www.kandji.io Open in urlscan Pro
2a05:d014:275:cb00::c8 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
Submission: On August 12 via api (August 12th 2024, 1:26:25 pm UTC) from IT — Scanned from IT

Summary HTTP 108 Redirects Links 19 Behaviour Indicators

Summary

This website contacted 32 IPs in 5 countries across 23 domains to perform 108 HTTP transactions. The main IP is 2a05:d014:275:cb00::c8, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is www.kandji.io.
TLS certificate: Issued by E6 on August 1st 2024. Valid for: 3 months.

This is the only time www.kandji.io was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
21	2a05:d014:275... 2a05:d014:275:cb00::c8	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:218... 2600:9000:218f:ec00:1f:2c1a:3d80:93a1	16509 (AMAZON-02) (AMAZON-02)
11	2606:4700::68... 2606:4700::6812:572a	13335 (CLOUDFLAR...) (CLOUDFLARENET)
14	199.60.103.227 199.60.103.227	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
12	2606:4700::68... 2606:4700::6810:7674	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:af5b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:81c::2008	15169 (GOOGLE) (GOOGLE)
3	2606:4700::68... 2606:4700::6812:18bd	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:1d7f	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	18.239.69.2 18.239.69.2	16509 (AMAZON-02) (AMAZON-02)
7	2600:1f18:e8a... 2600:1f18:e8a:cd08:3437:aff5:50c:d298	14618 (AMAZON-AES) (AMAZON-AES)
1	2606:4700::68... 2606:4700::6811:80ac	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:a0a8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:16b7	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.19.175.188 104.19.175.188	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0c::9a	15169 (GOOGLE) (GOOGLE)
3	2a00:1450:400... 2a00:1450:4001:828::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6812:f06c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	142.250.186.72 142.250.186.72	15169 (GOOGLE) (GOOGLE)
1 2	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
2 2	142.250.186.34 142.250.186.34	15169 (GOOGLE) (GOOGLE)
2 2	172.217.23.100 172.217.23.100	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6810:7574	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:350... 2a02:26f0:3500:10::210:a9a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 3	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2620:1ec:51::12 2620:1ec:51::12	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	54.229.117.114 54.229.117.114	16509 (AMAZON-02) (AMAZON-02)
1	34.254.137.132 34.254.137.132	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f08... 2a03:2880:f083:9:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2	2a03:2880:f17... 2a03:2880:f176:84:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	2620:1ec:c11:... 2620:1ec:c11::237	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	216.239.34.36 216.239.34.36	() ()
108	32

21 2a05:d014:275:cb00::c8 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)

www.kandji.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:218f:ec00:1f:2c1a:3d80:93a1 (United States)

ASN16509 (AMAZON-02, US)

ob.sd22326.kandji.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700::6812:572a (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 199.60.103.227 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

blog.kandji.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700::6810:7674 (United States)

ASN13335 (CLOUDFLARENET, US)

no-cache.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:af5b (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:81c::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6812:18bd (United States)

ASN13335 (CLOUDFLARENET, US)

5058330.fs1.hubspotusercontent-na1.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1d7f (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.239.69.2 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-69-2.ams58.r.cloudfront.net

cdn.transifex.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2600:1f18:e8a:cd08:3437:aff5:50c:d298 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

obs.sd22326.kandji.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:80ac (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:a0a8 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:16b7 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.19.175.188 (None, )

ASN13335 (CLOUDFLARENET, US)

forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.it	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:f06c (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.72 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s05-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.66 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.34 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.217.23.100 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: mil04s23-in-f100.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:7574 (United States)

ASN13335 (CLOUDFLARENET, US)

forms-na1.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:10::210:a9a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:51::12 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.229.117.114 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-229-117-114.eu-west-1.compute.amazonaws.com

telemetry.svc.transifex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.254.137.132 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-254-137-132.eu-west-1.compute.amazonaws.com

live-detector.svc.transifex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f176:84:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::237 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.239.34.36 (None, )

ASN- ()

region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
43	kandji.io www.kandji.io ob.sd22326.kandji.io blog.kandji.io obs.sd22326.kandji.io	1 MB
14	hubspot.com no-cache.hubspot.com — Cisco Umbrella Rank: 34139 app.hubspot.com — Cisco Umbrella Rank: 10634 forms-na1.hubspot.com track.hubspot.com — Cisco Umbrella Rank: 5359	15 KB
11	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 554	203 KB
6	google.com 2 redirects region1.analytics.google.com — Cisco Umbrella Rank: 3773 www.google.com — Cisco Umbrella Rank: 10	48 B
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	519 KB
4	linkedin.com 1 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 669 px4.ads.linkedin.com — Cisco Umbrella Rank: 7330	2 KB
3	google.it www.google.it — Cisco Umbrella Rank: 16796	670 B
3	doubleclick.net 2 redirects stats.g.doubleclick.net — Cisco Umbrella Rank: 252 googleads.g.doubleclick.net — Cisco Umbrella Rank: 77	302 B
3	hubspotusercontent-na1.net 5058330.fs1.hubspotusercontent-na1.net	215 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 108	3 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 236	74 KB
2	transifex.net telemetry.svc.transifex.net — Cisco Umbrella Rank: 119194 live-detector.svc.transifex.net — Cisco Umbrella Rank: 110563	406 B
2	googleadservices.com 1 redirects www.googleadservices.com — Cisco Umbrella Rank: 176	2 KB
2	hsforms.com forms-na1.hsforms.com — Cisco Umbrella Rank: 15115	1 KB
2	transifex.com cdn.transifex.com — Cisco Umbrella Rank: 127020	27 KB
1	bing.com bat.bing.com — Cisco Umbrella Rank: 534	14 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1884	14 KB
1	hubapi.com api.hubapi.com — Cisco Umbrella Rank: 7580	1 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 5067	26 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 5135	25 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 7189	4 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 1019	308 B
1	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 12087	5 KB
108	23

	Domain	Requested by
21	www.kandji.io	www.kandji.io cdn2.hubspot.net
14	blog.kandji.io	www.kandji.io
11	cdn.cookielaw.org	www.kandji.io cdn.cookielaw.org
8	track.hubspot.com
7	obs.sd22326.kandji.io	ob.sd22326.kandji.io www.kandji.io
5	www.googletagmanager.com	www.kandji.io www.googletagmanager.com js.hsadspixel.net
4	region1.analytics.google.com	www.googletagmanager.com
3	px.ads.linkedin.com	1 redirects snap.licdn.com
3	www.google.it	www.kandji.io
3	5058330.fs1.hubspotusercontent-na1.net	blog.kandji.io
3	no-cache.hubspot.com	www.kandji.io
2	www.facebook.com
2	connect.facebook.net	js.hsadspixel.net connect.facebook.net
2	forms-na1.hubspot.com	www.kandji.io
2	www.google.com	2 redirects
2	googleads.g.doubleclick.net	2 redirects
2	www.googleadservices.com	1 redirects www.googletagmanager.com
2	forms-na1.hsforms.com	www.kandji.io
2	cdn.transifex.com	www.googletagmanager.com cdn.transifex.com
1	bat.bing.com	www.googletagmanager.com
1	live-detector.svc.transifex.net	cdn.transifex.com
1	telemetry.svc.transifex.net	cdn.transifex.com
1	px4.ads.linkedin.com	www.kandji.io
1	snap.licdn.com	js.hsadspixel.net
1	api.hubapi.com	js.hsadspixel.net
1	stats.g.doubleclick.net	www.googletagmanager.com
1	app.hubspot.com	www.kandji.io
1	js.hs-banner.com	www.kandji.io
1	js.hs-analytics.net	www.kandji.io
1	js.hsadspixel.net	www.kandji.io
1	geolocation.onetrust.com	cdn.cookielaw.org
1	static.hsappstatic.net	www.kandji.io
1	ob.sd22326.kandji.io	www.kandji.io
108	33

This site contains links to these domains. Also see Links.

Domain
support.kandji.io
status.kandji.io
kandji-partner.workramp.io
x.com
hunt.io
en.wikipedia.org
cta-redirect.hubspot.com
developer.apple.com
eclecticlight.co
binary.ninja
www.aicpa.org
twitter.com
www.facebook.com
www.linkedin.com
www.onetrust.com

Subject Issuer	Validity	Valid
kandji.io E6	`2024-08-01` - `2024-10-30`	3 months	crt.sh
*.sd22326.kandji.io Amazon RSA 2048 M03	`2024-05-22` - `2025-06-20`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2024-03-01` - `2024-12-31`	10 months	crt.sh
blog.kandji.io E6	`2024-07-07` - `2024-10-05`	3 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2024-01-06` - `2024-12-31`	a year	crt.sh
hsappstatic.net E5	`2024-07-06` - `2024-10-04`	3 months	crt.sh
*.google-analytics.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
hubspotusercontent-na1.net Cloudflare Inc ECC CA-3	`2023-12-26` - `2024-12-25`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh
cdn.transifex.com Amazon RSA 2048 M03	`2023-10-11` - `2024-11-08`	a year	crt.sh
hsadspixel.net WE1	`2024-08-12` - `2024-11-10`	3 months	crt.sh
hs-analytics.net WE1	`2024-08-09` - `2024-11-07`	3 months	crt.sh
hs-banner.com WE1	`2024-07-27` - `2024-10-25`	3 months	crt.sh
hsforms.com WE1	`2024-06-14` - `2024-09-12`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.google.it WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
hubapi.com E6	`2024-07-02` - `2024-09-30`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
*.googleadservices.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-07-01` - `2025-01-01`	6 months	crt.sh
svc.transifex.net Amazon RSA 2048 M02	`2024-06-24` - `2025-07-22`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-05-21` - `2024-08-19`	3 months	crt.sh
www.bing.com Microsoft Azure RSA TLS Issuing CA 04	`2024-06-19` - `2024-12-16`	6 months	crt.sh

This page contains 1 frames:

Primary Page: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
Frame ID: A2050FE4D5835C07E0D0972402A19F54
Requests: 107 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

InfoStealer Uses SwiftUI, OpenDirectory API to Capture Passwords

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

Page Statistics

108
Requests

95 %
HTTPS

70 %
IPv6

23
Domains

33
Subdomains

32
IPs

5
Countries

2233 kB
Transfer

5316 kB
Size

23
Cookies

19 Outgoing links

These are links going to different origins than the main page.

URL: https://support.kandji.io/
Title: Customer Support

Search URL Search Domain Scan URL

URL: https://status.kandji.io/
Title: Kandji Status

Search URL Search Domain Scan URL

URL: https://kandji-partner.workramp.io/login
Title: Partner Portal

Search URL Search Domain Scan URL

URL: https://x.com/4n6bexaminer?lang=en
Title: @4n6Bexaminer

Search URL Search Domain Scan URL

URL: https://x.com/4n6Bexaminer/status/1817871971893551538
Title: a new macOS stealer

Search URL Search Domain Scan URL

URL: https://x.com/Huntio?lang=en
Title: Hunt.io

Search URL Search Domain Scan URL

URL: https://hunt.io/blog/macos-malware-impersonates-the-unarchiver-app-to-steal-user-data
Title: a blog post

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Dropper_(malware)
Title: dropper

Search URL Search Domain Scan URL

URL: https://cta-redirect.hubspot.com/cta/redirect/5058330/8bed3482-30c4-4ee2-85a9-6f0e2149b55c?__hstc=234561729.fe8cd950be4eb03ea6fb57d683418074.1723469173681.1723469173681.1723469173681.1&__hssc=234561729.1.1723469173681&__hsfp=872352201
Title: Get Started

Search URL Search Domain Scan URL

URL: https://cta-redirect.hubspot.com/cta/redirect/5058330/8b112eca-371f-41dd-bc10-130711c6d648?__hstc=234561729.fe8cd950be4eb03ea6fb57d683418074.1723469173681.1723469173681.1723469173681.1&__hssc=234561729.1.1723469173681&__hsfp=872352201
Title: Contact Us

Search URL Search Domain Scan URL

URL: https://developer.apple.com/documentation/swiftui/state
Title: State

Search URL Search Domain Scan URL

URL: https://eclecticlight.co/2021/12/25/explainer-open-directory/
Title: Open Directory

Search URL Search Domain Scan URL

URL: https://binary.ninja/
Title: Binary Ninja

Search URL Search Domain Scan URL

URL: https://www.aicpa.org/soc4so
Title: Logo for AICPA SOC for Service Organizations

Search URL Search Domain Scan URL

URL: https://twitter.com/KandjiMDM
Title: Link to Kandji's Twitter

Search URL Search Domain Scan URL

URL: https://www.facebook.com/kandjimdm
Title: Link to Kandji's Facebook

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/kandji/
Title: Link to Kandji's LinkedIn

Search URL Search Domain Scan URL

URL: https://support.kandji.io/support/home
Title: Customer Support

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 54

https://www.googleadservices.com/pagead/conversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0 HTTP 302
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0&ct_cookie_present=false&random=1702964028&crd=CKG4sQIIscGxAgiwwbECCLnBsQI&pscrd=IhMIs6SF_sbvhwMVT_QRCB30pQBtMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOllodHRwczovL3d3dy5rYW5kamkuaW8vYmxvZy9pbmZvc3RlYWxlci1zd2lmdHVpLW9wZW5kaXJlY3RvcnktYXBpLWNhcHR1cmUtdmVyaWZ5LXBhc3N3b3Jkcw HTTP 302
https://www.google.com/pagead/1p-conversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0&ct_cookie_present=false&random=1702964028&crd=CKG4sQIIscGxAgiwwbECCLnBsQI&pscrd=IhMIs6SF_sbvhwMVT_QRCB30pQBtMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOllodHRwczovL3d3dy5rYW5kamkuaW8vYmxvZy9pbmZvc3RlYWxlci1zd2lmdHVpLW9wZW5kaXJlY3RvcnktYXBpLWNhcHR1cmUtdmVyaWZ5LXBhc3N3b3Jkcw&is_vtc=1&cid=CAQSGwDpaXnfonx59e8yeloPRdBc_LW8R0K1W3W_OA&random=3749243172 HTTP 302
https://www.google.it/pagead/1p-conversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0&ct_cookie_present=false&random=1702964028&crd=CKG4sQIIscGxAgiwwbECCLnBsQI&pscrd=IhMIs6SF_sbvhwMVT_QRCB30pQBtMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOllodHRwczovL3d3dy5rYW5kamkuaW8vYmxvZy9pbmZvc3RlYWxlci1zd2lmdHVpLW9wZW5kaXJlY3RvcnktYXBpLWNhcHR1cmUtdmVyaWZ5LXBhc3N3b3Jkcw&is_vtc=1&cid=CAQSGwDpaXnfonx59e8yeloPRdBc_LW8R0K1W3W_OA&random=3749243172&ipr=y

Request Chain 67

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1329610&time=1723469172037&url=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1329610&time=1723469172037&url=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&e_ipv6=AQI8_xjkWjlFfQAAAZFGxI_mP8uB_BYq7ok67Zfg0ZSWt0aJqbbPu2teWq6QDCIy-b-BUg

Request Chain 68

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/781421631/?random=1429280302&cv=11&fst=1723469171905&bg=ffffff&guid=ON&async=1&gtm=45be4880v885711243za200zb810153545&gcd=13l3l3l2l1&dma_cps=syphamo&dma=1&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&label=1lluCKXMhqUZEL-YzvQC&hn=www.googleadservices.com&frm=0&tiba=InfoStealer%20Uses%20SwiftUI%2C%20OpenDirectory%20API%20to%20Capture%20Passwords&did=dYWJhMj&gdid=dYWJhMj&gtm_ee=1&npa=1&pscdl=noapi&auid=46847401.1723469170&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fdr=SA&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CKG4sQIIscGxAgiwwbECCLnBsQJKLGV2ZW50LXNvdXJjZSwgdHJpZ2dlciwgbm90LW5hdmlnYXRpb24tc291cmNlWgMKAQFiBAoCAgM&pscrd=IhMI3s-Y_sbvhwMV3-QRCB1aYgR1MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOllodHRwczovL3d3dy5rYW5kamkuaW8vYmxvZy9pbmZvc3RlYWxlci1zd2lmdHVpLW9wZW5kaXJlY3RvcnktYXBpLWNhcHR1cmUtdmVyaWZ5LXBhc3N3b3Jkcw HTTP 302
https://www.google.com/pagead/1p-conversion/781421631/?random=1429280302&cv=11&fst=1723469171905&bg=ffffff&guid=ON&async=1&gtm=45be4880v885711243za200zb810153545&gcd=13l3l3l2l1&dma_cps=syphamo&dma=1&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&label=1lluCKXMhqUZEL-YzvQC&hn=www.googleadservices.com&frm=0&tiba=InfoStealer%20Uses%20SwiftUI%2C%20OpenDirectory%20API%20to%20Capture%20Passwords&did=dYWJhMj&gdid=dYWJhMj&gtm_ee=1&npa=1&pscdl=noapi&auid=46847401.1723469170&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fdr=SA&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CKG4sQIIscGxAgiwwbECCLnBsQJKLGV2ZW50LXNvdXJjZSwgdHJpZ2dlciwgbm90LW5hdmlnYXRpb24tc291cmNlWgMKAQFiBAoCAgM&pscrd=IhMI3s-Y_sbvhwMV3-QRCB1aYgR1MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOllodHRwczovL3d3dy5rYW5kamkuaW8vYmxvZy9pbmZvc3RlYWxlci1zd2lmdHVpLW9wZW5kaXJlY3RvcnktYXBpLWNhcHR1cmUtdmVyaWZ5LXBhc3N3b3Jkcw&is_vtc=1&cid=CAQSKQDpaXnfpjBoOYN3E7ujrIHOXzo1HBLVnZTp1iBJVnLebwl1bh1azdBU&random=813704511 HTTP 302
https://www.google.it/pagead/1p-conversion/781421631/?random=1429280302&cv=11&fst=1723469171905&bg=ffffff&guid=ON&async=1&gtm=45be4880v885711243za200zb810153545&gcd=13l3l3l2l1&dma_cps=syphamo&dma=1&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&label=1lluCKXMhqUZEL-YzvQC&hn=www.googleadservices.com&frm=0&tiba=InfoStealer%20Uses%20SwiftUI%2C%20OpenDirectory%20API%20to%20Capture%20Passwords&did=dYWJhMj&gdid=dYWJhMj&gtm_ee=1&npa=1&pscdl=noapi&auid=46847401.1723469170&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fdr=SA&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CKG4sQIIscGxAgiwwbECCLnBsQJKLGV2ZW50LXNvdXJjZSwgdHJpZ2dlciwgbm90LW5hdmlnYXRpb24tc291cmNlWgMKAQFiBAoCAgM&pscrd=IhMI3s-Y_sbvhwMV3-QRCB1aYgR1MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOllodHRwczovL3d3dy5rYW5kamkuaW8vYmxvZy9pbmZvc3RlYWxlci1zd2lmdHVpLW9wZW5kaXJlY3RvcnktYXBpLWNhcHR1cmUtdmVyaWZ5LXBhc3N3b3Jkcw&is_vtc=1&cid=CAQSKQDpaXnfpjBoOYN3E7ujrIHOXzo1HBLVnZTp1iBJVnLebwl1bh1azdBU&random=813704511&ipr=y

108 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request infostealer-swiftui-opendirectory-api-capture-verify-passwords Show response
www.kandji.io/blog/ 230 KB
40 KB 661ms
452ms Document
text/html 2a05:d014:275:cb00::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb00::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

0ffaf551d9e378fbf00ce609ea2321d4b51e59a6ab8f723381e865bbe9a4aa1c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
age: 5204
alt-svc: h3=":443"; ma=86400
cache-control: s-maxage=7200,max-age=5
cache-status: "Netlify Edge"; fwd=stale
cache-tag: ct-163759176078,ct-165936097429,ct-170252059575,ct-175134870081,cg-5058330,cg-6850365017,p-5058330,cw-127157693999,cw-173071377937,cw-95831149845,cw-95982514497,cw-95984958073,cw-96856054340,e-95659790937,e-95659796768,e-95659796773,e-95660243592,e-95660429163,e-95663097226,ra-150720214182,ra-95688192170,ra-96550832786,pgs-all,sw-3,b-6850365017,gc-118553034663
cf-cache-status: HIT
cf-ray: 8b20cb97b8f89bec-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html;charset=utf-8
date: Mon, 12 Aug 2024 13:26:07 GMT
edge-cache-tag: CT-163759176078,CT-165936097429,CT-170252059575,CT-175134870081,CG-5058330,CG-6850365017,P-5058330,CW-127157693999,CW-173071377937,CW-95831149845,CW-95982514497,CW-95984958073,CW-96856054340,E-95659790937,E-95659796768,E-95659796773,E-95660243592,E-95660429163,E-95663097226,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-118553034663
last-modified: Mon, 12 Aug 2024 11:50:37 GMT
link: </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
netlify-vary: query
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DNRmzr1XzjRJcuIkKEqmpHhU2Xq%2BvPSMVBFNlVk1T%2BPWoWN08lWQ3t82Uw%2FElLtX07rrWgmvljHKz6vItp8KLSbdNYglxUJck3WoT0SqXIiSTmbV6qauMq22xVfiBgyJ"}],"group":"cf-nel","max_age":604800}
server: Netlify
strict-transport-security: max-age=31536000
vary: origin,Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 194
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/cms-30-39-td/envoy-proxy-69c59d5485-9qtzh
x-evy-trace-virtual-host: all
x-hs-cache-config: BrowserCache-5s-EdgeCache-7200s
x-hs-content-id: 175134870081
x-hs-hub-id: 5058330
x-hubspot-correlation-id: e3f6088e-3a97-4d27-93a5-69df36e5f04f
x-nf-request-id: 01J53C8YETSTFNYCR8FZSE8J5Z
x-request-id: e3f6088e-3a97-4d27-93a5-69df36e5f04f

GET
H2 200 project.js Show response
www.kandji.io/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 93ms
82ms Script
application/javascript 2a05:d014:275:cb00::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.kandji.io/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb00::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J53C8YXZYFDN0RB46YQJP23A
content-security-policy: upgrade-insecure-requests
content-encoding: br
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
date: Mon, 12 Aug 2024 13:26:07 GMT
age: 13125193
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
strict-transport-security: max-age=31536000
x-cache: Hit from cloudfront
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
content-length: 520
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
netlify-vary: query
server: Netlify
cache-status: "Netlify Edge"; hit
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F%2BIJ8aMkaM02hTWMtzOGtp7gvT6%2Bai08ejaBagB7RhkcbBD2WojjeGUIvAQ8ZBkgPne4nr1K1mjXmIDGis5QxR3W2A3ScAEu2pi6KeoIbqVN2POBzBRD6Hlji3b50nnj"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public,max-age=31536000
cf-ray: 8b1b7723cb0d2c3a-FRA
x-amz-cf-id: vMxH2clCDRRjd7emHmifSLXhLc2TFOGFc0VsUqlcTSiVQmWY_1aUGQ==
expires: Mon, 11 Aug 2025 21:54:39 GMT

