cyble.com Open in urlscan Pro
2606:4700:20::681a:6b1 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
Effective URL:
https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
Submission: On August 15 via api (August 15th 2023, 9:45:19 am UTC) from DE — Scanned from DE

Summary HTTP 144 Redirects Links 45 Behaviour Indicators

Summary

This website contacted 39 IPs in 4 countries across 27 domains to perform 144 HTTP transactions. The main IP is 2606:4700:20::681a:6b1, located in United States and belongs to CLOUDFLARENET, US. The main domain is cyble.com.
TLS certificate: Issued by GTS CA 1P5 on July 9th 2023. Valid for: 3 months.

This is the only time cyble.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 54	2606:4700:20:... 2606:4700:20::681a:6b1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
8	192.0.77.32 192.0.77.32	2635 (AUTOMATTIC) (AUTOMATTIC)
8	192.0.77.37 192.0.77.37	2635 (AUTOMATTIC) (AUTOMATTIC)
5	2a00:1450:400... 2a00:1450:4001:82a::2008	15169 (GOOGLE) (GOOGLE)
1	192.0.77.2 192.0.77.2	2635 (AUTOMATTIC) (AUTOMATTIC)
2	2606:4700::68... 2606:4700::6810:b841	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6812:853b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC)
1 6	2600:9000:225... 2600:9000:225e:b400:6:9280:1080:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a05:d018:cc3... 2a05:d018:cc3:fe04:f8c3:a4e0:7057:6f24	16509 (AMAZON-02) (AMAZON-02)
3	2606:4700::68... 2606:4700::6811:d2f3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2400:52e0:1e0... 2400:52e0:1e00::1081:1	200325 (BUNNYCDN) (BUNNYCDN)
1	2a02:26f0:710... 2a02:26f0:7100::1720:ee40	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:831::200e	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:46::44 2620:1ec:46::44	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::2002	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:78be	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:64ac	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700::68... 2606:4700::6813:9b53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:7f6e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:89ce	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:18c4	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:20e... 2600:9000:20eb:8200:2:53b2:240:93a1	16509 (AMAZON-02) (AMAZON-02)
4 4	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2a00:1450:400... 2a00:1450:4001:810::2004	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:830::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:400c:c0c::9a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:d3f3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:cacc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:812::200e	15169 (GOOGLE) (GOOGLE)
3	20.122.63.128 20.122.63.128	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
6	2606:4700::68... 2606:4700::6813:9a53	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	2606:4700::68... 2606:4700::6812:8b65	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	151.101.2.137 151.101.2.137	54113 (FASTLY) (FASTLY)
1	2606:2c40::c7... 2606:2c40::c73c:671e	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
1 2	68.219.88.97 68.219.88.97	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	162.247.241.2 162.247.241.2	23467 (NEWRELIC-...) (NEWRELIC-AS-1)
144	39

54 2606:4700:20::681a:6b1 (United States) 1 redirects

ASN13335 (CLOUDFLARENET, US)

cyble.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 192.0.77.32 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

fonts-api.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
s0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fonts.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 192.0.77.37 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: wordpress.com

c0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:82a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.2 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)
PTR: i0.wp.com

i0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:b841 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:853b (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:225e:b400:6:9280:1080:93a1 (United States) 1 redirects

ASN16509 (AMAZON-02, US)

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:d018:cc3:fe04:f8c3:a4e0:7057:6f24 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2606:4700::6811:d2f3 (United States)

ASN13335 (CLOUDFLARENET, US)

forms.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2400:52e0:1e00::1081:1 (Germany)

ASN200325 (BUNNYCDN, SI)

a.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:7100::1720:ee40 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:831::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:46::44 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:78be (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:64ac (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6813:9b53 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:7f6e (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:89ce (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:18c4 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:8200:2:53b2:240:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.linkedin.oribi.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:810::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:830::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:d3f3 (United States)

ASN13335 (CLOUDFLARENET, US)

forms-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:cacc (United States)

ASN13335 (CLOUDFLARENET, US)

api.hubapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:812::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 20.122.63.128 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

p.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2606:4700::6812:8b65 (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.2.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:2c40::c73c:671e (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

labs.cyble.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.219.88.97 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 162.247.241.2 (Portland, United States)

ASN23467 (NEWRELIC-AS-1, US)

bam-cell.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
55	cyble.com 1 redirects cyble.com labs.cyble.com	974 KB
20	wp.com fonts-api.wp.com — Cisco Umbrella Rank: 16470 c0.wp.com — Cisco Umbrella Rank: 8131 i0.wp.com — Cisco Umbrella Rank: 3596 s0.wp.com — Cisco Umbrella Rank: 7684 stats.wp.com — Cisco Umbrella Rank: 2614 fonts.wp.com — Cisco Umbrella Rank: 17144 pixel.wp.com — Cisco Umbrella Rank: 2513	142 KB
11	hubspot.com js.hubspot.com — Cisco Umbrella Rank: 7688 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 6807 api.hubspot.com — Cisco Umbrella Rank: 4733 app.hubspot.com — Cisco Umbrella Rank: 5270 track.hubspot.com — Cisco Umbrella Rank: 2249 forms.hubspot.com — Cisco Umbrella Rank: 4502	47 KB
7	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 981 p.clarity.ms — Cisco Umbrella Rank: 8591 c.clarity.ms — Cisco Umbrella Rank: 1553	27 KB
7	adroll.com 1 redirects s.adroll.com — Cisco Umbrella Rank: 2744 d.adroll.com — Cisco Umbrella Rank: 1440	113 KB
5	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 5536	296 KB
5	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 368 www.linkedin.com — Cisco Umbrella Rank: 543 px4.ads.linkedin.com — Cisco Umbrella Rank: 5984	5 KB
5	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 54 region1.google-analytics.com — Cisco Umbrella Rank: 2069	21 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 65	248 KB
4	hsforms.com forms.hsforms.com — Cisco Umbrella Rank: 4264 forms-na1.hsforms.com — Cisco Umbrella Rank: 6887 perf-na1.hsforms.com — Cisco Umbrella Rank: 8522	10 KB
3	nr-data.net bam-cell.nr-data.net — Cisco Umbrella Rank: 1957	2 KB
3	google.com www.google.com — Cisco Umbrella Rank: 3 google.com — Cisco Umbrella Rank: 1	804 B
3	doubleclick.net googleads.g.doubleclick.net — Cisco Umbrella Rank: 55 stats.g.doubleclick.net — Cisco Umbrella Rank: 114	4 KB
2	google.de www.google.de — Cisco Umbrella Rank: 5933	563 B
2	omappapi.com a.omappapi.com — Cisco Umbrella Rank: 5750	22 KB
2	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2442	2 KB
2	hsforms.net js.hsforms.net — Cisco Umbrella Rank: 6825	329 KB
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 226	765 B
1	newrelic.com js-agent.newrelic.com — Cisco Umbrella Rank: 475	49 KB
1	hubapi.com api.hubapi.com — Cisco Umbrella Rank: 3489	1 KB
1	oribi.io cdn.linkedin.oribi.io — Cisco Umbrella Rank: 890	364 B
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2185	20 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2182	21 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 4376	86 KB
1	usemessages.com js.usemessages.com — Cisco Umbrella Rank: 4791	22 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3247	3 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 819	5 KB
144	27

	Domain	Requested by
54	cyble.com	1 redirects cyble.com
8	c0.wp.com	cyble.com
6	s.adroll.com	1 redirects cyble.com s.adroll.com www.googletagmanager.com
5	static.hsappstatic.net	app.hubspot.com
5	fonts.wp.com	fonts-api.wp.com
5	www.googletagmanager.com	cyble.com www.googletagmanager.com
3	bam-cell.nr-data.net	app.hubspot.com
3	track.hubspot.com
3	app.hubspot.com	js.usemessages.com static.hsappstatic.net app.hubspot.com
3	p.clarity.ms	www.clarity.ms
3	px.ads.linkedin.com	3 redirects
3	region1.google-analytics.com	www.googletagmanager.com
2	c.clarity.ms	1 redirects
2	www.google.de	cyble.com
2	www.google.com	cyble.com
2	api.hubspot.com	js.usemessages.com
2	pixel.wp.com	cyble.com
2	googleads.g.doubleclick.net	www.googletagmanager.com
2	www.clarity.ms	cyble.com www.clarity.ms
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	a.omappapi.com	cyble.com a.omappapi.com
2	forms.hsforms.com	js.hsforms.net cyble.com
2	js.hs-scripts.com	cyble.com www.googletagmanager.com
2	js.hsforms.net	cyble.com js.hsforms.net
2	fonts-api.wp.com	cyble.com
1	forms.hubspot.com	js.hsleadflows.net
1	c.bing.com	1 redirects
1	labs.cyble.com	cyble.com
1	js-agent.newrelic.com	app.hubspot.com
1	perf-na1.hsforms.com	cyble.com
1	google.com	www.googletagmanager.com
1	api.hubapi.com	js.hsadspixel.net
1	forms-na1.hsforms.com	cyble.com
1	stats.g.doubleclick.net	www.google-analytics.com
1	cta-service-cms2.hubspot.com	js.hubspot.com
1	px4.ads.linkedin.com	cyble.com
1	www.linkedin.com	1 redirects
1	cdn.linkedin.oribi.io	snap.licdn.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	js.hsleadflows.net	js.hs-scripts.com
1	js.hubspot.com	js.hs-scripts.com
1	js.usemessages.com	js.hs-scripts.com
1	js.hsadspixel.net	js.hs-scripts.com
1	snap.licdn.com	www.googletagmanager.com
1	d.adroll.com	s.adroll.com
1	stats.wp.com	cyble.com
1	s0.wp.com	cyble.com
1	i0.wp.com	cyble.com
144	49

This site contains links to these domains. Also see Links.

Domain
labs.cyble.com
getodin.com
thecyberexpress.com
partnernetwork.cyble.com
partnercentral.cyble.com
www.facebook.com
twitter.com
pinterest.com
www.linkedin.com
telegra.ph
attack.mitre.org
rules.evebox.org
blog.cyble.com
www.youtube.com

Subject Issuer	Validity	Valid
cyble.com GTS CA 1P5	`2023-07-09` - `2023-10-07`	3 months	crt.sh
*.wp.com Sectigo ECC Domain Validation Secure Server CA	`2022-11-14` - `2023-12-15`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-16` - `2024-05-15`	a year	crt.sh
s.adroll.com Amazon RSA 2048 M01	`2023-06-03` - `2024-07-01`	a year	crt.sh
d.adroll.com Amazon RSA 2048 M01	`2022-11-08` - `2023-12-07`	a year	crt.sh
a.omappapi.com R3	`2023-07-09` - `2023-10-07`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-02-01` - `2024-01-31`	a year	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2022-12-01` - `2023-12-01`	a year	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
hubspot.com Cloudflare Inc ECC CA-3	`2023-02-05` - `2024-02-05`	a year	crt.sh
linkedin.oribi.io Amazon RSA 2048 M01	`2023-06-08` - `2024-07-07`	a year	crt.sh
www.google.com GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
www.google.de GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
hubapi.com Cloudflare Inc ECC CA-3	`2023-04-07` - `2024-04-06`	a year	crt.sh
*.google.com GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 06	`2023-02-13` - `2024-02-08`	a year	crt.sh
hsappstatic.net Cloudflare Inc ECC CA-3	`2023-04-10` - `2024-04-09`	a year	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA 2023 Q2	`2023-04-13` - `2024-05-14`	a year	crt.sh
labs.cyble.com GTS CA 1P5	`2023-07-19` - `2023-10-17`	3 months	crt.sh
*.nr-data.net DigiCert TLS RSA SHA256 2020 CA1	`2022-11-18` - `2023-12-19`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
Frame ID: 109DEA9C43C4EFB68BCE85FECA2E0B8A
Requests: 129 HTTP requests in this frame

Frame: https://js.hsforms.net/forms/v2.js
Frame ID: BA052E4A33AC1D48214AE0DA8B7D603E
Requests: 1 HTTP requests in this frame

Frame: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/ff23b0c3a6f24a8db5e4832ebab97bfd?uuid=f7e357b5557a457b82037afc769d6df2&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=cyble.com&inApp53=false&messagesUtk=ff23b0c3a6f24a8db5e4832ebab97bfd&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
Frame ID: 6DF7D85E15360E03697D9B98C00A1F64
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Cyble — LummaC Stealer Leveraging Amadey Bot to Deploy SectopRAT

Page URL History Show full URLs

http://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/ HTTP 301
https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

<link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
<link[^>]+s\d+\.wp\.com
/wp-(?:content|includes)/

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

(?:a|s)\.adroll\.com

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Revslider (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

/revslider/[/\w-]+/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

144
Requests

97 %
HTTPS

78 %
IPv6

27
Domains

49
Subdomains

39
IPs

4
Countries

2445 kB
Transfer

8300 kB
Size

34
Cookies

45 Outgoing links

These are links going to different origins than the main page.

URL: https://labs.cyble.com/q2-2023-ransomware-report
Title: The Q2-2023 Ransomware Report is Now Available. Download Now

Search URL Search Domain Scan URL

URL: https://getodin.com/
Title: Cyble Odin

Search URL Search Domain Scan URL

URL: https://thecyberexpress.com/
Title: The Cyber Express

Search URL Search Domain Scan URL

URL: https://partnernetwork.cyble.com/
Title: Partner Network

Search URL Search Domain Scan URL

URL: https://partnercentral.cyble.com/login
Title: Partner Login

Search URL Search Domain Scan URL

URL: https://partnercentral.cyble.com/partner/registration
Title: Become a Partner

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F

Search URL Search Domain Scan URL

URL: http://twitter.com/share?url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&text=LummaC%20Stealer%20Leveraging%20Amadey%20Bot%20to%20Deploy%20SectopRAT&hashtags=Remote%20Access%20Trojan,Stealer

Search URL Search Domain Scan URL

URL: https://pinterest.com/pin/create/bookmarklet/?media=https://cyble.com/wp-content/uploads/2023/08/LummaC-Stealer-AmadeyBot-SectopRAT.png&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&description=LummaC%20Stealer%20Leveraging%20Amadey%20Bot%20to%20Deploy%20SectopRAT

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&title=LummaC+Stealer+Leveraging+Amadey+Bot+to+Deploy+SectopRAT&source=Cyble

Search URL Search Domain Scan URL

URL: https://telegra.ph/LummaC2---universal-stealer-a-malware-for-professionals-07-27
Title: information

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1204/
Title: T1204

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1047
Title: T1047

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1547/001
Title: T1547.001

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1055
Title: T1055

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1497
Title: T1497

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1027
Title: T1027

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1562
Title: T1562

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1027/002
Title: T1027.002

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1140
Title: T1140

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1620
Title: T1620

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1003
Title: T1003

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1056
Title: T1056

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1057
Title: T1057

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1012
Title: T1012

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1082
Title: T1082

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1083
Title: T1083

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1518/001
Title: T1518.001

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1005
Title: T1005

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1071
Title: T1071

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1573
Title: T1573

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1105
Title: T1105

Search URL Search Domain Scan URL

URL: https://rules.evebox.org/rule/2046637
Title: 2046637

Search URL Search Domain Scan URL

URL: https://rules.evebox.org/rule/2039423
Title: 2039423

Search URL Search Domain Scan URL

URL: https://rules.evebox.org/rule/2043206
Title: 2043206

Search URL Search Domain Scan URL

URL: https://rules.evebox.org/rule/2039425
Title: 2039425

Search URL Search Domain Scan URL

URL: https://rules.evebox.org/rule/2045751
Title: 2045751

Search URL Search Domain Scan URL

URL: https://rules.evebox.org/rule/2045752
Title: 2045752

Search URL Search Domain Scan URL

URL: https://rules.evebox.org/rule/2044623
Title: 2044623

Search URL Search Domain Scan URL

URL: https://rules.evebox.org/rule/2044695
Title: 2044695

Search URL Search Domain Scan URL

URL: https://rules.evebox.org/rule/2044696
Title: 2044696

Search URL Search Domain Scan URL

URL: https://blog.cyble.com/
Title: Blog

Search URL Search Domain Scan URL

URL: https://twitter.com/cybleglobal
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/cyble-global/
Title: Linkedin

Search URL Search Domain Scan URL

URL: https://www.youtube.com/@cybleglobal
Title: Youtube

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/ HTTP 301
https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 71

https://s.adroll.com/j/exp/ELNAF2EZDFHJRAP3ODLCUU/index.js HTTP 302
https://s.adroll.com/j/exp/index.js

Request Chain 101

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1692092713827&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1692092713827&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4053396%26time%3D1692092713827%26url%3Dhttps%253A%252F%252Fcyble.com%252Fblog%252Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%252F%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1692092713827&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1692092713827&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&cookiesTest=true&liSync=true&e_ipv6=AQL9-eaA6SiW4wAAAYn4lc7HTC8JA25z8AFa_DtfMTo9oRXhsECEa9_wZaXBBTFAPTqHKyA

Request Chain 130

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=0F1842C00CD64CEFBC2B45ED977152FB&RedC=c.clarity.ms&MXFR=19D039C351D16B6E17CA2AAD55D165F5 HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=0F1842C00CD64CEFBC2B45ED977152FB&MUID=162BB48BF0A8664D1805A7E5F104677B

144 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
Redirect Chain

http://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

386 KB
84 KB

181ms
90ms

Document
text/html

2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b4ecd6b75ddb8f529acf668c1bdcd03b8338ff5872d99b4e5f8e2cb606a534bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: max-age=236, must-revalidate
cf-apo-via: origin,no-cache
cf-cache-status: BYPASS
cf-edge-cache: cache,platform=wordpress
cf-ray: 7f7080dd98d91911-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Tue, 15 Aug 2023 09:45:12 GMT
host-header: WordPress.com
last-modified: Tue, 15 Aug 2023 09:41:44 GMT
link: <https://cyble.com/wp-json/>; rel="https://api.w.org/", <https://cyble.com/wp-json/wp/v2/posts/21411>; rel="alternate"; type="application/json", <https://wp.me/pf01Lu-5zl>; rel=shortlink
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1y0kECYskvFAR%2F5ptKxWXEUD4J8scKscXclPjlzymDK0ZaiETmNEKrX%2FmJ9QyiwBPwWGw2Hb4z8LVPKiZ9lzyb9JHxMYcG6SAV5aDWVSh7UOEi07atpG4iejkLRZFSVt5D9xWmlexw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains; preload
vary: Accept-Encoding, Cookie
x-ac: 5.ams _atomic_ams HIT
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
x-nananana: Batcache-Hit
x-xss-protection: 1; mode=block

Redirect headers

CF-Cache-Status: BYPASS
CF-Ray: 7f7080dc8eaf19a0-FRA
Connection: keep-alive
Content-Type: text/html
Date: Tue, 15 Aug 2023 09:45:12 GMT
Location: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1IMQ%2Bm2dj1bDQLoqwVFPhqSAOh4KW7gNHBTIYlucJIg77ztN%2B9Zg84fkoRlpZYSoelBnvz%2Bi2WCq%2Fo6lbDO7a9xngcWf6rniNXOC00QBxSa%2FYnY3HC311FvC8%2Fit87QwNFspT2R4UQ%3D%3D"}],"group":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-ac: 2.hhn _atomic_ams BYPASS
cf-apo-via: origin,no-cache

GET
H2 200 frontend.min.css
cyble.com/wp-content/themes/astra/assets/css/minified/ 46 KB
10 KB 67ms
67ms Stylesheet
text/css 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/themes/astra/assets/css/minified/frontend.min.css?ver=4.2.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d131f7e4e216e7d68307b83116886b90867789b4e6d51a316566711c939d83b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:12 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 55792
content-encoding: br
last-modified: Mon, 14 Aug 2023 18:11:05 GMT
server: cloudflare
etag: W/"64da6e39-b875"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mRBGhvoA3EVRlc7ubnF87cm43XDEqQJKp56Rh%2F2YatzeVlKhs85eJNJm1RxThRSF0bk6ocgEubPhXTg1sRrD%2Bxx8xTwl7OqLDp21WyApuJpjBJEMiXALOSUFbKg4LZ9PmlbkcFgvzQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080de39b11911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
BLOB 200
OK f53e816a-a78f-40e0-87a0-025baa0dec8e
https://cyble.com/ 1 KB
0 Other
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://cyble.com/f53e816a-a78f-40e0-87a0-025baa0dec8e
Requested by: Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Content-Length: 1245
Content-Type: text/javascript

GET
H2 200 css
fonts-api.wp.com/ 9 KB
1 KB 368ms
281ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%7CRoboto%3A500%2C400%2C700&display=fallback&ver=4.2.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

e07a45c7c60d08681486d059a3460d56930732dca8177bb457db78190b7b5ae7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:12 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
x-xss-protection: 0
x-nc: BYPASS hhn 1
last-modified: Tue, 15 Aug 2023 09:37:05 GMT
server: nginx
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin

GET
H2 200 style.css
cyble.com/wp-content/plugins/gutenberg/build/block-library/ 103 KB
14 KB 72ms
71ms Stylesheet
text/css 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/gutenberg/build/block-library/style.css?ver=16.4.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9aac72c96bbbb7c120c620dcefd0ef63ea64da156cd058a0bf42e562a02178db

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:12 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams MISS
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 325814
content-encoding: br
cf-bgj: minify
last-modified: Wed, 09 Aug 2023 19:17:52 GMT
server: cloudflare
etag: W/"64d3e660-19a37"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AVapveyZ5RTB3UavVQPbcBF6fWLegipBX0O5XUkqjBlPlL9IhSAgdzD3gjhwaPL9z7Tvs9kWJR4wLKDDLHMncmmMKDKiQ3KQOedz7u%2BCT%2F23sm%2B9KBJHy1C2x0VyPXohn3TnpnJotg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080de59e51911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.css
cyble.com/wp-content/plugins/layout-grid/ 50 KB
2 KB 70ms
69ms Stylesheet
text/css 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/layout-grid/style.css?ver=1643201242

