cyble.com Open in urlscan Pro
2606:4700:20::681a:7b1 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
Submission: On August 15 via api (August 15th 2023, 9:45:09 am UTC) from DE — Scanned from DE

Summary HTTP 141 Redirects Links 45 Behaviour Indicators

Summary

This website contacted 38 IPs in 4 countries across 27 domains to perform 141 HTTP transactions. The main IP is 2606:4700:20::681a:7b1, located in United States and belongs to CLOUDFLARENET, US. The main domain is cyble.com.
TLS certificate: Issued by GTS CA 1P5 on July 9th 2023. Valid for: 3 months.

This is the only time cyble.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
52	2606:4700:20:... 2606:4700:20::681a:7b1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	192.0.77.32 192.0.77.32	2635 (AUTOMATTIC) (AUTOMATTIC)
8	192.0.77.37 192.0.77.37	2635 (AUTOMATTIC) (AUTOMATTIC)
3	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
1	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2606:4700::68... 2606:4700::6810:b841	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6812:893b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
1 6	2600:9000:225... 2600:9000:225e:8a00:6:9280:1080:93a1	16509 (AMAZON-02) (AMAZON-02)
3	2606:4700::68... 2606:4700::6811:d2f3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:76be	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:61ac	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:836e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:89ce	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:18c4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2400:52e0:1e0... 2400:52e0:1e00::1081:1	200325 (BUNNYCDN) (BUNNYCDN)
3	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:806::2002	15169 (GOOGLE) (GOOGLE)
1	2a05:d018:cc3... 2a05:d018:cc3:fe04:6408:9a6e:4d8c:591e	16509 (AMAZON-02) (AMAZON-02)
1	2a02:26f0:710... 2a02:26f0:7100::1720:ee38	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:81c::200e	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:46::42 2620:1ec:46::42	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2606:4700::68... 2606:4700::6811:cbcc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:20e... 2600:9000:20eb:5600:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
4 4	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a00:1450:400... 2a00:1450:4001:809::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82f::2003	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:d4f3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:400c:c0a::9d	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
3	104.211.35.148 104.211.35.148	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
5	2606:4700::68... 2606:4700::6812:8d65	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.66.137 151.101.66.137	54113 (FASTLY) (FASTLY)
1	2606:2c40::c7... 2606:2c40::c73c:671e	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
3	162.247.243.30 162.247.243.30	54113 (FASTLY) (FASTLY)
1 2	68.219.88.97 68.219.88.97	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
141	38

52 2606:4700:20::681a:7b1 (United States)

ASN13335 (CLOUDFLARENET, US)

cyble.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 192.0.77.32 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

fonts-api.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 192.0.77.37 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

c0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i1.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:b841 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:893b (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:225e:8a00:6:9280:1080:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:d2f3 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:76be (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:61ac (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:836e (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:89ce (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:18c4 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2400:52e0:1e00::1081:1 (Germany)

ASN200325 (BUNNYCDN, SI)

a.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:cc3:fe04:6408:9a6e:4d8c:591e (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:7100::1720:ee38 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81c::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:46::42 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:cbcc (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:5600:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:809::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:d4f3 (United States)

ASN13335 (CLOUDFLARENET, US)

forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0a::9d (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.211.35.148 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

y.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6812:8d65 (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.66.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2c40::c73c:671e (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

labs.cyble.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 162.247.243.30 (United States)

ASN54113 (FASTLY, US)

bam-cell.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.219.88.97 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
53	cyble.com cyble.com labs.cyble.com	970 KB
20	wp.com fonts-api.wp.com — Cisco Umbrella Rank: 16470 c0.wp.com — Cisco Umbrella Rank: 8131 i0.wp.com — Cisco Umbrella Rank: 3596 s0.wp.com — Cisco Umbrella Rank: 7684 stats.wp.com — Cisco Umbrella Rank: 2614 fonts.wp.com — Cisco Umbrella Rank: 17144 pixel.wp.com — Cisco Umbrella Rank: 2513	142 KB
11	hubspot.com js.hubspot.com — Cisco Umbrella Rank: 7688 api.hubspot.com — Cisco Umbrella Rank: 4733 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 6807 app.hubspot.com — Cisco Umbrella Rank: 5270 track.hubspot.com — Cisco Umbrella Rank: 2249 forms.hubspot.com — Cisco Umbrella Rank: 4502	47 KB
7	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 981 y.clarity.ms — Cisco Umbrella Rank: 8833 c.clarity.ms — Cisco Umbrella Rank: 1553	27 KB
7	adroll.com 1 redirects s.adroll.com — Cisco Umbrella Rank: 2744 d.adroll.com — Cisco Umbrella Rank: 1440	113 KB
5	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 5536	295 KB
5	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 368 www.linkedin.com — Cisco Umbrella Rank: 543 px4.ads.linkedin.com — Cisco Umbrella Rank: 5984	5 KB
5	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2069 www.google-analytics.com — Cisco Umbrella Rank: 54	21 KB
4	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 4264 forms-na1.hsforms.com — Cisco Umbrella Rank: 6887 perf-na1.hsforms.com — Cisco Umbrella Rank: 8522	10 KB
3	nr-data.net bam-cell.nr-data.net — Cisco Umbrella Rank: 1957	1 KB
3	google.com www.google.com — Cisco Umbrella Rank: 3 google.com — Cisco Umbrella Rank: 1	804 B
3	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 55 stats.g.doubleclick.net — Cisco Umbrella Rank: 114	4 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 65	246 KB
2	google.de www.google.de — Cisco Umbrella Rank: 5933	563 B
2	omappapi.com a.omappapi.com — Cisco Umbrella Rank: 5750	22 KB
2	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2442	2 KB
2	hsforms.net js.hsforms.net — Cisco Umbrella Rank: 6825	329 KB
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 226	763 B
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 475	49 KB
1	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 890	374 B
1	hubapi.com api.hubapi.com — Cisco Umbrella Rank: 3489	1 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 819	5 KB
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2185	20 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2182	21 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 4376	86 KB
1	usemessages.com js.usemessages.com — Cisco Umbrella Rank: 4791	22 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3247	3 KB
141	27

	Domain	Requested by
52	cyble.com	cyble.com
8	c0.wp.com	cyble.com
6	s.adroll.com	1 redirects cyble.com www.googletagmanager.com s.adroll.com
5	static.hsappstatic.net	app.hubspot.com
5	fonts.wp.com	fonts-api.wp.com
3	track.hubspot.com
3	bam-cell.nr-data.net	app.hubspot.com
3	y.clarity.ms	www.clarity.ms
3	app.hubspot.com	js.usemessages.com static.hsappstatic.net app.hubspot.com
3	px.ads.linkedin.com	3 redirects
3	region1.google-analytics.com	www.googletagmanager.com
3	www.googletagmanager.com	cyble.com www.googletagmanager.com
2	c.clarity.ms	1 redirects
2	www.google.de	cyble.com
2	www.google.com	cyble.com
2	api.hubspot.com	js.usemessages.com
2	pixel.wp.com	cyble.com
2	www.clarity.ms	cyble.com www.clarity.ms
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	googleads.g.doubleclick.net	www.googletagmanager.com
2	a.omappapi.com	cyble.com a.omappapi.com
2	forms.hsforms.com	js.hsforms.net cyble.com
2	js.hs-scripts.com	cyble.com www.googletagmanager.com
2	js.hsforms.net	cyble.com js.hsforms.net
2	fonts-api.wp.com	cyble.com
1	forms.hubspot.com	js.hsleadflows.net
1	c.bing.com	1 redirects
1	labs.cyble.com	cyble.com
1	js-agent.newrelic.com	app.hubspot.com
1	google.com	www.googletagmanager.com
1	perf-na1.hsforms.com	cyble.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	forms-na1.hsforms.com	cyble.com
1	px4.ads.linkedin.com	cyble.com
1	www.linkedin.com	1 redirects
1	cdn.linkedin.oribi.io	snap.licdn.com
1	api.hubapi.com	js.hsadspixel.net
1	cta-service-cms2.hubspot.com	js.hubspot.com
1	snap.licdn.com	www.googletagmanager.com
1	d.adroll.com	s.adroll.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	js.hsleadflows.net	js.hs-scripts.com
1	js.hubspot.com	js.hs-scripts.com
1	js.usemessages.com	js.hs-scripts.com
1	js.hsadspixel.net	js.hs-scripts.com
1	stats.wp.com	cyble.com
1	s0.wp.com	cyble.com
1	i0.wp.com	cyble.com
141	49

This site contains links to these domains. Also see Links.

Domain
labs.cyble.com
getodin.com
thecyberexpress.com
partnernetwork.cyble.com
partnercentral.cyble.com
www.facebook.com
twitter.com
pinterest.com
www.linkedin.com
telegra.ph
attack.mitre.org
rules.evebox.org
blog.cyble.com
www.youtube.com

Subject Issuer	Validity	Valid
cyble.com GTS CA 1P5	`2023-07-09` - `2023-10-07`	3 months	crt.sh
*.wp.com Sectigo ECC Domain Validation Secure Server CA	`2022-11-14` - `2023-12-15`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-16` - `2024-05-15`	a year	crt.sh
s.adroll.com Amazon RSA 2048 M01	`2023-06-03` - `2024-07-01`	a year	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2023-02-05` - `2024-02-05`	a year	crt.sh
a.omappapi.com R3	`2023-07-09` - `2023-10-07`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
d.adroll.com Amazon RSA 2048 M01	`2022-11-08` - `2023-12-07`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2022-12-01` - `2023-12-01`	a year	crt.sh
hubapi.com Cloudflare Inc ECC CA-3	`2023-04-07` - `2024-04-06`	a year	crt.sh
linkedin.oribi.io Amazon RSA 2048 M01	`2023-06-08` - `2024-07-07`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
*.google.com GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 06	`2023-02-13` - `2024-02-08`	a year	crt.sh
hsappstatic.net Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-04-13` - `2024-05-14`	a year	crt.sh
labs.cyble.com GTS CA 1P5	`2023-07-19` - `2023-10-17`	3 months	crt.sh
*.nr-data.net DigiCert TLS RSA SHA256 2020 CA1	`2022-11-18` - `2023-12-19`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
Frame ID: 7DBCD6EBBEB202E589FD5DD1FD947FA8
Requests: 126 HTTP requests in this frame

Frame: https://js.hsforms.net/forms/v2.js
Frame ID: 9B5D7E87E3C488763338CE78A1E3FBFF
Requests: 1 HTTP requests in this frame

Frame: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/e8077b42efcc4ac485671c8485afa4dd?uuid=e215c90752084a10bd2c632d49b3082b&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=cyble.com&inApp53=false&messagesUtk=e8077b42efcc4ac485671c8485afa4dd&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
Frame ID: DDDD5FD0712FBCE0A6870B02F335ABC6
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cyble — LummaC Stealer Leveraging Amadey Bot to Deploy SectopRAT

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
<link[^>]+s\d+\.wp\.com
/wp-(?:content|includes)/

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

(?:a|s)\.adroll\.com

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Revslider (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

/revslider/[/\w-]+/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

141
Requests

97 %
HTTPS

77 %
IPv6

27
Domains

49
Subdomains

38
IPs

4
Countries

2439 kB
Transfer

8291 kB
Size

34
Cookies

45 Outgoing links

These are links going to different origins than the main page.

URL: https://labs.cyble.com/q2-2023-ransomware-report
Title: The Q2-2023 Ransomware Report is Now Available. Download Now

Search URL Search Domain Scan URL

URL: https://getodin.com/
Title: Cyble Odin

Search URL Search Domain Scan URL

URL: https://thecyberexpress.com/
Title: The Cyber Express

Search URL Search Domain Scan URL

URL: https://partnernetwork.cyble.com/
Title: Partner Network

Search URL Search Domain Scan URL

URL: https://partnercentral.cyble.com/login
Title: Partner Login

Search URL Search Domain Scan URL

URL: https://partnercentral.cyble.com/partner/registration
Title: Become a Partner

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F

Search URL Search Domain Scan URL

URL: http://twitter.com/share?url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&text=LummaC%20Stealer%20Leveraging%20Amadey%20Bot%20to%20Deploy%20SectopRAT&hashtags=Remote%20Access%20Trojan,Stealer

Search URL Search Domain Scan URL

URL: https://pinterest.com/pin/create/bookmarklet/?media=https://cyble.com/wp-content/uploads/2023/08/LummaC-Stealer-AmadeyBot-SectopRAT.png&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&description=LummaC%20Stealer%20Leveraging%20Amadey%20Bot%20to%20Deploy%20SectopRAT

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&title=LummaC+Stealer+Leveraging+Amadey+Bot+to+Deploy+SectopRAT&source=Cyble

Search URL Search Domain Scan URL

URL: https://telegra.ph/LummaC2---universal-stealer-a-malware-for-professionals-07-27
Title: information

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1204/
Title: T1204

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1047
Title: T1047

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1547/001
Title: T1547.001

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1055
Title: T1055

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1497
Title: T1497

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1027
Title: T1027

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1562
Title: T1562

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1027/002
Title: T1027.002

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1140
Title: T1140

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1620
Title: T1620

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1003
Title: T1003

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1056
Title: T1056

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1057
Title: T1057

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1012
Title: T1012

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1082
Title: T1082

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1083
Title: T1083

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1518/001
Title: T1518.001

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1005
Title: T1005

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1071
Title: T1071

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1573
Title: T1573

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1105
Title: T1105

Search URL Search Domain Scan URL

URL: https://rules.evebox.org/rule/2046637
Title: 2046637

Search URL Search Domain Scan URL

URL: https://rules.evebox.org/rule/2039423
Title: 2039423

Search URL Search Domain Scan URL

URL: https://rules.evebox.org/rule/2043206
Title: 2043206

Search URL Search Domain Scan URL

URL: https://rules.evebox.org/rule/2039425
Title: 2039425

Search URL Search Domain Scan URL

URL: https://rules.evebox.org/rule/2045751
Title: 2045751

Search URL Search Domain Scan URL

URL: https://rules.evebox.org/rule/2045752
Title: 2045752

Search URL Search Domain Scan URL

URL: https://rules.evebox.org/rule/2044623
Title: 2044623

Search URL Search Domain Scan URL

URL: https://rules.evebox.org/rule/2044695
Title: 2044695

Search URL Search Domain Scan URL

URL: https://rules.evebox.org/rule/2044696
Title: 2044696

Search URL Search Domain Scan URL

URL: https://blog.cyble.com/
Title: Blog

Search URL Search Domain Scan URL

URL: https://twitter.com/cybleglobal
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/cyble-global/
Title: Linkedin

Search URL Search Domain Scan URL

URL: https://www.youtube.com/@cybleglobal
Title: Youtube

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 72

https://s.adroll.com/j/exp/ELNAF2EZDFHJRAP3ODLCUU/index.js HTTP 302
https://s.adroll.com/j/exp/index.js

Request Chain 102

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1692092703631&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1692092703631&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4053396%26time%3D1692092703631%26url%3Dhttps%253A%252F%252Fcyble.com%252Fblog%252Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1692092703631&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1692092703631&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&cookiesTest=true&liSync=true&e_ipv6=AQIfiJBq0svjKAAAAYn4labGQ681tToFjf7nQTWskrh_yRjTOCJX0lPjMw1_sSoyPictgpam

Request Chain 135

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=6C25BD22BA614477BB3022CC1A465392&RedC=c.clarity.ms&MXFR=21050652D8226A813545153CDC2264CB HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=6C25BD22BA614477BB3022CC1A465392&MUID=3B3E89AE09F860DD2E759AC0082A617E

141 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/ 386 KB
84 KB 77ms
43ms Document
text/html 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0eec4a917885b658753701e3f867fa50e54d586fb8405dcfe0572843093aa5f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=298, must-revalidate
cf-apo-via: origin,no-cache
cf-cache-status: BYPASS
cf-edge-cache: cache,platform=wordpress
cf-ray: 7f70809fd89437ca-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 15 Aug 2023 09:45:02 GMT
host-header: WordPress.com
last-modified: Tue, 15 Aug 2023 09:41:44 GMT
link: <https://cyble.com/wp-json/>; rel="https://api.w.org/", <https://cyble.com/wp-json/wp/v2/posts/21411>; rel="alternate"; type="application/json", <https://wp.me/pf01Lu-5zl>; rel=shortlink
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WfYGWEqqy48TO%2FGm4L4Sr4WqPB3pVdB8mKYSvdsuM9ZkH2ha%2BEq3G2qJKog%2Fw37DqGJ0cOpYwyiQ7vuDGlXh7M3R%2FsJpLoQigWTubNiYeHMjIhFkILZmpZNK6wNnvYwP8RmVOUloDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding, Cookie
x-ac: 2.hhn _atomic_ams HIT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
x-nananana: Batcache-Hit
x-xss-protection: 1; mode=block

GET
H2 200 frontend.min.css
cyble.com/wp-content/themes/astra/assets/css/minified/ 46 KB
10 KB 52ms
51ms Stylesheet
text/css 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/themes/astra/assets/css/minified/frontend.min.css?ver=4.2.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d131f7e4e216e7d68307b83116886b90867789b4e6d51a316566711c939d83b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 3.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 55559
content-encoding: br
last-modified: Mon, 14 Aug 2023 18:11:05 GMT
server: cloudflare
etag: W/"64da6e39-b875"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=bSbGQtELn04E3912RYldFdgpgARi1Z7fpECztuso9Mm3wtclBrN3UPt2k%2F4RxSX1D1LGjZiDYQBaifvw%2Fue0ATLaWm2syqi%2FFvZ5bFFhoTbj9IfceA40BT2CmLwu0ysL9AbLyxXW%2FA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a028f037ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts-api.wp.com/ 9 KB
1 KB 51ms
27ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%7CRoboto%3A500%2C400%2C700&display=fallback&ver=4.2.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

e07a45c7c60d08681486d059a3460d56930732dca8177bb457db78190b7b5ae7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
x-xss-protection: 0
x-nc: BYPASS hhn 1
last-modified: Tue, 15 Aug 2023 09:41:20 GMT
server: nginx
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin

GET
H2 200 style.css
cyble.com/wp-content/plugins/gutenberg/build/block-library/ 103 KB
14 KB 39ms
38ms Stylesheet
text/css 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/gutenberg/build/block-library/style.css?ver=16.4.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9aac72c96bbbb7c120c620dcefd0ef63ea64da156cd058a0bf42e562a02178db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 313795
content-encoding: br
cf-bgj: minify
last-modified: Wed, 09 Aug 2023 19:17:52 GMT
server: cloudflare
etag: W/"64d3e660-19a37"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k%2FFRsvcxPd1VMjB3dDKO%2B2PSIc4HpUH59K4KLTACa4hT0lQQei%2BLbtZzkMpWo%2BhM1jcg06ICoyxAt4zc7XeKqVIdDmFIt4JiqW1cZkQ2Xsi26wZaNq2UNOWmhWnw9iGttXckcdZrzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a028f237ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.css
cyble.com/wp-content/plugins/layout-grid/ 50 KB
2 KB 28ms
27ms Stylesheet
text/css 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/layout-grid/style.css?ver=1643201242

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7d619d956e2ee8eda499065971fa563dc8df48475e6e123e21e53815553401c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 3.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 423135
cf-polished: origSize=58957
content-encoding: br
cf-bgj: minify
last-modified: Wed, 26 Jan 2022 12:47:22 GMT
server: cloudflare
etag: W/"61f142da-e64d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AXzIY8hjhGC2L0ltFpp6sU4D2BATCxVbeLV3lN%2B2pr4KUt3GQ5%2B41MYrEuIGEH7CRU%2BkjUMU9lxcuoNr0Gxt5Esrg5ihqD3nh51X6Hl0ga5vd8IMSoM2uK4WjxO0UZHE0%2B62ttXfVw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a028f337ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
BLOB 200
OK b6bffabc-09dd-450f-9606-fab10699b70a
https://cyble.com/ 1 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://cyble.com/b6bffabc-09dd-450f-9606-fab10699b70a
Requested by: Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Length: 1245
Content-Type: text/javascript