GET
H2 200 v2.js Show response
www.kandji.io/_hcms/forms/ 483 KB
161 KB 110ms
109ms Script
application/javascript 2a05:d014:275:cb00::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.kandji.io/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb00::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

dfdf1af1a230e3ee08968606c4322f5a9c51a5a6bf341687fedac60716c9ddab

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 119
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5781/bundles/project-v2.js&cfRay=8af7a668726e5b8c-ARN
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
netlify-vary: query
cache-status: "Netlify Edge"; fwd=stale
etag: W/"07033d485ccfcdda144e7a4173dbc0bc"
vary: accept-encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600,max-age=300
x-hs-target-asset: forms-embed/static-1.5781/bundles/project-v2.js
x-nf-request-id: 01J53C8YXZF408WRRMSMYQNEWD
date: Mon, 12 Aug 2024 13:26:07 GMT
via: 1.1 f57a09c5455a80253c61001d750462e6.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 3f4beb6d-dfde-4e48-bda3-332056300892
x-amz-version-id: __TkXxzKt.v8sm6CVT1EUR2QdTtEmM_4
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 3f4beb6d-dfde-4e48-bda3-332056300892
last-modified: Wed, 07 Aug 2024 13:25:19 UTC
server: Netlify
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JyOeqp967zw%2B%2B8FRKz1BFNFikS%2FCVkijUdNIWPirq1UxfLULIRJFmUmpfeFVJKasMJHX%2FENLmOrzZOwqpSmETXT%2FuaJpRkgwTgfY57DhRoFtB91GCBcN4bbeVXcBWlch"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-5f4dcb8bc8-sw27x
cf-ray: 8b20cb993b239bec-FRA
x-amz-cf-id: GHduPZg1Rnev-i91bn-hQxVpVnCAQNGrwyCSmk_bX9hA-fJzXtrLBg==

GET
H2 200 130ddaec76c305292f6ec30ebef2d5ce.js Show response
ob.sd22326.kandji.io/i/ 107 KB
39 KB 377ms
73ms Script
text/javascript 2600:9000:218f:ec00:1f:2c1a:3d80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ob.sd22326.kandji.io/i/130ddaec76c305292f6ec30ebef2d5ce.js
Requested by: Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:218f:ec00:1f:2c1a:3d80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Caddy /
Resource Hash: a6fa74f67d9300f0111921cb7fdc61964e4494b3186e811aae35be69b1c43fcc

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 08:46:35 GMT
content-encoding: gzip
via: 1.1 05ad9acef0768042c9e1e6aa1757dea6.cloudfront.net (CloudFront)
server: Caddy
x-amz-cf-pop: CDG52-P2
age: 17184
etag: "1ab22-FpVVfZmGRdlJXQKterdegZbJRms"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
cache-control: max-age=43200
content-length: 39993
x-amz-cf-id: BdmNDPc8FFkLnrYs-mupt45mEZ8WJSSkkDDvFrZ6PP5vWNpYXGqd3Q==
expires: Mon, 12 Aug 2024 20:39:44 GMT

GET
H2 200 OtAutoBlock.js Show response
cdn.cookielaw.org/consent/52104b08-403c-474b-8e63-8560d38d0080/ 465 KB
42 KB 416ms
73ms Script
application/x-javascript 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/52104b08-403c-474b-8e63-8560d38d0080/OtAutoBlock.js

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

41560fb9f544570224386cfef6e486c95987af9e24bd75e3909525860d32bd0b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 12 Aug 2024 13:26:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 56862
content-md5: CCDpYOOdIMMzYl2taeRKGw==
content-length: 43003
x-ms-lease-status: unlocked
last-modified: Mon, 05 Aug 2024 17:51:21 GMT
server: cloudflare
etag: 0x8DCB577377BC218
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 8beb3899-601e-0053-1960-e78f85000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b20cb9b5b4c59a1-MXP
expires: Tue, 13 Aug 2024 13:26:07 GMT

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 388ms
45ms Script
application/javascript 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1505aa0792421f831935f4761a95f31462a3dd097c8bd00ad8e9c765c8065517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 12 Aug 2024 13:26:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Wbr2pAeg61Hfi+2FuD0cYA==
age: 67941
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6882
x-ms-lease-status: unlocked
last-modified: Thu, 08 Aug 2024 20:27:00 GMT
server: cloudflare
etag: 0x8DCB7E874D2EB3B
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: fc958ea1-c01e-0099-508c-ea1c48000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b20cb9b5b4759a1-MXP
expires: Sun, 11 Aug 2024 18:33:45 GMT

GET
H3 200 kandji.min.css
blog.kandji.io/hs-fs/hub/5058330/hub_generated/template_assets/95659790937/1721430659152/Kandji_December2022/css/ 79 KB
19 KB 476ms
133ms Stylesheet
text/css 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.kandji.io/hs-fs/hub/5058330/hub_generated/template_assets/95659790937/1721430659152/Kandji_December2022/css/kandji.min.css

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a8a0917484a44f32efeaf309716ef0bcefc78e4d566b5e2aa410ed7642aa447a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: gzip
x-amz-request-id: K6EQAJNPX85YHZFF
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"14224cfb65a63fc57416195983cea7ea"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1721430660316
content-type: text/css
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 12 Aug 2024 13:26:07 GMT
via: 1.1 6b7e1e42d74fd61097787cc6c1a37c34.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-amz-version-id: ncoYEuEWsiZ6ov9vVA7uRrKdeXIMFttz
x-cache: Miss from cloudfront
x-hubspot-correlation-id: ca6f3dc6-d60c-416b-ab32-0a952ed7288d
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 172
alt-svc: h3=":443"; ma=86400
x-amz-id-2: 3wIG+btattzfb/72Is9ekn3XYV+zocKgMX8pnFXIK2VCsbNA2d3mfvU9P52pWTmiLt1fEK+29ms=
x-evy-trace-route-configuration: listener_https/all
x-request-id: ca6f3dc6-d60c-416b-ab32-0a952ed7288d
last-modified: Fri, 19 Jul 2024 23:11:01 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GE7nCAys2kgu95YUj4%2F0JriK1WjRY4H%2B7W1dBc2yGbn%2FehXOrlBhd%2FEFSSSesTnpC%2BQ3ERC%2FwZabD2XhwQ7XF7G7R4DEzcG2153fglUjkrL5%2BcUokHhxD7KQ4ao83VXO"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-54bddf99d6-4fh2w
access-control-allow-credentials: false
cf-ray: 8b20cb9b481b3757-MXP
timing-allow-origin: blog.kandji.io
x-amz-cf-id: domSCqVeaM0vBFpU1a7CIp0gAYvQZ1STvcVRDGOlLaOtsaHksd00hA==

GET
H3 200 MartinG.jpeg
blog.kandji.io/hubfs/assets/images/menu/ 2 KB
4 KB 135ms
135ms Image
image/webp 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.kandji.io/hubfs/assets/images/menu/MartinG.jpeg

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

205467c25df4fd04b557594853d8655ffe2820eb748188e36c021f39b2d1c43e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-170245084571,FD-170243638182,P-5058330,FLS-ALL
age: 789974
x-amz-request-id: 472T69JY4RV9M6R8
x-amz-server-side-encryption: AES256
edge-cache-tag: F-170245084571,FD-170243638182,P-5058330,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="MartinG.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag: public-indexable
cf-bgj: imgq:85,h2pri
etag: "e2962d6e7e282b9bdb7a449d19c67235"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1718228028993
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 12 Aug 2024 13:26:08 GMT
strict-transport-security: max-age=31536000
via: 1.1 335b5d7a095dc0c2b19883021de7870e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: S2aE0pweH0H37Jf8ZVnzVUro1MTUkNrF
x-amz-cf-pop: MXP64-C2
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=3749
x-cache: Miss from cloudfront
cache-tag: F-170245084571,FD-170243638182,P-5058330,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 2458
x-amz-id-2: wcwV85mjZC2M1r+ZcEbkgx6fOCSbfhFZmOqqM+ROHJWGRgDz2nRidu0h/6PfzMrC5Ye5T4MrIo0=
last-modified: Wed, 12 Jun 2024 21:33:50 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vfcuXzv4jJo0gautsyE283OOPe2pSfD9tmHf8t3SKzRD4xGS5K7%2Bv0yMuME29LycT1KD1CCSCCEGXSoCmGyIfrKZT%2F6fBfMWcXZVHpLyjApYoKOmQ0yb83qZWLQb2Wor"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8b20cb9b886a3757-MXP
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: ojVxla8uKXqfBtnB7kmdJrrqdyb4r2iQgPPB2spUKUAMZEAgCgEUBA==

GET
H3 200 NicholasMercurio.jpeg
blog.kandji.io/hubfs/assets/images/menu/ 874 B
3 KB 74ms
74ms Image
image/webp 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.kandji.io/hubfs/assets/images/menu/NicholasMercurio.jpeg

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

79304394d6072a94fd3ed0046af77fc4121292fbabbdc0af668278a83441daaa

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-170243040874,FD-170243638182,P-5058330,FLS-ALL
age: 2471072
x-amz-request-id: 539W6FRFKY0AB7G5
x-amz-server-side-encryption: AES256
edge-cache-tag: F-170243040874,FD-170243638182,P-5058330,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="NicholasMercurio.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag: public-indexable
cf-bgj: imgq:85,h2pri
etag: "4947c8821b4e99f3cc8f79a0388081e1"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1718228029007
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 12 Aug 2024 13:26:07 GMT
strict-transport-security: max-age=31536000
via: 1.1 71d15e4317f9ba4644f6c17f42ef94c8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Hf.zxcRgm6cKGpfBjW_Cr5ka2Q7iY96i
x-amz-cf-pop: MXP64-C2
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=1559
x-cache: RefreshHit from cloudfront
cache-tag: F-170243040874,FD-170243638182,P-5058330,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 874
x-amz-id-2: ndF74b9p5ehhGu1BG/lCMEFEI1PiNnCWoAYsEqOgHtFvrNmdwNT+5a36oRlSS9SrVfUpJAzxliA=
last-modified: Wed, 12 Jun 2024 21:33:50 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ef5SEaLrTsMRxWuJQlAQ6QpSEtpF%2BsBqUSgyOfp4U4%2FTYhcfAso8Va6k1GCqec%2FuNNr98merx339mMon6MnfS1w7uMe%2FFul6cHpFUr%2BuJNUc%2FSMXAnkCbo7LYDWB%2B4j6"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8b20cb9b886d3757-MXP
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: nq9gk3dMnL6-6HGl5HRbzA7y_9Dpa8JHG9-ZSvOO_3wsuWesmTRzdg==

GET
H3 200 WilsonHo.png
blog.kandji.io/hubfs/assets/images/menu/ 16 KB
17 KB 169ms
168ms Image
image/webp 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.kandji.io/hubfs/assets/images/menu/WilsonHo.png

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

665b2c882184537ff5883112d3eb64c0f512105a5499b92932517cae65f5f4a5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-170245322133,FD-170243638182,P-5058330,FLS-ALL
age: 314580
x-amz-request-id: FH7TH7J2APCGZ93J
x-amz-server-side-encryption: AES256
edge-cache-tag: F-170245322133,FD-170243638182,P-5058330,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="WilsonHo.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag: public-indexable
cf-bgj: imgq:85,h2pri
etag: "c59c8fb4c17785fe1d26b064c6794bbc"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1718228029017
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 12 Aug 2024 13:26:08 GMT
strict-transport-security: max-age=31536000
via: 1.1 46f3c2e92915bc1f81dadef931ddfe6a.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: qjwYA9v7Os7nco8hTx78yHx2lc8mU8MK
x-amz-cf-pop: IST50-P3
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=23285
x-cache: Miss from cloudfront
cache-tag: F-170245322133,FD-170243638182,P-5058330,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 16094
x-amz-id-2: nS19OdC0KntT+kYhm7gJQllbgI8nQvGQht5FQmdXCcO5IFafcOowX7bMwYkCSTyuNdbzbYRri0jDTZ7v7TLIQMsMavA/JfzM
last-modified: Wed, 12 Jun 2024 21:33:50 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YeJMKHx3b3q8ckVUKQq%2Fa3MAXsvP7kscaHdr8uQJ1cApZ8GlWvESMgEH4w0L7Vcwp%2BxdMxc2ZJlPRdxv1%2BLp9FLLAqyF655%2BJbyjxVA%2FnfAhNv3BH0nxy9V2Z9y4%2BRBJ"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8b20cb9c499d3757-MXP
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: wDNxmNLb638aLJsIh0JPfzlQpDcCtD5bTIYPL3M3tVppdKovQ0IMDg==

GET
H3 200 2024.08.08%20unarchiver.png
blog.kandji.io/hs-fs/hubfs/ 7 KB
8 KB 170ms
168ms Image
image/webp 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.kandji.io/hs-fs/hubfs/2024.08.08%20unarchiver.png?width=672&height=347&name=2024.08.08%20unarchiver.png

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fc315e175d7ed23c13e14e50b11de78b2d7384508b829de0463cfa7ca1d87e34

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 13:26:08 GMT
strict-transport-security: max-age=31536000
via: 1.1 20f1bd00b8898dc48034147896cabd74.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-175139649551,P-5058330,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 7562
cf-resized: internal=ok/m q=0 n=803+60 c=15+44 v=2024.8.0 l=7562 f=false
last-modified: Wed, 07 Aug 2024 20:26:36 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfEI6Oa8X8VP-74g65kkzhGzQtKVkZo0foeZqls5VvDQ:4b0cb550948bc49030e66c4653e63422"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vSfZ7uHAaw1Go37r8du%2FMJXhhBTBnghpD3tL%2BN82ymO66Vvsj%2FwfYe5trjQqDap%2F2J7dK2znfsWmCONx9u%2FJLdpaboAh6aKcHLj3QA8pyDVueR3g9%2F6BeGQLoZnj58gj"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8b20cb9c499f3757-MXP
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 Christopher%20Lopez%20headshot.jpg
blog.kandji.io/hs-fs/hubfs/ 2 KB
2 KB 106ms
105ms Image
image/webp 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.kandji.io/hs-fs/hubfs/Christopher%20Lopez%20headshot.jpg?width=80&height=80&name=Christopher%20Lopez%20headshot.jpg

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

3c3e84c3bc231b0a0a4607ed7ec687abcb5a1f463868b4027fbfcdbed1e89570

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 13:26:08 GMT
strict-transport-security: max-age=31536000
via: 1.1 44b1d22f682d32d0090eb52e3626b174.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-160465126683,P-5058330,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 1648
cf-resized: internal=ok/m q=0 n=843+5 c=3+2 v=2024.8.0 l=1648 f=false
last-modified: Tue, 12 Mar 2024 18:34:25 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfuMqfN6mG9KkxcDoszX32KRodO7f-n0uC5YAbC82nDQ:8de97a95f4ad9854e8adf16bb39f2229"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B%2BXOZOx1BCW3QijTsTvb8tzSHC1%2FULMB2pynWM29WOSoziWbtOYzDBzaQ0LKrrTC9yxat6FfOSpHY2VpHjimJIW1YWstStaXPTkxXmICbxRmh7m4vI1D7%2FMysiwIp%2Fjc"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8b20cb9c49a23757-MXP
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H2 200 8bed3482-30c4-4ee2-85a9-6f0e2149b55c.png
no-cache.hubspot.com/cta/default/5058330/ 3 KB
4 KB 461ms
335ms Image
image/png 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/5058330/8bed3482-30c4-4ee2-85a9-6f0e2149b55c.png

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0cbce549725f60081e0fa2fe88e3b0ca6d49d67587092574f420789570c94b58

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 13:26:08 GMT
x-amz-version-id: PWYtT7sCha4dswNEPrtiOQ9.HOYv6jfK
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: K36DAKKKZJ96EY4Y
x-amz-server-side-encryption: AES256
content-length: 3083
x-amz-id-2: EjNBM7vYWU9ZSpw5cTUFPMcQosfcI2VqV9HhRcg7i4n3tO+FzJlls5IAg5WzfSTELAq99VkXr3Q=
last-modified: Fri, 02 Jun 2023 18:05:22 GMT
server: cloudflare
etag: "5294c78a8cad06a748f869b759f28da1"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=YefBTUpAFQBPcwEI7jRtn2adWBjX%2Bn0s8tbwwtdyrMUgvcGB1lLqPD2bbWUX%2Bc1yuHD6osjSsvR9x8FI2AtpF1gIentGdSP5kAtKuChOHkabLJrI8W6dNtkZoUWNHJWtT2l1pzbZDSM1XlJMyicPLtPh"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 8b20cb9d1f685277-MXP

GET
H2 200 current.js Show response
www.kandji.io/hs/cta/cta/ 18 KB
8 KB 119ms
106ms Script
application/javascript 2a05:d014:275:cb00::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.kandji.io/hs/cta/cta/current.js

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb00::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

fc2b8b34b8e5c1f4feb8a7c35193c96ec52727dd918751def0e764b8abfb4182

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 68
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=cta-embed-js/static-1.302/bundles/current.js&cfRay=8b20c9f372ab3643-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
netlify-vary: query
cache-status: "Netlify Edge"; fwd=stale
etag: W/"2b8b0fdd5605ef5991d212803946c40e"
vary: accept-encoding
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: cta-embed-js/static-1.302/bundles/current.js
x-nf-request-id: 01J53C8ZDFWWZADWH0E0M2QF18
date: Mon, 12 Aug 2024 13:26:08 GMT
via: 1.1 36b04143ac1626bb30bb225fb2cccb1e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 8bfa149e-44dd-4c9e-a7c2-5efc91ffa4ab
x-amz-version-id: ri_IjUIhUsqIzBG3WGIBZRLvLnHeLPpf
x-cache: Hit from cloudfront
cache-tag: staticjsapp-ctaembed-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 0
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 8bfa149e-44dd-4c9e-a7c2-5efc91ffa4ab
last-modified: Mon, 15 Jul 2024 12:53:47 UTC
server: Netlify
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fMdlKW%2BlxAW%2BOUcKcLoSzEzkZZL09s3MPMjF3r06BfFDvN1i70QWUQEGQYlPQHF9tGCFbz7R3GBtKh6%2Fc3v6ECauBroztzz19ytq0qO0jFWDL46YjRYGpcA%2BbzJ4ATuE"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-5f4dcb8bc8-dqn98
cf-ray: 8b20cb9c58239bec-FRA
x-amz-cf-id: Xmpp42f5nguyvG5LDfxinGZZpiPHA6a5LzXXwNEgumKeaE_PCyjmpA==

GET
H2 200 f9cbd4ff-31c8-46b4-914b-33c838de1b34.png
no-cache.hubspot.com/cta/default/5058330/ 3 KB
4 KB 341ms
216ms Image
image/png 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/5058330/f9cbd4ff-31c8-46b4-914b-33c838de1b34.png

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

631a0d62a719038670e8f56cc868da1bb3542376d251a781c6545cae129e2d7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 13:26:08 GMT
x-amz-version-id: tTGyEO0tJlODKY_zmzUuuYcp.joigpwa
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: K368T5TA15YN0AJN
x-amz-server-side-encryption: AES256
content-length: 3266
x-amz-id-2: daj4ALndzLjVfvBCudfDiFh8f4wtTSmCpCDMyIvDG1aEfsWnfkPC8aDRRAzgUJJLxsVeSXTWgcM=
last-modified: Fri, 02 Jun 2023 18:06:17 GMT
server: cloudflare
etag: "842097bab8692619d1384bba926c1149"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LNces0X9EhvaKujodIOl8qq79WgzsKfREhH2wvetCVY6XDnN2yWTKqqKX%2BskRdDNafaeFCN0xk7%2Brii9IuVs%2Bc5o5qDAEjtLYu%2FVQr6qQbybV7YmTFQN8G9myRE0l%2FXney5WCk7dwxMr4aZHXw5Q6T8v"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 8b20cb9d1f6c5277-MXP

GET
H2 200 8b112eca-371f-41dd-bc10-130711c6d648.png
no-cache.hubspot.com/cta/default/5058330/ 1 KB
2 KB 340ms
215ms Image
image/png 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://no-cache.hubspot.com/cta/default/5058330/8b112eca-371f-41dd-bc10-130711c6d648.png

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

047ad7989bc75b72ad38301072330f4109f8225a4e34bdde8bfa790edd0d5a0e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 13:26:08 GMT
x-amz-version-id: f4WGBHOQ..wkPV9PgAGbh2HG2CnWNNPy
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-request-id: K368C3KWDDK2N00Z
x-amz-server-side-encryption: AES256
content-length: 1286
x-amz-id-2: UvNjQvksWuQC9alYl/Ww8yMlxWwd9zXTrEmZMSXaRUFag8AzAj8JZme+0hbwNnvrUpco6FWN+ZA=
last-modified: Fri, 08 Mar 2024 22:19:12 GMT
server: cloudflare
etag: "179d670d165cfa6f65deb404cccd7d89"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0iWNjyAJyjRyMvWc3Ar%2BC29%2FTJigkxxJAX48MKZqFul8QCsJedKufIIKCVOIM3lEQCaHxi1kDDIDn0lsWmkrRQrQuM%2F%2FcpIa1vGmLMg67Huvv1h%2Bm2Jc683v12WCQevWjoSvF%2B5%2BkOE6e1hFi0J9jLDV"}],"group":"cf-nel","max_age":604800}
content-type: image/png
cache-control: no-cache, no-store
accept-ranges: bytes
cf-ray: 8b20cb9d1f6a5277-MXP

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.971/ 13 KB
5 KB 190ms
66ms Script
application/javascript 2606:4700::6811:af5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.971/embed.js

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:af5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98dfeb1d061e8788b320a130a84723813efed0b2518921f30b40cc8a09bf8ecf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 13:26:08 GMT
x-amz-version-id: 1gm1MaaLzWiIBc2FerIVtLdckhSMSaY7
content-encoding: gzip
cf-cache-status: HIT
via: 1.1 1457b830deed1c2472ac9d931556584a.cloudfront.net (CloudFront)
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: MXP63-P3
age: 1022124
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Wed, 05 Jun 2024 15:05:39 GMT
server: cloudflare
etag: W/"26c40482b55a607cd44486a2958741d4"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=difVfmIKhcrbWHNfLZizp1nkQX2PKT3vFYXh1x%2B1Pr62s8WVMfldcDLj93N5feHFN5W3RRJ%2BwpvDdg98l8hhC2LgibnmvjH83dlnTKSb8P9LkU8tYE1wI1Qf7ud2iba66C5MWgmTrq%2Ft%2FDP5GsEgdEacy%2F0%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public, max-age=31536000
cf-ray: 8b20cb9d1be94c76-MXP
x-amz-cf-id: O-mQFma6eGdgUw3cS13hgzUsykr6oN1m0jh-7oHO8XnFmaQp6HKMXQ==
expires: Tue, 12 Aug 2025 13:26:08 GMT