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e7d619d956e2ee8eda499065971fa563dc8df48475e6e123e21e53815553401c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:12 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 422830
cf-polished: origSize=58957
content-encoding: br
cf-bgj: minify
last-modified: Wed, 26 Jan 2022 12:47:22 GMT
server: cloudflare
etag: W/"61f142da-e64d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=kn0QRMFqr%2BZokTvXH2QLOKRkIYwTn%2BSKfl3nYTwQi%2FlSuigkD8iBXo6LOL9GoOmZIPbOtCyX1IIMQVgT9uOXFaez%2B5YomRTCFFS%2B3%2B5a7R6mB%2F3XIPjzbLURUfvujKHHMlEmr7V5Hg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080de59e91911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 view.css
cyble.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-videopress/build/block-editor/blocks/video/ 602 B
620 B 71ms
70ms Stylesheet
text/css 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/jetpack/jetpack_vendor/automattic/jetpack-videopress/build/block-editor/blocks/video/view.css?minify=false&ver=34ae973733627b74a14e

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d749579e51cf490ba27a6782bcfe07c52e44ffa8e3fbb4db7a4dded9d0d9ef29

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:12 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 3.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 422830
content-encoding: br
cf-bgj: minify
last-modified: Tue, 02 May 2023 20:08:24 GMT
server: cloudflare
etag: W/"64516db8-25a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jrjUcmFvLW3nVi24Y7W7p44%2BKUNlkIIGO8HjEFdcb8FvWWVGjsuSLnucut%2BB4UeZw1I2Ua4GY5763tTTrj146tcmyiIP3vDgMvWXAHFiUmeiAjwQuB%2FDXLThGwMlnI4Yxp6jYboBZw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080de59ea1911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 mediaelementplayer-legacy.min.css
c0.wp.com/c/6.3/wp-includes/js/mediaelement/ 11 KB
3 KB 139ms
54ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.3/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 15 Aug 2023 09:45:12 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Tue, 29 Sep 2020 15:53:06 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Wed, 14 Aug 2024 09:45:12 GMT

GET
H2 200 wp-mediaelement.min.css
c0.wp.com/c/6.3/wp-includes/js/mediaelement/ 4 KB
1 KB 140ms
55ms Stylesheet
text/css 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.3/wp-includes/js/mediaelement/wp-mediaelement.min.css

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 15 Aug 2023 09:45:12 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Fri, 07 Jun 2019 20:45:02 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Wed, 14 Aug 2024 09:45:12 GMT

GET
H2 200 header-footer-elementor.css
cyble.com/wp-content/plugins/header-footer-elementor/assets/css/ 493 B
494 B 68ms
68ms Stylesheet
text/css 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/header-footer-elementor/assets/css/header-footer-elementor.css?ver=1.6.15

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f0ee717899856ae9af6c9ed60f4b093f925bc3d9b3c0b42072ec6fc69c923d67

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:12 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 5.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 422830
cf-polished: origSize=776
content-encoding: br
cf-bgj: minify
last-modified: Thu, 27 Jul 2023 08:53:08 GMT
server: cloudflare
etag: W/"64c23074-308"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9epwcHJmPMgdLwMwDjPX2aE57AFyDXY1oaxNbH8K63e758k%2FAh1CsDdIClApxOEFMg0vuNl78rqLwH38w8wj7f0naetGl2XToY7FFGZRmyRwyXbSMgjFmNHsXlPPoIF20Fq4jToQdA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080de59ed1911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 elementor-icons.min.css
cyble.com/wp-content/plugins/elementor/assets/lib/eicons/css/ 19 KB
4 KB 69ms
69ms Stylesheet
text/css 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.21.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8631189ca38e73206e52ed06e8f0f3b2e839b9facc236b9519b9fd8d7f8d63e2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:12 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 5.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 422830
content-encoding: br
last-modified: Wed, 09 Aug 2023 13:04:41 GMT
server: cloudflare
etag: W/"64d38ee9-4c20"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uQ2Cltr97u6cFQbZMAAA2X84%2B0BZqkG%2FOvPnhiXI%2F%2FCxfdXYRkYhEEKSew97UsjevuFXG4NSjves49%2F7laubnHZhAQFI5DgeYElbmohKK0s1mtjhqYVqqeH2FINkKFuDTQ4bNv3vrA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080de59ee1911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend.min.css
cyble.com/wp-content/plugins/elementor/assets/css/ 160 KB
20 KB 71ms
71ms Stylesheet
text/css 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.15.2

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7767eb16c530edecef795f839ccc67c03aed221e4a8cf70969f0231edb24dc57

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:12 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 5.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 422830
content-encoding: br
last-modified: Wed, 09 Aug 2023 13:04:41 GMT
server: cloudflare
etag: W/"64d38ee9-27f72"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BiyDZJNOAt5JAgiIIm1JG0WGMaMAeDxv%2FEW3oR6mBMxrSrxXMFP27mR5sFzGLcUuDGp5KsJlgzqV73JFMt0Lj9%2B48YhsF%2B6yrF3FbzHELEZGwrhqf0LNQRcO6tDzTiRdos0g9O3gTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080de59f01911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 swiper.min.css
cyble.com/wp-content/plugins/elementor/assets/lib/swiper/css/ 13 KB
3 KB 69ms
69ms Stylesheet
text/css 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/swiper/css/swiper.min.css?ver=5.3.6

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d622534d53d3ac1095af275f0b30274fcd835785577df2dde6d9398e6f7a2c8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:12 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 422830
content-encoding: br
last-modified: Wed, 09 Aug 2023 13:04:42 GMT
server: cloudflare
etag: W/"64d38eea-324c"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HWsf3blFz%2Fvh8F5gaeHbRazh%2Ftjg18b%2BP0c9IenOdE3dhhZWY2UdvP%2BwvaLyjxJ4T%2Bg7RyeE5dnaRrm8aaR2uzYxC%2BnCxl%2BHMSpS0M8LMMfofD8NSVvrtAQ1pEHYcnKEXtQ%2FVVBXAQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080de59f11911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 post-5708.css
cyble.com/wp-content/uploads/elementor/css/ 1 KB
744 B 61ms
61ms Stylesheet
text/css 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/elementor/css/post-5708.css?ver=1691600394

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6d02cf7ab02fb87ae61c3843653e1b6ac677803f7dec768d986054a687fd69a3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:12 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 3.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 422830
cf-polished: origSize=1172
content-encoding: br
cf-bgj: minify
last-modified: Wed, 09 Aug 2023 16:59:54 GMT
server: cloudflare
etag: W/"64d3c60a-494"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=meZvfvudiM6KosDTiGNpypMaczl9luvq4J%2FAhN4vLdPmXxufX2IttNVK%2FgCQwp%2FdZbJ2Y6QxNmX7LP%2FpjiO0DO8m5w5Wno5Nt%2BQrtZWzliroFGMFKFF0F0MbJQ4XcY93Wjg0EcEvrA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080de59f41911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend.min.css
cyble.com/wp-content/plugins/elementor-pro/assets/css/ 448 KB
44 KB 72ms
71ms Stylesheet
text/css 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.15.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d814bc98c8415428cb5c7511ce0eb00f66c7629a01645ab0b066848e843794b3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:12 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 5.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 422830
content-encoding: br
last-modified: Wed, 09 Aug 2023 14:49:28 GMT
server: cloudflare
etag: W/"64d3a778-70054"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ljVlQlNbxB5fvlM%2ByfsUikDQSrreSsAD1U%2FrKxkRdyTh8nqWpfTxKrtZfETrW8xTgo2RExlwzebm%2BdYYSj5t5HAUcOkaAJ3UFXk76D8SblPMgjQZqOenmq1ucqyg0TnVeEu2IKZeqQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080de59f61911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 uael-frontend.min.css
cyble.com/wp-content/plugins/ultimate-elementor/assets/min-css/ 616 KB
69 KB 98ms
98ms Stylesheet
text/css 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/ultimate-elementor/assets/min-css/uael-frontend.min.css?ver=1.36.18

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

93c4b4c3c0b807afd497de4b525c7980d50aeb57f52ab909d6cf5a814b4d13ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:12 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 5.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 422830
content-encoding: br
last-modified: Fri, 28 Jul 2023 03:47:36 GMT
server: cloudflare
etag: W/"64c33a58-9a067"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4l%2BcokgUEFD4Mi36moGQiNPU6xRdxCc9gjJSpJy3TqMUYc4SPsF3FU8L7vFirVacZmY02LFgGz4elWVXvrRchR86KZxMf24rLv%2Ff9%2BuMtApM9pGIRRBwnsWuw%2FcdZwFCFLfJ33huAg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080de7a161911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 post-9211.css
cyble.com/wp-content/uploads/elementor/css/ 17 KB
2 KB 92ms
92ms Stylesheet
text/css 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/elementor/css/post-9211.css?ver=1691600396

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f3855e6f3082e6650dcbae564c7dab0790f49f243942d33b63c11a315774711

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:12 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 5.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 422830
cf-polished: origSize=17933
content-encoding: br
cf-bgj: minify
last-modified: Wed, 09 Aug 2023 16:59:56 GMT
server: cloudflare
etag: W/"64d3c60c-460d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fVMWs4gNuNi6%2Fvh1x0Tvh6s%2B7lu%2FwL8V0drYyamduf78e3kjWW3lRzpquEL5TP%2BFhN3QQoq7%2B4%2FOyBfcMyIZSDMRrQJSh4K%2BZKwmJsL97YZ7wJsM2i8rcJnTT6k8C%2F1M81elDepylA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080de7a1a1911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend.css
cyble.com/wp-content/plugins/header-footer-elementor/inc/widgets-css/ 63 KB
7 KB 95ms
95ms Stylesheet
text/css 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/header-footer-elementor/inc/widgets-css/frontend.css?ver=1.6.15

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e77ea2ad3d36d93405698dfe9578c6f58d88aa70157e958ffb39af7796700f92

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:12 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 3.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 422830
cf-polished: origSize=75684
content-encoding: br
cf-bgj: minify
last-modified: Thu, 27 Jul 2023 08:53:08 GMT
server: cloudflare
etag: W/"64c23074-127a4"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nQuw7HPAQasNJFclU%2BkEIpMU%2BXNcI0nnCfjEN7iyCQfEcimqkUQkfmtB0IuzrsY2KHvOmDvH8ZRzWy1an9aPwvLpqRnaEl626lnf3e8WySPaZGPHeDt%2BcFPyaEG0ycm4v2zGAU3GzA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080de7a1b1911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 astra-addon-64da6e3fc379e7-37771240.css
cyble.com/wp-content/uploads/astra-addon/ 50 KB
7 KB 97ms
96ms Stylesheet
text/css 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/astra-addon/astra-addon-64da6e3fc379e7-37771240.css?ver=4.1.7

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca070e32b6828690046193d4971de50a9ff7a22c01248a4feaf8a9ec12f75468

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:12 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 5.ams _atomic_ams MISS
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 55792
cf-polished: origSize=51040
content-encoding: br
cf-bgj: minify
last-modified: Mon, 14 Aug 2023 18:11:11 GMT
server: cloudflare
etag: W/"64da6e3f-c760"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nLrKZDPdhSoUR6LupWegQ9EkBNFFoKGSTsfkaP%2F7L4E81mEzhxYV1Wy0VzA25AomzzcyMhW%2B55iYO6i9HnjSe1vLdJiSq0s%2F%2BscTmh2AOEXOsNrM2WDQ3PNyGhqab0crKo0C5XDyPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080de7a201911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 front.min.css
cyble.com/wp-content/plugins/cookie-notice/css/ 5 KB
1 KB 89ms
88ms Stylesheet
text/css 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/cookie-notice/css/front.min.css?ver=6.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f158b8591a08b6c02bb345ae96dd62f0c632f7f635bb4a5f449fce24bdc11789

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:12 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 419837
content-encoding: br
last-modified: Wed, 28 Jun 2023 18:11:08 GMT
server: cloudflare
etag: W/"649c77bc-14d6"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0J3AhoUVmS%2F027S01lbiZUCHs2JZSmqEoKEDd4DB97OQ8Gw67KDfg7hPmgN0rvbIU5uri4Ivlp9O6JuTh5jGm8%2FyLU2AamDZYJm%2BJkbCOfeDvpxPiHiLon%2Fc9sGBSE54ovBmvmkiqg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080de7a211911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts-api.wp.com/ 76 KB
2 KB 364ms
282ms Stylesheet
text/css 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts-api.wp.com/css?family=Open+Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

43cd95e62bc0c1b1d69ca1cd990e165063bc64005b3ee18aa947404de928441d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:12 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
cross-origin-resource-policy: cross-origin
x-xss-protection: 0
x-nc: BYPASS hhn 1
last-modified: Tue, 15 Aug 2023 09:37:23 GMT
server: nginx
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin

GET
H2 200 fontawesome.min.css
cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 57 KB
13 KB 92ms
91ms Stylesheet
text/css 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d01a2ba2805c78957e15a2958135de0f3cb88e95159dd0f6c0a032bd76b1b0e9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:12 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 5.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 422830
content-encoding: br
last-modified: Wed, 09 Aug 2023 13:04:42 GMT
server: cloudflare
etag: W/"64d38eea-e238"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9dZN4Ok0%2F2IqXHZeQcFMi6t16tA7IHebzYvcndTSTd0%2FbqOXkgZAS%2BNg%2F3Tn%2BTVbmBHJYyoCIlN%2BbV4WpJEhdW4Xv71FeUOb8J%2FoHVr9B2dLDHxQ1%2Bz1cPj5Ej011OEcZP7TeZZ6Fg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080de7a231911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 brands.min.css
cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/ 675 B
611 B 94ms
94ms Stylesheet
text/css 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9cd63b8cea25045c14623c538d26752518a58c0c682795ce6ad3078976c65a37

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:12 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 5.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 422830
content-encoding: br
last-modified: Wed, 09 Aug 2023 13:04:42 GMT
server: cloudflare
etag: W/"64d38eea-2a3"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e7set3pjh3fKeRvBJkDq2lW53nAPh0B8qCXVgd337IJL0zsBNWFrB9zoCz6czuoFbBCPoNdR6YKkqohDkF5rQRJqYUFkgeKTVQR8%2FMQBQmirHxEgAegiJkfgmaWB8H4iFkm77zbG4w%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080de7a241911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jetpack.css
cyble.com/wp-content/plugins/jetpack/css/ 97 KB
19 KB 96ms
95ms Stylesheet
text/css 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/jetpack/css/jetpack.css?ver=12.5-a.7

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22e6b56e777518d56d35252b62065cfa748c0c290c7b54ace1314338cf97b6f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:12 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 314962
cf-polished: origSize=99886
content-encoding: br
cf-bgj: minify
last-modified: Wed, 09 Aug 2023 19:14:48 GMT
server: cloudflare
etag: W/"64d3e5a8-1862e"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8Wb0qRMG8Bnp1cIGXDKKG%2FAR3eWaI%2BhB8BTNa6cmyIs%2BHEBYJDrMuhQ9FmvnSApUJ7fKtG0rIF%2B%2Bzgc2QEJqTUw7967z8xU45s%2Fl2RtWkyGLfnjS0NDmptNEyJlOwIYrNNIQYlDBSA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080de7a261911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 related-posts.min.js Show response
cyble.com/wp-content/plugins/jetpack/_inc/build/related-posts/ 6 KB
2 KB 90ms
89ms Script
application/javascript 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/jetpack/_inc/build/related-posts/related-posts.min.js?ver=20211209

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a68827190bc01a61ee0a62ec59efa74497a6bc5aa8586f1fac50a58d0cf42d88

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:12 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 422830
content-encoding: br
last-modified: Mon, 19 Jun 2023 19:16:28 GMT
server: cloudflare
etag: W/"6490a98c-1661"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aA1Yt3X5kX2RhX3gPX9IKQNpsEoXOnhW149NEZVvuXRvJL6S9ugWVeETlGR6xqVeLDx9o2asKywV9yjWBseOcaShtkgXo3BaaWG4gHBivwfLQ5Wt7IZ0iu6K%2B2bf7uzttergZXjOFg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080de7a271911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.min.js Show response
c0.wp.com/c/6.3/wp-includes/js/jquery/ 85 KB
29 KB 135ms
55ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.3/wp-includes/js/jquery/jquery.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 15 Aug 2023 09:45:12 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Fri, 26 May 2023 11:33:35 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Wed, 14 Aug 2024 09:45:12 GMT

GET
H2 200 jquery-migrate.min.js Show response
c0.wp.com/c/6.3/wp-includes/js/jquery/ 13 KB
5 KB 134ms
55ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.3/wp-includes/js/jquery/jquery-migrate.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 15 Aug 2023 09:45:12 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Fri, 09 Jun 2023 05:49:24 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Wed, 14 Aug 2024 09:45:12 GMT

GET
H2 200 front.min.js Show response
cyble.com/wp-content/plugins/cookie-notice/js/ 8 KB
2 KB 104ms
98ms Script
application/javascript 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/cookie-notice/js/front.min.js?ver=2.4.9

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

08756c47213d461baa3b01f42448a76d11f524470c7a34f9018733889bd4f49c

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 5.ams _atomic_ams MISS
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 419837
content-encoding: br
last-modified: Wed, 28 Jun 2023 18:11:08 GMT
server: cloudflare
etag: W/"649c77bc-21fc"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dmEPvvg6A5edLRQbNKdV%2BMO8kmntR%2BY4mbFA7T4L4eYzXGVEyKE7Dq0QZtZ4JdNo3FfUs7lt0FMyCnN%2FHuD6FSSPP2p%2BWL6Xd%2BwF61f5TH5Ra8R4WQvuetNNzgRrrtoaxvEzGSbd5w%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080e15dfd1911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 304 KB
99 KB 189ms
90ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=GT-WKTZW36

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7b2da000930085fea78865e550caf6d35e1327dc3a2996bd8ba2146001b4316d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 101759
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Tue, 15 Aug 2023 09:45:13 GMT

GET
H2 200 Cyble-Logo-150x42-1.webp
cyble.com/wp-content/uploads/2023/07/ 3 KB
4 KB 89ms
83ms Image
image/webp 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2023/07/Cyble-Logo-150x42-1.webp

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

594e58a370b6219afb761152e616c06147e70e8c8d040ef51058f238025633a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 3.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 419837
content-length: 3094
last-modified: Wed, 26 Jul 2023 09:51:45 GMT
server: cloudflare
etag: "64c0ecb1-c16"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MAb9%2FSdEWe7buILOwicKH75z41Hh%2BNgzzZUXXSLL5Cwt9Y4a1y4cqCRYc2S%2BJUNPWbnh9MKXiLLAQFuGbrGKuNgaUMy2xAsPydz79e%2B2C667R5k2YzZT6O1oD8PiJHC4wHfLle3%2Bdg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=604800
accept-ranges: bytes
cf-ray: 7f7080e15dfe1911-FRA
expires: Thu, 17 Aug 2023 12:35:09 GMT

GET
H2 400 LummaC-Stealer-AmadeyBot-SectopRAT-1024x512.png
cyble.com/wp-content/uploads/2023/08/ 87 B
87 B 197ms
192ms Image
text/html 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2023/08/LummaC-Stealer-AmadeyBot-SectopRAT-1024x512.png

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3111667f131fe35172925ebef7026e7ce805f590d0998d027133523d7d1176d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT dca 3
date: Tue, 15 Aug 2023 09:45:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams MISS
cf-cache-status: BYPASS
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
server: cloudflare
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=xJRjS4E%2FcG3bjOtolFNzgOiXKtNQ8xHkrPnhcHcWGETN%2BD1tTJ3vj5lJJKvg%2Bc1gaiY%2BP6fnmZc8ZVqQnd00t5wM57xmlzyiBqfELHjQws0yvh0yMYL0N9FThqbnZ6IyQZvzAnIplg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/html; charset=utf-8
cf-ray: 7f7080e15e001911-FRA

GET
H2 200 Figure-1-%E2%80%93-New-Loader-feature-of-LummaC-stealer-mentioned-in-the-TAs-Telegram-channel.jpg
cyble.com/wp-content/uploads/2023/08/ 109 KB
110 KB 95ms
90ms Image
image/jpeg 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2023/08/Figure-1-%E2%80%93-New-Loader-feature-of-LummaC-stealer-mentioned-in-the-TAs-Telegram-channel.jpg

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f411b0d382fa401ad9bdac4d8db4df0d7175cd961b89caf0ab5779aa659fd6de

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 5.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 60522
content-length: 112127
cf-bgj: h2pri
last-modified: Fri, 11 Aug 2023 06:38:28 GMT
server: cloudflare
etag: "64d5d764-1b5ff"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/jpeg
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iecanrcuss5i3EgFXsskkoOf9VouXGzQC7lbOQ604IASlizq99XjwCdc9wH%2BXuARHHDDPyNAN05lM6xSTBXtPeDkLKFN8bEvbSoJtNHzYAy0jefStvZoIv34qAA5IB%2Fy64SNBiuIMw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=604800
accept-ranges: bytes
cf-ray: 7f7080e15e021911-FRA
expires: Fri, 18 Aug 2023 07:35:49 GMT

