urlscan.io logo urlscan.io
SecurityTrails logo

www.group-ib.com Open in urlscan Pro
3.72.181.255  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Submission: On February 16 via api from TR — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 35 IPs in 3 countries across 24 domains to perform 128 HTTP transactions. The main IP is 3.72.181.255, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is www.group-ib.com.
TLS certificate: Issued by Sectigo RSA Domain Validation Secure ... on June 26th 2023. Valid for: a year.
This is the only time www.group-ib.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
26 3.72.181.255 16509 (AMAZON-02)
2 136.243.22.212 24940 (HETZNER-AS)
27 2600:9000:212... 16509 (AMAZON-02)
2 172.65.255.172 13335 (CLOUDFLAR...)
1 172.65.208.22 13335 (CLOUDFLAR...)
8 172.65.232.43 13335 (CLOUDFLAR...)
4 2a00:1450:400... 15169 (GOOGLE)
1 172.65.219.229 13335 (CLOUDFLAR...)
1 172.65.236.181 13335 (CLOUDFLAR...)
2 172.65.192.122 13335 (CLOUDFLAR...)
1 172.65.202.201 13335 (CLOUDFLAR...)
1 172.65.238.60 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
4 5 2620:1ec:21::14 8068 (MICROSOFT...)
7 2.17.100.193 20940 (AKAMAI-ASN1)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a04:4e42::396 54113 (FASTLY)
3 2620:1ec:c11:... 8068 (MICROSOFT...)
1 18.245.46.48 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
3 2a03:2880:f08... 32934 (FACEBOOK)
3 2606:4700:440... 13335 (CLOUDFLAR...)
1 13.107.42.14 8068 (MICROSOFT...)
1 172.65.198.159 13335 (CLOUDFLAR...)
1 2a06:98c1:320... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 151.101.1.140 54113 (FASTLY)
1 2a02:26f0:ab0... 20940 (AKAMAI-ASN1)
1 2001:4860:480... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
5 107.22.160.215 14618 (AMAZON-AES)
2 2a03:2880:f17... 32934 (FACEBOOK)
9 172.65.240.166 13335 (CLOUDFLAR...)
128 35
26    3.72.181.255 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
www.group-ib.com
2    136.243.22.212 (Berlin, Germany)

ASN24940 (HETZNER-AS, DE)
PTR: static.212.22.243.136.clients.your-server.de
fhp-de-js.group-ib.com
27    2600:9000:2127:2600:9:7af6:1700:93a1 (United States)

ASN16509 (AMAZON-02, US)
website.cdn.group-ib.com
2    172.65.255.172 (United States)

ASN13335 (CLOUDFLARENET, US)
js-eu1.hsforms.net
1    172.65.208.22 (United States)

ASN13335 (CLOUDFLARENET, US)
js-eu1.hs-scripts.com
8    172.65.232.43 (United States)

ASN13335 (CLOUDFLARENET, US)
forms-eu1.hsforms.com
perf-eu1.hsforms.com
4    2a00:1450:4001:812::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    172.65.219.229 (United States)

ASN13335 (CLOUDFLARENET, US)
js-eu1.hsadspixel.net
1    172.65.236.181 (United States)

ASN13335 (CLOUDFLARENET, US)
js-eu1.hubspot.com
2    172.65.192.122 (United States)

ASN13335 (CLOUDFLARENET, US)
js-eu1.hscollectedforms.net
forms-eu1.hscollectedforms.net
1    172.65.202.201 (United States)

ASN13335 (CLOUDFLARENET, US)
js-eu1.hs-banner.com
1    172.65.238.60 (United States)

ASN13335 (CLOUDFLARENET, US)
js-eu1.hs-analytics.net
1    2606:4700::6811:eff9 (United States)

ASN13335 (CLOUDFLARENET, US)
forms.hsforms.com
5    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
www.linkedin.com
7    2.17.100.193 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-193.deploy.static.akamaitechnologies.com
j.6sc.co
c.6sc.co
b.6sc.co
2    2a00:1450:4001:830::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
2    2a04:4e42::396 (United States)

ASN54113 (FASTLY, US)
www.redditstatic.com
3    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
1    18.245.46.48 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-46-48.fra56.r.cloudfront.net
cdn.neverbounce.com
1    2606:4700::6810:880f (United States)

ASN13335 (CLOUDFLARENET, US)
ws.zoominfo.com
3    2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
3    2606:4700:4400::ac40:90e1 (United States)

ASN13335 (CLOUDFLARENET, US)
tracking.g2crowd.com
1    13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px4.ads.linkedin.com
1    172.65.198.159 (United States)

ASN13335 (CLOUDFLARENET, US)
cta-eu1.hubspot.com
1    2a06:98c1:3200::90:2 (United States)

ASN13335 (CLOUDFLARENET, US)
api-eu1.hubapi.com
2    2a00:1450:4001:82f::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
3    2a00:1450:4001:829::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
1    151.101.1.140 (United States)

ASN54113 (FASTLY, US)
alb.reddit.com
1    2a02:26f0:ab00::214:8e70 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
ipv6.6sc.co
1    2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
1    2a00:1450:400c:c00::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
5    107.22.160.215 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-22-160-215.compute-1.amazonaws.com
api.neverbounce.com
2    2a03:2880:f176:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
9    172.65.240.166 (United States)

ASN13335 (CLOUDFLARENET, US)
track-eu1.hubspot.com
Apex Domain
Subdomains		 Transfer
55 group-ib.com
www.group-ib.com
fhp-de-js.group-ib.com — Cisco Umbrella Rank: 261455
website.cdn.group-ib.com
2 MB
11 hubspot.com
js-eu1.hubspot.com — Cisco Umbrella Rank: 29402
cta-eu1.hubspot.com — Cisco Umbrella Rank: 28905
track-eu1.hubspot.com — Cisco Umbrella Rank: 16947
34 KB
9 hsforms.com
forms-eu1.hsforms.com — Cisco Umbrella Rank: 30557
forms.hsforms.com — Cisco Umbrella Rank: 5005
perf-eu1.hsforms.com — Cisco Umbrella Rank: 29650
72 KB
8 6sc.co
j.6sc.co — Cisco Umbrella Rank: 6461
c.6sc.co — Cisco Umbrella Rank: 9771
ipv6.6sc.co — Cisco Umbrella Rank: 6648
b.6sc.co — Cisco Umbrella Rank: 4424
20 KB
6 neverbounce.com
cdn.neverbounce.com — Cisco Umbrella Rank: 72539
api.neverbounce.com — Cisco Umbrella Rank: 165851
31 KB
6 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 391
www.linkedin.com — Cisco Umbrella Rank: 643
px4.ads.linkedin.com — Cisco Umbrella Rank: 6482
3 KB
4 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 52
359 KB
3 google.de
www.google.de — Cisco Umbrella Rank: 5654
670 B
3 google.com
www.google.com — Cisco Umbrella Rank: 2
region1.analytics.google.com — Cisco Umbrella Rank: 2400
818 B
3 g2crowd.com
tracking.g2crowd.com — Cisco Umbrella Rank: 9827
3 KB
3 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 191
74 KB
3 bing.com
bat.bing.com — Cisco Umbrella Rank: 409
14 KB
3 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 43
stats.g.doubleclick.net — Cisco Umbrella Rank: 113
4 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 114
239 B
2 redditstatic.com
www.redditstatic.com — Cisco Umbrella Rank: 1250
10 KB
2 hscollectedforms.net
js-eu1.hscollectedforms.net — Cisco Umbrella Rank: 28046
forms-eu1.hscollectedforms.net — Cisco Umbrella Rank: 29204
26 KB
2 hsforms.net
js-eu1.hsforms.net — Cisco Umbrella Rank: 59517
307 KB
1 reddit.com
alb.reddit.com — Cisco Umbrella Rank: 1487
637 B
1 hubapi.com
api-eu1.hubapi.com — Cisco Umbrella Rank: 23402
1 KB
1 zoominfo.com
ws.zoominfo.com — Cisco Umbrella Rank: 5430
2 KB
1 hs-analytics.net
js-eu1.hs-analytics.net — Cisco Umbrella Rank: 16468
21 KB
1 hs-banner.com
js-eu1.hs-banner.com — Cisco Umbrella Rank: 16124
23 KB
1 hsadspixel.net
js-eu1.hsadspixel.net — Cisco Umbrella Rank: 21967
4 KB
1 hs-scripts.com
js-eu1.hs-scripts.com — Cisco Umbrella Rank: 15137
1 KB
128 24
Domain Requested by
27 website.cdn.group-ib.com www.group-ib.com
website.cdn.group-ib.com
26 www.group-ib.com fhp-de-js.group-ib.com
www.group-ib.com
website.cdn.group-ib.com
9 track-eu1.hubspot.com
7 forms-eu1.hsforms.com fhp-de-js.group-ib.com
www.group-ib.com
5 api.neverbounce.com cdn.neverbounce.com
5 b.6sc.co www.group-ib.com
4 px.ads.linkedin.com 3 redirects www.group-ib.com
4 www.googletagmanager.com www.group-ib.com
www.googletagmanager.com
js-eu1.hsadspixel.net
3 www.google.de www.group-ib.com
3 tracking.g2crowd.com www.group-ib.com
3 connect.facebook.net www.group-ib.com
connect.facebook.net
3 bat.bing.com www.googletagmanager.com
bat.bing.com
www.group-ib.com
2 www.facebook.com www.group-ib.com
2 www.google.com www.group-ib.com
2 www.redditstatic.com www.googletagmanager.com
fhp-de-js.group-ib.com
2 googleads.g.doubleclick.net www.googletagmanager.com
2 js-eu1.hsforms.net www.group-ib.com
2 fhp-de-js.group-ib.com www.group-ib.com
1 perf-eu1.hsforms.com www.group-ib.com
1 stats.g.doubleclick.net fhp-de-js.group-ib.com
1 region1.analytics.google.com fhp-de-js.group-ib.com
1 ipv6.6sc.co fhp-de-js.group-ib.com
1 c.6sc.co fhp-de-js.group-ib.com
1 alb.reddit.com www.group-ib.com
1 forms-eu1.hscollectedforms.net fhp-de-js.group-ib.com
1 api-eu1.hubapi.com fhp-de-js.group-ib.com
1 cta-eu1.hubspot.com fhp-de-js.group-ib.com
1 px4.ads.linkedin.com www.group-ib.com
1 www.linkedin.com 1 redirects
1 ws.zoominfo.com www.group-ib.com
1 cdn.neverbounce.com www.googletagmanager.com
1 j.6sc.co www.group-ib.com
1 forms.hsforms.com www.group-ib.com
1 js-eu1.hs-analytics.net js-eu1.hs-scripts.com
1 js-eu1.hs-banner.com js-eu1.hs-scripts.com
1 js-eu1.hscollectedforms.net js-eu1.hs-scripts.com
1 js-eu1.hubspot.com js-eu1.hs-scripts.com
1 js-eu1.hsadspixel.net js-eu1.hs-scripts.com
1 js-eu1.hs-scripts.com www.group-ib.com
128 39
Subject Issuer Validity Valid
www.group-ib.com
Sectigo RSA Domain Validation Secure Server CA		 2023-06-26 -
2024-06-28		 a year crt.sh
*.group-ib.com
Sectigo RSA Domain Validation Secure Server CA		 2023-06-30 -
2024-07-04		 a year crt.sh
website.cdn.group-ib.com
Amazon RSA 2048 M02		 2023-08-01 -
2024-08-30		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-05-16 -
2024-05-15		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2024-01-29 -
2024-04-22		 3 months crt.sh
hubspot.com
Cloudflare Inc ECC CA-3		 2024-01-06 -
2024-12-31		 a year crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA		 2024-01-30 -
2024-07-30		 6 months crt.sh
6sc.co
R3		 2024-01-29 -
2024-04-28		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2024-01-29 -
2024-04-22		 3 months crt.sh
www.redditstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-01-08 -
2024-07-06		 6 months crt.sh
www.bing.com
Microsoft Azure TLS Issuing CA 02		 2024-01-21 -
2024-06-27		 5 months crt.sh
neverbounce.com
Amazon RSA 2048 M03		 2024-01-29 -
2025-02-25		 a year crt.sh
zoominfo.com
Cloudflare Inc ECC CA-3		 2023-04-04 -
2024-04-03		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2023-11-25 -
2024-02-23		 3 months crt.sh
hubapi.com
Cloudflare Inc ECC CA-3		 2023-04-07 -
2024-04-06		 a year crt.sh
www.google.com
GTS CA 1C3		 2024-01-29 -
2024-04-22		 3 months crt.sh
www.google.de
GTS CA 1C3		 2024-01-29 -
2024-04-22		 3 months crt.sh
*.reddit.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-01-15 -
2024-07-13		 6 months crt.sh

This page contains 1 frames:

Primary Page: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Frame ID: 49B452081EA852828BAC58B2259B6FAC
Requests: 164 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Face Off | Group-IB Blog

Page URL History Show full URLs

  1. https://www.group-ib.com/blog/goldfactory-ios-trojan/ Page URL
  2. https://www.group-ib.com/blog/goldfactory-ios-trojan/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • /wp-(?:content|includes)/
Overall confidence: 75%
Detected patterns
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

128
Requests

99 %
HTTPS

50 %
IPv6

24
Domains

39
Subdomains

35
IPs

3
Countries

3456 kB
Transfer

6858 kB
Size

40
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.group-ib.com/blog/goldfactory-ios-trojan/ Page URL
  2. https://www.group-ib.com/blog/goldfactory-ios-trojan/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 116
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1708049345650&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&tm=gtmv2 HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1708049345650&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&tm=gtmv2&cookiesTest=true HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4496601%26time%3D1708049345650%26url%3Dhttps%253A%252F%252Fwww.group-ib.com%252Fblog%252Fgoldfactory-ios-trojan%252F%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1708049345650&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&tm=gtmv2&cookiesTest=true&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1708049345650&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQLbPFT1yHfZsgAAAY2vrK9ontNlvsal4a5dm71Vshk93_bcN3HAO6OlVJLeYb1god9EIH6ocXgY

128 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
/
www.group-ib.com/blog/goldfactory-ios-trojan/ 		7 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
35f6b75ddb81365e6b52c303afe88fe2479502f691980c7e067869441098a103

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
no-cache, no-store, must-revalidate
content-type
text/html
date
Fri, 16 Feb 2024 02:09:03 GMT
bt-autoinject.js
fhp-de-js.group-ib.com/d/ 		343 KB
135 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
136.243.22.212 Berlin, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.212.22.243.136.clients.your-server.de
Software
nginx /
Resource Hash
90feab54b3acd83fa6182b1099d882d4aa602ec61b8bcdfec8c3c8f413df5fe0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date
Fri, 16 Feb 2024 02:09:03 GMT
Content-Encoding
gzip
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/javascript; charset=UTF-8
Access-Control-Allow-Methods
GET, POST, OPTIONS
x-envoy-upstream-service-time
1
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization
truncated
/ 		486 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f68055916fa979cecff160c54134f166999cd4d92a29d81e39fca679b126d92e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
981884a2170d41957d529dabdc5a5e5238fa4646fd5970ad836a39aa4431efbe

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/png
idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
www.group-ib.com/api/fl/ 		205 B
662 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/api/fl/idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Requested by
Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
a6d841061256895fcb16493e205c7b7fedbf27c870ee2f25b4822ded7148673e

Request headers

Referer
https://www.group-ib.com/blog/goldfactory-ios-trojan/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
x-cfids
-

Response headers

date
Fri, 16 Feb 2024 02:09:03 GMT
content-encoding
gzip
server
nginx
etag
W/"RXSbpeyXo9xYTcE0bdgI9rH+Tuxmsq8LEvGqI/toQEU2JYdzTNgZjwebPhjXBuS4fmh64vs4USkFyTjvADBzXrF6TBkJaeaK8/ph0CHViyoonPsT9nVqb3jTmZPlwKzeW5RYQ+Oew197RpHdumIgBOfU"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
cache-control
no-cache
x-envoy-upstream-service-time
1
fl
www.group-ib.com/api/ 		669 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/api/fl?u=0085cb90-831e-11ee-9493-816cec585ffa&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=RXSbpeyXo9xYTcE0bdgI9rH%2BTuxmsq8LEvGqI%2FtoQEU2JYdzTNgZjwebPhjXBuS4fmh64vs4USkFyTjvADBzXrF6TBkJaeaK8%2Fph0CHViyoonPsT9nVqb3jTmZPlwKzeW5RYQ%2BOew197RpHdumIgBOfU
Requested by
Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
c47a5cbe1a822b9eaa43e9d17f5dc6e31c340f3ed3f5b78103da1ea6a3c50604

