified
Tue, 30 Apr 2024 14:55:40 GMT
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"cfn-4rA8EuXDA7DQQOxyHyoLxndmRGB8yy55S65dU6DQ:749969da747907414f76c0dfb945f2b1"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Eciw9FnXJcDnDZGa78g4ihT9TI78krQqLebhkX2vMJ64nLU1m5gWu8IFLVNUl6FanxlksEdk1zK2rmNTA2elKE1BsBLvCexbQ%2BjKLCIP1vAD9%2BZgo4lNaaH7ITkU%2Fnzs"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
87f7ab03cb1e0d55-MXP
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
2024.03.XX%20installers.png
blog.kandji.io/hs-fs/hubfs/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.kandji.io/hs-fs/hubfs/2024.03.XX%20installers.png?width=128&height=66&name=2024.03.XX%20installers.png
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9e31e68652d40a182ba89f4af0ae2bc09c1a71bb893aa2bdd147a6278081d4ff
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:53 GMT
strict-transport-security
max-age=31536000
via
1.1 36be2c773789c1382b13900c0a0f5724.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-160884535947,P-5058330,FLS-ALL
alt-svc
h3=":443"; ma=86400
content-length
2412
cf-resized
internal=ok/m q=0 n=1014+0 c=65+37 v=2024.4.1 l=2412
last-modified
Fri, 15 Mar 2024 15:49:20 GMT
cf-bgj
imgq:86,h2pri
server
cloudflare
etag
"cfvWXpEFLCQN_zZvbheJ2EmJLxdFxi2AAgjHEhntbsDQ:3c204f838ebc22dfc5014db1beca205b"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=F5Fdrsyr9i1vYOjxy0NSZa4GzqFhGcdZ1Hkp8s07WdmQ%2FDZUBmsrNCtP%2FjtxskadhLiXd%2BJhEkyZLa%2BQDp3FmkTIm9wojI94V0UhDckh3xbc5EaS%2Foh4mNNDs3m%2FS2X6"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
87f7ab03fb670d55-MXP
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
2023.06.29%20security.png
blog.kandji.io/hs-fs/hubfs/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.kandji.io/hs-fs/hubfs/2023.06.29%20security.png?width=128&height=66&name=2023.06.29%20security.png
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b4c8e87133644390cfb20c3cf3055dc631add2a8db9e05f6d23480df2d624399
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:53 GMT
strict-transport-security
max-age=31536000
via
1.1 7c3241a948c4d88d2b9d7793615eaf0c.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-122688660010,P-5058330,FLS-ALL
alt-svc
h3=":443"; ma=86400
content-length
1534
cf-resized
internal=ok/m q=0 n=893+0 c=33+16 v=2024.4.1 l=1534
last-modified
Wed, 28 Jun 2023 17:20:39 GMT
cf-bgj
imgq:86,h2pri
server
cloudflare
etag
"cfNCxsMukWtVp3OVsIX2njGMhLdFxi2AAgjHEhntbsDQ:c0131cccd4a63ec31e730507c1405caf"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eHOMe1VxoU9AT8I18GUCVvpBLNl2udSt5ZMQQ%2F45CYGq0cZQZSV3OrZsYDM1Nt9DD%2FN8cauB9B%2FzFKooUjKY2sMq6Umir5eq8jHSnPRwVBIpO9DvchOGSGpyU4CiBYbT"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
87f7ab03fb6a0d55-MXP
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
2024.04.18%20Configurator.png
blog.kandji.io/hs-fs/hubfs/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://blog.kandji.io/hs-fs/hubfs/2024.04.18%20Configurator.png?width=128&height=66&name=2024.04.18%20Configurator.png
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
4f9341805e550ac6c973ad2fb31797089b016f68d2482b10f7f975a61b403823
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:53 GMT
strict-transport-security
max-age=31536000
via
1.1 ed45efeb163f9ffaca42564e88ebc17e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-164794887495,P-5058330,FLS-ALL
alt-svc
h3=":443"; ma=86400
content-length
1316
cf-resized
internal=ok/m q=0 n=920+0 c=13+13 v=2024.4.0 l=1316
last-modified
Wed, 17 Apr 2024 22:10:35 GMT
cf-bgj
imgq:86,h2pri
server
cloudflare
etag
"cftU2E2Jhvd8jr2j5bb1BXrMladFxi2AAgjHEhntbsDQ:884140d251f39ec2c0519828550c9614"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=tTwytDFrtQrfFcohRIukfXZKGUBJTSOTXqq4zx4F0%2Be%2FeiWokEAGzgXv3Q4jmnwstwCHDBtQYxsX5TF1Lls7FN1O%2BwoGn0eFTuusjUayqCihwusxITbUuf%2BKM%2BCmDGME"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
87f7ab03fb6f0d55-MXP
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		69 B
318 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.32.137 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6964d03a8ab5896300c3dd5cb3fc6fa302ef3d1b5453d2021282038af12e5679
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
accept
application/json
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
87f7ab043d8159b9-MXP
access-control-allow-headers
Content-Type
Subscribe-Blog.png
5058330.fs1.hubspotusercontent-na1.net/hubfs/5058330/raw_assets/public/Kandji_December2022/images/modules/ 		13 KB
13 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://5058330.fs1.hubspotusercontent-na1.net/hubfs/5058330/raw_assets/public/Kandji_December2022/images/modules/Subscribe-Blog.png
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/hs-fs/hub/5058330/hub_generated/template_assets/95659790937/1714606602095/Kandji_December2022/css/kandji.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.146.132 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3fc523fde3cc50b1d7b9e935d342b29b1e380d85f6d4b14aba2351838410bc83

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-meta-cache-tag
F-96062485125,FD-95861192563,P-5058330,FLS-ALL
age
264919
x-amz-request-id
EZE2V7GYFJ0HEQJW
x-amz-server-side-encryption
AES256
edge-cache-tag
F-96062485125,FD-95861192563,P-5058330,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="Subscribe-Blog.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"ea57f01744259025dbbee871cdd1cb31"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1671621599617
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
none
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Mon, 06 May 2024 08:40:53 GMT
via
1.1 aa89236c3ef628703c4b8322e4ce6d96.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-version-id
CJxRHwMuRdpajywx_jTmK_D4quNoYBxx
x-amz-cf-pop
MXP64-C2
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=16283
x-cache
Miss from cloudfront
cache-tag
F-96062485125,FD-95861192563,P-5058330,FLS-ALL
x-amz-meta-index-tag
none
x-amz-storage-class
INTELLIGENT_TIERING
content-length
13174
x-amz-id-2
CFFPeKQghSFE1FRGJPYnklhl8AqNTqvcc/7KNkuEpr//ZPFJPYS2hSUIBSMwfPyttJfvtuABtLw=
last-modified
Wed, 21 Dec 2022 11:20:00 GMT
server
cloudflare
accept-ranges
bytes
cf-ray
87f7ab044f490e06-MXP
timing-allow-origin
5058330.fs1.hubspotusercontent-na1.net
x-amz-cf-id
y5tY6R6eSzWXVk_VVOCOx8XKkpo6eCJlYooZtP1ucMrT_kS8ScX9fA==
json
blog.kandji.io/_hcms/forms/embed/v3/form/5058330/21f774d6-4c0b-4c25-b47a-35023464393a/ 		12 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://blog.kandji.io/_hcms/forms/embed/v3/form/5058330/21f774d6-4c0b-4c25-b47a-35023464393a/json?hs_static_app=forms-embed&hs_static_app_version=1.5064&X-HubSpot-Static-App-Info=forms-embed-1.5064
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/_hcms/forms/v2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d47e2b8c8f19d5401ab46d92e24df67bd5cf39cdf88af19430103202e342a648
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept
application/json, text/plain, */*
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-origin-hublet
na1
date
Mon, 06 May 2024 08:40:53 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
5c265e4e-2c3b-4ff4-8608-6d159d40f8df
content-encoding
br
x-envoy-upstream-service-time
14
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
5c265e4e-2c3b-4ff4-8608-6d159d40f8df
server
cloudflare
vary
origin, Accept-Encoding
access-control-allow-methods
OPTIONS, GET
content-type
application/json;charset=utf-8
access-control-max-age
180
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-9fd6b4b-rbtjd
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-evy-trace-virtual-host
all
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=POSmJ5wV1gpZiaVUjkMT6fXFpsSUtWwga9javoK2VxXviYC%2BopzIPbdDFiFlCF1jNCjsobldPDfwR92HqjjMCOT1r%2FxucosDi0X7wTCBdg4mO4AOPWy7%2BYnkNINzHobB"}],"group":"cf-nel","max_age":604800}
cf-ray
87f7ab040b960d55-MXP
access-control-allow-headers
*
x-robots-tag
none
has-permission-json
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 		0
959 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission-json?portalId=5058330
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/hs/hsstatic/HubspotToolsMenu/static-1.321/js/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options no-sniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
no-sniff
cf-cache-status
DYNAMIC
x-hs-worker-debug-mode
false
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
3f5ea83b-22b5-4293-a332-32df841f2f00
x-envoy-upstream-service-time
4
x-evy-trace-route-configuration
listener_https/all
reporting-endpoints
default="https://send.hsbrowserreports.com/csp/reports?cfRay=87f7ab041af60e0a&resource=unknown"
x-evy-trace-listener
listener_https
x-request-id
3f5ea83b-22b5-4293-a332-32df841f2f00
server
cloudflare
vary
origin, Accept-Encoding
access-control-allow-methods
GET
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
access-control-allow-origin
https://blog.kandji.io
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-68b7f7fbff-ddwd7
cache-control
max-age=0
access-control-allow-credentials
true
x-evy-trace-virtual-host
all
cf-ray
87f7ab041af60e0a-MXP
right-laptopts.png
5058330.fs1.hubspotusercontent-na1.net/hubfs/5058330/raw_assets/public/Kandji_December2022/images/modules/ 		109 KB
110 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://5058330.fs1.hubspotusercontent-na1.net/hubfs/5058330/raw_assets/public/Kandji_December2022/images/modules/right-laptopts.png
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/hs-fs/hub/5058330/hub_generated/template_assets/95659790937/1714606602095/Kandji_December2022/css/kandji.min.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.146.132 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f336afca0db6e13235318d314c37a3f577c0c6219e57c1d44106d45313f0534e

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-meta-cache-tag
F-134491805113,FD-95861192563,P-5058330,FLS-ALL
age
264919
x-amz-request-id
6R6W5JZ48XNEKKZ1
x-amz-server-side-encryption
AES256
edge-cache-tag
F-134491805113,FD-95861192563,P-5058330,FLS-ALL
x-amz-replication-status
COMPLETED
content-disposition
inline; filename="right-laptopts.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"d8f7fec81a5703b8fa569b8c7e09c1d2"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1694478484023
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
none
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Mon, 06 May 2024 08:40:53 GMT
via
1.1 f9ae7a7192e585fdba11578d564e8642.cloudfront.net (CloudFront)
cf-cache-status
HIT
x-amz-version-id
jjtaDQNzOAXVY5VvKDfKCQS8NeD2KgjS
x-amz-cf-pop
MXP64-C2
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=181766
x-cache
RefreshHit from cloudfront
cache-tag
F-134491805113,FD-95861192563,P-5058330,FLS-ALL
x-amz-meta-index-tag
none
x-amz-storage-class
INTELLIGENT_TIERING
content-length
111700
x-amz-id-2
CNVkeTTieRJRmTlzlS6ytjrRiHeLlxnUmTEpArhArMP8sP3q3FGkcM1smY8IGJum6DIRjNrQb5pXUdCG/TPsIjq1G9z/+BPq
last-modified
Tue, 12 Sep 2023 00:28:05 GMT
server
cloudflare
accept-ranges
bytes
cf-ray
87f7ab044f4d0e06-MXP
timing-allow-origin
5058330.fs1.hubspotusercontent-na1.net
x-amz-cf-id
VFXuqQoGCyGvbGUZW9iVKURuPAMRQqGdLRbgU8DkYT8GT0DXYkY5qw==
banner.js
js.hs-banner.com/v2/5058330/ 		71 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/v2/5058330/banner.js
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/hs/scriptloader/5058330.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.64.153.27 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6957528b73336870fef39c26e4c26a54274b20a6f4bcc72ced85acc62b35cea8