GET
H3 200 kandji.min.js Show response
blog.kandji.io/hs-fs/hub/5058330/hub_generated/template_assets/95659796768/1722291948100/Kandji_December2022/js/ 104 KB
33 KB 106ms
104ms Script
application/javascript 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.kandji.io/hs-fs/hub/5058330/hub_generated/template_assets/95659796768/1722291948100/Kandji_December2022/js/kandji.min.js

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

4cbfbe7026b869618f12bd1d55bdd614f3c987b892d0daedcd8b9b34ea8ccfd7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 2234
x-amz-request-id: K6WM5JF1K1Z9K9RJ
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-evy-trace-listener: listener_https
etag: W/"e78197ed064f62b61c65e466d4e76eea"
vary: origin, Accept-Encoding
x-amz-meta-created-unix-time-millis: 1722291948948
content-type: application/javascript; charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 12 Aug 2024 13:26:08 GMT
strict-transport-security: max-age=31536000
via: 1.1 417c242b19212928b079740e6dd8f54c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: jjTvcRS6ldpgPmJWhOQ6e6cBDDihEyYl
x-amz-cf-pop: IAD89-C1
x-hs-alternate-content-type: text/plain
x-hubspot-correlation-id: bb230cd5-5893-4ea6-adbc-1b7046b29690
x-cache: Miss from cloudfront
x-amz-storage-class: INTELLIGENT_TIERING
x-envoy-upstream-service-time: 175
alt-svc: h3=":443"; ma=86400
x-amz-id-2: +8SUYvT1JJg6Q81mv7bOAsdeUBg8Lb0P1Bw60Vl4gqbRT578N7qYE3awro6CF4GWjki3LBih6l2yg8k2s/nXuKBase9sSdn3
x-evy-trace-route-configuration: listener_https/all
x-request-id: bb230cd5-5893-4ea6-adbc-1b7046b29690
last-modified: Mon, 29 Jul 2024 22:25:49 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=661twKvjZ6IzPvJcqrVM9PnmwEog0OlAOkSYyNbYmnZCbCKopCgn6pV6qHAl%2FfwpmnhOcZfv%2B3b335GTmMFHCkaKa2ev6BBms0OvWRFOsD1udkzCUv29PLJZUCsj0Fsd"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-54bddf99d6-kd26z
access-control-allow-credentials: false
cf-ray: 8b20cb9c49a13757-MXP
timing-allow-origin: blog.kandji.io
x-amz-cf-id: qFnwo02sFUiQt3IDSJWN7sFQ5j6awW92nErhLNqbHT5xgbpYypPYWA==

GET
H2 200 5058330.js Show response
www.kandji.io/hs/scriptloader/ 1 KB
1 KB 124ms
111ms Script
application/javascript 2a05:d014:275:cb00::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.kandji.io/hs/scriptloader/5058330.js

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb00::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

f984d8e40fd79ce447133169b8b15c1d28c3889efb13740ce9261033c63e2b74

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 12
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-listener: listener_https
cf-bgj: minify
netlify-vary: query
cache-status: "Netlify Edge"; fwd=stale
vary: origin,Accept-Encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://www.kandji.io
x-evy-trace-virtual-host: all
cache-control: public,max-age=90
expires: Mon, 12 Aug 2024 13:27:38 GMT
x-nf-request-id: 01J53C8ZDFP4J4Z76Z0N3QJGR3
date: Mon, 12 Aug 2024 13:26:08 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: bafd000c-9f49-46c7-9ceb-b25543a19833
cf-polished: origSize=1498
x-envoy-upstream-service-time: 4
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: bafd000c-9f49-46c7-9ceb-b25543a19833
last-modified: Mon, 12 Aug 2024 13:25:56 GMT
server: Netlify
access-control-max-age: 3600
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r0sV3bGl47FB7xrSSEJJ3Az1elWNcZTUueSdkuWCXimKKZOM3XTo6VCn3HpB6Gywx%2FzKL0%2Fts%2FfKbfg2g0Q98tf8utjaDs7wJcemTMkD4Ma1SJiWLnuxZFv3hD9MMFYv"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-85b74c4c74-ntfkp
access-control-allow-credentials: true
cf-ray: 8b20cb9c58269bec-FRA

GET
H2 200 index.js Show response
www.kandji.io/hs/hsstatic/HubspotToolsMenu/static-1.349/js/ 12 KB
5 KB 63ms
51ms Script
application/javascript 2a05:d014:275:cb00::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.kandji.io/hs/hsstatic/HubspotToolsMenu/static-1.349/js/index.js

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb00::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

b987245cc5d802ec15d04b1797d14a16f002aca05348c13f79d31ecedecad8ac

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J53C8ZDP4YCCYDF93TNBZTAP
content-security-policy: upgrade-insecure-requests
content-encoding: br
via: 1.1 fe3f25790bc50bc3d0e9d4585a26a248.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
date: Mon, 12 Aug 2024 13:26:08 GMT
age: 2305875
x-amz-cf-pop: LHR50-P6
x-amz-server-side-encryption: AES256
strict-transport-security: max-age=31536000
x-cache: Hit from cloudfront
x-amz-version-id: xQGlP28JK8czygjYT3ac5MmMcZh4SwPp
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
content-length: 4356
last-modified: Tue, 16 Jul 2024 20:51:48 GMT
netlify-vary: query
server: Netlify
cache-status: "Netlify Edge"; hit
etag: W/"804371e77c152132301ab9a09be49f93"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5GBzC7XbSsHRenbVpv%2FvR1br%2BN9y%2F79qK7zuchRx9saEn3iIPSWB6YBZf8W66f1ejpBXVwQfLIdGfVu42YiLTq4kZqJrB0AhwxBOs%2Fk49JEQUIFE05i13arFqQx366UT"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public,max-age=31536000
cf-ray: 8b1c74da682d1e58-FRA
x-amz-cf-id: oblp2cdpnaFkrH0rFz0hj0mu43CM2qjuZLI9TvbwOLCocbN9BV05hQ==
expires: Tue, 12 Aug 2025 00:47:51 GMT

GET
H2 200 52104b08-403c-474b-8e63-8560d38d0080.json Show response
cdn.cookielaw.org/consent/52104b08-403c-474b-8e63-8560d38d0080/ 4 KB
2 KB 161ms
78ms XHR
application/x-javascript 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/52104b08-403c-474b-8e63-8560d38d0080/52104b08-403c-474b-8e63-8560d38d0080.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5177c38d7548fe7349aab1febe3aec80106069e63f492e03207421ad4ec502aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 12 Aug 2024 13:26:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 77872
content-md5: QRC4bVRPJUJQggNGwf8g0g==
content-length: 1613
x-ms-lease-status: unlocked
last-modified: Mon, 05 Aug 2024 17:52:30 GMT
server: cloudflare
etag: 0x8DCB57760CC6E31
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: acea7ce8-c01e-00dd-0360-e7c024000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b20cb9cadbe0e4f-MXP
expires: Tue, 13 Aug 2024 13:26:08 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 357 KB
113 KB 206ms
82ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-T7GZQ3L

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

03d7f2a64350f576aaf0f3cdeb344a33d9021491a1830f61fcc9fef2ea3580c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 13:26:08 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 115200
x-xss-protection: 0
last-modified: Mon, 12 Aug 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 12 Aug 2024 13:26:08 GMT

GET
H2 200 PPNeueMontreal-Variable.ttf
5058330.fs1.hubspotusercontent-na1.net/hubfs/5058330/raw_assets/public/Kandji_December2022/fonts/ 190 KB
92 KB 492ms
222ms Font
font/ttf 2606:4700::6812:18bd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://5058330.fs1.hubspotusercontent-na1.net/hubfs/5058330/raw_assets/public/Kandji_December2022/fonts/PPNeueMontreal-Variable.ttf
Requested by: Host: blog.kandji.io
URL: https://blog.kandji.io/hs-fs/hub/5058330/hub_generated/template_assets/95659790937/1721430659152/Kandji_December2022/css/kandji.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:18bd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 910f74967a8d03e18bdd8b4a46a1573653c71d374e9823f2d416d9bd250b1ea6

Request headers

Referer: https://blog.kandji.io/
Origin: https://www.kandji.io
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-encoding: br
x-amz-meta-cache-tag: F-95662839379,FD-95664176134,P-5058330,FLS-ALL
age: 285539
x-amz-request-id: M8WZN0D2AYY21X70
x-amz-server-side-encryption: AES256
edge-cache-tag: F-95662839379,FD-95664176134,P-5058330,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"61d5f1a1a93cc2b08ca4fc4032b9df1e"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: font/ttf
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1671243819749
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: none
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 12 Aug 2024 13:26:08 GMT
via: 1.1 82ded7662ff2806d716068ef52891c6a.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: LseMZwrny9avZzv6GoE3a9pheWcyZ0eh
x-amz-cf-pop: MXP64-C2
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-95662839379,FD-95664176134,P-5058330,FLS-ALL
x-amz-meta-index-tag: none
x-amz-storage-class: INTELLIGENT_TIERING
x-amz-id-2: 98c8bB1khNIf3k1JB/ab7h+jNqzQE4NDRtjbQQQ1Td7A2F/ag8NDX2DzkRARQRNvGNCxeoWTsec=
last-modified: Sat, 17 Dec 2022 02:23:40 GMT
server: cloudflare
cf-ray: 8b20cba16ad60d6a-MXP
timing-allow-origin: 5058330.fs1.hubspotusercontent-na1.net
x-amz-cf-id: tHiWB8l3xFt-ue4VpjJuBlWuwkGuR0Mk3C1MLtSAq9nTsFoc10xm6A==

GET
H3 200 lock%20modal.png
blog.kandji.io/hs-fs/hubfs/ 40 KB
41 KB 80ms
79ms Image
image/webp 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.kandji.io/hs-fs/hubfs/lock%20modal.png?width=600&height=682&name=lock%20modal.png

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6db62bda53b5b19e55ba3c3243726a28f6e3e3973f2388b9ab02d52406439a59

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 13:26:08 GMT
strict-transport-security: max-age=31536000
via: 1.1 ec6f32a0d1c5fef22993e49d055871c2.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-175139325245,P-5058330,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 41106
cf-resized: internal=ok/m q=0 n=989+180 c=16+164 v=2024.8.0 l=41106 f=false
last-modified: Wed, 07 Aug 2024 20:09:27 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfpVXi--yUhAwXnTPHwGb4deoVBqwvFQ5-NMWfKgvbDQ:bf6b87ee9a3cabf95cb96738d5a2c3f0"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B04hwO3087joEgvBSQasSK6afSho6pTry%2Fd%2B7h5t2Fhcd89TgORGSzes7IksaL4rT4arGTFahue4zwDUvk31WCXqqwyVb0ah0d43u9tZy6bpjDUm5ULgT2K9529vXDYU"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8b20cb9f8eca3757-MXP
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 NicholasMercurio.jpeg
blog.kandji.io/hubfs/assets/images/menu/ 874 B
1 KB 86ms
83ms Other
image/webp 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.kandji.io/hubfs/assets/images/menu/NicholasMercurio.jpeg

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

79304394d6072a94fd3ed0046af77fc4121292fbabbdc0af668278a83441daaa

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
x-amz-meta-cache-tag: F-170243040874,FD-170243638182,P-5058330,FLS-ALL
age: 2471073
x-amz-request-id: 539W6FRFKY0AB7G5
x-amz-server-side-encryption: AES256
edge-cache-tag: F-170243040874,FD-170243638182,P-5058330,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="NicholasMercurio.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-meta-access-tag: public-indexable
cf-bgj: imgq:85,h2pri
etag: "4947c8821b4e99f3cc8f79a0388081e1"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
x-amz-meta-created-unix-time-millis: 1718228029007
access-control-allow-origin: *
content-type: image/webp
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 12 Aug 2024 13:26:08 GMT
strict-transport-security: max-age=31536000
via: 1.1 71d15e4317f9ba4644f6c17f42ef94c8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: Hf.zxcRgm6cKGpfBjW_Cr5ka2Q7iY96i
x-amz-cf-pop: MXP64-C2
x-hs-alternate-content-type: text/plain
cf-polished: qual=85, origFmt=jpeg, origSize=1559
x-cache: RefreshHit from cloudfront
cache-tag: F-170243040874,FD-170243638182,P-5058330,FLS-ALL
x-amz-meta-index-tag: all
x-amz-storage-class: INTELLIGENT_TIERING
alt-svc: h3=":443"; ma=86400
content-length: 874
x-amz-id-2: ndF74b9p5ehhGu1BG/lCMEFEI1PiNnCWoAYsEqOgHtFvrNmdwNT+5a36oRlSS9SrVfUpJAzxliA=
last-modified: Wed, 12 Jun 2024 21:33:50 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZG9MuuNSHpKn1g36xeJiqKhkK7cjwAW1GW0nJnam1jFycTQvzWittX%2BfuPiAhbazz68SvLyF0viPa2BZU%2Fdc48tQQxvUH5JxBUqgoj%2BQV0m5AXWUenUx1nE%2Fik4pfdEU"}],"group":"cf-nel","max_age":604800}
accept-ranges: bytes
cf-ray: 8b20cb9fff693757-MXP
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: nq9gk3dMnL6-6HGl5HRbzA7y_9Dpa8JHG9-ZSvOO_3wsuWesmTRzdg==

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 69 B
308 B 307ms
82ms XHR
application/json 2606:4700::6812:1d7f
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1d7f , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6964d03a8ab5896300c3dd5cb3fc6fa302ef3d1b5453d2021282038af12e5679

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 13:26:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 8b20cba198e75244-MXP
access-control-allow-headers: Content-Type

GET
H3 200 2024.07.XX%20Dock%20Tile%20Plugins.png
blog.kandji.io/hs-fs/hubfs/ 1 KB
2 KB 78ms
77ms Image
image/webp 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.kandji.io/hs-fs/hubfs/2024.07.XX%20Dock%20Tile%20Plugins.png?width=128&height=66&name=2024.07.XX%20Dock%20Tile%20Plugins.png

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

31ded8f2ec4fad8e9f3a88a6126ed08ee593b9ef3e2981309f0e5ddb718ee80e

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 13:26:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 7c3241a948c4d88d2b9d7793615eaf0c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-172856411830,P-5058330,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 1286
cf-resized: internal=ok/m q=0 n=862+92 c=47+44 v=2024.8.0 l=1286 f=false
last-modified: Fri, 12 Jul 2024 18:39:29 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cf4Bu1pa0oR0796BG1k0rngMVkdFxi2AAgjHEhntbsDQ:fc086fdf912396a5758bc4e50ade413a"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bL8xipd%2FOAsoxZWkuIvujxn994yZ6ZGQmDa8PCZj%2FSzz93z5fjHuZ%2Fq8xxRZTW7gAhTH%2FG2oALcTarV%2BVcbxKPx10bYNVSb0r2GnGV2spjy%2BnVRx9QJrK2gS8rSnQBXa"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8b20cba28b793757-MXP
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 2024.06.18%20helpers%204.png
blog.kandji.io/hs-fs/hubfs/ 1 KB
2 KB 79ms
78ms Image
image/webp 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.kandji.io/hs-fs/hubfs/2024.06.18%20helpers%204.png?width=128&height=66&name=2024.06.18%20helpers%204.png

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c19a9751568c35a18e93edfc7e4f854a6e8b38ddabce37fb119f570c0f8292a2

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 13:26:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 7c3241a948c4d88d2b9d7793615eaf0c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-170253269663,P-5058330,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 1084
cf-resized: internal=ok/m q=0 n=991+102 c=55+46 v=2024.8.0 l=1084 f=false
last-modified: Thu, 13 Jun 2024 00:11:06 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cf7VFTU2FX38fj8OH3eqN33A1ydFxi2AAgjHEhntbsDQ:bb2330ee4576b9f9d3edc099fb5e538b"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vfN8ehpHkHHSzuogg4PPzwdLVM%2F0xJUx7zLyuKGrAkHpq%2FZHZS7WudQYwCAYxYV6BSm6SdK3OUudWXTp3IcP4yobFqBi7GYUupGdA65dX4HbP3c%2BzkJYOwUgyLX5gwcK"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8b20cba28b7e3757-MXP
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 2024.04.30%20Cuckoo%202.png
blog.kandji.io/hs-fs/hubfs/ 2 KB
3 KB 83ms
82ms Image
image/webp 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.kandji.io/hs-fs/hubfs/2024.04.30%20Cuckoo%202.png?width=128&height=66&name=2024.04.30%20Cuckoo%202.png

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc66f58be18ed49006f1ea178011b0e3f8201e4c4da003f90595e2def664db17

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 13:26:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 bcb4a9bca5a3ff00d0520d8a78f560dc.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-165961962245,P-5058330,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 1942
cf-resized: internal=ok/m q=0 n=863+118 c=70+46 v=2024.8.0 l=1942 f=false
last-modified: Tue, 30 Apr 2024 18:02:29 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cf6yGpyB0EJrxo_quNgCZ1zhU7dFxi2AAgjHEhntbsDQ:4d88a391e2bf20850f08bf6d422c3a96"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x%2BE%2B1OwtmGBhlxyjYkXIN6mE7Y99VqZNKut23mvooym80eGRxPOs6FvkfYhdc24UGKIQW%2Bnhm4Q2qvuYwwzrXvVROY9VtavFvdlrWfkAxBsTbbwucI5jaSN7g72nXtL%2B"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8b20cba28b813757-MXP
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H3 200 2024.03.XX%20installers.png
blog.kandji.io/hs-fs/hubfs/ 2 KB
3 KB 84ms
83ms Image
image/webp 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blog.kandji.io/hs-fs/hubfs/2024.03.XX%20installers.png?width=128&height=66&name=2024.03.XX%20installers.png

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

9e31e68652d40a182ba89f4af0ae2bc09c1a71bb893aa2bdd147a6278081d4ff

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 13:26:09 GMT
strict-transport-security: max-age=31536000
via: 1.1 36be2c773789c1382b13900c0a0f5724.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-160884535947,P-5058330,FLS-ALL
alt-svc: h3=":443"; ma=86400
content-length: 2412
cf-resized: internal=ok/m q=0 n=870+116 c=68+47 v=2024.8.0 l=2412 f=false
last-modified: Fri, 15 Mar 2024 15:49:20 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfvWXpEFLCQN_zZvbheJ2EmJLxdFxi2AAgjHEhntbsDQ:3c204f838ebc22dfc5014db1beca205b"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K3IWC6fsPiFWCgkfrRhbBnxL5M%2Btee4NnNh8kj%2BN4VBA8zoQt4udocZhJKxdlGDtvEr9cagY10lhhzZk2l0MxgrmCvjmRpNpNRU%2FTWxMCvTvziJ61z0pUpSYtxkryCfM"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 8b20cba28b823757-MXP
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202303.1.0/ 407 KB
98 KB 61ms
7ms Script
application/javascript 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202303.1.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

099d33a1d679bcfa3722a172d91742af80d45166f760db1512e4944a9d95bc23

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 12 Aug 2024 13:26:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 12zQcT/rVMicuxojEvnp3g==
age: 51638
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 100389
x-ms-lease-status: unlocked
last-modified: Tue, 18 Apr 2023 02:32:15 GMT
server: cloudflare
etag: 0x8DB3FB51FD9A927
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 28d3babc-501e-0022-05ac-12fc9c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b20cba2bfd859a1-MXP

GET
H2 200 Subscribe-Blog.png
5058330.fs1.hubspotusercontent-na1.net/hubfs/5058330/raw_assets/public/Kandji_December2022/images/modules/ 13 KB
14 KB 209ms
138ms Image
image/webp 2606:4700::6812:18bd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://5058330.fs1.hubspotusercontent-na1.net/hubfs/5058330/raw_assets/public/Kandji_December2022/images/modules/Subscribe-Blog.png
Requested by: Host: blog.kandji.io
URL: https://blog.kandji.io/hs-fs/hub/5058330/hub_generated/template_assets/95659790937/1721430659152/Kandji_December2022/css/kandji.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:18bd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 3fc523fde3cc50b1d7b9e935d342b29b1e380d85f6d4b14aba2351838410bc83

Request headers

Referer: https://blog.kandji.io/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-96062485125,FD-95861192563,P-5058330,FLS-ALL
age: 453119
x-amz-request-id: 4QHT7T0BHZDBDH13
x-amz-server-side-encryption: AES256
edge-cache-tag: F-96062485125,FD-95861192563,P-5058330,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="Subscribe-Blog.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "ea57f01744259025dbbee871cdd1cb31"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1671621599617
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: none
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 12 Aug 2024 13:26:09 GMT
via: 1.1 bfe9d994abba969f95c1b3b4712cf2ea.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: CJxRHwMuRdpajywx_jTmK_D4quNoYBxx
x-amz-cf-pop: IST50-P3
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=16283
x-cache: Miss from cloudfront
cache-tag: F-96062485125,FD-95861192563,P-5058330,FLS-ALL
x-amz-meta-index-tag: none
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 13174
x-amz-id-2: PYaP/+0uyW71AlTd6P8HaC0c+Rt94T+0ghMy5qMXsrFwJ1JozR6fHfRpwff3tzidBZyqHf6h5qg=
last-modified: Wed, 21 Dec 2022 11:20:00 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 8b20cba4ca3a4c67-MXP
timing-allow-origin: 5058330.fs1.hubspotusercontent-na1.net
x-amz-cf-id: ppKnxEjPDxOcMZCYqO2hYgj73oX_eFmNnM2qqUtsRdZLT3EK_wh8cQ==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 345 KB
110 KB 56ms
56ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-V21CT0R1FX

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T7GZQ3L

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

934dea87f64ab0fc8bdf0f3cfd1f045f7a220a1c8874d7714fe01e707b136c86

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 13:26:09 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 112313
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 12 Aug 2024 13:26:09 GMT

GET
H2 200 live.js Show response
cdn.transifex.com/ 96 KB
26 KB 322ms
88ms Script
text/javascript 18.239.69.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.transifex.com/live.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T7GZQ3L
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.69.2 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-69-2.ams58.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 0ac06f0260e4f88ec780156809becb32b9f1b48c87e3c33aa33de77007418395

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id: v497APf6s4w5dtCug3rvoXIyLBX8WgGf
content-encoding: gzip
via: 1.1 0f3cf20f6db29b970aa67df851b05904.cloudfront.net (CloudFront)
date: Mon, 12 Aug 2024 02:23:17 GMT
last-modified: Tue, 23 Jul 2024 11:25:53 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P4
age: 42368
x-amz-server-side-encryption: AES256
etag: W/"2ad3d948f864f65b2e25671757bc9df2"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
x-amz-cf-id: k0b-OAthoUfci84qKHx0uKrwfCpLFV0XeXsqQIqie6uto34rOsbtUQ==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 345 KB
110 KB 70ms
70ms Script
application/javascript 2a00:1450:4001:81c::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-V21CT0R1FX&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T7GZQ3L

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ffed5c9c0e3f5056ebf7b2a1f5da80f39f2e8b0a9b08c2ab33eb97aa525afb12

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 13:26:09 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 112262
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 12 Aug 2024 13:26:09 GMT