Request headers

Referer
https://www.group-ib.com/blog/goldfactory-ios-trojan/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 16 Feb 2024 02:09:04 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.group-ib.com
cache-control
no-store
access-control-allow-credentials
true
x-envoy-upstream-service-time
3
access-control-allow-headers
Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization
Primary Request /
www.group-ib.com/blog/goldfactory-ios-trojan/ 		166 KB
43 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/blog/goldfactory-ios-trojan/
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
afc10dbb85591591df5cbf6eef6030a02b8839639e046b85b7ec0348b1d1cb17
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.group-ib.com/blog/goldfactory-ios-trojan/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
content-encoding
gzip
content-length
43263
content-security-policy
frame-ancestors 'self';
content-type
text/html; charset=UTF-8
date
Fri, 16 Feb 2024 02:09:04 GMT
etag
"a845-6116a2e5f1a37"
last-modified
Thu, 15 Feb 2024 11:46:42 GMT
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
referrer-policy
strict-origin-when-cross-origin
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
vary
X-Forwarded-Proto,Accept-Encoding,Cookie
x-content-type-options
nosniff
x-frame-options
sameorigin
x-xss-protection
1; mode=block
fl
www.group-ib.com/api/ 		669 B
997 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/api/fl?u=0085cb90-831e-11ee-9493-816cec585ffa&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=YIsyxqNwUyBI2u0ZHLz4%2BC5TFPJoCyCKpm2YBU3SWEr%2FZT5out4Y9IaAz3jE6XEr%2B10QfcVxAB1tSNSAmHW9ONNycvWLalr%2F3kutOkITZF9UPuZg1aPW5o9rZsYxlqj7O5jvrfMB%2BMwIePe0oZtzyrYKWYdc8CdgbB3O
Requested by
Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Referer
https://www.group-ib.com/blog/goldfactory-ios-trojan/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 16 Feb 2024 02:09:04 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.group-ib.com
cache-control
no-store
access-control-allow-credentials
true
x-envoy-upstream-service-time
4
access-control-allow-headers
Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization
bt-autoinject.js
fhp-de-js.group-ib.com/d/ 		343 KB
135 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
136.243.22.212 Berlin, Germany, ASN24940 (HETZNER-AS, DE),
Reverse DNS
static.212.22.243.136.clients.your-server.de
Software
nginx /
Resource Hash
90feab54b3acd83fa6182b1099d882d4aa602ec61b8bcdfec8c3c8f413df5fe0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date
Fri, 16 Feb 2024 02:09:04 GMT
Content-Encoding
gzip
Server
nginx
Transfer-Encoding
chunked
Vary
Accept-Encoding
Content-Type
text/javascript; charset=UTF-8
Access-Control-Allow-Methods
GET, POST, OPTIONS
x-envoy-upstream-service-time
1
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization
lazyload.min.js
www.group-ib.com/wp-content/plugins/w3-total-cache/pub/js/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/wp-content/plugins/w3-total-cache/pub/js/lazyload.min.js?x23625
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1a54a1907a6443e3c81608130bfed4546eb0ce5d0c8897e1d7a3b43d89ecc367
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/blog/goldfactory-ios-trojan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 16 Feb 2024 02:09:04 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-length
2356
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 12 Jan 2024 16:32:12 GMT
server
nginx
etag
"1883-60ec234cfa8ef-gzip"
vary
X-Forwarded-Proto,Accept-Encoding
x-frame-options
sameorigin
content-type
application/javascript
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
swiper-bundle.min.js
website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/js/ 		140 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/js/swiper-bundle.min.js?x23625
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:2600:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
b624e1e378abe009ef0de69a698b0a3e734af47efcdbd6816d5fcb8fc64c8bfe
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 16 Feb 2024 02:09:05 GMT
via
1.1 ca6609f4a83e693c532f54c00146f5f8.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
PRG50-C1
x-cache
Miss from cloudfront
content-length
39504
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 05 Sep 2022 07:41:14 GMT
server
nginx
etag
"22ede-5e7e9344df9f2-gzip"
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
x-amz-cf-id
4nbkOMKA89Gi70qt_GXiQsQo-XGxljqXfHW4-_BsiQ32PJq5kfC1Vw==
classic-themes.min.css
website.cdn.group-ib.com/wp-includes/css/ 		217 B
956 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://website.cdn.group-ib.com/wp-includes/css/classic-themes.min.css?x23625
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:2600:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 16 Feb 2024 02:09:05 GMT
via
1.1 ca6609f4a83e693c532f54c00146f5f8.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
PRG50-C1
x-cache
Miss from cloudfront
content-length
189
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 11 Nov 2022 11:58:50 GMT
server
nginx
etag
"d9-5ed309cf15c82-gzip"
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
x-amz-cf-id
RpdSdPE034TmqdRDD1NZjS05HQDH20qYVYSFcThciHB6P_iscDACzA==
dashicons.min.css
website.cdn.group-ib.com/wp-includes/css/ 		58 KB
36 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://website.cdn.group-ib.com/wp-includes/css/dashicons.min.css?x23625
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:2600:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 16 Feb 2024 02:09:05 GMT
via
1.1 ca6609f4a83e693c532f54c00146f5f8.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
PRG50-C1
x-cache
Miss from cloudfront
content-length
35730
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 10 Jun 2022 07:03:36 GMT
server
nginx
etag
"e688-5e112897ec200-gzip"
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
x-amz-cf-id
ThqupYYyd-kmsnUB1c790Iij0Cm0CqUp5QXbixOL-af_6fSSQNJnEw==
frontend.min.css
www.group-ib.com/wp-content/plugins/post-views-counter/css/ 		217 B
274 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/wp-content/plugins/post-views-counter/css/frontend.min.css?x23625
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
cc2a604a1e6f73444e8db5d749a64c62899943e68ad07feeee39050b4fdb32cb
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/blog/goldfactory-ios-trojan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 16 Feb 2024 02:09:04 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-length
158
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 30 Oct 2023 14:47:57 GMT
server
nginx
etag
"d9-608f01fb0af1e-gzip"
vary
X-Forwarded-Proto,Accept-Encoding
x-frame-options
sameorigin
content-type
text/css
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
jquery.min.js
website.cdn.group-ib.com/wp-includes/js/jquery/ 		88 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://website.cdn.group-ib.com/wp-includes/js/jquery/jquery.min.js?x23625
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:2600:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 16 Feb 2024 02:09:05 GMT
via
1.1 ca6609f4a83e693c532f54c00146f5f8.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
PRG50-C1
x-cache
Miss from cloudfront
content-length
30995
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 11 Nov 2022 11:58:50 GMT
server
nginx
etag
"15e54-5ed309cf21802-gzip"
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
x-amz-cf-id
IuBD4i_vw2_i6z34hGsy0Dg0PAmQz3edZiwVjiQLWSaGoUA870j5Yg==
single-blog-post.css
website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/ 		277 KB
39 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css?x23625
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:2600:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
659f931141d138f6e712757b69306a764feee075b3eebcebf6b11b3074c0bce2
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 16 Feb 2024 02:09:05 GMT
via
1.1 ca6609f4a83e693c532f54c00146f5f8.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
PRG50-C1
x-cache
Miss from cloudfront
content-length
39572
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 16 Feb 2024 02:08:32 GMT
server
nginx
etag
"45503-611763884e7e1-gzip"
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
x-amz-cf-id
fCNQED7zn-Jhd42nBBkuG1L6RHhhRjTdSCrv1IrMAQH8vAvkkYETwA==
v2.js
js-eu1.hsforms.net/forms/ 		481 KB
154 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-eu1.hsforms.net/forms/v2.js?x23625
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.65.255.172 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c0bce3c69009ee89078e9eed1305d9e6df0ff6ca83bd3fdab59ee0ba03e23b31
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-encoding
br
age
3
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.4708/bundles/project-v2.js&cfRay=85623f08a8325d93-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"6c024a19bf6fceb0d8b66919507353ec"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=600, max-age=300
x-hs-target-asset
forms-embed/static-1.4708/bundles/project-v2.js
date
Fri, 16 Feb 2024 02:09:05 GMT
x-amz-version-id
K1IDq5oXgFf6Gf.V6vMhXddDfxNDLbE_
via
1.1 cb4c4a25e4ef534686959996782c8476.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA56-P2
x-hubspot-correlation-id
a2c2a04b-4fc3-4826-9576-73a336f05d1e
x-cache
Hit from cloudfront
cache-tag
staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
2
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
a2c2a04b-4fc3-4826-9576-73a336f05d1e
last-modified
Thu, 15 Feb 2024 14:03:45 UTC
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mVRoQnnsovlQlRDcyhdoZ2WT4WhAlZC8Yg7Kpzv%2B6cY%2BRjxcv2rqaOaQ2JypWyb%2FAPv1%2Blu1AKZ%2Fabgg67ur4a2e3U2mpDxeirHvWX6L4s1me3XvIh5ZgI%2B%2F7WvbA%2FJmjVZfTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status
HIT
x-evy-trace-served-by-pod
fra04/app-td/envoy-proxy-7684d9bdfc-nc8dk
cf-ray
85623f166b3a65b3-FRA
x-amz-cf-id
UbMwPiBXxEyasqTzMTwkfKokQ2wysoPzF9rw6q-HWzwOMogWIyU4Rw==
main.js
website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/js/ 		212 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/js/main.js?x23625
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:2600:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e390548c13c513820a6467749400ba0f5a87d7ebd5ac3e46d4498b9fe9a47012
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 16 Feb 2024 02:09:05 GMT
via
1.1 ca6609f4a83e693c532f54c00146f5f8.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
PRG50-C1
x-cache
Miss from cloudfront
content-length
45900
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 31 Jan 2024 12:43:26 GMT
server
nginx
etag
"34e53-6103d39a6c535-gzip"
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
x-amz-cf-id
Dy7m5wqGMHQ3YgmPzCchT4ohGLrqar5Ybf2ZkwSpzQmnrKn9QC7yXg==
fancybox.umd.js
website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/libs/fancybox/ 		103 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/libs/fancybox/fancybox.umd.js?x23625
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:2600:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
942e02acf640c0308f65e057a8afaed63dfaf995034cda9cfc75532a1009ec72
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 16 Feb 2024 02:09:05 GMT
via
1.1 ca6609f4a83e693c532f54c00146f5f8.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
PRG50-C1
x-cache
Miss from cloudfront
content-length
29634
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 05 Sep 2022 07:24:28 GMT
server
nginx
etag
"19ca6-5e7e8f85cb376-gzip"
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
x-amz-cf-id
bqmkaiXF4qCnAdFhswwCwnzkNWQldkimLZii1yMi-YDZjEOay8Ixhg==
frontend.min.js
www.group-ib.com/wp-content/plugins/post-views-counter-pro/js/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/wp-content/plugins/post-views-counter-pro/js/frontend.min.js?x23625
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
c75ce78367d99e641567420678abf3731c7bd570cdaa84457d6eebc47f00d76c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/blog/goldfactory-ios-trojan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 16 Feb 2024 02:09:04 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-length
1338
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 31 Oct 2023 13:34:29 GMT
server
nginx
etag
"ae8-6090336cbb5a7-gzip"
vary
X-Forwarded-Proto,Accept-Encoding
x-frame-options
sameorigin
content-type
application/javascript
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
25755956.js
js-eu1.hs-scripts.com/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-eu1.hs-scripts.com/25755956.js?x23625
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.65.208.22 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
81f6b04ca6f18d9cfe91a818583834621b8fe054adc3f51d61f0461c580b28e6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:05 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
x-hubspot-correlation-id
f0aa4cdc-7cfa-47b3-ba07-6a27aff126cf
x-evy-trace-route-service-name
envoyset-translator
cf-polished
origSize=2524
age
3474
x-envoy-upstream-service-time
12
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
f0aa4cdc-7cfa-47b3-ba07-6a27aff126cf
cf-bgj
minify
last-modified
Fri, 16 Feb 2024 01:11:11 GMT
server
cloudflare
x-trace
2BF88FF100A301523064DDBEF40AFCA8590A6E6B5C000000000000000000
access-control-max-age
3600
vary
origin, Accept-Encoding
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://www.group-ib.com
x-evy-trace-served-by-pod
fra04/hubapi-td/envoy-proxy-7686598bc7-m2zsv
x-evy-trace-virtual-host
all
access-control-allow-credentials
true
cf-ray
85623f1799b865df-FRA
truncated
/ 		485 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
abb911f3562afc79c9fa40fb6afd6ab67e0eeb2ff43adbaa4a9c83919b5484fa

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
aef482b715a26c6ccb12e7d14e7ab2c4da85f7e5e1270caddf5c30222c4433e6

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/png
idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
www.group-ib.com/api/fl/ 		217 B
660 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/api/fl/idgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Requested by
Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
8ce32f317145ffbc0b0f98bbcef233324ca5e78c8ac355bd382a91ba1591b1d3

Request headers

X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
fJqp3XZBrkXwc8eJSTkt6aRKYmIKUkG5XO3lo2c4E4G07y49mBUA3H7g6GJREPIgZz1lc7ZRwKB8XV9iTpub+7H5NGoU/yhK9a9wQilmd+GM1+kYUSmXsFTCm4lSLOH4D9Zr0YUQc1usDx2DI+qp1+MMDbK3VTLlgkI9nKiy33FOX4+D8pMhZFqd5fqDc9KMKu8CW+mRaGIV8Fvx6bSJhLAaO1bUr6nqJAaZfISyszBOgXyLeIajRycA9VbgILG4vg==
Referer
https://www.group-ib.com/blog/goldfactory-ios-trojan/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Wjgye6620974eb1de66d8127b1a9fba6a11b4250
x-cfids
YIsyxqNwUyBI2u0ZHLz4+C5TFPJoCyCKpm2YBU3SWEr/ZT5out4Y9IaAz3jE6XEr+10QfcVxAB1tSNSAmHW9ONNycvWLalr/3kutOkITZF9UPuZg1aPW5o9rZsYxlqj7O5jvrfMB+MwIePe0oZtzyrYKWYdc8CdgbB3O

Response headers

date
Fri, 16 Feb 2024 02:09:04 GMT
content-encoding
gzip
server
nginx
etag
W/"YPYgx+owSc9DcXmYfO8MFa4ATYIJ75osM6CpImJRGnm/UDTX8pbK0yrpA1VrTYuQujL1/QOINBLMlIAiFWKqDqAJrSZ002kOWkiVoSuDPSTb8MSSs3PY8Wt/5Epyx4ta/l8+7UMkoYl+QeY6Gce/TTcXhj7LGpNgMZuC"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
cache-control
no-cache
x-envoy-upstream-service-time
0
wp-emoji-release.min.js
www.group-ib.com/wp-includes/js/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/wp-includes/js/wp-emoji-release.min.js
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/blog/goldfactory-ios-trojan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 16 Feb 2024 02:09:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-length
5009
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 10 Jun 2022 07:03:36 GMT
server
nginx
etag
"48b9-5e112897ec200-gzip"
vary
X-Forwarded-Proto,Accept-Encoding
x-frame-options
sameorigin
content-type
application/javascript
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
G-font-Medium.otf
website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/ 		60 KB
35 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/G-font-Medium.otf
Requested by
Host: website.cdn.group-ib.com
URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css?x23625
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:2600:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
1efe16c9efbadde5e242d88a315eca3906a55669fcd4882a904fbc723306a4e4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css?x23625
Origin
https://www.group-ib.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
date
Fri, 16 Feb 2024 02:09:05 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 3544838dca6112dd616da017a568e76a.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
PRG50-C1
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 27 Nov 2023 11:44:59 GMT
server
nginx
etag
W/"eed4-60b20d4ef6694"
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
font/otf
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
x-amz-cf-id
PPjdgpH6Rqv_0mTkN_g0-_TRINxEhZjtvo5yGOd-kdRVZhoEB3xRvQ==
G-font-Regular.otf
website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/ 		47 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/G-font-Regular.otf
Requested by
Host: website.cdn.group-ib.com
URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css?x23625
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:2600:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
6cee0fb06339ba13e1f15d044e0e4904bbeeb7fbe4351e3f102b6d80b2465061
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css?x23625
Origin
https://www.group-ib.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
date
Fri, 16 Feb 2024 02:09:05 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 3544838dca6112dd616da017a568e76a.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
PRG50-C1
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 27 Nov 2023 11:44:59 GMT
server
nginx
etag
W/"bbf8-60b20d4ef6694"
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
font/otf
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
x-amz-cf-id
KiVwjCr94Z7YGjld4R6qp-HSrgKiRykX1JWwbKKUQlDs2DLzLckH3A==
json
forms-eu1.hsforms.com/embed/v3/form/25755956/044e7558-8073-478a-ad3c-5807dd76840f/ 		9 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms-eu1.hsforms.com/embed/v3/form/25755956/044e7558-8073-478a-ad3c-5807dd76840f/json?hs_static_app=forms-embed&hs_static_app_version=1.4708&X-HubSpot-Static-App-Info=forms-embed-1.4708
Requested by
Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
46e70a7e316c3897c5779d7c9531381ba35eaf9bef7a991bb6ea9cfd709f238b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.group-ib.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

X-Origin-Hublet
eu1
Date
Fri, 16 Feb 2024 02:09:05 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
CF-Cache-Status
DYNAMIC
Content-Encoding
br
x-evy-trace-route-service-name
envoyset-translator
X-HubSpot-Correlation-Id
da800905-d610-4a02-8fa0-ccf820788ca7
Transfer-Encoding
chunked
x-envoy-upstream-service-time
12
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
da800905-d610-4a02-8fa0-ccf820788ca7
Server
cloudflare
X-Trace
2B61529ECC71E330949F601D2E69E44CE5554E87B3000000000000000000
Vary
origin
Access-Control-Allow-Methods
OPTIONS, GET
Content-Type
application/json;charset=utf-8
Access-Control-Allow-Origin
https://www.group-ib.com
x-evy-trace-virtual-host
all
Access-Control-Expose-Headers
X-Origin-Hublet
Access-Control-Max-Age
180
Access-Control-Allow-Credentials
false
Cache-Control
max-age=0, no-cache, no-store
X-Robots-Tag
none
Access-Control-Allow-Headers
*
CF-RAY
85623f17ee646928-FRA
x-evy-trace-served-by-pod
fra04/star-hubspot-td/envoy-proxy-56464fb95b-l4w4j
v2.js
js-eu1.hsforms.net/forms/ 		481 KB
153 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-eu1.hsforms.net/forms/v2.js?x23625
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.65.255.172 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c0bce3c69009ee89078e9eed1305d9e6df0ff6ca83bd3fdab59ee0ba03e23b31
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-encoding
br
age
3
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.4708/bundles/project-v2.js&cfRay=85623f08a8325d93-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"6c024a19bf6fceb0d8b66919507353ec"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=600, max-age=300
x-hs-target-asset
forms-embed/static-1.4708/bundles/project-v2.js
date
Fri, 16 Feb 2024 02:09:05 GMT
x-amz-version-id
K1IDq5oXgFf6Gf.V6vMhXddDfxNDLbE_
via
1.1 cb4c4a25e4ef534686959996782c8476.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA56-P2
x-hubspot-correlation-id
a2c2a04b-4fc3-4826-9576-73a336f05d1e
x-cache
Hit from cloudfront
cache-tag
staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
2
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
a2c2a04b-4fc3-4826-9576-73a336f05d1e
last-modified
Thu, 15 Feb 2024 14:03:45 UTC
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WR8pwN98c%2Bh3OTFhEgHwIQ5KHK4o8nS6EToaS5tv1K7iJE9e99b%2BhfnSsM16%2BI4rviE5pLL7%2BsX%2BcFg%2BZ2WQkqGbq9u%2FImIshZnp%2BBlobjkMQdq%2BfFVks5Y%2BGESnEHD8sOK1Xw%3D%3D"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status
HIT
x-evy-trace-served-by-pod
fra04/app-td/envoy-proxy-7684d9bdfc-nc8dk
cf-ray
85623f17abfd65b3-FRA
x-amz-cf-id
UbMwPiBXxEyasqTzMTwkfKokQ2wysoPzF9rw6q-HWzwOMogWIyU4Rw==
cross.svg
website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ 		342 B
979 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/cross.svg
Requested by
Host: website.cdn.group-ib.com
URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css?x23625
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:2600:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
dfb059f8aa219769088fd6c85d85aae789f1e72bfe3d314748f1f3ccfffffb1c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css?x23625
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 16 Feb 2024 02:09:05 GMT
via
1.1 ca6609f4a83e693c532f54c00146f5f8.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
PRG50-C1
x-cache
Miss from cloudfront
content-length
207
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 28 Jun 2022 07:55:26 GMT
server
nginx
etag
"156-5e27d5c025780-gzip"
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
x-amz-cf-id
Q3Dv6Aa-C_ikkeAEVgLqdYS-pwratH7j6N7f0w5Ka-2xuuxlgkh9-g==
json
forms-eu1.hsforms.com/embed/v3/form/25755956/4dbceae1-75ae-423a-9c12-dee8f1ca3345/ 		112 KB
30 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms-eu1.hsforms.com/embed/v3/form/25755956/4dbceae1-75ae-423a-9c12-dee8f1ca3345/json?hs_static_app=forms-embed&hs_static_app_version=1.4708&X-HubSpot-Static-App-Info=forms-embed-1.4708
Requested by
Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e633655cc5f51b071543edb767f72bb65fe2064bc2a9aee38c075467164971bd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.group-ib.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