GET
H2 200 view.css
cyble.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-videopress/build/block-editor/blocks/video/ 602 B
575 B 34ms
28ms Stylesheet
text/css 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-videopress/build/block-editor/blocks/video/view.css?minify=false&ver=34ae973733627b74a14e

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d749579e51cf490ba27a6782bcfe07c52e44ffa8e3fbb4db7a4dded9d0d9ef29

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 3.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 423135
content-encoding: br
cf-bgj: minify
last-modified: Tue, 02 May 2023 20:08:24 GMT
server: cloudflare
etag: W/"64516db8-25a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WRjkiOMC6Yhe4HV1DqKYKfTVnhk8K5Ca0kOwi%2FWkMgIUy9hYvweacf8URADKKPuRWkUsyzSbLUZv82s7IXmcQkxWEejX4ozURq8EFMEFMpFRi3G1uoY1Rm406R17gdQDTScqv391Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a0594a37ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 mediaelementplayer-legacy.min.css
c0.wp.com/c/6.3/wp-includes/js/mediaelement/ 11 KB
3 KB 34ms
6ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.3/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 15 Aug 2023 09:45:02 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Wed, 14 Aug 2024 09:45:02 GMT

GET
H2 200 wp-mediaelement.min.css
c0.wp.com/c/6.3/wp-includes/js/mediaelement/ 4 KB
1 KB 33ms
6ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.3/wp-includes/js/mediaelement/wp-mediaelement.min.css

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 15 Aug 2023 09:45:02 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Wed, 14 Aug 2024 09:45:02 GMT

GET
H2 200 header-footer-elementor.css
cyble.com/wp-content/plugins/header-footer-elementor/assets/css/ 493 B
556 B 34ms
29ms Stylesheet
text/css 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/header-footer-elementor/assets/css/header-footer-elementor.css?ver=1.6.15

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f0ee717899856ae9af6c9ed60f4b093f925bc3d9b3c0b42072ec6fc69c923d67

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 3.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 423135
cf-polished: origSize=776
content-encoding: br
cf-bgj: minify
last-modified: Thu, 27 Jul 2023 08:53:08 GMT
server: cloudflare
etag: W/"64c23074-308"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=v%2BGpXZRjtrkEDMu2VIwoQNUIpZ8n3zm7kPK6b703r4Gjr0kjzdBKQqK2kWxGn3L5%2BD74Ws3%2BflV4Ehwdp1oB%2FRFHDOQ4eszJxh2Y8zlCF58u1rGodnMM%2BqgKdsJAVxD41Vzqm4pYMQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a0594e37ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 elementor-icons.min.css
cyble.com/wp-content/plugins/elementor/assets/lib/eicons/css/ 19 KB
4 KB 43ms
39ms Stylesheet
text/css 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.21.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8631189ca38e73206e52ed06e8f0f3b2e839b9facc236b9519b9fd8d7f8d63e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 423135
content-encoding: br
last-modified: Wed, 09 Aug 2023 13:04:41 GMT
server: cloudflare
etag: W/"64d38ee9-4c20"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qCruTd77c5FQsDZJzgNhGBXGNCS0upC39j%2BwObMM%2F0jzxEkTKFRjE5dN1Y13b7%2BN5rr8e1l%2BDdwSQ2RYYtM6wk%2FnGvKkwXcEVLR6kTtdjAjgpy9mzkTeqlMhmx07jF%2Br5o5pWdwoiw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a0595137ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend.min.css
cyble.com/wp-content/plugins/elementor/assets/css/ 160 KB
20 KB 37ms
32ms Stylesheet
text/css 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.15.2

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7767eb16c530edecef795f839ccc67c03aed221e4a8cf70969f0231edb24dc57

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 423135
content-encoding: br
last-modified: Wed, 09 Aug 2023 13:04:41 GMT
server: cloudflare
etag: W/"64d38ee9-27f72"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RG3IozH%2BXjRw8USBrlGpovpMN6a2MTgeNVBqfsth%2BxotB5XwAnyphG95WTNlQ7qXxCOi4M%2BMsnfbTJCiwsiGXFpBZLDswkYAbQE75hA%2FkmXNQazgNhhFVabUAbpPrSZoGjS3xkBnXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a0595537ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 swiper.min.css
cyble.com/wp-content/plugins/elementor/assets/lib/swiper/css/ 13 KB
3 KB 40ms
36ms Stylesheet
text/css 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/swiper/css/swiper.min.css?ver=5.3.6

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d622534d53d3ac1095af275f0b30274fcd835785577df2dde6d9398e6f7a2c8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 5.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 423135
content-encoding: br
last-modified: Wed, 09 Aug 2023 13:04:42 GMT
server: cloudflare
etag: W/"64d38eea-324c"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1pHRvHDihn1fC0nq%2BDif%2Fh0ZH6SPJ%2FAqhu%2BhwVcfYjSjQrBTL%2BHGMI7E0%2F8rs44ME3j7kER7VuewC6Y5EmzjWiaSbUo8Oegy%2B875nmq0lxF7fA9vSpfAisVaMQ0ZXp2kcnEgE0UmFQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a0595837ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 post-5708.css
cyble.com/wp-content/uploads/elementor/css/ 1 KB
786 B 35ms
31ms Stylesheet
text/css 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/elementor/css/post-5708.css?ver=1691600394

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d02cf7ab02fb87ae61c3843653e1b6ac677803f7dec768d986054a687fd69a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 416518
cf-polished: origSize=1172
content-encoding: br
cf-bgj: minify
last-modified: Wed, 09 Aug 2023 16:59:54 GMT
server: cloudflare
etag: W/"64d3c60a-494"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F6gXHER8K0o2ToLe5ftkNd2RuSezovR1W3mTxidyzPI4DEEwuVo%2BSUn0GYb720hVeoS1lM5Ss4CDQkvVlU5ac8Yur%2FBQLKkYs9QOhq0BoJ6hXeApKNwWUgk2jLiQqS%2FgSArglYu5aA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a0595b37ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend.min.css
cyble.com/wp-content/plugins/elementor-pro/assets/css/ 448 KB
44 KB 43ms
40ms Stylesheet
text/css 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.15.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d814bc98c8415428cb5c7511ce0eb00f66c7629a01645ab0b066848e843794b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 423135
content-encoding: br
last-modified: Wed, 09 Aug 2023 14:49:28 GMT
server: cloudflare
etag: W/"64d3a778-70054"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vE23iyczv%2Fk%2BazdkT0lZEXm9wHLfMxEQtmv%2B3%2B3MMr548548uTl%2BYvWpUQFXKYhc%2BG4pxOKNXXnFrY6K%2FHiv1Fzyi7RxE72WFPGS2Mnsi8r6LTMr0GcXqRRrKmYvkrX0KeNmfD15cQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a0595d37ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 uael-frontend.min.css
cyble.com/wp-content/plugins/ultimate-elementor/assets/min-css/ 616 KB
69 KB 47ms
44ms Stylesheet
text/css 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/ultimate-elementor/assets/min-css/uael-frontend.min.css?ver=1.36.18

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

93c4b4c3c0b807afd497de4b525c7980d50aeb57f52ab909d6cf5a814b4d13ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 5.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 423135
content-encoding: br
last-modified: Fri, 28 Jul 2023 03:47:36 GMT
server: cloudflare
etag: W/"64c33a58-9a067"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YwOrWMswFmV9S06sbbUpJqAAFnK5zvK5pkrReHOKlxFOmpuVXU2kD2GNzaDDUo2PWtZ2zOts4YD8D4GDGw4P2PnZQhZkbxxHVf6bCoKNkZZH%2BVSk1NPoCqbpkXcvWPXVn%2Fm8m8QHwQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a0595e37ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 post-9211.css
cyble.com/wp-content/uploads/elementor/css/ 17 KB
2 KB 40ms
37ms Stylesheet
text/css 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/elementor/css/post-9211.css?ver=1691600396

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f3855e6f3082e6650dcbae564c7dab0790f49f243942d33b63c11a315774711

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 5.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 423135
cf-polished: origSize=17933
content-encoding: br
cf-bgj: minify
last-modified: Wed, 09 Aug 2023 16:59:56 GMT
server: cloudflare
etag: W/"64d3c60c-460d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=wAnr6nfdYSkDNT8wCvppWTTH2IbPiUXV894e%2Bq%2BVxYD3tmQcps8ZLSmfUip1JlLet0zl%2FiIzawQ2XAkF2PQKhgO%2F1CwWINQAOFQ%2FFGkpoRkv1yaCFQ%2BDax7FD4apCmJQ2hedhqUOOg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a0596037ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend.css
cyble.com/wp-content/plugins/header-footer-elementor/inc/widgets-css/ 63 KB
7 KB 38ms
34ms Stylesheet
text/css 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/header-footer-elementor/inc/widgets-css/frontend.css?ver=1.6.15

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e77ea2ad3d36d93405698dfe9578c6f58d88aa70157e958ffb39af7796700f92

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 5.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 423135
cf-polished: origSize=75684
content-encoding: br
cf-bgj: minify
last-modified: Thu, 27 Jul 2023 08:53:08 GMT
server: cloudflare
etag: W/"64c23074-127a4"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yHMmhzPJpIXelvqIhyo%2FkTyT%2BtoBfO%2BBJ9QfifI2GEJ9hlq9dZZkNbsc4mqLWmExFzC%2F1oTWvJwsQ4%2FN4zRscfRXTZFCeDpIwnhw4S%2BtPv5myHU3YhgMgauWccYlCLF%2F2s0FPMcF2w%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a0596237ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 astra-addon-64da6e3fc379e7-37771240.css
cyble.com/wp-content/uploads/astra-addon/ 50 KB
7 KB 49ms
45ms Stylesheet
text/css 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/astra-addon/astra-addon-64da6e3fc379e7-37771240.css?ver=4.1.7

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca070e32b6828690046193d4971de50a9ff7a22c01248a4feaf8a9ec12f75468

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 3.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 55559
cf-polished: origSize=51040
content-encoding: br
cf-bgj: minify
last-modified: Mon, 14 Aug 2023 18:11:11 GMT
server: cloudflare
etag: W/"64da6e3f-c760"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=waCAWxkXFdAckQAaP%2BxHqqcTlLSP%2BDDoCarau3HKNDxKOjYszfO6L8AdGN0YsIfQowzppfX8SjT6k6MqUrIKy0LYScBlNb%2FMPaqx37CJsXI%2B%2FNXMq37CrUxH5cOo4H33abmwyuOWmw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a0697037ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 front.min.css
cyble.com/wp-content/plugins/cookie-notice/css/ 5 KB
1 KB 50ms
46ms Stylesheet
text/css 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/cookie-notice/css/front.min.css?ver=6.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f158b8591a08b6c02bb345ae96dd62f0c632f7f635bb4a5f449fce24bdc11789

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 416518
content-encoding: br
last-modified: Wed, 28 Jun 2023 18:11:08 GMT
server: cloudflare
etag: W/"649c77bc-14d6"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PjF58tcjCVqhSERrOAvkA0OJtilavLSycHj3IaLjf%2BRUjHBzg79HBmzvA9kZNEiwy%2BmEQ1R5iwKyYtrtLJ73R7tgA90AX7pc58wAoLCKwJ4BjAp9husc5IHhjFypezXa1cn%2BycJVDw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a0697237ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts-api.wp.com/ 76 KB
2 KB 33ms
30ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts-api.wp.com/css?family=Open+Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

43cd95e62bc0c1b1d69ca1cd990e165063bc64005b3ee18aa947404de928441d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
x-xss-protection: 0
x-nc: BYPASS hhn 1
last-modified: Tue, 15 Aug 2023 09:30:44 GMT
server: nginx
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin

GET
H2 200 fontawesome.min.css
cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 57 KB
13 KB 50ms
47ms Stylesheet
text/css 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d01a2ba2805c78957e15a2958135de0f3cb88e95159dd0f6c0a032bd76b1b0e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 3.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 423135
content-encoding: br
last-modified: Wed, 09 Aug 2023 13:04:42 GMT
server: cloudflare
etag: W/"64d38eea-e238"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=74erpW500rHScPOUzgwfymeS90%2FSIH%2FXgmG91ARKQp3tXGKRo8S2ZfeIkE6Sembt9jZcaWmHg93DjnxoHgrUXHSfhQGSa9UkwnKXlHFgmrpS2D%2BAz4YuQMwvQRVltlpz8iDFn2iHYA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a0697437ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 brands.min.css
cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 675 B
626 B 52ms
49ms Stylesheet
text/css 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9cd63b8cea25045c14623c538d26752518a58c0c682795ce6ad3078976c65a37

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 423135
content-encoding: br
last-modified: Wed, 09 Aug 2023 13:04:42 GMT
server: cloudflare
etag: W/"64d38eea-2a3"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5z7%2B7JbpD9WadQ%2FPR0h5bSbDoHqHIw9DpqFiX%2FeztW3PImDIqPQvPWzJr3uGfH9J8uHWbc8Q40QHf%2B2yzbY47jFBkaiRJSLnlp5z5Z%2BMiPV%2F0LBKtCPNyqXGJlZhskt9HEbpqDQf5Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a0697537ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jetpack.css
cyble.com/wp-content/plugins/jetpack/css/ 97 KB
19 KB 52ms
50ms Stylesheet
text/css 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/jetpack/css/jetpack.css?ver=12.5-a.7

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22e6b56e777518d56d35252b62065cfa748c0c290c7b54ace1314338cf97b6f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 313795
cf-polished: origSize=99886
content-encoding: br
cf-bgj: minify
last-modified: Wed, 09 Aug 2023 19:14:48 GMT
server: cloudflare
etag: W/"64d3e5a8-1862e"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BFoAiARU5eE52z6fMtdW04bF%2BFdpVIU6mHUp9NALcStqmVgdIuGfUrZ%2FfyjDfBWNMzg5ccqRO1c7eCbCbXp03fOkgW%2BQqdDZn15XLGFum2tarmlNk5t24eNNT%2BrEra22DUrnRQGwDQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a0697637ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 related-posts.min.js Show response
cyble.com/wp-content/plugins/jetpack/_inc/build/related-posts/ 6 KB
2 KB 48ms
47ms Script
application/javascript 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/jetpack/_inc/build/related-posts/related-posts.min.js?ver=20211209

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a68827190bc01a61ee0a62ec59efa74497a6bc5aa8586f1fac50a58d0cf42d88

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 3.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 423135
content-encoding: br
last-modified: Mon, 19 Jun 2023 19:16:28 GMT
server: cloudflare
etag: W/"6490a98c-1661"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yBhv7bHPRvR2uypgDFndIC8MIfjJK4kKibxhIMWd9SvgNrHCeerZDYwPeE32OQNufXpxoxFhIqyMTr9X5u9fnZeAcu24M9e9%2FjBlI828i1MXZx8QcPwbKaULFs8I0BQGMf3TkEwG8g%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a0697837ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.min.js Show response
c0.wp.com/c/6.3/wp-includes/js/jquery/ 85 KB
29 KB 28ms
7ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.3/wp-includes/js/jquery/jquery.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 15 Aug 2023 09:45:02 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Fri, 26 May 2023 11:33:35 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Wed, 14 Aug 2024 09:45:02 GMT

GET
H2 200 jquery-migrate.min.js Show response
c0.wp.com/c/6.3/wp-includes/js/jquery/ 13 KB
5 KB 28ms
7ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.3/wp-includes/js/jquery/jquery-migrate.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 15 Aug 2023 09:45:02 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Fri, 09 Jun 2023 05:49:24 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Wed, 14 Aug 2024 09:45:02 GMT

GET
H2 200 front.min.js Show response
cyble.com/wp-content/plugins/cookie-notice/js/ 8 KB
2 KB 39ms
33ms Script
application/javascript 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/cookie-notice/js/front.min.js?ver=2.4.9

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

08756c47213d461baa3b01f42448a76d11f524470c7a34f9018733889bd4f49c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 3.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 416518
content-encoding: br
last-modified: Wed, 28 Jun 2023 18:11:08 GMT
server: cloudflare
etag: W/"649c77bc-21fc"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lRex16mzNwEJ6CZ66EblfBKNyoPBdHqf5eNcQknZ28W9DR%2BNwX0qZzYe5tmGRPEMk%2BZl6aLMw5SbSBUa6YZAoB%2Bi5lyAXvVGPL0oS9gACB15BCNt8EKFslcRms5iphqs9dhUd2k6zw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a12a9c37ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 304 KB
100 KB 129ms
44ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=GT-WKTZW36

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

86dc38d48b950fd3a6714078aaa6fd45efb46b98ac1b639a0f88df541df68101

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 101830
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 15 Aug 2023 09:45:02 GMT

GET
H2 200 Cyble-Logo-150x42-1.webp
cyble.com/wp-content/uploads/2023/07/ 3 KB
3 KB 46ms
40ms Image
image/webp 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2023/07/Cyble-Logo-150x42-1.webp

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

594e58a370b6219afb761152e616c06147e70e8c8d040ef51058f238025633a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 3.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 416518
content-length: 3094
last-modified: Wed, 26 Jul 2023 09:51:45 GMT
server: cloudflare
etag: "64c0ecb1-c16"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WE%2B8QXyotm49PwDxk3bVCeS5MwmjrOwbR0K2u3mFExMw4qAqcZWS3lvZOf7qcQa0ev%2F2pG0Aq3cHq2qoUMbcG9hGuipGAkm6Uy4W2mSsIda4fgZYf%2FeoTGPXXvMmIh3j5BTVaQbjIQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=604800
accept-ranges: bytes
cf-ray: 7f7080a12a9d37ca-FRA
expires: Thu, 17 Aug 2023 12:35:09 GMT

GET
H2 400 LummaC-Stealer-AmadeyBot-SectopRAT-1024x512.png
cyble.com/wp-content/uploads/2023/08/ 87 B
87 B 173ms
169ms Image
text/html 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2023/08/LummaC-Stealer-AmadeyBot-SectopRAT-1024x512.png

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3111667f131fe35172925ebef7026e7ce805f590d0998d027133523d7d1176d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT dca 3
date: Tue, 15 Aug 2023 09:45:03 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 5.ams _atomic_ams MISS
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=08sfVytMyNpA7TFOHmjAOe81uLWInzOfa0VCwqfvI%2B5X%2BhZ4VRLnwAW88a0XShCtY%2B9MsMAhiO7z7JjP96S902GQgJY8zBe9HB71TLjcegOnSnbviJu0c04mGsePuoOFDf2YCn8Lkg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
cf-ray: 7f7080a12a9e37ca-FRA

GET
H2 200 Figure-1-%E2%80%93-New-Loader-feature-of-LummaC-stealer-mentioned-in-the-TAs-Telegram-channel.jpg
cyble.com/wp-content/uploads/2023/08/ 109 KB
110 KB 53ms
49ms Image
image/jpeg 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2023/08/Figure-1-%E2%80%93-New-Loader-feature-of-LummaC-stealer-mentioned-in-the-TAs-Telegram-channel.jpg

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f411b0d382fa401ad9bdac4d8db4df0d7175cd961b89caf0ab5779aa659fd6de

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 3.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 59977
content-length: 112127
cf-bgj: h2pri
last-modified: Fri, 11 Aug 2023 06:38:28 GMT
server: cloudflare
etag: "64d5d764-1b5ff"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/jpeg
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MCafHhVJQAhaCdE8WxMnSLJPl8vQSOY%2FkFh397ne%2B6d6ekxj5qdgHHFDcPr2hYvPGkj5Y5tGHbtBu%2BxyjtGM%2Bcxh%2Baz62tFgglvssQtc4TbrIcjHOUg31%2B1eVTh60sMaTUPocyxCjw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=604800
accept-ranges: bytes
cf-ray: 7f7080a13aab37ca-FRA
expires: Mon, 21 Aug 2023 06:22:16 GMT