GET
H2 200 json Show response
www.kandji.io/_hcms/forms/embed/v3/form/5058330/21f774d6-4c0b-4c25-b47a-35023464393a/ 12 KB
4 KB 443ms
442ms XHR
application/json 2a05:d014:275:cb00::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.kandji.io/_hcms/forms/embed/v3/form/5058330/21f774d6-4c0b-4c25-b47a-35023464393a/json?hs_static_app=forms-embed&hs_static_app_version=1.5781&X-HubSpot-Static-App-Info=forms-embed-1.5781

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb00::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

8792963b430e56e4b59fd7765fc41eb90af435ef0aba66cb80ec8445dd6a0934

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 1
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-listener: listener_https
netlify-vary: query
cache-status: "Netlify Edge"; fwd=miss
vary: origin,Accept-Encoding
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
x-evy-trace-virtual-host: all
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0,no-cache,no-store
x-robots-tag: none
access-control-allow-headers: *
x-nf-request-id: 01J53C914PEJ39GGH1ND67C9DR
x-origin-hublet: na1
date: Mon, 12 Aug 2024 13:26:10 GMT
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000
x-hubspot-correlation-id: ebbd8274-d95f-4d1c-8da4-c705aa7e15c6
x-envoy-upstream-service-time: 15
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: ebbd8274-d95f-4d1c-8da4-c705aa7e15c6
server: Netlify
access-control-max-age: 180
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wFZz8GNgq9HV1Vql5Y4TyUItBOSzK9tGLfyurIW4QKrlIyLVzXJv2SNYWf7OjO8U2gYHgSG6V9Exp9uH22W6LQlaqLNZnE80m8cbTiZtz5TavIW4gHSwg3cspY1jrX1s"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-lkwbr
access-control-allow-credentials: false
cf-ray: 8b20cba758ba9bec-FRA

GET
H2 200 ct Show response
obs.sd22326.kandji.io/ 4 KB
2 KB 583ms
170ms Script
text/javascript 2600:1f18:e8a:cd08:3437:aff5:50c:d298
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.sd22326.kandji.io/ct?id=57239&url=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&sf=0&tpi=&ch=cheq4ppc&uvid=&tsf=0&tsfmi=&tsfu=&cb=1723469169991&hl=2&op=0&ag=4229657421&rand=2321980789912180520068217678258903168246052578939876151286066395290082961809070610279&fs=1600x1200&fst=1600x1200&np=linux%20x86_64&nv=google%20inc.&ref=&ss=1600x1200&nc=0&at=&di=W1siZWYiLDY2ODddLFsiYWJuY2giLDI2NV0sWy01LCItIl0sWy0xOCwiWzAsMCwwLDFdIl0sWy0yMywiKyJdLFstMjgsImVuLVVTLGVuIl0sWy00OSwiLSJdLFstNTUsIjEiXSxbLTYwLDIwN10sWy05LCIrIl0sWy0yNiwie1widGpoc1wiOjEzOTc0NDk3LFwidWpoc1wiOjEwMDM4NzIxLFwiamhzbFwiOjQyOTQ3MDUxNTJ9Il0sWy0yNywiWzEwMCwxMCwwLFwiNGdcIixudWxsXSJdLFstNTEsIi0iXSxbLTUyLCItIl0sWzEyLCJ7XCJjdHhcIjpcIndlYmdsXCIsXCJ2XCI6XCJpbnRlbCBpbmMuXCIsXCJyXCI6XCJpbnRlbCBpcmlzIG9wZW5nbCBlbmdpbmVcIixcInNsdlwiOlwid2ViZ2wgZ2xzbCBlcyAxLjAgKG9wZW5nbCBlcyBnbHNsIGVzIDEuMCBjaHJvbWl1bSlcIixcImd2ZXJcIjpcIndlYmdsIDEuMCAob3BlbmdsIGVzIDIuMCBjaHJvbWl1bSlcIixcImd2ZW5cIjpcIndlYmtpdFwiLFwiYmVuXCI6NjIsXCJ3Z2xcIjoxLFwiZ3JlblwiOlwid2Via2l0IHdlYmdsXCIsXCJzZWZcIjoxOTMwODIwMjc5LFwic2VjXCI6XCJcIn0iXSxbLTM0LCItIl0sWy00NywiRXVyb3BlL1JvbWUsaXQsbGF0bixncmVnb3J5Il0sWy0yLCIyOSxlQUhXWDEvZjNxekN2Ymt1eW1Rd2dsSWFGM3BFc1JFRVRwb1ZkRlZCUVFwUmNSQkZTS0lJZ2lSSXIwS2hKUnFwU0F0Q0FrUUhwSXp5YmJYcG1aci81L2Q5NmJ6Y3VTQVBKL0d0Il0sWy0xMCwiLSJdLFstMzEsImZhbHNlIl0sWy00MywiMDAwMDAwMDEwMTAwMDAwMTAwMTExMDExMDAxMDExMDEwMDAwMDEwIl0sWy00OCwiMCwwIl0sWzM3LCJbMzMxNjIyNDA0OSxmdW5jdGlvbihuZXdWYWx1ZSkge1xuICAgICAgICAgICAgICBhZGRDb250ZW50V2luZG93UHJveHkodGhpcylcbiAgICAgICAgICAgICAgLy8gUmVzZXQgcHJvcGVydHksIHRoZSBob29rIGlzIG9ubHkgbmVlZGVkIG9uY2VcbiAgICAgICAgICAgICAgT2JqZWN0LmRlZmluZVByb3BlcnR5KGlmcmFtZSwgJ3NyY2RvYycsIHtcbiAgICAgICAgICAgICAgICBjb25maWd1cmFibGU6IGZhbHNlLFxuICAgICAgICAgICAgICAgIHdyaXRhYmxlOiBmYWxzZSxcbiAgICAgICAgICAgICAgICB2YWx1ZTogX3NyY2RvY1xuICAgICAgICAgICAgICB9KVxuICAgICAgICAgICAgICBfaWZyYW1lLnNyY2RvYyA9IG5ld1ZhbHVlXG4gICAgICAgICAgICB9XSJdLFstMTQsIi0iXSxbLTIwLCItIl0sWy0yMiwiW1wiblwiLFwiblwiXSJdLFstMzMsIi0iXSxbLTM1LCJbMTcyMzQ2OTE2OTgwMiwtMl0iXSxbLTM5LCJbXCIyMDAzMDEwN1wiLDIsXCJHZWNrb1wiLFwiTmV0c2NhcGVcIixcIk1vemlsbGFcIixudWxsLG51bGwsdHJ1ZSw4LGZhbHNlLG51bGwsNSx0cnVlLHRydWUsbnVsbCwwLHRydWUsdHJ1ZV0iXSxbLTQxLCItIl0sWy00NiwiMCJdLFstMTEsIntcInRcIjpcIlwiLFwibVwiOltcImRlc2NyaXB0aW9uXCIsXCJvZzpkZXNjcmlwdGlvblwiLFwib2c6dGl0bGVcIixcInR3aXR0ZXI6ZGVzY3JpcHRpb25cIixcInR3aXR0ZXI6dGl0bGVcIl19Il0sWy0xMywiLSJdLFstMTUsIi0iXSxbLTUwLCItIl0sWy02LCItIl0sWy0xNywiMTAiXSxbLTIxLCItIl0sWy0yNCwiW10iXSxbLTM3LCItMTQ0LTY2LTE4MC0iXSxbLTQwLCIzMyJdLFstNCwiLSJdLFstNywiLSJdLFstMTksIls2NDAsNjQwLDY0MCw2NDAsMCwwLDEsMjQsMjQsXCItXCIsMTYwMCwxMjAwLDE2MDAsMTIwMCwxNjAwLDEyODUsMTYwMCwxMjAwLDAsMCwwLDAsXCItXCIsXCItXCIsMTYwMCwxMjAwXSJdLFstMjUsIi0iXSxbLTEyLCJudWxsIl0sWy0yOSwiLSJdLFstMzAsIltcInZcIiwwXSJdLFstMzgsImwsLTEsLTEsMCwwLDUzLDAsMCwxNTcsNTY5LC0xLDAsMTkxMCwxOTEwLDI5NjAsMjk2MCJdLFstNDIsIjE3MjQyOTc2NTMiXSxbLTQ0LCIwLDAsMCw1Il0sWy00NSwiNjIwLDY3NywwLDAsMCw1NjIsMCwwLDY0OCwwLDAsMCwwLDAsMCwwLDAsMCwwLDY4NCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCJdLFstNTMsIjEwMCJdLFsiYm5jaCIsODI1XSxbLTEsIi0iXSxbLTMsIltcImludGVybmFsLXBkZi12aWV3ZXJcIixcImludGVybmFsLXBkZi12aWV3ZXJcIixcImludGVybmFsLXBkZi12aWV3ZXJcIixcImludGVybmFsLXBkZi12aWV3ZXJcIixcImludGVybmFsLXBkZi12aWV3ZXJcIl0iXSxbLTgsIi0iXSxbLTE2LCIwIl0sWy0zMiwiLSJdLFstMzYsIltcIjQvM1wiLFwiNC8zXCJdIl0sWy02MiwiODAiXSxbLTY1LCItIl0sWy02MywiMCJdLFstNTQsIntcImhcIjpbXCJfM1wiLFwiMjg3Mjg5OTMyMFwiLFwiXzFcIixcIjEwMzc5NzUxMDJcIixcIjI4Mzg1MzQyOTlcIixcIjEzNDk5MTQ4NzJcIl0sXCJkXCI6W10sXCJiXCI6W10sXCJzXCI6MX0iXSxbLTY3LCIyNTMyMzEyODg4OjExNiJdLFstNjksIkxpbnV4IHg4Nl82NHxHb29nbGUgSW5jLnw4fDEwfHwwIl0sWy01NywiV0UwWlYxeE9jVmhYWFZWY1N4Y0ZXbFpVU1V4TlhGMEhHV0pZU2hsWVNVbFZRR1FaRVZ4UFdGVVpXRTBaQlZoWFZsZEFWRlpNU2djWkVRTU9Bd2dNQ1FvSkFSQVZHUVZZVjFaWFFGUldURW9IQXdnQkF3b0pFQlZZVFJsNFMwdFlRQmRQWEJrUlVVMU5TVW9ERmhaV1d4ZEtYUXNMQ2dzUEYxSllWMTFUVUJkUVZoWlFGZ2dLQ1YxZFdGeGFEZzlhQ2drTUN3QUxYdzljV2dvSlhGdGNYd3RkREZwY0YxTktBd2dERHc0QURnb1FGVmhOR1VzWkVWRk5UVWxLQXhZV1Zsc1hTbDBMQ3dvTER4ZFNXRmRkVTFBWFVGWVdVQllJQ2dsZFhWaGNXZzRQV2dvSkRBc0FDMThQWEZvS0NWeGJYRjhMWFF4YVhCZFRTZ01JQXc0TER3PT0iXSxbLTY0LCJbMCxcIlwiLFtdXSJdLFstNzAsIi0iXSxbLTU2LCJsYW5kc2NhcGUtcHJpbWFyeSJdLFstNjYsImdlb2xvY2F0aW9uLHN0b3JhZ2VhY2Nlc3MsZ2FtZXBhZCxjaGVjdCxtaWRpLGRpc3BsYXljYXB0dXJlLHVzYixicm93c2luZ3RvcGljcyxwaWN0dXJlaW5waWN0dXJlLHB1YmxpY2tleWNyZWRlbnRpYWxzZ2V0LGxvY2FsZm9udHMsb3RwY3JlZGVudGlhbHMsZW5jcnlwdGVkbWVkaWEsY2hzYXZlZGF0YSxjaHVhZnVsbHZlcnNpb25saXN0LGNodWF3b3c2NCxzaGFyZWRzdG9yYWdlLGNoZG93bmxpbmssY2hwcmVmZXJzY29sb3JzY2hlbWUsc3luY3hocixjaHVhbW9kZWwsY2hwcmVmZXJzcmVkdWNlZHRyYW5zcGFyZW5jeSxzZXJpYWwsY2FtZXJhLGNocHJlZmVyc3JlZHVjZWRtb3Rpb24scHJpdmF0ZXN0YXRldG9rZW5pc3N1YW5jZSxpZGVudGl0eWNyZWRlbnRpYWxzZ2V0LGNodWFmdWxsdmVyc2lvbixmdWxsc2NyZWVuLGNoZHByLHVubG9hZCxrZXlib2FyZG1hcCxjaHVhcGxhdGZvcm0sc2hhcmVkc3RvcmFnZXNlbGVjdHVybCxneXJvc2NvcGUsaW50ZXJlc3Rjb2hvcnQsY2h1YW1vYmlsZSx3aW5kb3dtYW5hZ2VtZW50LGNodWEscHVibGlja2V5Y3JlZGVudGlhbHNjcmVhdGUsbWFnbmV0b21ldGVyLGFjY2VsZXJvbWV0ZXIscHJpdmF0ZXN0YXRldG9rZW5yZWRlbXB0aW9uLGNodWFhcmNoLHhyc3BhdGlhbHRyYWNraW5nLGNodWFmb3JtZmFjdG9ycyxpZGxlZGV0ZWN0aW9uLGNodWFwbGF0Zm9ybXZlcnNpb24sY2h3aWR0aCxjbGlwYm9hcmRyZWFkLGNodmlld3BvcnR3aWR0aCxjb21wdXRlcHJlc3N1cmUscGF5bWVudCxjaHZpZXdwb3J0aGVpZ2h0LGNocnR0LGF1dG9wbGF5LGNyb3Nzb3JpZ2luaXNvbGF0ZWQsaGlkLGNodWFiaXRuZXNzLHNjcmVlbndha2Vsb2NrLHByaXZhdGVhZ2dyZWdhdGlvbixjbGlwYm9hcmR3cml0ZSxhdHRyaWJ1dGlvbnJlcG9ydGluZyxjaGRldmljZW1lbW9yeSxtaWNyb3Bob25lIl0sWy02OCwiLSJdLFstNzEsImEwMTEwMDEwMTAwMTAwMTAxMDAwMTAxMDAxMTExMTAxMDAwMDEwIl0sWy01OCwiLSJdLFstNTksImRlZmF1bHQiXSxbLTYxLCJ7XCJ3Z3NsXCI6XCI0O3JlYWRvbmx5X2FuZF9yZWFkd3JpdGVfc3RvcmFnZV90ZXh0dXJlcztwYWNrZWRfNHg4X2ludGVnZXJfZG90X3Byb2R1Y3Q7dW5yZXN0cmljdGVkX3BvaW50ZXJfcGFyYW1ldGVycztwb2ludGVyX2NvbXBvc2l0ZV9hY2Nlc3M7XCIsXCJwY2ZcIjpcImJncmE4dW5vcm1cIn0iXSxbImRkYiIsIjAsMzAsMCwwLDAsMCwwLDAsMCwxLDEsMCwwLDAsMCwwLDAsMSwwLDgsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMSwxLDAsMCwwLDAsMCwwLDUsNTksMCwzMCwwLDEsMCwwLDAsMCwwLDAsMSwxLDAsMCwzMywwLDAsMCwwLDAsMCwxMTYsMCwwLDAsMCJdLFsiY2IiLCIwLDAsMCwwLDAsMCwwLDAsMCwzLDAsMCw2MywwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDEsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwwLDAsMSwwLDE5LDAsMCwwLDAsMCwwLDAsMCwwLDAsMCwxLDAsMCwwLDAsMCwwLDAsMCw3NCwwLDAsMCwwLDAsMCwwLDAsMCwwIl1d&dep=0&pre=0&sdd=%7B%7D&cri=LZn8pKfshx&pto=3147&ver=61&gac=-&mei=&ap=&fe=1&duid=1.1723469169.rzhsXjhCmzDpBwKZ&suid=1.1723469170.kv55wMTJaJ7IdnVU&tuid=1.1723469170.LXwBV153Xe20GeOM&fbc=-&gtm=W10%3D&it=42%2C681%2C971&fbcl=-&gacl=-&gacsd=-&rtic=-&bgc=-&spa=1&urid=0&ab=jx.2.0%3B&sck=-&io=aGA2Og%3D%3D
Requested by: Host: ob.sd22326.kandji.io
URL: https://ob.sd22326.kandji.io/i/130ddaec76c305292f6ec30ebef2d5ce.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 462ccbbe37b392ab782355610acc2bf40faed66e638195a2e0c947f17ac0af81

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Aug 2024 13:26:10 GMT
content-encoding: gzip
content-type: text/javascript
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: https://www.kandji.io
content-length: 1731
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 192ms
64ms Script
application/javascript 2606:4700::6811:80ac
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/hs/scriptloader/5058330.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:80ac , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8e1b1a37caa8b7627123aeb0e23ad3a2ac14d4ad48be7aabb2ca7ca9da218ef5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 13:26:10 GMT
x-amz-version-id: UIOsIr3qFS9r3wFn4ECf3yNr1.R8N2aA
content-encoding: gzip
x-content-type-options: nosniff
via: 1.1 66b6cd04ec22251498906e833eb08668.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: cb1356a7-03fd-46e3-bd72-e3764bf3d50b
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.572/bundles/pixels-release.js&cfRay=8af1638708f3ba83-FRA
x-cache: Hit from cloudfront
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
age: 48
x-envoy-upstream-service-time: 0
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: cb1356a7-03fd-46e3-bd72-e3764bf3d50b
last-modified: Tue, 06 Aug 2024 19:11:03 UTC
server: cloudflare
etag: W/"45a803cc17701ff8c7710294960c14c7"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-5f4dcb8bc8-bhgvl
cf-ray: 8b20cba9df720dc6-MXP
x-amz-cf-id: Ycecs5Gn1WB7Wbdg6E5xk-GmGBqu7mm699p2XzIx5QjXN76CqRqUug==
x-hs-target-asset: adsscriptloaderstatic/static-1.572/bundles/pixels-release.js

GET
H2 200 5058330.js Show response
js.hs-analytics.net/analytics/1723469100000/ 68 KB
25 KB 621ms
492ms Script
text/javascript 2606:4700::6810:a0a8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1723469100000/5058330.js
Requested by: Host: www.kandji.io
URL: https://www.kandji.io/hs/scriptloader/5058330.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:a0a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f39556b3a869139e66c13d26731720ea563fb283dabf7ae79b2b32e6d2575e6f

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 13:26:10 GMT
x-amz-version-id: null
content-encoding: gzip
cf-cache-status: MISS
x-amz-request-id: 3MJANGN2E4TPWR6Y
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: b318a68d-f94a-4f82-88a6-203c14347ab9
x-envoy-upstream-service-time: 27
x-amz-id-2: QbI63YdL8ZHmlb/3C7riWZqWSCc6bbDOkZFKKkwhZKXuPkUtiH95/L6QrmHPnnRmb/XvazSh4JVKv+0zCc35XI5ztB8I95EN
x-evy-trace-listener: listener_https
x-request-id: b318a68d-f94a-4f82-88a6-203c14347ab9
x-evy-trace-route-configuration: listener_https/all
last-modified: Sat, 03 Aug 2024 00:23:30 GMT
server: cloudflare
etag: W/"6568e257449cbb1fd5f1cab2c0424f83"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6895b58fd6-k5ntq
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 8b20cba9d8b9526d-MXP
expires: Mon, 12 Aug 2024 13:31:10 GMT

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/5058330/ 71 KB
26 KB 498ms
370ms Script
text/javascript 2606:4700::6812:16b7
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/5058330/banner.js
Requested by: Host: www.kandji.io
URL: https://www.kandji.io/hs/scriptloader/5058330.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:16b7 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6957528b73336870fef39c26e4c26a54274b20a6f4bcc72ced85acc62b35cea8

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 13:26:10 GMT
x-amz-version-id: U18IpK875C1.kZkqgNYlPwP3nLAPfMuJ
content-encoding: gzip
cf-cache-status: REVALIDATED
x-amz-request-id: Q2WQ1FRZSW8Y134B
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 37639ef7-8a8f-4433-8ef4-5f20a3ed884e
x-envoy-upstream-service-time: 105
x-amz-id-2: JjdHVm+TKwef8vGmWLKznJBnN+mVDh1oZ7cNUY768B4g44pjXhCGJe2DZgtpBxwEBbvY9LNAEEw=
x-evy-trace-listener: listener_https
x-request-id: 37639ef7-8a8f-4433-8ef4-5f20a3ed884e
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 15 Apr 2024 14:30:11 GMT
server: cloudflare
etag: W/"aa0a797298b2896ababed192ace38142"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://support.kandji.io
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6895b58fd6-wgwsj
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 8b20cba9dbcf0d69-MXP
expires: Mon, 12 Aug 2024 13:31:10 GMT

GET
H2 204 has-permission-json Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
677 B 252ms
212ms XHR
text/plain 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission-json?portalId=5058330

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/hs/hsstatic/HubspotToolsMenu/static-1.349/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 13:26:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: no-sniff
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 8a9a89aa-221c-46b2-a3ab-b0afa5112784
x-envoy-upstream-service-time: 6
x-evy-trace-route-configuration: listener_https/all
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=8b20cba97db05277&resource=unknown"
x-evy-trace-listener: listener_https
x-request-id: 8a9a89aa-221c-46b2-a3ab-b0afa5112784
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: GET
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
access-control-allow-origin: https://www.kandji.io
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-5f4dcb8bc8-sffzl
cache-control: max-age=0
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
cf-ray: 8b20cba97db05277-MXP

GET
H2 200 right-laptopts.png
5058330.fs1.hubspotusercontent-na1.net/hubfs/5058330/raw_assets/public/Kandji_December2022/images/modules/ 109 KB
110 KB 69ms
69ms Image
image/webp 2606:4700::6812:18bd
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://5058330.fs1.hubspotusercontent-na1.net/hubfs/5058330/raw_assets/public/Kandji_December2022/images/modules/right-laptopts.png
Requested by: Host: blog.kandji.io
URL: https://blog.kandji.io/hs-fs/hub/5058330/hub_generated/template_assets/95659790937/1721430659152/Kandji_December2022/css/kandji.min.css
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:18bd , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f336afca0db6e13235318d314c37a3f577c0c6219e57c1d44106d45313f0534e