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:53 GMT
x-amz-version-id
U18IpK875C1.kZkqgNYlPwP3nLAPfMuJ
content-encoding
br
cf-cache-status
REVALIDATED
x-amz-request-id
P3W56RSV57GTSG9R
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
923e1de7-c798-42a8-b9da-e226809284ba
x-envoy-upstream-service-time
106
x-amz-id-2
m151Y5g8zzeAm0Fr/6iF8SliowDjReqzHffI0VOtZQJ85YdYuFc9VRUJcAXC+3BEchVn0LI0ECA=
x-evy-trace-listener
listener_https
x-request-id
923e1de7-c798-42a8-b9da-e226809284ba
x-evy-trace-route-configuration
listener_https/all
last-modified
Mon, 15 Apr 2024 14:30:11 GMT
server
cloudflare
etag
W/"aa0a797298b2896ababed192ace38142"
access-control-max-age
604800
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
https://www.kandji.io
x-evy-trace-virtual-host
all
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300,public
access-control-allow-credentials
true
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-6685c9958f-vhl7w
vary
origin, Accept-Encoding
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray
87f7ab048fc083a0-MXP
expires
Mon, 06 May 2024 08:45:53 GMT
fb.js
js.hsadspixel.net/ 		6 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsadspixel.net/fb.js
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/hs/scriptloader/5058330.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.128.172 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1c67d8ce90160a6586cfd2c2a936959738f5b1843ebdfbac4325c4d1a9b61224
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:53 GMT
x-amz-version-id
H75lIw.llLd5LbqLQfJpi4qQ6NOhCtlN
via
1.1 c5f8f8068a88ebb73e505f5e51b5262e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
x-amz-cf-pop
IAD12-P3
age
413
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.551/bundles/pixels-release.js&cfRay=87f7a0eebca30d80-MXP
x-cache
Hit from cloudfront
x-hubspot-correlation-id
fef0a596-d39f-4ad9-8f35-20164cefb768
cache-tag
staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-encoding
br
x-envoy-upstream-service-time
1
x-amz-replication-status
COMPLETED
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
fef0a596-d39f-4ad9-8f35-20164cefb768
last-modified
Fri, 19 Apr 2024 14:01:51 UTC
server
cloudflare
etag
W/"65a4cdf8f8c613ea8f766101eea8e667"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
x-hs-cache-status
HIT
x-evy-trace-virtual-host
all
cache-control
max-age=600
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-68b7f7fbff-ddwd7
cf-ray
87f7ab0489864c46-MXP
x-amz-cf-id
xDkTa7bv_h3rOfR_44sVcoYPnNF8VckpEWunzPdPj9Lx119p6UuE9A==
x-hs-target-asset
adsscriptloaderstatic/static-1.551/bundles/pixels-release.js
5058330.js
js.hs-analytics.net/analytics/1714984800000/ 		67 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1714984800000/5058330.js
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/hs/scriptloader/5058330.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.160.168 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f12dc284af1e9fe1ff422f71f892485263b9140dbf169882a7d8f82da5b5b12c

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:53 GMT
x-amz-version-id
null
content-encoding
br
cf-cache-status
MISS
x-amz-request-id
K0T9CCRYC2D82S1S
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
a127afcf-64de-4f5f-8b1f-38e7eefafd79
x-envoy-upstream-service-time
20
x-amz-id-2
PXL12wqfzsq8VFK1AQ4rf1xrBiKsJfITwUDc+789xri6I0ACXI+V36dkSuPWGvVyb0UKQDTKWk2T82XeK1penSwyqKV4Gtv05IWVBVRX/YA=
x-evy-trace-listener
listener_https
x-request-id
a127afcf-64de-4f5f-8b1f-38e7eefafd79
x-evy-trace-route-configuration
listener_https/all
last-modified
Wed, 24 Apr 2024 18:19:54 GMT
server
cloudflare
etag
W/"8f3df1a9325c8925bfb47bc8c68e83fa"
vary
origin, Accept-Encoding
content-type
text/javascript
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-78cb6f459b-q4rbs
cache-control
max-age=300,public
access-control-allow-credentials
false
cf-ray
87f7ab048d130f7e-MXP
expires
Mon, 06 May 2024 08:45:53 GMT
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/202303.1.0/ 		407 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202303.1.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.178.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
099d33a1d679bcfa3722a172d91742af80d45166f760db1512e4944a9d95bc23
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 06 May 2024 08:40:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
12zQcT/rVMicuxojEvnp3g==
age
34764
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
100389
x-ms-lease-status
unlocked
last-modified
Tue, 18 Apr 2023 02:32:15 GMT
server
cloudflare
etag
0x8DB3FB51FD9A927
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
28d3babc-501e-0022-05ac-12fc9c000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
87f7ab048cbb4be2-MXP
js
www.googletagmanager.com/gtag/ 		335 KB
107 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-V21CT0R1FX
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T7GZQ3L
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.232 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
1762e54cfb83ced1298d9bffdf5a4e23070a21635a2e30af57435c7699e02d37
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:53 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
109594
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 06 May 2024 08:40:53 GMT
js
www.googletagmanager.com/gtag/ 		335 KB
107 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-V21CT0R1FX&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T7GZQ3L
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.181.232 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
f2e04b879c470a58725e9e7a8ec41501dc090cd447b36fb6ccc63cdb5bd10401
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:53 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
109604
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Mon, 06 May 2024 08:40:53 GMT
ct
obs.testrobotflower.com/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://obs.testrobotflower.com/ct?id=57239&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&sf=0&tpi=&ch=cheq4ppc&uvid=&tsf=0&tsfmi=&tsfu=&cb=1714984853249&hl=2&op=0&ag=2115704966&rand=631968112705899055019810070151802420254207122621288108226575232199516191127057766062&fs=1600x1200&fst=1600x1200&np=win32&nv=google%20inc.&ref=&ss=1600x1200&nc=0&at=&di=W1siZWYiLDI4OTNdLFsiYm5jaCIsMV0sWyJhYm5jaCIsMV0sWy0xNywiMTciXSxbLTMwLCJbXCJ2XCIsMF0iXSxbLTQzLCIwMDAwMDAwMTAxMDAwMDAxMDAxMTEwMTEwMDEwMTEwMTAwMDAwMSJdLFstMjMsIisiXSxbLTIsIjUsZUFIV1gxL2YzcXpDdmJrdXltUXdnbElhRjNwRXNSRUVUcG9WZEZWQlFRcFJjUkJGU0tJSWdpUklyMEtoSlJxcFNBdENBa1FIcEl6eWJiWHBtWnIvNS9kOTZiemN1U0FQSi9HdCJdLFstMjQsIltdIl0sWy00NCwiMCwwLDAsNSJdLFstMjIsIltcIm5cIixcIm5cIl0iXSxbLTUwLCItIl0sWy02MiwiODAiXSxbLTQwLCIzMyJdLFstNDcsIkV1cm9wZS9Sb21lLGl0LUlULGxhdG4sZ3JlZ29yeSJdLFstNjEsIntcIndnc2xcIjpcIjQ7cmVhZG9ubHlfYW5kX3JlYWR3cml0ZV9zdG9yYWdlX3RleHR1cmVzO3BhY2tlZF80eDhfaW50ZWdlcl9kb3RfcHJvZHVjdDt1bnJlc3RyaWN0ZWRfcG9pbnRlcl9wYXJhbWV0ZXJzO3BvaW50ZXJfY29tcG9zaXRlX2FjY2VzcztcIixcInBjZlwiOlwiYmdyYTh1bm9ybVwifSJdLFstMzMsIi0iXSxbLTY2LCJnZW9sb2NhdGlvbixzdG9yYWdlYWNjZXNzLGdhbWVwYWQsY2hlY3QsbWlkaSxkaXNwbGF5Y2FwdHVyZSx1c2IscGljdHVyZWlucGljdHVyZSxwdWJsaWNrZXljcmVkZW50aWFsc2dldCxsb2NhbGZvbnRzLG90cGNyZWRlbnRpYWxzLGVuY3J5cHRlZG1lZGlhLGNoc2F2ZWRhdGEsY2h1YWZ1bGx2ZXJzaW9ubGlzdCxjaHVhd293NjQsY2hkb3dubGluayxjaHByZWZlcnNjb2xvcnNjaGVtZSxzeW5jeGhyLGNodWFtb2RlbCxjaHByZWZlcnNyZWR1Y2VkdHJhbnNwYXJlbmN5LHNlcmlhbCxjYW1lcmEsY2hwcmVmZXJzcmVkdWNlZG1vdGlvbixwcml2YXRlc3RhdGV0b2tlbmlzc3VhbmNlLGlkZW50aXR5Y3JlZGVudGlhbHNnZXQsY2h1YWZ1bGx2ZXJzaW9uLGZ1bGxzY3JlZW4sY2hkcHIsdW5sb2FkLGtleWJvYXJkbWFwLGNodWFwbGF0Zm9ybSxneXJvc2NvcGUsY2h1YW1vYmlsZSx3aW5kb3dtYW5hZ2VtZW50LGNodWEscHVibGlja2V5Y3JlZGVudGlhbHNjcmVhdGUsbWFnbmV0b21ldGVyLGFjY2VsZXJvbWV0ZXIscHJpdmF0ZXN0YXRldG9rZW5yZWRlbXB0aW9uLGNodWFhcmNoLHhyc3BhdGlhbHRyYWNraW5nLGNodWFmb3JtZmFjdG9ycyxpZGxlZGV0ZWN0aW9uLGNodWFwbGF0Zm9ybXZlcnNpb24sY2h3aWR0aCxjbGlwYm9hcmRyZWFkLGNodmlld3BvcnR3aWR0aCxwYXltZW50LGNodmlld3BvcnRoZWlnaHQsY2hydHQsYXV0b3BsYXksY3Jvc3NvcmlnaW5pc29sYXRlZCxoaWQsY2h1YWJpdG5lc3Msc2NyZWVud2FrZWxvY2ssY2xpcGJvYXJkd3JpdGUsY2hkZXZpY2VtZW1vcnksbWljcm9waG9uZSJdLFstNTcsIldFMFpWMXhPY1ZoWFhWVmNTeGNGV2xaVVNVeE5YRjBIR1dKWVNobFlTVWxWUUdRWkVWeFBXRlVaV0UwWkJWaFhWbGRBVkZaTVNnY1pFUU1PQXdnTUNRb0pBUkFWR1FWWVYxWlhRRlJXVEVvSEF3Z0JBd29KRUJWWVRSbDRTMHRZUUJkUFhCa1JVVTFOU1VvREZoWldXeGROWEVwTlMxWmJWazFmVlZaT1hFc1hXbFpVRmxBV0NBb0pYVjFZWEZvT0Qxb0tDUXdMQUF0ZkQxeGFDZ2xjVzF4ZkMxME1XbHdYVTBvRENBTVBEZ2tBQ3hBPSJdLFstMywiW1wiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiLFwiaW50ZXJuYWwtcGRmLXZpZXdlclwiXSJdLFstNCwiPGh0bWwgbGFuZz1cImVuXCIgY2xhc3M9XCJzY3JvbGwtcHQtWzFyZW1dIG5hdlN3YXA6c2Nyb2xsLXB0LVs2cmVtXVwiPjxoZWFkPlxuICAgIDxtZXRhIGNoYXJzZXQ9XCJ1dGYtOFwiPlxuICAgIDxtZXRhIG5hbWU9XCJnb29nbGUtc2l0ZS12ZXJpZmljYXRpb25cIiBjb250ZW50PVwibDZzeHV1RFA4OF84RmF5SDFpMDlCWFVtR1o3UVZmeFVqd2VrWUI0bklmSVwiPlxuXG4gICAgXG5cbiAgICA8c2NyaXB0IHNyYz1cImh0dHBzOi8vanMuaHMtYW5hbHl0aWNzLm5ldC9hbmFseXRpY3MvMTcxNDk4NDgwMDAwMC81MDU4MzMwLmpzXCIgdHlwZT1cInRleHQvamF2YXNjcmlwdFwiIGlkPVwiaHMtYW5hbHl0aWNzXCI%2BPC9zY3JpcHQ%2BPHNjcmlwdCBzcmM9XCJodHRwczovL2pzLmhzYWRzcGl4ZWwubmV0L2ZiLmpzXCIgdHlwZT1cInRleHQvcGxhaW5cIiBpZD1cImhzLWFkcy1waXhlbC01MDU4MzMwXCIgZGF0YS1hZHMtcG9ydGFsLWlkPVwiNTA1ODMzMFwiIGRhdGEtYWRzLWVudj1cInByb2RcIiBkYXRhLWxvYWRlcj1cImhzLXNjcmlwdGxvYWRlclwiIGRhdGEtaHNqcy1wb3J0YWw9XCI1MDU4MzMwXCIgZGF0YS1oc2pzLWVudj1cInByb2RcIiBkYXRhLWhzanMtaHVibGV0PVwibmExXCIgY2xhc3M9XCJvcHRhbm9uLWNhdGVnb3J5LUMwMDAyIFwiPjwvc2NyaXB0PjxzY3JpcHQgc3JjPVwiaHR0cHM6Ly9qcy5ocy1iYW5uZXIuY29tL3YyLzUwNTgzMzAvYmFubmVyLmpzXCIgdHlwZT1cInRleHQvcGxhaW5cIiBpZD1cImNvb2tpZUJhbm5lci01MDU4MzMwXCIgZGF0YS1jb29raWVjb25zZW50PVwiaWdub3JlXCIgZGF0YS1ocy1pZ25vcmU9XCJ0cnVlXCIgZGF0YS1sb2FkZXI9XCJocy1zY3JpcHRsb2FkZXJcIiBkYXRhLWhzanMtcG9ydGFsPVwiNTA1ODMzMFwiIGRhdGEtaHNqcy1lbnY9XCJwcm9kXCIgZGF0YS1oc2pzLWh1YmxldD1cIm5hMVwiIGNsYXNzPVwib3B0YW5vbi1jYXRlZ29yeS1DMDAwMi1DMDAwMy1DMDAwNCBcIj48L3NjcmlwdD48c2NyaXB0IGFzeW5jPVwiXCIgZGF0YS1vdC1pZ25vcmU9XCJcIiBjbGFzcz1cIm9wdGFub24tY2F0ZWdvcnktQzAwMDFcIiBzcmM9XCJodHRwczovL3d3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbS9ndG0uanM%2FaWQ9R1RNLVQ3R1pRM0xcIj48L3NjcmlwdD48c2NyaXB0PmZ1bmN0aW9uIGRvbVJlYWR5KGspe2lmKFsnaW50ZXJhY3RpdmUnLCdjb21wbGV0ZSddLmluZGV4T2YoZG9jdW1lbnQucmVhZHlTdGF0ZSk%2BPTApe2soKX1lbHNle2RvY3VtZW50LmFkZEV2ZW50TGlzdGVuZXIoJ0RPTUNvbnRlbnRMb2FkZWQnLGspfX08L3NjcmlwdD5cblxuICAgIDx0aXRsZT5NYWx3YXJlOiBDdWNrb28gQmVoYXZlcyBMaWtlIENyb3NzIEJldHdlZW4gSW5mb3N0ZWFsZXIgYW5kIFNweXdhcmU8L3RpdGxlPlxuICAgIDxsaW5rIHJlbD1cInNob3J0Y3V0IGljb25cIiBocmVmPVwiaHR0cHM6Ly9ibG9nLmthbmRqaS5pby9odWJmcy9mYXZpY29uLTMuaWNvXCI%2BXG4gICAgPG1ldGEgbmFtZT1cImRlc2NyaXB0aW9uXCIgY29udGVudD1cIkthbmRqaSdzIHRocmVhdCByZXNlYXJjaCB0ZWFtIGhhcyBkaXNjb3ZlcmVkIGEgcGllY2Ugb2YgbWFsd2FyZSB0aGF0IGNvbWJpbmVzIGFzcGVjdHMgb2YgYW4gaW5mb3N0ZWFsZXIgYW5kIHNweXdhcmUuIEhlcmUncyBob3cgaXQgd29ya3MuXCI%2BXG4gICAgXG4gICAgXG4gICAgXG4gICAgXG4gICAgXG5cbiAgICBcbiAgICA8c2NyaXB0PmZ1bmN0aW9uIG9uQ2hlcVJlc3BvbnNlKGEscil7d2luZG93LmNxX3JlcV9pZD1yfTwvc2NyaXB0PlxuICAgIDxzY3JpcHQgYXN5bmM9XCJcIiBzcmM9XCJodHRwczovL29iLnRlc3Ryb2JvdGZsb3dlci5jb20vaS8xMzBkZGFlYzc2YzMwNTI5MmY2ZWMzMGViZWYyZDVjZS5qc1wiIGRhdGEtY2g9XCJjaGVxNHBwY1wiIGNsYXNzPVwiY3RfY2xpY2t0cnVlXzU3MjM5XCI%2BPC9zY3JpcHQ%2BXG4gICAgXG5cbiAgICBcbiAgICA8c2NyaXB0IHR5cGU9XCJ0ZXh0L2phdmFzY3JpcHRcIiBzcmM9XCJodHRwczovL2Nkbi5jb29raWVsYXcub3JnL2NvbnNlbnQvNTIxMDRiMDgtNDAzYy00NzRiLThlNjMtODU2MGQzOGQwMDgwL090QXV0b0Jsb2NrLmpzXCI%2BPC9zY3JpcHQ%2BXG4gICAgPHNjcmlwdCBzcmM9XCJodHRwczovL2Nkbi5jb29raWVsYXcub3JnL3NjcmlwdHRlbXBsYXRlcy9vdFNES1N0dWIuanNcIiB0eXBlPVwidGUiXSxbLTM4LCJpLC0xLC0xLDI1NywwLDAsMCwyMywyNywzODgsLTEsMCw5MTEuNiw5MTEuNiwxMDE5LDEwMjAiXSxbLTEzLCItIl0sWy01MiwiLSJdLFstNDUsIi0iXSxbLTY4LCItIl0sWy0yNiwie1widGpoc1wiOjE0MzE3ODUwLFwidWpoc1wiOjg1NjQ0NDIsXCJqaHNsXCI6NDI5NDcwNTE1Mn0iXSxbMTIsIntcImN0eFwiOlwid2ViZ2xcIixcInZcIjpcImludGVsIGluYy5cIixcInJcIjpcImludGVsIGlyaXMgb3BlbmdsIGVuZ2luZVwiLFwic2x2XCI6XCJ3ZWJnbCBnbHNsIGVzIDEuMCAob3BlbmdsIGVzIGdsc2wgZXMgMS4wIGNocm9taXVtKVwiLFwiZ3ZlclwiOlwid2ViZ2wgMS4wIChvcGVuZ2wgZXMgMi4wIGNocm9taXVtKVwiLFwiZ3ZlblwiOlwid2Via2l0XCIsXCJiZW5cIjo0LFwid2dsXCI6MSxcImdyZW5cIjpcIndlYmtpdCB3ZWJnbFwiLFwic2VmXCI6MTkzMDgyMDI3OSxcInNlY1wiOlwiXCJ9Il0sWy03LCItIl0sWy05LCIrIl0sWy0yNSwiLSJdLFstMjksIi0iXSxbLTM1LCJbMTcxNDk4NDg1MzIwMSwtMl0iXSxbLTM5LCJbXCIyMDAzMDEwN1wiLDIsXCJHZWNrb1wiLFwiTmV0c2NhcGVcIixcIk1vemlsbGFcIixudWxsLG51bGwsdHJ1ZSw4LGZhbHNlLG51bGwsNSx0cnVlLHRydWUsbnVsbCwwLHRydWUsdHJ1ZV0iXSxbLTEwLCItIl0sWy01OSwiZGVmYXVsdCJdLFstMTksIls1MCw1MCw1MCw1MCwwLDAsMSwyNCwyNCxcIi1cIiwxNjAwLDEyMDAsMTYwMCwxMjAwLDE2MDAsMTIwMCwxNjAwLDEyMDAsMCwwLDAsMCxcIi1cIixcIi1cIiwxNjAwLDEyMDBdIl0sWy0xMSwie1widFwiOlwiXCIsXCJtXCI6W1wiZGVzY3JpcHRpb25cIixcIm9nOmRlc2NyaXB0aW9uXCIsXCJvZzp0aXRsZVwiLFwidHdpdHRlcjpkZXNjcmlwdGlvblwiLFwidHdpdHRlcjp0aXRsZVwiXX0iXSxbLTI3LCJbNTAsMTAsMCxcIjRnXCIsbnVsbF0iXSxbLTQ2LCIwIl0sWy01OCwiLSJdLFstMjgsImVuLVVTLGVuIl0sWy0zNywiLTE0NC02Ni0xODAtIl0sWy02MywiMSJdLFszNywiWzMzMTYyMjQwNDksZnVuY3Rpb24obmV3VmFsdWUpIHtcbiAgICAgICAgICAgICAgYWRkQ29udGVudFdpbmRvd1Byb3h5KHRoaXMpXG4gICAgICAgICAgICAgIC8vIFJlc2V0IHByb3BlcnR5LCB0aGUgaG9vayBpcyBvbmx5IG5lZWRlZCBvbmNlXG4gICAgICAgICAgICAgIE9iamVjdC5kZWZpbmVQcm9wZXJ0eShpZnJhbWUsICdzcmNkb2MnLCB7XG4gICAgICAgICAgICAgICAgY29uZmlndXJhYmxlOiBmYWxzZSxcbiAgICAgICAgICAgICAgICB3cml0YWJsZTogZmFsc2UsXG4gICAgICAgICAgICAgICAgdmFsdWU6IF9zcmNkb2NcbiAgICAgICAgICAgICAgfSlcbiAgICAgICAgICAgICAgX2lmcmFtZS5zcmNkb2MgPSBuZXdWYWx1ZVxuICAgICAgICAgICAgfV0iXSxbLTYsIi0iXSxbLTE4LCJbMCwwLDAsMV0iXSxbLTMyLCItIl0sWy0zMSwiZmFsc2UiXSxbLTQxLCItIl0sWy01NCwie1wiaFwiOltcIl8zXCIsXCIyODcyODk5MzIwXCIsXCJfMVwiLFwiMTAzNzk3NTEwMlwiXSxcImRcIjpbXSxcImJcIjpbXSxcInNcIjoxfSJdLFstMTUsIi0iXSxbLTQ5LCItIl0sWy02NCwiWzAsXCJXaW4zMlwiLFt7XCJiXCI6XCJHb29nbGUgQ2hyb21lXCIsXCJ2XCI6XCIxMjRcIn0se1wiYlwiOlwiTm90OkEtQnJhbmRcIixcInZcIjpcIjhcIn0se1wiYlwiOlwiQ2hyb21pdW1cIixcInZcIjpcIjEyNFwifV1dIl0sWy01MywiMTAwIl0sWy02MCwyMDRdLFstOCwiLSJdLFstNTEsIi0iXSxbLTEsIi0iXSxbLTEyLCJudWxsIl0sWy0yMSwiLSJdLFstNDIsIjE3MjQyOTc2NTMiXSxbLTUsIi0iXSxbLTE2LCIwIl0sWy0zNCwiLSJdLFstNTUsIjEiXSxbLTU2LCJsYW5kc2NhcGUtcHJpbWFyeSJdLFstNDgsIjAsMCJdLFstNjcsIjI1MzIzMTI4ODg6MTUiXSxbLTIwLCItIl0sWy0xNCwiLSJdLFstMzYsIltcIjQvM1wiLFwiNC8zXCJdIl0sWy02NSwiLSJdLFsiZGRiIiwiMCw1LDAsMSwxLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwxLDAsMCw2LDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDQsMCwwLDAsMCwwLDAsMTUsMCJdLFsiY2IiLCIxLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCw0LDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMywwLDAsMCwwLDAsMCwwLDIsMCJdXQ%3D%3D&dep=0&pre=0&sdd=%7B%7D&cri=bc76WpSTKP&pto=1074&ver=59&gac=-&mei=&ap=&fe=1&duid=1.1714984853.r6bwznwjHNvb0A06&suid=1.1714984853.jdkaMvbaGA58pRpd&tuid=1.1714984853.tnCokVgsZ5M3v6R2&fbc=-&gtm=WyJwYWdldmlldy5ibG9nX21hbHdhcmVfY3Vja29vX2luZm9zdGVhbGVyX3NweXdhcmUiLCJkb21fcmVhZHkiXQ%3D%3D&it=28%2C753%2C217&fbcl=-&gacl=-&gacsd=-&rtic=-&bgc=-&spa=1&urid=0&ab=&sck=-
Requested by
Host: ob.testrobotflower.com
URL: https://ob.testrobotflower.com/i/130ddaec76c305292f6ec30ebef2d5ce.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
52.45.196.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-196-192.compute-1.amazonaws.com
Software
/
Resource Hash
779f657522ceebb6e96c610906f0127b50d9fbbeb66c95486ac58527e40880cc