GET
H2 200 subscribe-to-CRIL.jpg
i0.wp.com/blog.cyble.com//srv/htdocs/wp-content/uploads/2021/11/ 16 KB
16 KB 33ms
6ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/blog.cyble.com//srv/htdocs/wp-content/uploads/2021/11/subscribe-to-CRIL.jpg

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i1.wp.com

Software

nginx /

Resource Hash

382e9768b5578d5ad05e51e37670a3cf93d4593a49bcbee1f5e8b66d0d8c1c53

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 15 Aug 2023 09:45:02 GMT
x-content-type-options: nosniff
last-modified: Wed, 26 Jul 2023 23:15:01 GMT
server: nginx
etag: "27ade7d444618f64"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <http://blog.cyble.com//srv/htdocs/wp-content/uploads/2021/11/subscribe-to-CRIL.jpg>; rel="canonical"
content-length: 16232
expires: Sat, 26 Jul 2025 11:15:01 GMT

GET
H2 200 v2.js Show response
js.hsforms.net/forms/ 526 KB
165 KB 58ms
28ms Script
application/javascript 2606:4700::6810:b841
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:b841 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

250dc46c1691ff969d5ea984b282e46403885ec806ed96ac3ee301db043a1a4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-encoding: br
age: 254
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3544/bundles/project-v2.js&cfRay=7f707a69ee2c18e7-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"0b631c5c17436fe9a934a378374d7e4a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.3544/bundles/project-v2.js
date: Tue, 15 Aug 2023 09:45:02 GMT
x-amz-version-id: 2tqrkyXrj45cp.Q0BoEeKReD9HeN0VyM
via: 1.1 dfc1931cc62ecd4133c2b9bdae1bb476.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: f33d0b99-59e2-491a-ad50-a1e4ed1b8eb4
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: f33d0b99-59e2-491a-ad50-a1e4ed1b8eb4
last-modified: Fri, 11 Aug 2023 02:53:20 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sT4EvOUTvzQO3pUS83yFQhY6PS9du6HV9%2Fmto6SfK3x18AwhjdCap3qEfKytAdgmAi1xcrRTBygu04RZejm0GKLIzy5%2B7sNqKzuDrLyJX7eMP9SD6g3D8VWP3N96g%2F0X6jEvpbNQ%2BP0LqfuE"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-4skbg
cf-ray: 7f7080a0f9c635ea-FRA
x-amz-cf-id: KkCuTEQXLbdJWtE75SP0RjBuaaukvIuntlP6YWN8A4xtJoz2rYUojQ==

GET
H2 200 bilmur.min.js Show response
s0.wp.com/wp-content/js/ 7 KB
3 KB 13ms
6ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/js/bilmur.min.js?m=202333
Requested by: Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: e0f724e7902c0b2186d8395984c312696dc8be9ae0c187792f032fb0955fcf9a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 15 Aug 2023 09:45:02 GMT
content-encoding: br
x-ac: 2.hhn _dca MISS
last-modified: Thu, 29 Jun 2023 15:07:21 GMT
server: nginx
etag: W/"649d9e29-1bf2"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Tue, 13 Aug 2024 00:00:00 GMT

GET
H2 200 magamenu-frontend.min.css
cyble.com/wp-content/plugins/astra-addon/addons/nav-menu/assets/css/minified/ 0
390 B 31ms
31ms Stylesheet
text/css 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/astra-addon/addons/nav-menu/assets/css/minified/magamenu-frontend.min.css?ver=4.1.7

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 5.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 400719
content-length: 0
last-modified: Thu, 10 Aug 2023 18:11:11 GMT
server: cloudflare
etag: "64d5283f-0"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Zl1y%2Bzb11HnYcxbJebc2TlGUlqm28wyD5WCppnWZMc8UGgPiSAGklb0DXwg1fJaT3KJ96xm3pZ7a8FaGt6PvvJ9iwnQbxiq2xSxpha4T5y%2BPBnt518jK9tpOLXF7slTl0EqTxNW%2FWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7f7080a0c9e137ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 rs6.css
cyble.com/wp-content/plugins/revslider/public/assets/css/ 48 KB
10 KB 39ms
32ms Stylesheet
text/css 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.6.15

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

931729e0f35d5f9a8c077b47484b2180d05f74358293787e30cb0af30b9d87ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 423135
cf-polished: origSize=59754
content-encoding: br
cf-bgj: minify
last-modified: Tue, 01 Aug 2023 18:57:53 GMT
server: cloudflare
etag: W/"64c955b1-e96a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZeT5V%2BIEnqghTpCfZyePfVaZe%2F6e9o6OAinkx1mEWfBve5PvSNpSXHnTwjc8YAlFGdtPTTRlaFVUzcmyNJf6RuziSG85fREqST4sdFoFTrdVx305%2F%2BAxb5S8HAW1l%2F4A7OzXtCYmFg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a12a7137ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend.min.js Show response
cyble.com/wp-content/themes/astra/assets/js/minified/ 20 KB
5 KB 55ms
47ms Script
application/javascript 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=4.2.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

694da45e033114445455ea32bc0448bd950165a0eda0f92e16b9ed32bf5eb493

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 3.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 55559
content-encoding: br
last-modified: Mon, 14 Aug 2023 18:11:05 GMT
server: cloudflare
etag: W/"64da6e39-5081"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UXi%2F4r6IrQr%2Bx1R4%2FtsIsqZm7tw%2B0mWXn4dmYkXTsiEeQrlQ0xwEuUKCs34lBKEcFMVGorI8I64LrdGtaZs5XqHxUP9m7u2S8vS3Q9imgjTWen6a4Tgm6IVxW3qqxKmsm8eUStPPjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a12a7837ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 21289959.js Show response
js.hs-scripts.com/ 3 KB
1 KB 41ms
21ms Script
application/javascript 2606:4700::6812:893b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.1.30

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:893b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78972f986ad8c0cafa844dcda205b00cb7fa60bc1a20cc7bedcb1276560d37a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-hubspot-correlation-id: f788e069-b68e-400e-aa1e-4198f5fd5a28
x-evy-trace-route-service-name: envoyset-translator
cf-polished: origSize=2948
age: 25
x-envoy-upstream-service-time: 5
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f788e069-b68e-400e-aa1e-4198f5fd5a28
cf-bgj: minify
last-modified: Tue, 15 Aug 2023 09:44:37 GMT
server: cloudflare
x-trace: 2B8EE1256B54E84A146F5B7535B00222760D456034000000000000000000
access-control-max-age: 3600
vary: origin, Accept-Encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://cyble.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-6c94986c56-hfjxh
cache-control: public, max-age=60
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
cf-ray: 7f7080a14c323643-FRA
expires: Tue, 15 Aug 2023 09:46:02 GMT

GET
H2 200 rbtools.min.js Show response
cyble.com/wp-content/plugins/revslider/public/assets/js/ 162 KB
62 KB 55ms
51ms Script
application/javascript 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.6.15

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

52984e532d02a87a060764ff400626a1b81cc316284a8ba1feab5d94697119a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 3.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 423135
content-encoding: br
last-modified: Tue, 01 Aug 2023 18:57:53 GMT
server: cloudflare
etag: W/"64c955b1-28681"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=R%2FaQnlmFlumTu8324l1VpA3w0c2ZgRq0pONQqyq2JvoALl2hZiuOftJl9Fo5OidHShnZIVXUWCJmZAxrGZufvpq%2FrQxgjz0UqR%2BI18s2IcM8wLX%2FaVk61HvmjPLzlUZRKnAYIXGMRQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a13aac37ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 rs6.min.js Show response
cyble.com/wp-content/plugins/revslider/public/assets/js/ 406 KB
107 KB 57ms
53ms Script
application/javascript 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.6.15

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d83aec48544d062dde1996c25831b736a6262a98fc15a037ee5c72b1f9f0aeb2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 3.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 423135
content-encoding: br
last-modified: Tue, 01 Aug 2023 18:57:53 GMT
server: cloudflare
etag: W/"64c955b1-659a8"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4SmaAE%2BkLj7JOB8SracvaJnJ75pjRBfG1TyEvnuOs1XshdykEFFSueM0kHaOli7sOcYe%2BqI1RSNIgBl2KSS9XYrZ%2B777RG2FFPhkuuiPlZvwH4ZhS03H7mYU2uofrMmc%2BS4veLPeow%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a13aaf37ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 astra-addon-64da6e3fe55cf3-01480257.js Show response
cyble.com/wp-content/uploads/astra-addon/ 35 KB
7 KB 50ms
42ms Script
application/javascript 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/astra-addon/astra-addon-64da6e3fe55cf3-01480257.js?ver=4.1.7

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9c27e42954cc6f080f4857edb857af0788e836eec0388f043989364be9ae0594

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 55559
content-encoding: br
cf-bgj: minify
last-modified: Mon, 14 Aug 2023 18:11:11 GMT
server: cloudflare
etag: W/"64da6e3f-8d16"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5tC3KVzlLZjbdQzi6PTqCXZG0ckG9XufaaIapZgCmRsE95sbSrwliBKiAoSiWxbg5ZovT%2FOfKLqfXZiwprhcT%2BPhJpFIQiEIMjl3Y2nPpAMVhqx0JbDIyFsvL0jS%2BDR98OkHFJ9Cog%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a12a7d37ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 e-202333.js Show response
stats.wp.com/ 7 KB
3 KB 40ms
8ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202333.js
Requested by: Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT hhn
date: Tue, 15 Aug 2023 09:45:02 GMT
content-encoding: br
server: nginx
x-minify: t
etag: W/13576-1684461103136.7104
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Mon, 12 Aug 2024 06:45:23 GMT

GET
H2 200 jetpack-carousel.min.js Show response
cyble.com/wp-content/plugins/jetpack/_inc/build/carousel/ 24 KB
8 KB 55ms
48ms Script
application/javascript 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/jetpack/_inc/build/carousel/jetpack-carousel.min.js?ver=12.5-a.7

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0200bc38d986631f9cc4680084d7d263ccf17fa4a3c627b26ff347e0cfcf1d47

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 313794
content-encoding: br
last-modified: Tue, 30 May 2023 17:03:32 GMT
server: cloudflare
etag: W/"64762c64-5e2d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IRjWuhcBJSxkNyTV6kyTMyqPKGVAoCKkCiNObsjqxAvWLCD7Ussx9ywUmWFihwbKGfic0rzI%2BMift7x6qt79taIdfra8UfD1Iqd4y%2BaDmk5ujo4bygSRujBgbMFNCILhDY%2FWitPWRg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a12a7f37ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 uael-nav-menu.min.js Show response
cyble.com/wp-content/plugins/ultimate-elementor/assets/min-js/ 20 KB
3 KB 47ms
40ms Script
application/javascript 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/ultimate-elementor/assets/min-js/uael-nav-menu.min.js?ver=1.36.18

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53c709abec93270bef6fa3c5c4290d4ce120582152fe692e6be582f544a89ae8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 423135
content-encoding: br
last-modified: Thu, 27 Jul 2023 18:12:01 GMT
server: cloudflare
etag: W/"64c2b371-500a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=d7fGMMAd0reaT%2BzDe7Uz0L3HJTQDTZ60Mxq%2F2%2BSRkecChBWguUNK1VvBpegHeKht8i4abMiPLbaWqR5bw83zEMXoLkdK8W0wIvASKshrKxzmIfkEeLCWUO4kzec3umCFw37xGwQxxg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a12a8137ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery_resize.min.js Show response
cyble.com/wp-content/plugins/ultimate-elementor/assets/lib/jquery-element-resize/ 3 KB
2 KB 65ms
58ms Script
application/javascript 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/ultimate-elementor/assets/lib/jquery-element-resize/jquery_resize.min.js?ver=1.36.18

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c706177319d7e325d98a281cdf6cb930f162b52f0f46828f11e5a10ae9894bea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 423135
content-encoding: br
last-modified: Thu, 27 Jul 2023 18:12:01 GMT
server: cloudflare
etag: W/"64c2b371-d6e"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yJ3hFnGUK3qpqRkzBMZswQgm1GX6f3D%2By%2BtVh15IQ5061GP7Hc3WM02oXm43GNZs5YZNj4HrEK3unv6lWNgpCagoPsJOSGfWusXbL5eG44HjZ8XbCU7YwgzUFWFob6cdSNUlyUHOdg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a12a8337ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 js_cookie.min.js Show response
cyble.com/wp-content/plugins/ultimate-elementor/assets/lib/js-cookie/ 2 KB
1 KB 39ms
32ms Script
application/javascript 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/ultimate-elementor/assets/lib/js-cookie/js_cookie.min.js?ver=1.36.18

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5244a8d1d1a28e02eec3247e1ba73bb13319a0cc521c87580d43e46cb67b4bc2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 3.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 423135
content-encoding: br
last-modified: Thu, 27 Jul 2023 18:12:01 GMT
server: cloudflare
etag: W/"64c2b371-7ad"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1d3nz9tlAapZ2KjfTxYVLQ%2BE0a2fJkAj0aYkAQsJyTFKz8YB0acyvOh5A%2BLRUw%2BlqaYbVG44E%2BZYL5JDqQD2d4dYIqyYga63LbpOFKiV2SeP7jTBxeKp%2FEBMzQgQd3pfJ6RqBzfZJw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a12a8537ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 webpack-pro.runtime.min.js Show response
cyble.com/wp-content/plugins/elementor-pro/assets/js/ 6 KB
3 KB 50ms
43ms Script
application/javascript 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.15.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b82873e9441abb9739dfca31b6880855d2043b643522a4011e29474d450b9a30

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 423135
content-encoding: br
last-modified: Wed, 09 Aug 2023 14:49:27 GMT
server: cloudflare
etag: W/"64d3a777-1623"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YUE6aR%2F%2FFlKZ744Rrm2TMBAAGMOAikQcL1Ni3G%2BAQBfqsvQo%2BZwhxL4y30UkPCiI%2Bp9YoK03iyuWGWsawrLj6huu9Ah1SQf6%2F36sH7ET8gZM3rsdDWB993t4NJcBwdkJHBwyk0suTg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a12a8737ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 webpack.runtime.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/js/ 5 KB
2 KB 53ms
46ms Script
application/javascript 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.15.2

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a11d4c8a6d406d2b3d222fea59f8ec58c8846662393bcb2ac17760c9545270e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 3.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 423135
content-encoding: br
last-modified: Wed, 09 Aug 2023 13:04:41 GMT
server: cloudflare
etag: W/"64d38ee9-135e"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zhhJgZCir%2F%2BisR8X%2BvxRTLQr6jY8Sg7%2Fqvvh2S5YtfdfLEOgfVMwgUCJHoGgA3F3CHOKV68OwHhYyAylgZiFuNr3PsykC7NaCO7p60QQbIEHto8%2FY9Ixjf0AGvfnr1QYpKmGgLEqeA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a12a8937ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend-modules.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/js/ 55 KB
17 KB 42ms
35ms Script
application/javascript 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.15.2

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2055757e207fbd1dd32c01ab72c914fa88ae5f9f5595131207ca1e4769b8ba3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 423135
content-encoding: br
last-modified: Wed, 09 Aug 2023 13:04:41 GMT
server: cloudflare
etag: W/"64d38ee9-db5a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=A44LeE2Y%2Fjx4fD7eXnr%2FfRtIEYkPUSH0l8z1kl%2FINe11wadXI5t9ASdEMbijsSNuV9oSqD02QiXbcyzDkk40iKczgVkWHGnujW%2FsrJfLCn5itNabmRXtbBR%2B0UWPyjFnsQwCTsM%2FBA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a12a8b37ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wp-polyfill-inert.min.js Show response
c0.wp.com/c/6.3/wp-includes/js/dist/vendor/ 8 KB
2 KB 13ms
6ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.3/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 15 Aug 2023 09:45:02 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Wed, 18 Jan 2023 11:16:33 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Wed, 14 Aug 2024 09:45:02 GMT

GET
H2 200 regenerator-runtime.min.js Show response
c0.wp.com/c/6.3/wp-includes/js/dist/vendor/ 6 KB
2 KB 13ms
6ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.3/wp-includes/js/dist/vendor/regenerator-runtime.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

6974bfd8fa06b7831f05cb4b25860c851a5ad3f02a6699ebe688987dd7a6ebe6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 15 Aug 2023 09:45:02 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Tue, 07 Feb 2023 15:56:37 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Wed, 14 Aug 2024 09:45:02 GMT

GET
H2 200 inert-polyfill.min.js Show response
cyble.com/wp-content/plugins/gutenberg/build/vendors/ 8 KB
3 KB 39ms
33ms Script
application/javascript 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/gutenberg/build/vendors/inert-polyfill.min.js?ver=6.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af8a8cd98214ed3d7760402ffa8b8804b073b4bf95d887ed7e81a50f826b523b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 423135
content-encoding: br
last-modified: Wed, 26 Oct 2022 11:46:48 GMT
server: cloudflare
etag: W/"63591e28-1fe9"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mSNeb8ZuTetqOmjtBFQw3bs5wKVMGtg7j6uTSiFRf82XZmCvvA3NNAUjg3k6ftif%2BRcLH9e6e3JBwvsNo8A1yI7g4dSHJxLDNUhKwReUCh30jWja7fxqbRDnbtK0EX9e2qlBUdsjAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a12a8c37ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wp-polyfill.min.js Show response
c0.wp.com/c/6.3/wp-includes/js/dist/vendor/ 16 KB
6 KB 13ms
7ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.3/wp-includes/js/dist/vendor/wp-polyfill.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

4c0ced2cb3830d045cdd74f745fd4d6dcb082d8edd3a9fe46e39295e30cb8032

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 15 Aug 2023 09:45:02 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Tue, 27 Jun 2023 14:24:19 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Wed, 14 Aug 2024 09:45:02 GMT

GET
H2 200 index.min.js Show response
cyble.com/wp-content/plugins/gutenberg/build/hooks/ 4 KB
2 KB 40ms
34ms Script
application/javascript 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/gutenberg/build/hooks/index.min.js?ver=3aee234ea7807d8d70bc

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

24004b1763b0275d5a1d9f66f08616a54b95aeec1f0034766bbb479679a82fc3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 3.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 423135
content-encoding: br
last-modified: Wed, 14 Jun 2023 12:06:14 GMT
server: cloudflare
etag: W/"6489ad36-10a6"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BTyfxJjy6ApKtWUEuIRCKWrG%2F3sAgYrW2NDJEhSRtFAVYzswsYlLuOHb65eVU4XfX3mjGGsF32bEHeih378C1BpiQET0%2BKzIk8N2%2B%2F3kmgb0lFbJX325BlnpDq1ZgbX%2BJPA8Uo1N%2Fw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a12a8e37ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 index.min.js Show response
cyble.com/wp-content/plugins/gutenberg/build/i18n/ 9 KB
4 KB 36ms
30ms Script
application/javascript 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/gutenberg/build/i18n/index.min.js?ver=5baa98e4345eccc97e24

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d743ad07240fdc75d2e2a357b4ff44b334f6d4c53683e31e824aaf61d3bad0c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 423135
content-encoding: br
last-modified: Wed, 14 Jun 2023 12:06:14 GMT
server: cloudflare
etag: W/"6489ad36-227d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=W%2BJ%2FjTLKxUnGUJVYFZsdz628VPqRScE%2FF1TAyiYI58OhqWGyJPWrM2Gb6lacjcRbBum%2FzuoVMHh91hNruQBz%2Bp4r0DpFf6i34%2FC9Z8ba1SE6%2FOjysHerNFd2tfXOGFYUSofBM6%2B0Jg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a12a8f37ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend.min.js Show response
cyble.com/wp-content/plugins/elementor-pro/assets/js/ 24 KB
7 KB 41ms
35ms Script
application/javascript 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.15.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a85ef05aac6b235ced7b52818d4a96d33d8fa778342706baf3d98e3c1335480