GET
H2 200 subscribe-to-CRIL.jpg
i0.wp.com/blog.cyble.com//srv/htdocs/wp-content/uploads/2021/11/ 16 KB
16 KB 138ms
39ms Image
image/webp 192.0.77.2
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://i0.wp.com/blog.cyble.com//srv/htdocs/wp-content/uploads/2021/11/subscribe-to-CRIL.jpg

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

i0.wp.com

Software

nginx /

Resource Hash

382e9768b5578d5ad05e51e37670a3cf93d4593a49bcbee1f5e8b66d0d8c1c53

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 15 Aug 2023 09:45:13 GMT
x-content-type-options: nosniff
last-modified: Wed, 26 Jul 2023 23:15:01 GMT
server: nginx
etag: "27ade7d444618f64"
vary: Accept
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
cache-control: public, max-age=63115200
timing-allow-origin: *
link: <http://blog.cyble.com//srv/htdocs/wp-content/uploads/2021/11/subscribe-to-CRIL.jpg>; rel="canonical"
content-length: 16232
expires: Sat, 26 Jul 2025 11:15:01 GMT

GET
H2 200 v2.js Show response
js.hsforms.net/forms/ 526 KB
165 KB 243ms
158ms Script
application/javascript 2606:4700::6810:b841
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:b841 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

250dc46c1691ff969d5ea984b282e46403885ec806ed96ac3ee301db043a1a4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-encoding: br
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3544/bundles/project-v2.js&cfRay=7f7080e138ae39d3-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"0b631c5c17436fe9a934a378374d7e4a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.3544/bundles/project-v2.js
date: Tue, 15 Aug 2023 09:45:13 GMT
x-amz-version-id: 2tqrkyXrj45cp.Q0BoEeKReD9HeN0VyM
via: 1.1 6b29c936420d116b13807604a0e67044.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 52564612-548e-471e-911d-acf342c36b89
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 52564612-548e-471e-911d-acf342c36b89
last-modified: Fri, 11 Aug 2023 02:53:20 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=85z5KuZOax05uZyhvdc%2FwmfJVzXX%2FEATCVOUfg91qDwfCdpLriI4KsvMkEfhmQ37pFzUgJ2T6n5t%2F2Tv%2FCJEPDUJWL%2Fa1%2F9VF7wv91F%2BpaN5pnthDVyDTpMAbLz4lsyHqUgZsJZwr%2BNe%2FuTo"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-6mr8p
cf-ray: 7f7080e138ae39d3-FRA
x-amz-cf-id: y1t6YjAA93vxn32g9EVqSj6rhsFlY8Rm_IPqrPsY3oKne_HH8woSMA==

GET
H2 200 bilmur.min.js Show response
s0.wp.com/wp-content/js/ 7 KB
3 KB 48ms
39ms Script
application/javascript 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/js/bilmur.min.js?m=202333
Requested by: Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: e0f724e7902c0b2186d8395984c312696dc8be9ae0c187792f032fb0955fcf9a

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 15 Aug 2023 09:45:13 GMT
content-encoding: br
x-ac: 2.hhn _dca MISS
last-modified: Thu, 29 Jun 2023 15:07:21 GMT
server: nginx
etag: W/"649d9e29-1bf2"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Tue, 13 Aug 2024 00:00:00 GMT

GET
H2 200 magamenu-frontend.min.css
cyble.com/wp-content/plugins/astra-addon/addons/nav-menu/assets/css/minified/ 0
424 B 50ms
50ms Stylesheet
text/css 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/astra-addon/addons/nav-menu/assets/css/minified/magamenu-frontend.min.css?ver=4.1.7

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams MISS
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 400699
content-length: 0
last-modified: Thu, 10 Aug 2023 18:11:11 GMT
server: cloudflare
etag: "64d5283f-0"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gapYa9u9%2BeSgd9UkBHvXmmCENsb36rl5%2BV8bGWIEjWiRa%2BdqcUeefb2%2BMJr3czXbXctQ5MgV2VdpAj8Bz%2FPnnoKJmbnLrZbVFqHRF1xRZeyIbLf%2FMYCYpcP%2F0uYBHVPDtep4Ex1%2Fcg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
accept-ranges: bytes
cf-ray: 7f7080e10d941911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 rs6.css
cyble.com/wp-content/plugins/revslider/public/assets/css/ 48 KB
10 KB 61ms
54ms Stylesheet
text/css 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.6.15

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

931729e0f35d5f9a8c077b47484b2180d05f74358293787e30cb0af30b9d87ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 422831
cf-polished: origSize=59754
content-encoding: br
cf-bgj: minify
last-modified: Tue, 01 Aug 2023 18:57:53 GMT
server: cloudflare
etag: W/"64c955b1-e96a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: text/css
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jVCmd7e%2B%2FdJDjG%2BB%2F%2Bx3LtR6vjKV4fOw0ISnGewG0oqap%2BlBVD341WzUJfAv7IFTqBADP9W0rQSucN%2B2QYPg%2Bcod3ze2Ix98HKSklNMS3wXbEGwWaqgxEdB1a%2BlzQ%2Ff1wh4BKWd2ng%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080e12db61911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend.min.js Show response
cyble.com/wp-content/themes/astra/assets/js/minified/ 20 KB
5 KB 70ms
61ms Script
application/javascript 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=4.2.0

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

694da45e033114445455ea32bc0448bd950165a0eda0f92e16b9ed32bf5eb493

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 3.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 55793
content-encoding: br
last-modified: Mon, 14 Aug 2023 18:11:05 GMT
server: cloudflare
etag: W/"64da6e39-5081"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=2yaXy7Rw%2BHKo0MIUH9PlUgC9lOqD7DAxtmBWJafxlOUdzdrP9PBZGWdsngaX91K4ySnJ%2F27G8mAJsx%2FZFbSbPxIhjknPz1apOWQCNUfobpl7B5KGtqzjHHtL8SrdnnzK8dd2IqT9SQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080e12dbc1911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 21289959.js Show response
js.hs-scripts.com/ 3 KB
1 KB 155ms
57ms Script
application/javascript 2606:4700::6812:853b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.1.30

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:853b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78972f986ad8c0cafa844dcda205b00cb7fa60bc1a20cc7bedcb1276560d37a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-hubspot-correlation-id: f788e069-b68e-400e-aa1e-4198f5fd5a28
x-evy-trace-route-service-name: envoyset-translator
cf-polished: origSize=2948
age: 36
x-envoy-upstream-service-time: 5
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f788e069-b68e-400e-aa1e-4198f5fd5a28
cf-bgj: minify
last-modified: Tue, 15 Aug 2023 09:44:37 GMT
server: cloudflare
x-trace: 2B8EE1256B54E84A146F5B7535B00222760D456034000000000000000000
access-control-max-age: 3600
vary: origin, Accept-Encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://cyble.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-6c94986c56-hfjxh
cache-control: public, max-age=60
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
cf-ray: 7f7080e1bf163610-FRA
expires: Tue, 15 Aug 2023 09:46:13 GMT

GET
H2 200 rbtools.min.js Show response
cyble.com/wp-content/plugins/revslider/public/assets/js/ 162 KB
62 KB 103ms
98ms Script
application/javascript 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.6.15

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

52984e532d02a87a060764ff400626a1b81cc316284a8ba1feab5d94697119a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 5.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 422831
content-encoding: br
last-modified: Tue, 01 Aug 2023 18:57:53 GMT
server: cloudflare
etag: W/"64c955b1-28681"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=06qfLn0EF7XmLSycZ1i06m1hrM9tcEt6ypDOqWMYAUfCVsdYoReDW%2FeFj6crPTn3XgExf6O7ed4VYjz7yXPcNgP4wb11NhXrkFnuMA%2BGj3b8zlzbdi8q0%2FgxhNxOIT9NS50DY770rg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080e15e031911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 rs6.min.js Show response
cyble.com/wp-content/plugins/revslider/public/assets/js/ 406 KB
106 KB 110ms
106ms Script
application/javascript 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.6.15

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d83aec48544d062dde1996c25831b736a6262a98fc15a037ee5c72b1f9f0aeb2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 422831
content-encoding: br
last-modified: Tue, 01 Aug 2023 18:57:53 GMT
server: cloudflare
etag: W/"64c955b1-659a8"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fdAy1xyx%2Fw5m44Xj7nUOnkt%2BfzUhp3j5nFKALkQd2n88oIRd1YLXpBv5vuckHOyBnpreFR5y%2BitxmoknfuHcIZkj6EUsE%2B6DT2xn2JcFB%2BTVD2Y%2F%2B%2BSDNzURScPPNCGZPaHuAmoVRA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080e15e041911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 astra-addon-64da6e3fe55cf3-01480257.js Show response
cyble.com/wp-content/uploads/astra-addon/ 35 KB
7 KB 67ms
58ms Script
application/javascript 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/uploads/astra-addon/astra-addon-64da6e3fe55cf3-01480257.js?ver=4.1.7

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9c27e42954cc6f080f4857edb857af0788e836eec0388f043989364be9ae0594

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 5.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 55793
content-encoding: br
cf-bgj: minify
last-modified: Mon, 14 Aug 2023 18:11:11 GMT
server: cloudflare
etag: W/"64da6e3f-8d16"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=a26LYcIbPf2yZ1tPGt%2BOHcPSL1%2Fg8rBK9sdcxo7oJIr%2FHPq1%2BWPA1mr2JvDoplffg3sFPDyVsettR2Uig90dKtIcgj%2BFc0EEszlAzH%2BD40h3hZnvArkMFxDnlscaTf1E7rS5jvpxig%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080e12dbe1911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 e-202333.js Show response
stats.wp.com/ 7 KB
3 KB 136ms
38ms Script
application/javascript 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-202333.js
Requested by: Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-minify-cache: hit
x-nc: HIT hhn
date: Tue, 15 Aug 2023 09:45:13 GMT
content-encoding: br
server: nginx
x-minify: t
etag: W/13576-1684461103136.7104
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
expires: Mon, 12 Aug 2024 06:45:23 GMT

GET
H2 200 jetpack-carousel.min.js Show response
cyble.com/wp-content/plugins/jetpack/_inc/build/carousel/ 24 KB
8 KB 69ms
60ms Script
application/javascript 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/jetpack/_inc/build/carousel/jetpack-carousel.min.js?ver=12.5-a.7

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0200bc38d986631f9cc4680084d7d263ccf17fa4a3c627b26ff347e0cfcf1d47

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 314963
content-encoding: br
last-modified: Tue, 30 May 2023 17:03:32 GMT
server: cloudflare
etag: W/"64762c64-5e2d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GFaagRMQrRLb3LryA5GBi2zkRyubMfXvrSjqkvXxGJq3x5F%2Btix3qK50EgEEvU9w67HPV2HuhnmeBQGTs6RpvNZ%2Bm41Kn0rGDVw1WO%2BgzpnYgQWWuat69brb5sfmugnKOJeqV5JRdg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080e12dc11911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 uael-nav-menu.min.js Show response
cyble.com/wp-content/plugins/ultimate-elementor/assets/min-js/ 20 KB
3 KB 64ms
55ms Script
application/javascript 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/ultimate-elementor/assets/min-js/uael-nav-menu.min.js?ver=1.36.18

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

53c709abec93270bef6fa3c5c4290d4ce120582152fe692e6be582f544a89ae8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 422831
content-encoding: br
last-modified: Thu, 27 Jul 2023 18:12:01 GMT
server: cloudflare
etag: W/"64c2b371-500a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=8GevJMtd3vL5pQ738%2BMCI3vP9Ni%2F5HIzUKrDabhIl9ItxlpOQyeM0MN1jSEjsM7WZ6Fa5iRyrxLRl3YOvHU0p9atI961wJS6p0AyzfuDz7pUUGeltaVuJNBvvIibwA5J3LKXdfS4UQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080e12dc21911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery_resize.min.js Show response
cyble.com/wp-content/plugins/ultimate-elementor/assets/lib/jquery-element-resize/ 3 KB
2 KB 62ms
54ms Script
application/javascript 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/ultimate-elementor/assets/lib/jquery-element-resize/jquery_resize.min.js?ver=1.36.18

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c706177319d7e325d98a281cdf6cb930f162b52f0f46828f11e5a10ae9894bea

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 422831
content-encoding: br
last-modified: Thu, 27 Jul 2023 18:12:01 GMT
server: cloudflare
etag: W/"64c2b371-d6e"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=afWsGTgFgKQIl6xyf3bBRXxn1PFg5LLKBtz4sCRjd5k0E%2Fna0C1TCWkArZRo8kTCnxa8gFJKXxZ%2Fn4R84tWkDDsUlRspexIx6jHgXjwY8BstNgrDlBzJ1b8xIzZsoJqD4RUxsU1Bfw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080e12dc31911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 js_cookie.min.js Show response
cyble.com/wp-content/plugins/ultimate-elementor/assets/lib/js-cookie/ 2 KB
1 KB 64ms
56ms Script
application/javascript 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/ultimate-elementor/assets/lib/js-cookie/js_cookie.min.js?ver=1.36.18

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5244a8d1d1a28e02eec3247e1ba73bb13319a0cc521c87580d43e46cb67b4bc2

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 3.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 422831
content-encoding: br
last-modified: Thu, 27 Jul 2023 18:12:01 GMT
server: cloudflare
etag: W/"64c2b371-7ad"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=1beUtea13r8wSg9KNRdWfmVxdgRMPRp5S29rMwexHB0fbVSIeBUw9oiIYl9lolx2%2FFmE30OPS91vXG7PUEi3%2BOtOklwT%2B%2Be6Riq5sh3QBHZ45JMDV0IRdsxHQBFGgFEZ%2FNNr9G8k%2FQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080e12dc41911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 webpack-pro.runtime.min.js Show response
cyble.com/wp-content/plugins/elementor-pro/assets/js/ 6 KB
3 KB 63ms
55ms Script
application/javascript 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.15.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b82873e9441abb9739dfca31b6880855d2043b643522a4011e29474d450b9a30

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 422831
content-encoding: br
last-modified: Wed, 09 Aug 2023 14:49:27 GMT
server: cloudflare
etag: W/"64d3a777-1623"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AoYLrdz4V6aWIOX9gMa49Y4bQicKZG9EYiczTvp%2Fzo8bTvmFhpSlRoTSQTck3DHVgWsJon0XcL9YOK4M7SR8rwfQzDRMev78Q6AcfdHR4oU%2F0MZg4GVfR4X3ChwlZ7aoZNCU7Hx7oA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080e12dc51911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 webpack.runtime.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/js/ 5 KB
3 KB 67ms
59ms Script
application/javascript 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.15.2

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a11d4c8a6d406d2b3d222fea59f8ec58c8846662393bcb2ac17760c9545270e

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 422831
content-encoding: br
last-modified: Wed, 09 Aug 2023 13:04:41 GMT
server: cloudflare
etag: W/"64d38ee9-135e"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5cqBuI3qxf72KZ2wS1tk%2FLrD3L1HliiA9WeGXzUitU1RdVO6kXI3Xyac4%2FVPFMwnlgSGxGaY4ZYa7NLIr8TgQXI5WMeSLuUNKW0zfYnv8Jje31N6%2Fsmu4EhRczm7hKarJj1h%2BvHFng%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080e12dc81911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend-modules.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/js/ 55 KB
17 KB 94ms
86ms Script
application/javascript 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.15.2

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2055757e207fbd1dd32c01ab72c914fa88ae5f9f5595131207ca1e4769b8ba3b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 422831
content-encoding: br
last-modified: Wed, 09 Aug 2023 13:04:41 GMT
server: cloudflare
etag: W/"64d38ee9-db5a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FIXwNN%2B4eRKe2pGhjDwrFXAckLSn%2BPxTqpOx5D7laZrJ619NrKLvybe6oKIRA6Qb%2Ffs5GiKHF14RaiLigwHHKutT1eVjm52TY7ILcdLejq1zsS%2FA36Ntmzewh%2BOzxwou1uO%2Bz4zrNQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080e15df11911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wp-polyfill-inert.min.js Show response
c0.wp.com/c/6.3/wp-includes/js/dist/vendor/ 8 KB
2 KB 48ms
41ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.3/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 15 Aug 2023 09:45:13 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Wed, 18 Jan 2023 11:16:33 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Wed, 14 Aug 2024 09:45:13 GMT

GET
H2 200 regenerator-runtime.min.js Show response
c0.wp.com/c/6.3/wp-includes/js/dist/vendor/ 6 KB
2 KB 49ms
41ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.3/wp-includes/js/dist/vendor/regenerator-runtime.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

6974bfd8fa06b7831f05cb4b25860c851a5ad3f02a6699ebe688987dd7a6ebe6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 15 Aug 2023 09:45:13 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Tue, 07 Feb 2023 15:56:37 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Wed, 14 Aug 2024 09:45:13 GMT

GET
H2 200 inert-polyfill.min.js Show response
cyble.com/wp-content/plugins/gutenberg/build/vendors/ 8 KB
3 KB 96ms
89ms Script
application/javascript 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/gutenberg/build/vendors/inert-polyfill.min.js?ver=6.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af8a8cd98214ed3d7760402ffa8b8804b073b4bf95d887ed7e81a50f826b523b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 5.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 422831
content-encoding: br
last-modified: Wed, 26 Oct 2022 11:46:48 GMT
server: cloudflare
etag: W/"63591e28-1fe9"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=VFO9VLNlzJX5Cyzh8oR9CrIyhhI%2Fx8OEx269vjVoIPP%2BqgspLlTMyLEGGjRoQ3QST2irTRrjkFlDYEghuuR5wQTzttSVEfqYXWl5D2DrdNs9zQIz7SiqblJM%2BQK7xZZkP1Dnd5qW2Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080e15df31911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wp-polyfill.min.js Show response
c0.wp.com/c/6.3/wp-includes/js/dist/vendor/ 16 KB
6 KB 49ms
42ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.3/wp-includes/js/dist/vendor/wp-polyfill.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

4c0ced2cb3830d045cdd74f745fd4d6dcb082d8edd3a9fe46e39295e30cb8032

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 15 Aug 2023 09:45:13 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Tue, 27 Jun 2023 14:24:19 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Wed, 14 Aug 2024 09:45:13 GMT

GET
H2 200 index.min.js Show response
cyble.com/wp-content/plugins/gutenberg/build/hooks/ 4 KB
2 KB 91ms
84ms Script
application/javascript 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/gutenberg/build/hooks/index.min.js?ver=3aee234ea7807d8d70bc

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

24004b1763b0275d5a1d9f66f08616a54b95aeec1f0034766bbb479679a82fc3

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 422831
content-encoding: br
last-modified: Wed, 14 Jun 2023 12:06:14 GMT
server: cloudflare
etag: W/"6489ad36-10a6"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2BHgAQQsm9BWJTrV1WNSN27gL0L7UrLpv3trUHhaEdiQ2ggkJgkqJtcSbbgvQvVfrNzenAwR2k6m196oCVwQXPY%2B8iG8qW0UTTmF8UAvzXsv1JI4zGQ4yXmGaMAiUzmmygtmlTG5%2Fbg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080e15df61911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 index.min.js Show response
cyble.com/wp-content/plugins/gutenberg/build/i18n/ 9 KB
4 KB 94ms
88ms Script
application/javascript 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/gutenberg/build/i18n/index.min.js?ver=5baa98e4345eccc97e24

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d743ad07240fdc75d2e2a357b4ff44b334f6d4c53683e31e824aaf61d3bad0c9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 3.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 422831
content-encoding: br
last-modified: Wed, 14 Jun 2023 12:06:14 GMT
server: cloudflare
etag: W/"6489ad36-227d"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FcIDKNVBixG22TcHEkavtKs2IljhHS%2BgfE%2FpLAyDEQGMddi4R%2BCnsyH5YWa7ZDBl7lekAbqFUCVgNhDHAwvCZhozpFziACdrUIWFRR0M4CRgYzNr%2BN7rYhDQ0fIENGJ3kW%2BMkDHqWg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080e15df71911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 frontend.min.js Show response
cyble.com/wp-content/plugins/elementor-pro/assets/js/ 24 KB
7 KB 92ms
85ms Script
application/javascript 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.15.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5a85ef05aac6b235ced7b52818d4a96d33d8fa778342706baf3d98e3c1335480

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 3.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 422831
content-encoding: br
last-modified: Wed, 09 Aug 2023 14:49:27 GMT
server: cloudflare
etag: W/"64d3a777-5f54"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=lXfB6EzPBEpz6g1%2BRaFGzRWCTESq1RNuZiwVLa4w6A7CDKYyOA71h8xLmYBKOg6AdnxLYr5pxuXuGv4Osksagdz059OkjplHthRugeCgihcN%2Fu9pycgW8dHHRvqNh%2FGg7%2FoCuUQmVw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080e15df81911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 waypoints.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/lib/waypoints/ 12 KB
3 KB 89ms
83ms Script
application/javascript 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 5.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 422831
content-encoding: br
last-modified: Wed, 09 Aug 2023 13:04:42 GMT
server: cloudflare
etag: W/"64d38eea-2fa6"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w0QKw2jn%2FRQ1zp9%2BYUmuv8J7AhNHfOlz94RZ3cKVX1cztglAAPoIoiRwIvi3TGo38WO0TnfpYVYAVhm2kHLdBgywNfoQeTqtVGttygQKLvtapjb5n%2F0fYNostkpO56r6UvJzji721g%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080e15df91911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 core.min.js Show response
c0.wp.com/c/6.3/wp-includes/js/jquery/ui/ 21 KB
7 KB 48ms
42ms Script
application/javascript 192.0.77.37
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://c0.wp.com/c/6.3/wp-includes/js/jquery/ui/core.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.37 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 15 Aug 2023 09:45:13 GMT
content-encoding: br
strict-transport-security: max-age=15552000
last-modified: Thu, 02 Feb 2023 16:36:32 GMT
server: nginx
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=31536000
timing-allow-origin: *
expires: Wed, 14 Aug 2024 09:45:13 GMT