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-type
text/javascript
pragma
no-cache
date
Mon, 06 May 2024 08:40:53 GMT
cache-control
no-cache, no-store, must-revalidate
content-encoding
gzip
content-length
1920
expires
Fri, 01 Jan 1990 00:00:00 GMT
en.json
cdn.cookielaw.org/consent/52104b08-403c-474b-8e63-8560d38d0080/1fb5c74a-9f40-42d3-9ca7-f3a03b8afa37/ 		100 KB
19 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/52104b08-403c-474b-8e63-8560d38d0080/1fb5c74a-9f40-42d3-9ca7-f3a03b8afa37/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202303.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.178.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e41200427492c9d376344c7c1061ca5a2da82b1a6f2400d9c04b44723fa69ef9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 06 May 2024 08:40:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
1739
content-md5
YPAwKbP0jKwGJCCAij8LUQ==
content-length
18986
x-ms-lease-status
unlocked
last-modified
Thu, 15 Jun 2023 16:56:05 GMT
server
cloudflare
etag
0x8DB6DC168C385F0
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
cd2e61d7-b01e-003b-0ed1-9b0337000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
87f7ab04f972523d-MXP
expires
Tue, 07 May 2024 08:40:53 GMT
counters.gif
forms.hsforms.com/embed/v3/ 		35 B
846 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
4d4b8a4c-3888-44ec-bf27-e212af43e9c9
x-envoy-upstream-service-time
4
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
4d4b8a4c-3888-44ec-bf27-e212af43e9c9
server
cloudflare
vary
origin
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-9fd6b4b-ngfhw
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
cf-ray
87f7ab0548640e06-MXP
counters.gif
forms-na1.hsforms.com/embed/v3/ 		35 B
882 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
e995e7ba-ec9a-41fa-bf78-359462cbe82b
x-envoy-upstream-service-time
2
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
e995e7ba-ec9a-41fa-bf78-359462cbe82b
server
cloudflare
vary
origin
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-9fd6b4b-rbtjd
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
cf-ray
87f7ab05487b0e06-MXP
collect
region1.analytics.google.com/g/ 		0
253 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-V21CT0R1FX&gtm=45je4510v893716759za200&_p=1714984853021&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1106455791.1714984853&ul=it-it&sr=1600x1200&ir=1&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=EA&_s=1&cu=USD&dl=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26utm_content%3D305522564%26utm_source%3Dhs_email&dt=Malware%3A%20Cuckoo%20Behaves%20Like%20Cross%20Between%20Infostealer%20and%20Spyware&sid=1714984853&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1&up.system_color_mode=Light&up.user_agent=Mozilla%2F5.0%20(Windows%20NT%2010.0%3B%20Win64%3B%20x64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F124.0.0.0%20Safari%2F537.36&tfd=1168
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-V21CT0R1FX&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.239.32.36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 06 May 2024 08:40:53 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://blog.kandji.io
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
244 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-V21CT0R1FX&cid=1106455791.1714984853&gtm=45je4510v893716759za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-V21CT0R1FX&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
173.194.76.154 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ws-in-f154.1e100.net
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 06 May 2024 08:40:53 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://blog.kandji.io
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.it/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.it/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-V21CT0R1FX&cid=1106455791.1714984853&gtm=45je4510v893716759za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l2l1&npa=1&z=712852050
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.131 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 06 May 2024 08:40:53 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
otFloatingFlat.json
cdn.cookielaw.org/scripttemplates/202303.1.0/assets/ 		10 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202303.1.0/assets/otFloatingFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202303.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.178.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
179a0ba55c3bbf759340ba2a57846f81a7de249ed7e502b5e8814af2ef964533
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 06 May 2024 08:40:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
PubgfHj+VI+S8CXDj6L+0w==
age
1739
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
2702
x-ms-lease-status
unlocked
last-modified
Tue, 18 Apr 2023 02:32:08 GMT
server
cloudflare
etag
0x8DB3FB51B88C45D
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
40ef2e6b-101e-0072-80d1-9b3057000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
87f7ab05fafe523d-MXP
otPcCenter.json
cdn.cookielaw.org/scripttemplates/202303.1.0/assets/v2/ 		61 KB
13 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202303.1.0/assets/v2/otPcCenter.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202303.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.178.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b382967162c482928529c765a21bf9ae4141dd1ccbdbf480140bdbd67eab8991
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 06 May 2024 08:40:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
94mqEGmIxKb0iFeUZrbqtw==
age
1739
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
12540
x-ms-lease-status
unlocked
last-modified
Tue, 18 Apr 2023 02:32:10 GMT
server
cloudflare
etag
0x8DB3FB51C6E493B
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
eec53bb5-401e-0025-43d1-9bd9da000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
87f7ab05fb02523d-MXP
otCommonStyles.css
cdn.cookielaw.org/scripttemplates/202303.1.0/assets/ 		21 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/202303.1.0/assets/otCommonStyles.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202303.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.178.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 06 May 2024 08:40:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
XcxlleAcPGO2n5kTZrHH2Q==
age
7238
x-ms-lease-status
unlocked
last-modified
Tue, 18 Apr 2023 02:32:19 GMT
server
cloudflare
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
81f0c99d-101e-0033-67ce-216628000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
87f7ab05fb05523d-MXP
json
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 		621 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=5058330
Requested by
Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.240.108 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
83afcd7bea4e4c7cf6e6c8147391aabca2b8b5a1fdce69981a9ee0b723c04904
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
71ec752d-bb3e-4150-a4c3-08dfbf7bb830
content-encoding
br
x-envoy-upstream-service-time
4
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
71ec752d-bb3e-4150-a4c3-08dfbf7bb830
server
cloudflare
vary
origin, Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://blog.kandji.io
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-5d47c8d44f-vfsjc
access-control-max-age
180
access-control-allow-credentials
false
x-evy-trace-virtual-host
all
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HX4S%2BTJbGoPktQnD7I6S3cmHb4g%2F48xEmAE5f%2B%2FoTXQd8q0M9p%2FJoE8g797yad82BdnPmefDynhZ4AfuhqASGMwOKN%2FnV8qtTaGGMCkjuCkiBgcianITSS3JPJ%2Fr2rwL"}],"group":"cf-nel","max_age":604800}
cf-ray
87f7ab064921375b-MXP
access-control-allow-headers
*
ot_guard_logo.svg
cdn.cookielaw.org/logos/static/ 		497 B
490 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202303.1.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.178.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 06 May 2024 08:40:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
tXyZydHjxQshFMbbBT1/8A==
age
7238
x-ms-lease-status
unlocked
last-modified
Thu, 02 May 2024 18:04:42 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
51c18e8b-f01e-0096-6065-9d235d000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
87f7ab064b88523d-MXP
logo_smaller.jpg
cdn.cookielaw.org/logos/88b1f9df-81c2-4d29-89cf-c98916e9bd0d/55e57800-c74c-4810-a41b-5e2afff8ac2a/7559b0a1-1d52-400b-a0ac-48786ae4e19f/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/88b1f9df-81c2-4d29-89cf-c98916e9bd0d/55e57800-c74c-4810-a41b-5e2afff8ac2a/7559b0a1-1d52-400b-a0ac-48786ae4e19f/logo_smaller.jpg
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.178.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5846533b4521c67fd6a587522d5dc150c85d870b1dfd635af7990317ace96f86
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 06 May 2024 08:40:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
cWKZllORFmU1skGzXrJiWA==
age
81425
content-length
7067
x-ms-lease-status
unlocked
cf-bgj
h2pri
last-modified
Wed, 19 Apr 2023 22:05:49 GMT
server
cloudflare
etag
0x8DB41223BF0F461
vary
Accept-Encoding
content-type
image/jpeg
access-control-allow-origin
*
x-ms-request-id
50098723-701e-009c-504f-1494e5000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
87f7ab065fb64be2-MXP
powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 		5 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdn.cookielaw.org/logos/static/powered_by_logo.svg
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.19.178.52 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Mon, 06 May 2024 08:40:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
gzip
content-md5
Y+c301RBZNK39PvKQWrIBw==
age
40605
x-ms-lease-status
unlocked
last-modified
Thu, 02 May 2024 18:04:43 GMT
server
cloudflare
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
e029ff83-401e-0043-13c3-9c6b80000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
cf-ray
87f7ab065fb94be2-MXP
js
www.googletagmanager.com/gtag/ 		257 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-781421631
Requested by
Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.232 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
d8de0272b8403b2f13eaf52adf6d74e3c8e9859e484a9e65a5ed18e59dbc7eda
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:53 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
89923
x-xss-protection
0
last-modified
Mon, 06 May 2024 06:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 06 May 2024 08:40:53 GMT
js
www.googletagmanager.com/gtag/ 		257 KB
88 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-781421631&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T7GZQ3L
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.232 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
e1eadd5176008341fddab5b59c5d68870088ed323370f72d5b92dee0275397d7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:53 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
89958
x-xss-protection
0
last-modified
Mon, 06 May 2024 06:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 06 May 2024 08:40:53 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/ 		48 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.21.20.139 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-21-20-139.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
05dce95eaa2457f1ed9076e0d32b59680b654cf7ca6a4e35f3fe682c78f460b0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-edgeconnect-origin-mex-latency
635
date
Mon, 06 May 2024 08:40:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 30 Apr 2024 10:06:07 GMT
x-cdn
AKAM
x-edgeconnect-midmile-rtt
0
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
cache-control
max-age=39639
accept-ranges
bytes
content-length
17038
collect
region1.analytics.google.com/g/ 		0
54 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-V21CT0R1FX&gtm=45je4510v893716759za200&_p=1714984853021&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1106455791.1714984853&ul=it-it&sr=1600x1200&ir=1&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=EA&cu=USD&dl=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26utm_content%3D305522564%26utm_source%3Dhs_email&dt=Malware%3A%20Cuckoo%20Behaves%20Like%20Cross%20Between%20Infostealer%20and%20Spyware&sid=1714984853&sct=1&seg=0&_s=2&tfd=1470
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-V21CT0R1FX&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.239.32.36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Mon, 06 May 2024 08:40:53 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://blog.kandji.io
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.it/pagead/1p-conversion/781421631/
Redirect Chain
  • https://www.googleadservices.com/pagead/conversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0&ct_cookie_present=false&random=1379474090&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLn...
  • https://www.google.com/pagead/1p-conversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0&ct_cookie_present=false&random=1379474090&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAg&pscrd=IhM...
  • https://www.google.it/pagead/1p-conversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0&ct_cookie_present=false&random=1379474090&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAg&pscrd=IhMI...
42 B
154 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.it/pagead/1p-conversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0&ct_cookie_present=false&random=1379474090&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAg&pscrd=IhMI-MGAuND4hQMVr02kBB0uEwpAMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs68AFodHRwczovL2Jsb2cua2FuZGppLmlvL21hbHdhcmUtY3Vja29vLWluZm9zdGVhbGVyLXNweXdhcmU_dXRtX21lZGl1bT1lbWFpbCZfaHNlbmM9cDJBTnF0ei05akRzckZOZGQ5ZE5yTkRKRllLZ1F2VnZlZklqemdIcTU1UlRqM3ZDa0FybHoyY0JyOHBETE5WbE0xX3p5TmVfU2p5cFowTzJfSElKb2JSMzh2WU96UEpmaGJFZyZfaHNtaT0zMDU1MjI1NjQmdXRtX2NvbnRlbnQ9MzA1NTIyNTY0JnV0bV9zb3VyY2U9aHNfZW1haWw&is_vtc=1&cid=CAQSGwB7FLtqZVLIh41F6FxFHml1XhqqVYLO4mGuXA&random=786467031&ipr=y
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H2
Server
142.250.185.131 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9;q=0.9
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 06 May 2024 08:40:53 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 06 May 2024 08:40:53 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://www.google.it/pagead/1p-conversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0&ct_cookie_present=false&random=1379474090&sscte=1&crd=CNm5sQIIscGxAgiwwbECCLnBsQIIl8GxAg&pscrd=IhMI-MGAuND4hQMVr02kBB0uEwpAMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs68AFodHRwczovL2Jsb2cua2FuZGppLmlvL21hbHdhcmUtY3Vja29vLWluZm9zdGVhbGVyLXNweXdhcmU_dXRtX21lZGl1bT1lbWFpbCZfaHNlbmM9cDJBTnF0ei05akRzckZOZGQ5ZE5yTkRKRllLZ1F2VnZlZklqemdIcTU1UlRqM3ZDa0FybHoyY0JyOHBETE5WbE0xX3p5TmVfU2p5cFowTzJfSElKb2JSMzh2WU96UEpmaGJFZyZfaHNtaT0zMDU1MjI1NjQmdXRtX2NvbnRlbnQ9MzA1NTIyNTY0JnV0bV9zb3VyY2U9aHNfZW1haWw&is_vtc=1&cid=CAQSGwB7FLtqZVLIh41F6FxFHml1XhqqVYLO4mGuXA&random=786467031&ipr=y
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
tc_imp.gif
obs.testrobotflower.com/tracker/ 		43 B
79 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://obs.testrobotflower.com/tracker/tc_imp.gif?e=37dfbd8ee84e00126beace3dee4f8f9e9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d5b168f6e2e17071a10acf9f29f6740d78bdf042c3d4eff2d7352d63fde30960633072a9456060934510e97ba621a77be26bb25cb43e2923cf84c6da804337810db4ded42ec8bc59a7ee46a56a82b9eec47679c796e092818c5871d61eb72bffeb1ba131be20ecca7478c31db6bda508e1547f77303fd1f564c2acf503ed79ffca8328828bf7d8557ec4b7274a7d43169230121e118f58109ac5d6ead83c6771e217dcf965d78c9df014b3545730315a7902c7e7d17c7ab1f28cef2ea2b93e745711b3eb7b4e7c1d965b4cfdf59ba53980d6f6acabe9cb0f63192dfb039c26007d2f1c8291040f4336bab980678fc86ae668504fd45b08204d00a89936dce2a6dd2dd679b6f8fcdbaafd0b8fd427ba87bece2e4700e2be1823fd7e500e6581544840605dacd88c4c5f19426cf29de99a5c769fc676e37947f7683829e7328d7ee78bc0eb89442957ca1397f4145cb3abe52ce978d53ab91208847efa9cdcb43a25f4236fb72047f58615afc85668751e0d880208e967df8ba3f8dd5d9c875dea4c656456e86f10e45fba7534824dac0d63ad93bf5a01591b541d126e971ff53ab16b8d045bd457586ad9a2056402a63505d0445dfb69a038a41ea1c434029fdb14ddd9d1e08e8fd9be7d33f9db3a0a9d8bca2f24b4a39f94583b05d78c6073874943c18333fa376f7357697b6903ad672cb37dffe3ec7b9118b395a70635d220196c3e7d2206906881257ecb7cba7a298410f9facaf38c7dd797fc4c050693facd39b0363a52d974d8308b0678918c99b4badfb36a2dbdbc084553cbea66234d332ffd2eeb91c8e32260a17c339300ce8f601cb9540d89389d546d195d1617d6b1eeb63ef7cfe47b89374842e51631d287714e259879d3057bf73c1a7f535d9d34c8c7473ac0d7d2c9fe8d5165bee71f5890cdb07310042a03a2c82addf74ca573e99840fa0dfddfc825edb5d552112ee7625529f98105dba3ce2fedd2c93ceef065e60bf69270118d21653e285f31b17907e6cd597865dd4d2bacb343ea864fe5e3e44c65c2261d4d7054582dee7dee7b10da33cf4299f7b86d57abaabaa2b46ef8052de8cfdf79da7c4c7264392e722549f369a0e955be2fa71fc949ca837e0d7a289fe4e3bf6a1b2ec5fd310cd0b4270187acb8e3831dd61e355d18233ae096cbc1e019556e4cd1571d8643617279ee6c43fc79b0830732c41cccd9ffecb3a9c14a7be666fd2d36a5758102d6060bd41e6ac2208a0b5dac4f8b4f2f9fedd22e1f68303383d1a3367206741984e0a5db7a1e7f774e4d17802d7d45ea6974a95ca809bcdffba1dfa078602a17bedc6a6c1c0746fdb8fc8ef2b691566c29acfb32d0aa3924b651da273b4792a67a53fbd339b0d7cce4d53c5cdeab1d698dd&cri=bc76WpSTKP&ts=407&cb=1714984853656
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
52.45.196.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-196-192.compute-1.amazonaws.com
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
Fri, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
date
Mon, 06 May 2024 08:40:53 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
43
content-type
image/gif
ae631071-48aa-40ad-8dea-6f22c81c0c33
https://blog.kandji.io/ 		261 B
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://blog.kandji.io/ae631071-48aa-40ad-8dea-6f22c81c0c33
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
95b5da3bfb6c1587ac3698dc85758ce46c77c3dba9ffacf2db6ef17d3b94fb31