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 423135
content-encoding: br
last-modified: Wed, 09 Aug 2023 14:49:27 GMT
server: cloudflare
etag: W/"64d3a777-5f54"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zhyQXACHoAlCyTbJ1QlZsiAnFGOiONJ%2FdRc%2BGbZSXRi%2FRG6w841X2uOqBUNoaVyplYUy38VcKmos58BXo3LV7sLvUAWjCg3j3rdpYVSVqmyV11ydMSX7h%2FjdranvblidAZRIjDDjjg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a12a9237ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 waypoints.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/lib/waypoints/ 12 KB
3 KB 45ms
39ms Script
application/javascript 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 3.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 423135
content-encoding: br
last-modified: Wed, 09 Aug 2023 13:04:42 GMT
server: cloudflare
etag: W/"64d38eea-2fa6"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0b3UGIGGYv%2F0hLmnYslsWO87ghDzPATjYKbjzJZVzjlM3dprTfUhEDZktiqakFFLUQkt%2FNxigmrSdDbr%2BpeOqwI1Q7BXTthgEYbDuGEzxog88UdqmgckCv05nGA16jrhBYMq8trzNw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a12a9637ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 core.min.js Show response
c0.wp.com/c/6.3/wp-includes/js/jquery/ui/ 21 KB
7 KB 13ms
7ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.3/wp-includes/js/jquery/ui/core.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 15 Aug 2023 09:45:02 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Thu, 02 Feb 2023 16:36:32 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Wed, 14 Aug 2024 09:45:02 GMT

GET
H2 200 frontend.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/js/ 40 KB
13 KB 49ms
43ms Script
application/javascript 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.15.2

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

202aa6d8ac6559305e6d1b273941796e5fab95dc0a08f9a9f0e4955afa0b4668

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 423135
content-encoding: br
last-modified: Wed, 09 Aug 2023 13:04:41 GMT
server: cloudflare
etag: W/"64d38ee9-9f2a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HNTS0lWRvVhXjv1Fe%2BNEdARhTmixXcscs%2FV2%2B15hYw54qnUPpaXtQ1lQDRjTqpGYuffcUGki0vUb%2BiixALHkwT1Gv10GtYLSJ7yDTCgsU8YThQsJVn2vy9%2FCpIUYMA8Dm2XL2%2FrwIA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a12a9737ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 elements-handlers.min.js Show response
cyble.com/wp-content/plugins/elementor-pro/assets/js/ 35 KB
9 KB 47ms
41ms Script
application/javascript 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.15.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92aac6fbb4010042167255e7366dcfdb996210351d8a79642490e76fc5a5239b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 423135
content-encoding: br
last-modified: Wed, 09 Aug 2023 14:49:27 GMT
server: cloudflare
etag: W/"64d3a777-8a47"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xCcRcrr9J9%2FoP5FeU8jM5Ej1OC3d7exeDNpOo9CsmJoA3HTsvLOnkt2DETh%2BIiAUQ%2FqlYlRej9xed5JTLDLrja1yzBv24LnxO%2FzJE%2FBELYbFtgHJoSRqHkNO%2B8kcJc468IYrGwDbZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a12a9a37ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/ 97 KB
29 KB 62ms
8ms Script
text/javascript 2600:9000:225e:8a00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js
Requested by: Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:8a00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6d4fdf918e5f7d61986a1ac1727fb35d39e25e7c7e3f7b85d7952c2edc819aef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

X-Amz-Version-Id: H.uP2MNXt3wGJvTQQ05XEvKl1gnqj6Q9
Content-Encoding: gzip
Via: 1.1 b2ba97e9b6a83eff85433dad7f6e6288.cloudfront.net (CloudFront)
Date: Tue, 15 Aug 2023 09:24:04 GMT
Age: 1259
X-Amz-Cf-Pop: FRA60-P4
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Thu, 10 Aug 2023 12:30:15 GMT
Server: AmazonS3
Etag: W/"3c979ce2061afb3028dd4b8b8efab2cf"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: pbJsV9XC2A-1mCYEqjXinOXou928gO59jydkMoBHT-n_oU9sxMRIjA==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 214 KB
78 KB 196ms
113ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

698e225f031df3bc08d251dd42bd8f4080c618fadb6a2959659a6e5ba96fd34c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:03 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79591
x-xss-protection: 0
last-modified: Tue, 15 Aug 2023 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 15 Aug 2023 09:45:03 GMT

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.wp.com/s/poppins/v20/ 8 KB
8 KB 33ms
6ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%7CRoboto%3A500%2C400%2C700&display=fallback&ver=4.2.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts-api.wp.com/
Origin: https://cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 15 Aug 2023 09:45:02 GMT
x-content-type-options: nosniff
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
server: nginx
age: 440846
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 7884
x-xss-protection: 0

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.wp.com/s/roboto/v30/ 15 KB
15 KB 33ms
6ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%7CRoboto%3A500%2C400%2C700&display=fallback&ver=4.2.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts-api.wp.com/
Origin: https://cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 15 Aug 2023 09:45:02 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: nginx
age: 353316
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 15744
x-xss-protection: 0

GET
H2 200 astra.woff
cyble.com/wp-content/themes/astra/assets/fonts/ 3 KB
2 KB 31ms
24ms Font
application/font-woff 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/themes/astra/assets/fonts/astra.woff

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ec7ef7aa5fd1e019f1c26193e95e46d481d4983673936a9dda086705ada6e3d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
Origin: https://cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:02 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 3.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 423135
content-encoding: br
last-modified: Mon, 07 Aug 2023 06:11:19 GMT
server: cloudflare
etag: W/"64d08b07-ce8"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/font-woff
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=c1q4cC3tyCp%2BqLChR8Ogfwtb7gLl%2Ftf%2B%2FW5fVrTzIasXHJDfURmEVmSDeWyWyK1WzA5XIKLkv1W3ytwPkoS5WCHONTJXycCekc9br%2BMztSwcgyaSCYce0y5Yoc9lAY9sRoAip08taQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=604800
cf-ray: 7f7080a17b0437ca-FRA
expires: Wed, 16 Aug 2023 17:16:45 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.wp.com/s/roboto/v30/ 16 KB
16 KB 33ms
6ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%7CRoboto%3A500%2C400%2C700&display=fallback&ver=4.2.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts-api.wp.com/
Origin: https://cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 15 Aug 2023 09:45:02 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: nginx
age: 381276
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 15920
x-xss-protection: 0

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.wp.com/s/roboto/v30/ 15 KB
16 KB 33ms
7ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%7CRoboto%3A500%2C400%2C700&display=fallback&ver=4.2.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts-api.wp.com/
Origin: https://cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 15 Aug 2023 09:45:02 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: nginx
age: 18359
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 15860
x-xss-protection: 0

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.wp.com/s/poppins/v20/ 8 KB
8 KB 32ms
7ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%7CRoboto%3A500%2C400%2C700&display=fallback&ver=4.2.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts-api.wp.com/
Origin: https://cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 2
date: Tue, 15 Aug 2023 09:45:02 GMT
x-content-type-options: nosniff
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
server: nginx
age: 440712
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 7816
x-xss-protection: 0

GET
H2 200 Figure-2-Infection-chain.jpg
cyble.com/wp-content/uploads/2023/08/ 51 KB
51 KB 24ms
24ms Image
image/jpeg 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2023/08/Figure-2-Infection-chain.jpg

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c45b6d7231c3b2e2f4d815c41bb2d3595bc1c02b9233f12b3da4c06175f41e0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:03 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 5.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 65819
content-length: 52114
cf-bgj: h2pri
last-modified: Fri, 11 Aug 2023 06:39:02 GMT
server: cloudflare
etag: "64d5d786-cb92"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/jpeg
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BnHYfVCAKceAjs3%2BnLKB2XA8pwhJt6WdUw%2F4ZJwV0niNu56dwhybNiOHl3yISHFpYLR5aAAAaE0Dc304%2B7s6lfaYqdagxfVxmVad%2FIwJibNCb77Mxj0XtYKx3h87wznozkoIKy9wLg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=604800
accept-ranges: bytes
cf-ray: 7f7080a1cb8437ca-FRA
expires: Fri, 18 Aug 2023 13:02:33 GMT

GET
H2 200 Cyble-Demo.png
cyble.com/wp-content/uploads/2023/06/ 84 KB
84 KB 29ms
29ms Image
image/png 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2023/06/Cyble-Demo.png

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0427349d2020319a07c730eb5c5cb8ee988339b37ea834a0e0e19463d7ff324d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:03 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 3.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 416511
content-length: 85763
last-modified: Mon, 26 Jun 2023 08:04:44 GMT
server: cloudflare
etag: "6499469c-14f03"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qIiroaQH5Bep3qG3sylUufL6fBNgTlGO%2BF8gzIsgtV6hJDGo9N9MRxTX82XOC6z7jIPVHh8h9zkNDMV8L%2BT0KlYW865sGDe0t608bLLj1i1c6jzabFtpNeF2v2Bmgkl2xUl4WSvMRA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=604800
accept-ranges: bytes
cf-ray: 7f7080a1cb8637ca-FRA
expires: Thu, 17 Aug 2023 12:46:36 GMT

GET
H/1.1 200
OK json Show response
forms.hsforms.com/embed/v3/form/21289959/f7da69d1-3801-430f-b109-5f44b65a9326/ 38 KB
7 KB 163ms
147ms XHR
application/json 2606:4700::6811:d2f3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/21289959/f7da69d1-3801-430f-b109-5f44b65a9326/json?hs_static_app=forms-embed&hs_static_app_version=1.3544&X-HubSpot-Static-App-Info=forms-embed-1.3544

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:d2f3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a8a3d7de767ae1c24b8844b17212de39e49c9789e49d19879cca5c032c34c72d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

X-Origin-Hublet: na1
Date: Tue, 15 Aug 2023 09:45:03 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Content-Encoding: br
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: f950fb9e-cf04-4253-afb2-1f9af4dbb02d
Transfer-Encoding: chunked
x-envoy-upstream-service-time: 23
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f950fb9e-cf04-4253-afb2-1f9af4dbb02d
Server: cloudflare
X-Trace: 2B0E66CD8CAC91438B429D2E7CD14AC0721911A5F2000000000000000000
Vary: origin
Access-Control-Allow-Methods: OPTIONS, GET
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://cyble.com
x-evy-trace-virtual-host: all
Access-Control-Expose-Headers: X-Origin-Hublet
Access-Control-Max-Age: 180
Access-Control-Allow-Credentials: false
Cache-Control: max-age=0, no-cache, no-store
X-Robots-Tag: none
Access-Control-Allow-Headers: *
CF-RAY: 7f7080a27a4bbba9-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-tkh7m

GET
H2 200 fa-brands-400.woff2
cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/ 75 KB
75 KB 26ms
26ms Font
application/font-woff2 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2

Requested by

Host: cyble.com
URL: https://cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3
Origin: https://cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:03 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 423135
content-length: 76764
last-modified: Wed, 09 Aug 2023 13:04:42 GMT
server: cloudflare
etag: "64d38eea-12bdc"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/font-woff2
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0B%2FKnoicQNi1ClRWBVZaIIjpB%2FbvUYzTR%2F80T3MmrDt8BvNQPe88dHhohvhzchYlOjl9D5LlXgrdFSSRv7XlxNbHkQjgwI%2Fqv24PBX2z8x2A9IBILn7xq6DP2LrAVeOWL4J8VTJ2kg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=604800
accept-ranges: bytes
cf-ray: 7f7080a28ca837ca-FRA
expires: Wed, 16 Aug 2023 17:07:21 GMT

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/exp/
Redirect Chain

https://s.adroll.com/j/exp/ELNAF2EZDFHJRAP3ODLCUU/index.js
https://s.adroll.com/j/exp/index.js

28 B
785 B

8ms
8ms

Script
application/javascript

2600:9000:225e:8a00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/index.js
Requested by: Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
Protocol: HTTP/1.1
Server: 2600:9000:225e:8a00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

X-Amz-Version-Id: e6mCeG7.PAM9gYrIJBIXJohubS3UVCEK
Date: Mon, 14 Aug 2023 17:24:34 GMT
Via: 1.1 b2ba97e9b6a83eff85433dad7f6e6288.cloudfront.net (CloudFront)
Age: 58830
X-Amz-Cf-Pop: FRA60-P4
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 28
Last-Modified: Thu, 03 Aug 2023 18:30:18 GMT
Server: AmazonS3
Etag: "5816cced8568d223aa09d889f300692b"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 600
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: A9tAJ8tAwC7CgSC7Ny1rPkmy8tcmqycq3riEcfmO6G3z91vBVMwmIQ==

Redirect headers

Date: Mon, 14 Aug 2023 15:07:02 GMT
Via: 1.1 b2ba97e9b6a83eff85433dad7f6e6288.cloudfront.net (CloudFront)
Age: 67081
X-Amz-Cf-Pop: FRA60-P4
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Server: AmazonS3
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/xml
Location: https://s.adroll.com/j/exp/index.js
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: IyIp39iOgohWLlnHeRNw9O--JdfpG_g18K3fvGZ3ADnq7jocZbpPZA==

GET
H2 200 Figure-3-Content-of-ZIP-archive-file.jpg
cyble.com/wp-content/uploads/2023/08/ 54 KB
55 KB 25ms
24ms Image
image/jpeg 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2023/08/Figure-3-Content-of-ZIP-archive-file.jpg

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14c06cfb3fb33ce501743b68ea270a4b78ef9bf7b5f591784d719e6eea7d928b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:03 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 501
content-length: 55446
cf-bgj: h2pri
last-modified: Fri, 11 Aug 2023 06:40:05 GMT
server: cloudflare
etag: "64d5d7c5-d896"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/jpeg
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jAHjWa9cZFaAwkWyVVL9jgPMw2mbBTKwaC%2BW4w2XnX%2Fl65XP3075ew0jVdK3mMBBHwfzHBzrBC7JY4fedxu%2F5DKWiYCOtGZDkWd%2FREzaZtTWuWdwSUMeqlMu4Fl108ynuzAMJao0Cg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=604800
accept-ranges: bytes
cf-ray: 7f7080a31d7a37ca-FRA
expires: Fri, 18 Aug 2023 07:35:49 GMT

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
3 KB 35ms
15ms Script
application/javascript 2606:4700::6810:76be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.1.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:76be , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36a58b231f4bd34d323b5a7da9caf1a2706ecc87ca22a822763b96659043017e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:03 GMT
x-amz-version-id: jPXu6qi.g7uxBjG4s6uCQIhIPiNAy8nk
via: 1.1 b77313059f3d50280ced20238b151620.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 529
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.396/bundles/pixels-release.js&cfRay=7f7073b829d435e5-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 6e582449-665e-421e-bafd-ce83a8ea2730
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 0
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 6e582449-665e-421e-bafd-ce83a8ea2730
last-modified: Mon, 07 Aug 2023 08:57:08 UTC
server: cloudflare
etag: W/"c80164a2fdf0ea90248ff107d11fb350"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-lhvpx
cf-ray: 7f7080a37a3a3617-FRA
x-amz-cf-id: SVmdIfqsNd92pkDYjQpEe1yA6Lwr59kPKg6lKNCypbLFGGJK0EPZQA==
x-hs-target-asset: adsscriptloaderstatic/static-1.396/bundles/pixels-release.js

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 76 KB
22 KB 47ms
25ms Script
application/javascript 2606:4700::6811:61ac
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.usemessages.com/conversations-embed.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.1.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:61ac , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

063565f869727078c5f4e68e351fdacecc0388f9cef40ae9a048fb5db8d900c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:03 GMT
x-amz-version-id: 1Ee09xf75qjAeiT1iyd.upmZJF.F.s7H
via: 1.1 3c43e000c50d5633eb558057710f3c54.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 190
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.13768/bundles/project.js&cfRay=7f707bfed8da92b7-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 38da18ac-97a1-44c3-b6e8-785c5b6d3e85
cache-tag: staticjsapp-conversations-embed-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 0
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 38da18ac-97a1-44c3-b6e8-785c5b6d3e85
last-modified: Mon, 14 Aug 2023 03:02:53 UTC
server: cloudflare
etag: W/"3aa2e52ae64d74923131815885a19b91"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-2zr9h
cf-ray: 7f7080a38ed430d2-FRA
x-amz-cf-id: CY34vr_8PFQL8u-i4gbVpoU2g0jdve1trBqfR0-EJ4-LUjPfzjC3cA==
x-hs-target-asset: conversations-embed/static-1.13768/bundles/project.js

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 62 KB
19 KB 38ms
19ms Script
application/javascript 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.1.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78f8c185c0d8daf604c8d73c29fdc05ba1b1e63b247a78015f6fd779ac8d5026

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
Origin: https://cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-encoding: br
age: 234
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.419/bundles/project.js&cfRay=7f707aedec6ebb97-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"4bae79a6d11743502b7c921ac12a465b"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: web-interactives-embed/static-2.419/bundles/project.js
date: Tue, 15 Aug 2023 09:45:03 GMT
x-amz-version-id: GvUri_yELTbJaahVtlJo44raTXhGqjuj
via: 1.1 f01dafb3bec9893b47152910d47900a4.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 2f2951a4-d0f4-4a99-895c-ace25a45e99a
x-cache: Hit from cloudfront
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 2f2951a4-d0f4-4a99-895c-ace25a45e99a
last-modified: Thu, 10 Aug 2023 11:50:35 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LK3TidVg7fLau9feet5qkHrHm70cmo9%2Fnlu%2BGF%2BcHFw%2BP%2B1C3M8iwNEBQPrafUUV8Hj4P%2FNQWsq3bBU1wsvzH6m5swHIReB%2BcRwLTxHAhUlTT9VBKMBC2K3oin%2BsAANh3zhsQqqB51O%2FhaVI"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-4zxj4
cf-ray: 7f7080a37de5bbdd-FRA
x-amz-cf-id: Blb9LciiL9rclSwpcahUB-B-QygglaPyZ9iMl-6rsM9dilEiujkHRA==

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 540 KB
86 KB 35ms
14ms Script
application/javascript 2606:4700::6811:836e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.1.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:836e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

96ea6b1e986879257e104371bf5f0cb0bf2bb9957a1aa73fa9df8be99aeeb157

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
Origin: https://cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-encoding: br
age: 83248
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1232/bundle/main/lead-flows-release.js&cfRay=7f68903618f9906a-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"039461df2d1d43031520c7d3a853f79e"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=86400, max-age=0
x-hs-target-asset: lead-flows-js/static-1.1232/bundle/main/lead-flows-release.js
date: Tue, 15 Aug 2023 09:45:03 GMT
x-amz-version-id: RIqU3aMZg9szNHjfbC8NSxVkuKgO4.TB
via: 1.1 9dc566ff42777d2cad8483451738f334.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 03fa942b-6dc3-4146-b7e6-8ff83b30430f
x-cache: Hit from cloudfront
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 5
x-evy-trace-route-configuration: listener_https/all
x-request-id: 03fa942b-6dc3-4146-b7e6-8ff83b30430f
last-modified: Thu, 03 Aug 2023 01:17:49 UTC
server: cloudflare
access-control-max-age: 3000
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-ftklr
cf-ray: 7f7080a37ffb9066-FRA
x-amz-cf-id: rp1YFD8eKuAw3xOrGNdrSUmJ7ybZ9Elrkd5s1qtUwCq6kDukA8mzCg==