X-Origin-Hublet
eu1
Date
Fri, 16 Feb 2024 02:09:05 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
CF-Cache-Status
DYNAMIC
Content-Encoding
br
x-evy-trace-route-service-name
envoyset-translator
X-HubSpot-Correlation-Id
0430ecb7-1a9e-45e2-90f9-b5436d3d9963
Transfer-Encoding
chunked
x-envoy-upstream-service-time
18
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
0430ecb7-1a9e-45e2-90f9-b5436d3d9963
Server
cloudflare
X-Trace
2BB97A9DAB4B3D2A225CC136A11EEDAB913ADEDBA0000000000000000000
Vary
origin
Access-Control-Allow-Methods
OPTIONS, GET
Content-Type
application/json;charset=utf-8
Access-Control-Allow-Origin
https://www.group-ib.com
x-evy-trace-virtual-host
all
Access-Control-Expose-Headers
X-Origin-Hublet
Access-Control-Max-Age
180
Access-Control-Allow-Credentials
false
Cache-Control
max-age=0, no-cache, no-store
X-Robots-Tag
none
Access-Control-Allow-Headers
*
CF-RAY
85623f180c374d5e-FRA
x-evy-trace-served-by-pod
fra04/star-hubspot-td/envoy-proxy-56464fb95b-l4w4j
json
forms-eu1.hsforms.com/embed/v3/form/25755956/5a995f05-701c-48e3-b25a-d1548ba3c0b3/ 		105 KB
29 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms-eu1.hsforms.com/embed/v3/form/25755956/5a995f05-701c-48e3-b25a-d1548ba3c0b3/json?hs_static_app=forms-embed&hs_static_app_version=1.4708&X-HubSpot-Static-App-Info=forms-embed-1.4708
Requested by
Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3cda368ba14f2a9bfbfb8aff308e0fb011bd85251c873421c0c82e44cc11e7c7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.group-ib.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

X-Origin-Hublet
eu1
Date
Fri, 16 Feb 2024 02:09:05 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
CF-Cache-Status
DYNAMIC
Content-Encoding
br
x-evy-trace-route-service-name
envoyset-translator
X-HubSpot-Correlation-Id
2a273bc4-9170-420f-acc0-f8bae957dde6
Transfer-Encoding
chunked
x-envoy-upstream-service-time
18
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
2a273bc4-9170-420f-acc0-f8bae957dde6
Server
cloudflare
X-Trace
2B14FA8F5F6E9FA472239474FC8897D7CC5A8E15CC000000000000000000
Vary
origin
Access-Control-Allow-Methods
OPTIONS, GET
Content-Type
application/json;charset=utf-8
Access-Control-Allow-Origin
https://www.group-ib.com
x-evy-trace-virtual-host
all
Access-Control-Expose-Headers
X-Origin-Hublet
Access-Control-Max-Age
180
Access-Control-Allow-Credentials
false
Cache-Control
max-age=0, no-cache, no-store
X-Robots-Tag
none
Access-Control-Allow-Headers
*
CF-RAY
85623f181c682c20-FRA
x-evy-trace-served-by-pod
fra04/star-hubspot-td/envoy-proxy-56464fb95b-6djgv
truncated
/ 		64 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
01caf20e667c8e300960582162f912d9405e9895c32cff1a9ee95511fd509a2c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1f464ef7c0b366ff00e2f023cb6b48112306212648e451ddf16be40c2b99d639

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		69 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
81cc2a3a0c0b6e8335f5f3143390b8b6f036dc573e73d3f4b5742482f0bdca73

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
dropdown_before.svg
website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ 		154 B
922 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/dropdown_before.svg
Requested by
Host: website.cdn.group-ib.com
URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css?x23625
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:2600:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
574ab1a3d7b47add5d43a927f62c87698264f63572acd70b42081dd4a1dc5ced
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css?x23625
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 16 Feb 2024 02:09:05 GMT
via
1.1 ca6609f4a83e693c532f54c00146f5f8.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
PRG50-C1
x-cache
Miss from cloudfront
content-length
150
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 28 Jun 2022 07:55:26 GMT
server
nginx
etag
"9a-5e27d5c025780-gzip"
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
x-amz-cf-id
fLSOx-gz8jeh-XxM4wyyzH3rtgrfa8Ai7B-wC0nmZ4ILEZdEAJzIig==
link-arrow.svg
website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/ 		409 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/link-arrow.svg
Requested by
Host: website.cdn.group-ib.com
URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css?x23625
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:2600:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e91c5731358570d3e4cd684118251d243fc799059648b152403dcd775ceba632
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css?x23625
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 16 Feb 2024 02:09:05 GMT
via
1.1 ca6609f4a83e693c532f54c00146f5f8.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
PRG50-C1
x-cache
Miss from cloudfront
content-length
267
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 28 Jun 2022 07:55:26 GMT
server
nginx
etag
"199-5e27d5c025780-gzip"
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
x-amz-cf-id
-kFIJWdbcCAsJBiXbuU3PiQKm88Rc0MI6Vv8_sSnRPNYtmBrIJFvNg==
Close.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 		227 B
274 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/Close.svg
Requested by
Host: website.cdn.group-ib.com
URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css?x23625
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
31d1c5bd0cd38e6e6b8eb944944df273044e826c7d3daacbe602caead3068c7a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://website.cdn.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 16 Feb 2024 02:09:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-length
180
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 29 Nov 2022 12:14:21 GMT
server
nginx
etag
"e3-5ee9aed8bc981-gzip"
vary
Accept-Encoding
x-frame-options
sameorigin
content-type
image/svg+xml
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
file_copy.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 		668 B
436 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/file_copy.svg
Requested by
Host: website.cdn.group-ib.com
URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css?x23625
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
f367bbc4429fc9fb0a93045245aef519a000ab275549645cddecb3f953e0a05f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://website.cdn.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 16 Feb 2024 02:09:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-length
352
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 28 Nov 2022 13:01:55 GMT
server
nginx
etag
"29c-5ee8779d1a6cb-gzip"
vary
Accept-Encoding
x-frame-options
sameorigin
content-type
image/svg+xml
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
success.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 		386 B
338 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/success.svg
Requested by
Host: website.cdn.group-ib.com
URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css?x23625
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
fa4859289ded4c674dcee233811758743116b1d7ce4e9f0c0e7e259391504c43
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://website.cdn.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 16 Feb 2024 02:09:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-length
254
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 29 Nov 2022 11:07:05 GMT
server
nginx
etag
"182-5ee99fd05f106-gzip"
vary
Accept-Encoding
x-frame-options
sameorigin
content-type
image/svg+xml
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
list-dot.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 		313 B
288 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/list-dot.svg
Requested by
Host: website.cdn.group-ib.com
URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css?x23625
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
6b0775723ccade5ca3170fcc6a321c5b4768a5dc2b7c83b8b8b595407a2f0018
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://website.cdn.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 16 Feb 2024 02:09:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-length
205
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 08 Sep 2022 12:02:57 GMT
server
nginx
etag
"139-5e82935d2238c-gzip"
vary
Accept-Encoding
x-frame-options
sameorigin
content-type
image/svg+xml
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
G-font-Bold.otf
website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/ 		49 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/fonts/G-font/G-font-Bold.otf
Requested by
Host: website.cdn.group-ib.com
URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css?x23625
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:2600:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
8d15a221986226efe4f742f390f46f9d5ae8b2008a6edd40e10ff121ef9cca9b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css?x23625
Origin
https://www.group-ib.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
date
Fri, 16 Feb 2024 02:09:05 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 3544838dca6112dd616da017a568e76a.cloudfront.net (CloudFront)
x-content-type-options
nosniff
x-amz-cf-pop
PRG50-C1
x-cache
Miss from cloudfront
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 27 Nov 2023 11:44:59 GMT
server
nginx
etag
W/"c320-60b20d4ef6694"
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
font/otf
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
x-amz-cf-id
9l4VFyxu9Ph5apH81WUWsSPARdpAcA75WV3W6E3owXwMjLGJbYA_ew==
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7c7059db8ecde84490f26faabf052049c5f9dd7595351e715d1d62f3f192626d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		69 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a2e2a553de76ad92939be48c5f348dfa160fa814290f0b6f9c5f686867d7c09e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		69 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
04d1a8188db4ef391a4ad6234b8a874000bc370e05851cf809bd0214f4b34818

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		69 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f88ae160abe64fb83a259b33ec271d5528948092220ca3d56f11b5a64f32c71a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		69 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
da64f7d27aabf5b907e5956a23532c0fc88ae16ad0f5b21685047be69d414611

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		69 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e5c4c6e47690f81487678532ea9562e08b7736d4d93039b0210c417aa1a5009d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		69 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
74be24b105f72ebb26bf8cd977dbb8e440cb561f4675c45c2f9966ac3a517fb6

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
39966166c121ee54e5e0fc3920768776dfdb1bc28cce65b592aeb00f1e4e7264

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		70 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
49a3726fe6ab220c952643d5355993a94483457fb96de7dcd5d1a59f174cf0a8

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6a74ed0aee9c883de6f3f00a94fb94ad8900ecd0756ec57700b4bf61c98b3397

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		69 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
641ef23866da6952f69f44e59a099f2768e76492356d42cd3526f8d451d6aec0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		69 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3e9324d333657de2bd70d2664b982a596a56efb71439fcf6ccaa26cc395047de

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2aadfaa1d0c9a9069ae70eb905eb54304bc9554c946d1bf737360ac3206a344a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		70 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e6df8eaa7ebb0ef055b7bffacf16c2e20c66d26fbad0bac2903d305d1be4e9ac

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4c1fb39076e7c667b756497561d60ed0e1e07c8afb414d32128f39750431dd33

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b3268ee929707d925ad2f2d336154a2e3f432e53ddc15c6c3223204d44f86590

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		69 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f9e7d7743a88f65d1029df3e6b20a7797ef38ac13fa794194b638d46969f059c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3040b3046eb6964fcf6be67e5b106edeb0d3208f0332a1e22313e28c1c0b1447

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		69 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
2ee0d772180927e952ed4d1f5692c3e638c256fac5cb182f4f3dcc5cc456278e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e33a6e8fa280f33dcb95bd32a5da53ed5271a451342391bcfb95fedb101a2ba7

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
a096a0aafef83789962be79a019a05c4fd75f0deee1097a8a6bed3fce7902606

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		69 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
41b6d77bfb32ee9f0133fceb438e76af59781583dd684e2e7a281feb03e9a5c6

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d1291e20cf0f75a972b9cf14dc9fad9525cb8cc3f0fcbcb1f7cf5468ff96ce39

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e9c6896e3a26a47ef38dbacefdc9d0f142c56c6d2b659a464f90f45d1c270437

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6e9eacd04b92194e71f990f93b9615f0838df62335b4bef072dc351f99d1fa80

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		69 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5a55c27fa892b956b9bb9b7211fd3b9414cbd3712800d08f25f8bb8852e896d6

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		69 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f5b327d74e99262db4376f7e082c6ccc5c2acf4d00379b12abd43a2433d7243a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
truncated
/ 		69 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1cc1aead00e38d359b7fe94e6e4caf194a94719a2c9856e9fed3cae6b5c16ffc

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
Material-Icons.woff2
website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/fonts/Material-Icons/ 		125 KB
126 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/fonts/Material-Icons/Material-Icons.woff2
Requested by
Host: website.cdn.group-ib.com
URL: https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css?x23625
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:2600:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

Referer
https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/css/single-blog-post.css?x23625
Origin
https://www.group-ib.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
date
Fri, 16 Feb 2024 02:09:05 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 3544838dca6112dd616da017a568e76a.cloudfront.net (CloudFront)
x-amz-cf-pop
PRG50-C1
x-cache
Miss from cloudfront
content-length
128352
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 28 Nov 2023 16:09:12 GMT
server
nginx
etag
"1f560-60b38a3b3ece3"
x-frame-options
sameorigin
content-type
font/woff2
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
x-amz-cf-id
Croax4UiXa8RklU0g_B5cMrCrKiF_g5BvP5-qZlfmZCJjZ5JRZfZTQ==
truncated
/ 		68 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
34e0bb5c5ed1184e6452cf7562faf332af1a26e95e50e035ff0a9f7065e6df9e

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Content-Type
image/svg+xml
json
forms-eu1.hsforms.com/embed/v3/form/25755956/55a22738-d5a5-43f9-9c1c-fa4c1a6eb349/ 		8 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms-eu1.hsforms.com/embed/v3/form/25755956/55a22738-d5a5-43f9-9c1c-fa4c1a6eb349/json?hs_static_app=forms-embed&hs_static_app_version=1.4708&X-HubSpot-Static-App-Info=forms-embed-1.4708
Requested by
Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f9524ef76e541efc2d01dd8b67810df9d2c1e35398036b96949a051fd66f69d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.group-ib.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

X-Origin-Hublet
eu1
Date
Fri, 16 Feb 2024 02:09:05 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
CF-Cache-Status
DYNAMIC
Content-Encoding
br
x-evy-trace-route-service-name
envoyset-translator
X-HubSpot-Correlation-Id
06f25c5b-fa81-4ca3-9945-cc6e7aaa80af
Transfer-Encoding
chunked
x-envoy-upstream-service-time
9
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
06f25c5b-fa81-4ca3-9945-cc6e7aaa80af
Server
cloudflare
X-Trace
2B0DF22DF7F4FB9CAEEC063DA8E17EC1CCE0748BC2000000000000000000
Vary
origin
Access-Control-Allow-Methods
OPTIONS, GET
Content-Type
application/json;charset=utf-8
Access-Control-Allow-Origin
https://www.group-ib.com
x-evy-trace-virtual-host
all
Access-Control-Expose-Headers
X-Origin-Hublet
Access-Control-Max-Age
180
Access-Control-Allow-Credentials
false
Cache-Control
max-age=0, no-cache, no-store
X-Robots-Tag
none
Access-Control-Allow-Headers
*
CF-RAY
85623f188ca92c20-FRA
x-evy-trace-served-by-pod
fra04/star-hubspot-td/envoy-proxy-56464fb95b-qbbb4
gtm.js
www.googletagmanager.com/ 		320 KB
99 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PW7265
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
3e8f2ffb6b68f508b1b5e1ad330cc1b3141db87376da043d1039cfd254449cb9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:05 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
101353
x-xss-protection
0
last-modified
Fri, 16 Feb 2024 00:51:57 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 16 Feb 2024 02:09:05 GMT
insight.min.js
website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/js/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/js/insight.min.js?x23625
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:2600:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 16 Feb 2024 02:09:05 GMT
via
1.1 ca6609f4a83e693c532f54c00146f5f8.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
PRG50-C1
x-cache
Miss from cloudfront
content-length
3085
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 15 Jul 2022 14:12:57 GMT
server
nginx
etag
"1e5a-5e3d89d6a8c40-gzip"
x-frame-options
sameorigin
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
x-amz-cf-id
tZfagVXulP46dYmiFsTY-0QBLJG8PGu5w3uS-On6_SKw3UhZ2YTd9Q==
json
forms-eu1.hsforms.com/embed/v3/form/25755956/eb903dab-0ef3-43b5-bdeb-71372e6ad0f0/ 		7 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms-eu1.hsforms.com/embed/v3/form/25755956/eb903dab-0ef3-43b5-bdeb-71372e6ad0f0/json?hs_static_app=forms-embed&hs_static_app_version=1.4708&X-HubSpot-Static-App-Info=forms-embed-1.4708
Requested by
Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a85d61fd6676ad7f7f71cd6ae0fb6f87447b321d8d30f8dab30d1dcdc316214f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.group-ib.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