Request headers

Accept-Language
it-IT,it;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Length
261
Content-Type
9c61a6b7-298b-44ed-a0fb-ee8cfc67776e
https://blog.kandji.io/ 		529 B
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://blog.kandji.io/9c61a6b7-298b-44ed-a0fb-ee8cfc67776e
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
deaf5f69b73bb0adfd8c7bb97c1e12930a65ea0adf23af29fabe13bd196478f7

Request headers

Accept-Language
it-IT,it;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Length
529
Content-Type
/
www.googleadservices.com/pagead/conversion/781421631/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion/781421631/?random=1714984853753&cv=11&fst=1714984853753&bg=ffffff&guid=ON&async=1&gtm=45be4510v885711243za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&label=1lluCKXMhqUZEL-YzvQC&hn=www.googleadservices.com&frm=0&tiba=Malware%3A%20Cuckoo%20Behaves%20Like%20Cross%20Between%20Infostealer%20and%20Spyware&did=dZTQ1Zm&gdid=dZTQ1Zm&gtm_ee=1&npa=1&pscdl=noapi&auid=1216541928.1714984854&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&ec_mode=a&fdr=SA&data=event%3Dconversion&em=tv.1&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-781421631
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s51-in-f2.1e100.net
Software
cafe /
Resource Hash
6a9254da5c22528ec2c683d416d9bb50216380408dfbae6b5b21c0e9620ba08b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Mon, 06 May 2024 08:40:53 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2021
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
px.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1329610&time=1714984853759&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-9jDsrFNdd...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1329610&time=1714984853759&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-9jDsrFNdd...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1329610%26time%3D1714984853759%26url%3Dhttps%253A%252F%252Fblog.kandji.io%252Fmal...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1329610&time=1714984853759&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-9jDsrFNdd...
0
161 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1329610&time=1714984853759&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&cookiesTest=true&liSync=true
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
it-IT,it;q=0.9;q=0.9
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date
Mon, 06 May 2024 08:40:54 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 94DD8B52F36746899AA3A03F58BCFFBA Ref B: MIL30EDGE1011 Ref C: 2024-05-06T08:40:54Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-fabric
prod-lor1
x-li-proto
http/2
content-length
0
x-li-uuid
AAYXxQcMMs2d4Mv6cPkwng==