GET
H2 200 21289959.js Show response
js.hs-analytics.net/analytics/1692092400000/ 66 KB
21 KB 41ms
21ms Script
text/javascript 2606:4700::6810:89ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1692092400000/21289959.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.1.30
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:89ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 193657bba9ec9061d3d4ae939ce49fc051b54585bf5d9f5e795a0c258e6f75f5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:03 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: DVRV8ZRBEE8C2JX5
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 5b976f62-30e0-40d5-b5af-dfa4fe138919
age: 300
x-envoy-upstream-service-time: 22
x-amz-id-2: 2zACFhVWBApV+pRtmt0nJ7NLaS4sDzFB44F03F9PsvVIQ5ggSONgfSPLBQfEaL9Eyf34tu3J4Tg=
x-evy-trace-listener: listener_https
x-request-id: 5b976f62-30e0-40d5-b5af-dfa4fe138919
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 14 Aug 2023 16:13:33 GMT
server: cloudflare
etag: W/"eb2156ad797b2567f94888fa5e5cf49d"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-5wnkk
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 7f7080a37bf5366b-FRA
expires: Tue, 15 Aug 2023 09:45:03 GMT

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/21289959/ 66 KB
20 KB 33ms
15ms Script
text/javascript 2606:4700::6812:18c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/21289959/banner.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.1.30
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:18c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b41b947a0935cf96cf1be1fa7cd5d9f0f34f42e031795bd44b74933c414a028

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:03 GMT
x-amz-version-id: 4KHf3TCRUFzLtpUuz_wrKs4mLy8QjMc5
content-encoding: br
cf-cache-status: HIT
x-amz-request-id: 6RDGTTSKAKHR2CNW
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: a16eeb2b-1d6a-44e7-8676-2c4006abc701
age: 178
x-envoy-upstream-service-time: 45
x-amz-id-2: upvGjBVHu8bl+Hgy8yukmmS7MW5qn4P2s6BMaBWxXSrt3hitEShgODyzKDYeTbrWlz6WD9NSAv0=
x-evy-trace-listener: listener_https
x-request-id: a16eeb2b-1d6a-44e7-8676-2c4006abc701
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 31 Jul 2023 22:46:40 GMT
server: cloudflare
etag: W/"512652c2282e2b8849c3d5dd0b55e0e3"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://cyble.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-2sbs7
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 7f7080a37966bb43-FRA
expires: Tue, 15 Aug 2023 09:47:05 GMT

GET
H2 200 api.min.js Show response
a.omappapi.com/app/js/ 53 KB
19 KB 39ms
14ms Script
application/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.js
Requested by: Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 34f6f75ebed9d8ada5d33eb94f0d79feccb051e308897da31e96cc0751582878

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:03 GMT
content-encoding: br
cdn-edgestorageid: 1080
perma-cache: HIT
cdn-storageserver: DE-676
cdn-cachedat: 08/14/2023 18:43:02
cdn-pullzone: 293267
last-modified: Mon, 14 Aug 2023 18:43:02 GMT
server: BunnyCDN-DE1-1081
cdn-fileserver: 588
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"64da75b6-d3b1"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 3fdf44872618e2dd0f82e9da10486ba4
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

POST
H2 204 collect
region1.google-analytics.com/g/ 0
250 B 49ms
18ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-N9ZXY95EM4&gtm=45Pe3890&_p=1011381812&gdid=dZTNiMT&cid=112100810.1692092703&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1692092703&sct=1&seg=0&dl=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&dt=Cyble%20%E2%80%94%20LummaC%20Stealer%20Leveraging%20Amadey%20Bot%20to%20Deploy%20SectopRAT&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=GT-WKTZW36
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Aug 2023 09:45:03 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cyble.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10996750928/ 3 KB
2 KB 162ms
81ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10996750928/?random=1692092703309&cv=11&fst=1692092703309&bg=ffffff&guid=ON&async=1&gtm=45Pe3890&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&hn=www.googleadservices.com&frm=0&tiba=Cyble%20%E2%80%94%20LummaC%20Stealer%20Leveraging%20Amadey%20Bot%20to%20Deploy%20SectopRAT&did=dZTNiMT&gdid=dZTNiMT&auid=78884733.1692092703&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=GT-WKTZW36

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

4530e7fd7c64af51ec12afca2db573d478770d56f41c17301ee4ab8ee836be7e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Aug 2023 09:45:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1392
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ELNAF2EZDFHJRAP3ODLCUU Show response
d.adroll.com/consent/check/ 453 B
546 B 220ms
129ms Script
application/javascript 2a05:d018:cc3:fe04:6408:9a6e:4d8c:591e
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/ELNAF2EZDFHJRAP3ODLCUU?pv=37753837048.793274&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&_s=983ceb19b8a0538a2275c51916140bd4&_b=2
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d018:cc3:fe04:6408:9a6e:4d8c:591e Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: 5b81b8370348e628e8d63c20ebadb8ada198bfe249e33959833ac6f3fd1fbfa6

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:03 GMT
server: nginx/1.22.1
content-length: 453
content-type: application/javascript

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 72ms
19ms Script
application/x-javascript 2a02:26f0:7100::1720:ee38
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::1720:ee38 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 24 Jul 2023 09:07:54 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=83806
accept-ranges: bytes
content-length: 4862

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 138ms
45ms Script
text/javascript 2a00:1450:4001:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 15 Aug 2023 09:44:23 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 40
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Tue, 15 Aug 2023 11:44:23 GMT

GET
H2 200 21289959.js Show response
js.hs-scripts.com/ 3 KB
799 B 20ms
19ms Script
application/javascript 2606:4700::6812:893b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/21289959.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:893b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

44b2056efc68f55c87e8095357d62bcb713b8702fcfc3e914db43e61f66e884e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:03 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-hubspot-correlation-id: 21f0f88b-2dd7-4bf5-8072-255a6d6a425f
x-evy-trace-route-service-name: envoyset-translator
cf-polished: origSize=2948
age: 26
x-envoy-upstream-service-time: 4
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 21f0f88b-2dd7-4bf5-8072-255a6d6a425f
cf-bgj: minify
last-modified: Tue, 15 Aug 2023 09:44:37 GMT
server: cloudflare
x-trace: 2BCDCD75B29975520102C4006D55489627DCD32FA2000000000000000000
access-control-max-age: 3600
vary: origin, Accept-Encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://cyble.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-6c94986c56-8d65k
cache-control: public, max-age=60
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
cf-ray: 7f7080a4280a3643-FRA
expires: Tue, 15 Aug 2023 09:46:03 GMT

GET
H2 200 hf2o0cm7gp Show response
www.clarity.ms/tag/ 1023 B
1 KB 194ms
146ms Script
application/x-javascript 2620:1ec:46::42
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/hf2o0cm7gp?ref=gtm2
Requested by: Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:46::42 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 780efc2325fdae206fbfbf6d34eb2a115a096171c0617627578b1a1bdc2f9594

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

expires: -1
date: Tue, 15 Aug 2023 09:45:03 GMT
x-azure-ref: 20230815T094503Z-da9x42dp110yhaky0kxuvvnphw00000007ng00000001e87u
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 1023
request-context: appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 183 KB
68 KB 52ms
51ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-361856552&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

8514badfdd8a07145ec501dec708908fc1524ee22a9dae2ac8aeaa2bc6e7eada

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:03 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 69717
x-xss-protection: 0
last-modified: Tue, 15 Aug 2023 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 15 Aug 2023 09:45:03 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
116 B 19ms
8ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&blog=221651828&post=21411&tz=-4&srv=cyble.com&hp=atomic&ac=2&amp=0&j=1%3A12.5-a.7&host=cyble.com&ref=&fcp=357&rand=0.11155838811853114
Requested by: Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 15 Aug 2023 09:45:03 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 wp-emoji-release.min.js Show response
cyble.com/wp-includes/js/ 18 KB
5 KB 40ms
40ms Script
application/javascript 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-includes/js/wp-emoji-release.min.js?ver=6.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:03 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 423135
content-encoding: br
last-modified: Thu, 02 Feb 2023 00:53:25 GMT
server: cloudflare
etag: W/"63db0985-4904"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ksqqDR9uLb5G1s0PtxMKMd%2Bx5fHiL8XLESzdeeoPSOxnZu6kts7Vhn8CcDZKbCjUthCmaI3YuTOJXTFUiv6kT10YutEbjyDHHRy6Wp6lPbOI6GXDewJIgisziSImy5yIBoEVlxRjxQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080a44f0f37ca-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 / Show response
cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/ 4 KB
2 KB 41ms
41ms XHR
application/json 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/?relatedposts=1

Requested by

Host: cyble.com
URL: https://cyble.com/wp-content/plugins/jetpack/_inc/build/related-posts/related-posts.min.js?ver=20211209

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b04a66a7c17bad4489e4e53c676672de567546b9b4eb41f9a698c4959ddf3e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
x-requested-with: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

cf-edge-cache: cache,platform=wordpress
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
date: Tue, 15 Aug 2023 09:45:03 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
x-ac: 2.hhn _atomic_ams HIT
x-nananana: Batcache-Set
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
host-header: WordPress.com
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 15 Aug 2023 09:41:55 GMT
server: cloudflare
vary: Accept-Encoding, Cookie
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FPKnbx28oOfrJcjq9G2jeGVRwCaPhNiznpj1Y%2BWP8HnoVkcPxHJT%2BjtOE1tRyWvh4WfiYURyCYrO039msK3KpUVOeMwMiTeYU598pX7PnT0gBo2Kbng%2FY6lxT9q5bf8%2Fg3ZtRNC4hA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=300, must-revalidate
cf-apo-via: origin,no-cache
cf-ray: 7f7080a44f1337ca-FRA

GET
H2 200 v2.js Show response
js.hsforms.net/forms/ Frame 9B5D 526 KB
164 KB 24ms
22ms Script
application/javascript 2606:4700::6810:b841
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:b841 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

250dc46c1691ff969d5ea984b282e46403885ec806ed96ac3ee301db043a1a4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-encoding: br
age: 255
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3544/bundles/project-v2.js&cfRay=7f707a69ee2c18e7-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"0b631c5c17436fe9a934a378374d7e4a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.3544/bundles/project-v2.js
date: Tue, 15 Aug 2023 09:45:03 GMT
x-amz-version-id: 2tqrkyXrj45cp.Q0BoEeKReD9HeN0VyM
via: 1.1 dfc1931cc62ecd4133c2b9bdae1bb476.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: f33d0b99-59e2-491a-ad50-a1e4ed1b8eb4
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: f33d0b99-59e2-491a-ad50-a1e4ed1b8eb4
last-modified: Fri, 11 Aug 2023 02:53:20 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ST9myQ%2FfS%2FUtiTgzWExEZ1Jc%2FalspOL14jTsY1PkeZnveuzOQYN5aPEzU41W9yxen%2Bi28EjMISssPFJaM29jIFivtpokx45Zgj8MgfYLuxvyfmuvQoXDtJeG39yyXd1XbufIqketDpRFfd8%2B"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-4skbg
cf-ray: 7f7080a478b435ea-FRA
x-amz-cf-id: KkCuTEQXLbdJWtE75SP0RjBuaaukvIuntlP6YWN8A4xtJoz2rYUojQ==

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 75 KB
24 KB 17ms
15ms Script
text/javascript 2600:9000:225e:8a00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:8a00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0e7ad47a4bc6ddbb17cb8cbe6167dae4717d0b5962a1d63de2e93e6dc201b9e8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

X-Amz-Version-Id: 2W0nFhLgp3U9gUvvEzXT9GuNEpd6A6yg
Content-Encoding: gzip
Via: 1.1 b2ba97e9b6a83eff85433dad7f6e6288.cloudfront.net (CloudFront)
Date: Tue, 15 Aug 2023 08:25:29 GMT
Age: 4775
X-Amz-Cf-Pop: FRA60-P4
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Thu, 03 Aug 2023 19:17:31 GMT
Server: AmazonS3
Etag: W/"67e54a60303cfbf4c3b977aa390ad408"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: 6_194i2y3HHGcpDqkVTi3QJsbM8Kx035G9SbEz2YBY26Bu35PPelwg==

OPTIONS
H2 200 public
api.hubspot.com/livechat-public/v1/message/ Frame 0
0 126ms
125ms Preflight
text/plain 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubspot.com/livechat-public/v1/message/public?portalId=21289959&conversations-embed=static-1.13768&mobile=false&messagesUtk=e8077b42efcc4ac485671c8485afa4dd&traceId=e8077b42efcc4ac485671c8485afa4dd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: x-hubspot-messages-uri
Access-Control-Request-Method: GET
Origin: https://cyble.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://cyble.com
allow: HEAD,GET,OPTIONS
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7f7080a4e81dbbdd-FRA
content-length: 18
content-type: text/plain; charset=utf-8
date: Tue, 15 Aug 2023 09:45:03 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZqopS%2BPFXgyBQC0t2Y6NtNTlwuEQYQYO6h7jrsul393lGvAgWY%2Bc%2FNoKLpTzn5DKE7zcJUsJLkGX6SYrtHwb79aK9aVlmhi9fMwJOWoM7cmyaPbya0iCtmv5hR9Pc4INU7mVJgZno%2Fqf6Al24Q%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 3
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-6c94986c56-92rgm
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: ea14b957-300c-47f8-92ec-2ab777fda8d6
x-request-id: ea14b957-300c-47f8-92ec-2ab777fda8d6
x-trace: 2BC3A76D507E653F9DD0B2C149C5BFDA82CC97C99B000000000000000000

GET
H2 200 public Show response
api.hubspot.com/livechat-public/v1/message/ 3 KB
2 KB 204ms
204ms XHR
application/json 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

90092ab97482291d2c18c7d300fb586cc2fe0cf87d0b1c41a220a2a369ac85e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
accept-language: de-DE,de;q=0.9
X-HubSpot-Messages-Uri: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:03 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 8ead7779-3a3a-4383-b840-e1eb619d60d3
x-envoy-upstream-service-time: 83
alt-svc: h3=":443"; ma=86400
content-length: 1358
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 8ead7779-3a3a-4383-b840-e1eb619d60d3
server: cloudflare
x-trace: 2BD8186C51BB45A7E1919E250BD0D8920F3B98A2BA000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://cyble.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-6c94986c56-6t8fr
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zSicnF37ut%2FoSBAZizdkk19sI%2FCz%2BUcnZvuM0UPLKoZCoYpmqKZSlzI%2F94%2F8OJ%2B8bXh7bUe0aBtCD3iwcOcM7dxmWTh02YiQ2rYhH5DIaprDviSlDwhcDXNznYa2Qstv5xDmMdACKyLk22p5Jg%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7f7080a5a95ebbdd-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 136 B
1 KB 138ms
124ms Fetch
application/json 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=21289959&currentUrl=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0268b589d424a686ee986465b7917ac6c852be4fd6908331002878205beee576

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: f27fdeb9-1a19-44d2-a1b8-415bf5c81615
content-encoding: br
x-envoy-upstream-service-time: 8
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f27fdeb9-1a19-44d2-a1b8-415bf5c81615
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://cyble.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: true
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zIHA%2BNaeGYQmOJ6DWndWnS6cnpJxYdamBoxHOg3937ij8mQbyI1OyzOtuBzDRKUv5SuGgCLaAfmqoOT1lDY63fuBJPSdDYpes16Mfp4gBwxM3rmDf9iylSEQW08tP6pl85e8ZQLyWTit9k4bzRcPb9%2BQ1oGoWNouTFo%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 7f7080a50863bbdd-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-fz7bv

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 114 B
1 KB 171ms
140ms XHR
application/json 2606:4700::6811:cbcc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=21289959

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:cbcc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

90b705145ef82e9d8493aae55c9bfb3200ec0620c8946b20b0b28366557d6a4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 57972103-c917-46d4-b9a2-29acea622e5f
content-encoding: br
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 57972103-c917-46d4-b9a2-29acea622e5f
server: cloudflare
x-trace: 2B45DED7363D4A103C1E399BA612B392F6AB451AB1000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://cyble.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-6c94986c56-kl852
access-control-max-age: 180
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=EpNBygzIM845hRBRgKTejarOoI%2Bp78XX2Ih8yUKAe%2Bd5BvWkDZwXpOciaLpsqa6yz6ZBjSAVIyAohmLx6s1RYlkD7FwXWuDuSbCWgqLANhFDPrxEvUv5rg1i6c6f1YsW9RExZjljq4l3XovG"}],"group":"cf-nel","max_age":604800}
cf-ray: 7f7080a538ef90fe-FRA
access-control-allow-headers: *

GET
H2 200 api.min.css
a.omappapi.com/app/js/ 10 KB
3 KB 12ms
12ms Stylesheet
text/css 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.css
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 721cc9150c432bbc0b113c4fb7c04e920d1392cc7b53bb17c233758faecdc500

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:03 GMT
content-encoding: br
cdn-edgestorageid: 1082
perma-cache: HIT
cdn-storageserver: DE-679
cdn-cachedat: 08/14/2023 18:43:53
cdn-pullzone: 293267
last-modified: Mon, 14 Aug 2023 18:42:55 GMT
server: BunnyCDN-DE1-1081
cdn-fileserver: 599
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"64da75af-2644"
vary: Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 414c4eebb5753a988db38926052f5ca5
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 text-editor.2c35aafbe5bf0e127950.bundle.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/js/ 1 KB
1 KB 32ms
31ms Script
application/javascript 2606:4700:20::681a:7b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/js/text-editor.2c35aafbe5bf0e127950.bundle.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.15.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:7b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ab3befdd3eec3313f82916c4d24f2c0e6cf2255b23c648f4528bbc1de1bb8efc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:03 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 423135
content-encoding: br
last-modified: Wed, 09 Aug 2023 13:04:41 GMT
server: cloudflare
etag: W/"64d38ee9-550"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=6umFOnCCPHcikyI3LsHTmuJ%2F3G1h6Ee1g4jzNJsmTMgpJXyROAEeDZULLwNWmiisGeSG8fiiiZmA%2BN8qbLCHMCQawR1DdDbvim%2Fb%2BUAyc3TKSqO%2FAUqth7194vHz7jeUitQkfiS1ZA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=604800
cf-ray: 7f7080a5588737ca-FRA
expires: Wed, 16 Aug 2023 17:16:02 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
54 B 28ms
27ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-361856552&gtm=45je3890&_p=1011381812&cid=112100810.1692092703&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1692092703&sct=1&seg=0&dl=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&dt=Cyble%20%E2%80%94%20LummaC%20Stealer%20Leveraging%20Amadey%20Bot%20to%20Deploy%20SectopRAT&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-361856552&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Aug 2023 09:45:03 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cyble.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/4053396/domain/cyble.com/ 36 B
374 B 51ms
8ms XHR
application/json 2600:9000:20eb:5600:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/4053396/domain/cyble.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:5600:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:25:35 GMT
content-encoding: gzip
via: 1.1 e86025dac63232624d2273c5fd256ce4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 1168
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: QznbiY1C-0mI3yMO4n69ci2U7fVlXYVl1Cd3yk6_Ah335THDNK2PuQ==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1692092703631&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1692092703631&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4053396%26time%3D1692092703631%26url%3Dhttps%253A%252F%252Fcyble.com%252Fblog%252...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1692092703631&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&cookiesTest=true&liSyn...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1692092703631&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&cookiesTest=true&liSy...