GET
H2 200 frontend.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/js/ 40 KB
13 KB 87ms
81ms Script
application/javascript 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.15.2

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

202aa6d8ac6559305e6d1b273941796e5fab95dc0a08f9a9f0e4955afa0b4668

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 422831
content-encoding: br
last-modified: Wed, 09 Aug 2023 13:04:41 GMT
server: cloudflare
etag: W/"64d38ee9-9f2a"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XufRZv3LTZeicxxr1h4CUy9CIPU6GlLYjyVtSnFYv%2FpMI6DCU%2FeiAQmtkpXnDdVd4NvWM6Tfpd0AoEAxy%2FIOwzZyiupTJp4uLlUGbRuTwLQqPaU%2F9SuQPANCgqoiYecW6EoMrSXmRg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080e15dfa1911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 elements-handlers.min.js Show response
cyble.com/wp-content/plugins/elementor-pro/assets/js/ 35 KB
9 KB 104ms
97ms Script
application/javascript 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.15.1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

92aac6fbb4010042167255e7366dcfdb996210351d8a79642490e76fc5a5239b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 422831
content-encoding: br
last-modified: Wed, 09 Aug 2023 14:49:27 GMT
server: cloudflare
etag: W/"64d3a777-8a47"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=5sQinGNxkK4FSYRn955N3iP6MlSFoZ8Fc%2Bkta%2BjxNbpp8C7LY7RX7yMVDjCIsPgj3%2FwEvBay6rXg5bP0%2FACGutKHR6cTKNFWYC97SQVBslQlFjduSWAAGafk3HVtdYhTI3xofjQ05Q%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080e15dfc1911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/ 97 KB
29 KB 143ms
46ms Script
text/javascript 2600:9000:225e:b400:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js
Requested by: Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:b400:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 6d4fdf918e5f7d61986a1ac1727fb35d39e25e7c7e3f7b85d7952c2edc819aef

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

X-Amz-Version-Id: H.uP2MNXt3wGJvTQQ05XEvKl1gnqj6Q9
Content-Encoding: gzip
Via: 1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
Date: Tue, 15 Aug 2023 09:24:04 GMT
Age: 1270
X-Amz-Cf-Pop: FRA60-P4
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Thu, 10 Aug 2023 12:30:15 GMT
Server: AmazonS3
Etag: W/"3c979ce2061afb3028dd4b8b8efab2cf"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: 7KSf1dkbI-64Df1R_qJDY19j7CJ5FFNQi19rBpI2-CiTX4oOrHLGyQ==

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 214 KB
78 KB 146ms
49ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d790db1f8a17f8d6c29ee2d2afde51e37da9f6cd8a6c0680467014834aab4f07

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 79568
x-xss-protection: 0
last-modified: Tue, 15 Aug 2023 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 15 Aug 2023 09:45:13 GMT

GET
H2 200 Cyble-Logo-150x42-1.webp
cyble.com/wp-content/uploads/2023/07/ 3 KB
3 KB 107ms
106ms Image
image/webp 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2023/07/Cyble-Logo-150x42-1.webp

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

594e58a370b6219afb761152e616c06147e70e8c8d040ef51058f238025633a1

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 3.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 419837
content-length: 3094
last-modified: Wed, 26 Jul 2023 09:51:45 GMT
server: cloudflare
etag: "64c0ecb1-c16"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/webp
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=p%2F%2FOebRb1FDBeybU%2FC3VLGvmUsy1%2F2YHd31lvXYPkrd89nPCJbuezJvJj%2BbpVslCodqgZ4sn6sEBDYaplMXLNPQVMDu93IpmkeXwPK6%2FWcNRy2qBFfVVT4JaTlg1FJMd%2B1SyYA3zYw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=604800
accept-ranges: bytes
cf-ray: 7f7080e15e051911-FRA
expires: Thu, 17 Aug 2023 12:35:09 GMT

GET
H2 200 pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.wp.com/s/poppins/v20/ 8 KB
8 KB 132ms
39ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%7CRoboto%3A500%2C400%2C700&display=fallback&ver=4.2.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts-api.wp.com/
Origin: https://cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 15 Aug 2023 09:45:13 GMT
x-content-type-options: nosniff
last-modified: Wed, 27 Apr 2022 17:03:52 GMT
server: nginx
age: 440753
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 7884
x-xss-protection: 0

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.wp.com/s/roboto/v30/ 15 KB
15 KB 132ms
39ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%7CRoboto%3A500%2C400%2C700&display=fallback&ver=4.2.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts-api.wp.com/
Origin: https://cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 15 Aug 2023 09:45:13 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: nginx
age: 290156
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 15744
x-xss-protection: 0

GET
H2 200 astra.woff
cyble.com/wp-content/themes/astra/assets/fonts/ 3 KB
2 KB 68ms
67ms Font
application/font-woff 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/themes/astra/assets/fonts/astra.woff

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ec7ef7aa5fd1e019f1c26193e95e46d481d4983673936a9dda086705ada6e3d5

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
Origin: https://cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 3.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 422831
content-encoding: br
last-modified: Mon, 07 Aug 2023 06:11:19 GMT
server: cloudflare
etag: W/"64d08b07-ce8"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/font-woff
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n5tfyK4ECnn9u0IK84jwbR8Cs6DrEhGDWiOTDc9G5CFzxIfXWDnCZXcVsu7YugBxigRq9K1Nc5OH6IZVsGSBNRZOHjLk0wcUxFQvdo8GcNzuCp02GTdytDBUQw0ayjbTZtKH8oWaUw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=604800
cf-ray: 7f7080e15e061911-FRA
expires: Wed, 16 Aug 2023 17:16:45 GMT

GET
H2 200 KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.wp.com/s/roboto/v30/ 16 KB
16 KB 164ms
71ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%7CRoboto%3A500%2C400%2C700&display=fallback&ver=4.2.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts-api.wp.com/
Origin: https://cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 15 Aug 2023 09:45:13 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 May 2022 19:24:45 GMT
server: nginx
age: 438546
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 15920
x-xss-protection: 0

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.wp.com/s/roboto/v30/ 15 KB
16 KB 164ms
71ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%7CRoboto%3A500%2C400%2C700&display=fallback&ver=4.2.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts-api.wp.com/
Origin: https://cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 15 Aug 2023 09:45:13 GMT
x-content-type-options: nosniff
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: nginx
age: 319280
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 15860
x-xss-protection: 0

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.wp.com/s/poppins/v20/ 8 KB
8 KB 164ms
72ms Font
font/woff2 192.0.77.32
AUTOMATTIC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.wp.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2

Requested by

Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%7CRoboto%3A500%2C400%2C700&display=fallback&ver=4.2.0

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),

Reverse DNS

wordpress.com

Software

nginx /

Resource Hash

9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts-api.wp.com/
Origin: https://cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-nc: HIT hhn 1
date: Tue, 15 Aug 2023 09:45:13 GMT
x-content-type-options: nosniff
last-modified: Wed, 27 Apr 2022 16:11:40 GMT
server: nginx
age: 440761
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
content-length: 7816
x-xss-protection: 0

GET
H2 200 Figure-2-Infection-chain.jpg
cyble.com/wp-content/uploads/2023/08/ 51 KB
51 KB 61ms
61ms Image
image/jpeg 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2023/08/Figure-2-Infection-chain.jpg

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c45b6d7231c3b2e2f4d815c41bb2d3595bc1c02b9233f12b3da4c06175f41e0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 60522
content-length: 52114
cf-bgj: h2pri
last-modified: Fri, 11 Aug 2023 06:39:02 GMT
server: cloudflare
etag: "64d5d786-cb92"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/jpeg
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uAQE1uwRkwemaNYhY%2FPignrl66pcnE5pZLYxaJf1lEEAHVXSbilY3wsTjH1D8vKmyP%2ByeMuStb8i2QCkTcaDS4Tx%2BOlp62qE8pTyf9TJW2%2F5Bt5Qs0FmedAQheZ9mVISngrr9I7dLQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=604800
accept-ranges: bytes
cf-ray: 7f7080e17e1d1911-FRA
expires: Fri, 18 Aug 2023 07:35:49 GMT

GET
H2 200 Cyble-Demo.png
cyble.com/wp-content/uploads/2023/06/ 84 KB
84 KB 59ms
59ms Image
image/png 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2023/06/Cyble-Demo.png

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0427349d2020319a07c730eb5c5cb8ee988339b37ea834a0e0e19463d7ff324d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 400699
content-length: 85763
last-modified: Mon, 26 Jun 2023 08:04:44 GMT
server: cloudflare
etag: "6499469c-14f03"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/png
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=HVEItnFRARPIHO%2Bbop5BKnP4%2FhjYcHsPaA7HsJxgwGmA36eTPuU6I5cOUUdHugPgtITc9Qkexhm0DKPXUotbYBJY9AN5p5zJ7BRS74oNWGgJSp0iLi7MEFm47oWVMdbrB5qpgTDFvA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=604800
accept-ranges: bytes
cf-ray: 7f7080e18e461911-FRA
expires: Thu, 17 Aug 2023 12:32:30 GMT

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/exp/
Redirect Chain

https://s.adroll.com/j/exp/ELNAF2EZDFHJRAP3ODLCUU/index.js
https://s.adroll.com/j/exp/index.js

28 B
785 B

44ms
43ms

Script
application/javascript

2600:9000:225e:b400:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/index.js
Requested by: Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
Protocol: HTTP/1.1
Server: 2600:9000:225e:b400:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

X-Amz-Version-Id: e6mCeG7.PAM9gYrIJBIXJohubS3UVCEK
Date: Mon, 14 Aug 2023 17:24:34 GMT
Via: 1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
Age: 58840
X-Amz-Cf-Pop: FRA60-P4
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 28
Last-Modified: Thu, 03 Aug 2023 18:30:18 GMT
Server: AmazonS3
Etag: "5816cced8568d223aa09d889f300692b"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 600
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: WpWxe8eweXcDOkLI8mPQYVSDNfw21ai9TMxUHgXVr0wJQYaLkSD72w==

Redirect headers

Date: Mon, 14 Aug 2023 15:07:02 GMT
Via: 1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
Age: 67091
X-Amz-Cf-Pop: FRA60-P4
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Server: AmazonS3
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/xml
Location: https://s.adroll.com/j/exp/index.js
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: 5VvbCkMSe25YYAX0dRtZY01VhwaQPC4TxIkdtdBEFwcpCpRGiRsLbw==

GET
H2 200 ELNAF2EZDFHJRAP3ODLCUU Show response
d.adroll.com/consent/check/ 464 B
557 B 176ms
57ms Script
application/javascript 2a05:d018:cc3:fe04:f8c3:a4e0:7057:6f24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/ELNAF2EZDFHJRAP3ODLCUU?pv=89973483311.83359&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&_s=462af19e95121368ad2e5809eaeb9e0c&_b=2
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:d018:cc3:fe04:f8c3:a4e0:7057:6f24 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.22.1 /
Resource Hash: 04d1af88845fb011bd20760cf1a42ff9bc768f142e6f9edb4d28f369b1fab732

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
server: nginx/1.22.1
content-length: 464
content-type: application/javascript

GET
H/1.1 200
OK json Show response
forms.hsforms.com/embed/v3/form/21289959/f7da69d1-3801-430f-b109-5f44b65a9326/ 38 KB
7 KB 265ms
180ms XHR
application/json 2606:4700::6811:d2f3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hsforms.com/embed/v3/form/21289959/f7da69d1-3801-430f-b109-5f44b65a9326/json?hs_static_app=forms-embed&hs_static_app_version=1.3544&X-HubSpot-Static-App-Info=forms-embed-1.3544

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:d2f3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

348faa54a35800dff0371ee5b6fa40871e383d4f405037c2e02bb4cc9c5d27c2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

X-Origin-Hublet: na1
Date: Tue, 15 Aug 2023 09:45:13 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
Content-Encoding: br
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: e48299f6-9223-491e-a682-d315dfe82e94
Transfer-Encoding: chunked
x-envoy-upstream-service-time: 22
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: e48299f6-9223-491e-a682-d315dfe82e94
Server: cloudflare
X-Trace: 2B18A81F3F7562E0034E1A6EC92105EF92BD097509000000000000000000
Vary: origin
Access-Control-Allow-Methods: OPTIONS, GET
Content-Type: application/json;charset=utf-8
Access-Control-Allow-Origin: https://cyble.com
x-evy-trace-virtual-host: all
Access-Control-Expose-Headers: X-Origin-Hublet
Access-Control-Max-Age: 180
Access-Control-Allow-Credentials: false
Cache-Control: max-age=0, no-cache, no-store
X-Robots-Tag: none
Access-Control-Allow-Headers: *
CF-RAY: 7f7080e3b95a923e-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-hgnfq

GET
H2 200 fa-brands-400.woff2
cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/ 75 KB
75 KB 56ms
56ms Font
application/font-woff2 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2

Requested by

Host: cyble.com
URL: https://cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3
Origin: https://cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 5.ams _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 422831
content-length: 76764
last-modified: Wed, 09 Aug 2023 13:04:42 GMT
server: cloudflare
etag: "64d38eea-12bdc"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/font-woff2
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Is%2FWg7sbdV7qw7y7smvHG4LMSlx9xM10Stt95tGxlWB4FxuaHsY19ZCJe5jl2EwzQKGnkNnIT3bHZaQfhBZ9CWA%2B7s6lrA7vXxxYQECL3nzfFOPNl93f4pXEtqT7sp5YHp0b5x%2FBLw%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=604800
accept-ranges: bytes
cf-ray: 7f7080e348881911-FRA
expires: Wed, 16 Aug 2023 17:16:45 GMT

GET
H2 200 Figure-3-Content-of-ZIP-archive-file.jpg
cyble.com/wp-content/uploads/2023/08/ 54 KB
55 KB 59ms
58ms Image
image/jpeg 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cyble.com/wp-content/uploads/2023/08/Figure-3-Content-of-ZIP-archive-file.jpg

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

14c06cfb3fb33ce501743b68ea270a4b78ef9bf7b5f591784d719e6eea7d928b

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 60522
content-length: 55446
cf-bgj: h2pri
last-modified: Fri, 11 Aug 2023 06:40:05 GMT
server: cloudflare
etag: "64d5d7c5-d896"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: image/jpeg
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=w5xGLsqv25%2FqNxGyluYHklYyuBidZq49PPEB%2Bqd1RH9nUhBORJHnQ9WvCLtS3QVncOUkrvsT8I6BPiDxBZnPbZgACvLRmxvnLH1Cxh48xtSw2Ij1yM65Ni15kFPVsfPEHoBzOkinEg%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=604800
accept-ranges: bytes
cf-ray: 7f7080e399151911-FRA
expires: Fri, 18 Aug 2023 07:35:49 GMT

GET
H2 200 api.min.js Show response
a.omappapi.com/app/js/ 53 KB
19 KB 142ms
44ms Script
application/javascript 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.js
Requested by: Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 34f6f75ebed9d8ada5d33eb94f0d79feccb051e308897da31e96cc0751582878

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
content-encoding: br
cdn-edgestorageid: 1080
perma-cache: HIT
cdn-storageserver: DE-676
cdn-cachedat: 08/14/2023 18:43:02
cdn-pullzone: 293267
last-modified: Mon, 14 Aug 2023 18:43:02 GMT
server: BunnyCDN-DE1-1081
cdn-fileserver: 588
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"64da75b6-d3b1"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 1c0c1f091cb5516179987851b360568d
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 13 KB
5 KB 144ms
39ms Script
application/x-javascript 2a02:26f0:7100::1720:ee40
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:7100::1720:ee40 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 24 Jul 2023 09:07:54 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/x-javascript;charset=utf-8
cache-control: max-age=83742
accept-ranges: bytes
content-length: 4862

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 130ms
40ms Script
text/javascript 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Tue, 15 Aug 2023 07:49:43 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 6930
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Tue, 15 Aug 2023 09:49:43 GMT

GET
H2 200 21289959.js Show response
js.hs-scripts.com/ 3 KB
750 B 59ms
59ms Script
application/javascript 2606:4700::6812:853b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/21289959.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:853b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

44b2056efc68f55c87e8095357d62bcb713b8702fcfc3e914db43e61f66e884e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
x-hubspot-correlation-id: 21f0f88b-2dd7-4bf5-8072-255a6d6a425f
x-evy-trace-route-service-name: envoyset-translator
cf-polished: origSize=2948
age: 36
x-envoy-upstream-service-time: 4
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 21f0f88b-2dd7-4bf5-8072-255a6d6a425f
cf-bgj: minify
last-modified: Tue, 15 Aug 2023 09:44:37 GMT
server: cloudflare
x-trace: 2BCDCD75B29975520102C4006D55489627DCD32FA2000000000000000000
access-control-max-age: 3600
vary: origin, Accept-Encoding
content-type: application/javascript;charset=utf-8
access-control-allow-origin: https://cyble.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-6c94986c56-8d65k
cache-control: public, max-age=60
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
cf-ray: 7f7080e3ca473610-FRA
expires: Tue, 15 Aug 2023 09:46:13 GMT

GET
H2 200 hf2o0cm7gp Show response
www.clarity.ms/tag/ 1023 B
1 KB 247ms
153ms Script
application/x-javascript 2620:1ec:46::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/hf2o0cm7gp?ref=gtm2
Requested by: Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:46::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 0dd3ebf5a6397ea1ef51f53db07e8f9fca4227c0525ebb5e8ed75015b108b471

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

expires: -1
date: Tue, 15 Aug 2023 09:45:13 GMT
x-azure-ref: 20230815T094513Z-v924kvncvp0c1bd7sfff26u2yc00000004vg00000000x01e
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 1023
request-context: appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 188 KB
70 KB 54ms
53ms Script
application/javascript 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-361856552&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e5e5ee4fcc830312fa1456bca8896671afa86ee1c4407325dd4463b8009b898d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 71713
x-xss-protection: 0
last-modified: Tue, 15 Aug 2023 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Tue, 15 Aug 2023 09:45:13 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
250 B 133ms
46ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-N9ZXY95EM4&gtm=45Pe3890&_p=869785087&gdid=dZTNiMT&cid=990791793.1692092714&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1692092713&sct=1&seg=0&dl=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&dt=Cyble%20%E2%80%94%20LummaC%20Stealer%20Leveraging%20Amadey%20Bot%20to%20Deploy%20SectopRAT&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=GT-WKTZW36
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Aug 2023 09:45:13 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cyble.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10996750928/ 3 KB
2 KB 195ms
86ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10996750928/?random=1692092713565&cv=11&fst=1692092713565&bg=ffffff&guid=ON&async=1&gtm=45Pe3890&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&hn=www.googleadservices.com&frm=0&tiba=Cyble%20%E2%80%94%20LummaC%20Stealer%20Leveraging%20Amadey%20Bot%20to%20Deploy%20SectopRAT&did=dZTNiMT&gdid=dZTNiMT&auid=1690529751.1692092714&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=GT-WKTZW36

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

7630f306c709ddaf791bd400ca8bf35a4f323953270401778bb65a8e1356db7a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Aug 2023 09:45:13 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1395
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
3 KB 145ms
49ms Script
application/javascript 2606:4700::6810:78be
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.1.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:78be , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36a58b231f4bd34d323b5a7da9caf1a2706ecc87ca22a822763b96659043017e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
x-amz-version-id: jPXu6qi.g7uxBjG4s6uCQIhIPiNAy8nk
via: 1.1 c3d335addde48969fafe25d4064cee80.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 6
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.396/bundles/pixels-release.js&cfRay=7f7080bb49c33a61-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 90928219-3314-4e8d-a1e3-9e854b47322f
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 0
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 90928219-3314-4e8d-a1e3-9e854b47322f
last-modified: Mon, 07 Aug 2023 08:57:08 UTC
server: cloudflare
etag: W/"c80164a2fdf0ea90248ff107d11fb350"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-hhhlh
cf-ray: 7f7080e4bf321ac5-FRA
x-amz-cf-id: 1zrA1_CmZ3pS9qIhsYwu83OxKpIpqnqXn8erjT51LiBoYfzXG9lcpA==
x-hs-target-asset: adsscriptloaderstatic/static-1.396/bundles/pixels-release.js

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 76 KB
22 KB 150ms
49ms Script
application/javascript 2606:4700::6811:64ac
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.usemessages.com/conversations-embed.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.1.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:64ac , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

063565f869727078c5f4e68e351fdacecc0388f9cef40ae9a048fb5db8d900c3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
x-amz-version-id: 1Ee09xf75qjAeiT1iyd.upmZJF.F.s7H
via: 1.1 3042bd56e0ca0a7910df89f6b5e95e9e.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
age: 540
x-amz-server-side-encryption: AES256
x-evy-trace-route-service-name: envoyset-translator
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.13768/bundles/project.js&cfRay=7f7073b56f6d3655-FRA
x-cache: Hit from cloudfront
x-hubspot-correlation-id: 424a56ad-a594-4ace-ab85-7b91acf48889
cache-tag: staticjsapp-conversations-embed-web-prod,staticjsapp-prod
content-encoding: br
x-envoy-upstream-service-time: 0
x-amz-replication-status: COMPLETED
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 424a56ad-a594-4ace-ab85-7b91acf48889
last-modified: Mon, 14 Aug 2023 03:02:53 UTC
server: cloudflare
etag: W/"3aa2e52ae64d74923131815885a19b91"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
x-hs-cache-status: HIT
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-7475r
cf-ray: 7f7080e4bc9b360b-FRA
x-amz-cf-id: hGfwPQ0uwp7ZPxLR6M-p3-KPBYBPNKgX7djH7MC98hKz3yVpyZKlYA==
x-hs-target-asset: conversations-embed/static-1.13768/bundles/project.js