Redirect headers

strict-transport-security
max-age=31536000
content-security-policy
frame-ancestors 'self'
x-content-type-options
nosniff
date
Mon, 06 May 2024 08:40:53 GMT
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-length
0
x-li-uuid
AAYXxQcJLQffNgCxR3tl/w==
pragma
no-cache
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: CACA77EE11064896B0D1A7605FA945E2 Ref B: MIL30EDGE1011 Ref C: 2024-05-06T08:40:54Z
x-frame-options
sameorigin
x-li-fabric
prod-lor1
location
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1329610&time=1714984853759&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&cookiesTest=true&liSync=true
cache-control
no-cache, no-store
x-li-proto
http/2
expires
Thu, 01 Jan 1970 00:00:00 GMT
/
www.google.it/pagead/1p-conversion/781421631/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/781421631/?random=1588862562&cv=11&fst=1714984853753&bg=ffffff&guid=ON&async=1&gtm=45be4510v885711243za200&gcd=13l3l3l2l1&dma_cps=sy...
  • https://www.google.com/pagead/1p-conversion/781421631/?random=1588862562&cv=11&fst=1714984853753&bg=ffffff&guid=ON&async=1&gtm=45be4510v885711243za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u...
  • https://www.google.it/pagead/1p-conversion/781421631/?random=1588862562&cv=11&fst=1714984853753&bg=ffffff&guid=ON&async=1&gtm=45be4510v885711243za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_...
42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.it/pagead/1p-conversion/781421631/?random=1588862562&cv=11&fst=1714984853753&bg=ffffff&guid=ON&async=1&gtm=45be4510v885711243za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&label=1lluCKXMhqUZEL-YzvQC&hn=www.googleadservices.com&frm=0&tiba=Malware%3A%20Cuckoo%20Behaves%20Like%20Cross%20Between%20Infostealer%20and%20Spyware&did=dZTQ1Zm&gdid=dZTQ1Zm&gtm_ee=1&npa=1&pscdl=noapi&auid=1216541928.1714984854&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&ec_mode=a&fdr=SA&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&sscte=1&crd=CJW3sQIIscGxAgiwwbECCLnBsQIIl8GxAg&pscrd=IhMIhMOEuND4hQMVLFOkBB2U_g_2MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs68AFodHRwczovL2Jsb2cua2FuZGppLmlvL21hbHdhcmUtY3Vja29vLWluZm9zdGVhbGVyLXNweXdhcmU_dXRtX21lZGl1bT1lbWFpbCZfaHNlbmM9cDJBTnF0ei05akRzckZOZGQ5ZE5yTkRKRllLZ1F2VnZlZklqemdIcTU1UlRqM3ZDa0FybHoyY0JyOHBETE5WbE0xX3p5TmVfU2p5cFowTzJfSElKb2JSMzh2WU96UEpmaGJFZyZfaHNtaT0zMDU1MjI1NjQmdXRtX2NvbnRlbnQ9MzA1NTIyNTY0JnV0bV9zb3VyY2U9aHNfZW1haWw&is_vtc=1&cid=CAQSGwB7FLtqXd4z10gc_l-9pUIdAwFFdSy-spSW0g&random=1605115005&ipr=y
Requested by
Host: blog.kandji.io
URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Protocol
H2
Server
142.250.185.131 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s50-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9;q=0.9
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 06 May 2024 08:40:53 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 06 May 2024 08:40:53 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://www.google.it/pagead/1p-conversion/781421631/?random=1588862562&cv=11&fst=1714984853753&bg=ffffff&guid=ON&async=1&gtm=45be4510v885711243za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&label=1lluCKXMhqUZEL-YzvQC&hn=www.googleadservices.com&frm=0&tiba=Malware%3A%20Cuckoo%20Behaves%20Like%20Cross%20Between%20Infostealer%20and%20Spyware&did=dZTQ1Zm&gdid=dZTQ1Zm&gtm_ee=1&npa=1&pscdl=noapi&auid=1216541928.1714984854&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&ec_mode=a&fdr=SA&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&sscte=1&crd=CJW3sQIIscGxAgiwwbECCLnBsQIIl8GxAg&pscrd=IhMIhMOEuND4hQMVLFOkBB2U_g_2MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs68AFodHRwczovL2Jsb2cua2FuZGppLmlvL21hbHdhcmUtY3Vja29vLWluZm9zdGVhbGVyLXNweXdhcmU_dXRtX21lZGl1bT1lbWFpbCZfaHNlbmM9cDJBTnF0ei05akRzckZOZGQ5ZE5yTkRKRllLZ1F2VnZlZklqemdIcTU1UlRqM3ZDa0FybHoyY0JyOHBETE5WbE0xX3p5TmVfU2p5cFowTzJfSElKb2JSMzh2WU96UEpmaGJFZyZfaHNtaT0zMDU1MjI1NjQmdXRtX2NvbnRlbnQ9MzA1NTIyNTY0JnV0bV9zb3VyY2U9aHNfZW1haWw&is_vtc=1&cid=CAQSGwB7FLtqXd4z10gc_l-9pUIdAwFFdSy-spSW0g&random=1605115005&ipr=y
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
blog.kandji.io/ 		0
18 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://blog.kandji.io/
Requested by
Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/5058330/hub_generated/template_assets/95659796768/1710813313513/Kandji_December2022/js/kandji.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:54 GMT
strict-transport-security
max-age=31536000
content-encoding
br
content-security-policy
upgrade-insecure-requests
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
edge-cache-tag
CT-89692465160,CG-5058330,CG-6850365017,P-5058330,CW-95728460932,CW-95831149845,CW-95982514497,E-95659790937,E-95659790938,E-95659796768,E-95659796773,E-95660243592,E-95663097226,E-95710341535,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-96820535620,TS-95660243609
x-hs-prerendered
Sun, 05 May 2024 12:00:10 GMT
x-hs-cf-cache-status
HIT
alt-svc
h3=":443"; ma=86400
x-hs-content-id
89692465160
x-hs-cache-config
BrowserCache-5s-EdgeCache-180s
referrer-policy
no-referrer-when-downgrade
x-hs-cache-control
s-maxage=10800, max-age=0
last-modified
Sun, 05 May 2024 12:00:10 GMT
server
cloudflare
x-hs-hub-id
5058330
etag
W/"fd842c554cac5d59832afca53db15b84"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PvPI92tzfGnuG%2FvG%2FDgJpKLMmFd0sg%2Ba4obgKdQer4RZKaUhkZjpu0%2BlciysC%2Bn9m8aJHqjOBMIEDW1ujgJBgn8sh99t3soZ8V96Maf%2BUieQzQoaP9SXBAXadM7ZQZ5m"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cache-control
no-store, no-cache, must-revalidate
cf-ray
87f7ab0a7e250d55-MXP
link
</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script,</_hcms/forms/v2.js>; rel=preload; as=script
security
blog.kandji.io/tag/ 		0
15 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://blog.kandji.io/tag/security
Requested by
Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/5058330/hub_generated/template_assets/95659796768/1710813313513/Kandji_December2022/js/kandji.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:54 GMT
strict-transport-security
max-age=31536000
content-encoding
br
content-security-policy
upgrade-insecure-requests
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
edge-cache-tag
CT-89692465160,CG-6850365017,P-5058330,CW-95728460932,E-95659790937,E-95659790938,E-95659796768,E-95659796773,E-95660243592,E-95663097226,E-95711748276,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,TS-95660243609,TG-154217753888
x-hs-prerendered
Sun, 05 May 2024 12:02:15 GMT
x-hs-cf-cache-status
HIT
alt-svc
h3=":443"; ma=86400
x-hs-content-id
89692465160
x-hs-cache-config
BrowserCache-5s-EdgeCache-180s
referrer-policy
no-referrer-when-downgrade
x-hs-cache-control
s-maxage=10800, max-age=0
last-modified
Sun, 05 May 2024 12:02:15 GMT
server
cloudflare
x-hs-hub-id
5058330
etag
W/"d74db34e63d7f7569062dcef6f80c84d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9RbE1CF2tdsYU3PQ%2BjQX48jZoF72bGqdThPt2pjRzTnMkYamalASdBQXz3TQiu2ygAhB3n%2BehDdW%2FYRcEfAuFfzX3SgKpoBnwGytagocabQziORZ3XI5O%2FSyNFw1lxvU"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cache-control
s-maxage=10800, max-age=0
cf-ray
87f7ab0a7e270d55-MXP
link
</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script
adam-kohler-christopher-lopez
blog.kandji.io/author/ 		0
15 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://blog.kandji.io/author/adam-kohler-christopher-lopez
Requested by
Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/5058330/hub_generated/template_assets/95659796768/1710813313513/Kandji_December2022/js/kandji.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:54 GMT
strict-transport-security
max-age=31536000
content-encoding
br
content-security-policy
upgrade-insecure-requests
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
edge-cache-tag
CT-89692465160,CG-6850365017,P-5058330,CW-95728460932,DB-5688587,E-95659790937,E-95659790938,E-95659796768,E-95659796773,E-95660243592,E-95663097226,E-95711748276,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,TS-95660243609,AU-163759177072
x-hs-prerendered
Sun, 05 May 2024 12:02:13 GMT
x-hs-cf-cache-status
HIT
alt-svc
h3=":443"; ma=86400
x-hs-content-id
89692465160
x-hs-cache-config
BrowserCache-5s-EdgeCache-180s
referrer-policy
no-referrer-when-downgrade
x-hs-cache-control
s-maxage=10800, max-age=0
last-modified
Sun, 05 May 2024 12:02:13 GMT
server
cloudflare
x-hs-hub-id
5058330
etag
W/"1525f3b506df0d5d68e2c3b8e9c32006"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=C2lIm2xiqY4UhgQ2OrPoejTpu9u5n84r8UZC7kmg0lPVwko%2F6OeUlCCETiewllvzvVdw%2BFI%2BJfRl%2FKnYtPL3jsn%2BIBRKcVTgl35DVXJwNJy%2FJnbmtd2Xy%2F9W590UMzid"}],"group":"cf-nel","max_age":604800}
content-type
text/html; charset=UTF-8
cache-control
s-maxage=10800, max-age=0
cf-ray
87f7ab0a7e280d55-MXP
link
</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script
/
px.ads.linkedin.com/wa/ 		0
196 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://px.ads.linkedin.com/wa/
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Accept
*
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:54 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 9A4CC32D08FF4815A1754CECEB80F9CE Ref B: MIL30EDGE1011 Ref C: 2024-05-06T08:40:54Z
linkedin-action
1
vary
Origin
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
access-control-allow-origin
https://blog.kandji.io
x-li-proto
http/2
access-control-allow-credentials
true
x-li-uuid
AAYXxQcPNsxaAczOUHenVQ==
fbevents.js
connect.facebook.net/en_US/ 		218 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
157.240.253.1 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-fra5.fbcdn.net
Software
/
Resource Hash
f589b180c1064f697c91ac117fafda9aff1c66123a099e82da0b976a09011510
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Mon, 06 May 2024 08:40:54 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
57845
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=19, rtx=0, c=12, mss=1380, tbw=2783, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma
public
x-fb-debug
51i3hnUNbuflahHMxEQLOJLo4RtTApdlIzopwXKEeEo4BXqHpkx87fHqTvufKy+pSM/uwWzdNntQU9wMfoDOXg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
__ptq.gif
track.hubspot.com/ 		45 B
452 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=it-it&bfp=2999608170&v=1.1&a=5058330&pi=165936097429&ct=blog-post&ccu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&cpi=165936097429&cgi=6850365017&lpi=165936097429&lvi=165936097429&lvc=en&pu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&t=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&cts=1714984854609&vi=294b0ac69ff74141a764926c5808370c&nc=true&u=234561729.294b0ac69ff74141a764926c5808370c.1714984854606.1714984854606.1714984854606.1&b=234561729.1.1714984854606&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:54 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
92925cf0-e7e4-42ed-920b-0cda11b06dfe
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
8
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
92925cf0-e7e4-42ed-920b-0cda11b06dfe
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZGDo%2B36A6Rb5QnfdfFJIKkCd3rSdcANlbAJIRZQnhOVz2KQ5FAFvrWwi3d2vDKQX63QQ6recnPq5vD8pOiUJPv14v274uxr0nAI0pxT5nFT7199hXoGJ77yGGi6z9iOoVFOy"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-zw6hg
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
87f7ab0d6e8b0e0a-MXP
x-robots-tag
none
__ptbe.gif
track.hubspot.com/ 		45 B
552 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptbe.gif?n=pe5058330_form_analytic_event&_form_id=21f774d6-4c0b-4c25-b47a-35023464393a&_form_name=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&_form_group=&_form_platform=hubspot&_form_location=%2Fmalware-cuckoo-infostealer-spyware&_form_data=%5Bobject+Object%5D&_form_value=&_value=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=it-it&bfp=2999608170&v=1.1&a=5058330&pi=165936097429&ct=blog-post&ccu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&cpi=165936097429&cgi=6850365017&lpi=165936097429&lvi=165936097429&lvc=en&pu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&t=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&cts=1714984854610&vi=294b0ac69ff74141a764926c5808370c&nc=true&u=234561729.294b0ac69ff74141a764926c5808370c.1714984854606.1714984854606.1714984854606.1&b=234561729.1.1714984854606&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:54 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
d2e747be-f145-48ec-88e7-6b366d5775fc
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
13
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
d2e747be-f145-48ec-88e7-6b366d5775fc
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Kqm9pM15hUe8%2FJglYod47mKEErAf9RjPhQmD95U1J369lz7UDBljis0Ys%2FOSVIEDAyw41EzfJu0DeyC8HG5JcXzty0X0ljJNXVSEafg6tR1TGsLakA%2Fq7%2BmaIZz4m2Xj2w%2FH"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-c67ms
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
87f7ab0d7e990e0a-MXP
x-robots-tag
none
__ptbe.gif
track.hubspot.com/ 		45 B
626 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptbe.gif?n=pe5058330_form_definition_fetch_success&_form_id=21f774d6-4c0b-4c25-b47a-35023464393a&_form_name=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&_form_group=&_form_platform=hubspot&_form_location=%2Fmalware-cuckoo-infostealer-spyware&_form_data=%5Bobject+Object%5D&_form_value=&_value=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=it-it&bfp=2999608170&v=1.1&a=5058330&pi=165936097429&ct=blog-post&ccu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&cpi=165936097429&cgi=6850365017&lpi=165936097429&lvi=165936097429&lvc=en&pu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&t=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&cts=1714984854611&vi=294b0ac69ff74141a764926c5808370c&nc=true&u=234561729.294b0ac69ff74141a764926c5808370c.1714984854606.1714984854606.1714984854606.1&b=234561729.1.1714984854606&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:54 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
1a24c9af-63f5-416e-a1fd-ebf3b9cb0d3d
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
4
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
1a24c9af-63f5-416e-a1fd-ebf3b9cb0d3d
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dAC0iJa2rkCgPsIwj8XqxuYtX%2F0sg0oC6%2FPssMAgEF3s%2F14mMKrrviq5U%2BlhDYiVu4KgXAhQ%2BOX7dgFD3nXNhMzc79Cd5fUSD3IWjopY9E4M69L%2FuCWRXHg%2Bii8HcBV1pVD6"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-qz296
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
87f7ab0d7e9a0e0a-MXP
x-robots-tag
none
__ptbe.gif
track.hubspot.com/ 		45 B
620 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptbe.gif?n=pe5058330_form_before_init&_form_id=21f774d6-4c0b-4c25-b47a-35023464393a&_form_name=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&_form_group=&_form_platform=hubspot&_form_location=%2Fmalware-cuckoo-infostealer-spyware&_form_data=%5Bobject+Object%5D&_form_value=&_value=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=it-it&bfp=2999608170&v=1.1&a=5058330&pi=165936097429&ct=blog-post&ccu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&cpi=165936097429&cgi=6850365017&lpi=165936097429&lvi=165936097429&lvc=en&pu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&t=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&cts=1714984854612&vi=294b0ac69ff74141a764926c5808370c&nc=true&u=234561729.294b0ac69ff74141a764926c5808370c.1714984854606.1714984854606.1714984854606.1&b=234561729.1.1714984854606&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:54 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
4eff325c-4012-4a9d-b083-ea8e7dba540b
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
12
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
4eff325c-4012-4a9d-b083-ea8e7dba540b
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=weRmWT3vtqdm41Op16234CG%2BmBmju3WfX3WLWOOyY3OCnrvkKsowj79ZngXsqt3SbmThnARpCsL8644TY291uka%2FWkwDTfWxIiqjoHZ0ZfpaXkrM5hiObvZPPizDJ0F%2B596V"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-djmcg
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
87f7ab0d7e9d0e0a-MXP
x-robots-tag
none
__ptq.gif
track.hubspot.com/ 		45 B
420 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=15&fi=21f774d6-4c0b-4c25-b47a-35023464393a&fci=729d84dd-c3b6-4c02-9daa-620e23b36789&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=it-it&bfp=2999608170&v=1.1&a=5058330&pi=165936097429&ct=blog-post&ccu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&cpi=165936097429&cgi=6850365017&lpi=165936097429&lvi=165936097429&lvc=en&pu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&t=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&cts=1714984854613&vi=294b0ac69ff74141a764926c5808370c&nc=true&u=234561729.294b0ac69ff74141a764926c5808370c.1714984854606.1714984854606.1714984854606.1&b=234561729.1.1714984854606&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:54 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
5af4071c-9d89-4cad-b611-18d5cb3fd109
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
3
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