0
265 B

218ms
181ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1692092703631&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&cookiesTest=true&liSync=true&e_ipv6=AQIfiJBq0svjKAAAAYn4labGQ681tToFjf7nQTWskrh_yRjTOCJX0lPjMw1_sSoyPictgpam
Requested by: Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:04 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 1683B4A130254D909FE982CC299AC0E3 Ref B: FRAEDGE1915 Ref C: 2023-08-15T09:45:04Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYC8wiXX7/Sg/cOGfWndw==

Redirect headers

date: Tue, 15 Aug 2023 09:45:04 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 7B1018C766BB40809B26D9D7725D5406 Ref B: FRAEDGE1907 Ref C: 2023-08-15T09:45:04Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1692092703631&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&cookiesTest=true&liSync=true&e_ipv6=AQIfiJBq0svjKAAAAYn4labGQ681tToFjf7nQTWskrh_yRjTOCJX0lPjMw1_sSoyPictgpam
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYC8wiTXmvx+J7n5ssnEA==

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
626 B 130ms
119ms Image
image/gif 2606:4700::6811:d2f3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:d2f3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:03 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: f8a4fdbb-c6d2-43e3-98a2-d0240e5e29f0
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f8a4fdbb-c6d2-43e3-98a2-d0240e5e29f0
server: cloudflare
x-trace: 2B1CC72940F7AE9FC13AB1B2E00278C9DC86EE6196000000000000000000
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-6xsfj
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 7f7080a62ac39113-FRA

GET
H2 200 /
www.google.com/pagead/1p-user-list/10996750928/ 42 B
455 B 140ms
51ms Image
image/gif 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10996750928/?random=1692092703309&cv=11&fst=1692090000000&bg=ffffff&guid=ON&async=1&gtm=45Pe3890&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&frm=0&tiba=Cyble%20%E2%80%94%20LummaC%20Stealer%20Leveraging%20Amadey%20Bot%20to%20Deploy%20SectopRAT&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=910567269&rmt_tld=0&ipr=y

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Aug 2023 09:45:03 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/10996750928/ 42 B
455 B 139ms
51ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/10996750928/?random=1692092703309&cv=11&fst=1692090000000&bg=ffffff&guid=ON&async=1&gtm=45Pe3890&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&frm=0&tiba=Cyble%20%E2%80%94%20LummaC%20Stealer%20Leveraging%20Amadey%20Bot%20to%20Deploy%20SectopRAT&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=910567269&rmt_tld=1&ipr=y

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Aug 2023 09:45:03 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
205 B 53ms
52ms XHR
text/plain 2a00:1450:4001:81c::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1011381812&t=pageview&_s=1&dl=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&ul=en-us&de=UTF-8&dt=Cyble%20%E2%80%94%20LummaC%20Stealer%20Leveraging%20Amadey%20Bot%20to%20Deploy%20SectopRAT&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAAABAAAAAC~&jid=1309238876&gjid=1659913582&cid=112100810.1692092703&tid=UA-201575643-1&_gid=463195032.1692092704&_r=1&_slc=1&gtm=45He3890n81PMWT557&z=1013417752

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 15 Aug 2023 09:45:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cyble.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK consent_tcfv2.js Show response
s.adroll.com/j/ 418 KB
56 KB 10ms
9ms Script
text/javascript 2600:9000:225e:8a00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/consent_tcfv2.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:8a00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 47e5ff66931402cb5755d7eed98a6d23ee556a7f8e9c1dd340d351c27f669a0f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

X-Amz-Version-Id: wD7IUQmRA9PUuld8lU58FBeuMlOqC6p6
Content-Encoding: gzip
Via: 1.1 b2ba97e9b6a83eff85433dad7f6e6288.cloudfront.net (CloudFront)
Date: Tue, 15 Aug 2023 09:42:34 GMT
Age: 162
X-Amz-Cf-Pop: FRA60-P4
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Wed, 05 Jul 2023 21:39:27 GMT
Server: AmazonS3
Etag: W/"3306a47faf7223d93fb356e8a73d1942"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: 26nJ5n5qQnylLXh2DF3vDKTRSByrbKi9xAYLT9zzc0krzeeR8xltOg==

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.10/ 57 KB
24 KB 22ms
21ms Script
application/javascript 2620:1ec:46::42
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.10/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/hf2o0cm7gp?ref=gtm2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:46::42 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: ac158fd98a25872b4a494ed3c5a5da9f92eba989c397cab46bf8c8a7b04bc514

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:03 GMT
content-encoding: br
last-modified: Sun, 13 Aug 2023 16:15:47 GMT
etag: W/"0x8DB9C188E07583A"
vary: Accept-Encoding
x-azure-ref: 20230815T094503Z-da9x42dp110yhaky0kxuvvnphw00000007ng00000001e89b
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: e90a9de2-c01e-0066-08a9-ce61fb000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28

GET
H/1.1 200
OK counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
1016 B 158ms
126ms Image
image/gif 2606:4700::6811:d4f3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:d4f3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 15 Aug 2023 09:45:03 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 8977f73a-414d-4379-8df1-32e59da444c8
x-envoy-upstream-service-time: 1
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 8977f73a-414d-4379-8df1-32e59da444c8
Server: cloudflare
X-Trace: 2BAD8A3376C4EAB8E770895D0B3DC0C63B342F10C1000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-d2gnr
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 7f7080a6b81d1963-FRA

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
342 B 58ms
18ms XHR
text/plain 2a00:1450:400c:c0a::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-201575643-1&cid=112100810.1692092703&jid=1309238876&gjid=1659913582&_gid=463195032.1692092704&_u=YADAAAAAAAAAAC~&z=527035495

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0a::9d Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 15 Aug 2023 09:45:03 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cyble.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
1 KB 148ms
127ms Image
image/gif 2606:4700::6811:d2f3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:d2f3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 15 Aug 2023 09:45:03 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 2eff744c-51b8-420a-8860-346327fbbac5
x-envoy-upstream-service-time: 1
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 2eff744c-51b8-420a-8860-346327fbbac5
Last-Modified: Tue, 15 Aug 2023 09:45:03 GMT
Server: cloudflare
X-Trace: 2BB25F87A63B16FFC66E3828CE51BED80944D9A2FB000000000000000000
Vary: origin, Accept-Encoding
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-d2gnr
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
X-Robots-Tag: none
CF-RAY: 7f7080a6a9713a9a-FRA

GET
H/1.1 200
OK nextroll-32x32.png
s.adroll.com/i/favicon/ 2 KB
2 KB 9ms
9ms Image
image/png 2600:9000:225e:8a00:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.adroll.com/i/favicon/nextroll-32x32.png
Requested by: Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:8a00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

X-Amz-Version-Id: eTpwxbAIDHDUN.4tfrROIgU_pzKN9Xh0
Date: Mon, 14 Aug 2023 17:25:00 GMT
Via: 1.1 b2ba97e9b6a83eff85433dad7f6e6288.cloudfront.net (CloudFront)
Age: 58825
X-Amz-Cf-Pop: FRA60-P4
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 1615
Last-Modified: Mon, 28 Jun 2021 18:19:21 GMT
Server: AmazonS3
Etag: "403a0a7dcf2d617e7ea852bfb9d11945"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 600
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: J7QrGc7LQTrbHEkvczGzRifXrrYOjEJpdiBdUs8NOO-OJ0inc33Vhg==

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10996750928/ 3 KB
2 KB 82ms
81ms Script
text/javascript 2a00:1450:4001:806::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10996750928/?random=1692092703858&cv=11&fst=1692092703858&bg=ffffff&guid=ON&async=1&gtm=45Pe3890&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&hn=www.googleadservices.com&frm=0&tiba=Cyble%20%E2%80%94%20LummaC%20Stealer%20Leveraging%20Amadey%20Bot%20to%20Deploy%20SectopRAT&did=dZTNiMT&gdid=dZTNiMT&auid=78884733.1692092703&uamb=0&uaw=0&data=event%3DClarity%3BeventCategory%3DClarity%3BeventAction%3Dgh8gkv%3BnonInteraction%3Dtrue%3Bclaritydimension%3Dhttps%3A%2F%2Fclarity.microsoft.com%2Fga%2Fhf2o0cm7gp%2Fd6llsr%2Fgh8gkv&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=GT-WKTZW36

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ce39fcd979d1cde4b4cea4770bccea37471096ce0fc1dfe23c39e072488d5b36

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Aug 2023 09:45:03 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1468
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 10996750928
google.com/ccm/form-data/ 0
241 B 158ms
79ms Ping
text/plain 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://google.com/ccm/form-data/10996750928?gtm=45Pe3890&hn=www.googleadservices.com&did=dZTNiMT&gdid=dZTNiMT&auid=78884733.1692092703&ec_mode=a&uamb=0&uaw=0&em=tv.1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=GT-WKTZW36
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Aug 2023 09:45:04 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cyble.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 e8077b42efcc4ac485671c8485afa4dd Show response
app.hubspot.com/conversations-visitor/21289959/threads/utk/ Frame DDDD 53 KB
20 KB 204ms
182ms Document
text/html 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/conversations-visitor/21289959/threads/utk/e8077b42efcc4ac485671c8485afa4dd?uuid=e215c90752084a10bd2c632d49b3082b&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=cyble.com&inApp53=false&messagesUtk=e8077b42efcc4ac485671c8485afa4dd&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

291c58b03e240b281d1a39c17971111822353b0b9bf42ee1bb921267b001c521

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: false
age: 1512
alt-svc: h3=":443"; ma=86400
cache-control: max-age=600
cache-tag: staticjsapp-conversations-visitor-ui-web-prod,staticjsapp-prod
cf-cache-status: DYNAMIC
cf-ray: 7f7080a77f5a9b5e-FRA
content-encoding: br
content-security-policy-report-only: script-src 'self' www.hubspot.com *.hsappstatic.net *.hs-analytics.net *.hs-banner.com *.hsforms.net *.hsleadflows.net *.hs-scripts.com *.hubspotfeedback.com *.usemessages.com js.hubspot.com *.hsadspixel.net *.hscollectedforms.net js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.google-analytics.com www.googletagmanager.com data: 'unsafe-inline' 'unsafe-eval' blob: connect.facebook.net www.gstatic.cn www.gstatic.com www.google.com www.recaptcha.net *.fullstory.com fullstory.com apis.google.com snap.licdn.com; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-visitor-ui/static-1.16230/html/index.html&cfRay=7f7080a77f5a9b5e&reqUrl=https%3A%2F%2Fapp.hubspot.com%2Fconversations-visitor%2F21289959%2Fthreads%2Futk%2Fe8077b42efcc4ac485671c8485afa4dd%3Fuuid%3De215c90752084a10bd2c632d49b3082b%26mobile%3Dfalse%26mobileSafari%3Dfalse%26hideWelcomeMessage%3Dfalse%26hstc%3Dnull%26domain%3Dcyble.com%26inApp53%3Dfalse%26messagesUtk%3De8077b42efcc4ac485671c8485afa4dd%26url%3Dhttps%253A%252F%252Fcyble.com%252Fblog%252Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%252F%26inline%3Dfalse%26isFullscreen%3Dfalse%26globalCookieOptOut%3Dnull%26isFirstVisitorSession%3Dtrue%26isAttachmentDisabled%3Dtrue%26isInitialInputFocusDisabled%3Dfalse%26enableWidgetCookieBanner%3Dfalse%26isInCMS%3Dfalse&referrer=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&cfenv=prod&pdt=2023-08-15&csp=ro
content-type: text/html; charset=utf-8
date: Tue, 15 Aug 2023 09:45:04 GMT
etag: W/"856daf281fa4c5f85d7860c788f15532"
last-modified: Mon, 14 Aug 2023 03:02:53 UTC
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=7f7080a77f5a9b5e&resource=conversations-visitor-ui/static-1.16230/html/index.html"
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin, Accept-Encoding
via: 1.1 76e55a2361219fb19722e949475d1844.cloudfront.net (CloudFront)
x-amz-cf-id: UsfrLlnsUuyiCo1QVM0ydCI57LoQL3YxvDR2Ta71BVMrRs9qUZ8U9A==
x-amz-cf-pop: IAD12-P3
x-amz-replication-status: COMPLETED
x-amz-server-side-encryption: AES256
x-amz-version-id: WkQTyx07QltP6NZwR2K.3gJmkvLrjd7_
x-cache: Hit from cloudfront
x-content-type-options: no-sniff
x-envoy-upstream-service-time: 6
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-9brf5
x-evy-trace-virtual-host: all
x-hs-cache-status: MISS
x-hs-target-asset: conversations-visitor-ui/static-1.16230/html/index.html
x-hs-worker-debug-mode: false
x-hubspot-correlation-id: 69b1fe82-1b2a-4ebf-b4c2-27e12bef42cb
x-request-id: 69b1fe82-1b2a-4ebf-b4c2-27e12bef42cb

POST
H/1.1 204
No Content collect Show response
y.clarity.ms/ 0
289 B 328ms
108ms XHR
text/plain 104.211.35.148
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://y.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.10/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.211.35.148 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://cyble.com
Date: Tue, 15 Aug 2023 09:45:04 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0

GET
H2 200 /
www.google.com/pagead/1p-user-list/10996750928/ 42 B
108 B 54ms
52ms Image
image/gif 2a00:1450:4001:809::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10996750928/?random=1692092703858&cv=11&fst=1692090000000&bg=ffffff&guid=ON&async=1&gtm=45Pe3890&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&frm=0&tiba=Cyble%20%E2%80%94%20LummaC%20Stealer%20Leveraging%20Amadey%20Bot%20to%20Deploy%20SectopRAT&data=event%3DClarity%3BeventCategory%3DClarity%3BeventAction%3Dgh8gkv%3BnonInteraction%3Dtrue%3Bclaritydimension%3Dhttps%3A%2F%2Fclarity.microsoft.com%2Fga%2Fhf2o0cm7gp%2Fd6llsr%2Fgh8gkv&fmt=3&is_vtc=1&random=1226438295&rmt_tld=0&ipr=y

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Aug 2023 09:45:03 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/10996750928/ 42 B
108 B 53ms
51ms Image
image/gif 2a00:1450:4001:82f::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/10996750928/?random=1692092703858&cv=11&fst=1692090000000&bg=ffffff&guid=ON&async=1&gtm=45Pe3890&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&frm=0&tiba=Cyble%20%E2%80%94%20LummaC%20Stealer%20Leveraging%20Amadey%20Bot%20to%20Deploy%20SectopRAT&data=event%3DClarity%3BeventCategory%3DClarity%3BeventAction%3Dgh8gkv%3BnonInteraction%3Dtrue%3Bclaritydimension%3Dhttps%3A%2F%2Fclarity.microsoft.com%2Fga%2Fhf2o0cm7gp%2Fd6llsr%2Fgh8gkv&fmt=3&is_vtc=1&random=1226438295&rmt_tld=1&ipr=y

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Aug 2023 09:45:03 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 bundle.production.js Show response
static.hsappstatic.net/head-dlb/static-1.368/ Frame DDDD 44 KB
16 KB 42ms
21ms Script
application/javascript 2606:4700::6812:8d65
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/head-dlb/static-1.368/bundle.production.js

Requested by

Host: app.hubspot.com
URL: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/e8077b42efcc4ac485671c8485afa4dd?uuid=e215c90752084a10bd2c632d49b3082b&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=cyble.com&inApp53=false&messagesUtk=e8077b42efcc4ac485671c8485afa4dd&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8d65 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

15da0333da024365f065c44b1861355fac0211292dd57a0bb5f482ebcd166f4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.hubspot.com/
Origin: https://app.hubspot.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:04 GMT
x-amz-version-id: wWLMJ6qW0lXJfco2m026CzodYMop32jV
via: 1.1 bbd2abbdb134a9d53c0a12f6566e69fe.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA56-P2
age: 569528
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 11 Jul 2023 18:31:41 GMT
server: cloudflare
etag: W/"63ec2a77119dfb2ddcae56ab3a029230"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: https://app.hubspot.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Uj1n0m2pGNiGHm16gFb5FjjXc25WhrRwuUx1kGN2eIDoaytVb1HbJwuX6Qzy45WhG%2FRFW26Ebtpr7qla8rfS4IxX8%2FCbvyeHpGZRTr1RRaVa8fo6jZTuv%2BKZUP%2FcarKsduTBG93ANIgz8raNzujxOcs7eT0%3D"}],"group":"cf-nel","max_age":604800}
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-credentials: true
cache-control: public, max-age=31536000
cf-ray: 7f7080a8ea9a3647-FRA
x-amz-cf-id: JFR8VfWVKhvRJcmPXKmn0XRXtPCFnpkXcVMrZjGlOWYsmInFS6vNJg==
expires: Wed, 14 Aug 2024 09:45:04 GMT

GET
H2 200 visitor.css
static.hsappstatic.net/conversations-visitor-ui/static-1.14945/sass/ Frame DDDD 20 KB
4 KB 52ms
23ms Stylesheet
text/css 2606:4700::6812:8d65
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/conversations-visitor-ui/static-1.14945/sass/visitor.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8d65 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36d655313c51c3540e79a4ed3bff5be86110779b4e25043a6e78150a58cdbc66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:04 GMT
x-amz-version-id: eTttM9S_vWGkXsa3G13R54bOHuRyRlPL
via: 1.1 1f900b337ea9504d5ab682a36992a20c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: MCT50-P1
age: 1607591
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 06 Mar 2023 22:24:16 GMT
server: cloudflare
etag: W/"8b2053a9d9199e217c1f3e61d80f5d90"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CtEExBy7NRXWVSdo%2Bbk2U4c%2BVL1WV6JFeL01Frw8uI1Lvt%2BTFPPh46Eu9iiCiOyptT%2BoboZkpYfiBHJgkWA1Pi6av9KEYZrLQssNC84A3xVoHv0Z1dzYWOmW3Ahn8JUkc7yIQOKD0de6wJ7dxMnP0qAPsYQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 7f7080a8fc409a1b-FRA
x-amz-cf-id: 7Dg_CYJYJuWWk5_sm6U4nmYNfwVgr4G2VGth1dvo77Dttp3e6oKILw==
expires: Wed, 14 Aug 2024 09:45:04 GMT

GET
H2 200 bundle.production.js Show response
static.hsappstatic.net/hubspot-dlb/static-1.438/ Frame DDDD 295 KB
94 KB 40ms
20ms Script
application/javascript 2606:4700::6812:8d65
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/hubspot-dlb/static-1.438/bundle.production.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8d65 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

abb67ec9baf00b771641b3e783f5511c58621d346ee890fe8b82139b9d7c1005

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.hubspot.com/
Origin: https://app.hubspot.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:04 GMT
x-amz-version-id: QR.7BVVxWRX648zgagdsk0.3qbRZHX6u
via: 1.1 21c2c1b3872c539a34b64bcf45f4054c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA56-P2
age: 1767543
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 25 Jul 2023 10:27:02 GMT
server: cloudflare
etag: W/"e1432fc848986a403838f2466a71736c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: https://app.hubspot.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=s2vy369632Q4iX%2BKE7ulWfWQEZREb723dC2VHulpas86k7yw1OmBkTwvhc%2B5qhYCY3E6Ux11Z%2Bv%2BHW8M9qw2hnIR6%2BhKoRWDnKiQcSfOqxBst4wuGinImz50BLu%2FFyFODnOWsRfi8WClh%2B15NC6pjcvZKhM%3D"}],"group":"cf-nel","max_age":604800}
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-credentials: true
cache-control: public, max-age=31536000
cf-ray: 7f7080a8ea9d3647-FRA
x-amz-cf-id: pVnMBYj9URv8jvM5unTdl29NjQ0nw7jc0BCI7YECQF8ffjd2ZNof7g==
expires: Wed, 14 Aug 2024 09:45:04 GMT