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 62 KB
19 KB 152ms
56ms Script
application/javascript 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.1.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

78f8c185c0d8daf604c8d73c29fdc05ba1b1e63b247a78015f6fd779ac8d5026

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
Origin: https://cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-encoding: br
age: 526
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.419/bundles/project.js&cfRay=7f70740e28ed91e9-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"4bae79a6d11743502b7c921ac12a465b"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: max-age=600
x-hs-target-asset: web-interactives-embed/static-2.419/bundles/project.js
date: Tue, 15 Aug 2023 09:45:13 GMT
x-amz-version-id: GvUri_yELTbJaahVtlJo44raTXhGqjuj
via: 1.1 2a3aa853116c0a37d6c7762eca54d208.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 46cec638-a9dc-472f-9456-03af981d7365
x-cache: Hit from cloudfront
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 46cec638-a9dc-472f-9456-03af981d7365
last-modified: Thu, 10 Aug 2023 11:50:35 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aW8dUg1PxW%2FzuvxXw1ltP%2Fg%2F4kyoRtLpsBWMxYR7%2B9FbwenJpjWcfwoCD6j%2Faa0mu%2BCX%2FblRxL7yspA3W%2FgqY17roeDPzohybAThWCnMqwtd55sjGaMfAHctx%2FkahpK%2FR4pHh74PVmcQzU4U"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-6vqnb
cf-ray: 7f7080e4bd731cc1-FRA
x-amz-cf-id: VN_ddDo9OrkSKZlU91hn2SyL6eQLCVYgeCsgeFfGQQZ6D3CGHnhk-A==

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 540 KB
86 KB 136ms
49ms Script
application/javascript 2606:4700::6811:7f6e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.1.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:7f6e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

96ea6b1e986879257e104371bf5f0cb0bf2bb9957a1aa73fa9df8be99aeeb157

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
Origin: https://cyble.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-encoding: br
age: 4077
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1232/bundle/main/lead-flows-release.js&cfRay=7f701d595a8a2c79-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"039461df2d1d43031520c7d3a853f79e"
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods: GET
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=86400, max-age=0
x-hs-target-asset: lead-flows-js/static-1.1232/bundle/main/lead-flows-release.js
date: Tue, 15 Aug 2023 09:45:13 GMT
x-amz-version-id: RIqU3aMZg9szNHjfbC8NSxVkuKgO4.TB
via: 1.1 872e43fac89d80c9557000efb9c31650.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 992a57ab-1624-4310-b2e5-ddaf0ee45e0e
x-cache: Hit from cloudfront
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 6
x-evy-trace-route-configuration: listener_https/all
x-request-id: 992a57ab-1624-4310-b2e5-ddaf0ee45e0e
last-modified: Thu, 03 Aug 2023 01:17:49 UTC
server: cloudflare
access-control-max-age: 3000
x-hs-cache-status: MISS
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-4skbg
cf-ray: 7f7080e4ac452c1c-FRA
x-amz-cf-id: tsOG21VaRaWBH-paqQsXlBCrK3a3B1QDUFrd3jG9iRTiME-LG0m0nQ==

GET
H2 200 21289959.js Show response
js.hs-analytics.net/analytics/1692092400000/ 66 KB
21 KB 249ms
165ms Script
text/javascript 2606:4700::6810:89ce
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1692092400000/21289959.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.1.30
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:89ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 193657bba9ec9061d3d4ae939ce49fc051b54585bf5d9f5e795a0c258e6f75f5

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
x-amz-version-id: null
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: G2KZGRCDKAB33N61
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: be5326fc-42c5-4d05-90d1-320d94cb3bda
x-envoy-upstream-service-time: 40
x-amz-id-2: ewLmA8yB66SBxJJ/SFywnvWAzUionBXFMSg3RdZ+7QgGKv4V9Wh2Y7USGig8leRlhNNLime6F8E=
x-evy-trace-listener: listener_https
x-request-id: be5326fc-42c5-4d05-90d1-320d94cb3bda
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 14 Aug 2023 16:13:33 GMT
server: cloudflare
etag: W/"eb2156ad797b2567f94888fa5e5cf49d"
vary: origin, Accept-Encoding
content-type: text/javascript
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-xs8lj
cache-control: max-age=300,public
access-control-allow-credentials: false
cf-ray: 7f7080e5285cbb77-FRA
expires: Tue, 15 Aug 2023 09:50:13 GMT

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/21289959/ 66 KB
20 KB 236ms
152ms Script
text/javascript 2606:4700::6812:18c4
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/21289959/banner.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.1.30
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:18c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0b41b947a0935cf96cf1be1fa7cd5d9f0f34f42e031795bd44b74933c414a028

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
x-amz-version-id: 4KHf3TCRUFzLtpUuz_wrKs4mLy8QjMc5
content-encoding: br
cf-cache-status: REVALIDATED
x-amz-request-id: NJ5NAVJS1PDPT9VD
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
x-hubspot-correlation-id: 2bfda3c9-597b-4edd-b3f7-dfc6caef597c
x-envoy-upstream-service-time: 19
x-amz-id-2: Ctp3CJlbSux0Ez2GRo/gnbC6bDsY57kP91yj1X8+0zVOOZ7gJ31A7clRdjadRqQqtx01y/RLxj0=
x-evy-trace-listener: listener_https
x-request-id: 2bfda3c9-597b-4edd-b3f7-dfc6caef597c
x-evy-trace-route-configuration: listener_https/all
last-modified: Mon, 31 Jul 2023 22:46:40 GMT
server: cloudflare
etag: W/"512652c2282e2b8849c3d5dd0b55e0e3"
access-control-max-age: 604800
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: https://cyble.com
x-evy-trace-virtual-host: all
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control: max-age=300,public
access-control-allow-credentials: true
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-7dbb6c8f49-2sbs7
vary: origin, Accept-Encoding
timing-allow-origin: *
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray: 7f7080e52851372c-FRA
expires: Tue, 15 Aug 2023 09:50:13 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
93 B 40ms
38ms Image
image/gif 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&blog=221651828&post=21411&tz=-4&srv=cyble.com&hp=atomic&ac=2&amp=0&j=1%3A12.5-a.7&host=cyble.com&ref=&fcp=837&rand=0.2527699189602286
Requested by: Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 15 Aug 2023 09:45:13 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 wp-emoji-release.min.js Show response
cyble.com/wp-includes/js/ 18 KB
5 KB 58ms
58ms Script
application/javascript 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-includes/js/wp-emoji-release.min.js?ver=6.3

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 422831
content-encoding: br
last-modified: Thu, 02 Feb 2023 00:53:25 GMT
server: cloudflare
etag: W/"63db0985-4904"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3KoFReMfCXKVkUaKrCpJxD47VecGoFGF5lNzjA1UChtYhssf7VyTLxK8HSK4HPJrDoC8mS20nrLTUDheTQRAybrQGnInT6V3h1hN0IuNJI5l7QHwp15Qz69rieHL7qhx4tHKQ4eUmQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=315360000
cf-ray: 7f7080e4aa8f1911-FRA
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 / Show response
cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/ 4 KB
2 KB 82ms
81ms XHR
application/json 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/?relatedposts=1

Requested by

Host: cyble.com
URL: https://cyble.com/wp-content/plugins/jetpack/_inc/build/related-posts/related-posts.min.js?ver=20211209

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8b04a66a7c17bad4489e4e53c676672de567546b9b4eb41f9a698c4959ddf3e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
x-requested-with: XMLHttpRequest
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

cf-edge-cache: cache,platform=wordpress
x-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
date: Tue, 15 Aug 2023 09:45:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: BYPASS
x-ac: 2.hhn _atomic_ams HIT
x-nananana: Batcache-Set
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
content-encoding: br
host-header: WordPress.com
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 15 Aug 2023 09:41:55 GMT
server: cloudflare
vary: Accept-Encoding, Cookie
x-frame-options: SAMEORIGIN
content-type: application/json; charset=utf-8
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=83cx8cr%2BYg63gCgS%2FXJxkc3ZXt%2Frhm80R2AryDB%2BbHBJkdg9nDBQJpw2GUzeZMU1EBc7ZsnAUOddd2IykveGRunGwMJiUBxv5y%2FMdVsh4tR6g7S%2FprtLo6jSlUjndXBwsPn7NDaQfA%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=300, must-revalidate
cf-apo-via: origin,no-cache
cf-ray: 7f7080e4aa901911-FRA

GET
H/1.1 200
OK consent_tcfv2.js Show response
s.adroll.com/j/ 418 KB
56 KB 46ms
46ms Script
text/javascript 2600:9000:225e:b400:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/consent_tcfv2.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:b400:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 47e5ff66931402cb5755d7eed98a6d23ee556a7f8e9c1dd340d351c27f669a0f

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

X-Amz-Version-Id: wD7IUQmRA9PUuld8lU58FBeuMlOqC6p6
Content-Encoding: gzip
Via: 1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
Date: Tue, 15 Aug 2023 09:42:34 GMT
Age: 172
X-Amz-Cf-Pop: FRA60-P4
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Wed, 05 Jul 2023 21:39:27 GMT
Server: AmazonS3
Etag: W/"3306a47faf7223d93fb356e8a73d1942"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: 9o3Xx5ouC30_iBrKqrVL6v9hoRl_IkmHL63lWBYes9Az8RVu8T42vw==

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 75 KB
24 KB 77ms
45ms Script
text/javascript 2600:9000:225e:b400:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:b400:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0e7ad47a4bc6ddbb17cb8cbe6167dae4717d0b5962a1d63de2e93e6dc201b9e8

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

X-Amz-Version-Id: 2W0nFhLgp3U9gUvvEzXT9GuNEpd6A6yg
Content-Encoding: gzip
Via: 1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
Date: Tue, 15 Aug 2023 08:25:29 GMT
Age: 4785
X-Amz-Cf-Pop: FRA60-P4
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Last-Modified: Thu, 03 Aug 2023 19:17:31 GMT
Server: AmazonS3
Etag: W/"67e54a60303cfbf4c3b977aa390ad408"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Access-Control-Max-Age: 600
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: 1tv8eDeqPAh53ha65feehtIvKr1O9iRWosbjXT9F99lLRldFV4b5EA==

GET
H2 200 v2.js Show response
js.hsforms.net/forms/ Frame BA05 526 KB
164 KB 64ms
59ms Script
application/javascript 2606:4700::6810:b841
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsforms.net/forms/v2.js

Requested by

Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:b841 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

250dc46c1691ff969d5ea984b282e46403885ec806ed96ac3ee301db043a1a4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-encoding: br
age: 0
x-evy-trace-route-service-name: envoyset-translator
x-amz-server-side-encryption: AES256
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.3544/bundles/project-v2.js&cfRay=7f7080e138ae39d3-FRA
x-amz-replication-status: COMPLETED
x-evy-trace-listener: listener_https
etag: W/"0b631c5c17436fe9a934a378374d7e4a"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
x-evy-trace-virtual-host: all
cache-control: s-maxage=600, max-age=300
x-hs-target-asset: forms-embed/static-1.3544/bundles/project-v2.js
date: Tue, 15 Aug 2023 09:45:13 GMT
x-amz-version-id: 2tqrkyXrj45cp.Q0BoEeKReD9HeN0VyM
via: 1.1 6b29c936420d116b13807604a0e67044.cloudfront.net (CloudFront)
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: IAD12-P3
x-hubspot-correlation-id: 52564612-548e-471e-911d-acf342c36b89
x-cache: Hit from cloudfront
cache-tag: staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-request-id: 52564612-548e-471e-911d-acf342c36b89
last-modified: Fri, 11 Aug 2023 02:53:20 UTC
server: cloudflare
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yfSsnPpoOFdXAh93V%2B%2Fnh1SliJGtrr0gNBpLU8GonKPy0DL4taEI%2B06ktPU2FN8hk%2BNxgd3u5GrsRhMuNBjp5hA5k1nQKWZjgwlS6luZbmplAeGOo7lX9dpVWwW%2Fd9rChx5jNPE4XA1P8iLC"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status: HIT
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-6mr8p
cf-ray: 7f7080e51d3839d3-FRA
x-amz-cf-id: y1t6YjAA93vxn32g9EVqSj6rhsFlY8Rm_IPqrPsY3oKne_HH8woSMA==

GET
H2 200 text-editor.2c35aafbe5bf0e127950.bundle.min.js Show response
cyble.com/wp-content/plugins/elementor/assets/js/ 1 KB
1 KB 55ms
55ms Script
application/javascript 2606:4700:20::681a:6b1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cyble.com/wp-content/plugins/elementor/assets/js/text-editor.2c35aafbe5bf0e127950.bundle.min.js

Requested by

Host: cyble.com
URL: https://cyble.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.15.2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:20::681a:6b1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ab3befdd3eec3313f82916c4d24f2c0e6cf2255b23c648f4528bbc1de1bb8efc

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-ac: 2.hhn _atomic_ams HIT
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
age: 422831
content-encoding: br
last-modified: Wed, 09 Aug 2023 13:04:41 GMT
server: cloudflare
etag: W/"64d38ee9-550"
vary: Accept-Encoding
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eyqNCkPTTniqoF2zYc35w1h6ACz36M4HmTMYlYsBuM%2F2LsurWRR308ujkP77Y1VNBuFnhoirtasqZC89NxhqYnbeuo0EzyYcfWToqoxp9mdVWtlHS%2FbLL57NN00IsR10NKwsxH8YQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cache-control: max-age=604800
cf-ray: 7f7080e52b2d1911-FRA
expires: Wed, 16 Aug 2023 17:16:02 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
54 B 48ms
47ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-361856552&gtm=45je3890&_p=869785087&cid=990791793.1692092714&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1692092713&sct=1&seg=0&dl=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&dt=Cyble%20%E2%80%94%20LummaC%20Stealer%20Leveraging%20Amadey%20Bot%20to%20Deploy%20SectopRAT&en=page_view&_fv=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-361856552&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Aug 2023 09:45:13 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cyble.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
205 B 49ms
48ms XHR
text/plain 2a00:1450:4001:831::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=869785087&t=pageview&_s=1&dl=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&ul=en-us&de=UTF-8&dt=Cyble%20%E2%80%94%20LummaC%20Stealer%20Leveraging%20Amadey%20Bot%20to%20Deploy%20SectopRAT&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAAABAAAAAC~&jid=412821509&gjid=1690419775&cid=990791793.1692092714&tid=UA-201575643-1&_gid=1729958593.1692092714&_r=1&_slc=1&gtm=45He3890n81PMWT557&z=582030522

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Tue, 15 Aug 2023 09:45:13 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cyble.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 api.min.css
a.omappapi.com/app/js/ 10 KB
3 KB 39ms
39ms Stylesheet
text/css 2400:52e0:1e00::1081:1
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.css
Requested by: Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1e00::1081:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-DE1-1081 /
Resource Hash: 721cc9150c432bbc0b113c4fb7c04e920d1392cc7b53bb17c233758faecdc500

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
content-encoding: br
cdn-edgestorageid: 1082
perma-cache: HIT
cdn-storageserver: DE-679
cdn-cachedat: 08/14/2023 18:43:53
cdn-pullzone: 293267
last-modified: Mon, 14 Aug 2023 18:42:55 GMT
server: BunnyCDN-DE1-1081
cdn-fileserver: 599
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"64da75af-2644"
vary: Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: aa97d2359ea4ab803923416185522869
cdn-requestcountrycode: DE
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 token Show response
cdn.linkedin.oribi.io/partner/4053396/domain/cyble.com/ 36 B
364 B 129ms
39ms XHR
application/json 2600:9000:20eb:8200:2:53b2:240:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.linkedin.oribi.io/partner/4053396/domain/cyble.com/token
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20eb:8200:2:53b2:240:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89

Request headers

Accept: *
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:25:35 GMT
content-encoding: gzip
via: 1.1 9568a708c8ab21597698ebe7dce6c42e.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA2-C1
age: 1178
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=3600
x-amz-cf-id: e4f1mg_ltc0Ns0diiU5ist-9qmXoBWKhMcqTkIp9Xr5jclXFn6C1Kw==

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1692092713827&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1692092713827&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4053396%26time%3D1692092713827%26url%3Dhttps%253A%252F%252Fcyble.com%252Fblog%252...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1692092713827&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&cookiesTest=true&liSyn...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1692092713827&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&cookiesTest=true&liSy...

0
265 B

313ms
225ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1692092713827&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&cookiesTest=true&liSync=true&e_ipv6=AQL9-eaA6SiW4wAAAYn4lc7HTC8JA25z8AFa_DtfMTo9oRXhsECEa9_wZaXBBTFAPTqHKyA
Requested by: Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:15 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 9E420F697901468A9BA68EC73AA3E2E8 Ref B: FRAEDGE1807 Ref C: 2023-08-15T09:45:14Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYC8wk0b31wjoYv8ZJ7/w==

Redirect headers

date: Tue, 15 Aug 2023 09:45:14 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 8D47504059A449E9BD6410B8E77790A4 Ref B: DUS30EDGE0422 Ref C: 2023-08-15T09:45:14Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1692092713827&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&cookiesTest=true&liSync=true&e_ipv6=AQL9-eaA6SiW4wAAAYn4lc7HTC8JA25z8AFa_DtfMTo9oRXhsECEa9_wZaXBBTFAPTqHKyA
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYC8wkvoeYr5yuTifB7jg==

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 136 B
980 B 158ms
156ms Fetch
application/json 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=21289959&currentUrl=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0268b589d424a686ee986465b7917ac6c852be4fd6908331002878205beee576

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 0727e29e-d85b-4011-bc04-0d4a1b161e7d
content-encoding: br
x-envoy-upstream-service-time: 11
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 0727e29e-d85b-4011-bc04-0d4a1b161e7d
server: cloudflare
vary: origin
access-control-allow-methods: OPTIONS, GET
content-type: application/json;charset=utf-8
access-control-allow-origin: https://cyble.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: true
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pTyFc2divu1kVDtzqsQmjMSFIDW%2BK5ymsAu6oZHs3NXyNhpNtiGNsKWiL1n0xefIiUePGzLrdCXGkVcdgZ8ug83ecWRS5GBZtegK%2Fiyj1vkjPz%2FWltPgh6mg6Ugu1dd1jqoDGAmJDjhIMc0xNKT%2BICW9PfKzH6YaqbA%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag: noindex, follow
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 7f7080e5aec51cc1-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-6xsfj

OPTIONS
H2 200 public
api.hubspot.com/livechat-public/v1/message/ Frame 0
0 165ms
162ms Preflight
text/plain 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubspot.com/livechat-public/v1/message/public?portalId=21289959&conversations-embed=static-1.13768&mobile=false&messagesUtk=ff23b0c3a6f24a8db5e4832ebab97bfd&traceId=ff23b0c3a6f24a8db5e4832ebab97bfd

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: x-hubspot-messages-uri
Access-Control-Request-Method: GET
Origin: https://cyble.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://cyble.com
allow: HEAD,GET,OPTIONS
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 7f7080e5cee91cc1-FRA
content-length: 18
content-type: text/plain; charset=utf-8
date: Tue, 15 Aug 2023 09:45:14 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r3La7I%2B2FM2DZfd8Hdlm%2BuVehsp4WoKAJNfYREY8GprCVaEhr4EY0mwzme4lgX3gziKPuHxrrFktXR4T7Z0xu3jvDTgJu7%2FLyc01FGjwxsthKhUt9C%2BJPvAgyPkiypb1PNgbxrYuMlHjBP0mpw%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 3
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-6c94986c56-g952g
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: fa6f5749-a818-4575-8739-46975507d7c0
x-request-id: fa6f5749-a818-4575-8739-46975507d7c0
x-trace: 2B4141CCB214C8D0A66241991FAC309D17BE348109000000000000000000

GET
H2 200 public Show response
api.hubspot.com/livechat-public/v1/message/ 3 KB
2 KB 241ms
241ms XHR
application/json 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

96ff0e8ca57aaa826332145bcf4f45eb88f4d7dd0770b69b35c81e648c4ee33c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
accept-language: de-DE,de;q=0.9
X-HubSpot-Messages-Uri: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:14 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: e31432d5-7d52-45a8-8b6d-a086c15f1f17
x-envoy-upstream-service-time: 74
alt-svc: h3=":443"; ma=86400
content-length: 1358
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: e31432d5-7d52-45a8-8b6d-a086c15f1f17
server: cloudflare
x-trace: 2BF246B1C00C94E16A8A26AED25C88205854C92684000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://cyble.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-6c94986c56-hfjxh
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LeLsRWQYRVGqx7QQh0Eb6bhgzJm%2FJPlYZXgRFS%2Bw56iJyH5hbBjjWpTSsSFxr7KWtaPdAC6lrjLBeP1qwUcBDAw0VCq3gIdAXzYk%2BJ4o7kywA598RcZWnjKBkekY%2B6JMXeKnmFX3sKO4NOMWJA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7f7080e6c8301cc1-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

GET
H/1.1 200
OK nextroll-32x32.png
s.adroll.com/i/favicon/ 2 KB
2 KB 40ms
40ms Image
image/png 2600:9000:225e:b400:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s.adroll.com/i/favicon/nextroll-32x32.png
Requested by: Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:225e:b400:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