X-Origin-Hublet
eu1
Date
Fri, 16 Feb 2024 02:09:05 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
CF-Cache-Status
DYNAMIC
Content-Encoding
br
x-evy-trace-route-service-name
envoyset-translator
X-HubSpot-Correlation-Id
1a4ebfb4-18fd-49e1-a7ff-980e175ad28d
Transfer-Encoding
chunked
x-envoy-upstream-service-time
7
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
1a4ebfb4-18fd-49e1-a7ff-980e175ad28d
Server
cloudflare
X-Trace
2BA70B8CABA443F68D5D221221A461A983884839AC000000000000000000
Vary
origin
Access-Control-Allow-Methods
OPTIONS, GET
Content-Type
application/json;charset=utf-8
Access-Control-Allow-Origin
https://www.group-ib.com
x-evy-trace-virtual-host
all
Access-Control-Expose-Headers
X-Origin-Hublet
Access-Control-Max-Age
180
Access-Control-Allow-Credentials
false
Cache-Control
max-age=0, no-cache, no-store
X-Robots-Tag
none
Access-Control-Allow-Headers
*
CF-RAY
85623f189c884d5e-FRA
x-evy-trace-served-by-pod
fra04/star-hubspot-td/envoy-proxy-56464fb95b-l4w4j
fb.js
js-eu1.hsadspixel.net/ 		6 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-eu1.hsadspixel.net/fb.js
Requested by
Host: js-eu1.hs-scripts.com
URL: https://js-eu1.hs-scripts.com/25755956.js?x23625
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.65.219.229 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fa97d5a93f1d1e252fd0259295827c1a0713d434e3acbd2e33786adfceb534ce
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:05 GMT
x-amz-version-id
isGrj7bsJKQyiYsmde6FQimVS.PTJSF2
via
1.1 3aad72975c9da06e6d0903ad874f0b54.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
x-amz-cf-pop
FRA56-P2
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
68c68744-5021-4b30-a035-503b3d4ab9f8
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.522/bundles/pixels-release.js&cfRay=856236564b1d2c4d-FRA
x-cache
Hit from cloudfront
cache-tag
staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-encoding
br
age
359
x-envoy-upstream-service-time
0
x-amz-replication-status
COMPLETED
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
68c68744-5021-4b30-a035-503b3d4ab9f8
last-modified
Thu, 15 Feb 2024 14:51:53 UTC
server
cloudflare
etag
W/"b058f364a6909ff145f5780315cd5784"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
x-hs-cache-status
HIT
x-evy-trace-virtual-host
all
cache-control
max-age=600
x-evy-trace-served-by-pod
fra04/app-td/envoy-proxy-7684d9bdfc-pfkj2
cf-ray
85623f1908112c2b-FRA
x-amz-cf-id
-fOi5VNLKoe6x3yhNJ1vpw79pEcyHLEXujAhRIFJEQ1WElf2X4h6ew==
x-hs-target-asset
adsscriptloaderstatic/static-1.522/bundles/pixels-release.js
web-interactives-embed.js
js-eu1.hubspot.com/ 		82 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-eu1.hubspot.com/web-interactives-embed.js
Requested by
Host: js-eu1.hs-scripts.com
URL: https://js-eu1.hs-scripts.com/25755956.js?x23625
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.65.236.181 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2b8e254a6bf8562ac40c484269bc45755d4cb9fc70aabbd4d5e8836d04efd637
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.group-ib.com/
Origin
https://www.group-ib.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-encoding
br
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.889/bundles/project.js&cfRay=85623f191a2c2bc6-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"e20885ffed2008a0c825e67d0c9952cf"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
max-age=600
x-hs-target-asset
web-interactives-embed/static-2.889/bundles/project.js
date
Fri, 16 Feb 2024 02:09:05 GMT
x-amz-version-id
IpfagJGRE3NrrUs16P3Z9Fqu3Ag.53Tu
via
1.1 03ffca0f67e3596b9a0c92342fe91598.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA56-P2
x-hubspot-correlation-id
af4fe75a-597c-4272-81e7-1bd1d798884e
x-cache
Hit from cloudfront
cache-tag
staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
3
x-evy-trace-route-configuration
listener_https/all
x-request-id
af4fe75a-597c-4272-81e7-1bd1d798884e
last-modified
Wed, 14 Feb 2024 14:44:07 UTC
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=MJ95XchqhLX86tQKgHmx8MoMCTvheondU0Y4Ko14Zr0Q1fZB4n7Hppyij5w0%2FawJxrkHhM4co%2Fkv%2BQ9Ae%2FJlO3rkcImF%2FvxkNp%2FTpcQxl2YnPQfNtibPxOEp6hu5Drd5Nu2%2BmA%3D%3D"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status
HIT
x-evy-trace-served-by-pod
fra04/app-td/envoy-proxy-7684d9bdfc-pfkj2
cf-ray
85623f191a2c2bc6-FRA
x-amz-cf-id
HNhNLHZTzErQWUAXqI36hSExLPUNuvEJ8PY0UEGJn_Rn_LCkU4NyBw==
collectedforms.js
js-eu1.hscollectedforms.net/ 		69 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-eu1.hscollectedforms.net/collectedforms.js
Requested by
Host: js-eu1.hs-scripts.com
URL: https://js-eu1.hs-scripts.com/25755956.js?x23625
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.65.192.122 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7c326f96b9af470b51c887a189b1f81d241d6beef4844b37c8add5144fa6f55d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.group-ib.com/
Origin
https://www.group-ib.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:05 GMT
x-amz-version-id
JAkD5shSwdxe4gNEROP8R.wQbdFvcCSE
via
1.1 cb4c4a25e4ef534686959996782c8476.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
EXPIRED
x-amz-cf-pop
FRA56-P2
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
6242e263-ad04-4e58-b15f-6cf2c4cb65a9
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.451/bundles/project.js&cfRay=85623f190c5f9a0b-FRA
x-cache
Hit from cloudfront
cache-tag
staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
content-encoding
br
x-envoy-upstream-service-time
2
x-amz-replication-status
COMPLETED
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
6242e263-ad04-4e58-b15f-6cf2c4cb65a9
last-modified
Wed, 03 Jan 2024 09:59:35 UTC
server
cloudflare
etag
W/"dc52d8d37d1323196ca91b50795df6c4"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
x-hs-cache-status
HIT
cache-control
s-maxage=600, max-age=300
x-evy-trace-served-by-pod
fra04/app-td/envoy-proxy-7684d9bdfc-zjhnq
cf-ray
85623f190c5f9a0b-FRA
x-amz-cf-id
xlRHG8iw5jMfx6_Pb9lNqOL0gY1au_ZVImhTQcwYGkQE3vdUC2zu0g==
x-hs-target-asset
collected-forms-embed-js/static-1.451/bundles/project.js
banner.js
js-eu1.hs-banner.com/v2/25755956/ 		69 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-eu1.hs-banner.com/v2/25755956/banner.js
Requested by
Host: js-eu1.hs-scripts.com
URL: https://js-eu1.hs-scripts.com/25755956.js?x23625
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.65.202.201 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3cca0ab10bbef0fbcd57a91d708eb8a5c9ae33893d43840a4d28a8e222a97a0d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:05 GMT
x-amz-version-id
gH_WCLwQ0rilryyGXKp0Na3wawoNhqkJ
content-encoding
br
cf-cache-status
REVALIDATED
x-amz-request-id
RGG53FWQ24VF11B4
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
2b19a48a-cf7b-4244-80e7-94ecd75f45a5
x-envoy-upstream-service-time
25
x-amz-id-2
66s48MH+v50Mgx5xBFxRi+9Tin7lDmMuhxGtfpC0HxFDBA63FueQmJnC5xu047/cWJoFfFbKPbY=
x-evy-trace-listener
listener_https
x-request-id
2b19a48a-cf7b-4244-80e7-94ecd75f45a5
x-evy-trace-route-configuration
listener_https/all
last-modified
Tue, 13 Feb 2024 16:28:41 GMT
server
cloudflare
etag
W/"54ea493fa247fea2d311ab3392f2d132"
access-control-max-age
604800
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
https://www.group-ib.com
x-evy-trace-virtual-host
all
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300,public
access-control-allow-credentials
true
x-evy-trace-served-by-pod
fra04/analytics-js-proxy-td/envoy-proxy-85f6b97865-mgtdg
vary
origin, Accept-Encoding
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray
85623f1909475c5c-FRA
expires
Fri, 16 Feb 2024 02:14:05 GMT
25755956.js
js-eu1.hs-analytics.net/analytics/1708045800000/ 		66 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-eu1.hs-analytics.net/analytics/1708045800000/25755956.js
Requested by
Host: js-eu1.hs-scripts.com
URL: https://js-eu1.hs-scripts.com/25755956.js?x23625
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.65.238.60 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a28f2b877315f75c80dc0f39ad949b8e4c20475100d2d2ee9f551c5aabc37704

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:05 GMT
content-encoding
br
cf-cache-status
MISS
x-amz-request-id
2VG0J85Z3QDCMZV8
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
79bcf497-9473-4e97-95aa-7fb2fd4b3eb9
x-envoy-upstream-service-time
19
x-amz-id-2
fvu3+nLrrwGPtABRsZOcGf1Micc/UydL+nvY+CNSf5mRDAsa+Bw6rUr4HiTCxA0hJChINo2bCok=
x-evy-trace-listener
listener_https
x-request-id
79bcf497-9473-4e97-95aa-7fb2fd4b3eb9
x-evy-trace-route-configuration
listener_https/all
last-modified
Wed, 03 Jan 2024 16:34:18 GMT
server
cloudflare
etag
W/"f6c7282a68bd157629cbd20c77832861"
vary
origin, Accept-Encoding
content-type
text/javascript
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
fra04/analytics-js-proxy-td/envoy-proxy-85f6b97865-52v8g
cache-control
max-age=300,public
access-control-allow-credentials
false
cf-ray
85623f190d709243-FRA
expires
Fri, 16 Feb 2024 02:14:05 GMT
main-logo.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/main-logo.svg?x23625
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
fffe17f6fe0ca9bf2e69d087a687c9d2340f67d742a70a810a57ef3c7d17cefe
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/blog/goldfactory-ios-trojan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 16 Feb 2024 02:09:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-length
2025
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 02 Nov 2023 07:29:29 GMT
server
nginx
etag
"116f-6092659219013-gzip"
vary
Accept-Encoding
x-frame-options
sameorigin
content-type
image/svg+xml
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
ti.png
website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ti.png?x23625
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:2600:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
f0e3a799744c0c67782742af2c13b85f769b58abd04800a04853d26f60cf7314
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
date
Fri, 16 Feb 2024 02:09:05 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 ca6609f4a83e693c532f54c00146f5f8.cloudfront.net (CloudFront)
x-amz-cf-pop
PRG50-C1
x-cache
Miss from cloudfront
content-length
5919
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 28 Jun 2022 07:55:26 GMT
server
nginx
etag
"171f-5e27d5c025780"
x-frame-options
sameorigin
content-type
image/png
access-control-allow-origin
https://www.group-ib.com
cache-control
no-cache, private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
x-amz-cf-id
oUKUEGtkPmjBHggUL7q5IJUOrN7dMri4wSvixFSC6tyHKIqWhirEsg==
expires
Fri, 16 Feb 2024 02:09:04 GMT
asm.png
website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/asm.png?x23625
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:2600:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
997d49d316b533985208f14602a1ff15a76bf6a567afbb6b6980629ca8d78bab
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
date
Fri, 16 Feb 2024 02:09:05 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 ca6609f4a83e693c532f54c00146f5f8.cloudfront.net (CloudFront)
x-amz-cf-pop
PRG50-C1
x-cache
Miss from cloudfront
content-length
5941
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 28 Jun 2022 07:55:26 GMT
server
nginx
etag
"1735-5e27d5c025780"
x-frame-options
sameorigin
content-type
image/png
access-control-allow-origin
https://www.group-ib.com
cache-control
no-cache, private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
x-amz-cf-id
N1bOmLSELrSimE5QGaeg2wvAkJkYPZywvs0e-aQ3AhSn94nMAA7B0w==
expires
Fri, 16 Feb 2024 02:09:04 GMT
fp.png
website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/fp.png?x23625
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:2600:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
15534f98c260c3c3caaedf53335d912010b2de1731477a9fd4dbea89fb4995d9
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
date
Fri, 16 Feb 2024 02:09:05 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 ca6609f4a83e693c532f54c00146f5f8.cloudfront.net (CloudFront)
x-amz-cf-pop
PRG50-C1
x-cache
Miss from cloudfront
content-length
7844
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 28 Jun 2022 07:55:26 GMT
server
nginx
etag
"1ea4-5e27d5c025780"
x-frame-options
sameorigin
content-type
image/png
access-control-allow-origin
https://www.group-ib.com
cache-control
no-cache, private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
x-amz-cf-id
lg71CLagktBwE0bj6EmfUr1_n5P-i_8Je1diC4ytGHWGnWHryaUMUQ==
expires
Fri, 16 Feb 2024 02:09:04 GMT
drp.png
website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ 		5 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/drp.png?x23625
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:2600:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
a300a894e169169882504968fae71958a87e0a4322e2aee1b6b0bbd63fd9621f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
date
Fri, 16 Feb 2024 02:09:05 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 ca6609f4a83e693c532f54c00146f5f8.cloudfront.net (CloudFront)
x-amz-cf-pop
PRG50-C1
x-cache
Miss from cloudfront
content-length
5398
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 28 Jun 2022 07:55:26 GMT
server
nginx
etag
"1516-5e27d5c025780"
x-frame-options
sameorigin
content-type
image/png
access-control-allow-origin
https://www.group-ib.com
cache-control
no-cache, private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
x-amz-cf-id
lrnzniOsrLB5-IZ-uRfL-a2XoqpsyZs0_VpB7Xa7jEQvPadk2VbYNA==
expires
Fri, 16 Feb 2024 02:09:04 GMT
mxdr.png
website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/mxdr.png?x23625
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:2600:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
2be8ce2b065360537771ed230d5d72cbd84758ec127ffa035e6d260ed14af5b0
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
date
Fri, 16 Feb 2024 02:09:05 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 ca6609f4a83e693c532f54c00146f5f8.cloudfront.net (CloudFront)
x-amz-cf-pop
PRG50-C1
x-cache
Miss from cloudfront
content-length
6506
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 28 Jun 2022 07:55:26 GMT
server
nginx
etag
"196a-5e27d5c025780"
x-frame-options
sameorigin
content-type
image/png
access-control-allow-origin
https://www.group-ib.com
cache-control
no-cache, private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
x-amz-cf-id
KG8G-3GiiOS4j-5eOEgs9ZZ3-QbK-Hghj7jgBhFpG2s7HEZyBoWXaw==
expires
Fri, 16 Feb 2024 02:09:04 GMT
bep.png
website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/ 		6 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://website.cdn.group-ib.com/wp-content/themes/gib-theme/assets/images/main-nav/bep.png?x23625
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:2600:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
7574ba97d4ee7e81bd60873a52a31ff13359f246d0ac492ef2dabf96233a99e6
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
date
Fri, 16 Feb 2024 02:09:05 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 ca6609f4a83e693c532f54c00146f5f8.cloudfront.net (CloudFront)
x-amz-cf-pop
PRG50-C1
x-cache
Miss from cloudfront
content-length
6362
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 28 Jun 2022 07:55:26 GMT
server
nginx
etag
"18da-5e27d5c025780"
x-frame-options
sameorigin
content-type
image/png
access-control-allow-origin
https://www.group-ib.com
cache-control
no-cache, private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
x-amz-cf-id
ifVR1nxvgRNTvIfucH05JTbXB_uiM6DQmrYHSwd480AL4k8cSmYTpg==
expires
Fri, 16 Feb 2024 02:09:04 GMT
twitter-64.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/ 		1 KB
638 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/twitter-64.svg?x23625
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
ae9dad69229703dfa3b6d226c4c7d692e2f2809bf2475f22612824c2f7602efc
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/blog/goldfactory-ios-trojan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 16 Feb 2024 02:09:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-length
554
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 29 Nov 2022 07:39:21 GMT
server
nginx
etag
"426-5ee9716179e8a-gzip"
vary
Accept-Encoding
x-frame-options
sameorigin
content-type
image/svg+xml
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
facebook-64.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/ 		627 B
445 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/facebook-64.svg?x23625
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
f006e8bbfa4f0537780571436b5bed50ff10ff28759924c53b67732ec5af28ba
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/blog/goldfactory-ios-trojan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 16 Feb 2024 02:09:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-length
376
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 29 Nov 2022 07:39:21 GMT
server
nginx
etag
"273-5ee9716178eea-gzip"
vary
Accept-Encoding
x-frame-options
sameorigin
content-type
image/svg+xml
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
telegram-64.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/ 		1 KB
906 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/telegram-64.svg?x23625
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
cdc4d10b6b74ad79b55333b9882e854f054ee8b9953c6203dc46c68dc74eb0fb
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/blog/goldfactory-ios-trojan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 16 Feb 2024 02:09:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-length
787
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 29 Nov 2022 07:39:21 GMT
server
nginx
etag
"5fc-5ee9716179e8a-gzip"
vary
Accept-Encoding
x-frame-options
sameorigin
content-type
image/svg+xml
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
linkedin-64.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/ 		919 B
598 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/linkedin-64.svg?x23625
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
f4991587d5312981e74087707ed399bd3820d83f773e7773c013ce00d6835f28
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/blog/goldfactory-ios-trojan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 16 Feb 2024 02:09:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-length
470
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 29 Nov 2022 07:39:21 GMT
server
nginx
etag
"397-5ee9716179e8a-gzip"
vary
Accept-Encoding
x-frame-options
sameorigin
content-type
image/svg+xml
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
whatsapp-64.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/socials/whatsapp-64.svg?x23625
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
45d44c2f23a04d49dbbb3f216ba72782ad80278cf7c4c330b1f03b8263c544ee
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/blog/goldfactory-ios-trojan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 16 Feb 2024 02:09:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-length
1046
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 29 Nov 2022 07:39:21 GMT
server
nginx
etag
"7e8-5ee9716179e8a-gzip"
vary
Accept-Encoding
x-frame-options
sameorigin
content-type
image/svg+xml
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
share-black.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 		1 KB
582 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/share-black.svg?x23625
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
3689e488f5478e26f0347353ad608ccd66e4d62992021c51d9db93f89d43c880
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/blog/goldfactory-ios-trojan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 16 Feb 2024 02:09:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-length
500
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 22 Nov 2022 11:16:45 GMT
server
nginx
etag
"468-5ee0d4eb0feca-gzip"
vary
Accept-Encoding
x-frame-options
sameorigin
content-type
image/svg+xml
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
wb_sunny-black.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 		724 B
445 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/wb_sunny-black.svg?x23625
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
cc5dcea4d483d798630d7fe0846a1b784618aa3d4f86bdfa655083d81750322a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/blog/goldfactory-ios-trojan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 16 Feb 2024 02:09:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-length
385
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 22 Nov 2022 11:16:45 GMT
server
nginx
etag
"2d4-5ee0d4eb0feca-gzip"
vary
Accept-Encoding
x-frame-options
sameorigin
content-type
image/svg+xml
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
moon.svg
www.group-ib.com/wp-content/themes/gib-theme/assets/images/ 		627 B
445 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.group-ib.com/wp-content/themes/gib-theme/assets/images/moon.svg?x23625
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
dedf6c9294a8b9e4b13b1575641071e45c8e61235bd154d19103fd2893ccd708
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/blog/goldfactory-ios-trojan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 16 Feb 2024 02:09:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-length
361
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Thu, 24 Nov 2022 12:37:03 GMT
server
nginx
etag
"273-5ee36a9860213-gzip"
vary
Accept-Encoding
x-frame-options
sameorigin
content-type
image/svg+xml
access-control-allow-origin
https://www.group-ib.com
cache-control
private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
golddigger-family.webp
website.cdn.group-ib.com/wp-content/uploads/ 		1 MB
1 MB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://website.cdn.group-ib.com/wp-content/uploads/golddigger-family.webp
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:2600:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
f63332d5481eca395f04b240deb00803ce596edee81917c285aae35b743190f9
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
date
Fri, 16 Feb 2024 02:09:05 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 ca6609f4a83e693c532f54c00146f5f8.cloudfront.net (CloudFront)
x-amz-cf-pop
PRG50-C1
x-cache
Miss from cloudfront
content-length
1224192
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 12 Feb 2024 09:23:32 GMT
server
nginx
etag
"12ae00-6112bd4de12e3"
x-frame-options
sameorigin
content-type
image/webp
access-control-allow-origin
https://www.group-ib.com
cache-control
no-cache, private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
x-amz-cf-id
FuPOUJsieTYZuAv2CB7AmfPTv64YIBfAv47bpgGN70k65crTkj8KbA==
expires
Fri, 16 Feb 2024 02:09:04 GMT
polovinkin-1.png
website.cdn.group-ib.com/wp-content/uploads/ 		49 KB
50 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://website.cdn.group-ib.com/wp-content/uploads/polovinkin-1.png
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:2600:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
e2bc964baa3f3b79d9ef59a46164809bde86d6550a4de912535d056e514ae152
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
date
Fri, 16 Feb 2024 02:09:05 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 ca6609f4a83e693c532f54c00146f5f8.cloudfront.net (CloudFront)
x-amz-cf-pop
PRG50-C1
x-cache
Miss from cloudfront
content-length
50537
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 14 Apr 2023 09:15:22 GMT
server
nginx
etag
"c569-5f94847e19d03"
x-frame-options
sameorigin
content-type
image/png
access-control-allow-origin
https://www.group-ib.com
cache-control
no-cache, private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
x-amz-cf-id
nuLtaSYgyW0uCbaAyyZt5W4vCPW2eGJsf7k9X_GoJDPf8D82vBfL7w==
expires
Fri, 16 Feb 2024 02:09:04 GMT
sharmine.png
website.cdn.group-ib.com/wp-content/uploads/ 		52 KB
53 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://website.cdn.group-ib.com/wp-content/uploads/sharmine.png
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:2600:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
8862216dc79ff8f6b3fe740b6d57e6faa76199dca433d61c9dfadf567615f5be
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
date
Fri, 16 Feb 2024 02:09:05 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 ca6609f4a83e693c532f54c00146f5f8.cloudfront.net (CloudFront)
x-amz-cf-pop
PRG50-C1
x-cache
Miss from cloudfront
content-length
53486
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 04 Dec 2023 13:46:15 GMT
server
nginx
etag
"d0ee-60baf5784a1b0"
x-frame-options
sameorigin
content-type
image/png
access-control-allow-origin
https://www.group-ib.com
cache-control
no-cache, private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
x-amz-cf-id
cauPgiNtwhz8nB2PC9krNnklJVbbLMZZOSvKkMd860aH3m0THngsDQ==
expires
Fri, 16 Feb 2024 02:09:04 GMT
resumelooters-blog2.webp
website.cdn.group-ib.com/wp-content/uploads/ 		92 KB
93 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://website.cdn.group-ib.com/wp-content/uploads/resumelooters-blog2.webp
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:2600:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
535a3e8a2e0bed5a94183cc6c0dcf3320da9618b0f0311807f572566df54bd3c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
date
Fri, 16 Feb 2024 02:09:05 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 ca6609f4a83e693c532f54c00146f5f8.cloudfront.net (CloudFront)
x-amz-cf-pop
PRG50-C1
x-cache
Miss from cloudfront
content-length
94050
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 30 Jan 2024 08:46:15 GMT
server
nginx
etag
"16f62-61025cb8c0a10"
x-frame-options
sameorigin
content-type
image/webp
access-control-allow-origin
https://www.group-ib.com
cache-control
no-cache, private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
x-amz-cf-id
ipEyTiZj2Daaif3pybjTBX5MlXV9MuW2KiZTSrCKoZdcGyTZ8YaGlg==
expires
Fri, 16 Feb 2024 02:09:04 GMT
inferno-drainer-1.webp
website.cdn.group-ib.com/wp-content/uploads/ 		89 KB
90 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://website.cdn.group-ib.com/wp-content/uploads/inferno-drainer-1.webp
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:2600:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
233a28d0bf5a15c403dea23305bef421c7f6db637412b213497051bc6e80d5a7
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
date
Fri, 16 Feb 2024 02:09:05 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 ca6609f4a83e693c532f54c00146f5f8.cloudfront.net (CloudFront)
x-amz-cf-pop
PRG50-C1
x-cache
Miss from cloudfront
content-length
91256
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Fri, 12 Jan 2024 11:39:53 GMT
server
nginx
etag
"16478-60ebe1f69fdf6"
x-frame-options
sameorigin
content-type
image/webp
access-control-allow-origin
https://www.group-ib.com
cache-control
no-cache, private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
x-amz-cf-id
TEnTojlqC-RiVwCpT8QRuQ-shMpME4FRtpK3eVYCo7_nEwzdSZHDPw==
expires
Fri, 16 Feb 2024 02:09:04 GMT
hunting-rituals_red.jpg
website.cdn.group-ib.com/wp-content/uploads/ 		127 KB
128 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://website.cdn.group-ib.com/wp-content/uploads/hunting-rituals_red.jpg
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:2600:9:7af6:1700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx /
Resource Hash
a8db2c5feaeae215fc02c7a068b7c1f624adf29f5344f1ed90e5eaac466f6517
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