5af4071c-9d89-4cad-b611-18d5cb3fd109
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sKWQhuRH9uT5tWsS14yZHr5y1tAEXInOrG7u2ajxWxy173TGyXgKhGIyXbeFgbgLx4PhXxERZqrquCTQLyt1moBNZZgLnexwavx0ZJOioGkVklxcU8m7dwYLCA30spUha2Rr"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-djmcg
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
87f7ab0d7e9e0e0a-MXP
x-robots-tag
none
__ptbe.gif
track.hubspot.com/ 		45 B
443 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptbe.gif?n=pe5058330_form_ready&_form_id=21f774d6-4c0b-4c25-b47a-35023464393a&_form_name=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&_form_group=&_form_platform=hubspot&_form_location=%2Fmalware-cuckoo-infostealer-spyware&_form_data=%5Bobject+Object%5D&_form_value=&_value=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=it-it&bfp=2999608170&v=1.1&a=5058330&pi=165936097429&ct=blog-post&ccu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&cpi=165936097429&cgi=6850365017&lpi=165936097429&lvi=165936097429&lvc=en&pu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&t=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&cts=1714984854613&vi=294b0ac69ff74141a764926c5808370c&nc=true&u=234561729.294b0ac69ff74141a764926c5808370c.1714984854606.1714984854606.1714984854606.1&b=234561729.1.1714984854606&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:54 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
18d6d20c-5fb4-4a3b-812a-68747e02cd55
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
6
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
18d6d20c-5fb4-4a3b-812a-68747e02cd55
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5T0AW3NBdGKblWms%2FLu%2BEalWoRyeUjcu575iz6H3EewDY1cIutsGD3nrLMEv74iOKRh4zn9JDveurkJV5ugi1FRXGLx2TBvoI3%2Bx4AWIAn0EECZAZCL2NN28JgNUrmJ0d%2F5P"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-kqqtw
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
87f7ab0d7ea10e0a-MXP
x-robots-tag
none
__ptbe.gif
track.hubspot.com/ 		45 B
459 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptbe.gif?n=pe5058330_form_before_validation_init&_form_id=21f774d6-4c0b-4c25-b47a-35023464393a&_form_name=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&_form_group=&_form_platform=hubspot&_form_location=%2Fmalware-cuckoo-infostealer-spyware&_form_data=%5Bobject+Object%5D&_form_value=&_value=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=it-it&bfp=2999608170&v=1.1&a=5058330&pi=165936097429&ct=blog-post&ccu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&cpi=165936097429&cgi=6850365017&lpi=165936097429&lvi=165936097429&lvc=en&pu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&t=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&cts=1714984854614&vi=294b0ac69ff74141a764926c5808370c&nc=true&u=234561729.294b0ac69ff74141a764926c5808370c.1714984854606.1714984854606.1714984854606.1&b=234561729.1.1714984854606&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:54 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
d3e80e2d-68e9-4b06-a5ea-f33c70475069
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
7
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
d3e80e2d-68e9-4b06-a5ea-f33c70475069
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YJ48LrHd4W4XHqK%2BepGBFjbzClQ4Cj3SREhQ2WDctAYRFkbxSezRmhBE49MJGAUVauWQtkddMAyCn%2Bpr4OSoAR3XIHabhr6DNkh0xNzP7YrmjKpNjYV6a7jpxTL%2BUqwVrXMI"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-zw6hg
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
87f7ab0e68180e0a-MXP
x-robots-tag
none
__ptbe.gif
track.hubspot.com/ 		45 B
377 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptbe.gif?n=pe5058330_form_analytic_event&_form_id=21f774d6-4c0b-4c25-b47a-35023464393a&_form_name=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&_form_group=&_form_platform=hubspot&_form_location=%2Fmalware-cuckoo-infostealer-spyware&_form_data=%5Bobject+Object%5D&_form_value=&_value=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=it-it&bfp=2999608170&v=1.1&a=5058330&pi=165936097429&ct=blog-post&ccu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware&cpi=165936097429&cgi=6850365017&lpi=165936097429&lvi=165936097429&lvc=en&pu=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&t=Malware%3A+Cuckoo+Behaves+Like+Cross+Between+Infostealer+and+Spyware&cts=1714984854615&vi=294b0ac69ff74141a764926c5808370c&nc=true&u=234561729.294b0ac69ff74141a764926c5808370c.1714984854606.1714984854606.1714984854606.1&b=234561729.1.1714984854606&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.16.117.116 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:54 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
855786ac-6a22-4492-aa03-f2352797b61d
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
6
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
855786ac-6a22-4492-aa03-f2352797b61d
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1s4iRpmONC0HUeCgbilZYmGftKiovm%2B4rf9VNAIJNTT8FMgs6m5GNC26i9EyHHCZSPHNnBPBg9FxeVAsLnJRE%2BPzzItJnxA7Z32df772%2FI0L9opZxnagvwhSB0Z25l2ed4cE"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-76d96f8b5d-zw6hg
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
87f7ab0e681a0e0a-MXP
x-robots-tag
none
favicon-3.ico
blog.kandji.io/hubfs/ 		15 KB
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://blog.kandji.io/hubfs/favicon-3.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b2d41a1b6c32ab456d18738bf61dc24c0e005cdae9b9a4217760ff8dad1e6c49
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-69125449986,P-5058330,FLS-ALL
age
1357451
x-amz-request-id
Q5KS931P9A1A2F53
x-amz-server-side-encryption
AES256
edge-cache-tag
F-69125449986,P-5058330,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
W/"a479d2e98cdbda4dffb71d43887dcac0"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/vnd.microsoft.icon
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1647912952595
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Mon, 06 May 2024 08:40:54 GMT
strict-transport-security
max-age=31536000
via
1.1 0c476b4e93e7b13a5f68b185a8e9753c.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
YpH3jO4xnu2k6P.H5WyN2Y.XriWIZvyk
x-amz-cf-pop
ZRH50-C1
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-69125449986,P-5058330,FLS-ALL
x-amz-meta-index-tag
all
alt-svc
h3=":443"; ma=86400
x-amz-id-2
oqNUHvqHQG35VBosY8T0fCoFZbrVZUAivxTdfxzbYkUBz5pe0gRUvdmfb5gKa5qA3rDbCsuDtpM=
last-modified
Tue, 22 Mar 2022 01:35:53 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=guypdVn7e52XDjRjghq7XRi7bRa59uSkgdxyBY6t7an%2FLDZFD1cRyH9S%2BjhQydvzA0C5QA%2FPHh7EHjhhT%2FK3tfeVf5JZ8KQfMU5u2rn%2B9oruNagZdSu8UP34Aiv49IQW"}],"group":"cf-nel","max_age":604800}
cf-ray
87f7ab0d7b660d55-MXP
timing-allow-origin
d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id
ZQJKYm_MphZ6owQRW0PPknjFiUGSAFey5KSws9WeL-SRaUWwFkTRIw==
mon
obs.testrobotflower.com/ 		0
16 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://obs.testrobotflower.com/mon
Requested by
Host: ob.testrobotflower.com
URL: https://ob.testrobotflower.com/i/130ddaec76c305292f6ec30ebef2d5ce.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
52.45.196.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-196-192.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://blog.kandji.io
date
Mon, 06 May 2024 08:40:54 GMT
access-control-allow-credentials
true
content-length
0
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json
mon
obs.testrobotflower.com/ 		0
146 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://obs.testrobotflower.com/mon
Requested by
Host: ob.testrobotflower.com
URL: https://ob.testrobotflower.com/i/130ddaec76c305292f6ec30ebef2d5ce.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
52.45.196.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-196-192.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://blog.kandji.io
date
Mon, 06 May 2024 08:40:54 GMT
access-control-allow-credentials
true
content-length
0
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json
821678078239751
connect.facebook.net/signals/config/ 		66 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/821678078239751?v=2.9.155&r=stable&domain=blog.kandji.io&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
157.240.253.1 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-fra5.fbcdn.net
Software
/
Resource Hash
17b3c66292df72b6c315c952f755b9272e0beaee2bb143457c937ec106578cee
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Mon, 06 May 2024 08:40:54 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=24, rtx=0, c=62, mss=1380, tbw=63308, tp=-1, tpl=-1, uplat=130, ullat=0
pragma
public
x-fb-debug
0sxj9CkctWK/wm8OL7o83UHttuw9MW8w9GYkIyCbUHpOe+KXbkfNt4jX585wqiYNzwqJU4y8kmJf9IVNiLL9fA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		0
274 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=821678078239751&ev=PageView&dl=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&rl=&if=false&ts=1714984854974&sw=1600&sh=1200&ud[external_id]=294b0ac69ff74141a764926c5808370c&v=2.9.155&r=stable&a=hubspot&ec=0&o=4126&fbp=fb.1.1714984854973.1134210234&cs_est=true&ler=empty&cdl=API_unavailable&it=1714984854781&coo=false&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
157.240.252.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-01-fra3.facebook.com
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=12, rtx=0, c=10, mss=1380, tbw=2775, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Mon, 06 May 2024 08:40:55 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
cloudchat-infostealer
blog.kandji.io/ 		0
28 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://blog.kandji.io/cloudchat-infostealer
Requested by
Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/5058330/hub_generated/template_assets/95659796768/1710813313513/Kandji_December2022/js/kandji.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:55 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
285f13ed-2d99-4470-964b-c6f7791baf6e
content-encoding
br
edge-cache-tag
CT-159120097439,CT-160875931283,CT-163759176078,CT-165936097429,CG-6850365017,P-5058330,CW-127157693999,CW-95831149845,CW-95982514497,CW-95984958073,CW-96856054340,E-95659790937,E-95659796768,E-95659796773,E-95660243592,E-95660429163,E-95663097226,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-118553034663
cache-tag
CT-159120097439,CT-160875931283,CT-163759176078,CT-165936097429,CG-6850365017,P-5058330,CW-127157693999,CW-95831149845,CW-95982514497,CW-95984958073,CW-96856054340,E-95659790937,E-95659796768,E-95659796773,E-95660243592,E-95660429163,E-95663097226,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-118553034663
x-envoy-upstream-service-time
180
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-hs-content-id
163759176078
x-request-id
285f13ed-2d99-4470-964b-c6f7791baf6e
x-hs-cache-config
BrowserCache-5s-EdgeCache-7200s
referrer-policy
no-referrer-when-downgrade
x-hs-hub-id
5058330
last-modified
Mon, 06 May 2024 08:11:36 GMT
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3XrPJFd0lEI82i3fBbGixigFMhzfeNs2AMCKUScJvi8yRLIQ9ytFzbidDpKbaJf3hVIXWV4qd7Gu8ErUSoaVLp%2FsU3EKnUub8nZ38uSouY5j49VGe1NmPPyeJodCBA1q"}],"group":"cf-nel","max_age":604800}
content-type
text/html;charset=utf-8
x-evy-trace-served-by-pod
iad02/cms-30-39-td/envoy-proxy-5f8479db84-78tn8
x-evy-trace-virtual-host
all
cache-control
s-maxage=7200,max-age=5
access-control-allow-credentials
false
cf-ray
87f7ab10b9300d55-MXP
link
</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script
apple-mitigates-vulnerabilities-installer-scripts
blog.kandji.io/ 		0
29 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://blog.kandji.io/apple-mitigates-vulnerabilities-installer-scripts
Requested by
Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/5058330/hub_generated/template_assets/95659796768/1710813313513/Kandji_December2022/js/kandji.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:55 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
914e9342-997a-41ca-8b3d-4dfc42a92a9e
content-encoding
br
edge-cache-tag
CT-115070156673,CT-153270335865,CT-160875931283,CT-24097247610,CG-6850365017,P-5058330,CW-127157693999,CW-95831149845,CW-95982514497,CW-95984958073,CW-96856054340,E-95659790937,E-95659796768,E-95659796773,E-95660243592,E-95660429163,E-95663097226,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-118553034663
cache-tag
CT-115070156673,CT-153270335865,CT-160875931283,CT-24097247610,CG-6850365017,P-5058330,CW-127157693999,CW-95831149845,CW-95982514497,CW-95984958073,CW-96856054340,E-95659790937,E-95659796768,E-95659796773,E-95660243592,E-95660429163,E-95663097226,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-118553034663
x-envoy-upstream-service-time
135
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-hs-content-id
160875931283
x-request-id
914e9342-997a-41ca-8b3d-4dfc42a92a9e
x-hs-cache-config
BrowserCache-5s-EdgeCache-7200s
referrer-policy
no-referrer-when-downgrade
x-hs-hub-id
5058330
last-modified
Mon, 06 May 2024 08:11:37 GMT
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2PT26Yp1qQcavRbycRgSKi%2F2YKmdC0HVfwamkl4rEoEsZWWHN%2Bl1DY9D9uQs3f%2BnpRhthuyKqHjBgtdhBNX8H3fDSCbKXm3FAAtVAi32ry%2FCiZH%2BFNpWiYoqB8euQKN3"}],"group":"cf-nel","max_age":604800}
content-type
text/html;charset=utf-8
x-evy-trace-served-by-pod
iad02/cms-30-39-td/envoy-proxy-5f8479db84-tx4mf
x-evy-trace-virtual-host
all
cache-control
s-maxage=7200,max-age=5
access-control-allow-credentials
false
cf-ray
87f7ab10b9320d55-MXP
link
</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script
amos-macos-stealer-analysis
blog.kandji.io/ 		0
25 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://blog.kandji.io/amos-macos-stealer-analysis
Requested by
Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/5058330/hub_generated/template_assets/95659796768/1710813313513/Kandji_December2022/js/kandji.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
199.60.103.29 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 06 May 2024 08:40:55 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
b73a9b25-0861-49ee-8e6a-801557732323
content-encoding
br
edge-cache-tag
CT-159120097439,CT-160875931283,CT-163759176078,CT-165936097429,CG-6850365017,P-5058330,CW-127157693999,CW-95831149845,CW-95982514497,CW-95984958073,CW-96856054340,E-95659790937,E-95659796768,E-95659796773,E-95660243592,E-95660429163,E-95663097226,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-118553034663
cache-tag
CT-159120097439,CT-160875931283,CT-163759176078,CT-165936097429,CG-6850365017,P-5058330,CW-127157693999,CW-95831149845,CW-95982514497,CW-95984958073,CW-96856054340,E-95659790937,E-95659796768,E-95659796773,E-95660243592,E-95660429163,E-95663097226,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-118553034663
x-envoy-upstream-service-time
138
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-hs-content-id
159120097439
x-request-id
b73a9b25-0861-49ee-8e6a-801557732323
x-hs-cache-config
BrowserCache-5s-EdgeCache-7200s
referrer-policy
no-referrer-when-downgrade
x-hs-hub-id
5058330
last-modified
Mon, 06 May 2024 08:11:38 GMT
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wWPkoVoTHQ8na0uwg7vUdOIvtcvZQnfspNgaK2IC68Dh5w5Ruor3Pq70qsDZtQg4ggCfPYk68SMW9C8kLahLSS0swnjuFYW0FYlf1FYYdWmExD5GRsCvxd2SIzIuCIKH"}],"group":"cf-nel","max_age":604800}
content-type
text/html;charset=utf-8
x-evy-trace-served-by-pod
iad02/cms-30-39-td/envoy-proxy-5f8479db84-78tn8
x-evy-trace-virtual-host
all
cache-control
s-maxage=7200,max-age=5
access-control-allow-credentials
false
cf-ray
87f7ab10b9340d55-MXP
link
</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script
mon
obs.testrobotflower.com/ 		0
39 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://obs.testrobotflower.com/mon
Requested by
Host: ob.testrobotflower.com
URL: https://ob.testrobotflower.com/i/130ddaec76c305292f6ec30ebef2d5ce.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
52.45.196.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-196-192.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://blog.kandji.io
date
Mon, 06 May 2024 08:40:56 GMT
access-control-allow-credentials
true
content-length
0
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json
bat.js
bat.bing.com/ 		45 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T7GZQ3L
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
204.79.197.237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Mon, 06 May 2024 08:40:58 GMT
last-modified
Thu, 29 Feb 2024 19:58:06 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 02DEC656F6D34567AFD1B3AFB3E7D6E2 Ref B: MIL30EDGE1218 Ref C: 2024-05-06T08:40:58Z
etag
"01b4e9c496bda1:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
13261
mon
obs.testrobotflower.com/ 		0
39 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://obs.testrobotflower.com/mon
Requested by
Host: ob.testrobotflower.com
URL: https://ob.testrobotflower.com/i/130ddaec76c305292f6ec30ebef2d5ce.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
52.45.196.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-45-196-192.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