GET
H2 200 visitor.js Show response
static.hsappstatic.net/conversations-visitor-ui/static-1.16230/bundles/ Frame DDDD 614 KB
180 KB 42ms
21ms Script
application/javascript 2606:4700::6812:8d65
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/conversations-visitor-ui/static-1.16230/bundles/visitor.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8d65 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0f152892ff9caa3f07c549aa58404e15330ae4aefadf62941c531e42991480d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.hubspot.com/
Origin: https://app.hubspot.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:04 GMT
x-amz-version-id: 1q.UPishHUVc7nSSznDsc5JiO2fG4O26
via: 1.1 4cc2a0a7eb7d5483edc69be298297f9e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: AMS54-C1
age: 67320
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 14 Aug 2023 14:01:52 GMT
server: cloudflare
etag: W/"210dfb947875c25e6e6e66f80cf1fc24"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: https://app.hubspot.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2pIlmW4hTJj3lcurZm8ky0lnbhh9kCkG5G8uuY6EL9Y40krrm5yQjkZyTI8rwREbfF48gT61Sn1YxxdRiJqFGihwNGclTxjg5rt0LyVq1taE%2FHIEYj6MC1wDpVc4ioZ2Jj%2BlB8%2FteRvv0CXY6%2B8IEfHqbWc%3D"}],"group":"cf-nel","max_age":604800}
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-credentials: true
cache-control: public, max-age=31536000
cf-ray: 7f7080a8eaa03647-FRA
x-amz-cf-id: WhX9tTUgS4a_KhBx_yaTKmfmOx8_SKBtJIyCHGHJQu0f9lYgHfstRQ==
expires: Wed, 14 Aug 2024 09:45:04 GMT

POST
H/1.1 204
No Content collect Show response
y.clarity.ms/ 0
289 B 486ms
305ms XHR
text/plain 104.211.35.148
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://y.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.10/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.211.35.148 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://cyble.com
Date: Tue, 15 Aug 2023 09:45:04 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0

GET
H2 200 i18n-data-data-locales-en-us.js Show response
static.hsappstatic.net/conversations-visitor-ui/static-1.16179/ Frame DDDD 778 B
877 B 16ms
15ms Script
application/javascript 2606:4700::6812:8d65
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/conversations-visitor-ui/static-1.16179/i18n-data-data-locales-en-us.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8d65 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ff62e78465cee4c972817341e2c03196b5c77e729908a9661164f6ce250c1bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.hubspot.com/
Origin: https://app.hubspot.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:04 GMT
x-amz-version-id: g9.2sYO02NHQuTXusJ6trcbsE0cMHrm4
via: 1.1 10150f1f3768fd868d31d5faec2b61f8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: CDG52-P2
age: 578454
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 02 Aug 2023 09:55:11 GMT
server: cloudflare
etag: W/"8dd6618842e3a40c297a2f6c3017ce06"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: https://app.hubspot.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cSk0Czw01pxtqljnqaJvIEWEwBY04ZZp8J%2F0zou1bw%2FAmTcS9KyvHlmg%2BSq%2BbN%2BNuN29Evt14nGHD6qnFuZtoYqb7hgCMiaJf5Q4xWhCPyucBhYPtHs7w%2BYd9JHCclFJrKHFMsxM1IyGGMoqnySxsz%2FCKsQ%3D"}],"group":"cf-nel","max_age":604800}
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-credentials: true
cache-control: public, max-age=31536000
cf-ray: 7f7080a9dbb53647-FRA
x-amz-cf-id: G4H3CirlOog4DopzG6YdELmz6efXsfLKwBcpguXZIr_ROIa6q9gleQ==
expires: Wed, 14 Aug 2024 09:45:04 GMT

GET
H2 200 nr-spa-1216.min.js Show response
js-agent.newrelic.com/ Frame DDDD 49 KB
49 KB 69ms
24ms Script
application/javascript 151.101.66.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/nr-spa-1216.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.66.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

545156adeae44dadc82b98d504f805ebe77fb79c928ef34eed1057bb9d4cb8fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
date: Tue, 15 Aug 2023 09:45:04 GMT
via: 1.1 varnish
strict-transport-security: max-age=300
x-amz-request-id: WPMFB0VJG75YV1Z7
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 50049
x-amz-id-2: FZGRs9jHoygJROiHGl6xMkWo6b2J8tT5vX+5wqPZ7xbNvPJpdkGEDO9l2DizwaxY1IJipLlFmJk=
x-served-by: cache-fra-eddf8230134-FRA
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
server: AmazonS3
x-timer: S1692092704.433229,VS0,VE0
etag: "63e2df852d15ab21d7ff8fc4363222e8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 177

GET
H2 200 hawk.png
labs.cyble.com/hs-fs/hubfs/ Frame DDDD 4 KB
5 KB 69ms
34ms Image
image/webp 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.cyble.com/hs-fs/hubfs/hawk.png?width=108&height=108

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

079ceaa0981ce7f89ad67f2b125a26b02d93a4b400b0d01c1095d9d03b24c738

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:04 GMT
strict-transport-security: max-age=31536000
via: 1.1 0e358bffbd534852f8496b34da6ad3e4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-83412232556,P-21289959,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 4194
cf-resized: internal=ok/m q=0 n=837+0 c=56+49 v=2023.7.3 l=4194
last-modified: Tue, 30 Aug 2022 08:53:18 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfLv25S9_RZ9mVF-YFCFUfZcZkUn9Bg2vL7Sxl6y2PDQ:ac94ce2bd2684e2d18ebb6c3988701dd"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=l3NsrN3jEQNC9EWFNOBmAFN9IGMhzeJKTdi3KG7nTuPTWX1bhfFJJgsfEWJxWqX1ZAMJZd4Xjf7LKZwSFrDwsxde9rPftINvEBmiexJpQIT7Le7T0X1dLkADOy31Eklmihs%2B35c4RDCcToYu"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7f7080ab79771961-FRA

POST
H2 204 rhumb
app.hubspot.com/api/cartographer/v1/ Frame DDDD 0
1 KB 127ms
126ms Ping
text/plain 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/api/cartographer/v1/rhumb?hs_static_app=conversations-visitor-ui&hs_static_app_version=1.16230

Requested by

Host: static.hsappstatic.net
URL: https://static.hsappstatic.net/conversations-visitor-ui/static-1.16230/bundles/visitor.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/e8077b42efcc4ac485671c8485afa4dd?uuid=e215c90752084a10bd2c632d49b3082b&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=cyble.com&inApp53=false&messagesUtk=e8077b42efcc4ac485671c8485afa4dd&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 15 Aug 2023 09:45:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: c16ac94f-5b2f-4503-823a-10c01195b003
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: c16ac94f-5b2f-4503-823a-10c01195b003
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ORy31fQVj38Ko%2Bhya1sCOuBxGW2q7t5NYKzP7sY9u7nvlAxkvj1AWHo4mkubFihdmzQqJLwHdhfgdj8UOhAcr0ml5NaydFd4buyUEZJLbOuxpDMaMUC6SNtntD0Lri3Gb4HHdxjF6Uuu5yQaLw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://app.hubspot.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-6c94986c56-hfjxh
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing, X-Hubspot-Correct-Hublet, X-HubSpot-Auth-Failure
access-control-max-age: 604800
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
cf-ray: 7f7080ab5cd19b5e-FRA
access-control-allow-headers: Authorization, Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer
timing-allow-origin: *

GET
H2 200 welcomeMessages Show response
app.hubspot.com/api/livechat-public/v1/bots/public/bot/2122156/ Frame DDDD 982 B
1 KB 149ms
149ms XHR
application/json 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/api/livechat-public/v1/bots/public/bot/2122156/welcomeMessages?hs_static_app=conversations-visitor-ui&hs_static_app_version=1.16230&conversations-visitor-ui=static-1.16230&traceId=e8077b42efcc4ac485671c8485afa4dd&sessionId=AMOaWbI2pVX32ZadUVvyhmAwgvTowg9iegbI3pVW7PCBR2VFQ_5uPzGsvLYpa2rhZQGzOAuzgm8ovGgqy51r7wrr5_RVzh-QIFbGbsmaz9Qvlvxz5Ad8QpQIBA6H4HL3JkmOLvv_GMyl84cjWBaog1URKOJut6jgc02y4uYxyt3HpknLoKcx79Y

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a766041132c1dee8b39ba156b70b2c9b5fa98109b9fb8076538876d27a466ec4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/e8077b42efcc4ac485671c8485afa4dd?uuid=e215c90752084a10bd2c632d49b3082b&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=cyble.com&inApp53=false&messagesUtk=e8077b42efcc4ac485671c8485afa4dd&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 5a76ed7e-96c4-421f-a034-1c9a47c71643
content-encoding: br
x-envoy-upstream-service-time: 24
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 5a76ed7e-96c4-421f-a034-1c9a47c71643
server: cloudflare
x-trace: 2BBAFEC5F58CEF950A4147737CD98A5DCE2F8EE734000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-6c94986c56-hqv97
x-evy-trace-virtual-host: all
access-control-allow-credentials: false
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IZ%2F9jxMGLqBd5vDNAI7d9Zj%2Bh2meMO3v82pLdNetmU1UjtHbgF1L%2BUqCprcWTErkWTp7Q49Y1vLPK8u3%2FeqEZovvf6TMc3LsJuRCZylvfqIfXvKId%2BVLFeW2KnSfLHoq4TB7d3KaN3Vj5BgJnw%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7f7080ab6ce59b5e-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

GET
H/1.1 200
OK f9d051f404 Show response
bam-cell.nr-data.net/1/ Frame DDDD 56 B
497 B 150ms
114ms Script
text/javascript 162.247.243.30
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/1/f9d051f404?a=205242107&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=701&ck=1&ref=https://app.hubspot.com/conversations-visitor/21289959/threads/utk/e8077b42efcc4ac485671c8485afa4dd&be=297&fe=491&dc=451&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1692092703892,%22n%22:0,%22f%22:1,%22dn%22:1,%22dne%22:4,%22c%22:4,%22s%22:10,%22ce%22:23,%22rq%22:23,%22rp%22:205,%22rpe%22:208,%22dl%22:209,%22di%22:450,%22ds%22:450,%22de%22:451,%22dc%22:491,%22l%22:491,%22le%22:491%7D,%22navigation%22:%7B%7D%7D&fp=646&fcp=646&ja=%7B%22nrSnippetVersion%22:%221216%22,%22environment%22:%22prod%22,%22deployed%22:true,%22hublet%22:%22na1%22,%22hsOlderBrowserVersion%22:false,%22conditionalPolyfillsInstalled%22:false,%22portalId%22:21289959,%22package%22:%22conversations-visitor-ui%22,%22packageVersion%22:%221.16230%22,%22template%22:%22visitor-index.html.tsx%22,%22user-online%22:true,%22visibility%22:%22visible%22,%22currentVisibility%22:%22visible%22,%22isEmbeddedInProduct%22:%22false%22,%22isInlineEmbeddedWidget%22:false,%22reactRhumbVersion%22:%221.9496%22,%22reaganVersion%22:%22react-rhumb%22,%22route%22:%22/%22,%22numReaganChecksStarted%22:1,%22numPreviousReaganChecksAborted%22:0,%22avgDurationBeforePreviousReaganAborts%22:0,%22numPreviousReaganChecksFailed%22:0,%22numPreviousReaganChecksSuccessful%22:0%7D&jsonp=NREUM.setToken
Requested by: Host: app.hubspot.com
URL: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/e8077b42efcc4ac485671c8485afa4dd?uuid=e215c90752084a10bd2c632d49b3082b&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=cyble.com&inApp53=false&messagesUtk=e8077b42efcc4ac485671c8485afa4dd&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.30 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: f9745c48d0b4c918d466da4acdb3f786ef5cda4c69ac0b6009d76cff67e6325d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:04 GMT
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
content-type: text/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
Connection: keep-alive
Content-Length: 56
x-served-by: cache-fra-eddf8230044-FRA

POST
H/1.1 204
No Content f9d051f404 Show response
bam-cell.nr-data.net/ins/1/ Frame DDDD 0
283 B 110ms
110ms XHR
text/plain 162.247.243.30
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/ins/1/f9d051f404?a=205242107&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=858&ck=1&ref=https://app.hubspot.com/conversations-visitor/21289959/threads/utk/e8077b42efcc4ac485671c8485afa4dd
Requested by: Host: app.hubspot.com
URL: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/e8077b42efcc4ac485671c8485afa4dd?uuid=e215c90752084a10bd2c632d49b3082b&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=cyble.com&inApp53=false&messagesUtk=e8077b42efcc4ac485671c8485afa4dd&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.30 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://app.hubspot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
content-type: text/plain

Response headers

access-control-allow-origin: https://app.hubspot.com
date: Tue, 15 Aug 2023 09:45:04 GMT
access-control-allow-credentials: true
Connection: keep-alive
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
x-served-by: cache-fra-eddf8230044-FRA

POST
H/1.1 200
OK f9d051f404 Show response
bam-cell.nr-data.net/events/1/ Frame DDDD 24 B
344 B 121ms
109ms XHR
image/gif 162.247.243.30
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/events/1/f9d051f404?a=205242107&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=864&ck=1&ref=https://app.hubspot.com/conversations-visitor/21289959/threads/utk/e8077b42efcc4ac485671c8485afa4dd
Requested by: Host: app.hubspot.com
URL: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/e8077b42efcc4ac485671c8485afa4dd?uuid=e215c90752084a10bd2c632d49b3082b&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=cyble.com&inApp53=false&messagesUtk=e8077b42efcc4ac485671c8485afa4dd&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.30 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://app.hubspot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
content-type: text/plain

Response headers

date: Tue, 15 Aug 2023 09:45:04 GMT
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
content-type: image/gif
access-control-allow-origin: https://app.hubspot.com
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 24
x-served-by: cache-fra-eddf8230067-FRA

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
554 B 142ms
140ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=249479340&v=1.1&a=21289959&ct=blog-post&rcu=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&pu=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&t=Cyble+%E2%80%94+LummaC+Stealer+Leveraging+Amadey+Bot+to+Deploy+SectopRAT&cts=1692092704808&vi=200e0b57db70084607f623f7e4d8e1d3&nc=true&u=27441379.200e0b57db70084607f623f7e4d8e1d3.1692092704805.1692092704805.1692092704805.1&b=27441379.1.1692092704805&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: ac7e5d6e-6010-43cc-a4cc-0b269f655e5a
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 5
alt-svc: h3=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: ac7e5d6e-6010-43cc-a4cc-0b269f655e5a
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3n%2FujiR0E7wPpTb%2F0%2BRoOjW8z5GtPTqQKFPyNX7u2QAkNdypVtdPzq9zJNJUNuZR8O%2B3YB9nCLOGtHygY0VQ0Hjg%2BHAwS6GsoAHGy8itqLBSmTfrffu9emDk%2FSHlGsCxdYgdMuJfAH0WFpBPCvgs"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-8555d4b97d-r2pvl
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7f7080ad2fce9b5e-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
474 B 141ms
140ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=f7da69d1-3801-430f-b109-5f44b65a9326&fci=c9c7c511-9284-4bd5-8df3-f4ff3d751cd4&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=249479340&v=1.1&a=21289959&ct=blog-post&rcu=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&pu=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&t=Cyble+%E2%80%94+LummaC+Stealer+Leveraging+Amadey+Bot+to+Deploy+SectopRAT&cts=1692092704812&vi=200e0b57db70084607f623f7e4d8e1d3&nc=true&u=27441379.200e0b57db70084607f623f7e4d8e1d3.1692092704805.1692092704805.1692092704805.1&b=27441379.1.1692092704805&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: d319e9e7-a61a-4316-a870-54c31f74a654
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 10
alt-svc: h3=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: d319e9e7-a61a-4316-a870-54c31f74a654
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Z2qCrBH%2BnqguCOEGJ9wk0OB7ANCqRqKrh40PxcW1GuBJDELoDsgHvcQLH5hqZrSuktPKdfJJaYaFTdLvxVlFThJfj%2Bw7rKHZvcKc8w8bQh6ubgTJmiKrlIAyAkEGcJUATBAjJiwTsh0nF3gGGs1b"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-8555d4b97d-r2pvl
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7f7080ad2fdc9b5e-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
531 B 138ms
138ms Image
image/gif 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=17&fi=f7da69d1-3801-430f-b109-5f44b65a9326&fci=c9c7c511-9284-4bd5-8df3-f4ff3d751cd4&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=249479340&v=1.1&a=21289959&ct=blog-post&rcu=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&pu=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&t=Cyble+%E2%80%94+LummaC+Stealer+Leveraging+Amadey+Bot+to+Deploy+SectopRAT&cts=1692092704815&vi=200e0b57db70084607f623f7e4d8e1d3&nc=true&u=27441379.200e0b57db70084607f623f7e4d8e1d3.1692092704805.1692092704805.1692092704805.1&b=27441379.1.1692092704805&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: fe37a794-0629-4bd7-bc91-f0635152bcac
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 5
alt-svc: h3=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: fe37a794-0629-4bd7-bc91-f0635152bcac
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xpo6J52B1wz4A7k8hY5t%2BUXynYRKA4fF1pZ4E0dx976KahbqXJ0rscbpLUpPX8LTvLDSfB7%2FcMt9c3BBTG5%2Bhkmd50O7KrjflJmmwaCpa%2F%2FURZec3W%2BI2sS3urKYlse8odVDnyorlwOvXQQ8%2B8sB"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-8555d4b97d-w76pp
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7f7080ad2fe19b5e-FRA
x-robots-tag: none

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=6C25BD22BA614477BB3022CC1A465392&RedC=c.clarity.ms&MXFR=21050652D8226A813545153CDC2264CB
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=6C25BD22BA614477BB3022CC1A465392&MUID=3B3E89AE09F860DD2E759AC0082A617E

42 B
466 B

36ms
35ms

Image
image/gif

68.219.88.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=6C25BD22BA614477BB3022CC1A465392&MUID=3B3E89AE09F860DD2E759AC0082A617E
Protocol: H2
Server: 68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Aug 2023 09:45:05 GMT
last-modified: Tue, 06 Jun 2023 17:31:23 GMT
server: Microsoft-IIS/10.0
etag: "dca6ffb69c98d91:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Tue, 15 Aug 2023 09:45:04 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AD18B667158B453B97DAF38C89751708 Ref B: FRAEDGE1320 Ref C: 2023-08-15T09:45:04Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=6C25BD22BA614477BB3022CC1A465392&MUID=3B3E89AE09F860DD2E759AC0082A617E
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 178 B
876 B 147ms
145ms XHR
application/json 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=21289959&utk=200e0b57db70084607f623f7e4d8e1d3&__hstc=27441379.200e0b57db70084607f623f7e4d8e1d3.1692092704805.1692092704805.1692092704805.1&__hssc=27441379.1.1692092704805&currentUrl=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b932833d7a4bd858b34c31b1109fd7e5437f38d1f2b3a1aba8cf478633fd17fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 964b6bd2-3e23-44ae-8c57-c65fac44ffe0
content-encoding: br
x-envoy-upstream-service-time: 27
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 964b6bd2-3e23-44ae-8c57-c65fac44ffe0
server: cloudflare
vary: origin
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://cyble.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: false
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rhnB%2F36WjpPRe0NWUVYhHPtXbsYCgDG0Kd7sQEUrIhD7yZtnxBxV6LBJcqSxt2LehwHHdzt6fUeNqknHVE9h2YOfjwTR2r0%2FNIHVHCqG6hOnnSGwwugvjAFqEo8PdbLBjh5aI0N%2B9P2vCBaNfJuE"}],"group":"cf-nel","max_age":604800}
x-robots-tag: none
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 7f7080ad7d99bbdd-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-d2gnr

POST
H/1.1 204
No Content collect Show response
y.clarity.ms/ 0
289 B 100ms
100ms XHR
text/plain 104.211.35.148
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://y.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.10/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.211.35.148 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://cyble.com
Date: Tue, 15 Aug 2023 09:45:06 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:dfa4d45a-f309-4181-9ede-77e6e6c0ecf0