content-security-policy
frame-ancestors 'self';
date
Fri, 16 Feb 2024 02:09:05 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 ca6609f4a83e693c532f54c00146f5f8.cloudfront.net (CloudFront)
x-amz-cf-pop
PRG50-C1
x-cache
Miss from cloudfront
content-length
129927
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 16 Aug 2023 12:43:11 GMT
server
nginx
etag
"1fb87-60309a367a354"
x-frame-options
sameorigin
content-type
image/jpeg
access-control-allow-origin
https://www.group-ib.com
cache-control
no-cache, private, max-age=3600
permissions-policy
accelerometer=(),autoplay=(),camera=(),encrypted-media=(),fullscreen=*,geolocation=(),gyroscope=(),magnetometer=(),microphone=(),midi=(),payment=(),sync-xhr=(),usb=(),xr-spatial-tracking=()
accept-ranges
bytes
x-amz-cf-id
YvutGg-F6ouf4Pr8hmB6lxnxLI34m-V7OCma78WYPmx_TcPm8qEdVQ==
expires
Fri, 16 Feb 2024 02:09:04 GMT
ajax.php
www.group-ib.com/wp-content/plugins/post-views-counter-pro/includes/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/wp-content/plugins/post-views-counter-pro/includes/ajax.php
Requested by
Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
https://www.group-ib.com/blog/goldfactory-ios-trojan/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=utf-8

Response headers

date
Fri, 16 Feb 2024 02:09:05 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
counters.gif
forms.hsforms.com/embed/v3/ 		35 B
1015 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:eff9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date
Fri, 16 Feb 2024 02:09:05 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
CF-Cache-Status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
X-HubSpot-Correlation-Id
b0cf5bd3-9f23-4f87-a74a-7afa0f89f1e9
x-envoy-upstream-service-time
1
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
Content-Length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
b0cf5bd3-9f23-4f87-a74a-7afa0f89f1e9
Server
cloudflare
X-Trace
2BD7B9835EB7DFC4DB986F0B1C5FF1C7CA87392882000000000000000000
Vary
origin
Content-Type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-bfd765d7d-z8vxw
Access-Control-Expose-Headers
X-Origin-Hublet
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
false
X-Robots-Tag
none
CF-RAY
85623f197e3f5d9f-FRA
collect
px.ads.linkedin.com/ 		0
531 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=&time=1708049345512&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:04 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: F13837247FED4537A0AAA84EA103A2CD Ref B: FRAEDGE1810 Ref C: 2024-02-16T02:09:05Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-fabric
prod-lor1
x-li-proto
http/2
content-length
0
x-li-uuid
AAYRdjqBJBbfHNCFbEQy3A==
counters.gif
forms-eu1.hsforms.com/embed/v3/ 		35 B
1016 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date
Fri, 16 Feb 2024 02:09:05 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
CF-Cache-Status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
X-HubSpot-Correlation-Id
bed8d93e-9590-4e93-831f-ab70885230ae
x-envoy-upstream-service-time
2
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
Content-Length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
bed8d93e-9590-4e93-831f-ab70885230ae
Server
cloudflare
X-Trace
2BEFE6B2A3E25E032B96A080A7B2C963B1A22DAD78000000000000000000
Vary
origin
Content-Type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
fra04/star-hubspot-td/envoy-proxy-56464fb95b-mvq6n
Access-Control-Expose-Headers
X-Origin-Hublet
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
false
X-Robots-Tag
none
CF-RAY
85623f1a3f375d79-FRA
js
www.googletagmanager.com/gtag/ 		296 KB
96 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-QMES53K3Y2&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
6655c833964e7cc0558d5cf50a15999a7b9141abda7c3c90c093c92cabd2a401
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:05 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
98402
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 16 Feb 2024 02:09:05 GMT
6si.min.js
j.6sc.co/ 		64 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://j.6sc.co/6si.min.js
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
2d699428fb1a87452cb15775f3e9a531b9c8a98bfa41be2a24be4814ff0a5baf
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Feb 2024 02:09:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 20 Dec 2023 22:26:49 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"65836a29-fee9"
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, no-cache, proxy-revalidate
accept-ranges
bytes
content-length
17567
expires
Fri, 16 Feb 2024 02:09:05 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/10897073384/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10897073384/?random=1708049345647&cv=11&fst=1708049345647&bg=ffffff&guid=ON&async=1&gtm=45He42e0v72040694za200&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&ref=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&hn=www.googleadservices.com&frm=0&tiba=Face%20Off%20%7C%20Group-IB%20Blog&npa=0&pscdl=noapi&auid=1416784330.1708049346&uamb=0&uaw=0&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ce368bda9fe4ef085b118afb690d0a6cfceac733cb3089fe540e9fb9b0783bf6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Feb 2024 02:09:05 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1310
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pixel.js
www.redditstatic.com/ads/ 		28 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/pixel.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
2939d067bced6e2e3e43c1b10d2b067cb980410c2cc42fd3e867798a4a36c697

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:05 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
last-modified
Thu, 15 Feb 2024 20:38:48 GMT
server
snooserv
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag
"9a680c8c475d8bba600d4d87b4fa7ee5"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding,Origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
application/javascript
cache-control
public, max-age=60
accept-ranges
bytes
content-length
8702
bat.js
bat.bing.com/ 		45 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Fri, 16 Feb 2024 02:09:05 GMT
last-modified
Fri, 10 Nov 2023 20:09:55 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 152D8F2E74914925BC4B58D4C311EDEB Ref B: FRAEDGE1812 Ref C: 2024-02-16T02:09:05Z
etag
"80abcdf1114da1:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
13175
NeverBounce.js
cdn.neverbounce.com/widget/dist/ 		96 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.neverbounce.com/widget/dist/NeverBounce.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.46.48 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-245-46-48.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c99d11cb4960d6e1918ed55d5bcbb316d38b51098e2efc1201904d7274d3273e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Thu, 15 Feb 2024 05:21:27 GMT
content-encoding
gzip
via
1.1 fd87ab1d9a433dd02274380a706bf7d2.cloudfront.net (CloudFront)
last-modified
Mon, 02 Mar 2020 18:37:33 GMT
server
AmazonS3
x-amz-cf-pop
FRA56-P9
age
74859
etag
W/"c1e06621030dfcba15b88abbcaa546eb"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
qjDAMHmc15VZIUGWHl-bqWnFq6ahQcXHzn1JWSD1Wm8hrZ7ggHW2SA==
63e267f61a03d71ea3df5fe7
ws.zoominfo.com/pixel/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ws.zoominfo.com/pixel/63e267f61a03d71ea3df5fe7
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:880f , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
c2aa75893eebc519eb5cad16aa6971dab0da96dcd15f52ea66d966e068e2071a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/blog/goldfactory-ios-trojan/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
via
1.1 google
server
cloudflare
x-powered-by
Express
vary
Accept-Encoding
content-type
text/javascript
access-control-allow-origin
*
access-control-allow-credentials
true
x-robots-tag
noindex, nofollow
access-control-allow-headers
Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
alt-svc
h3=":443"; ma=86400
cf-ray
85623f1a7ff1913d-FRA
fbevents.js
connect.facebook.net/en_US/ 		214 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
0e04153b5f73bfa7866948f2a9870593d69bfde14e77a1a06af5f567096e5a09
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

permissions-policy-report-only
clipboard-read=(), clipboard-write=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=();report-to="permissions_policy"
content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Fri, 16 Feb 2024 02:09:05 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
57257
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
pragma
public
x-fb-debug
tAB8w48/dmoUAYyFLamvUCfmhLbBp9TiJggyLeB/UjhoFTxkrwYRfi1ANomrqMDpVhbFNzibrT/vsQQ9HzCWMg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), display-capture=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
1010045.js
tracking.g2crowd.com/attribution_tracking/conversions/ 		958 B
915 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tracking.g2crowd.com/attribution_tracking/conversions/1010045.js?p=https://www.group-ib.com/blog/goldfactory-ios-trojan/&e=
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:90e1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d4c9ffda6ca556f36f402f6d1131a4f3f567505320a9f60151023d4a8bbdb458
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:05 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
x-permitted-cross-domain-policies
none
content-security-policy
default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection
1; mode=block
x-request-id
6400923d-abf2-42c2-acb9-ae27a43a5e12
x-runtime
0.003263
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"d4c9ffda6ca556f36f402f6d1131a4f3"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Origin
content-type
text/javascript; charset=utf-8
cache-control
max-age=600, public
cf-ray
85623f1a8ee79b39-FRA
1010056.js
tracking.g2crowd.com/attribution_tracking/conversions/ 		958 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tracking.g2crowd.com/attribution_tracking/conversions/1010056.js?p=https://www.group-ib.com/blog/goldfactory-ios-trojan/&e=
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:90e1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
085d5ab7549bcb7c4e86df292e05e2e579ec6ce11e052357110484554cdb12c1
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:05 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
x-permitted-cross-domain-policies
none
content-security-policy
default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection
1; mode=block
x-request-id
82b62666-9d21-4809-91ee-e9df0ca9df99
x-runtime
0.003318
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"085d5ab7549bcb7c4e86df292e05e2e5"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Origin
content-type
text/javascript; charset=utf-8
cache-control
max-age=600, public
cf-ray
85623f1a8ee59b39-FRA
1010057.js
tracking.g2crowd.com/attribution_tracking/conversions/ 		958 B
971 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tracking.g2crowd.com/attribution_tracking/conversions/1010057.js?p=https://www.group-ib.com/blog/goldfactory-ios-trojan/&e=
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:90e1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1d26a8b07287923bfa829132476a39ef18a3d54142a095bead617044f2255eab
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
Strict-Transport-Security max-age=604800
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:05 GMT
strict-transport-security
max-age=604800
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
x-permitted-cross-domain-policies
none
content-security-policy
default-src 'self' *.g2crowd.com *.g2.com; connect-src 'self' *.g2crowd.com *.g2.com; font-src 'self' *.g2crowd.com *.g2.com; form-action 'self' *.g2crowd.com *.g2.com; frame-src 'self' *.g2crowd.com *.g2.com; img-src 'self' *.g2crowd.com *.g2.com; manifest-src 'self' *.g2crowd.com *.g2.com; media-src 'self' *.g2crowd.com *.g2.com; object-src 'self' *.g2crowd.com *.g2.com; script-src 'self' *.g2crowd.com *.g2.com; style-src 'self' *.g2crowd.com *.g2.com; worker-src 'self' *.g2crowd.com *.g2.com
x-xss-protection
1; mode=block
x-request-id
6db337c8-406b-4f7a-8bb2-9ef216ca63d4
x-runtime
0.003364
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"1d26a8b07287923bfa829132476a39ef"
x-download-options
noopen
x-frame-options
SAMEORIGIN
vary
Origin
content-type
text/javascript; charset=utf-8
cache-control
max-age=600, public
cf-ray
85623f1a8ee89b39-FRA
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1708049345650&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&tm=gtmv2
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1708049345650&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&tm=gtmv2&cookiesTest=true
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D4496601%26time%3D1708049345650%26url%3Dhttps%253A%252F%252Fwww.group-ib.com%252Fb...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1708049345650&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&tm=gtmv2&cookiesTest=true&liSync=true
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1708049345650&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQL...
0
266 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1708049345650&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQLbPFT1yHfZsgAAAY2vrK9ontNlvsal4a5dm71Vshk93_bcN3HAO6OlVJLeYb1god9EIH6ocXgY
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:05 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: 98493F0F6530481A9EDDF8AB6E8F549C Ref B: BRU30EDGE0513 Ref C: 2024-02-16T02:09:06Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-fabric
prod-lor1
x-li-proto
http/2
content-length
0
x-li-uuid
AAYRdjqQuEi49owX5lN2rg==

Redirect headers

date
Fri, 16 Feb 2024 02:09:05 GMT
x-li-pop
afd-prod-lor1-x
x-msedge-ref
Ref A: A07FDEA7ED8849098E181ECBFBEA4C06 Ref B: FRAEDGE1810 Ref C: 2024-02-16T02:09:06Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lor1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4496601&time=1708049345650&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&tm=gtmv2&cookiesTest=true&liSync=true&e_ipv6=AQLbPFT1yHfZsgAAAY2vrK9ontNlvsal4a5dm71Vshk93_bcN3HAO6OlVJLeYb1god9EIH6ocXgY
x-li-proto
http/2
content-length
0
x-li-uuid
AAYRdjqNFTqs8OmINGj69g==
combinedConfigs
cta-eu1.hubspot.com/web-interactives/public/v1/embed/ 		404 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cta-eu1.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=25755956&currentUrl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&referrer=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F
Requested by
Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.65.198.159 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
629de5c42a56b67812a858341eb4162b85218eed884271ca47b0388498dc8916
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
a1447c1b-b458-43e6-9694-049ece2ed871
content-encoding
br
x-envoy-upstream-service-time
7
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
a1447c1b-b458-43e6-9694-049ece2ed871
server
cloudflare
vary
origin
access-control-allow-methods
OPTIONS, GET
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.group-ib.com
x-evy-trace-virtual-host
all
access-control-max-age
180
access-control-allow-credentials
true
cache-control
max-age=0, no-cache, no-store
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ZBnQOZTJ4pF7Tg9YxACDHUT%2FF%2B5R%2Fz6PRxngebrpt%2Bms35%2ByyEbq1lTyJm4e1XTiyRMU%2BvzcGSkviJ%2FXHL9wHW5US4bN1DkgO7vnIZys9WNcrwNMaVQuJqhZIf7NfjVrAl83xds%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag
noindex, follow
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray
85623f1ace449b67-FRA
x-evy-trace-served-by-pod
fra04/star-hubspot-td/envoy-proxy-56464fb95b-5jwjw
json
api-eu1.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 		250 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-eu1.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=25755956
Requested by
Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a06:98c1:3200::90:2 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1aa462865a143f6b053d5d1594aea3e38d36ebad2a23a7fcfdd84ba7a7a1fddb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
5f54aed6-fb4e-4fbd-86d9-3c1ae8a69329
content-encoding
br
x-envoy-upstream-service-time
3
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
5f54aed6-fb4e-4fbd-86d9-3c1ae8a69329
server
cloudflare
x-trace
2BA8F8C3E34A623B97EA6CFD7B66D82C748FA19779000000000000000000
vary
origin
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.group-ib.com
x-evy-trace-virtual-host
all
access-control-max-age
180
access-control-allow-credentials
false
x-evy-trace-served-by-pod
fra04/hubapi-td/envoy-proxy-7686598bc7-ctkhf
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3QI%2BGUiNSLgyoBUOdK%2BVpZJ4%2BpXe6%2FllnnJgg2lbaV0vkKN%2FUrLr5dWgjAPOFrTjStDmxau%2F9SkUh15LZPG8nUCArVOJmQIXvV9GnqLRaMFNgK6af6dM9ga2WhlF35Q1A%2FFktq3aGSeJxNojA3ruUQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
85623f1abbd93661-FRA
access-control-allow-headers
*
json
forms-eu1.hscollectedforms.net/collected-forms/v1/config/ 		116 B
435 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms-eu1.hscollectedforms.net/collected-forms/v1/config/json?portalId=25755956&utk=
Requested by
Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.65.192.122 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
43f22362329b9705cf8629061fb5b1d1a38f1cc2bc9fd46728f73e5cd9eb77cf
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.group-ib.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:05 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
2366542b-1590-44dd-aba0-ef6936f47d2a
x-envoy-upstream-service-time
3
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
2366542b-1590-44dd-aba0-ef6936f47d2a
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.group-ib.com
x-evy-trace-virtual-host
all
cache-control
max-age=0
x-evy-trace-served-by-pod
fra04/app-td/envoy-proxy-7684d9bdfc-nc8dk
access-control-max-age
180
x-robots-tag
none
access-control-allow-headers
*
cf-ray
85623f1aed299a0b-FRA
/
www.google.com/pagead/1p-user-list/10897073384/ 		42 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/10897073384/?random=1708049345647&cv=11&fst=1708048800000&bg=ffffff&guid=ON&async=1&gtm=45He42e0v72040694za200&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&ref=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&frm=0&tiba=Face%20Off%20%7C%20Group-IB%20Blog&npa=0&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_CYaBVvYwKpaU02LEtLx7nINf8MLS3g&random=2170918034&rmt_tld=0&ipr=y
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Feb 2024 02:09:05 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/10897073384/ 		42 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/10897073384/?random=1708049345647&cv=11&fst=1708048800000&bg=ffffff&guid=ON&async=1&gtm=45He42e0v72040694za200&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&ref=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&frm=0&tiba=Face%20Off%20%7C%20Group-IB%20Blog&npa=0&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_CYaBVvYwKpaU02LEtLx7nINf8MLS3g&random=2170918034&rmt_tld=1&ipr=y
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Feb 2024 02:09:05 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
a2_du2owjr6f67j_telemetry
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 		86 B
700 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/a2_du2owjr6f67j_telemetry
Requested by
Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
740bb313221bda5543b6fbe0bce3dd276cc70c4fd9aa0bae9d46b149406becf5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:05 GMT
content-encoding
gzip
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
server
snooserv
vary
Accept-Encoding,Origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
content-length
98
rp.gif
alb.reddit.com/ 		42 B
637 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://alb.reddit.com/rp.gif?ts=1708049345729&id=a2_du2owjr6f67j&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=7ee7361f-741b-4e42-94fc-7e0ab5615571&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1600&sw=1200&v=rdt_c9439d84&dpm=&dpcc=&dprc=
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:05 GMT
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server
Varnish
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
image/gif
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
42
retry-after
0
/
c.6sc.co/ 		7 B
194 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.6sc.co/
Requested by
Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:05 GMT
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
text/html
access-control-allow-origin
https://www.group-ib.com
access-control-allow-credentials
true
access-control-allow-headers
*
content-length
7
/
ipv6.6sc.co/ 		23 B
315 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://ipv6.6sc.co/
Requested by
Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ab00::214:8e70 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
50658afdf69a9ae3177f81fe2156fcd616e766a401c8407de929f0936d3bd517