Request headers

Referer: https://blog.kandji.io/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-meta-cache-tag: F-134491805113,FD-95861192563,P-5058330,FLS-ALL
age: 285540
x-amz-request-id: G0GNA7GQ3H6EMECK
x-amz-server-side-encryption: AES256
edge-cache-tag: F-134491805113,FD-95861192563,P-5058330,FLS-ALL
x-amz-replication-status: COMPLETED
content-disposition: inline; filename="right-laptopts.webp"
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
etag: "d8f7fec81a5703b8fa569b8c7e09c1d2"
vary: Accept, Accept-Encoding
access-control-allow-methods: GET
content-type: image/webp
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1694478484023
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: none
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 12 Aug 2024 13:26:10 GMT
via: 1.1 44b1d22f682d32d0090eb52e3626b174.cloudfront.net (CloudFront)
cf-cache-status: HIT
x-amz-version-id: jjtaDQNzOAXVY5VvKDfKCQS8NeD2KgjS
x-amz-cf-pop: MXP64-C2
x-hs-alternate-content-type: text/plain
cf-polished: origFmt=png, origSize=181766
x-cache: RefreshHit from cloudfront
cache-tag: F-134491805113,FD-95861192563,P-5058330,FLS-ALL
x-amz-meta-index-tag: none
x-amz-storage-class: INTELLIGENT_TIERING
content-length: 111700
x-amz-id-2: PZhirZlMVz7+tqaV51iFdka9xMVfZ/fMSlp1bDRHOb3WaJzlHs1sWzZRAxwNCbMAeMP41N4K9ms=
last-modified: Tue, 12 Sep 2023 00:28:05 GMT
server: cloudflare
accept-ranges: bytes
cf-ray: 8b20cba9bbaa4c67-MXP
timing-allow-origin: 5058330.fs1.hubspotusercontent-na1.net
x-amz-cf-id: dGPR_oYmRENbIp7r7ex8vWX9OHB3jSDd-wSCIL2Jygp8L5hReQ-uCQ==

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/52104b08-403c-474b-8e63-8560d38d0080/019123a8-cbdf-74c1-af01-31eb0e3fff51/ 132 KB
24 KB 67ms
66ms Fetch
application/x-javascript 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/52104b08-403c-474b-8e63-8560d38d0080/019123a8-cbdf-74c1-af01-31eb0e3fff51/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202303.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

20bb4ebaa07c5929c68b4086ce04a1e90b53020df222c9711627c104d9bc8229

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 12 Aug 2024 13:26:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 77687
content-md5: rA9zrpId45ZSmWVJlV5ZqA==
content-length: 24297
x-ms-lease-status: unlocked
last-modified: Mon, 05 Aug 2024 17:51:29 GMT
server: cloudflare
etag: 0x8DCB5773C5177EE
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: acea7d81-c01e-00dd-1460-e7c024000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b20cba9dee90e4f-MXP
expires: Tue, 13 Aug 2024 13:26:10 GMT

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
886 B 219ms
161ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 13:26:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: f3d2adf4-5f1f-486c-995f-52559fcb377d
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f3d2adf4-5f1f-486c-995f-52559fcb377d
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-vls5k
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 8b20cbab88d4baa9-MXP

GET
H3 200 counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
538 B 317ms
317ms Image
image/gif 104.19.175.188
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords

Protocol

Security

QUIC, , AES_128_GCM

Server

104.19.175.188 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 13:26:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 7def239c-2bed-4ac4-9e1e-7f266758e0ed
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 7def239c-2bed-4ac4-9e1e-7f266758e0ed
server: cloudflare
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-p9jr7
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 8b20cbadac8ebaa9-MXP

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 127ms
45ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-V21CT0R1FX&gtm=45je4880v893716759za200zb810153545&_p=1723469168024&_gaz=1&gcd=13l3l3l2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=2119682772.1723469171&ul=it-it&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=1&cu=USD&dl=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&dt=InfoStealer%20Uses%20SwiftUI%2C%20OpenDirectory%20API%20to%20Capture%20Passwords&sid=1723469170&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1&up.system_color_mode=Light&up.user_agent=Mozilla%2F5.0%20(X11%3B%20Linux%20x86_64)%20AppleWebKit%2F537.36%20(KHTML%2C%20like%20Gecko)%20Chrome%2F127.0.0.0%20Safari%2F537.36&tfd=4133
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-V21CT0R1FX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Aug 2024 13:26:11 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kandji.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
253 B 154ms
46ms Ping
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-V21CT0R1FX&cid=2119682772.1723469171&gtm=45je4880v893716759za200zb810153545&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1&npa=1&frm=0&tag_exp=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-V21CT0R1FX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Aug 2024 13:26:11 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kandji.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.it/ads/ 42 B
408 B 216ms
59ms Image
image/gif 2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.it/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-V21CT0R1FX&cid=2119682772.1723469171&gtm=45je4880v893716759za200zb810153545&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1&npa=1&frm=0&tag_exp=0&tag_exp=0&z=591092873

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Aug 2024 13:26:11 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 manifest.jsonp Show response
cdn.transifex.com/72b901e9e32d453caf08786f9cc143d2/latest/ 394 B
809 B 43ms
43ms Script
text/javascript 18.239.69.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.transifex.com/72b901e9e32d453caf08786f9cc143d2/latest/manifest.jsonp
Requested by: Host: cdn.transifex.com
URL: https://cdn.transifex.com/live.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.239.69.2 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-69-2.ams58.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 12497d1cfc9483c5d61f4690d5292b6fe09fb5b2364c1c0ba1edaf0381625356

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id: 1i7aCyHAf4jR4168LAoC.JyYPG..t1TC
date: Mon, 12 Aug 2024 00:51:51 GMT
via: 1.1 0f3cf20f6db29b970aa67df851b05904.cloudfront.net (CloudFront)
last-modified: Tue, 06 Aug 2024 20:26:38 GMT
server: AmazonS3
x-amz-cf-pop: AMS58-P4
age: 45261
x-amz-server-side-encryption: AES256
etag: "0ce581578ff2cf5c1eb90e2230bf6e6e"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript
accept-ranges: bytes
content-length: 394
x-amz-cf-id: bSppE6s1sPHRzERZGj9cFFrDHqma34biT9A5YTDsMw4cxp6RypbjKw==

GET
H2 200 otFloatingFlat.json Show response
cdn.cookielaw.org/scripttemplates/202303.1.0/assets/ 10 KB
3 KB 66ms
66ms Fetch
application/json 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202303.1.0/assets/otFloatingFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202303.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

179a0ba55c3bbf759340ba2a57846f81a7de249ed7e502b5e8814af2ef964533

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 12 Aug 2024 13:26:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: PubgfHj+VI+S8CXDj6L+0w==
age: 77687
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2702
x-ms-lease-status: unlocked
last-modified: Tue, 18 Apr 2023 02:32:08 GMT
server: cloudflare
etag: 0x8DB3FB51B88C45D
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 6b16c993-001e-0062-3567-79fba4000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b20cbaf18870e4f-MXP

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/202303.1.0/assets/v2/ 61 KB
13 KB 54ms
54ms Fetch
application/json 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202303.1.0/assets/v2/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202303.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b382967162c482928529c765a21bf9ae4141dd1ccbdbf480140bdbd67eab8991

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 12 Aug 2024 13:26:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 94mqEGmIxKb0iFeUZrbqtw==
age: 77687
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12540
x-ms-lease-status: unlocked
last-modified: Tue, 18 Apr 2023 02:32:10 GMT
server: cloudflare
etag: 0x8DB3FB51C6E493B
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: fea70ad7-e01e-006a-3595-22e1ab000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b20cbaf188a0e4f-MXP

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202303.1.0/assets/ 21 KB
4 KB 50ms
50ms Fetch
text/css 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202303.1.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202303.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 12 Aug 2024 13:26:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: XcxlleAcPGO2n5kTZrHH2Q==
age: 77687
x-ms-lease-status: unlocked
last-modified: Tue, 18 Apr 2023 02:32:19 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: ae90adf8-001e-0022-41d1-9b2f5f000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8b20cbaf188b0e4f-MXP

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 49ms
43ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-V21CT0R1FX&gtm=45je4880v893716759za200zb810153545&_p=1723469168024&gcd=13l3l3l2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&cid=2119682772.1723469171&ul=it-it&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&cu=USD&dl=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&dt=InfoStealer%20Uses%20SwiftUI%2C%20OpenDirectory%20API%20to%20Capture%20Passwords&sid=1723469170&sct=1&seg=0&_s=2&tfd=4243
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-V21CT0R1FX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 12 Aug 2024 13:26:11 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kandji.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 621 B
1 KB 481ms
179ms XHR
application/json 2606:4700::6812:f06c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=5058330

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:f06c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

83afcd7bea4e4c7cf6e6c8147391aabca2b8b5a1fdce69981a9ee0b723c04904

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 13:26:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 7b693bf2-fb9e-4df2-bf12-3930c7c2add5
x-envoy-upstream-service-time: 7
content-length: 296
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 7b693bf2-fb9e-4df2-bf12-3930c7c2add5
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://www.kandji.io
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-85b74c4c74-2vb74
access-control-max-age: 180
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uxAgcqPTgMTporUbjBauuClIGnSFBGyLeVUIMPoDA9jtBYnKI4II5jP2X2SGubEzX5cCXtaK%2BRjOiKAgGxsKachFWVgQ9MQfpOokqMopaLcApNIE6mz6ZFA7FdxgqVh3aQhZDRKjpYPTjBSD"}],"group":"cf-nel","max_age":604800}
cf-ray: 8b20cbb1fa694be4-MXP
access-control-allow-headers: *

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 272 KB
93 KB 69ms
69ms Script
application/javascript 142.250.186.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-781421631&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T7GZQ3L

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.72 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

211524b97d30d8150a43450554df44300c1252c7023cb3fa9e3e2ef699518a52

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 13:26:11 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95320
x-xss-protection: 0
last-modified: Mon, 12 Aug 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 12 Aug 2024 13:26:11 GMT

GET
H2

200

/
www.google.it/pagead/1p-conversion/781421631/
Redirect Chain

https://www.googleadservices.com/pagead/conversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0&ct_cookie_present=false&random=1702964028&crd=CKG4sQIIscGxAgiwwbECCLnBsQI&psc...
https://www.google.com/pagead/1p-conversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0&ct_cookie_present=false&random=1702964028&crd=CKG4sQIIscGxAgiwwbECCLnBsQI&pscrd=IhMIs6SF_sbvhwMVT_...
https://www.google.it/pagead/1p-conversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0&ct_cookie_present=false&random=1702964028&crd=CKG4sQIIscGxAgiwwbECCLnBsQI&pscrd=IhMIs6SF_sbvhwMVT_Q...

42 B
154 B

52ms
52ms

Image
image/gif

2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.it/pagead/1p-conversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0&ct_cookie_present=false&random=1702964028&crd=CKG4sQIIscGxAgiwwbECCLnBsQI&pscrd=IhMIs6SF_sbvhwMVT_QRCB30pQBtMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOllodHRwczovL3d3dy5rYW5kamkuaW8vYmxvZy9pbmZvc3RlYWxlci1zd2lmdHVpLW9wZW5kaXJlY3RvcnktYXBpLWNhcHR1cmUtdmVyaWZ5LXBhc3N3b3Jkcw&is_vtc=1&cid=CAQSGwDpaXnfonx59e8yeloPRdBc_LW8R0K1W3W_OA&random=3749243172&ipr=y

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords

Protocol

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Aug 2024 13:26:12 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 12 Aug 2024 13:26:12 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.it/pagead/1p-conversion/781421631/?label=1lluCKXMhqUZEL-YzvQC&guid=ON&script=0&ct_cookie_present=false&random=1702964028&crd=CKG4sQIIscGxAgiwwbECCLnBsQI&pscrd=IhMIs6SF_sbvhwMVT_QRCB30pQBtMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOllodHRwczovL3d3dy5rYW5kamkuaW8vYmxvZy9pbmZvc3RlYWxlci1zd2lmdHVpLW9wZW5kaXJlY3RvcnktYXBpLWNhcHR1cmUtdmVyaWZ5LXBhc3N3b3Jkcw&is_vtc=1&cid=CAQSGwDpaXnfonx59e8yeloPRdBc_LW8R0K1W3W_OA&random=3749243172&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 tc_imp.gif
obs.sd22326.kandji.io/tracker/ 43 B
102 B 143ms
143ms Image
image/gif 2600:1f18:e8a:cd08:3437:aff5:50c:d298
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://obs.sd22326.kandji.io/tracker/tc_imp.gif?e=37dfbd8ee84e001268edc333e3468d9d9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d5b168f6e2e17071a10acf9f29f674c80d28c07246e18af782103816d8e36c752355175915101093d0d0ec7ba621977be26bb25cb43e2913bf05365ac5c7e721bda53ee42f497d7db39bb2807ff7ecaa8556d8e0e3143714493d60265fd60b3f493a0180dec1edae97dfa2bc8169b1adc597cff3200e714561c44ca4825b6a3e5aa22a76da50eda7cf54a6863c89777256e1d0cd71ed0d906f50732e690b73255015ab2fb523c9bdc05457f54065258fcd135700e5fe6a5142c93aaf7298ee04572032cbbc5f4c2c935e7c2db59ec489f5e2c7edfaacff4e43e828ab73e95355883a89f7f4c40a5343aae951365e689a876d90faa14e4d010cb1dd9d36d9a6d279c9b25db6796cefab6cdb3f11338ae6bf2fbb9234e2bfb94248eef13ed111c58c904059a828dc5c4b18e3ccc27c188b28b76e96c342591732f82839a012ac2ef7fad0af7944c807abf660d4846c779be0eced1b96fbfc82cc00cec8bc794758d485578f04e12423e073ec1ab23ec169a8c9723a68f68f1d0748bd3b2b03d8ef0bf1f4d48c8a71e449bef5a1442e3efa26ca52688a809b9b56cf029e2239f41c608c5fb64d51035b7f6c7273b7f205038174e49fba7d53b8346ee1a105123eaea5dc38a4f5d8de486efe228bbb9f6f694e5bded59196e881bdfe3072afa177711c57e4f6d7eb427bd7c72c1e8c87f8962d1398aab2ccdb811987b0f21231e7d139cc0e0c73d7b559a1f5994d3d9b9b8d652059eb3bc6197cf7378dfce132074fa99da4a3cb4208c43821be03d870fddc81295a620b6ded1868a4d70eefe3a648075a28bb9aa109572765c5dd7001908c2fe15fbac668de2f1da48dfc4c26a5a254dac3cb504ad57b1856f9f3344215f613b7ae41df3e54904c368b9f3ab53bcdd519e3036f6456e268de9cf0b5dec72f18819db00311e36d47c5ee4aed26ba3023c9af246dea2cfe392009a0b47287e9f6b3710d8c91e56bb20f5aa9069deafb35d0c38fb357e6a51984e0fb88be4190d82362491858d42cadda6dd197feb22b10676448c13763dc7da074282caf196bff001eb3aba7c8a6692de10ceece43968acd515808cb4b1c7facadf6b01dfa4375f9b238053cb0bf3ee2ab4dd9c9663b88fd5f8f25a69cda29fbe319d0bdb094f3c457ac0c6686a9f30a7&cri=LZn8pKfshx&ts=1248&cb=1723469171239
Requested by: Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-type: image/gif
pragma: no-cache
date: Mon, 12 Aug 2024 13:26:11 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
BLOB 200
OK 81080602-397d-4a49-af79-d02af241f58b
https://www.kandji.io/ 261 B
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.kandji.io/81080602-397d-4a49-af79-d02af241f58b
Requested by: Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e69ec801bb9076c9af0581aa06bba05203381e8ade0cfd5d041fe66a376af606

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Length: 261
Content-Type

POST
H2 200 21f774d6-4c0b-4c25-b47a-35023464393a Show response
forms-na1.hubspot.com/submissions-validation/v1/validate/5058330/ 2 B
767 B 215ms
211ms Fetch
application/json 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-na1.hubspot.com/submissions-validation/v1/validate/5058330/21f774d6-4c0b-4c25-b47a-35023464393a

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/_hcms/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 12 Aug 2024 13:26:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 346d1a11-440f-4668-9a29-29f67408bc74
content-encoding: br
x-envoy-upstream-service-time: 64
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 346d1a11-440f-4668-9a29-29f67408bc74
server: cloudflare
access-control-max-age: 300
vary: origin
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.kandji.io
x-evy-trace-virtual-host: all
content-type: application/json;charset=utf-8
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-sr68g
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FK33p58Sx5sRXuBRw9r8dEK8iQdpjENAoCZSZDYQWx6%2B1kFD0KCHLi4NwtE3qUHIR5ChcDonXnN06RWMeVWvnHPvUBXZRtYNknRfJonVlTuQoYW4srf0sJfYMYnCHh6T3HKeBCEzwXLoBdVJjs7KueBMLA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 8b20cbb40b31bad5-MXP
access-control-allow-headers: *

OPTIONS
H2 200 21f774d6-4c0b-4c25-b47a-35023464393a
forms-na1.hubspot.com/submissions-validation/v1/validate/5058330/ 0
0 275ms
157ms Preflight
text/plain 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms-na1.hubspot.com/submissions-validation/v1/validate/5058330/21f774d6-4c0b-4c25-b47a-35023464393a

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.kandji.io
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: content-type
access-control-allow-methods: OPTIONS, POST
access-control-allow-origin: https://www.kandji.io
access-control-max-age: 300
allow: POST,OPTIONS
cache-control: max-age=0, no-cache, no-store
cf-cache-status: DYNAMIC
cf-ray: 8b20cbb2f969bad5-MXP
content-encoding: gzip
content-type: text/plain; charset=utf-8
date: Mon, 12 Aug 2024 13:26:11 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NcT68RbB2tZZWj%2Bz00%2FR2KO%2Bwiu2nqSDaX3QknrVew0ZbZiulwueIzyNBxhm850GkPLQrMYqdjWMPRfyTpZXl%2BOX9%2BKUhSslnzvcAxT1Cwh0ZMBGnkRJ%2BEXB7jd6G2b6mWAp%2B23FhxiOJHD2wmQCp9Ho2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin
x-content-type-options: nosniff
x-envoy-upstream-service-time: 3
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-ffbf7bf5c-lkwbr
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 595bbda1-40f3-42a9-b40b-329060114062
x-request-id: 595bbda1-40f3-42a9-b40b-329060114062

GET
H2 200 ot_guard_logo.svg Show response
cdn.cookielaw.org/logos/static/ 497 B
494 B 42ms
42ms Fetch
image/svg+xml 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202303.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 12 Aug 2024 13:26:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: tXyZydHjxQshFMbbBT1/8A==
age: 77686
x-ms-lease-status: unlocked
last-modified: Thu, 08 Aug 2024 20:27:01 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 05b1132f-601e-0053-56e4-e98f85000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8b20cbb29ee90e4f-MXP

GET
H2 200 logo_smaller.jpg
cdn.cookielaw.org/logos/88b1f9df-81c2-4d29-89cf-c98916e9bd0d/55e57800-c74c-4810-a41b-5e2afff8ac2a/7559b0a1-1d52-400b-a0ac-48786ae4e19f/ 7 KB
7 KB 54ms
53ms Image
image/jpeg 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/88b1f9df-81c2-4d29-89cf-c98916e9bd0d/55e57800-c74c-4810-a41b-5e2afff8ac2a/7559b0a1-1d52-400b-a0ac-48786ae4e19f/logo_smaller.jpg

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5846533b4521c67fd6a587522d5dc150c85d870b1dfd635af7990317ace96f86

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 12 Aug 2024 13:26:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: cWKZllORFmU1skGzXrJiWA==
age: 56864
content-length: 7067
x-ms-lease-status: unlocked
cf-bgj: h2pri
last-modified: Wed, 19 Apr 2023 22:05:49 GMT
server: cloudflare
etag: 0x8DB41223BF0F461
vary: Accept-Encoding
content-type: image/jpeg
access-control-allow-origin: *
x-ms-request-id: 50098723-701e-009c-504f-1494e5000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b20cbb38b7b59a1-MXP

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 55ms
54ms Image
image/svg+xml 2606:4700::6812:572a
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 12 Aug 2024 13:26:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 57625
x-ms-lease-status: unlocked
last-modified: Thu, 08 Aug 2024 20:27:02 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 21a99458-c01e-0033-4d8f-eacaa7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 8b20cbb39b8059a1-MXP

GET
BLOB 200
OK 199bebb1-05b7-4cf2-934a-f8b4a23aaefa
https://www.kandji.io/ 529 B
0 Other
text/plain

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.kandji.io/199bebb1-05b7-4cf2-934a-f8b4a23aaefa
Requested by: Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b41a0e96be6e1a9d1a18af3030bacc3e88afc28dd287eb4dc291dc44329559fa

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Length: 529
Content-Type

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 272 KB
93 KB 60ms
59ms Script
application/javascript 142.250.186.72
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-781421631

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.186.72 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s05-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

9c79e4161f7507533db389e4b9af3df81a696228d745ffbeb968543041b1b1a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 13:26:11 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95253
x-xss-protection: 0
last-modified: Mon, 12 Aug 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 12 Aug 2024 13:26:11 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 157ms
40ms Script
application/javascript 2a02:26f0:3500:10::210:a9a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:10::210:a9a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

edd5487f216469726314ae2b829b221d70e2a02674477e3c8f69a0d5f0b1ea49

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 13:26:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2024 05:33:09 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=65650
accept-ranges: bytes
content-length: 14597

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/781421631/ 3 KB
2 KB 126ms
125ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/781421631/?random=1723469171905&cv=11&fst=1723469171905&bg=ffffff&guid=ON&async=1&gtm=45be4880v885711243za200zb810153545&gcd=13l3l3l2l1&dma_cps=syphamo&dma=1&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&label=1lluCKXMhqUZEL-YzvQC&hn=www.googleadservices.com&frm=0&tiba=InfoStealer%20Uses%20SwiftUI%2C%20OpenDirectory%20API%20to%20Capture%20Passwords&did=dYWJhMj&gdid=dYWJhMj&gtm_ee=1&npa=1&pscdl=noapi&auid=46847401.1723469170&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fdr=SA&capi=1&data=event%3Dconversion&em=tv.1&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-781421631&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

a3822295e15b854cd66fa9151add69b635d15742278419ce1e22403b6ea3bfcf

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Aug 2024 13:26:11 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1753
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
812 B 719ms
191ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=1329610&time=1723469172037&url=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept: *
Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 13:26:12 GMT
content-encoding: gzip
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: F794542F26224DE3B25EAF04BF2411F1 Ref B: MIL30EDGE0705 Ref C: 2024-08-12T13:26:12Z
access-control-allow-methods: GET, OPTIONS
x-li-fabric: prod-ltx1
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
content-type: application/json
x-li-proto: http/2
x-restli-protocol-version: 1.0.0
access-control-allow-headers: *
x-li-uuid: AAYffG/RrbSwHnDW3cbf4w==
x-fs-uuid: 00061f7c6fd1adb4b01e70d6ddc6dfe3

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1329610&time=1723469172037&url=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1329610&time=1723469172037&url=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&e_ipv6=AQI8_xj...