access-control-allow-origin
https://blog.kandji.io
date
Mon, 06 May 2024 08:40:58 GMT
access-control-allow-credentials
true
content-length
0
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
content-type
application/json
collect
region1.analytics.google.com/g/ 		0
17 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-V21CT0R1FX&gtm=45je4510v893716759za200&_p=1714984853021&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&gdid=dZTQ1Zm&cid=1106455791.1714984853&ul=it-it&sr=1600x1200&ir=1&uaa=x86&uab=64&uafvl=Chromium%3B124.0.6367.118%7CGoogle%2520Chrome%3B124.0.6367.118%7CNot-A.Brand%3B99.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&pscdl=noapi&_eu=EA&cu=USD&dl=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26utm_content%3D305522564%26utm_source%3Dhs_email&dt=Malware%3A%20Cuckoo%20Behaves%20Like%20Cross%20Between%20Infostealer%20and%20Spyware&sid=1714984853&sct=1&seg=0&_s=3&tfd=6472
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-V21CT0R1FX&l=dataLayer&cx=c
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.239.32.36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Accept-Language
it-IT,it;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Mon, 06 May 2024 08:40:58 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://blog.kandji.io
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
no-cache.hubspot.com
URL
https://no-cache.hubspot.com/cta/default/5058330/8bed3482-30c4-4ee2-85a9-6f0e2149b55c.png

Verdicts & Comments Add Verdict or Comment

58 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 function| domReady function| onCheqResponse object| OneTrustStub function| OptanonWrapper object| dataLayer object| hubspot object| HubSpotForms object| hbspt object| hsFormsOnReady undefined| kandji object| Alpine object| hsVars object| options object| _hsq object| FPConfig object| _hsp function| __ctcg_ct_57239_exec string| OnetrustActiveGroups string| OptanonActiveGroups object| otStubData object| google_tag_manager object| google_tag_data function| gtag function| onYouTubeIframeAPIReady boolean| PIXELS_RAN object| enabledEventSettings object| gaGlobal object| Optanon object| OneTrust object| hsCookieBanner boolean| _hspb_loaded boolean| _hspb_ran object| _paq function| sanitizeKey boolean| _hstc_loaded function| hs_i18n_log function| hs_i18n_substituteStrings function| hs_i18n_insertPlaceholders function| hs_i18n_getMessage object| _linkedin_data_partner_ids object| _cq string| cq_req_id object| GooglebQhCsO function| lintrk boolean| _already_called_lintrk object| ORIBILI boolean| _hstc_ran string| __hsUserToken number| expireDateTime function| fbq function| _fbq function| UET function| UET_init function| UET_push object| uetq