GET
H2 204 boom.gif
pixel.wp.com/ 0
37 B 6ms
6ms Image
text/plain 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/boom.gif?bilmur=1&cumulative_layout_shift=0.595&largest_contentful_paint=430&batcache_hit=0&provider=wordpress.com&service=atomic&custom_properties=%7B%22devicepx%22%3A%220%22%7D&effective_connection_type=4g&rtt=0&downlink=10000&host_name=cyble.com&url_path=%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&nt_fetchStart=0&nt_domainLookupStart=1&nt_domainLookupEnd=1&nt_connectStart=1&nt_connectEnd=34&nt_secureConnectionStart=14&nt_requestStart=34&nt_responseStart=77&nt_responseEnd=103&nt_domLoading=81&nt_domInteractive=746&nt_domContentLoadedEventStart=748&nt_domContentLoadedEventEnd=773&nt_domComplete=2147&nt_loadEventStart=2147&nt_loadEventEnd=2188&nt_redirectCount=0&nt_nextHopProtocol=h2&nt_api_level=2&start_render=269&first_contentful_paint=357&resource_size=3477126&resource_transferred=989807&js_size=1132252&js_transferred=343764&resource_cache_percent=0&js_cache_percent=0&last_resource_end=3832
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 15 Aug 2023 09:45:08 GMT
cache-control: no-cache
server: nginx

POST
H3 204 collect
region1.google-analytics.com/g/ 0
17 B 19ms
18ms Ping
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-N9ZXY95EM4&gtm=45Pe3890&_p=1011381812&gdid=dZTNiMT&cid=112100810.1692092703&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1692092703&sct=1&seg=0&dl=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&dt=Cyble%20%E2%80%94%20LummaC%20Stealer%20Leveraging%20Amadey%20Bot%20to%20Deploy%20SectopRAT&en=Clarity&_ee=1&ep.eventCategory=Clarity&ep.eventAction=gh8gkv&ep.nonInteraction=true&ep.claritydimension=https%3A%2F%2Fclarity.microsoft.com%2Fga%2Fhf2o0cm7gp%2Fd6llsr%2Fgh8gkv&_et=547
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=GT-WKTZW36
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Aug 2023 09:45:08 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cyble.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

161 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

34 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.cyble.com/	1970-01-20 16:11:08	Name: _gcl_au Value: 1.1.78884733.1692092703
www.clarity.ms/	1970-01-20 22:47:08	Name: CLID Value: 5b4b4be8657b45bba84240f494c791b1.20230815.20240814
.cyble.com/	1970-01-20 23:37:32	Name: _ga_361856552 Value: GS1.1.1692092703.1.0.1692092703.0.0.0
.cyble.com/	1970-01-20 23:37:32	Name: _ga Value: GA1.2.112100810.1692092703
.cyble.com/	1970-01-20 14:02:59	Name: _gid Value: GA1.2.463195032.1692092704
.cyble.com/	1970-01-20 14:01:32	Name: _gat_UA-201575643-1 Value: 1
cyble.com/	1970-01-20 14:02:59	Name: ln_or Value: eyI0MDUzMzk2IjoiZCJ9
.cyble.com/	1970-01-20 22:47:08	Name: _clck Value: d6llsr\|2\|fe6\|0\|1322
.linkedin.com/	1970-01-20 16:11:08	Name: li_sugr Value: bbc0f9e2-757e-4ee9-92fb-3cecef18dc83
.linkedin.com/	1970-01-20 22:47:08	Name: bcookie Value: "v=2&264d031a-6de9-4daa-831b-abc66590177c"
.linkedin.com/	1970-01-20 14:02:59	Name: lidc Value: "b=OGST04:s=O:r=O:a=O:p=O:g=2938:u=1:x=1:i=1692092703:t=1692179103:v=2:sig=AQENKxqk6dvlYAkXzefRrvIcaiwyWT2y"
.cyble.com/	1970-01-20 23:37:32	Name: _ga_N9ZXY95EM4 Value: GS1.1.1692092703.1.0.1692092703.0.0.0
.doubleclick.net/	1970-01-20 23:23:08	Name: IDE Value: AHWqTUkqVDlv-Ys6b-UtBP8mr2VXJKY7gyQybQqTcB9bJRY_W6qT9Gig2TU7CsKt
.hubspot.com/	1970-01-20 14:01:34	Name: __cf_bm Value: JAjGvJTKVL37Eo8NRut68e_HI_VOzal4nIKHjzCGNBo-1692092704-0-AbkKo/9PDi+nh6OFyoK3+aX0B5Lkb/IwICnOw6NGFVhbfhZbOQimKACc4YHES5fUY0DAXRBnLVYIUyZIe7aaZhQ=
.linkedin.com/	1970-01-20 14:44:44	Name: UserMatchHistory Value: AQJLvAxNoerVKAAAAYn4laUN5E4XLCAVJZS4wL6_eqCROm9AvbmSTJhw9EAHPPBd7W0XfQ25wFy7vw
.linkedin.com/	1970-01-20 14:44:44	Name: AnalyticsSyncHistory Value: AQJo3PAY1lyi0wAAAYn4laUN4cm3J6rOnl0yLQzNdZgOHh0qb5AvVj98vyMKWo9lMW2-HwASyC26IhoydwK-jA
.www.linkedin.com/	1970-01-20 22:47:08	Name: bscookie Value: "v=1&20230815094504979f107d-d2e1-46ce-848d-4e541100ba52AQGZ01qNhr8CbKQA1O-0PSI7Pw9vWT65"
.linkedin.com/	1970-01-20 18:20:44	Name: li_gc Value: MTswOzE2OTIwOTI3MDQ7MjswMjFzv6WHgxOP8kVJ3LeZYBXpAZNf+1fH+v6wUIqPCzBGoQ==
.cyble.com/	1970-01-20 14:02:59	Name: _clsk Value: gh8gkv\|1692092704308\|1\|1\|y.clarity.ms/collect
.cyble.com/	1970-01-20 18:20:44	Name: messagesUtk Value: e8077b42efcc4ac485671c8485afa4dd
.labs.cyble.com/	1970-01-20 14:01:34	Name: __cf_bm Value: CA6aQd2Kx_gNr9nz_oARRqXHkVnOZ8yvcPRhC5q969g-1692092704-0-AfxzZ3nJ3LYAoZa2FWrI/ZSw6RJkpJaZ/yBD0LBfEmnTJuHnM4d0G1EJHlUdACW8Yxe6+JM31nGW4QQPpA1J9Ww=
.labs.cyble.com/	1969-12-31 23:59:59	Name: __cfruid Value: bf717d1a8350650a9ed7299b45f849ef3802c2a6-1692092704
.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: 3a3ce4fcdfe41199
.cyble.com/	1970-01-20 18:20:44	Name: __hstc Value: 27441379.200e0b57db70084607f623f7e4d8e1d3.1692092704805.1692092704805.1692092704805.1
.cyble.com/	1970-01-20 18:20:44	Name: hubspotutk Value: 200e0b57db70084607f623f7e4d8e1d3
.cyble.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.cyble.com/	1970-01-20 14:01:34	Name: __hssc Value: 27441379.1.1692092704805
.bing.com/	1970-01-20 23:23:08	Name: MUID Value: 3B3E89AE09F860DD2E759AC0082A617E
.c.bing.com/	1970-01-20 14:11:37	Name: MR Value: 0
.c.bing.com/	1970-01-20 23:23:08	Name: SRM_B Value: 3B3E89AE09F860DD2E759AC0082A617E
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 23:23:08	Name: MUID Value: 3B3E89AE09F860DD2E759AC0082A617E
.c.clarity.ms/	1970-01-20 14:11:37	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 14:01:33	Name: ANONCHK Value: 0

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://cyble.com/wp-content/uploads/2023/08/LummaC-Stealer-AmadeyBot-SectopRAT-1024x512.png Message: Failed to load resource: the server responded with a status of 400 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.omappapi.com
api.hubapi.com
api.hubspot.com
app.hubspot.com
bam-cell.nr-data.net
c.bing.com
c.clarity.ms
c0.wp.com
cdn.linkedin.oribi.io
cta-service-cms2.hubspot.com
cyble.com
d.adroll.com
fonts-api.wp.com
fonts.wp.com
forms-na1.hsforms.com
forms.hsforms.com
forms.hubspot.com
google.com
googleads.g.doubleclick.net
i0.wp.com
js-agent.newrelic.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
js.hsforms.net
js.hsleadflows.net
js.hubspot.com
js.usemessages.com
labs.cyble.com
perf-na1.hsforms.com
pixel.wp.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.google-analytics.com
s.adroll.com
s0.wp.com
snap.licdn.com
static.hsappstatic.net
stats.g.doubleclick.net
stats.wp.com
track.hubspot.com
www.clarity.ms
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
y.clarity.ms
104.211.35.148
13.107.42.14
151.101.66.137
162.247.243.30
192.0.76.3
192.0.77.2
192.0.77.32
192.0.77.37
2001:4860:4802:32::36
2400:52e0:1e00::1081:1
2600:9000:20eb:5600:2:53b2:240:93a1
2600:9000:225e:8a00:6:9280:1080:93a1
2606:2c40::c73c:671e
2606:4700:20::681a:7b1
2606:4700::6810:76be
2606:4700::6810:89ce
2606:4700::6810:b841
2606:4700::6811:61ac
2606:4700::6811:836e
2606:4700::6811:cbcc
2606:4700::6811:d2f3
2606:4700::6811:d4f3
2606:4700::6812:18c4
2606:4700::6812:893b
2606:4700::6812:8d65
2606:4700::6813:9b53
2620:1ec:21::14
2620:1ec:46::42
2620:1ec:c11::200
2a00:1450:4001:806::2002
2a00:1450:4001:809::2004
2a00:1450:4001:810::2008
2a00:1450:4001:812::200e
2a00:1450:4001:81c::200e
2a00:1450:4001:82f::2003
2a00:1450:400c:c0a::9d
2a02:26f0:7100::1720:ee38
2a05:d018:cc3:fe04:6408:9a6e:4d8c:591e
68.219.88.97
0200bc38d986631f9cc4680084d7d263ccf17fa4a3c627b26ff347e0cfcf1d47
0268b589d424a686ee986465b7917ac6c852be4fd6908331002878205beee576
0427349d2020319a07c730eb5c5cb8ee988339b37ea834a0e0e19463d7ff324d
063565f869727078c5f4e68e351fdacecc0388f9cef40ae9a048fb5db8d900c3
079ceaa0981ce7f89ad67f2b125a26b02d93a4b400b0d01c1095d9d03b24c738
08756c47213d461baa3b01f42448a76d11f524470c7a34f9018733889bd4f49c
0b41b947a0935cf96cf1be1fa7cd5d9f0f34f42e031795bd44b74933c414a028
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0e7ad47a4bc6ddbb17cb8cbe6167dae4717d0b5962a1d63de2e93e6dc201b9e8
0eec4a917885b658753701e3f867fa50e54d586fb8405dcfe0572843093aa5f4
0f152892ff9caa3f07c549aa58404e15330ae4aefadf62941c531e42991480d2
14c06cfb3fb33ce501743b68ea270a4b78ef9bf7b5f591784d719e6eea7d928b
15da0333da024365f065c44b1861355fac0211292dd57a0bb5f482ebcd166f4b
193657bba9ec9061d3d4ae939ce49fc051b54585bf5d9f5e795a0c258e6f75f5
1a11d4c8a6d406d2b3d222fea59f8ec58c8846662393bcb2ac17760c9545270e
202aa6d8ac6559305e6d1b273941796e5fab95dc0a08f9a9f0e4955afa0b4668
2055757e207fbd1dd32c01ab72c914fa88ae5f9f5595131207ca1e4769b8ba3b
214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0
22e6b56e777518d56d35252b62065cfa748c0c290c7b54ace1314338cf97b6f3
24004b1763b0275d5a1d9f66f08616a54b95aeec1f0034766bbb479679a82fc3
250dc46c1691ff969d5ea984b282e46403885ec806ed96ac3ee301db043a1a4d
291c58b03e240b281d1a39c17971111822353b0b9bf42ee1bb921267b001c521
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
2ff62e78465cee4c972817341e2c03196b5c77e729908a9661164f6ce250c1bd
3111667f131fe35172925ebef7026e7ce805f590d0998d027133523d7d1176d1
34f6f75ebed9d8ada5d33eb94f0d79feccb051e308897da31e96cc0751582878
36a58b231f4bd34d323b5a7da9caf1a2706ecc87ca22a822763b96659043017e
36d655313c51c3540e79a4ed3bff5be86110779b4e25043a6e78150a58cdbc66
382e9768b5578d5ad05e51e37670a3cf93d4593a49bcbee1f5e8b66d0d8c1c53
43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af
43cd95e62bc0c1b1d69ca1cd990e165063bc64005b3ee18aa947404de928441d
44b2056efc68f55c87e8095357d62bcb713b8702fcfc3e914db43e61f66e884e
4530e7fd7c64af51ec12afca2db573d478770d56f41c17301ee4ab8ee836be7e
453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22
47e5ff66931402cb5755d7eed98a6d23ee556a7f8e9c1dd340d351c27f669a0f
4c0ced2cb3830d045cdd74f745fd4d6dcb082d8edd3a9fe46e39295e30cb8032
4f3855e6f3082e6650dcbae564c7dab0790f49f243942d33b63c11a315774711
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
5244a8d1d1a28e02eec3247e1ba73bb13319a0cc521c87580d43e46cb67b4bc2
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
52984e532d02a87a060764ff400626a1b81cc316284a8ba1feab5d94697119a0
53c709abec93270bef6fa3c5c4290d4ce120582152fe692e6be582f544a89ae8
545156adeae44dadc82b98d504f805ebe77fb79c928ef34eed1057bb9d4cb8fe
594e58a370b6219afb761152e616c06147e70e8c8d040ef51058f238025633a1
5a85ef05aac6b235ced7b52818d4a96d33d8fa778342706baf3d98e3c1335480
5b81b8370348e628e8d63c20ebadb8ada198bfe249e33959833ac6f3fd1fbfa6
5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164
694da45e033114445455ea32bc0448bd950165a0eda0f92e16b9ed32bf5eb493
6974bfd8fa06b7831f05cb4b25860c851a5ad3f02a6699ebe688987dd7a6ebe6
698e225f031df3bc08d251dd42bd8f4080c618fadb6a2959659a6e5ba96fd34c
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d02cf7ab02fb87ae61c3843653e1b6ac677803f7dec768d986054a687fd69a3
6d4fdf918e5f7d61986a1ac1727fb35d39e25e7c7e3f7b85d7952c2edc819aef
721cc9150c432bbc0b113c4fb7c04e920d1392cc7b53bb17c233758faecdc500
7767eb16c530edecef795f839ccc67c03aed221e4a8cf70969f0231edb24dc57
780efc2325fdae206fbfbf6d34eb2a115a096171c0617627578b1a1bdc2f9594
78972f986ad8c0cafa844dcda205b00cb7fa60bc1a20cc7bedcb1276560d37a8
78f8c185c0d8daf604c8d73c29fdc05ba1b1e63b247a78015f6fd779ac8d5026
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
8514badfdd8a07145ec501dec708908fc1524ee22a9dae2ac8aeaa2bc6e7eada
8631189ca38e73206e52ed06e8f0f3b2e839b9facc236b9519b9fd8d7f8d63e2
86dc38d48b950fd3a6714078aaa6fd45efb46b98ac1b639a0f88df541df68101
8b04a66a7c17bad4489e4e53c676672de567546b9b4eb41f9a698c4959ddf3e0
90092ab97482291d2c18c7d300fb586cc2fe0cf87d0b1c41a220a2a369ac85e0
90b705145ef82e9d8493aae55c9bfb3200ec0620c8946b20b0b28366557d6a4a
92aac6fbb4010042167255e7366dcfdb996210351d8a79642490e76fc5a5239b
931729e0f35d5f9a8c077b47484b2180d05f74358293787e30cb0af30b9d87ff
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
93c4b4c3c0b807afd497de4b525c7980d50aeb57f52ab909d6cf5a814b4d13ae
96ea6b1e986879257e104371bf5f0cb0bf2bb9957a1aa73fa9df8be99aeeb157
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9aac72c96bbbb7c120c620dcefd0ef63ea64da156cd058a0bf42e562a02178db
9c27e42954cc6f080f4857edb857af0788e836eec0388f043989364be9ae0594
9cd63b8cea25045c14623c538d26752518a58c0c682795ce6ad3078976c65a37
a68827190bc01a61ee0a62ec59efa74497a6bc5aa8586f1fac50a58d0cf42d88
a766041132c1dee8b39ba156b70b2c9b5fa98109b9fb8076538876d27a466ec4
a8a3d7de767ae1c24b8844b17212de39e49c9789e49d19879cca5c032c34c72d
ab3befdd3eec3313f82916c4d24f2c0e6cf2255b23c648f4528bbc1de1bb8efc
abb67ec9baf00b771641b3e783f5511c58621d346ee890fe8b82139b9d7c1005
ac158fd98a25872b4a494ed3c5a5da9f92eba989c397cab46bf8c8a7b04bc514
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af8a8cd98214ed3d7760402ffa8b8804b073b4bf95d887ed7e81a50f826b523b
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b82873e9441abb9739dfca31b6880855d2043b643522a4011e29474d450b9a30
b932833d7a4bd858b34c31b1109fd7e5437f38d1f2b3a1aba8cf478633fd17fe
bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355
c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4
c45b6d7231c3b2e2f4d815c41bb2d3595bc1c02b9233f12b3da4c06175f41e0d
c706177319d7e325d98a281cdf6cb930f162b52f0f46828f11e5a10ae9894bea
ca070e32b6828690046193d4971de50a9ff7a22c01248a4feaf8a9ec12f75468
ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258
ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f
ce39fcd979d1cde4b4cea4770bccea37471096ce0fc1dfe23c39e072488d5b36
d01a2ba2805c78957e15a2958135de0f3cb88e95159dd0f6c0a032bd76b1b0e9
d131f7e4e216e7d68307b83116886b90867789b4e6d51a316566711c939d83b8
d622534d53d3ac1095af275f0b30274fcd835785577df2dde6d9398e6f7a2c8f
d743ad07240fdc75d2e2a357b4ff44b334f6d4c53683e31e824aaf61d3bad0c9
d749579e51cf490ba27a6782bcfe07c52e44ffa8e3fbb4db7a4dded9d0d9ef29
d814bc98c8415428cb5c7511ce0eb00f66c7629a01645ab0b066848e843794b3
d83aec48544d062dde1996c25831b736a6262a98fc15a037ee5c72b1f9f0aeb2
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e07a45c7c60d08681486d059a3460d56930732dca8177bb457db78190b7b5ae7
e0f724e7902c0b2186d8395984c312696dc8be9ae0c187792f032fb0955fcf9a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e77ea2ad3d36d93405698dfe9578c6f58d88aa70157e958ffb39af7796700f92
e7d619d956e2ee8eda499065971fa563dc8df48475e6e123e21e53815553401c
ec7ef7aa5fd1e019f1c26193e95e46d481d4983673936a9dda086705ada6e3d5
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0ee717899856ae9af6c9ed60f4b093f925bc3d9b3c0b42072ec6fc69c923d67
f158b8591a08b6c02bb345ae96dd62f0c632f7f635bb4a5f449fce24bdc11789
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f411b0d382fa401ad9bdac4d8db4df0d7175cd961b89caf0ab5779aa659fd6de
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f9745c48d0b4c918d466da4acdb3f786ef5cda4c69ac0b6009d76cff67e6325d
fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25

cyble.com Open in urlscan Pro 2606:4700:20::681a:7b1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

141 Requests

97 %HTTPS

77 %IPv6

27 Domains

49 Subdomains

38 IPs

4 Countries

2439 kBTransfer

8291 kBSize

34 Cookies

45 Outgoing links

Redirected requests

141 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

cyble.com Open in urlscan Pro
2606:4700:20::681a:7b1 Public Scan

Screenshot
Live screenshot

Full Image

141
Requests

97 %
HTTPS

77 %
IPv6

27
Domains

49
Subdomains

38
IPs

4
Countries

2439 kB
Transfer

8291 kB
Size

34
Cookies

141 HTTP transactions
0 data transactions