0
265 B

531ms
266ms

Image
application/javascript

2620:1ec:51::12
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1329610&time=1723469172037&url=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&e_ipv6=AQI8_xjkWjlFfQAAAZFGxI_mP8uB_BYq7ok67Zfg0ZSWt0aJqbbPu2teWq6QDCIy-b-BUg
Requested by: Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
Protocol: H2
Server: 2620:1ec:51::12 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 13:26:12 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 028ED8D1B414487E9ADF2A4CA683BB84 Ref B: VIEEDGE2306 Ref C: 2024-08-12T13:26:13Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYffG/Zv8hHYX5rJTdZqQ==

Redirect headers

date: Mon, 12 Aug 2024 13:26:12 GMT
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 3C1EF6FF248C45A6B7DCF47302BAA40C Ref B: ZRHEDGE1912 Ref C: 2024-08-12T13:26:12Z
linkedin-action: 1
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=1329610&time=1723469172037&url=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&e_ipv6=AQI8_xjkWjlFfQAAAZFGxI_mP8uB_BYq7ok67Zfg0ZSWt0aJqbbPu2teWq6QDCIy-b-BUg
x-cache: CONFIG_NOCACHE
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYffG/SAkTglDvFY6nH8Q==

GET
H2

200

/
www.google.it/pagead/1p-conversion/781421631/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/781421631/?random=1429280302&cv=11&fst=1723469171905&bg=ffffff&guid=ON&async=1&gtm=45be4880v885711243za200zb810153545&gcd=13l3l3l2l1...
https://www.google.com/pagead/1p-conversion/781421631/?random=1429280302&cv=11&fst=1723469171905&bg=ffffff&guid=ON&async=1&gtm=45be4880v885711243za200zb810153545&gcd=13l3l3l2l1&dma_cps=syphamo&dma=...
https://www.google.it/pagead/1p-conversion/781421631/?random=1429280302&cv=11&fst=1723469171905&bg=ffffff&guid=ON&async=1&gtm=45be4880v885711243za200zb810153545&gcd=13l3l3l2l1&dma_cps=syphamo&dma=1...

42 B
108 B

71ms
53ms

Image
image/gif

2a00:1450:4001:828::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.it/pagead/1p-conversion/781421631/?random=1429280302&cv=11&fst=1723469171905&bg=ffffff&guid=ON&async=1&gtm=45be4880v885711243za200zb810153545&gcd=13l3l3l2l1&dma_cps=syphamo&dma=1&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&label=1lluCKXMhqUZEL-YzvQC&hn=www.googleadservices.com&frm=0&tiba=InfoStealer%20Uses%20SwiftUI%2C%20OpenDirectory%20API%20to%20Capture%20Passwords&did=dYWJhMj&gdid=dYWJhMj&gtm_ee=1&npa=1&pscdl=noapi&auid=46847401.1723469170&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fdr=SA&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CKG4sQIIscGxAgiwwbECCLnBsQJKLGV2ZW50LXNvdXJjZSwgdHJpZ2dlciwgbm90LW5hdmlnYXRpb24tc291cmNlWgMKAQFiBAoCAgM&pscrd=IhMI3s-Y_sbvhwMV3-QRCB1aYgR1MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOllodHRwczovL3d3dy5rYW5kamkuaW8vYmxvZy9pbmZvc3RlYWxlci1zd2lmdHVpLW9wZW5kaXJlY3RvcnktYXBpLWNhcHR1cmUtdmVyaWZ5LXBhc3N3b3Jkcw&is_vtc=1&cid=CAQSKQDpaXnfpjBoOYN3E7ujrIHOXzo1HBLVnZTp1iBJVnLebwl1bh1azdBU&random=813704511&ipr=y

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords

Protocol

Server

2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Aug 2024 13:26:12 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 12 Aug 2024 13:26:12 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.it/pagead/1p-conversion/781421631/?random=1429280302&cv=11&fst=1723469171905&bg=ffffff&guid=ON&async=1&gtm=45be4880v885711243za200zb810153545&gcd=13l3l3l2l1&dma_cps=syphamo&dma=1&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&label=1lluCKXMhqUZEL-YzvQC&hn=www.googleadservices.com&frm=0&tiba=InfoStealer%20Uses%20SwiftUI%2C%20OpenDirectory%20API%20to%20Capture%20Passwords&did=dYWJhMj&gdid=dYWJhMj&gtm_ee=1&npa=1&pscdl=noapi&auid=46847401.1723469170&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&ec_mode=a&fdr=SA&capi=1&data=event%3Dconversion&em=tv.1&fmt=3&ct_cookie_present=false&crd=CKG4sQIIscGxAgiwwbECCLnBsQJKLGV2ZW50LXNvdXJjZSwgdHJpZ2dlciwgbm90LW5hdmlnYXRpb24tc291cmNlWgMKAQFiBAoCAgM&pscrd=IhMI3s-Y_sbvhwMV3-QRCB1aYgR1MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOllodHRwczovL3d3dy5rYW5kamkuaW8vYmxvZy9pbmZvc3RlYWxlci1zd2lmdHVpLW9wZW5kaXJlY3RvcnktYXBpLWNhcHR1cmUtdmVyaWZ5LXBhc3N3b3Jkcw&is_vtc=1&cid=CAQSKQDpaXnfpjBoOYN3E7ujrIHOXzo1HBLVnZTp1iBJVnLebwl1bh1azdBU&random=813704511&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 infostealer-swiftui-opendirectory-api-capture-verify-passwords
www.kandji.io/blog/ 0
99 B 55ms
55ms Other
text/html 2a05:d014:275:cb00::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/5058330/hub_generated/template_assets/95659796768/1722291948100/Kandji_December2022/js/kandji.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb00::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 5204
x-evy-trace-route-service-name: envoyset-translator
edge-cache-tag: CT-163759176078,CT-165936097429,CT-170252059575,CT-175134870081,CG-5058330,CG-6850365017,P-5058330,CW-127157693999,CW-173071377937,CW-95831149845,CW-95982514497,CW-95984958073,CW-96856054340,E-95659790937,E-95659796768,E-95659796773,E-95660243592,E-95660429163,E-95663097226,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-118553034663
x-evy-trace-listener: listener_https
referrer-policy: no-referrer-when-downgrade
x-hs-hub-id: 5058330
netlify-vary: query
cache-status: "Netlify Edge"; hit
vary: origin,Accept-Encoding
content-type: text/html;charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=7200,max-age=5
link: </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script
x-nf-request-id: 01J53C93MZQ8C14BM7GJ9Y61NW
date: Mon, 12 Aug 2024 13:26:12 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: e3f6088e-3a97-4d27-93a5-69df36e5f04f
cache-tag: ct-163759176078,ct-165936097429,ct-170252059575,ct-175134870081,cg-5058330,cg-6850365017,p-5058330,cw-127157693999,cw-173071377937,cw-95831149845,cw-95982514497,cw-95984958073,cw-96856054340,e-95659790937,e-95659796768,e-95659796773,e-95660243592,e-95660429163,e-95663097226,ra-150720214182,ra-95688192170,ra-96550832786,pgs-all,sw-3,b-6850365017,gc-118553034663
x-envoy-upstream-service-time: 194
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: e3f6088e-3a97-4d27-93a5-69df36e5f04f
x-hs-content-id: 175134870081
x-hs-cache-config: BrowserCache-5s-EdgeCache-7200s
last-modified: Mon, 12 Aug 2024 11:50:37 GMT
server: Netlify
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=DNRmzr1XzjRJcuIkKEqmpHhU2Xq%2BvPSMVBFNlVk1T%2BPWoWN08lWQ3t82Uw%2FElLtX07rrWgmvljHKz6vItp8KLSbdNYglxUJck3WoT0SqXIiSTmbV6qauMq22xVfiBgyJ"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-30-39-td/envoy-proxy-69c59d5485-9qtzh
access-control-allow-credentials: false
cf-ray: 8b20cb97b8f89bec-FRA

GET
H2 200 /
www.kandji.io/ 0
66 KB 66ms
46ms Other
text/html 2a05:d014:275:cb00::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.kandji.io/

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/5058330/hub_generated/template_assets/95659796768/1722291948100/Kandji_December2022/js/kandji.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb00::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J53C93QT5JEHM731YWYM3XEP
date: Mon, 12 Aug 2024 13:26:12 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
age: 5874
content-length: 67479
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
server: Netlify
cache-status: "Netlify Edge"; hit
etag: "79cbd06650533766f0b309ca358f4cbb-ssl-df"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes

GET
H2 200 /
www.kandji.io/pricing/ 0
144 KB 146ms
127ms Other
text/html 2a05:d014:275:cb00::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.kandji.io/pricing/

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/5058330/hub_generated/template_assets/95659796768/1722291948100/Kandji_December2022/js/kandji.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb00::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J53C93QTFVEDT905ATCSASCZ
date: Mon, 12 Aug 2024 13:26:12 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
age: 1177
content-length: 147485
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
server: Netlify
cache-status: "Netlify Edge"; hit
etag: "e4d97eac135948debaf6399a29d492f0-ssl-df"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes

POST
H2 200 mon Show response
obs.sd22326.kandji.io/ 0
146 B 142ms
140ms XHR
application/json 2600:1f18:e8a:cd08:3437:aff5:50c:d298
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.sd22326.kandji.io/mon
Requested by: Host: ob.sd22326.kandji.io
URL: https://ob.sd22326.kandji.io/i/130ddaec76c305292f6ec30ebef2d5ce.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://www.kandji.io
date: Mon, 12 Aug 2024 13:26:12 GMT
access-control-allow-credentials: true
content-length: 0
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json

POST
H2 200 mon Show response
obs.sd22326.kandji.io/ 0
16 B 162ms
141ms XHR
application/json 2600:1f18:e8a:cd08:3437:aff5:50c:d298
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.sd22326.kandji.io/mon
Requested by: Host: ob.sd22326.kandji.io
URL: https://ob.sd22326.kandji.io/i/130ddaec76c305292f6ec30ebef2d5ce.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://www.kandji.io
date: Mon, 12 Aug 2024 13:26:12 GMT
access-control-allow-credentials: true
content-length: 0
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json

GET
H2 200 project.js Show response
www.kandji.io/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
0 0ms
0ms Script
application/javascript 2a05:d014:275:cb00::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.kandji.io/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb00::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J53C8YXZYFDN0RB46YQJP23A
content-security-policy: upgrade-insecure-requests
content-encoding: br
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
date: Mon, 12 Aug 2024 13:26:07 GMT
age: 13125193
x-amz-cf-pop: FRA56-P2
x-amz-server-side-encryption: AES256
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
content-length: 520
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
netlify-vary: query
server: Netlify
cache-status: "Netlify Edge"; hit
etag: W/"61ca66de658cab9587e4636894680d5d"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2F%2BIJ8aMkaM02hTWMtzOGtp7gvT6%2Bai08ejaBagB7RhkcbBD2WojjeGUIvAQ8ZBkgPne4nr1K1mjXmIDGis5QxR3W2A3ScAEu2pi6KeoIbqVN2POBzBRD6Hlji3b50nnj"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
cache-control: public,max-age=31536000
cf-ray: 8b1b7723cb0d2c3a-FRA
x-amz-cf-id: vMxH2clCDRRjd7emHmifSLXhLc2TFOGFc0VsUqlcTSiVQmWY_1aUGQ==
expires: Mon, 11 Aug 2025 21:54:39 GMT

GET
H2 200 v2.js Show response
www.kandji.io/_hcms/forms/ 483 KB
0 12ms
12ms Script
application/javascript 2a05:d014:275:cb00::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.kandji.io/_hcms/forms/v2.js

Requested by

Host: www.kandji.io
URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb00::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

dfdf1af1a230e3ee08968606c4322f5a9c51a5a6bf341687fedac60716c9ddab

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 119
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.5781/bundles/project-v2.js&cfRay=8af7a668726e5b8c-ARN
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
netlify-vary: query
cache-status: "Netlify Edge"; fwd=stale
etag: W/"07033d485ccfcdda144e7a4173dbc0bc"
vary: accept-encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600,max-age=300
x-hs-target-asset: forms-embed/static-1.5781/bundles/project-v2.js
x-nf-request-id: 01J53C8YXZF408WRRMSMYQNEWD
date: Mon, 12 Aug 2024 13:26:07 GMT
via: 1.1 f57a09c5455a80253c61001d750462e6.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: __TkXxzKt.v8sm6CVT1EUR2QdTtEmM_4
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 3f4beb6d-dfde-4e48-bda3-332056300892
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 3f4beb6d-dfde-4e48-bda3-332056300892
last-modified: Wed, 07 Aug 2024 13:25:19 UTC
server: Netlify
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JyOeqp967zw%2B%2B8FRKz1BFNFikS%2FCVkijUdNIWPirq1UxfLULIRJFmUmpfeFVJKasMJHX%2FENLmOrzZOwqpSmETXT%2FuaJpRkgwTgfY57DhRoFtB91GCBcN4bbeVXcBWlch"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-5f4dcb8bc8-sw27x
cf-ray: 8b20cb993b239bec-FRA
x-amz-cf-id: GHduPZg1Rnev-i91bn-hQxVpVnCAQNGrwyCSmk_bX9hA-fJzXtrLBg==

GET
H2 200 /
www.kandji.io/login/ 0
58 KB 39ms
39ms Other
text/html 2a05:d014:275:cb00::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.kandji.io/login/

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/5058330/hub_generated/template_assets/95659796768/1722291948100/Kandji_December2022/js/kandji.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb00::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J53C94EY96P4SCC7Z9KWQYCK
date: Mon, 12 Aug 2024 13:26:13 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
age: 26103
content-length: 58714
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
server: Netlify
cache-status: "Netlify Edge"; hit
etag: "2cfd1c5f884527653f0e1c60c330f396-ssl-df"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes

GET
H2 200 /
www.kandji.io/start/ 0
181 KB 102ms
101ms Other
text/html 2a05:d014:275:cb00::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.kandji.io/start/

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/5058330/hub_generated/template_assets/95659796768/1722291948100/Kandji_December2022/js/kandji.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb00::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	"1; mode=block"

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J53C94GZ5FRAZ35MXZ8FXKTC
date: Mon, 12 Aug 2024 13:26:13 GMT
content-encoding: br
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
age: 1178
content-length: 184903
x-xss-protection: "1; mode=block"
referrer-policy: no-referrer-when-downgrade
server: Netlify
cache-status: "Netlify Edge"; hit
etag: "b865ea8401b9cd3413bcba2a6ed6a417-ssl-df"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/html; charset=UTF-8
cache-control: public,max-age=0,must-revalidate
accept-ranges: bytes

GET
H2 200 /
www.kandji.io/blog/ 0
29 KB 203ms
203ms Other
text/html 2a05:d014:275:cb00::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.kandji.io/blog/

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/5058330/hub_generated/template_assets/95659796768/1722291948100/Kandji_December2022/js/kandji.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb00::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J53C94GZGJXY0GB3F5MTFM6N
content-security-policy: upgrade-insecure-requests
content-encoding: br
date: Mon, 12 Aug 2024 13:26:13 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000
age: 0
edge-cache-tag: CT-89692465160,CG-5058330,CG-6850365017,P-5058330,CW-95728460932,CW-95831149845,CW-95982514497,E-95659790937,E-95659790938,E-95659796768,E-95659796773,E-95660243592,E-95663097226,E-95710341535,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-96820535620,TS-95660243609
x-hs-prerendered: Sun, 11 Aug 2024 18:26:47 GMT
x-hs-cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400
x-hs-content-id: 89692465160
x-hs-cache-config: BrowserCache-5s-EdgeCache-30s
referrer-policy: no-referrer-when-downgrade
x-hs-cache-control: s-maxage=10800, max-age=0
last-modified: Sun, 11 Aug 2024 18:26:47 GMT
netlify-vary: query
server: Netlify
cache-status: "Netlify Edge"; fwd=miss
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X7aBZOHvHMWFMjKG5XsbuXES4d76IUUVJ4rwklyJfENt0AjfHx%2FlqOlyMrbbaCDtgu4S8ChPpEllC%2BcBcmASkwAZm7xuz8ppdZvaJb6Q%2B73sDdTsOrfDam5%2FSrC1FMgn"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: no-store,no-cache,must-revalidate
x-hs-hub-id: 5058330
cf-ray: 8b20cbbd0a9b9bec-FRA
link: </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script,</_hcms/forms/v2.js>; rel=preload; as=script

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
193 B 270ms
238ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Mon, 12 Aug 2024 13:26:13 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 32C8A9EDD1BA4F54B0B9021FC2B3183A Ref B: ZRHEDGE1912 Ref C: 2024-08-12T13:26:13Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
access-control-allow-origin: https://www.kandji.io
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYffG/eotTrEEa+52MuNw==

POST
H2 202 integration Show response
telemetry.svc.transifex.net/live/ 30 B
189 B 275ms
62ms XHR
application/json 54.229.117.114
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://telemetry.svc.transifex.net/live/integration
Requested by: Host: cdn.transifex.com
URL: https://cdn.transifex.com/live.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.229.117.114 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-229-117-114.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 7dbea0062e5c176468cb3f86519df0fed69432a59a01b2dab85043f9b45d6664

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 12 Aug 2024 13:26:13 GMT
etag: W/"1e-GPKVsaTKBS5s/s17MlmchlMue8Y"
content-length: 30
vary: Accept-Encoding
content-type: application/json; charset=utf-8

POST
H2 200 / Show response
live-detector.svc.transifex.net/ 15 B
217 B 447ms
194ms XHR
application/json 34.254.137.132
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://live-detector.svc.transifex.net/
Requested by: Host: cdn.transifex.com
URL: https://cdn.transifex.com/live.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.137.132 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-254-137-132.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 71ac21ea2d41201a207ffdee8b08864a0fc8f183e4665f0c0edf3fec0de974de

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Mon, 12 Aug 2024 13:26:14 GMT
access-control-allow-headers: origin, x-csrftoken, content-type, accept
access-control-max-age: 1000
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 225 KB
60 KB 138ms
45ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

4d424af8e6254a3ee915b6efdec3f0ed3fcbdedc67c83025148c9758701cd2d4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 12 Aug 2024 13:26:13 GMT
document-policy: force-load-at-top
x-fb-server-load: 58
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58865
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=37, rtx=0, c=12, mss=1297, tbw=2778, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: xuLsYol2tdnpQXbQfgaPucd3OiNuggF5vTN18CBrkqBwAnwZoGxLEvhv3J5WEo6zDV+yuBKTI4gwvuNg+oxEZQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
440 B 194ms
179ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=it-it&bfp=872352201&v=1.1&a=5058330&pi=175134870081&ct=blog-post&ccu=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&cpi=175134870081&cgi=6850365017&lpi=175134870081&lvi=175134870081&lvc=en&pu=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&t=InfoStealer+Uses+SwiftUI%2C+OpenDirectory+API+to+Capture+Passwords&cts=1723469173704&vi=fe8cd950be4eb03ea6fb57d683418074&nc=true&u=234561729.fe8cd950be4eb03ea6fb57d683418074.1723469173681.1723469173681.1723469173681.1&b=234561729.1.1723469173681&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 13:26:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 7b31d690-5d3b-4fa6-956a-b6681dd6e3e2
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 8
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 7b31d690-5d3b-4fa6-956a-b6681dd6e3e2
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZmnvGtFkKD2nmsJ0ygXrLXC8cAJIsqJljHH3DAX7ugFBbFYBXeItPcW%2FJtWQBiDk7%2FqwqATzA7GWkQhYAn7OGP7evcKAuFInCMGVW%2B94%2FRH8t8%2BrnwDnaNCJyKMFcDEYzazA7UsYVY6DbAg60OoP"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-7bf556f6f-wj7dn
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8b20cbbffedc5277-MXP
x-robots-tag: none

GET
H2 200 __ptbe.gif
track.hubspot.com/ 45 B
463 B 189ms
184ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptbe.gif?n=pe5058330_form_analytic_event&_form_id=21f774d6-4c0b-4c25-b47a-35023464393a&_form_name=InfoStealer+Uses+SwiftUI%2C+OpenDirectory+API+to+Capture+Passwords&_form_group=&_form_platform=hubspot&_form_location=%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&_form_data=%5Bobject+Object%5D&_form_value=&_value=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=it-it&bfp=872352201&v=1.1&a=5058330&pi=175134870081&ct=blog-post&ccu=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&cpi=175134870081&cgi=6850365017&lpi=175134870081&lvi=175134870081&lvc=en&pu=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&t=InfoStealer+Uses+SwiftUI%2C+OpenDirectory+API+to+Capture+Passwords&cts=1723469173704&vi=fe8cd950be4eb03ea6fb57d683418074&nc=true&u=234561729.fe8cd950be4eb03ea6fb57d683418074.1723469173681.1723469173681.1723469173681.1&b=234561729.1.1723469173681&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 13:26:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: dc8a4182-25ec-4d8e-99c4-920b36fcb2d9
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 7
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: dc8a4182-25ec-4d8e-99c4-920b36fcb2d9
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zH6%2BMsspwW%2B2uWS4xFscRszezZyTP%2F1oJvWLGsjYJTYP9tJLsZnFqpTUBum%2B5OKXC7DVcvZZ9woPuIVE%2BR9qX%2F3n%2BkTb4ItW6Z9S5BgTITprmDe89Lw%2BrWizI9odCmEZJ9I%2BmjFA%2Bx6yECGZWdLw"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-7bf556f6f-6zbgq
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8b20cbbffeeb5277-MXP
x-robots-tag: none

GET
H2 200 __ptbe.gif
track.hubspot.com/ 45 B
672 B 181ms
176ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptbe.gif?n=pe5058330_form_definition_fetch_success&_form_id=21f774d6-4c0b-4c25-b47a-35023464393a&_form_name=InfoStealer+Uses+SwiftUI%2C+OpenDirectory+API+to+Capture+Passwords&_form_group=&_form_platform=hubspot&_form_location=%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&_form_data=%5Bobject+Object%5D&_form_value=&_value=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=it-it&bfp=872352201&v=1.1&a=5058330&pi=175134870081&ct=blog-post&ccu=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&cpi=175134870081&cgi=6850365017&lpi=175134870081&lvi=175134870081&lvc=en&pu=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&t=InfoStealer+Uses+SwiftUI%2C+OpenDirectory+API+to+Capture+Passwords&cts=1723469173704&vi=fe8cd950be4eb03ea6fb57d683418074&nc=true&u=234561729.fe8cd950be4eb03ea6fb57d683418074.1723469173681.1723469173681.1723469173681.1&b=234561729.1.1723469173681&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 13:26:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: abb1dea7-2810-4926-a7c0-c5f06dddef23
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 7
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: abb1dea7-2810-4926-a7c0-c5f06dddef23
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KW%2FqJHO%2Bxdu%2BTYI8Ex%2BvTLggYp8uQFyHGe%2BmkHkK%2FYK8z4%2BmKwazJFPmfksvwXg1srEEFL8Ci46qNgflPlOmjy4vN0nYmKJbJ6VSvrMrI1XUMCqplFIXbZD86iWm%2B5IFllWqcp%2BWTWQpU6y3NJIx"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-7bf556f6f-s9rb6
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8b20cbbffee85277-MXP
x-robots-tag: none