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Feb 2024 02:09:05 GMT
vary
Origin
content-type
text/html
access-control-allow-origin
https://www.group-ib.com
cache-control
max-age=0, no-cache, no-store
6si-ipv6
2a00:c98:2050:a007:2::4
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1708049345756_34901612_140779950_23_1091_6_15_219";dur=1
content-length
23
expires
Fri, 16 Feb 2024 02:09:05 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
485 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=7f0bcfa8-43b9-4a63-8eb4-21a01503ae46&session=0bec9ad3-af5e-4a06-84da-93d5629b7385&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Fri%2C%2016%20Feb%202024%2002%3A09%3A05%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Group-IB%20uncovers%20the%20first%20iOS%20Trojan%20harvesting%20facial%20recognition%20data%20used%20for%20unauthorized%20access%20to%20bank%20accounts.%20The%20GoldDigger%20family%20grows%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Face%20Off%20%7C%20Group-IB%20Blog%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&pageViewId=6e78266d-04e8-487b-847a-318e983ae0fb&v=1.1.14
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:05 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 05 Jun 2021 07:56:05 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"60bb2e15-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
484 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=7f0bcfa8-43b9-4a63-8eb4-21a01503ae46&session=0bec9ad3-af5e-4a06-84da-93d5629b7385&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2016%20Feb%202024%2002%3A09%3A05%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22e84d9c08a990af8592952e7ac9a983ad%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2016%20Feb%202024%2002%3A09%3A05%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2016%20Feb%202024%2002%3A09%3A05%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Group-IB%20uncovers%20the%20first%20iOS%20Trojan%20harvesting%20facial%20recognition%20data%20used%20for%20unauthorized%20access%20to%20bank%20accounts.%20The%20GoldDigger%20family%20grows%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Face%20Off%20%7C%20Group-IB%20Blog%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&pageViewId=6e78266d-04e8-487b-847a-318e983ae0fb&v=1.1.14
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:05 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 00:49:36 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f020a0-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
343106030.js
bat.bing.com/p/action/ 		0
116 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/343106030.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
date
Fri, 16 Feb 2024 02:09:05 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: FFED21D6720B48078F13D974FB92275B Ref B: FRAEDGE1812 Ref C: 2024-02-16T02:09:05Z
x-cache
CONFIG_NOCACHE
0
bat.bing.com/action/ 		0
286 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=343106030&tm=gtm002&Ver=2&mid=43f0a4af-bc3b-44bd-b105-3b624312b2c4&sid=5c9e87d0cc7011eead1c73627cf9ecd8&vid=5c9edce0cc7011ee93a37d2df54c3819&vids=1&msclkid=N&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Face%20Off%20%7C%20Group-IB%20Blog&p=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&lt=647&evt=pageLoad&sv=1&rn=468807
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Fri, 16 Feb 2024 02:09:05 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 84AC270EF1E74C24A64423F8B31C84EA Ref B: FRAEDGE1812 Ref C: 2024-02-16T02:09:05Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
649324202964935
connect.facebook.net/signals/config/ 		65 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/649324202964935?v=2.9.147&r=stable&domain=www.group-ib.com&hme=20c913bdcd4be51a752120153aa5caaecb3ee86c7f26cf737846e40b202aba68&ex_m=62%2C106%2C94%2C98%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C150%2C153%2C164%2C160%2C161%2C163%2C25%2C89%2C45%2C68%2C162%2C145%2C148%2C157%2C158%2C165%2C115%2C13%2C43%2C169%2C168%2C117%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C95%2C97%2C31%2C96%2C26%2C22%2C146%2C149%2C124%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C92%2C91%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C93%2C38%2C70%2C60%2C99%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C100
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
4bff8573d4467cb816027e4668658403aba46d5703762999825f0c5255bf2328
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

permissions-policy-report-only
clipboard-read=(), clipboard-write=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=();report-to="permissions_policy"
content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Fri, 16 Feb 2024 02:09:05 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
pragma
public
x-fb-debug
49CPay63lzdhxvxFmjQpGoTtfvOOJsM0soAUqXJsuhA2yU3YieylI50NTNCh4vvLfux4BGo9knPBZxxryej1cg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), display-capture=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
collect
region1.analytics.google.com/g/ 		0
255 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-QMES53K3Y2&gtm=45je42e0v9101996448z872040694za200&_p=1708049345365&_gaz=1&gcd=13l3l3l3l1&npa=0&dma_cps=sypham&dma=1&cid=1553732744.1708049346&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&pscdl=noapi&_s=1&dl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&sid=1708049345&sct=1&seg=0&dr=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&dt=Face%20Off%20%7C%20Group-IB%20Blog&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=915
Requested by
Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Feb 2024 02:09:05 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.group-ib.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
255 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-QMES53K3Y2&cid=1553732744.1708049346&gtm=45je42e0v9101996448z872040694za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l3l1&npa=0
Requested by
Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Feb 2024 02:09:05 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.group-ib.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-QMES53K3Y2&cid=1553732744.1708049346&gtm=45je42e0v9101996448z872040694za200&aip=1&dma=1&dma_cps=sypham&gcd=13l3l3l3l1&npa=0&z=4612427
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Feb 2024 02:09:05 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
js
www.googletagmanager.com/gtag/ 		236 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-10882981508
Requested by
Host: js-eu1.hsadspixel.net
URL: https://js-eu1.hsadspixel.net/fb.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
78cf57c5cddbb3dd246645b2edc735c1c3a8a240ab0b4d61812743971d948bd6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:05 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
83558
x-xss-protection
0
last-modified
Fri, 16 Feb 2024 00:51:57 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 16 Feb 2024 02:09:05 GMT
js
www.googletagmanager.com/gtag/ 		236 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-10882981508&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PW7265
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:812::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
3d73199b81bdb8f940931e0171e083e98065f95f4cb57c5c8be99c46bdf0df85
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:05 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
83543
x-xss-protection
0
last-modified
Fri, 16 Feb 2024 00:51:57 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 16 Feb 2024 02:09:05 GMT
counters.gif
forms-eu1.hsforms.com/embed/v3/ 		35 B
1016 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://forms-eu1.hsforms.com/embed/v3/counters.gif?key=collected-forms-embed-js-form-bind&count=5
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date
Fri, 16 Feb 2024 02:09:06 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
CF-Cache-Status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
X-HubSpot-Correlation-Id
f97edb10-6dff-4d9b-bdbd-e9de8e5471a5
x-envoy-upstream-service-time
1
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
Content-Length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
f97edb10-6dff-4d9b-bdbd-e9de8e5471a5
Server
cloudflare
X-Trace
2B34EACCF220730E57B4F216C0C6C2630D13B8C736000000000000000000
Vary
origin
Content-Type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
fra04/star-hubspot-td/envoy-proxy-56464fb95b-l4w4j
Access-Control-Expose-Headers
X-Origin-Hublet
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
false
X-Robots-Tag
none
CF-RAY
85623f1d58375d79-FRA
img.gif
b.6sc.co/v1/beacon/ 		43 B
485 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=7f0bcfa8-43b9-4a63-8eb4-21a01503ae46&session=0bec9ad3-af5e-4a06-84da-93d5629b7385&event=ipv6&q=%7B%22address%22%3A%222a00%3Ac98%3A2050%3Aa007%3A2%3A%3A4%22%7D&isIframe=false&m=%7B%22description%22%3A%22Group-IB%20uncovers%20the%20first%20iOS%20Trojan%20harvesting%20facial%20recognition%20data%20used%20for%20unauthorized%20access%20to%20bank%20accounts.%20The%20GoldDigger%20family%20grows%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Face%20Off%20%7C%20Group-IB%20Blog%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&pageViewId=6e78266d-04e8-487b-847a-318e983ae0fb&v=1.1.14
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:05 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 01:45:17 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f02dad-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
counters.gif
perf-eu1.hsforms.com/embed/v3/ 		35 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://perf-eu1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
172.65.232.43 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

Date
Fri, 16 Feb 2024 02:09:05 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
CF-Cache-Status
MISS
x-evy-trace-route-service-name
envoyset-translator
X-HubSpot-Correlation-Id
0a01789e-e2c2-423f-94ba-63a2e676e938
x-envoy-upstream-service-time
2
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
Content-Length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
0a01789e-e2c2-423f-94ba-63a2e676e938
Last-Modified
Fri, 16 Feb 2024 02:09:05 GMT
Server
cloudflare
X-Trace
2BBAE32505BC7547A1C301BD5508D7279FB45696ED000000000000000000
Vary
origin, Accept-Encoding
Content-Type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
fra04/star-hubspot-td/envoy-proxy-56464fb95b-l4w4j
Access-Control-Expose-Headers
X-Origin-Hublet
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
X-Robots-Tag
none
CF-RAY
85623f1b7ace2bc7-FRA
notify
api.neverbounce.com/v4/poe/ 		62 B
281 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_732302
Requested by
Host: cdn.neverbounce.com
URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.22.160.215 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-22-160-215.compute-1.amazonaws.com
Software
nginx /
Resource Hash
d120dc1bf1508c3b534b878904fc84b8bf36fbbe1e2c5bf19dc7cb4f41f4e196
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:06 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
vary
Accept-Encoding
content-type
application/javascript
cache-control
no-cache, private
x-ua-compatible
IE=Edge
notify
api.neverbounce.com/v4/poe/ 		63 B
282 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_995230
Requested by
Host: cdn.neverbounce.com
URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.22.160.215 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-22-160-215.compute-1.amazonaws.com
Software
nginx /
Resource Hash
1b8f31b144fec801391216b0a146485c5a9c82b3432df477ae3738846303734b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:06 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
vary
Accept-Encoding
content-type
application/javascript
cache-control
no-cache, private
x-ua-compatible
IE=Edge
notify
api.neverbounce.com/v4/poe/ 		62 B
282 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_675958
Requested by
Host: cdn.neverbounce.com
URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.22.160.215 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-22-160-215.compute-1.amazonaws.com
Software
nginx /
Resource Hash
f3fa4ce6cc54a7a5721846f19ca4fcfeab554ef385ba30cf9dca882290b79999
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:06 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
vary
Accept-Encoding
content-type
application/javascript
cache-control
no-cache, private
x-ua-compatible
IE=Edge
notify
api.neverbounce.com/v4/poe/ 		63 B
282 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_905479
Requested by
Host: cdn.neverbounce.com
URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.22.160.215 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-22-160-215.compute-1.amazonaws.com
Software
nginx /
Resource Hash
46306084b9e6cd3a8ef22f5bc72421a6cb78414d7f9ee8e2b3c7fa823974573a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:06 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
vary
Accept-Encoding
content-type
application/javascript
cache-control
no-cache, private
x-ua-compatible
IE=Edge
notify
api.neverbounce.com/v4/poe/ 		61 B
280 B 		Script
General
Check archive.org
Download Go to
Full URL
https://api.neverbounce.com/v4/poe/notify?key=public_feedec8c69cd171b06421bb96273f04d&event=form.load&callback=__neverbounce_59124
Requested by
Host: cdn.neverbounce.com
URL: https://cdn.neverbounce.com/widget/dist/NeverBounce.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
107.22.160.215 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-107-22-160-215.compute-1.amazonaws.com
Software
nginx /
Resource Hash
ae54b2e6e9ef4a49e3134f9817611089b0b36960cddb2ba200d74ba5f262897b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:06 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
server
nginx
vary
Accept-Encoding
content-type
application/javascript
cache-control
no-cache, private
x-ua-compatible
IE=Edge
/
www.facebook.com/tr/ 		0
185 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=649324202964935&ev=PageView&dl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&rl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&if=false&ts=1708049345842&sw=1600&sh=1200&v=2.9.147&r=stable&ec=0&o=4126&fbp=fb.1.1708049345841.1340686554&cs_est=true&cdl=API_unavailable&it=1708049345745&coo=false&exp=e1&rqm=GET
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Fri, 16 Feb 2024 02:09:05 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/10882981508/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10882981508/?random=1708049345852&cv=11&fst=1708049345852&bg=ffffff&guid=ON&async=1&gtm=45be42e0za200&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&ref=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&hn=www.googleadservices.com&frm=0&tiba=Face%20Off%20%7C%20Group-IB%20Blog&did=dZTQ1Zm&gdid=dZTQ1Zm&npa=0&pscdl=noapi&auid=1416784330.1708049346&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-10882981508&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
a3eb29bd1810f6dc325d5d90174899e8b06d371cc8f5df87e2806ddf680659aa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Feb 2024 02:09:05 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1338
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/10882981508/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/10882981508/?random=1708049345852&cv=11&fst=1708048800000&bg=ffffff&guid=ON&async=1&gtm=45be42e0za200&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&ref=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&frm=0&tiba=Face%20Off%20%7C%20Group-IB%20Blog&npa=0&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSKQAvHhf_3a9E8pg40e_4NG2eD563hvHPFtPUuMhS38rJRKF10EHJBW7N&random=793059280&rmt_tld=0&ipr=y
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Feb 2024 02:09:05 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/10882981508/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/10882981508/?random=1708049345852&cv=11&fst=1708048800000&bg=ffffff&guid=ON&async=1&gtm=45be42e0za200&gcd=13l3l3l3l1&dma_cps=sypham&dma=1&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&ref=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&frm=0&tiba=Face%20Off%20%7C%20Group-IB%20Blog&npa=0&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSKQAvHhf_3a9E8pg40e_4NG2eD563hvHPFtPUuMhS38rJRKF10EHJBW7N&random=793059280&rmt_tld=1&ipr=y
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 16 Feb 2024 02:09:05 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
fl
www.group-ib.com/api/ 		689 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/api/fl?u=0085cb90-831e-11ee-9493-816cec585ffa&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=YPYgx%2BowSc9DcXmYfO8MFa4ATYIJ75osM6CpImJRGnm%2FUDTX8pbK0yrpA1VrTYuQujL1%2FQOINBLMlIAiFWKqDqAJrSZ002kOWkiVoSuDPSTb8MSSs3PY8Wt%2F5Epyx4ta%2Fl8%2B7UMkoYl%2BQeY6Gce%2FTTcXhj7LGpNgMZuC
Requested by
Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
5dc66e1251865e93172efaa127cf3478786b27e020db7d8ad894c85f8d8f2dbc