X-Amz-Version-Id: eTpwxbAIDHDUN.4tfrROIgU_pzKN9Xh0
Date: Mon, 14 Aug 2023 17:25:00 GMT
Via: 1.1 a962efd99fafcdb81ca24e0e8140a67c.cloudfront.net (CloudFront)
Age: 58835
X-Amz-Cf-Pop: FRA60-P4
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 1615
Last-Modified: Mon, 28 Jun 2021 18:19:21 GMT
Server: AmazonS3
Etag: "403a0a7dcf2d617e7ea852bfb9d11945"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: image/png
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 600
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: Su1SBTziyBWZLp0BJnCn9blIeY50_dCTyMgfcWW--DtPVKRxB1sOcQ==

GET
H2 200 /
www.google.com/pagead/1p-user-list/10996750928/ 42 B
455 B 140ms
50ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10996750928/?random=1692092713565&cv=11&fst=1692090000000&bg=ffffff&guid=ON&async=1&gtm=45Pe3890&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&frm=0&tiba=Cyble%20%E2%80%94%20LummaC%20Stealer%20Leveraging%20Amadey%20Bot%20to%20Deploy%20SectopRAT&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2384724240&rmt_tld=0&ipr=y

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Aug 2023 09:45:14 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/10996750928/ 42 B
455 B 143ms
53ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/10996750928/?random=1692092713565&cv=11&fst=1692090000000&bg=ffffff&guid=ON&async=1&gtm=45Pe3890&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&frm=0&tiba=Cyble%20%E2%80%94%20LummaC%20Stealer%20Leveraging%20Amadey%20Bot%20to%20Deploy%20SectopRAT&data=event%3Dgtag.config&fmt=3&is_vtc=1&random=2384724240&rmt_tld=1&ipr=y

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Aug 2023 09:45:14 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.10/ 57 KB
24 KB 81ms
81ms Script
application/javascript 2620:1ec:46::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.10/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/hf2o0cm7gp?ref=gtm2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:46::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: ac158fd98a25872b4a494ed3c5a5da9f92eba989c397cab46bf8c8a7b04bc514

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:13 GMT
content-encoding: br
last-modified: Sun, 13 Aug 2023 16:15:47 GMT
etag: W/"0x8DB9C188E07583A"
vary: Accept-Encoding
x-azure-ref: 20230815T094513Z-v924kvncvp0c1bd7sfff26u2yc00000004vg00000000x033
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: e90a9de2-c01e-0066-08a9-ce61fb000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 1 B
342 B 147ms
47ms XHR
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-201575643-1&cid=990791793.1692092714&jid=412821509&gjid=1690419775&_gid=1729958593.1692092714&_u=YADAAAAAAAAAAC~&z=347717612

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Tue, 15 Aug 2023 09:45:14 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cyble.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 counters.gif
forms.hsforms.com/embed/v3/ 35 B
624 B 200ms
155ms Image
image/gif 2606:4700::6811:d2f3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:d2f3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 802478e7-bfc4-4c09-9d55-a7da16178321
x-envoy-upstream-service-time: 3
alt-svc: h3=":443"; ma=86400
content-length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 802478e7-bfc4-4c09-9d55-a7da16178321
server: cloudflare
x-trace: 2B1191C378B285D7C0EF4136DD057423078814E3A9000000000000000000
vary: origin
content-type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-6fhst
access-control-expose-headers: X-Origin-Hublet
cache-control: max-age=0, no-cache, no-store
access-control-allow-credentials: false
x-robots-tag: none
cf-ray: 7f7080e6a83e0374-FRA

GET
H/1.1 200
OK counters.gif
forms-na1.hsforms.com/embed/v3/ 35 B
1016 B 247ms
153ms Image
image/gif 2606:4700::6811:d3f3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:d3f3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 15 Aug 2023 09:45:14 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: DYNAMIC
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 9e76c085-69df-4525-a829-afddb0b109f6
x-envoy-upstream-service-time: 2
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 9e76c085-69df-4525-a829-afddb0b109f6
Server: cloudflare
X-Trace: 2B7C4C1C1B06DEAF3A38A8B2BF2DD3912A3216811A000000000000000000
Vary: origin
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-pzkjr
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
X-Robots-Tag: none
CF-RAY: 7f7080e7486a1ca9-FRA

GET
H2 200 json Show response
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 114 B
1 KB 246ms
156ms XHR
application/json 2606:4700::6811:cacc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=21289959

Requested by

Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:cacc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

90b705145ef82e9d8493aae55c9bfb3200ec0620c8946b20b0b28366557d6a4a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:14 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 97a73e6e-9fb4-4472-a59f-3bf772c891d7
content-encoding: br
x-envoy-upstream-service-time: 4
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 97a73e6e-9fb4-4472-a59f-3bf772c891d7
server: cloudflare
x-trace: 2BD47048DA58B2A44B9FA33C36EC8E4BA127689276000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://cyble.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-6c94986c56-xr6zl
access-control-max-age: 180
access-control-allow-credentials: false
x-evy-trace-virtual-host: all
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9tEVHdlrRHpWYLTc1qzbwbISm0UehCL5wb0RvRc%2BBuyT0UUnUqMlnL5iG6LMUxFg%2BGtwhUyn6XuIrD08HB8Kmyj%2BWAsiZnyYB9W8l0Qlco5BF7DyLerVsAiP3MWIMLfaxg2Vu%2FOqmXYvOxr8"}],"group":"cf-nel","max_age":604800}
cf-ray: 7f7080e7592b901f-FRA
access-control-allow-headers: *

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10996750928/ 3 KB
2 KB 91ms
90ms Script
text/javascript 2a00:1450:4001:830::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10996750928/?random=1692092714073&cv=11&fst=1692092714073&bg=ffffff&guid=ON&async=1&gtm=45Pe3890&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&hn=www.googleadservices.com&frm=0&tiba=Cyble%20%E2%80%94%20LummaC%20Stealer%20Leveraging%20Amadey%20Bot%20to%20Deploy%20SectopRAT&did=dZTNiMT&gdid=dZTNiMT&auid=1690529751.1692092714&uamb=0&uaw=0&data=event%3DClarity%3BeventCategory%3DClarity%3BeventAction%3Dktxipp%3BnonInteraction%3Dtrue%3Bclaritydimension%3Dhttps%3A%2F%2Fclarity.microsoft.com%2Fga%2Fhf2o0cm7gp%2Fwg1bmp%2Fktxipp&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=GT-WKTZW36

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

11b06964bab24ea95ffd9d7a91c9146d993fb0a5f5a53cf7c80d4f07773ac907

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Aug 2023 09:45:14 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1467
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 10996750928
google.com/ccm/form-data/ 0
241 B 141ms
47ms Ping
text/plain 2a00:1450:4001:812::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://google.com/ccm/form-data/10996750928?gtm=45Pe3890&hn=www.googleadservices.com&did=dZTNiMT&gdid=dZTNiMT&auid=1690529751.1692092714&ec_mode=a&uamb=0&uaw=0&em=tv.1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=GT-WKTZW36
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Aug 2023 09:45:14 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cyble.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
1 KB 253ms
164ms Image
image/gif 2606:4700::6811:d2f3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:d2f3 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 15 Aug 2023 09:45:14 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
X-Content-Type-Options: nosniff
CF-Cache-Status: MISS
x-evy-trace-route-service-name: envoyset-translator
X-HubSpot-Correlation-Id: 9f4da890-1703-467a-8e70-faba16e3cad0
x-envoy-upstream-service-time: 2
Connection: keep-alive
alt-svc: h3=":443"; ma=86400
Content-Length: 35
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 9f4da890-1703-467a-8e70-faba16e3cad0
Last-Modified: Tue, 15 Aug 2023 09:45:14 GMT
Server: cloudflare
X-Trace: 2B7BC2C41A52F312936A66FBDE32E315718FBC3C33000000000000000000
Vary: origin, Accept-Encoding
Content-Type: image/gif
x-evy-trace-virtual-host: all
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-tkdzf
Access-Control-Expose-Headers: X-Origin-Hublet
Cache-Control: max-age=0, no-cache, no-store
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
X-Robots-Tag: none
CF-RAY: 7f7080e7b91d90dd-FRA

POST
H/1.1 204
No Content collect Show response
p.clarity.ms/ 0
289 B 448ms
126ms XHR
text/plain 20.122.63.128
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://p.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.10/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.122.63.128 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://cyble.com
Date: Tue, 15 Aug 2023 09:45:14 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64

GET
H2 200 /
www.google.com/pagead/1p-user-list/10996750928/ 42 B
108 B 72ms
71ms Image
image/gif 2a00:1450:4001:810::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10996750928/?random=1692092714073&cv=11&fst=1692090000000&bg=ffffff&guid=ON&async=1&gtm=45Pe3890&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&frm=0&tiba=Cyble%20%E2%80%94%20LummaC%20Stealer%20Leveraging%20Amadey%20Bot%20to%20Deploy%20SectopRAT&data=event%3DClarity%3BeventCategory%3DClarity%3BeventAction%3Dktxipp%3BnonInteraction%3Dtrue%3Bclaritydimension%3Dhttps%3A%2F%2Fclarity.microsoft.com%2Fga%2Fhf2o0cm7gp%2Fwg1bmp%2Fktxipp&fmt=3&is_vtc=1&random=1571551955&rmt_tld=0&ipr=y

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Aug 2023 09:45:14 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/10996750928/ 42 B
108 B 73ms
73ms Image
image/gif 2a00:1450:4001:830::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/10996750928/?random=1692092714073&cv=11&fst=1692090000000&bg=ffffff&guid=ON&async=1&gtm=45Pe3890&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&frm=0&tiba=Cyble%20%E2%80%94%20LummaC%20Stealer%20Leveraging%20Amadey%20Bot%20to%20Deploy%20SectopRAT&data=event%3DClarity%3BeventCategory%3DClarity%3BeventAction%3Dktxipp%3BnonInteraction%3Dtrue%3Bclaritydimension%3Dhttps%3A%2F%2Fclarity.microsoft.com%2Fga%2Fhf2o0cm7gp%2Fwg1bmp%2Fktxipp&fmt=3&is_vtc=1&random=1571551955&rmt_tld=1&ipr=y

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Aug 2023 09:45:14 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ff23b0c3a6f24a8db5e4832ebab97bfd Show response
app.hubspot.com/conversations-visitor/21289959/threads/utk/ Frame 6DF7 53 KB
20 KB 354ms
221ms Document
text/html 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/conversations-visitor/21289959/threads/utk/ff23b0c3a6f24a8db5e4832ebab97bfd?uuid=f7e357b5557a457b82037afc769d6df2&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=cyble.com&inApp53=false&messagesUtk=ff23b0c3a6f24a8db5e4832ebab97bfd&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

291c58b03e240b281d1a39c17971111822353b0b9bf42ee1bb921267b001c521

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-credentials: false
age: 1522
alt-svc: h3=":443"; ma=86400
cache-control: max-age=600
cache-tag: staticjsapp-conversations-visitor-ui-web-prod,staticjsapp-prod
cf-cache-status: DYNAMIC
cf-ray: 7f7080e92ed19a17-FRA
content-encoding: br
content-security-policy-report-only: script-src 'self' www.hubspot.com *.hsappstatic.net *.hs-analytics.net *.hs-banner.com *.hsforms.net *.hsleadflows.net *.hs-scripts.com *.hubspotfeedback.com *.usemessages.com js.hubspot.com *.hsadspixel.net *.hscollectedforms.net js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.google-analytics.com www.googletagmanager.com data: 'unsafe-inline' 'unsafe-eval' blob: connect.facebook.net www.gstatic.cn www.gstatic.com www.google.com www.recaptcha.net *.fullstory.com fullstory.com apis.google.com snap.licdn.com; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-visitor-ui/static-1.16230/html/index.html&cfRay=7f7080e92ed19a17&reqUrl=https%3A%2F%2Fapp.hubspot.com%2Fconversations-visitor%2F21289959%2Fthreads%2Futk%2Fff23b0c3a6f24a8db5e4832ebab97bfd%3Fuuid%3Df7e357b5557a457b82037afc769d6df2%26mobile%3Dfalse%26mobileSafari%3Dfalse%26hideWelcomeMessage%3Dfalse%26hstc%3Dnull%26domain%3Dcyble.com%26inApp53%3Dfalse%26messagesUtk%3Dff23b0c3a6f24a8db5e4832ebab97bfd%26url%3Dhttps%253A%252F%252Fcyble.com%252Fblog%252Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%252F%26inline%3Dfalse%26isFullscreen%3Dfalse%26globalCookieOptOut%3Dnull%26isFirstVisitorSession%3Dtrue%26isAttachmentDisabled%3Dtrue%26isInitialInputFocusDisabled%3Dfalse%26enableWidgetCookieBanner%3Dfalse%26isInCMS%3Dfalse&referrer=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&cfenv=prod&pdt=2023-08-15&csp=ro
content-type: text/html; charset=utf-8
date: Tue, 15 Aug 2023 09:45:14 GMT
etag: W/"856daf281fa4c5f85d7860c788f15532"
last-modified: Mon, 14 Aug 2023 03:02:53 UTC
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=7f7080e92ed19a17&resource=conversations-visitor-ui/static-1.16230/html/index.html"
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin, Accept-Encoding
via: 1.1 736ad67f05a9a5a8fd5ed8cba30196f4.cloudfront.net (CloudFront)
x-amz-cf-id: EMt4JqO9r2JMm_xW3OS127tDtwYMN4NKAIcdUe2WaAaqGJHKNeCZIw==
x-amz-cf-pop: IAD12-P3
x-amz-replication-status: COMPLETED
x-amz-server-side-encryption: AES256
x-amz-version-id: WkQTyx07QltP6NZwR2K.3gJmkvLrjd7_
x-cache: Hit from cloudfront
x-content-type-options: no-sniff
x-envoy-upstream-service-time: 5
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-57ff77fcd-lhvpx
x-evy-trace-virtual-host: all
x-hs-cache-status: MISS
x-hs-target-asset: conversations-visitor-ui/static-1.16230/html/index.html
x-hs-worker-debug-mode: false
x-hubspot-correlation-id: 4f5f3b70-a77d-4be8-886b-2527b107e6d3
x-request-id: 4f5f3b70-a77d-4be8-886b-2527b107e6d3

POST
H/1.1 204
No Content collect Show response
p.clarity.ms/ 0
289 B 771ms
400ms XHR
text/plain 20.122.63.128
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://p.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.10/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.122.63.128 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://cyble.com
Date: Tue, 15 Aug 2023 09:45:15 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64

GET
H2 200 bundle.production.js Show response
static.hsappstatic.net/head-dlb/static-1.368/ Frame 6DF7 44 KB
17 KB 136ms
49ms Script
application/javascript 2606:4700::6812:8b65
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/head-dlb/static-1.368/bundle.production.js

Requested by

Host: app.hubspot.com
URL: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/ff23b0c3a6f24a8db5e4832ebab97bfd?uuid=f7e357b5557a457b82037afc769d6df2&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=cyble.com&inApp53=false&messagesUtk=ff23b0c3a6f24a8db5e4832ebab97bfd&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8b65 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

15da0333da024365f065c44b1861355fac0211292dd57a0bb5f482ebcd166f4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.hubspot.com/
Origin: https://app.hubspot.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:14 GMT
x-amz-version-id: wWLMJ6qW0lXJfco2m026CzodYMop32jV
via: 1.1 bbd2abbdb134a9d53c0a12f6566e69fe.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA56-P2
age: 569538
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 11 Jul 2023 18:31:41 GMT
server: cloudflare
etag: W/"63ec2a77119dfb2ddcae56ab3a029230"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: https://app.hubspot.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IxiK%2FGUifBTC9nL3bhYErt%2BtTnW5sF82uB%2Fv0F%2F3VrxqzPvEtFWM50IS%2FcDGbuOsp6vWxJh2cmkvNtiRqUVhbZiPRdxUHI4W68bqG4KLI5jcmiYnmIrAu0emZnGk7DJYpXBp91TkApxPNQU5HxYEj68BfNw%3D"}],"group":"cf-nel","max_age":604800}
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-credentials: true
cache-control: public, max-age=31536000
cf-ray: 7f7080eb2d1e365d-FRA
x-amz-cf-id: JFR8VfWVKhvRJcmPXKmn0XRXtPCFnpkXcVMrZjGlOWYsmInFS6vNJg==
expires: Wed, 14 Aug 2024 09:45:14 GMT

GET
H2 200 visitor.css
static.hsappstatic.net/conversations-visitor-ui/static-1.14945/sass/ Frame 6DF7 20 KB
4 KB 138ms
51ms Stylesheet
text/css 2606:4700::6812:8b65
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/conversations-visitor-ui/static-1.14945/sass/visitor.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8b65 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

36d655313c51c3540e79a4ed3bff5be86110779b4e25043a6e78150a58cdbc66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:14 GMT
x-amz-version-id: eTttM9S_vWGkXsa3G13R54bOHuRyRlPL
via: 1.1 1f900b337ea9504d5ab682a36992a20c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: MCT50-P1
age: 1607601
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 06 Mar 2023 22:24:16 GMT
server: cloudflare
etag: W/"8b2053a9d9199e217c1f3e61d80f5d90"
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=GljmBaI%2BM3R8MAOrTXdZavLWNv3iyc5vI6HPBhS5tdquyE7Acn25mVb2X5z75XO16%2B7DsFCl%2FrJ%2BDkMCpVSxklrZbsWtFvvN8TJPUuGja1sOt0C8MJRNSbgA%2BarCPiDcIRiHB6oFrwuWnQq3yED9uEeJIuo%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css
cache-control: public, max-age=31536000
cf-ray: 7f7080eb282e9954-FRA
x-amz-cf-id: 7Dg_CYJYJuWWk5_sm6U4nmYNfwVgr4G2VGth1dvo77Dttp3e6oKILw==
expires: Wed, 14 Aug 2024 09:45:14 GMT

GET
H2 200 bundle.production.js Show response
static.hsappstatic.net/hubspot-dlb/static-1.438/ Frame 6DF7 295 KB
94 KB 141ms
54ms Script
application/javascript 2606:4700::6812:8b65
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/hubspot-dlb/static-1.438/bundle.production.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8b65 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

abb67ec9baf00b771641b3e783f5511c58621d346ee890fe8b82139b9d7c1005

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.hubspot.com/
Origin: https://app.hubspot.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:14 GMT
x-amz-version-id: QR.7BVVxWRX648zgagdsk0.3qbRZHX6u
via: 1.1 21c2c1b3872c539a34b64bcf45f4054c.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: FRA56-P2
age: 1767553
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Tue, 25 Jul 2023 10:27:02 GMT
server: cloudflare
etag: W/"e1432fc848986a403838f2466a71736c"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: https://app.hubspot.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=H1LvwPOEER6F711yRIqoHTwbaUE9mnrpMrGdYrzZ7zTg7IBoYcnjBL8cDRNPbo516AgB9cl0%2BzdIVcndlefd0RE4QarPkOwtxjv4H45lmNdOznlAuBL65djVjPBkTIyiseVDLydNl8XeOMkolKe2gx2Zx%2Fw%3D"}],"group":"cf-nel","max_age":604800}
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-credentials: true
cache-control: public, max-age=31536000
cf-ray: 7f7080eb2d1f365d-FRA
x-amz-cf-id: pVnMBYj9URv8jvM5unTdl29NjQ0nw7jc0BCI7YECQF8ffjd2ZNof7g==
expires: Wed, 14 Aug 2024 09:45:14 GMT

GET
H2 200 visitor.js Show response
static.hsappstatic.net/conversations-visitor-ui/static-1.16230/bundles/ Frame 6DF7 614 KB
180 KB 142ms
55ms Script
application/javascript 2606:4700::6812:8b65
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/conversations-visitor-ui/static-1.16230/bundles/visitor.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8b65 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0f152892ff9caa3f07c549aa58404e15330ae4aefadf62941c531e42991480d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.hubspot.com/
Origin: https://app.hubspot.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:14 GMT
x-amz-version-id: 1q.UPishHUVc7nSSznDsc5JiO2fG4O26
via: 1.1 4cc2a0a7eb7d5483edc69be298297f9e.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: AMS54-C1
age: 67330
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 14 Aug 2023 14:01:52 GMT
server: cloudflare
etag: W/"210dfb947875c25e6e6e66f80cf1fc24"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: https://app.hubspot.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qvHoDf%2BLYcYRJjcMIUncs7e%2FERs3CHhu1vEKtZ1GAA7D3vfzqWQr4pprAy6fnIDsEp12Ia4643CKezkX2Wk%2FX9Awa5nc3YyUkPbZc4KvxIkH3PDf8aqqNcAruEWQGYppX%2FjUtbNX0Xm4spFCLmUcJqfKIgY%3D"}],"group":"cf-nel","max_age":604800}
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-credentials: true
cache-control: public, max-age=31536000
cf-ray: 7f7080eb2d21365d-FRA
x-amz-cf-id: WhX9tTUgS4a_KhBx_yaTKmfmOx8_SKBtJIyCHGHJQu0f9lYgHfstRQ==
expires: Wed, 14 Aug 2024 09:45:14 GMT