GET
H2 200 __ptbe.gif
track.hubspot.com/ 45 B
698 B 195ms
190ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptbe.gif?n=pe5058330_form_before_init&_form_id=21f774d6-4c0b-4c25-b47a-35023464393a&_form_name=InfoStealer+Uses+SwiftUI%2C+OpenDirectory+API+to+Capture+Passwords&_form_group=&_form_platform=hubspot&_form_location=%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&_form_data=%5Bobject+Object%5D&_form_value=&_value=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=it-it&bfp=872352201&v=1.1&a=5058330&pi=175134870081&ct=blog-post&ccu=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&cpi=175134870081&cgi=6850365017&lpi=175134870081&lvi=175134870081&lvc=en&pu=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&t=InfoStealer+Uses+SwiftUI%2C+OpenDirectory+API+to+Capture+Passwords&cts=1723469173705&vi=fe8cd950be4eb03ea6fb57d683418074&nc=true&u=234561729.fe8cd950be4eb03ea6fb57d683418074.1723469173681.1723469173681.1723469173681.1&b=234561729.1.1723469173681&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 13:26:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: d6ecce39-4b2f-474d-9355-64c4f0f1c2ef
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 6
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: d6ecce39-4b2f-474d-9355-64c4f0f1c2ef
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KA7cBIbh4zlLwIzEGtNNWq9PyIpotb58nKzfujROd16GaIaXla6VLJL7JCzeMx8gBl0RDeZ2iv5uvpRhhfKdGNyZ6Gxxrgb3%2FtM%2BUyJdyKomWzZaMYmgOIWyJam%2FogaBowabecuWa6Y6f94PpMya"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-7bf556f6f-88sv7
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8b20cbbffedf5277-MXP
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
438 B 181ms
178ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=21f774d6-4c0b-4c25-b47a-35023464393a&fci=97d70ffb-f924-41c7-83c3-27c54f11b64e&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=it-it&bfp=872352201&v=1.1&a=5058330&pi=175134870081&ct=blog-post&ccu=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&cpi=175134870081&cgi=6850365017&lpi=175134870081&lvi=175134870081&lvc=en&pu=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&t=InfoStealer+Uses+SwiftUI%2C+OpenDirectory+API+to+Capture+Passwords&cts=1723469173705&vi=fe8cd950be4eb03ea6fb57d683418074&nc=true&u=234561729.fe8cd950be4eb03ea6fb57d683418074.1723469173681.1723469173681.1723469173681.1&b=234561729.1.1723469173681&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 13:26:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 946f7051-3521-4544-ba4e-dda8d9dfeaa6
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 9
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 946f7051-3521-4544-ba4e-dda8d9dfeaa6
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3jLB48Lc9LZK4LYJ5Rk%2BNbWDRIhv4HrLo31yBqv%2BphR9VxJiD9Sn6u9DLbOeqKvJ%2B1TvDx31idIdQD8muGxja19Z9mblB21nWEjiWclxX0q8FTZdYQNcwDQKsfb3XEoUQPY760u%2FDIZpdKFRxTrs"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-7bf556f6f-gjf7m
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8b20cbbffee65277-MXP
x-robots-tag: none

GET
H2 200 __ptbe.gif
track.hubspot.com/ 45 B
523 B 188ms
186ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptbe.gif?n=pe5058330_form_ready&_form_id=21f774d6-4c0b-4c25-b47a-35023464393a&_form_name=InfoStealer+Uses+SwiftUI%2C+OpenDirectory+API+to+Capture+Passwords&_form_group=&_form_platform=hubspot&_form_location=%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&_form_data=%5Bobject+Object%5D&_form_value=&_value=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=it-it&bfp=872352201&v=1.1&a=5058330&pi=175134870081&ct=blog-post&ccu=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&cpi=175134870081&cgi=6850365017&lpi=175134870081&lvi=175134870081&lvc=en&pu=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&t=InfoStealer+Uses+SwiftUI%2C+OpenDirectory+API+to+Capture+Passwords&cts=1723469173715&vi=fe8cd950be4eb03ea6fb57d683418074&nc=true&u=234561729.fe8cd950be4eb03ea6fb57d683418074.1723469173681.1723469173681.1723469173681.1&b=234561729.1.1723469173681&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 13:26:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: f7a5d26f-2545-4f32-9fa5-6452a1b2bbca
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 8
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f7a5d26f-2545-4f32-9fa5-6452a1b2bbca
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7J1T%2BN70s%2BMiSQHshmy2bRkPbK98DhszksEGzcwcnWZC4KEQxy0HFyTIXeGojf85WH1uWJs6OdphZm924mTZtztHwUqn1Qi%2Butn3gi3z2xCEUxBaFb6V5rzKB0stSNaZYjhI5xT3unjOf72wqkTm"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-7bf556f6f-6zbgq
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8b20cbbffee95277-MXP
x-robots-tag: none

GET
H2 200 __ptbe.gif
track.hubspot.com/ 45 B
435 B 195ms
186ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptbe.gif?n=pe5058330_form_before_validation_init&_form_id=21f774d6-4c0b-4c25-b47a-35023464393a&_form_name=InfoStealer+Uses+SwiftUI%2C+OpenDirectory+API+to+Capture+Passwords&_form_group=&_form_platform=hubspot&_form_location=%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&_form_data=%5Bobject+Object%5D&_form_value=&_value=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=it-it&bfp=872352201&v=1.1&a=5058330&pi=175134870081&ct=blog-post&ccu=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&cpi=175134870081&cgi=6850365017&lpi=175134870081&lvi=175134870081&lvc=en&pu=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&t=InfoStealer+Uses+SwiftUI%2C+OpenDirectory+API+to+Capture+Passwords&cts=1723469173716&vi=fe8cd950be4eb03ea6fb57d683418074&nc=true&u=234561729.fe8cd950be4eb03ea6fb57d683418074.1723469173681.1723469173681.1723469173681.1&b=234561729.1.1723469173681&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 13:26:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 5ee04a62-4905-44bf-8cb9-e716c6bcee89
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 15
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 5ee04a62-4905-44bf-8cb9-e716c6bcee89
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=D0psnUdVgwnGmJOXgQtWdyUhRxxdKaEE32AN1Y5L12g%2B9e5jMo5qDnRPVMlN0IGrpFkQECkSBH7vHfB0A1TQkfhT2ukibim3BHbGAqEWFW7D5Ge6B68XMBXRpWnLRKySsjBJRSGunPNK78G5NxCZ"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-7bf556f6f-wj7dn
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8b20cbc129285277-MXP
x-robots-tag: none

GET
H2 200 __ptbe.gif
track.hubspot.com/ 45 B
460 B 196ms
187ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptbe.gif?n=pe5058330_form_analytic_event&_form_id=21f774d6-4c0b-4c25-b47a-35023464393a&_form_name=InfoStealer+Uses+SwiftUI%2C+OpenDirectory+API+to+Capture+Passwords&_form_group=&_form_platform=hubspot&_form_location=%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&_form_data=%5Bobject+Object%5D&_form_value=&_value=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=it-it&bfp=872352201&v=1.1&a=5058330&pi=175134870081&ct=blog-post&ccu=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&cpi=175134870081&cgi=6850365017&lpi=175134870081&lvi=175134870081&lvc=en&pu=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&t=InfoStealer+Uses+SwiftUI%2C+OpenDirectory+API+to+Capture+Passwords&cts=1723469173716&vi=fe8cd950be4eb03ea6fb57d683418074&nc=true&u=234561729.fe8cd950be4eb03ea6fb57d683418074.1723469173681.1723469173681.1723469173681.1&b=234561729.1.1723469173681&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 12 Aug 2024 13:26:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: c5cdf8d5-fa30-441c-834f-67e336384560
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 5
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c5cdf8d5-fa30-441c-834f-67e336384560
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RkW9W5H%2BszGBy4dsRAo8AoUiiTV1AE83E6ASdpcUY7PhbfqpHkY94jrZMUKa9uiDzSjYS5hUV%2FeQa9W%2FXSkW5lGpr86upNkR6mJ0V4wO2RRZjUBIu3TAXulZncf3F8dVyoPgLVLrgzCZZpE0xkgH"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-7bf556f6f-pbqz5
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 8b20cbc1292d5277-MXP
x-robots-tag: none

GET
H3 200 favicon-3.ico
blog.kandji.io/hubfs/ 15 KB
4 KB 90ms
89ms Other
image/vnd.microsoft.icon 199.60.103.227
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://blog.kandji.io/hubfs/favicon-3.ico

Protocol

Security

QUIC, , AES_128_GCM

Server

199.60.103.227 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b2d41a1b6c32ab456d18738bf61dc24c0e005cdae9b9a4217760ff8dad1e6c49

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
x-amz-meta-cache-tag: F-69125449986,P-5058330,FLS-ALL
age: 2471076
x-amz-request-id: 87QTQJ6MZWE1QAC5
x-amz-server-side-encryption: AES256
edge-cache-tag: F-69125449986,P-5058330,FLS-ALL
x-amz-replication-status: COMPLETED
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
etag: W/"a479d2e98cdbda4dffb71d43887dcac0"
vary: Accept-Encoding
access-control-allow-methods: GET
content-type: image/vnd.microsoft.icon
access-control-allow-origin: *
x-amz-meta-created-unix-time-millis: 1647912952595
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag: all
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
date: Mon, 12 Aug 2024 13:26:13 GMT
strict-transport-security: max-age=31536000
via: 1.1 e6b325a976b10aa826ec63757afbdeda.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id: YpH3jO4xnu2k6P.H5WyN2Y.XriWIZvyk
x-amz-cf-pop: ZRH50-C1
x-hs-alternate-content-type: text/plain
x-cache: RefreshHit from cloudfront
cache-tag: F-69125449986,P-5058330,FLS-ALL
x-amz-meta-index-tag: all
alt-svc: h3=":443"; ma=86400
x-amz-id-2: Y2KsYYIaxEjl/OrCCEw5JCItE0iQofvaT4SoCKsz/jOFbllTyPba+rCI0jv3+TJdRjVFV2Oo8cY=
last-modified: Tue, 22 Mar 2022 01:35:53 GMT
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1HmGe1VExIbPUUh6AX846lBXWG9RuprQF%2F9z9O6Bm8SzNPEY54xaSDEW2tA5uTQBAGP4Y%2BqmAHmymBQoxLw49p4isEYpX71FKckvEuk%2FUJXWqvUiy8ckaVtgYLfGo%2FlN"}],"group":"cf-nel","max_age":604800}
cf-ray: 8b20cbc089753757-MXP
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
x-amz-cf-id: rSwHW8wnVcT4uZh5JxLvkEdY_32NcCWRr3WpzJSPQSh3f2kB6-NklQ==

GET
H2 200 821678078239751 Show response
connect.facebook.net/signals/config/ 71 KB
14 KB 238ms
237ms Script
application/x-javascript 2a03:2880:f083:9:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/821678078239751?v=2.9.164&r=stable&domain=www.kandji.io&hme=61ff4e692c87a9a2ce7b19822df2b04638e3ca38b23c1be6c0f1945ccadb2ad5&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C167%2C170%2C182%2C178%2C179%2C181%2C29%2C98%2C52%2C75%2C180%2C162%2C165%2C175%2C176%2C183%2C127%2C40%2C34%2C139%2C15%2C49%2C189%2C188%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C163%2C166%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8a6bef3b6e609ae1e38b83ce9c18c415a8c1b57b0e9703cc72adb3e28a7f24ea

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Mon, 12 Aug 2024 13:26:14 GMT
document-policy: force-load-at-top
x-fb-server-load: 52
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: GOOD; q=0.7, rtt=52, rtx=0, c=63, mss=1297, tbw=64416, tp=-1, tpl=-1, uplat=193, ullat=0
pragma: public
x-fb-debug: CALO9pIL0sYg4dl/ezo+vXT5UgU7cjWpNFROgHu7cOOIK2aq1ti6QWj4aC9UybpNArGYG1fHWP7GSIff5vAumQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 threat-intelligence
www.kandji.io/blog/tag/ 0
27 KB 441ms
434ms Other
text/html 2a05:d014:275:cb00::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.kandji.io/blog/tag/threat-intelligence

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/5058330/hub_generated/template_assets/95659796768/1722291948100/Kandji_December2022/js/kandji.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb00::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J53C95E492EM6JTG4GT72MQA
content-security-policy: upgrade-insecure-requests
content-encoding: br
date: Mon, 12 Aug 2024 13:26:14 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000
age: 0
edge-cache-tag: CT-89692465160,CG-5058330,CG-6850365017,P-5058330,CW-95728460932,E-95659790937,E-95659790938,E-95659796768,E-95659796773,E-95660243592,E-95663097226,E-95711748276,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,TS-95660243609,TG-154217753888
x-hs-prerendered: Thu, 08 Aug 2024 20:57:54 GMT
x-hs-cf-cache-status: HIT
alt-svc: h3=":443"; ma=86400
x-hs-content-id: 89692465160
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
referrer-policy: no-referrer-when-downgrade
x-hs-cache-control: s-maxage=10800, max-age=0
last-modified: Thu, 08 Aug 2024 20:57:54 GMT
netlify-vary: query
server: Netlify
cache-status: "Netlify Edge"; fwd=stale
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SucKocS5TjlgKkWzQvZFoYCFsem7FoRpNfOYm9aFG3H%2FxkOPhILJlBbotWrVMLe9tgGeIPGrBtwGHKhaQQuPfevRG8qxCt%2BTdS1Om7KTCmMPFwZymaMeyJPDgRAywMhb"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: s-maxage=10800,max-age=0
x-hs-hub-id: 5058330
cf-ray: 8b20cbc4cf0b9bec-FRA
link: </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script

GET
H2 200 christopher-lopez
www.kandji.io/blog/author/ 0
26 KB 493ms
486ms Other
text/html 2a05:d014:275:cb00::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.kandji.io/blog/author/christopher-lopez

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/5058330/hub_generated/template_assets/95659796768/1722291948100/Kandji_December2022/js/kandji.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb00::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-nf-request-id: 01J53C95E8FSPZB90W59SXZP3H
content-security-policy: upgrade-insecure-requests
content-encoding: br
date: Mon, 12 Aug 2024 13:26:14 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000
age: 0
edge-cache-tag: CT-89692465160,CG-5058330,CG-6850365017,P-5058330,CW-95728460932,DB-5688587,E-95659790937,E-95659790938,E-95659796768,E-95659796773,E-95660243592,E-95663097226,E-95711748276,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,TS-95660243609,AU-160466751305
x-hs-prerendered: Thu, 08 Aug 2024 20:57:55 GMT
x-hs-cf-cache-status: REVALIDATED
alt-svc: h3=":443"; ma=86400
x-hs-content-id: 89692465160
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
referrer-policy: no-referrer-when-downgrade
x-hs-cache-control: s-maxage=10800, max-age=0
last-modified: Thu, 08 Aug 2024 20:57:55 GMT
netlify-vary: query
server: Netlify
cache-status: "Netlify Edge"; fwd=stale
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UX%2BYmlw1A6Dkq3lqDoWJzbcDZkoFab8hTQlIhOprefmN6eeY54qFuakIMyZhSi55bcnanCnLSw5pwNAFlFNDGxbFcKnb64kgk5oYBfuPClMLXcxWBEZ1yMrH3nD4x0gw"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=UTF-8
cache-control: s-maxage=10800,max-age=0
x-hs-hub-id: 5058330
cf-ray: 8b20cbc4ef379bec-FRA
link: </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script

GET
H2 200 dock-tile-plugins-persistence
www.kandji.io/blog/ 0
35 KB 583ms
577ms Other
text/html 2a05:d014:275:cb00::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.kandji.io/blog/dock-tile-plugins-persistence

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/5058330/hub_generated/template_assets/95659796768/1722291948100/Kandji_December2022/js/kandji.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb00::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 0
x-evy-trace-route-service-name: envoyset-translator
edge-cache-tag: CT-163759176078,CT-170252059575,CT-172845024544,CT-175134870081,CG-5058330,CG-6850365017,P-5058330,CW-127157693999,CW-173071377937,CW-95831149845,CW-95982514497,CW-95984958073,CW-96856054340,E-95659790937,E-95659796768,E-95659796773,E-95660243592,E-95660429163,E-95663097226,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-118553034663
x-evy-trace-listener: listener_https
referrer-policy: no-referrer-when-downgrade
x-hs-hub-id: 5058330
netlify-vary: query
cache-status: "Netlify Edge"; fwd=stale
vary: origin,Accept-Encoding
content-type: text/html;charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=7200,max-age=5
link: </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script
x-nf-request-id: 01J53C95E8QV54EQF0YNKD7SX8
date: Mon, 12 Aug 2024 13:26:14 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 681b15de-b1db-465f-aa67-89e3e1ba13d2
cache-tag: ct-163759176078,ct-170252059575,ct-172845024544,ct-175134870081,cg-5058330,cg-6850365017,p-5058330,cw-127157693999,cw-173071377937,cw-95831149845,cw-95982514497,cw-95984958073,cw-96856054340,e-95659790937,e-95659796768,e-95659796773,e-95660243592,e-95660429163,e-95663097226,ra-150720214182,ra-95688192170,ra-96550832786,pgs-all,sw-3,b-6850365017,gc-118553034663
x-envoy-upstream-service-time: 173
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 681b15de-b1db-465f-aa67-89e3e1ba13d2
x-hs-content-id: 172845024544
x-hs-cache-config: BrowserCache-5s-EdgeCache-7200s
last-modified: Mon, 12 Aug 2024 12:47:12 GMT
server: Netlify
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CJIcDs0UFGAjVoJ%2B0ChwzxE3kR7uiQD0C5u9TB0MzyRFvPasff8z%2FeSbWKRvKkY1jbC0LQX2DtIQSeks9hF8oFN2TKdgx%2FuHLNJIydSv8k4JxzToNAdrx5xN%2B46pHFbo"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-30-39-td/envoy-proxy-69c59d5485-4hktq
access-control-allow-credentials: false
cf-ray: 8b20cbc4df1c9bec-FRA

GET
H2 200 /
www.facebook.com/tr/ 0
274 B 138ms
43ms Image
text/plain 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=821678078239751&ev=PageView&dl=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&rl=&if=false&ts=1723469174227&sw=1600&sh=1200&ud[external_id]=fe8cd950be4eb03ea6fb57d683418074&v=2.9.164&r=stable&a=hubspot&ec=0&o=4126&fbp=fb.1.1723469174225.296352532838861603&cs_est=true&ler=empty&cdl=API_unavailable&it=1723469173972&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=39, rtx=0, c=10, mss=1297, tbw=2828, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Mon, 12 Aug 2024 13:26:14 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 306ms
211ms Image
image/png 2a03:2880:f176:84:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=821678078239751&ev=PageView&dl=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&rl=&if=false&ts=1723469174227&sw=1600&sh=1200&ud[external_id]=fe8cd950be4eb03ea6fb57d683418074&v=2.9.164&r=stable&a=hubspot&ec=0&o=4126&fbp=fb.1.1723469174225.296352532838861603&cs_est=true&ler=empty&cdl=API_unavailable&it=1723469173972&coo=false&rqm=FGET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src .fbcdn.net data: .facebook.com 'unsafe-inline';connect-src .facebook.com facebook.com .fbcdn.net wss://.facebook.com:* wss://.fbcdn.net attachment.fbsbx.com blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ .fbsbx.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: .oculuscdn.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data:;frame-src .facebook.com .fbsbx.com fbsbx.com data: .fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

attribution-reporting-register-trigger: {"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x3d4f11b5e76aa1f9","source_keys":["1"]}],"aggregatable_values":{"1":10922},"filters":{"2":["24:8184239798283263","24:3994583753952843","24:4166181436759249","7830:8184239798283263","7830:3994583753952843","7830:4166181436759249","10853:8184239798283263","10853:3994583753952843","10853:4166181436759249","41:8184239798283263","41:3994583753952843","41:4166181436759249","8046:8184239798283263","8046:3994583753952843","8046:4166181436759249"]},"debug_reporting":true,"debug_key":"1"}
content-encoding: zstd
x-content-type-options: nosniff
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
strict-transport-security: max-age=15552000; preload
document-policy: force-load-at-top
date: Mon, 12 Aug 2024 13:26:14 GMT
x-fb-server-load: 60
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7402243738850982736", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=39, rtx=0, c=17, mss=1297, tbw=3146, tp=-1, tpl=-1, uplat=165, ullat=0
pragma: no-cache
x-fb-debug: fEVql1fJEQ3UTGL9TJYQ8k1xujHGTVTab/uMERysfdfqh/mTrpwmiJ4UweBZKkDm2zzKtXu3k+dMqPdL9sHnNg==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7402243738850982736"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 200 mon Show response
obs.sd22326.kandji.io/ 0
39 B 161ms
154ms XHR
application/json 2600:1f18:e8a:cd08:3437:aff5:50c:d298
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.sd22326.kandji.io/mon
Requested by: Host: ob.sd22326.kandji.io
URL: https://ob.sd22326.kandji.io/i/130ddaec76c305292f6ec30ebef2d5ce.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://www.kandji.io
date: Mon, 12 Aug 2024 13:26:14 GMT
access-control-allow-credentials: true
content-length: 0
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json

GET
H2 200 twitch-privileged-helper
www.kandji.io/blog/ 0
36 KB 289ms
289ms Other
text/html 2a05:d014:275:cb00::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.kandji.io/blog/twitch-privileged-helper

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/5058330/hub_generated/template_assets/95659796768/1722291948100/Kandji_December2022/js/kandji.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb00::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 0
x-evy-trace-route-service-name: envoyset-translator
edge-cache-tag: CT-163759176078,CT-165936097429,CT-170252059575,CT-175134870081,CG-5058330,CG-6850365017,P-5058330,CW-127157693999,CW-173071377937,CW-95831149845,CW-95982514497,CW-95984958073,CW-96856054340,E-95659790937,E-95659796768,E-95659796773,E-95660243592,E-95660429163,E-95663097226,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-118553034663
x-evy-trace-listener: listener_https
referrer-policy: no-referrer-when-downgrade
x-hs-hub-id: 5058330
netlify-vary: query
cache-status: "Netlify Edge"; fwd=stale
vary: origin,Accept-Encoding
content-type: text/html;charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=7200,max-age=5
link: </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script
x-nf-request-id: 01J53C96DAQDENS5WHNX8GR6PF
date: Mon, 12 Aug 2024 13:26:15 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 9d34dd4e-1e27-4e7c-bc3c-54a7e2347f44
cache-tag: ct-163759176078,ct-165936097429,ct-170252059575,ct-175134870081,cg-5058330,cg-6850365017,p-5058330,cw-127157693999,cw-173071377937,cw-95831149845,cw-95982514497,cw-95984958073,cw-96856054340,e-95659790937,e-95659796768,e-95659796773,e-95660243592,e-95660429163,e-95663097226,ra-150720214182,ra-95688192170,ra-96550832786,pgs-all,sw-3,b-6850365017,gc-118553034663
x-envoy-upstream-service-time: 198
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 9d34dd4e-1e27-4e7c-bc3c-54a7e2347f44
x-hs-content-id: 170252059575
x-hs-cache-config: BrowserCache-5s-EdgeCache-7200s
last-modified: Mon, 12 Aug 2024 12:47:12 GMT
server: Netlify
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9fD2O%2FpNNE%2BHn0Ovk%2B8L1yyh35mccp%2BdOrr%2Bv9perQMqV%2F4jmglQrZUeDsahUQc5Cd1CWHajMC7UCABTrxdjOjv85p13N4M3dtb5AhS4biYvsLqULQ4jb68Fpyx8b%2BIo"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-30-39-td/envoy-proxy-69c59d5485-9qtzh
access-control-allow-credentials: false
cf-ray: 8b20cbc92e179bec-FRA