Request headers

X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
fJqp3XZBrkXwc8eJSTkt6aRKYmIKUkG5XO3lo2c4E4G07y49mBUA3H7g6GJREPIgZz1lc7ZRwKB8XV9iTpub+7H5NGoU/yhK9a9wQilmd+GM1+kYUSmXsFTCm4lSLOH4D9Zr0YUQc1usDx2DI+qp1+MMDbK3VTLlgkI9nKiy33FOX4+D8pMhZFqd5fqDc9KMKu8CW+mRaGIV8Fvx6bSJhLAaO1bUr6nqJAaZfISyszBOgXyLeIajRycA9VbgILG4vg==
Referer
https://www.group-ib.com/blog/goldfactory-ios-trojan/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
EzPY9d2719192b52cbf03d3fa9b2bf9a312a9246
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 16 Feb 2024 02:09:06 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.group-ib.com
cache-control
no-store
access-control-allow-credentials
true
x-envoy-upstream-service-time
7
access-control-allow-headers
Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization
img.gif
b.6sc.co/v1/beacon/ 		43 B
485 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=7f0bcfa8-43b9-4a63-8eb4-21a01503ae46&session=0bec9ad3-af5e-4a06-84da-93d5629b7385&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2016%20Feb%202024%2002%3A09%3A06%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2016%20Feb%202024%2002%3A09%3A05%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%221001%22%7D&isIframe=false&m=%7B%22description%22%3A%22Group-IB%20uncovers%20the%20first%20iOS%20Trojan%20harvesting%20facial%20recognition%20data%20used%20for%20unauthorized%20access%20to%20bank%20accounts.%20The%20GoldDigger%20family%20grows%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Face%20Off%20%7C%20Group-IB%20Blog%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&pageViewId=6e78266d-04e8-487b-847a-318e983ae0fb&v=1.1.14
Requested by
Host: www.group-ib.com
URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:06 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 01:45:17 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f02dad-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT
709834390277869
connect.facebook.net/signals/config/ 		24 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/709834390277869?v=2.9.147&r=stable&domain=www.group-ib.com&hme=20c913bdcd4be51a752120153aa5caaecb3ee86c7f26cf737846e40b202aba68&ex_m=62%2C106%2C94%2C98%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C150%2C153%2C164%2C160%2C161%2C163%2C25%2C89%2C45%2C68%2C162%2C145%2C148%2C157%2C158%2C165%2C115%2C13%2C43%2C169%2C168%2C117%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C95%2C97%2C31%2C96%2C26%2C22%2C146%2C149%2C124%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C92%2C91%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C93%2C38%2C70%2C60%2C99%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C100%2C175%2C174%2C176%2C181%2C182%2C183%2C179%2C171%2C116%2C118%2C170%2C172%2C107%2C137%2C129%2C132%2C113%2C166%2C206%2C101%2C111%2C207%2C144%2C105%2C127%2C120%2C108
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
d6d202b47c270f0cb480d2b58da3852bae3023b95f6fc1a2fdfe41e7d0a24ee3
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

permissions-policy-report-only
clipboard-read=(), clipboard-write=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=();report-to="permissions_policy"
content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Fri, 16 Feb 2024 02:09:06 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
pragma
public
x-fb-debug
kMCEDrL8h13AjN3av1Qx7KV9N9mxcOVlkwimHq8CefFpAZ3bdONKxnMBBH76OAZJK5dHO+LHy+MkmtGwBYWpJg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), display-capture=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
__ptq.gif
track-eu1.hubspot.com/ 		45 B
699 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track-eu1.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=4158071004&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&t=Face+Off+%7C+Group-IB+Blog&cts=1708049346928&vi=7753a01bb28b452a8f1cb966e7ca962d&nc=true&u=84897990.7753a01bb28b452a8f1cb966e7ca962d.1708049346926.1708049346926.1708049346926.1&b=84897990.1.1708049346926&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
b85236e7-55a5-4898-9518-9ab9d540557a
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
3
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
b85236e7-55a5-4898-9518-9ab9d540557a
last-modified
Fri, 16 Feb 2024 02:09:07 GMT
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=vcShfnhtMPUaPe9TIbu57iCHl0hnvJbF%2Bonf7dtgRnjcgVUU6vD65bISXJNgbuqk25n6WKAdQrYt0jDF6kLkEg08hFCVZUfoVX0wfiV8uT73LMaSz%2BRMF0NhtOkY%2FiNF3Q5dEs5ltA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
fra04/analytics-tracking-td/envoy-proxy-5b44f44cd9-rwqhv
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
accept-ranges
bytes
cf-ray
85623f228f2c6aea-FRA
x-robots-tag
none
__ptq.gif
track-eu1.hubspot.com/ 		45 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=044e7558-8073-478a-ad3c-5807dd76840f&fci=14c0de17-4a76-4c54-adf5-18786d7c6618&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=4158071004&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&t=Face+Off+%7C+Group-IB+Blog&cts=1708049346929&vi=7753a01bb28b452a8f1cb966e7ca962d&nc=true&u=84897990.7753a01bb28b452a8f1cb966e7ca962d.1708049346926.1708049346926.1708049346926.1&b=84897990.1.1708049346926&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
e0caff91-c9ff-4f99-80b3-f64c5821d808
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
2
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
e0caff91-c9ff-4f99-80b3-f64c5821d808
last-modified
Fri, 16 Feb 2024 02:09:07 GMT
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ze2lULIsQnjUPpNtBzo7IfY0jjZb%2BNTvEapwd2cBNqcu0oGHGngv3KiS1%2BvsvD0x3vehOd6J8KOJ1Lkejcd6frwQKOpkNRg49KFiqOO6zOgT5%2BApufdH8U3Dw0xFTJG3BMxlmITG5g%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
fra04/analytics-tracking-td/envoy-proxy-5b44f44cd9-rwqhv
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
accept-ranges
bytes
cf-ray
85623f228f316aea-FRA
x-robots-tag
none
__ptq.gif
track-eu1.hubspot.com/ 		45 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=4dbceae1-75ae-423a-9c12-dee8f1ca3345&fci=ca79b05f-4b3f-4da8-be5b-82c3fc5409f7&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=4158071004&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&t=Face+Off+%7C+Group-IB+Blog&cts=1708049346929&vi=7753a01bb28b452a8f1cb966e7ca962d&nc=true&u=84897990.7753a01bb28b452a8f1cb966e7ca962d.1708049346926.1708049346926.1708049346926.1&b=84897990.1.1708049346926&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
7cea891c-db96-4f72-9096-4f8aa83b3601
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
3
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
7cea891c-db96-4f72-9096-4f8aa83b3601
last-modified
Fri, 16 Feb 2024 02:09:06 GMT
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sbMBmwtKJkCmyluHE8WqoW6SgNb7pUVLTH%2B6JhKg0RS4YaNIByRxSStuMGsZEuXk1oBIwDYYYTRIxCywWB7fkKlXREscsI5BF1kC75xE3yg1o36Ab47trgVKmjC%2B3mua4JcSOQc5hw%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
fra04/analytics-tracking-td/envoy-proxy-5b44f44cd9-m87tm
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
accept-ranges
bytes
cf-ray
85623f228f2f6aea-FRA
x-robots-tag
none
__ptq.gif
track-eu1.hubspot.com/ 		45 B
682 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=5a995f05-701c-48e3-b25a-d1548ba3c0b3&fci=df96336a-0671-4a3b-b403-a7897a0114c8&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=4158071004&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&t=Face+Off+%7C+Group-IB+Blog&cts=1708049346930&vi=7753a01bb28b452a8f1cb966e7ca962d&nc=true&u=84897990.7753a01bb28b452a8f1cb966e7ca962d.1708049346926.1708049346926.1708049346926.1&b=84897990.1.1708049346926&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
fed0966f-1e6f-43d3-a116-e2a6bfc1ff15
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
4
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
fed0966f-1e6f-43d3-a116-e2a6bfc1ff15
last-modified
Fri, 16 Feb 2024 02:09:07 GMT
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LZ7yiwvPzP4CUELrvERFQJ%2BmG9OTjxCfIO4oP5KsUHFSRzu8DLmafpZLypoAqIsBjnwumxz5IN4MuXvWjs4FwV5wFl%2BEE505yLl%2BgZMlFZrHnD66HSEdZe4sj2h0Qv26cHFtjDFHmA%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
fra04/analytics-tracking-td/envoy-proxy-5b44f44cd9-rdqg4
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
accept-ranges
bytes
cf-ray
85623f228f306aea-FRA
x-robots-tag
none
__ptq.gif
track-eu1.hubspot.com/ 		45 B
767 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=55a22738-d5a5-43f9-9c1c-fa4c1a6eb349&fci=c4d61c8c-f534-4efa-9efd-3a7af6687568&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=4158071004&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&t=Face+Off+%7C+Group-IB+Blog&cts=1708049346930&vi=7753a01bb28b452a8f1cb966e7ca962d&nc=true&u=84897990.7753a01bb28b452a8f1cb966e7ca962d.1708049346926.1708049346926.1708049346926.1&b=84897990.1.1708049346926&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
46b61020-8d31-4688-85f3-fcf376b079aa
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
2
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
46b61020-8d31-4688-85f3-fcf376b079aa
last-modified
Fri, 16 Feb 2024 02:09:07 GMT
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=fZ00xA1mQYAj1xK7M050cEKHRwcLayJP3h%2BcCcV8K2X7PZp4ruMm%2BzwAbaoDVCxEADG5gHfE4UURKdBJGfjrZLRdZAv9%2BDmwNeRG2ey3fuGOvg2n%2BR0y8ANlVBqP8UPivRllp3ks9Q%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
fra04/analytics-tracking-td/envoy-proxy-5b44f44cd9-rdqg4
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
accept-ranges
bytes
cf-ray
85623f228f326aea-FRA
x-robots-tag
none
__ptq.gif
track-eu1.hubspot.com/ 		45 B
742 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track-eu1.hubspot.com/__ptq.gif?k=15&fi=eb903dab-0ef3-43b5-bdeb-71372e6ad0f0&fci=80d52a5d-d81f-460e-aa60-26fad0a819b4&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=4158071004&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&t=Face+Off+%7C+Group-IB+Blog&cts=1708049346930&vi=7753a01bb28b452a8f1cb966e7ca962d&nc=true&u=84897990.7753a01bb28b452a8f1cb966e7ca962d.1708049346926.1708049346926.1708049346926.1&b=84897990.1.1708049346926&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
9dd90335-9c77-4a3b-8639-603f6c95d08b
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
2
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
9dd90335-9c77-4a3b-8639-603f6c95d08b
last-modified
Fri, 16 Feb 2024 02:09:07 GMT
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=InUKQQLGPHWE28e6xlFwFqqEzgF%2FNkzPfibJeHbOmjOYFZ%2B5qSDsvc0TJ0rcK3l5HsA6WhV1YGJq%2B2arQsTLHzKO%2ByBBRn2971amGOQeydcZ5Roorn0u1ypQV0wZeaWncG87W6epaQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
fra04/analytics-tracking-td/envoy-proxy-5b44f44cd9-sc4vg
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
accept-ranges
bytes
cf-ray
85623f228f2d6aea-FRA
x-robots-tag
none
__ptq.gif
track-eu1.hubspot.com/ 		45 B
741 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track-eu1.hubspot.com/__ptq.gif?k=17&fi=044e7558-8073-478a-ad3c-5807dd76840f&fci=14c0de17-4a76-4c54-adf5-18786d7c6618&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=4158071004&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&t=Face+Off+%7C+Group-IB+Blog&cts=1708049346933&vi=7753a01bb28b452a8f1cb966e7ca962d&nc=true&u=84897990.7753a01bb28b452a8f1cb966e7ca962d.1708049346926.1708049346926.1708049346926.1&b=84897990.1.1708049346926&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
a4e4dec7-6250-416a-9077-4f6117f10183
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
3
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
a4e4dec7-6250-416a-9077-4f6117f10183
last-modified
Fri, 16 Feb 2024 02:09:07 GMT
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FtZArabAWC6uHDn8PyqWgLkiQvyYkuEa%2B%2FWl14rgM6aaVrY4CCUzEjGERj11iyzFsBSpBdG4uyM5PRfoz4OszI0ud3fzeI7pml3kOQl8Z6g03FzLxwyDFsmiNcRBfWkA2Wq9HBFENg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
fra04/analytics-tracking-td/envoy-proxy-5b44f44cd9-252l6
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
accept-ranges
bytes
cf-ray
85623f22cf4f6aea-FRA
x-robots-tag
none
__ptq.gif
track-eu1.hubspot.com/ 		45 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track-eu1.hubspot.com/__ptq.gif?k=17&fi=4dbceae1-75ae-423a-9c12-dee8f1ca3345&fci=ca79b05f-4b3f-4da8-be5b-82c3fc5409f7&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=4158071004&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&t=Face+Off+%7C+Group-IB+Blog&cts=1708049346933&vi=7753a01bb28b452a8f1cb966e7ca962d&nc=true&u=84897990.7753a01bb28b452a8f1cb966e7ca962d.1708049346926.1708049346926.1708049346926.1&b=84897990.1.1708049346926&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
fa259cbb-2902-4beb-9258-8be3766df897
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
3
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
fa259cbb-2902-4beb-9258-8be3766df897
last-modified
Fri, 16 Feb 2024 02:09:07 GMT
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dmhx3MCOKWRK8loM1ZDXJQxCFPzd7APEHA7KDlSmCjc4LRMcZDEqUjAJBiPQy67RTzaHi9fJApajrGP33rLw9U4pFOnSKF5%2FVSkwf%2FGUog8ZMG3vwQEuUQuIPUBJDnHLh83fDIl8xQ%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
fra04/analytics-tracking-td/envoy-proxy-5b44f44cd9-dv5kq
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
accept-ranges
bytes
cf-ray
85623f22cf516aea-FRA
x-robots-tag
none
__ptq.gif
track-eu1.hubspot.com/ 		45 B
772 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track-eu1.hubspot.com/__ptq.gif?k=17&fi=5a995f05-701c-48e3-b25a-d1548ba3c0b3&fci=df96336a-0671-4a3b-b403-a7897a0114c8&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=4158071004&v=1.1&a=25755956&rcu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&pu=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&t=Face+Off+%7C+Group-IB+Blog&cts=1708049346934&vi=7753a01bb28b452a8f1cb966e7ca962d&nc=true&u=84897990.7753a01bb28b452a8f1cb966e7ca962d.1708049346926.1708049346926.1708049346926.1&b=84897990.1.1708049346926&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.65.240.166 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
a10243d5-53b6-43b1-8344-48a31549b83a
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
2
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
a10243d5-53b6-43b1-8344-48a31549b83a
last-modified
Fri, 16 Feb 2024 02:09:07 GMT
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=V4ENkoICc7F0%2BNkxG6djcGHRD%2FadSrz2JkUGp0xQfvyPO%2BClGumL9NpiZLbA%2BWqF%2BWQjtT8RwnKAIY1s1xBZRirdU2WhM%2Fvqw6UXJEZjnC9KKNs0NhcXynuQmL3YL%2Bz9c11sruocSg%3D%3D"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
fra04/analytics-tracking-td/envoy-proxy-5b44f44cd9-cdblc
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
accept-ranges
bytes
cf-ray
85623f22cf526aea-FRA
x-robots-tag
none
/
www.facebook.com/tr/ 		0
54 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=709834390277869&ev=PageView&dl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&rl=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&if=false&ts=1708049347004&sw=1600&sh=1200&ud[external_id]=7753a01bb28b452a8f1cb966e7ca962d&v=2.9.147&r=stable&a=hubspot&ec=0&o=4126&fbp=fb.1.1708049345841.1340686554&cs_est=true&cdl=API_unavailable&it=1708049345745&coo=false&exp=e1&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Fri, 16 Feb 2024 02:09:07 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
fl
www.group-ib.com/api/ 		689 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.group-ib.com/api/fl?u=0085cb90-831e-11ee-9493-816cec585ffa&cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24=EbIOdOmjK%2Fta8rM6sP0GHs7IQNmtbl9j4sLGxT4ZMnv8YsltGuQY4ehXH96hNlg9ta%2FK5VOCXSJhQAM1Rx6FRNjxiPmjyQAPNayDMg%2BFLAphRdi6mtJSygKwoSHxQhLsbvt6d6UQT%2BcPOjYEglTwUuPiMA0XlfVTI6Zp
Requested by
Host: fhp-de-js.group-ib.com
URL: https://fhp-de-js.group-ib.com/d/bt-autoinject.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.72.181.255 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-72-181-255.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
9f8071021e298fd173986fe9782751cecf153ba0b7aa6071228066660fc5a493

Request headers

X-GIB-GSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
SOGdnRPCUlbBl3R9Q6yNXEcLG690rUSff+SQtvH1XfTn2621t2Bk1EMg4sXq0zrozMKkCp9qerhjWCf8JswFk7c1HS/3BQNr4N0o4+pE73Y1dAORZlGEnsyMvXbHx9BHbATJsLnjXp1hrwpaAqJIwkn2nxQGayOJW5YDCR5i8LGc526vY5ZxkMg6TY/T1AzBl0ZuxJvNMsWWQMxS3s9EON7ocyrZmkY1LlTlHPoUa3cdH2xvv1BG6klcw6jTcr1jivThbYniW9BOp9f4G6I7ekY=
Referer
https://www.group-ib.com/blog/goldfactory-ios-trojan/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36
X-GIB-FGSSCgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
TZeU29a361146641a81c17bb29aaa19ae61f571b
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 16 Feb 2024 02:09:07 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://www.group-ib.com
cache-control
no-store
access-control-allow-credentials
true
x-envoy-upstream-service-time
3
access-control-allow-headers
Accept,DNT,Keep-Alive,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Origin,ETag,If-None-Match,X-Cfids,Authorization
img.gif
b.6sc.co/v1/beacon/ 		43 B
485 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=e84d9c08a990af8592952e7ac9a983ad&svisitor=null&visitor=7f0bcfa8-43b9-4a63-8eb4-21a01503ae46&session=0bec9ad3-af5e-4a06-84da-93d5629b7385&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2016%20Feb%202024%2002%3A09%3A07%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2016%20Feb%202024%2002%3A09%3A06%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222002%22%7D&isIframe=false&m=%7B%22description%22%3A%22Group-IB%20uncovers%20the%20first%20iOS%20Trojan%20harvesting%20facial%20recognition%20data%20used%20for%20unauthorized%20access%20to%20bank%20accounts.%20The%20GoldDigger%20family%20grows%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Face%20Off%20%7C%20Group-IB%20Blog%22%7D&cb=&r=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.group-ib.com%2Fblog%2Fgoldfactory-ios-trojan%2F&pageViewId=6e78266d-04e8-487b-847a-318e983ae0fb&v=1.1.14
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-193.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.group-ib.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/121.0.6167.184 Safari/537.36

Response headers

date
Fri, 16 Feb 2024 02:09:07 GMT
x-content-type-options
nosniff
content-length
43
pragma
no-cache
last-modified
Sat, 18 Feb 2023 02:04:22 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"63f03226-2b"
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
image/gif
access-control-allow-origin
cache-control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
access-control-allow-credentials
true
accept-ranges
bytes
access-control-allow-headers
*
expires
Wed, 19 Apr 2000 11:43:00 GMT

Verdicts & Comments Add Verdict or Comment

110 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| gib boolean| __gibclatt function| Swiper object| _wpemojiSettings undefined| $ function| jQuery object| hubspot object| HubSpotForms object| hbspt object| hsFormsOnReady object| twemoji object| wp function| setCookie function| getCookie function| Carousel function| Fancybox function| Panzoom object| pseudo_links object| pvcpArgsFrontend function| initPostViewsCounterPro object| dataLayer function| lintrk number| w3tc_lazyload object| lazyLoadOptions object| _hsp function| _toConsumableArray function| _nonIterableSpread function| _iterableToArray function| _arrayWithoutHoles function| _extends function| _typeof function| LazyLoad function| readingTime object| carousel123 object| authorsMoreThan2Swiper function| positioningSidebar object| $root object| threatschemes object| cardscarouselswiper object| urpcarousel object| trainerscarousel object| reportscarousel object| swiper object| swiper2 object| swiper3 number| pressPeleasesPage number| newsPage object| reviewsswiper undefined| toggleAccordion object| PostViewsCounterPro object| _hsq boolean| _already_called_lintrk object| google_tag_manager object| google_tag_data object| _6si object| GooglebQhCsO object| _linkedin_data_partner_ids function| rdt object| _NBSettings function| fbq function| _fbq boolean| PIXELS_RAN object| enabledEventSettings object| __hsCollectedFormsDebug object| hsCtasOnReady object| __PRIVATE__HubspotCtaClient object| hsCallsToActionsReady object| __hsWebInteractiveInstance object| hsConversationsOnReady object| HubSpotCallsToActions boolean| hubspot_web_interactives_running object| hsCookieBanner boolean| _hspb_loaded boolean| _hspb_ran object| _paq function| sanitizeKey boolean| _hstc_loaded object| configArgs number| pixelRatio number| width number| height object| screenSize object| labels function| UET function| UET_init function| UET_push object| ueto_fc3aa9f9be object| uetq function| onYouTubeIframeAPIReady object| gaGlobal object| SENTRY_RELEASE undefined| Raven object| _nb function| __neverbounce_732302 function| __neverbounce_995230 function| __neverbounce_675958 function| __neverbounce_905479 function| __neverbounce_59124 object| ziws boolean| _hstc_ran string| __hsUserToken number| expireDateTime