GET
H2 200 i18n-data-data-locales-en-us.js Show response
static.hsappstatic.net/conversations-visitor-ui/static-1.16179/ Frame 6DF7 778 B
917 B 54ms
53ms Script
application/javascript 2606:4700::6812:8b65
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/conversations-visitor-ui/static-1.16179/i18n-data-data-locales-en-us.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8b65 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2ff62e78465cee4c972817341e2c03196b5c77e729908a9661164f6ce250c1bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.hubspot.com/
Origin: https://app.hubspot.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:15 GMT
x-amz-version-id: g9.2sYO02NHQuTXusJ6trcbsE0cMHrm4
via: 1.1 10150f1f3768fd868d31d5faec2b61f8.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-cf-pop: CDG52-P2
age: 578465
x-amz-server-side-encryption: AES256
content-encoding: br
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 02 Aug 2023 09:55:11 GMT
server: cloudflare
etag: W/"8dd6618842e3a40c297a2f6c3017ce06"
access-control-max-age: 3000
access-control-allow-methods: GET
content-type: application/javascript
access-control-allow-origin: https://app.hubspot.com
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=McrsNsi%2F27OrLT0QHjjGaAWEmSu6bKPrQBirZNxbGF0U2UNgA0x0qQDWxVcWw3jlC2zhrCEJWNe5BGF90kb7Eg5gQLfXA67%2Fp3G%2BRV8E3OODfzITtRzv9Ru6OLJJ3iqkbiDSrQ42EKBPakad9lc520myLQw%3D"}],"group":"cf-nel","max_age":604800}
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-credentials: true
cache-control: public, max-age=31536000
cf-ray: 7f7080eccf12365d-FRA
x-amz-cf-id: G4H3CirlOog4DopzG6YdELmz6efXsfLKwBcpguXZIr_ROIa6q9gleQ==
expires: Wed, 14 Aug 2024 09:45:15 GMT

GET
H2 200 nr-spa-1216.min.js Show response
js-agent.newrelic.com/ Frame 6DF7 49 KB
49 KB 131ms
39ms Script
application/javascript 151.101.2.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js-agent.newrelic.com/nr-spa-1216.min.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.2.137 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

545156adeae44dadc82b98d504f805ebe77fb79c928ef34eed1057bb9d4cb8fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

x-amz-version-id: UU.F5jvoumAjQChriwTQHbisCFw_OInU
date: Tue, 15 Aug 2023 09:45:15 GMT
via: 1.1 varnish
strict-transport-security: max-age=300
x-amz-request-id: WPMFB0VJG75YV1Z7
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 50049
x-amz-id-2: FZGRs9jHoygJROiHGl6xMkWo6b2J8tT5vX+5wqPZ7xbNvPJpdkGEDO9l2DizwaxY1IJipLlFmJk=
x-served-by: cache-fra-etou8220109-FRA
last-modified: Thu, 14 Apr 2022 16:45:57 GMT
server: AmazonS3
x-timer: S1692092715.180532,VS0,VE0
etag: "63e2df852d15ab21d7ff8fc4363222e8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 129

GET
H2 200 hawk.png
labs.cyble.com/hs-fs/hubfs/ Frame 6DF7 4 KB
5 KB 185ms
81ms Image
image/webp 2606:2c40::c73c:671e
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.cyble.com/hs-fs/hubfs/hawk.png?width=108&height=108

Requested by

Host: cyble.com
URL: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

079ceaa0981ce7f89ad67f2b125a26b02d93a4b400b0d01c1095d9d03b24c738

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:15 GMT
strict-transport-security: max-age=31536000
via: 1.1 0e358bffbd534852f8496b34da6ad3e4.cloudfront.net (CloudFront)
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options: nosniff
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag: F-83412232556,P-21289959,FLS-ALL
x-hs-https-only: worker
alt-svc: h3=":443"; ma=86400
content-length: 4194
cf-resized: internal=ram/m q=0 n=120+0 c=0+0 v=2023.7.3 l=4194
last-modified: Tue, 30 Aug 2022 08:53:18 GMT
cf-bgj: imgq:86,h2pri
server: cloudflare
etag: "cfLv25S9_RZ9mVF-YFCFUfZcZkUn9Bg2vL7Sxl6y2PDQ:ac94ce2bd2684e2d18ebb6c3988701dd"
vary: Accept, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=e08El89KYMvmRPwRVOCbxbuFRmc7MtdqSPmmGF%2F3BZRK%2Fz0RUItS5AP5q95W2EWnKNOudijx%2Fo9pdkf4GABDW1S%2FWAYcWXJrO2G0aBO82B1vJKlTA6qauhMcbeoc4EqZ5hRa2L%2BTjJ7o08a8"}],"group":"cf-nel","max_age":604800}
content-type: image/webp
access-control-allow-origin: *
cache-control: s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
accept-ranges: bytes
cf-ray: 7f7080ee4c053624-FRA

POST
H2 204 rhumb
app.hubspot.com/api/cartographer/v1/ Frame 6DF7 0
1 KB 161ms
160ms Ping
text/plain 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/api/cartographer/v1/rhumb?hs_static_app=conversations-visitor-ui&hs_static_app_version=1.16230

Requested by

Host: static.hsappstatic.net
URL: https://static.hsappstatic.net/conversations-visitor-ui/static-1.16230/bundles/visitor.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/ff23b0c3a6f24a8db5e4832ebab97bfd?uuid=f7e357b5557a457b82037afc769d6df2&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=cyble.com&inApp53=false&messagesUtk=ff23b0c3a6f24a8db5e4832ebab97bfd&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Tue, 15 Aug 2023 09:45:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: db1e1d43-7314-491d-9dd3-950a65884c3d
x-envoy-upstream-service-time: 4
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: db1e1d43-7314-491d-9dd3-950a65884c3d
server: cloudflare
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4OAx%2BvjV6883x0yKVRgcarpJZ5LjWjEOub0gkn02VdV7p011ycHTfLuMflxeYqdqz62Dk79rpy3axgR6vpJT8ChhFnifHwC04K5DRI0svHjM%2Fut5A5YdnXdudGxoP9qnzhF3wgW8ijunf4g0bg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin: https://app.hubspot.com
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-6c94986c56-hqv97
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing, X-Hubspot-Correct-Hublet, X-HubSpot-Auth-Failure
access-control-max-age: 604800
access-control-allow-credentials: true
x-evy-trace-virtual-host: all
cf-ray: 7f7080edac979a17-FRA
access-control-allow-headers: Authorization, Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer
timing-allow-origin: *

GET
H2 200 welcomeMessages Show response
app.hubspot.com/api/livechat-public/v1/bots/public/bot/2122156/ Frame 6DF7 982 B
1 KB 203ms
202ms XHR
application/json 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/api/livechat-public/v1/bots/public/bot/2122156/welcomeMessages?hs_static_app=conversations-visitor-ui&hs_static_app_version=1.16230&conversations-visitor-ui=static-1.16230&traceId=ff23b0c3a6f24a8db5e4832ebab97bfd&sessionId=AMOaWbIvWbRL3AQuWe0kehrKRE--c6aPYTp8x7O8VmgU5-G12KJ-S6_QyH87wj7BUJLfVdGNHI3Ajis3L1cvhl1r6c2-ycDgAbF1PGsG6gH-dfBqZOB1YV2W4m3j1Uro-QKbWWiLAwSe-TauFMZ7S_IhTAr7UaNtgIBc0Ve9hwKi0ZfKWHyQGdE

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b2f6252c2f9a309c07389da2b726289fd3e517ed3949a51e095935721add7dbc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/ff23b0c3a6f24a8db5e4832ebab97bfd?uuid=f7e357b5557a457b82037afc769d6df2&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=cyble.com&inApp53=false&messagesUtk=ff23b0c3a6f24a8db5e4832ebab97bfd&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 23e763f8-e43b-4e14-be51-0bffcf8dffda
content-encoding: br
x-envoy-upstream-service-time: 26
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 23e763f8-e43b-4e14-be51-0bffcf8dffda
server: cloudflare
x-trace: 2BCCF53C9FF44EA4B55D2BE8F0F695A7E3204A7978000000000000000000
vary: origin, Accept-Encoding
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-6c94986c56-wkscp
x-evy-trace-virtual-host: all
access-control-allow-credentials: false
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zLuQAibiK%2Ba9JQlbQ5GM%2FUPmWQAiIgwvGQ62SV5aqRgb%2FJlRlJ%2FTT6M5aXL%2BzmenwsZaSOUGXNXB0b%2FMtn2esHJc0m0zdb3qnU5Vf71J8hVAkjhCtcICuFVlu8r1YeUeVbkCGhdNU%2FtOkpdsCQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray: 7f7080edbcb39a17-FRA
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=0F1842C00CD64CEFBC2B45ED977152FB&RedC=c.clarity.ms&MXFR=19D039C351D16B6E17CA2AAD55D165F5
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=0F1842C00CD64CEFBC2B45ED977152FB&MUID=162BB48BF0A8664D1805A7E5F104677B

42 B
443 B

56ms
55ms

Image
image/gif

68.219.88.97
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=0F1842C00CD64CEFBC2B45ED977152FB&MUID=162BB48BF0A8664D1805A7E5F104677B
Protocol: H2
Server: 68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Aug 2023 09:45:14 GMT
last-modified: Tue, 06 Jun 2023 17:31:23 GMT
server: Microsoft-IIS/10.0
etag: "dca6ffb69c98d91:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Tue, 15 Aug 2023 09:45:15 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D01ECAECC9154390AA4DA6939D2CC788 Ref B: FRA31EDGE0716 Ref C: 2023-08-15T09:45:15Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=0F1842C00CD64CEFBC2B45ED977152FB&MUID=162BB48BF0A8664D1805A7E5F104677B
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
525 B 180ms
179ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=249479340&v=1.1&a=21289959&ct=blog-post&rcu=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&pu=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&t=Cyble+%E2%80%94+LummaC+Stealer+Leveraging+Amadey+Bot+to+Deploy+SectopRAT&cts=1692092715180&vi=a28a9068624980bf43947f3488064c8f&nc=true&u=27441379.a28a9068624980bf43947f3488064c8f.1692092715176.1692092715176.1692092715176.1&b=27441379.1.1692092715176&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 9d539892-506b-476c-8529-3ba6163ec73a
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 9
alt-svc: h3=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 9d539892-506b-476c-8529-3ba6163ec73a
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Yw9EIrqPyZxyzjyR2pSJj3L61mraGbtWvismsp7QphbKgqINNDjSnFAbuga0Vl0B5nTbby1347ulsPzQiQ2j7nbC0Ss6M0AL%2Fe4zGFCIzYHBL2DXmtbljw0Klmsr3ssD7ncKNrhuChwimOOrMOiB"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-8555d4b97d-fmrhj
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7f7080ee0d269a17-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
555 B 163ms
163ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=15&fi=f7da69d1-3801-430f-b109-5f44b65a9326&fci=7d4c1353-cb3f-4331-8c9c-9edfac46d42b&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=249479340&v=1.1&a=21289959&ct=blog-post&rcu=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&pu=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&t=Cyble+%E2%80%94+LummaC+Stealer+Leveraging+Amadey+Bot+to+Deploy+SectopRAT&cts=1692092715182&vi=a28a9068624980bf43947f3488064c8f&nc=true&u=27441379.a28a9068624980bf43947f3488064c8f.1692092715176.1692092715176.1692092715176.1&b=27441379.1.1692092715176&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 28447ef4-bc73-4a8e-9097-f2a58ee8f631
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 8
alt-svc: h3=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 28447ef4-bc73-4a8e-9097-f2a58ee8f631
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ruHNZSdQoVXMeRQF%2Fx6ALyGKg950WAmch05dfKd4AOJNGKrOZMM9k90kDi%2Bcck7a9FmRfJPc4Bpo6p89NiPHNnExzZjxvr6MoxcTGMeKlKacUCn%2F%2Bv%2F9wDVOPKZ5q5pBnqxmtXNaKVO0%2Bh4G2dOr"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-8555d4b97d-w76pp
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7f7080ee0d2b9a17-FRA
x-robots-tag: none

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
518 B 180ms
179ms Image
image/gif 2606:4700::6813:9a53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=17&fi=f7da69d1-3801-430f-b109-5f44b65a9326&fci=7d4c1353-cb3f-4331-8c9c-9edfac46d42b&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=249479340&v=1.1&a=21289959&ct=blog-post&rcu=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&pu=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&t=Cyble+%E2%80%94+LummaC+Stealer+Leveraging+Amadey+Bot+to+Deploy+SectopRAT&cts=1692092715183&vi=a28a9068624980bf43947f3488064c8f&nc=true&u=27441379.a28a9068624980bf43947f3488064c8f.1692092715176.1692092715176.1692092715176.1&b=27441379.1.1692092715176&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: f0672567-f99e-4f09-ae75-0530109ee2b7
p3p: CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time: 4
alt-svc: h3=":443"; ma=86400
content-length: 45
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: f0672567-f99e-4f09-ae75-0530109ee2b7
server: cloudflare
vary: origin, Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AE1m%2F0ZOPC9eAQPcsVvNvFD5OxlfA8YWsxcB4lScUVdNBsdKDfTjwqZlSNARkppVhze4z677B2gUK2YUi%2FhjKYnDR327NgEg9BBAXV6C%2FELLY74VAMscKM7GrPFaxGws5Vk1csoX2CT6Cr%2BfLtxA"}],"group":"cf-nel","max_age":604800}
content-type: image/gif
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-8555d4b97d-r2pvl
x-evy-trace-virtual-host: all
cache-control: no-cache, no-store, no-transform
access-control-allow-credentials: false
cf-ray: 7f7080ee0d2d9a17-FRA
x-robots-tag: none

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 178 B
959 B 169ms
168ms XHR
application/json 2606:4700::6813:9b53
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=21289959&utk=a28a9068624980bf43947f3488064c8f&__hstc=27441379.a28a9068624980bf43947f3488064c8f.1692092715176.1692092715176.1692092715176.1&__hssc=27441379.1.1692092715176&currentUrl=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f040373389a162846e3fce5af1ee107f0b71dba807051660a8c89ed33d746389

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-hubspot-correlation-id: 8ee50e9e-06a9-4144-9b39-46676056f434
content-encoding: br
x-envoy-upstream-service-time: 27
alt-svc: h3=":443"; ma=86400
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-listener: listener_https
x-request-id: 8ee50e9e-06a9-4144-9b39-46676056f434
server: cloudflare
vary: origin
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type: application/json;charset=utf-8
access-control-allow-origin: https://cyble.com
x-evy-trace-virtual-host: all
access-control-max-age: 180
access-control-allow-credentials: false
cache-control: max-age=0, no-cache, no-store
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TFSto5sJjojb890Wy%2F%2F7353b9oD7O4pYa9yRAYeiEOFHnSCsyvVbNc0dCf8mF9FgxdfktseSmrc5dJhZQicRMoBTQ0AEDMoIIDEtJaZ3%2F57UcerSzU%2BXjrsaBYhroMoH1Mj8UtZmdThNlsqdoaAl"}],"group":"cf-nel","max_age":604800}
x-robots-tag: none
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray: 7f7080ee3c871cc1-FRA
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-7f89ffc67f-tkdzf

GET
H3 200 a
www.googletagmanager.com/ 0
11 B 52ms
51ms Image
text/html 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?v=3&t=l&pid=1146497305&rv=3890&u=AAAAAAAAAAAAACAAAAAAEA&ut=AABA&h=Ag&cid=G-361856552&l=G-361856552.L767.S12.E1438.EC7.TC1.HTC0~gtm.init_consent.S0.V0.E40~gtm.init.S0.V0.E40~gtm.js.S0.V0.E49.TS5gct.TI1.TE0~*.S0.V0.E33~gtm.dom.S0.V0.E32~*.S0.V0.E4~gtm.load.S0.V0.E12

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:15 GMT
server: Google Tag Manager
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H3 200 a
www.googletagmanager.com/ 0
11 B 58ms
57ms Image
text/html 2a00:1450:4001:82a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.googletagmanager.com/a?v=3&t=l&pid=1517899175&rv=3890&u=AAAAAAAAAAAAACAAAAAAEA&ut=AABA&h=Ag&cid=G-361856552&l=_G-361856552.EC1.TC0.HTC0~*~GA671

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Tue, 15 Aug 2023 09:45:15 GMT
server: Google Tag Manager
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
content-type: text/html

GET
H/1.1 200
OK f9d051f404 Show response
bam-cell.nr-data.net/1/ Frame 6DF7 56 B
963 B 433ms
184ms Script
text/javascript 162.247.241.2
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/1/f9d051f404?a=205242107&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=976&ck=1&ref=https://app.hubspot.com/conversations-visitor/21289959/threads/utk/ff23b0c3a6f24a8db5e4832ebab97bfd&be=518&fe=797&dc=735&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1692092714273,%22n%22:0,%22f%22:1,%22dn%22:2,%22dne%22:3,%22c%22:3,%22s%22:90,%22ce%22:135,%22rq%22:135,%22rp%22:356,%22rpe%22:362,%22dl%22:360,%22di%22:735,%22ds%22:735,%22de%22:736,%22dc%22:796,%22l%22:796,%22le%22:797%7D,%22navigation%22:%7B%7D%7D&fp=889&fcp=889&ja=%7B%22nrSnippetVersion%22:%221216%22,%22environment%22:%22prod%22,%22deployed%22:true,%22hublet%22:%22na1%22,%22hsOlderBrowserVersion%22:false,%22conditionalPolyfillsInstalled%22:false,%22portalId%22:21289959,%22package%22:%22conversations-visitor-ui%22,%22packageVersion%22:%221.16230%22,%22template%22:%22visitor-index.html.tsx%22,%22user-online%22:true,%22visibility%22:%22visible%22,%22currentVisibility%22:%22visible%22,%22isEmbeddedInProduct%22:%22false%22,%22isInlineEmbeddedWidget%22:false,%22reactRhumbVersion%22:%221.9496%22,%22reaganVersion%22:%22react-rhumb%22,%22route%22:%22/%22,%22numReaganChecksStarted%22:1,%22numPreviousReaganChecksAborted%22:0,%22avgDurationBeforePreviousReaganAborts%22:0,%22numPreviousReaganChecksFailed%22:0,%22numPreviousReaganChecksSuccessful%22:0%7D&jsonp=NREUM.setToken
Requested by: Host: app.hubspot.com
URL: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/ff23b0c3a6f24a8db5e4832ebab97bfd?uuid=f7e357b5557a457b82037afc769d6df2&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=cyble.com&inApp53=false&messagesUtk=ff23b0c3a6f24a8db5e4832ebab97bfd&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.241.2 Portland, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software: cloudflare /
Resource Hash: f9745c48d0b4c918d466da4acdb3f786ef5cda4c69ac0b6009d76cff67e6325d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.hubspot.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Date: Tue, 15 Aug 2023 09:45:15 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Transfer-Encoding: chunked
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jGNBU9yn%2BNQuLffl%2B36IoowD249gf5uZE%2FWOxFTGN6dAyQfPw1xgumZWmr%2FNUPUKN4Wji8GA%2Bccs%2FAAgpw9E2Wk7PA7MRRxjaqD07iATTyoyj2Hf8hrNjK8iwJUixZbwgEoB7tKH"}],"group":"cf-nel","max_age":604800}
Vary: Accept-Encoding
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
Connection: keep-alive
CF-Ray: 7f7080eff97737fc-FRA

POST
H/1.1 204
No Content f9d051f404 Show response
bam-cell.nr-data.net/ins/1/ Frame 6DF7 0
674 B 190ms
189ms XHR
text/plain 162.247.241.2
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/ins/1/f9d051f404?a=205242107&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1417&ck=1&ref=https://app.hubspot.com/conversations-visitor/21289959/threads/utk/ff23b0c3a6f24a8db5e4832ebab97bfd
Requested by: Host: app.hubspot.com
URL: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/ff23b0c3a6f24a8db5e4832ebab97bfd?uuid=f7e357b5557a457b82037afc769d6df2&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=cyble.com&inApp53=false&messagesUtk=ff23b0c3a6f24a8db5e4832ebab97bfd&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.241.2 Portland, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://app.hubspot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
content-type: text/plain

Response headers

Date: Tue, 15 Aug 2023 09:45:15 GMT
CF-Cache-Status: DYNAMIC
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dCZWOt4Y29STn5aVx47GeIAGaM%2BeAyadaUNQvQbv6k4EEaVMa9%2Bas0CxseeoK%2FY2lah2xSqALwQr9Md1r%2BY8cjxwjBW4s6Bi0kZxjYxPvZ0y6JlFrejsIeZa6mZiW9OBsnF9HJYw"}],"group":"cf-nel","max_age":604800}
Access-Control-Allow-Origin: https://app.hubspot.com
access-control-allow-credentials: true
Connection: keep-alive
CF-Ray: 7f7080f12ae837fc-FRA

POST
H/1.1 200
OK f9d051f404 Show response
bam-cell.nr-data.net/events/1/ Frame 6DF7 24 B
733 B 255ms
173ms XHR
image/gif 162.247.241.2
NEWRELIC-AS-1

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/events/1/f9d051f404?a=205242107&sa=1&v=1216.487a282&t=Unnamed%20Transaction&rst=1421&ck=1&ref=https://app.hubspot.com/conversations-visitor/21289959/threads/utk/ff23b0c3a6f24a8db5e4832ebab97bfd
Requested by: Host: app.hubspot.com
URL: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/ff23b0c3a6f24a8db5e4832ebab97bfd?uuid=f7e357b5557a457b82037afc769d6df2&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=null&domain=cyble.com&inApp53=false&messagesUtk=ff23b0c3a6f24a8db5e4832ebab97bfd&url=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&inline=false&isFullscreen=false&globalCookieOptOut=null&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.241.2 Portland, United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://app.hubspot.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
content-type: text/plain

Response headers

Date: Tue, 15 Aug 2023 09:45:15 GMT
CF-Cache-Status: DYNAMIC
NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://app.hubspot.com
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LSyoWXUq03QlavPvFvnbcsqNmlQZy3g03VRVx8dZOkgnKVSD6YuIt41ourYWlUTeKkhjXAUUMsQI1BSn5wmQLcj%2BJ6fvUHaN1p%2F1tvHwAsdbPVlA9aMimqnoUCme2TfO%2BFecru4V"}],"group":"cf-nel","max_age":604800}
access-control-allow-credentials: true
Connection: keep-alive
CF-Ray: 7f7080f1bbe8697f-FRA
Content-Length: 24