GET
H2 200 update-cuckoo-malware-evolves
www.kandji.io/blog/ 0
35 KB 235ms
234ms Other
text/html 2a05:d014:275:cb00::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.kandji.io/blog/update-cuckoo-malware-evolves

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/5058330/hub_generated/template_assets/95659796768/1722291948100/Kandji_December2022/js/kandji.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb00::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 0
x-evy-trace-route-service-name: envoyset-translator
edge-cache-tag: CT-163759176078,CT-165936097429,CT-168210827643,CT-175134870081,CG-5058330,CG-6850365017,P-5058330,CW-127157693999,CW-173071377937,CW-95831149845,CW-95982514497,CW-95984958073,CW-96856054340,E-95659790937,E-95659796768,E-95659796773,E-95660243592,E-95660429163,E-95663097226,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-118553034663
x-evy-trace-listener: listener_https
referrer-policy: no-referrer-when-downgrade
x-hs-hub-id: 5058330
netlify-vary: query
cache-status: "Netlify Edge"; fwd=stale
vary: origin,Accept-Encoding
content-type: text/html;charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=7200,max-age=5
link: </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script
x-nf-request-id: 01J53C96DAKG2KZ45MTDXRMT25
date: Mon, 12 Aug 2024 13:26:15 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 34e249da-0cab-4cae-ad3a-fd9dc1a5499b
cache-tag: ct-163759176078,ct-165936097429,ct-168210827643,ct-175134870081,cg-5058330,cg-6850365017,p-5058330,cw-127157693999,cw-173071377937,cw-95831149845,cw-95982514497,cw-95984958073,cw-96856054340,e-95659790937,e-95659796768,e-95659796773,e-95660243592,e-95660429163,e-95663097226,ra-150720214182,ra-95688192170,ra-96550832786,pgs-all,sw-3,b-6850365017,gc-118553034663
x-envoy-upstream-service-time: 155
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 34e249da-0cab-4cae-ad3a-fd9dc1a5499b
x-hs-content-id: 168210827643
x-hs-cache-config: BrowserCache-5s-EdgeCache-7200s
last-modified: Mon, 12 Aug 2024 12:47:13 GMT
server: Netlify
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bqWaGIGmedeyIJiAE49w4kYgcwXOX0XxR7XZUmq%2FX7McDZKH7wi2E8U4mXJG7LHTV56ivU7l%2BtCfRv1LrvAYeYhL%2FVeOz6Znfyhnh5%2F5BwGAJtrUdkwDiaM3I5DDkfz0"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-30-39-td/envoy-proxy-69c59d5485-d7b29
access-control-allow-credentials: false
cf-ray: 8b20cbc91e129bec-FRA

GET
H2 200 cloudchat-infostealer
www.kandji.io/blog/ 0
38 KB 355ms
355ms Other
text/html 2a05:d014:275:cb00::c8
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.kandji.io/blog/cloudchat-infostealer

Requested by

Host: cdn2.hubspot.net
URL: https://cdn2.hubspot.net/hub/5058330/hub_generated/template_assets/95659796768/1722291948100/Kandji_December2022/js/kandji.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a05:d014:275:cb00::c8 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Netlify /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: upgrade-insecure-requests
content-encoding: br
age: 0
x-evy-trace-route-service-name: envoyset-translator
edge-cache-tag: CT-163759176078,CT-165936097429,CT-170252059575,CT-175134870081,CG-5058330,CG-6850365017,P-5058330,CW-127157693999,CW-173071377937,CW-95831149845,CW-95982514497,CW-95984958073,CW-96856054340,E-95659790937,E-95659796768,E-95659796773,E-95660243592,E-95660429163,E-95663097226,RA-150720214182,RA-95688192170,RA-96550832786,PGS-ALL,SW-3,B-6850365017,GC-118553034663
x-evy-trace-listener: listener_https
referrer-policy: no-referrer-when-downgrade
x-hs-hub-id: 5058330
netlify-vary: query
cache-status: "Netlify Edge"; fwd=stale
vary: origin,Accept-Encoding
content-type: text/html;charset=utf-8
x-evy-trace-virtual-host: all
cache-control: s-maxage=7200,max-age=5
link: </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script, </_hcms/forms/v2.js>; rel=preload; as=script
x-nf-request-id: 01J53C96DAES1CQ2JDBVP3A3ZA
date: Mon, 12 Aug 2024 13:26:15 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-hubspot-correlation-id: 2a3b085c-f2a6-4711-8c6f-4394e1bde5f7
cache-tag: ct-163759176078,ct-165936097429,ct-170252059575,ct-175134870081,cg-5058330,cg-6850365017,p-5058330,cw-127157693999,cw-173071377937,cw-95831149845,cw-95982514497,cw-95984958073,cw-96856054340,e-95659790937,e-95659796768,e-95659796773,e-95660243592,e-95660429163,e-95663097226,ra-150720214182,ra-95688192170,ra-96550832786,pgs-all,sw-3,b-6850365017,gc-118553034663
x-envoy-upstream-service-time: 221
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 2a3b085c-f2a6-4711-8c6f-4394e1bde5f7
x-hs-content-id: 163759176078
x-hs-cache-config: BrowserCache-5s-EdgeCache-7200s
last-modified: Mon, 12 Aug 2024 12:47:13 GMT
server: Netlify
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7c0SM8kAY3wU4xXDmxtE8pM0wVH1RhkjSfQIOccqKrP4bWyVzB7PsTKP2KNBnODoKzYKVIE4zddH87LVTVIt0%2F%2Bocfn%2BX6Ah1hbGitx7HKpnfjkEsVVXg3Id83WPgeMY"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-30-39-td/envoy-proxy-69c59d5485-4hktq
access-control-allow-credentials: false
cf-ray: 8b20cbc91e0d9bec-FRA

POST
H2 204 collect
region1.analytics.google.com/g/ 0
0 46ms
44ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-V21CT0R1FX&gtm=45je4880v893716759za200zb810153545&_p=1723469168024&gcd=13l3l3l2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&gdid=dYWJhMj&cid=2119682772.1723469171&ul=it-it&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&cu=USD&dl=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&dt=InfoStealer%20Uses%20SwiftUI%2C%20OpenDirectory%20API%20to%20Capture%20Passwords&sid=1723469170&sct=1&seg=0&_s=3&tfd=9244
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-V21CT0R1FX
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

pragma: no-cache
date: Mon, 12 Aug 2024 13:26:16 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kandji.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 mon Show response
obs.sd22326.kandji.io/ 0
39 B 147ms
145ms XHR
application/json 2600:1f18:e8a:cd08:3437:aff5:50c:d298
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.sd22326.kandji.io/mon
Requested by: Host: ob.sd22326.kandji.io
URL: https://ob.sd22326.kandji.io/i/130ddaec76c305292f6ec30ebef2d5ce.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://www.kandji.io
date: Mon, 12 Aug 2024 13:26:16 GMT
access-control-allow-credentials: true
content-length: 0
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json

GET
H2 200 bat.js Show response
bat.bing.com/ 49 KB
14 KB 272ms
106ms Script
application/javascript 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-T7GZQ3L

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Mon, 12 Aug 2024 13:26:16 GMT
last-modified: Sat, 13 Jul 2024 20:42:16 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 63C7CDE7CF2D4E4198A9AF7798D4D982 Ref B: MIL30EDGE1516 Ref C: 2024-08-12T13:26:16Z
etag: "044982565d5da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 14183

POST
H2 200 mon Show response
obs.sd22326.kandji.io/ 0
39 B 150ms
149ms XHR
application/json 2600:1f18:e8a:cd08:3437:aff5:50c:d298
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://obs.sd22326.kandji.io/mon
Requested by: Host: ob.sd22326.kandji.io
URL: https://ob.sd22326.kandji.io/i/130ddaec76c305292f6ec30ebef2d5ce.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2600:1f18:e8a:cd08:3437:aff5:50c:d298 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

access-control-allow-origin: https://www.kandji.io
date: Mon, 12 Aug 2024 13:26:21 GMT
access-control-allow-credentials: true
content-length: 0
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
content-type: application/json

POST
H3 204 collect
region1.analytics.google.com/g/ 0
0 52ms
52ms Fetch
text/plain 216.239.34.36

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-V21CT0R1FX&gtm=45je4880v893716759za200zb810153545&_p=1723469168024&gcd=13l3l3l2l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=0&gdid=dYWJhMj.dZTQ1Zm&cid=2119682772.1723469171&ul=it-it&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&_s=4&cu=USD&dl=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&dt=InfoStealer%20Uses%20SwiftUI%2C%20OpenDirectory%20API%20to%20Capture%20Passwords&sid=1723469170&sct=1&seg=0&en=section_impression&ep.form_id=21f774d6-4c0b-4c25-b47a-35023464393a&ep.form_name=InfoStealer%20Uses%20SwiftUI%2C%20OpenDirectory%20API%20to%20Capture%20Passwords&ep.form_platform=hubspot&ep.form_location=%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&ep.form_data=%5Bobject%20Object%5D&ep.form_value=&ep.value=0&ep.duration=5000&_et=5499&tfd=14881
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-V21CT0R1FX
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 216.239.34.36 -, , ASN (),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 12 Aug 2024 13:26:21 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.kandji.io
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

63 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

23 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.blog.kandji.io/	1969-12-31 23:59:59	Name: __cfruid Value: a994284a8eba339b244e3d10f95cac5baa9d404a-1723469167
.blog.kandji.io/	1970-01-20 22:44:30	Name: __cf_bm Value: JJWu7xY3WQMTrpKPpdHoR0s7s_wPGghzp0pIB3x9K8E-1723469167-1.0.1.1-lEZ3aAGXLzY1wYxV9mXLKdym1MAAAGZ3eYwcWbBnBzEqpM9vhuAPmr2GodeNNP1MHTe44gRN4Fc8UZs6NRDqVg
.hubspot.com/	1970-01-20 22:44:30	Name: __cf_bm Value: wL_zAQGjtqZ8TLMzD0vaZrrVpFLjScKmE_K_HEqDiW8-1723469168-1.0.1.1-W0vpHrFckQhn_tqt.9rvw3XW1rpVe5_txFJIWocuqJKjQNp.kChKt6QbVldw55wjsYvem.lmMz2eZCy_N2B9tQ
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: yuJBPv3eDiBsRYbIOdHZTS.XXUqSPOPkHiMikF8K738-1723469168449-0.0.1.1-604800000
.kandji.io/	1970-01-21 00:54:05	Name: _gcl_au Value: 1.1.46847401.1723469170
.kandji.io/	1970-01-21 00:55:53	Name: _cq_duid Value: 1.1723469169.rzhsXjhCmzDpBwKZ
.kandji.io/	1969-12-31 23:59:59	Name: _cq_suid Value: 1.1723469170.kv55wMTJaJ7IdnVU
.kandji.io/	1970-01-20 22:54:33	Name: __kandji_lp Value: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords
.hsforms.com/	1970-01-20 22:44:30	Name: __cf_bm Value: V0DjtUgUWAThMW30L9nwXByUzGDCUZzOUB4FZBsSZNQ-1723469170-1.0.1.1-qOG1KKH02Kakkf8ni7a6TEM8gi0h64s_eop4qWAaui5ozcSi_ZBeyvV7cniiMoKXpuqP4EI03xdVN_vVWC5wkA
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: Njyj_O0WlrM.JbHeJcRif4v8f3azZfzbiFwc0ygUo7U-1723469170615-0.0.1.1-604800000
obs.sd22326.kandji.io/	1970-01-21 06:48:19	Name: cg_uuid Value: 52a508a3a0f76fad0f5df231f89a149f
.kandji.io/	1970-01-21 08:20:29	Name: _ga Value: GA1.1.2119682772.1723469171
.kandji.io/	1970-01-21 07:30:05	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Mon+Aug+12+2024+15%3A26%3A11+GMT%2B0200+(Ora+legale+dell%E2%80%99Europa+centrale)&version=202303.1.0&browserGpcFlag=0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fwww.kandji.io%2Fblog%2Finfostealer-swiftui-opendirectory-api-capture-verify-passwords&groups=C0001%3A1%2CC0003%3A1%2CC0002%3A0%2CC0004%3A0
.doubleclick.net/	1970-01-21 08:06:05	Name: IDE Value: AHWqTUkgyK5Vo1wLDi0e_Ikdc_eEu22huBRnDbJSWX958N_5xYO6MVSoBV2A21_F
.linkedin.com/	1970-01-21 07:30:05	Name: bcookie Value: "v=2&e97db1fc-589d-446e-82ab-4f9f2104c90b"
.linkedin.com/	1970-01-21 03:03:41	Name: li_gc Value: MTswOzE3MjM0NjkxNzI7MjswMjHzfumCDUahS4am74mXAjSgc74GIk1lPeycCnJsyrw+PA==
.linkedin.com/	1970-01-20 22:45:55	Name: lidc Value: "b=OGST01:s=O:r=O:a=O:p=O:g=3361:u=1:x=1:i=1723469172:t=1723555572:v=2:sig=AQE-1T4bqhCKtMih3bp8f36yhS4V_EtS"
.kandji.io/	1970-01-21 03:03:41	Name: __hstc Value: 234561729.fe8cd950be4eb03ea6fb57d683418074.1723469173681.1723469173681.1723469173681.1
.kandji.io/	1970-01-21 03:03:41	Name: hubspotutk Value: fe8cd950be4eb03ea6fb57d683418074
.kandji.io/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.kandji.io/	1970-01-20 22:44:30	Name: __hssc Value: 234561729.1.1723469173681
.kandji.io/	1970-01-21 00:54:05	Name: _fbp Value: fb.1.1723469174225.296352532838861603
.kandji.io/	1970-01-21 08:20:29	Name: _ga_V21CT0R1FX Value: GS1.1.1723469170.1.0.1723469176.54.0.0

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords Message: [.WebGL-0x3cf40273bf00]GL Driver Message (OpenGL, Performance, GL_CLOSE_PATH_NV, High): GPU stall due to ReadPixels
worker	verbose	URL: blob:https://www.kandji.io/81080602-397d-4a49-af79-d02af241f58b(Line 1) Message: Error
javascript	warning	URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords Message: The resource https://www.kandji.io/_hcms/forms/v2.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript	warning	URL: https://www.kandji.io/blog/infostealer-swiftui-opendirectory-api-capture-verify-passwords Message: The resource https://www.kandji.io/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5058330.fs1.hubspotusercontent-na1.net
api.hubapi.com
app.hubspot.com
bat.bing.com
blog.kandji.io
cdn.cookielaw.org
cdn.transifex.com
connect.facebook.net
forms-na1.hsforms.com
forms-na1.hubspot.com
geolocation.onetrust.com
googleads.g.doubleclick.net
js.hs-analytics.net
js.hs-banner.com
js.hsadspixel.net
live-detector.svc.transifex.net
no-cache.hubspot.com
ob.sd22326.kandji.io
obs.sd22326.kandji.io
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
snap.licdn.com
static.hsappstatic.net
stats.g.doubleclick.net
telemetry.svc.transifex.net
track.hubspot.com
www.facebook.com
www.google.com
www.google.it
www.googleadservices.com
www.googletagmanager.com
www.kandji.io
104.19.175.188
142.250.185.66
142.250.186.34
142.250.186.72
172.217.23.100
18.239.69.2
199.60.103.227
2001:4860:4802:32::36
216.239.34.36
2600:1f18:e8a:cd08:3437:aff5:50c:d298
2600:9000:218f:ec00:1f:2c1a:3d80:93a1
2606:4700::6810:7574
2606:4700::6810:7674
2606:4700::6810:a0a8
2606:4700::6811:80ac
2606:4700::6811:af5b
2606:4700::6812:16b7
2606:4700::6812:18bd
2606:4700::6812:1d7f
2606:4700::6812:572a
2606:4700::6812:f06c
2620:1ec:21::14
2620:1ec:51::12
2620:1ec:c11::237
2a00:1450:4001:81c::2008
2a00:1450:4001:828::2003
2a00:1450:400c:c0c::9a
2a02:26f0:3500:10::210:a9a
2a03:2880:f083:9:face:b00c:0:3
2a03:2880:f176:84:face:b00c:0:25de
2a05:d014:275:cb00::c8
34.254.137.132
54.229.117.114
03d7f2a64350f576aaf0f3cdeb344a33d9021491a1830f61fcc9fef2ea3580c6
047ad7989bc75b72ad38301072330f4109f8225a4e34bdde8bfa790edd0d5a0e
099d33a1d679bcfa3722a172d91742af80d45166f760db1512e4944a9d95bc23
0ac06f0260e4f88ec780156809becb32b9f1b48c87e3c33aa33de77007418395
0cbce549725f60081e0fa2fe88e3b0ca6d49d67587092574f420789570c94b58
0ffaf551d9e378fbf00ce609ea2321d4b51e59a6ab8f723381e865bbe9a4aa1c
12497d1cfc9483c5d61f4690d5292b6fe09fb5b2364c1c0ba1edaf0381625356
1505aa0792421f831935f4761a95f31462a3dd097c8bd00ad8e9c765c8065517
179a0ba55c3bbf759340ba2a57846f81a7de249ed7e502b5e8814af2ef964533
205467c25df4fd04b557594853d8655ffe2820eb748188e36c021f39b2d1c43e
20bb4ebaa07c5929c68b4086ce04a1e90b53020df222c9711627c104d9bc8229
211524b97d30d8150a43450554df44300c1252c7023cb3fa9e3e2ef699518a52
31ded8f2ec4fad8e9f3a88a6126ed08ee593b9ef3e2981309f0e5ddb718ee80e
3c3e84c3bc231b0a0a4607ed7ec687abcb5a1f463868b4027fbfcdbed1e89570
3fc523fde3cc50b1d7b9e935d342b29b1e380d85f6d4b14aba2351838410bc83
41560fb9f544570224386cfef6e486c95987af9e24bd75e3909525860d32bd0b
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
462ccbbe37b392ab782355610acc2bf40faed66e638195a2e0c947f17ac0af81
4cbfbe7026b869618f12bd1d55bdd614f3c987b892d0daedcd8b9b34ea8ccfd7
4d424af8e6254a3ee915b6efdec3f0ed3fcbdedc67c83025148c9758701cd2d4
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
5177c38d7548fe7349aab1febe3aec80106069e63f492e03207421ad4ec502aa
5846533b4521c67fd6a587522d5dc150c85d870b1dfd635af7990317ace96f86
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
631a0d62a719038670e8f56cc868da1bb3542376d251a781c6545cae129e2d7a
665b2c882184537ff5883112d3eb64c0f512105a5499b92932517cae65f5f4a5
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6957528b73336870fef39c26e4c26a54274b20a6f4bcc72ced85acc62b35cea8
6964d03a8ab5896300c3dd5cb3fc6fa302ef3d1b5453d2021282038af12e5679
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6db62bda53b5b19e55ba3c3243726a28f6e3e3973f2388b9ab02d52406439a59
71ac21ea2d41201a207ffdee8b08864a0fc8f183e4665f0c0edf3fec0de974de
79304394d6072a94fd3ed0046af77fc4121292fbabbdc0af668278a83441daaa
7dbea0062e5c176468cb3f86519df0fed69432a59a01b2dab85043f9b45d6664
83afcd7bea4e4c7cf6e6c8147391aabca2b8b5a1fdce69981a9ee0b723c04904
8792963b430e56e4b59fd7765fc41eb90af435ef0aba66cb80ec8445dd6a0934
8a6bef3b6e609ae1e38b83ce9c18c415a8c1b57b0e9703cc72adb3e28a7f24ea
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
8e1b1a37caa8b7627123aeb0e23ad3a2ac14d4ad48be7aabb2ca7ca9da218ef5
910f74967a8d03e18bdd8b4a46a1573653c71d374e9823f2d416d9bd250b1ea6
930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1
934dea87f64ab0fc8bdf0f3cfd1f045f7a220a1c8874d7714fe01e707b136c86
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
98dfeb1d061e8788b320a130a84723813efed0b2518921f30b40cc8a09bf8ecf
9c79e4161f7507533db389e4b9af3df81a696228d745ffbeb968543041b1b1a8
9e31e68652d40a182ba89f4af0ae2bc09c1a71bb893aa2bdd147a6278081d4ff
a3822295e15b854cd66fa9151add69b635d15742278419ce1e22403b6ea3bfcf
a6fa74f67d9300f0111921cb7fdc61964e4494b3186e811aae35be69b1c43fcc
a8a0917484a44f32efeaf309716ef0bcefc78e4d566b5e2aa410ed7642aa447a
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb
b2d41a1b6c32ab456d18738bf61dc24c0e005cdae9b9a4217760ff8dad1e6c49
b382967162c482928529c765a21bf9ae4141dd1ccbdbf480140bdbd67eab8991
b41a0e96be6e1a9d1a18af3030bacc3e88afc28dd287eb4dc291dc44329559fa
b987245cc5d802ec15d04b1797d14a16f002aca05348c13f79d31ecedecad8ac
c19a9751568c35a18e93edfc7e4f854a6e8b38ddabce37fb119f570c0f8292a2
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dc66f58be18ed49006f1ea178011b0e3f8201e4c4da003f90595e2def664db17
dfdf1af1a230e3ee08968606c4322f5a9c51a5a6bf341687fedac60716c9ddab
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e69ec801bb9076c9af0581aa06bba05203381e8ade0cfd5d041fe66a376af606
edd5487f216469726314ae2b829b221d70e2a02674477e3c8f69a0d5f0b1ea49
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f336afca0db6e13235318d314c37a3f577c0c6219e57c1d44106d45313f0534e
f39556b3a869139e66c13d26731720ea563fb283dabf7ae79b2b32e6d2575e6f
f984d8e40fd79ce447133169b8b15c1d28c3889efb13740ce9261033c63e2b74
fc2b8b34b8e5c1f4feb8a7c35193c96ec52727dd918751def0e764b8abfb4182
fc315e175d7ed23c13e14e50b11de78b2d7384508b829de0463cfa7ca1d87e34
ffed5c9c0e3f5056ebf7b2a1f5da80f39f2e8b0a9b08c2ab33eb97aa525afb12

www.kandji.io Open in urlscan Pro 2a05:d014:275:cb00::c8 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

108 Requests

95 %HTTPS

70 %IPv6

23 Domains

33 Subdomains

32 IPs

5 Countries

2233 kBTransfer

5316 kBSize

23 Cookies

19 Outgoing links

Redirected requests

108 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.kandji.io Open in urlscan Pro
2a05:d014:275:cb00::c8 Public Scan

Screenshot
Live screenshot

Full Image

108
Requests

95 %
HTTPS

70 %
IPv6

23
Domains

33
Subdomains

32
IPs

5
Countries

2233 kB
Transfer

5316 kB
Size

23
Cookies

108 HTTP transactions
0 data transactions