30 Cookies

Domain/Path Name / Value
.email.kandji.io/ Name: __cf_bm
Value: m4bd7NgDA4adSkTHUkd76gvY_YL7je0zKhdLxpAtkH8-1714984852-1.0.1.1-7jpuPI4Et7VbJNMBg1TmwN.ZqGj5OPvdfHpu1hwU5g4DtCCOs.37EOsMgLYU6EHNzo0DDOZrfYEIi2ohjYgudQ
.email.kandji.io/ Name: __cfruid
Value: 564099f264d1920ef172f58e69ad27586434b9b1-1714984852
.blog.kandji.io/ Name: __cf_bm
Value: sCnsSfs_0wty2UIWPZHKgBqmpVaJGmKYivwR84SEJMo-1714984852-1.0.1.1-JQJrQd6JpxUMeT.NSzJhl7boMit2qPSLisWaz6DjWreHv5jyXyqKgDkKShRk8SrmzksOKmgI5t127l7CVEEAUw
.blog.kandji.io/ Name: __cfruid
Value: 564099f264d1920ef172f58e69ad27586434b9b1-1714984852
.kandji.io/ Name: __kandji_utms
Value: {%22campaign%22:%22%22%2C%22source%22:%22hs_email%22%2C%22medium%22:%22email%22%2C%22term%22:%22%22%2C%22content%22:%22305522564%22}
.kandji.io/ Name: __kandji_lp
Value: https://blog.kandji.io/malware-cuckoo-infostealer-spyware
.kandji.io/ Name: _cq_duid
Value: 1.1714984853.r6bwznwjHNvb0A06
.kandji.io/ Name: _cq_suid
Value: 1.1714984853.jdkaMvbaGA58pRpd
.kandji.io/ Name: _ga
Value: GA1.1.1106455791.1714984853
.hsforms.com/ Name: __cf_bm
Value: MArNah5uq2gBTBYNbrpNsno53rUa9la6IjKE9tr1t_A-1714984853-1.0.1.1-HW8G98NjX0v6QMoMzoAfQAO0MDDIL3W5QaE7qu096HPxQwUIVcVifQ_iDqhSTe6d1HuEKAVBG5RqSDELatPr1g
.hsforms.com/ Name: _cfuvid
Value: uf9GK8mElSDIdHai2iuqai3IUYi3PeZsGggmkB4LItk-1714984853450-0.0.1.1-604800000
.hubspot.com/ Name: __cf_bm
Value: ukXlx30ntV6SYPSdwiImOqbom6Xw45am1Z3X.Azrkf8-1714984853-1.0.1.1-gYy3QVPyxcW6zpIKVlmvdwxxXNxatnVucdfoUGJqtqnOqvIXM7C123usdE2xDYi.tppKARbmzXEpuMrEtgJlBA
.hubspot.com/ Name: _cfuvid
Value: 60_MFe6.XDe5l4FQ1sS1armkrq124Py4scgbTJmBob8-1714984853468-0.0.1.1-604800000
.kandji.io/ Name: OptanonConsent
Value: isGpcEnabled=0&datestamp=Mon+May+06+2024+10%3A40%3A53+GMT%2B0200+(Ora+legale+dell%E2%80%99Europa+centrale)&version=202303.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fblog.kandji.io%2Fmalware-cuckoo-infostealer-spyware%3Futm_medium%3Demail%26_hsenc%3Dp2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg%26_hsmi%3D305522564%26utm_content%3D305522564%26utm_source%3Dhs_email&groups=C0001%3A1%2CC0003%3A1%2CC0002%3A0%2CC0004%3A0
obs.testrobotflower.com/ Name: cg_uuid
Value: 9e8f302e1e4fa41ba2329746f1eaa49e
.kandji.io/ Name: _gcl_au
Value: 1.1.1216541928.1714984854
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
.linkedin.com/ Name: li_sugr
Value: 69081c2d-b5a9-4e54-b61d-de17f16ce506
.linkedin.com/ Name: bcookie
Value: "v=2&29503d07-00b6-49ef-8a5e-1e05996e9905"
.linkedin.com/ Name: lidc
Value: "b=OGST03:s=O:r=O:a=O:p=O:g=3211:u=1:x=1:i=1714984853:t=1715071253:v=2:sig=AQHFsWy3vYmSOAWd2eEY6PY3nazOR0et"
.linkedin.com/ Name: UserMatchHistory
Value: AQIDZv7f0rouvQAAAY9NECJjXs_xNuyk0U3jtJ6dgHWoC8ZdYZh6mY-OCX81Jztt4LN6cX_qVrG3ew
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQIg0a3h-7fF4QAAAY9NECJj-tM6DtnKJv1O-ZwiN9-9tWiVPSQUzZRneiJJGO4ZJbT4evoNmgTalCOlEdPSAQ
.www.linkedin.com/ Name: bscookie
Value: "v=1&20240506084054b7280bdc-7a77-443e-81fb-3ecc67f775d8AQH3IidcqAsrQXXvwaqUvGhXVHjIxwP9"
.linkedin.com/ Name: li_gc
Value: MTswOzE3MTQ5ODQ4NTQ7MjswMjHxRAsfqq2/PPNBwLd4sRbgDk1jr9RTam2zwmRnBywAOQ==
.kandji.io/ Name: __hstc
Value: 234561729.294b0ac69ff74141a764926c5808370c.1714984854606.1714984854606.1714984854606.1
.kandji.io/ Name: hubspotutk
Value: 294b0ac69ff74141a764926c5808370c
.kandji.io/ Name: __hssrc
Value: 1
.kandji.io/ Name: __hssc
Value: 234561729.1.1714984854606
.kandji.io/ Name: _fbp
Value: fb.1.1714984854973.1134210234
.kandji.io/ Name: _ga_V21CT0R1FX
Value: GS1.1.1714984853.1.0.1714984858.55.0.0

65 Console Messages

Source Level URL
Text
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
worker verbose URL: blob:https://blog.kandji.io/ae631071-48aa-40ad-8dea-6f22c81c0c33(Line 1)
Message:
Error
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://connect.facebook.net/signals/config/821678078239751?v=2.9.155&r=stable&domain=blog.kandji.io&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105(Line 107)
Message:
Unrecognized feature: 'attribution-reporting'.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://blog.kandji.io/malware-cuckoo-infostealer-spyware?utm_medium=email&_hsenc=p2ANqtz-9jDsrFNdd9dNrNDJFYKgQvVvefIjzgHq55RTj3vCkArlz2cBr8pDLNVlM1_zyNe_SjypZ0O2_HIJobR38vYOzPJfhbEg&_hsmi=305522564&utm_content=305522564&utm_source=hs_email
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5058330.fs1.hubspotusercontent-na1.net
api.hubapi.com
app.hubspot.com
bat.bing.com
blog.kandji.io
cdn.cookielaw.org
connect.facebook.net
email.kandji.io
forms-na1.hsforms.com
forms.hsforms.com
geolocation.onetrust.com
googleads.g.doubleclick.net
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
no-cache.hubspot.com
ob.testrobotflower.com
obs.testrobotflower.com
px.ads.linkedin.com
region1.analytics.google.com
snap.licdn.com
static.hsappstatic.net
stats.g.doubleclick.net
track.hubspot.com
www.facebook.com
www.google.com
www.google.it
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
no-cache.hubspot.com
104.16.117.116
104.16.160.168
104.17.128.172
104.17.172.91
104.18.240.108
104.18.32.137
104.18.80.204
104.19.178.52
13.107.42.14
13.32.27.103
142.250.181.232
142.250.184.228
142.250.185.131
142.250.185.162
157.240.252.35
157.240.253.1
172.64.146.132
172.64.153.27
173.194.76.154
199.60.103.227
199.60.103.29
2.21.20.139
204.79.197.237
216.239.32.36
216.58.206.66
52.45.196.192
047ad7989bc75b72ad38301072330f4109f8225a4e34bdde8bfa790edd0d5a0e
05dce95eaa2457f1ed9076e0d32b59680b654cf7ca6a4e35f3fe682c78f460b0
099d33a1d679bcfa3722a172d91742af80d45166f760db1512e4944a9d95bc23
1762e54cfb83ced1298d9bffdf5a4e23070a21635a2e30af57435c7699e02d37
179a0ba55c3bbf759340ba2a57846f81a7de249ed7e502b5e8814af2ef964533
17b3c66292df72b6c315c952f755b9272e0beaee2bb143457c937ec106578cee
1c67d8ce90160a6586cfd2c2a936959738f5b1843ebdfbac4325c4d1a9b61224
34d753f84b9e400b537366e47a9ebe10ec0ed56abe34174795bec29127d2ed79
3fc523fde3cc50b1d7b9e935d342b29b1e380d85f6d4b14aba2351838410bc83
436b104ce5adfece634678a9368b7227e42cc9a7e58b201eeadc5ed90ee43ec0
4f9341805e550ac6c973ad2fb31797089b016f68d2482b10f7f975a61b403823
5846533b4521c67fd6a587522d5dc150c85d870b1dfd635af7990317ace96f86
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
608854bc9b4ff57f231d9b41b1b325b4a987f48eb56f26d928868acd8a2f30dc
631a0d62a719038670e8f56cc868da1bb3542376d251a781c6545cae129e2d7a
644edde68282b32d2ea7a7e94f0601801c8509b6bff2c7aff3c2e09ed3b25899
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6957528b73336870fef39c26e4c26a54274b20a6f4bcc72ced85acc62b35cea8
6964d03a8ab5896300c3dd5cb3fc6fa302ef3d1b5453d2021282038af12e5679
6a9254da5c22528ec2c683d416d9bb50216380408dfbae6b5b21c0e9620ba08b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6f08699117c1f15f6d35e7b4380d12d18a1881f075e177b5853b1017a3307544
779f657522ceebb6e96c610906f0127b50d9fbbeb66c95486ac58527e40880cc
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
83afcd7bea4e4c7cf6e6c8147391aabca2b8b5a1fdce69981a9ee0b723c04904
8bb5b82601b4d9a2d5c0c2114554c057cfcbd14758cbfcc4caabcd22ad9abe6e
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
910f74967a8d03e18bdd8b4a46a1573653c71d374e9823f2d416d9bd250b1ea6
930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1
953e94dc295871bac70da3981c02f89826b126b77678c770426e26e2020731c8
95b5da3bfb6c1587ac3698dc85758ce46c77c3dba9ffacf2db6ef17d3b94fb31
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9e31e68652d40a182ba89f4af0ae2bc09c1a71bb893aa2bdd147a6278081d4ff
9ee5c21fba72db5037f82a272693e5db4bb73ab1059a340dcffc9bee28f670c1
b2d41a1b6c32ab456d18738bf61dc24c0e005cdae9b9a4217760ff8dad1e6c49
b382967162c482928529c765a21bf9ae4141dd1ccbdbf480140bdbd67eab8991
b4c8e87133644390cfb20c3cf3055dc631add2a8db9e05f6d23480df2d624399
c1567d2b9acd79cdc86589be269f601cbffcfa85dbee6ce63db97c8f3434da79
c77a58a32fba476a3d98e8200daea6916689fb18950cce6bd90e48e428caa6f0
cea95b67c69f3eadce6a5ae44f8c92cdc25d9ecfd4f1f07abddbcc5609508f9e
d23e50f2c4d31a5073c9e59f9c51defff2d03df85d3c55590f2ee4f2ddf6bb03
d283751d00bb83e4a94384ffe42fff66fcb83c4c84b055dc0eecfbb1351eac9a
d47e2b8c8f19d5401ab46d92e24df67bd5cf39cdf88af19430103202e342a648
d8de0272b8403b2f13eaf52adf6d74e3c8e9859e484a9e65a5ed18e59dbc7eda
d9164e39d63790c8764c886c09d0299cc3a3f13f42bf55f1b4cbdc4eea6c6359
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
deaf5f69b73bb0adfd8c7bb97c1e12930a65ea0adf23af29fabe13bd196478f7
e1eadd5176008341fddab5b59c5d68870088ed323370f72d5b92dee0275397d7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41200427492c9d376344c7c1061ca5a2da82b1a6f2400d9c04b44723fa69ef9
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f12dc284af1e9fe1ff422f71f892485263b9140dbf169882a7d8f82da5b5b12c
f171db8dc0eb7cec86c84ceac278dbf2fbe33770334635a2703186d14f4828b2
f2e04b879c470a58725e9e7a8ec41501dc090cd447b36fb6ccc63cdb5bd10401
f336afca0db6e13235318d314c37a3f577c0c6219e57c1d44106d45313f0534e
f589b180c1064f697c91ac117fafda9aff1c66123a099e82da0b976a09011510
f826bcac220a5475477ee65fae659b0d8292d038d180a122df67fadb6742ed52