POST
H/1.1 204
No Content collect Show response
p.clarity.ms/ 0
289 B 126ms
126ms XHR
text/plain 20.122.63.128
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://p.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.10/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.122.63.128 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx/1.18.0 (Ubuntu) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://cyble.com
Date: Tue, 15 Aug 2023 09:45:16 GMT
Access-Control-Allow-Credentials: true
Server: nginx/1.18.0 (Ubuntu)
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64

GET
H2 204 boom.gif
pixel.wp.com/ 0
37 B 39ms
39ms Image
text/plain 192.0.76.3
AUTOMATTIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/boom.gif?bilmur=1&cumulative_layout_shift=0.598&largest_contentful_paint=1563&batcache_hit=0&provider=wordpress.com&service=atomic&custom_properties=%7B%22devicepx%22%3A%220%22%7D&effective_connection_type=4g&rtt=0&downlink=10000&host_name=cyble.com&url_path=%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&nt_fetchStart=116&nt_domainLookupStart=117&nt_domainLookupEnd=117&nt_connectStart=117&nt_connectEnd=207&nt_secureConnectionStart=156&nt_requestStart=208&nt_responseStart=298&nt_responseEnd=370&nt_domLoading=301&nt_domInteractive=1326&nt_domContentLoadedEventStart=1328&nt_domContentLoadedEventEnd=1331&nt_domComplete=2822&nt_loadEventStart=2822&nt_loadEventEnd=2851&nt_redirectCount=0&nt_nextHopProtocol=h2&nt_api_level=2&start_render=837&first_contentful_paint=837&resource_size=3412160&resource_transferred=973798&js_size=1064192&js_transferred=324361&resource_cache_percent=0&js_cache_percent=0&last_resource_end=4443
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

access-control-allow-origin: *
date: Tue, 15 Aug 2023 09:45:18 GMT
cache-control: no-cache
server: nginx

POST
H3 204 collect
region1.google-analytics.com/g/ 0
17 B 47ms
47ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-N9ZXY95EM4&gtm=45Pe3890&_p=869785087&gdid=dZTNiMT&cid=990791793.1692092714&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=2&sid=1692092713&sct=1&seg=0&dl=https%3A%2F%2Fcyble.com%2Fblog%2Flummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat%2F&dt=Cyble%20%E2%80%94%20LummaC%20Stealer%20Leveraging%20Amadey%20Bot%20to%20Deploy%20SectopRAT&en=Clarity&_ee=1&ep.eventCategory=Clarity&ep.eventAction=ktxipp&ep.nonInteraction=true&ep.claritydimension=https%3A%2F%2Fclarity.microsoft.com%2Fga%2Fhf2o0cm7gp%2Fwg1bmp%2Fktxipp&_et=505
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=GT-WKTZW36
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://cyble.com/blog/lummac-stealer-leveraging-amadey-bot-to-deploy-sectoprat/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 15 Aug 2023 09:45:19 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://cyble.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

162 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

34 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.cyble.com/	1970-01-20 16:11:08	Name: _gcl_au Value: 1.1.1690529751.1692092714
.cyble.com/	1970-01-20 23:37:32	Name: _ga_361856552 Value: GS1.1.1692092713.1.0.1692092713.0.0.0
www.clarity.ms/	1970-01-20 22:47:08	Name: CLID Value: 6c20ab1934f34c60b27fe76b6060f9fa.20230815.20240814
.cyble.com/	1970-01-20 23:37:32	Name: _ga Value: GA1.2.990791793.1692092714
.cyble.com/	1970-01-20 14:02:59	Name: _gid Value: GA1.2.1729958593.1692092714
.cyble.com/	1970-01-20 14:01:32	Name: _gat_UA-201575643-1 Value: 1
cyble.com/	1970-01-20 14:02:59	Name: ln_or Value: eyI0MDUzMzk2IjoiZCJ9
.cyble.com/	1970-01-20 22:47:08	Name: _clck Value: wg1bmp\|2\|fe6\|0\|1322
.cyble.com/	1970-01-20 23:37:32	Name: _ga_N9ZXY95EM4 Value: GS1.1.1692092713.1.0.1692092714.0.0.0
.linkedin.com/	1970-01-20 16:11:08	Name: li_sugr Value: f1c6885e-963b-4c2a-a5f7-936884326f75
.linkedin.com/	1970-01-20 22:47:08	Name: bcookie Value: "v=2&0941ba67-0076-4c48-85a3-fb5adfd28cfe"
.linkedin.com/	1970-01-20 14:02:59	Name: lidc Value: "b=OGST03:s=O:r=O:a=O:p=O:g=2970:u=1:x=1:i=1692092714:t=1692179114:v=2:sig=AQEz3VTAskzPZqPpgsifY3X4zKArY_in"
.doubleclick.net/	1970-01-20 23:23:08	Name: IDE Value: AHWqTUnokpWwaRPDAF7IzQ1HdS5SaVIjxndbF6HV22dl4QdbXlHmwrtrajGsq2a_
.linkedin.com/	1970-01-20 14:44:44	Name: UserMatchHistory Value: AQK9ATrWILqGaQAAAYn4lc0VprHTEloiLEaZ9dTZYsVfATtVqss6_pKKXPghLVEyev0hv3TGvaO4Sw
.linkedin.com/	1970-01-20 14:44:44	Name: AnalyticsSyncHistory Value: AQIf06wYnfXejwAAAYn4lc0Vw0_GmyF5mUDkqvSchrhLCh7ZT8_o740u3nF_l2bFZ1go6hBoz_Qq3rZ98mwapg
.www.linkedin.com/	1970-01-20 22:47:08	Name: bscookie Value: "v=1&20230815094514e72c505e-c05f-4b4b-85b0-eef64a6c8ac7AQGlyuRHejFfaFP38TXzMmZgxl9l8CLt"
.linkedin.com/	1970-01-20 18:20:44	Name: li_gc Value: MTswOzE2OTIwOTI3MTQ7MjswMjEKDyN2/J+ypnil/tzYzq39a4PDMyglZOat18NXxQEK1A==
.cyble.com/	1970-01-20 14:02:59	Name: _clsk Value: ktxipp\|1692092714600\|1\|1\|p.clarity.ms/collect
.hubspot.com/	1970-01-20 14:01:34	Name: __cf_bm Value: JS0KDuo6tHt6SSw59utXf4JjQk3CA66d4OkYvgvVUqo-1692092714-0-Ab197daxl1pQjOdu2w7A/QlSuxkq+0W34FpYJFwGFaRy3XcfrxtmnrWsuz25Dde1Z7S5mhdj7LkjKltzRezw5HA=
.cyble.com/	1970-01-20 18:20:44	Name: messagesUtk Value: ff23b0c3a6f24a8db5e4832ebab97bfd
.cyble.com/	1970-01-20 18:20:44	Name: __hstc Value: 27441379.a28a9068624980bf43947f3488064c8f.1692092715176.1692092715176.1692092715176.1
.cyble.com/	1970-01-20 18:20:44	Name: hubspotutk Value: a28a9068624980bf43947f3488064c8f
.cyble.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.cyble.com/	1970-01-20 14:01:34	Name: __hssc Value: 27441379.1.1692092715176
.labs.cyble.com/	1970-01-20 14:01:34	Name: __cf_bm Value: e37X1PjOXrTWPspQJhp2t7bAUBslrhd8KPoA7aWUIlM-1692092715-0-AahAjbB2m8kuOCl+x2gaIW9pYsbWg+Rm0YSoYtjt6L4wsYhC+VrIaj0gVoI9FBtvuo3u1770K5Fico2323QdnFA=
.labs.cyble.com/	1969-12-31 23:59:59	Name: __cfruid Value: 89dfd9f7fe419f05a8f7cac94fe9691c99cccfd8-1692092715
.bing.com/	1970-01-20 23:23:08	Name: MUID Value: 162BB48BF0A8664D1805A7E5F104677B
.c.bing.com/	1970-01-20 14:11:37	Name: MR Value: 0
.c.bing.com/	1970-01-20 23:23:08	Name: SRM_B Value: 162BB48BF0A8664D1805A7E5F104677B
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 23:23:08	Name: MUID Value: 162BB48BF0A8664D1805A7E5F104677B
.c.clarity.ms/	1970-01-20 14:11:37	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 14:01:33	Name: ANONCHK Value: 0
.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: c34703ded5f30ad3

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://cyble.com/wp-content/uploads/2023/08/LummaC-Stealer-AmadeyBot-SectopRAT-1024x512.png Message: Failed to load resource: the server responded with a status of 400 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.omappapi.com
api.hubapi.com
api.hubspot.com
app.hubspot.com
bam-cell.nr-data.net
c.bing.com
c.clarity.ms
c0.wp.com
cdn.linkedin.oribi.io
cta-service-cms2.hubspot.com
cyble.com
d.adroll.com
fonts-api.wp.com
fonts.wp.com
forms-na1.hsforms.com
forms.hsforms.com
forms.hubspot.com
google.com
googleads.g.doubleclick.net
i0.wp.com
js-agent.newrelic.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
js.hsforms.net
js.hsleadflows.net
js.hubspot.com
js.usemessages.com
labs.cyble.com
p.clarity.ms
perf-na1.hsforms.com
pixel.wp.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.google-analytics.com
s.adroll.com
s0.wp.com
snap.licdn.com
static.hsappstatic.net
stats.g.doubleclick.net
stats.wp.com
track.hubspot.com
www.clarity.ms
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.linkedin.com
13.107.42.14
151.101.2.137
162.247.241.2
192.0.76.3
192.0.77.2
192.0.77.32
192.0.77.37
20.122.63.128
2001:4860:4802:34::36
2400:52e0:1e00::1081:1
2600:9000:20eb:8200:2:53b2:240:93a1
2600:9000:225e:b400:6:9280:1080:93a1
2606:2c40::c73c:671e
2606:4700:20::681a:6b1
2606:4700::6810:78be
2606:4700::6810:89ce
2606:4700::6810:b841
2606:4700::6811:64ac
2606:4700::6811:7f6e
2606:4700::6811:cacc
2606:4700::6811:d2f3
2606:4700::6811:d3f3
2606:4700::6812:18c4
2606:4700::6812:853b
2606:4700::6812:8b65
2606:4700::6813:9a53
2606:4700::6813:9b53
2620:1ec:21::14
2620:1ec:46::44
2620:1ec:c11::200
2a00:1450:4001:810::2004
2a00:1450:4001:812::200e
2a00:1450:4001:82a::2008
2a00:1450:4001:830::2002
2a00:1450:4001:830::2003
2a00:1450:4001:831::200e
2a00:1450:400c:c0c::9a
2a02:26f0:7100::1720:ee40
2a05:d018:cc3:fe04:f8c3:a4e0:7057:6f24
68.219.88.97
0200bc38d986631f9cc4680084d7d263ccf17fa4a3c627b26ff347e0cfcf1d47
0268b589d424a686ee986465b7917ac6c852be4fd6908331002878205beee576
0427349d2020319a07c730eb5c5cb8ee988339b37ea834a0e0e19463d7ff324d
04d1af88845fb011bd20760cf1a42ff9bc768f142e6f9edb4d28f369b1fab732
063565f869727078c5f4e68e351fdacecc0388f9cef40ae9a048fb5db8d900c3
079ceaa0981ce7f89ad67f2b125a26b02d93a4b400b0d01c1095d9d03b24c738
08756c47213d461baa3b01f42448a76d11f524470c7a34f9018733889bd4f49c
0b41b947a0935cf96cf1be1fa7cd5d9f0f34f42e031795bd44b74933c414a028
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0dd3ebf5a6397ea1ef51f53db07e8f9fca4227c0525ebb5e8ed75015b108b471
0e7ad47a4bc6ddbb17cb8cbe6167dae4717d0b5962a1d63de2e93e6dc201b9e8
0f152892ff9caa3f07c549aa58404e15330ae4aefadf62941c531e42991480d2
11b06964bab24ea95ffd9d7a91c9146d993fb0a5f5a53cf7c80d4f07773ac907
14c06cfb3fb33ce501743b68ea270a4b78ef9bf7b5f591784d719e6eea7d928b
15da0333da024365f065c44b1861355fac0211292dd57a0bb5f482ebcd166f4b
193657bba9ec9061d3d4ae939ce49fc051b54585bf5d9f5e795a0c258e6f75f5
1a11d4c8a6d406d2b3d222fea59f8ec58c8846662393bcb2ac17760c9545270e
202aa6d8ac6559305e6d1b273941796e5fab95dc0a08f9a9f0e4955afa0b4668
2055757e207fbd1dd32c01ab72c914fa88ae5f9f5595131207ca1e4769b8ba3b
214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0
22e6b56e777518d56d35252b62065cfa748c0c290c7b54ace1314338cf97b6f3
24004b1763b0275d5a1d9f66f08616a54b95aeec1f0034766bbb479679a82fc3
250dc46c1691ff969d5ea984b282e46403885ec806ed96ac3ee301db043a1a4d
291c58b03e240b281d1a39c17971111822353b0b9bf42ee1bb921267b001c521
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
2ff62e78465cee4c972817341e2c03196b5c77e729908a9661164f6ce250c1bd
3111667f131fe35172925ebef7026e7ce805f590d0998d027133523d7d1176d1
348faa54a35800dff0371ee5b6fa40871e383d4f405037c2e02bb4cc9c5d27c2
34f6f75ebed9d8ada5d33eb94f0d79feccb051e308897da31e96cc0751582878
36a58b231f4bd34d323b5a7da9caf1a2706ecc87ca22a822763b96659043017e
36d655313c51c3540e79a4ed3bff5be86110779b4e25043a6e78150a58cdbc66
382e9768b5578d5ad05e51e37670a3cf93d4593a49bcbee1f5e8b66d0d8c1c53
43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af
43cd95e62bc0c1b1d69ca1cd990e165063bc64005b3ee18aa947404de928441d
44b2056efc68f55c87e8095357d62bcb713b8702fcfc3e914db43e61f66e884e
453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22
47e5ff66931402cb5755d7eed98a6d23ee556a7f8e9c1dd340d351c27f669a0f
4c0ced2cb3830d045cdd74f745fd4d6dcb082d8edd3a9fe46e39295e30cb8032
4f3855e6f3082e6650dcbae564c7dab0790f49f243942d33b63c11a315774711
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
5244a8d1d1a28e02eec3247e1ba73bb13319a0cc521c87580d43e46cb67b4bc2
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
52984e532d02a87a060764ff400626a1b81cc316284a8ba1feab5d94697119a0
53c709abec93270bef6fa3c5c4290d4ce120582152fe692e6be582f544a89ae8
545156adeae44dadc82b98d504f805ebe77fb79c928ef34eed1057bb9d4cb8fe
594e58a370b6219afb761152e616c06147e70e8c8d040ef51058f238025633a1
5a85ef05aac6b235ced7b52818d4a96d33d8fa778342706baf3d98e3c1335480
5c93f77799d122fb5255ee24da285f9f228cc118cba11e6ceb2b6bda8cdf4164
694da45e033114445455ea32bc0448bd950165a0eda0f92e16b9ed32bf5eb493
6974bfd8fa06b7831f05cb4b25860c851a5ad3f02a6699ebe688987dd7a6ebe6
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d02cf7ab02fb87ae61c3843653e1b6ac677803f7dec768d986054a687fd69a3
6d4fdf918e5f7d61986a1ac1727fb35d39e25e7c7e3f7b85d7952c2edc819aef
721cc9150c432bbc0b113c4fb7c04e920d1392cc7b53bb17c233758faecdc500
7630f306c709ddaf791bd400ca8bf35a4f323953270401778bb65a8e1356db7a
7767eb16c530edecef795f839ccc67c03aed221e4a8cf70969f0231edb24dc57
78972f986ad8c0cafa844dcda205b00cb7fa60bc1a20cc7bedcb1276560d37a8
78f8c185c0d8daf604c8d73c29fdc05ba1b1e63b247a78015f6fd779ac8d5026
7b1eaaaf180a13c29b6dddc3b0ae23333b4397e0f3c065b4c86da2f2530a5f89
7b2da000930085fea78865e550caf6d35e1327dc3a2996bd8ba2146001b4316d
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
8631189ca38e73206e52ed06e8f0f3b2e839b9facc236b9519b9fd8d7f8d63e2
8b04a66a7c17bad4489e4e53c676672de567546b9b4eb41f9a698c4959ddf3e0
90b705145ef82e9d8493aae55c9bfb3200ec0620c8946b20b0b28366557d6a4a
92aac6fbb4010042167255e7366dcfdb996210351d8a79642490e76fc5a5239b
931729e0f35d5f9a8c077b47484b2180d05f74358293787e30cb0af30b9d87ff
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
93c4b4c3c0b807afd497de4b525c7980d50aeb57f52ab909d6cf5a814b4d13ae
96ea6b1e986879257e104371bf5f0cb0bf2bb9957a1aa73fa9df8be99aeeb157
96ff0e8ca57aaa826332145bcf4f45eb88f4d7dd0770b69b35c81e648c4ee33c
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9aac72c96bbbb7c120c620dcefd0ef63ea64da156cd058a0bf42e562a02178db
9c27e42954cc6f080f4857edb857af0788e836eec0388f043989364be9ae0594
9cd63b8cea25045c14623c538d26752518a58c0c682795ce6ad3078976c65a37
a68827190bc01a61ee0a62ec59efa74497a6bc5aa8586f1fac50a58d0cf42d88
ab3befdd3eec3313f82916c4d24f2c0e6cf2255b23c648f4528bbc1de1bb8efc
abb67ec9baf00b771641b3e783f5511c58621d346ee890fe8b82139b9d7c1005
ac158fd98a25872b4a494ed3c5a5da9f92eba989c397cab46bf8c8a7b04bc514
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
af8a8cd98214ed3d7760402ffa8b8804b073b4bf95d887ed7e81a50f826b523b
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b2f6252c2f9a309c07389da2b726289fd3e517ed3949a51e095935721add7dbc
b4ecd6b75ddb8f529acf668c1bdcd03b8338ff5872d99b4e5f8e2cb606a534bc
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b82873e9441abb9739dfca31b6880855d2043b643522a4011e29474d450b9a30
bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355
c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4
c45b6d7231c3b2e2f4d815c41bb2d3595bc1c02b9233f12b3da4c06175f41e0d
c706177319d7e325d98a281cdf6cb930f162b52f0f46828f11e5a10ae9894bea
ca070e32b6828690046193d4971de50a9ff7a22c01248a4feaf8a9ec12f75468
ca7752fb33cf3a98c0f29bc4eec563112025da4109a0dcc69dabf5f861751258
ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f
d01a2ba2805c78957e15a2958135de0f3cb88e95159dd0f6c0a032bd76b1b0e9
d131f7e4e216e7d68307b83116886b90867789b4e6d51a316566711c939d83b8
d622534d53d3ac1095af275f0b30274fcd835785577df2dde6d9398e6f7a2c8f
d743ad07240fdc75d2e2a357b4ff44b334f6d4c53683e31e824aaf61d3bad0c9
d749579e51cf490ba27a6782bcfe07c52e44ffa8e3fbb4db7a4dded9d0d9ef29
d790db1f8a17f8d6c29ee2d2afde51e37da9f6cd8a6c0680467014834aab4f07
d814bc98c8415428cb5c7511ce0eb00f66c7629a01645ab0b066848e843794b3
d83aec48544d062dde1996c25831b736a6262a98fc15a037ee5c72b1f9f0aeb2
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e07a45c7c60d08681486d059a3460d56930732dca8177bb457db78190b7b5ae7
e0f724e7902c0b2186d8395984c312696dc8be9ae0c187792f032fb0955fcf9a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5e5ee4fcc830312fa1456bca8896671afa86ee1c4407325dd4463b8009b898d
e77ea2ad3d36d93405698dfe9578c6f58d88aa70157e958ffb39af7796700f92
e7d619d956e2ee8eda499065971fa563dc8df48475e6e123e21e53815553401c
ec7ef7aa5fd1e019f1c26193e95e46d481d4983673936a9dda086705ada6e3d5
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f040373389a162846e3fce5af1ee107f0b71dba807051660a8c89ed33d746389
f0ee717899856ae9af6c9ed60f4b093f925bc3d9b3c0b42072ec6fc69c923d67
f158b8591a08b6c02bb345ae96dd62f0c632f7f635bb4a5f449fce24bdc11789
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f411b0d382fa401ad9bdac4d8db4df0d7175cd961b89caf0ab5779aa659fd6de
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f9745c48d0b4c918d466da4acdb3f786ef5cda4c69ac0b6009d76cff67e6325d
fa53fcd8da139d256c0ca83b69cb37473ca627b6052368ed3327c80d9fb61e25

cyble.com Open in urlscan Pro 2606:4700:20::681a:6b1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

144 Requests

97 %HTTPS

78 %IPv6

27 Domains

49 Subdomains

39 IPs

4 Countries

2445 kBTransfer

8300 kBSize

34 Cookies

45 Outgoing links

Page URL History

Redirected requests

144 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

cyble.com Open in urlscan Pro
2606:4700:20::681a:6b1 Public Scan

Screenshot
Live screenshot

Full Image

144
Requests

97 %
HTTPS

78 %
IPv6

27
Domains

49
Subdomains

39
IPs

4
Countries

2445 kB
Transfer

8300 kB
Size

34
Cookies

144 HTTP transactions
0 data transactions