40 Cookies

Domain/Path Name / Value
.www.group-ib.com/ Name: __zzatgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Value: MDA0dBA=Fz2+aQ==
.group-ib.com/ Name: __zzatgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Value: MDA0dBA=Fz2+aQ==
.group-ib.com/ Name: _gcl_au
Value: 1.1.1416784330.1708049346
.linkedin.com/ Name: lidc
Value: "b=OGST05:s=O:r=O:a=O:p=O:g=2969:u=1:x=1:i=1708049345:t=1708135745:v=2:sig=AQEEJ8XCpTEmumyDm5IZ40DFmZfdSAoM"
.group-ib.com/ Name: _rdt_uuid
Value: 1708049345729.7ee7361f-741b-4e42-94fc-7e0ab5615571
www.group-ib.com/ Name: _gd_visitor
Value: 7f0bcfa8-43b9-4a63-8eb4-21a01503ae46
www.group-ib.com/ Name: _gd_session
Value: 0bec9ad3-af5e-4a06-84da-93d5629b7385
.group-ib.com/ Name: _uetsid
Value: 5c9e87d0cc7011eead1c73627cf9ecd8
.group-ib.com/ Name: _uetvid
Value: 5c9edce0cc7011ee93a37d2df54c3819
.group-ib.com/ Name: _ga_QMES53K3Y2
Value: GS1.1.1708049345.1.0.1708049345.60.0.0
.group-ib.com/ Name: _ga
Value: GA1.1.1553732744.1708049346
tracking.g2crowd.com/ Name: _session_id
Value: 063e2b0673e625a18676f7fd2ef5f90b
.g2crowd.com/ Name: __cf_bm
Value: v8EelbSIi3yl7Nl.OrqoIst8GRE24OiGeLjNPlBS22s-1708049345-1.0-AXF6BaUQJVw/WMExphgbOD1fwlXfIPtwx7LiB8I1UOz4wcXJ3oSYATDZuKYpog3P+aJcvG6gClWG/hOt7LOiTMU=
.bing.com/ Name: MUID
Value: 06D3ACE39D4B6E7D376AB8C49C4B6F1F
.linkedin.com/ Name: li_sugr
Value: 12d98f58-0a12-4db7-9c8c-0845bb02c998
.linkedin.com/ Name: bcookie
Value: "v=2&6c330d85-f126-42c1-8f94-efcfbef4f822"
.group-ib.com/ Name: _fbp
Value: fb.1.1708049345841.1340686554
.doubleclick.net/ Name: IDE
Value: AHWqTUk-rfqcybqdSIRKTAxrPq3b-lNrZWpbb5SDTQLKNpXauXk3chItfPPVqzjG
.ws.zoominfo.com/ Name: visitorId
Value: 0b9ba1332bb0d690e832f23f53bf3f14acf4d93d29c895df275fbd2c18ddf679
.zoominfo.com/ Name: __cf_bm
Value: 6Ruy2OBoF2vRLPFLsWFhF7Dp5F0014X_FzKXPgecXYY-1708049345-1.0-AVYLO45DniVFt+OboDm6vKx7uXN4V1vZgLyppYDverVPn010C6g0hAASN3+okfLgcR8qNcEBthTbmWjB3qRHFT0=
.zoominfo.com/ Name: _cfuvid
Value: fCZRS4k9CZnY4lXYQC5k8RzDHbcogkKI1jNoGPbFpc8-1708049345894-0.0-604800000
.6sc.co/ Name: 6suuid
Value: bd64110213660100c1c3ce65d203000088dafb01
.linkedin.com/ Name: UserMatchHistory
Value: AQKiUXnvgd9TwgAAAY2vrK2WB4J1-HeLLVZeVhyM4BfUAyg6mtqpqpXrLE996qVPFMZ-r6DAOcwDsQ
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQLF71_zC8J0nwAAAY2vrK2WafYvqKOcN51g9ja2zvVQIjrlt7VMjx-6NzLrf4_2tr_vJEM6AQDT8xkbayiISg
.www.linkedin.com/ Name: bscookie
Value: "v=1&2024021602090641a16cfd-d8bc-4ef1-8de1-020dd3ae2480AQFpV3l_WT5dFMIPGihupGYrzI9Hv_sc"
.linkedin.com/ Name: li_gc
Value: MTswOzE3MDgwNDkzNDY7MjswMjHoIkc+xhWm+8MkG9n883vc2UYeqS5skymKakT65Bn3Ew==
.group-ib.com/ Name: __hstc
Value: 84897990.7753a01bb28b452a8f1cb966e7ca962d.1708049346926.1708049346926.1708049346926.1
.group-ib.com/ Name: hubspotutk
Value: 7753a01bb28b452a8f1cb966e7ca962d
.group-ib.com/ Name: __hssrc
Value: 1
.group-ib.com/ Name: __hssc
Value: 84897990.1.1708049346926
.hubspot.com/ Name: __cf_bm
Value: tkx4QXbRWMhkCGpVG20W7Azl9PxPc9Hwg0TZAozuXDo-1708049347-1.0-AaTqym88N25vvav7YJMCACdeZYUcJk50vY0e08Nzr01V3XYgJawrpjPY6kYSVc3gu/4R8nN/feD3rveEU84QZF0=
.hubspot.com/ Name: _cfuvid
Value: hrUPoSkAq4yd8s6Jrhd4fne2wlef7C5kfKMnYFk1MlQ-1708049347043-0.0-604800000
www.group-ib.com/ Name: gsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Value: mzYQMskVqDsMzaNe09OFOaqPLNI1RfV9a1XV1VkFs/y6o/lXTeSJ+jHUGdo8q9CHVk8LTkFZtP5d2g35Gw7m2sq6VGR9tmxx3Ek9XwkYW1FD6gaOLXNrADBDTjqJy5G5z3bNnOvVBAtr4kov98o1/CDqcCb7ekmf1E+YcofOdkQU5/HHpll3tuRkK/X61oVB7G4eIRDIgFjkBZdefHc31bAIw3J3y1gifJUvn+5f5YmISFWzFy37IgAMWtJfirsnfDxXlSwKto/2aFRN0/Pkd+0=
www.group-ib.com/ Name: cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Value: TaTyqIz6RiggD8d5b7NGmsHgbohnO4N/FtyTMqcO+WHsJ3bG75k7jJllRTEHG6ymuBbpMX/kraJu2kyPpa6/dbJIwJJ8Qo4b6hf0E+ZnS9E3XtIjsOhuLrKbhZvlQPNbL/0hr+twFRsQ+QawxCbRXxmasCQeDZIq4UJt
.www.group-ib.com/ Name: cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Value: TaTyqIz6RiggD8d5b7NGmsHgbohnO4N/FtyTMqcO+WHsJ3bG75k7jJllRTEHG6ymuBbpMX/kraJu2kyPpa6/dbJIwJJ8Qo4b6hf0E+ZnS9E3XtIjsOhuLrKbhZvlQPNbL/0hr+twFRsQ+QawxCbRXxmasCQeDZIq4UJt
.group-ib.com/ Name: cfidsgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Value: TaTyqIz6RiggD8d5b7NGmsHgbohnO4N/FtyTMqcO+WHsJ3bG75k7jJllRTEHG6ymuBbpMX/kraJu2kyPpa6/dbJIwJJ8Qo4b6hf0E+ZnS9E3XtIjsOhuLrKbhZvlQPNbL/0hr+twFRsQ+QawxCbRXxmasCQeDZIq4UJt
.www.group-ib.com/ Name: gsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Value: mzYQMskVqDsMzaNe09OFOaqPLNI1RfV9a1XV1VkFs/y6o/lXTeSJ+jHUGdo8q9CHVk8LTkFZtP5d2g35Gw7m2sq6VGR9tmxx3Ek9XwkYW1FD6gaOLXNrADBDTjqJy5G5z3bNnOvVBAtr4kov98o1/CDqcCb7ekmf1E+YcofOdkQU5/HHpll3tuRkK/X61oVB7G4eIRDIgFjkBZdefHc31bAIw3J3y1gifJUvn+5f5YmISFWzFy37IgAMWtJfirsnfDxXlSwKto/2aFRN0/Pkd+0=
.group-ib.com/ Name: gsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Value: mzYQMskVqDsMzaNe09OFOaqPLNI1RfV9a1XV1VkFs/y6o/lXTeSJ+jHUGdo8q9CHVk8LTkFZtP5d2g35Gw7m2sq6VGR9tmxx3Ek9XwkYW1FD6gaOLXNrADBDTjqJy5G5z3bNnOvVBAtr4kov98o1/CDqcCb7ekmf1E+YcofOdkQU5/HHpll3tuRkK/X61oVB7G4eIRDIgFjkBZdefHc31bAIw3J3y1gifJUvn+5f5YmISFWzFy37IgAMWtJfirsnfDxXlSwKto/2aFRN0/Pkd+0=
.www.group-ib.com/ Name: fgsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Value: nrv651a93e995ff083b7b473ff0d0610693e06a8
.group-ib.com/ Name: fgsscgib-w-61354c22-16cc-40a8-a871-6901f1a76e24
Value: nrv651a93e995ff083b7b473ff0d0610693e06a8

74 Console Messages

Source Level URL
Text
network error URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Failed to load resource: the server responded with a status of 403 ()
network error URL: https://www.group-ib.com/wp-content/plugins/post-views-counter-pro/includes/ajax.php
Message:
Failed to load resource: the server responded with a status of 403 ()
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://connect.facebook.net/signals/config/649324202964935?v=2.9.147&r=stable&domain=www.group-ib.com&hme=20c913bdcd4be51a752120153aa5caaecb3ee86c7f26cf737846e40b202aba68&ex_m=62%2C106%2C94%2C98%2C53%2C3%2C88%2C61%2C14%2C86%2C79%2C44%2C46%2C150%2C153%2C164%2C160%2C161%2C163%2C25%2C89%2C45%2C68%2C162%2C145%2C148%2C157%2C158%2C165%2C115%2C13%2C43%2C169%2C168%2C117%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C83%2C15%2C12%2C85%2C82%2C81%2C95%2C97%2C31%2C96%2C26%2C22%2C146%2C149%2C124%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C90%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C92%2C91%2C17%2C4%2C73%2C80%2C72%2C78%2C40%2C39%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C84%2C75%2C2%2C30%2C55%2C34%2C93%2C38%2C70%2C60%2C99%2C52%2C51%2C27%2C87%2C50%2C47%2C42%2C69%2C64%2C100(Line 105)
Message:
Unrecognized feature: 'attribution-reporting'.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.group-ib.com/blog/goldfactory-ios-trojan/
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

alb.reddit.com
api-eu1.hubapi.com
api.neverbounce.com
b.6sc.co
bat.bing.com
c.6sc.co
cdn.neverbounce.com
connect.facebook.net
cta-eu1.hubspot.com
fhp-de-js.group-ib.com
forms-eu1.hscollectedforms.net
forms-eu1.hsforms.com
forms.hsforms.com
googleads.g.doubleclick.net
ipv6.6sc.co
j.6sc.co
js-eu1.hs-analytics.net
js-eu1.hs-banner.com
js-eu1.hs-scripts.com
js-eu1.hsadspixel.net
js-eu1.hscollectedforms.net
js-eu1.hsforms.net
js-eu1.hubspot.com
perf-eu1.hsforms.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.analytics.google.com
stats.g.doubleclick.net
track-eu1.hubspot.com
tracking.g2crowd.com
website.cdn.group-ib.com
ws.zoominfo.com
www.facebook.com
www.google.com
www.google.de
www.googletagmanager.com
www.group-ib.com
www.linkedin.com
www.redditstatic.com
107.22.160.215
13.107.42.14
136.243.22.212
151.101.1.140
172.65.192.122
172.65.198.159
172.65.202.201
172.65.208.22
172.65.219.229
172.65.232.43
172.65.236.181
172.65.238.60
172.65.240.166
172.65.255.172
18.245.46.48
2.17.100.193
2001:4860:4802:34::36
2600:9000:2127:2600:9:7af6:1700:93a1
2606:4700:4400::ac40:90e1
2606:4700::6810:880f
2606:4700::6811:eff9
2620:1ec:21::14
2620:1ec:c11::200
2a00:1450:4001:812::2008
2a00:1450:4001:829::2003
2a00:1450:4001:82f::2004
2a00:1450:4001:830::2002
2a00:1450:400c:c00::9a
2a02:26f0:ab00::214:8e70
2a03:2880:f083:100:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
2a04:4e42::396
2a06:98c1:3200::90:2
3.72.181.255
01caf20e667c8e300960582162f912d9405e9895c32cff1a9ee95511fd509a2c
04d1a8188db4ef391a4ad6234b8a874000bc370e05851cf809bd0214f4b34818
085d5ab7549bcb7c4e86df292e05e2e579ec6ce11e052357110484554cdb12c1
0e04153b5f73bfa7866948f2a9870593d69bfde14e77a1a06af5f567096e5a09
14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c
15534f98c260c3c3caaedf53335d912010b2de1731477a9fd4dbea89fb4995d9
1a54a1907a6443e3c81608130bfed4546eb0ce5d0c8897e1d7a3b43d89ecc367
1aa462865a143f6b053d5d1594aea3e38d36ebad2a23a7fcfdd84ba7a7a1fddb
1b8f31b144fec801391216b0a146485c5a9c82b3432df477ae3738846303734b
1cc1aead00e38d359b7fe94e6e4caf194a94719a2c9856e9fed3cae6b5c16ffc
1d26a8b07287923bfa829132476a39ef18a3d54142a095bead617044f2255eab
1efe16c9efbadde5e242d88a315eca3906a55669fcd4882a904fbc723306a4e4
1f464ef7c0b366ff00e2f023cb6b48112306212648e451ddf16be40c2b99d639
1f9524ef76e541efc2d01dd8b67810df9d2c1e35398036b96949a051fd66f69d
233a28d0bf5a15c403dea23305bef421c7f6db637412b213497051bc6e80d5a7
2939d067bced6e2e3e43c1b10d2b067cb980410c2cc42fd3e867798a4a36c697
2aadfaa1d0c9a9069ae70eb905eb54304bc9554c946d1bf737360ac3206a344a
2b8e254a6bf8562ac40c484269bc45755d4cb9fc70aabbd4d5e8836d04efd637
2be8ce2b065360537771ed230d5d72cbd84758ec127ffa035e6d260ed14af5b0
2d699428fb1a87452cb15775f3e9a531b9c8a98bfa41be2a24be4814ff0a5baf
2ee0d772180927e952ed4d1f5692c3e638c256fac5cb182f4f3dcc5cc456278e
3040b3046eb6964fcf6be67e5b106edeb0d3208f0332a1e22313e28c1c0b1447
31d1c5bd0cd38e6e6b8eb944944df273044e826c7d3daacbe602caead3068c7a
34e0bb5c5ed1184e6452cf7562faf332af1a26e95e50e035ff0a9f7065e6df9e
35f6b75ddb81365e6b52c303afe88fe2479502f691980c7e067869441098a103
3689e488f5478e26f0347353ad608ccd66e4d62992021c51d9db93f89d43c880
39966166c121ee54e5e0fc3920768776dfdb1bc28cce65b592aeb00f1e4e7264
3cca0ab10bbef0fbcd57a91d708eb8a5c9ae33893d43840a4d28a8e222a97a0d
3cda368ba14f2a9bfbfb8aff308e0fb011bd85251c873421c0c82e44cc11e7c7
3d73199b81bdb8f940931e0171e083e98065f95f4cb57c5c8be99c46bdf0df85
3e8f2ffb6b68f508b1b5e1ad330cc1b3141db87376da043d1039cfd254449cb9
3e9324d333657de2bd70d2664b982a596a56efb71439fcf6ccaa26cc395047de
41b6d77bfb32ee9f0133fceb438e76af59781583dd684e2e7a281feb03e9a5c6
43f22362329b9705cf8629061fb5b1d1a38f1cc2bc9fd46728f73e5cd9eb77cf
45d44c2f23a04d49dbbb3f216ba72782ad80278cf7c4c330b1f03b8263c544ee
46306084b9e6cd3a8ef22f5bc72421a6cb78414d7f9ee8e2b3c7fa823974573a
46e70a7e316c3897c5779d7c9531381ba35eaf9bef7a991bb6ea9cfd709f238b
49a3726fe6ab220c952643d5355993a94483457fb96de7dcd5d1a59f174cf0a8
4bff8573d4467cb816027e4668658403aba46d5703762999825f0c5255bf2328
4c1fb39076e7c667b756497561d60ed0e1e07c8afb414d32128f39750431dd33
50658afdf69a9ae3177f81fe2156fcd616e766a401c8407de929f0936d3bd517
535a3e8a2e0bed5a94183cc6c0dcf3320da9618b0f0311807f572566df54bd3c
574ab1a3d7b47add5d43a927f62c87698264f63572acd70b42081dd4a1dc5ced
5a55c27fa892b956b9bb9b7211fd3b9414cbd3712800d08f25f8bb8852e896d6
5a5f39391fbf5b06db84b8f9716d53de575ee97a627d2c5f12f79a991a671eb5
5aad5fbd4238981a9ff5e2772ff1353dfe1a801fb49542fe157418c1438f7782
5dc66e1251865e93172efaa127cf3478786b27e020db7d8ad894c85f8d8f2dbc
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
629de5c42a56b67812a858341eb4162b85218eed884271ca47b0388498dc8916
641ef23866da6952f69f44e59a099f2768e76492356d42cd3526f8d451d6aec0
659f931141d138f6e712757b69306a764feee075b3eebcebf6b11b3074c0bce2
6655c833964e7cc0558d5cf50a15999a7b9141abda7c3c90c093c92cabd2a401
6a74ed0aee9c883de6f3f00a94fb94ad8900ecd0756ec57700b4bf61c98b3397
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b0775723ccade5ca3170fcc6a321c5b4768a5dc2b7c83b8b8b595407a2f0018
6cee0fb06339ba13e1f15d044e0e4904bbeeb7fbe4351e3f102b6d80b2465061
6e9eacd04b92194e71f990f93b9615f0838df62335b4bef072dc351f99d1fa80
740bb313221bda5543b6fbe0bce3dd276cc70c4fd9aa0bae9d46b149406becf5
74be24b105f72ebb26bf8cd977dbb8e440cb561f4675c45c2f9966ac3a517fb6
7574ba97d4ee7e81bd60873a52a31ff13359f246d0ac492ef2dabf96233a99e6
78cf57c5cddbb3dd246645b2edc735c1c3a8a240ab0b4d61812743971d948bd6
7c326f96b9af470b51c887a189b1f81d241d6beef4844b37c8add5144fa6f55d
7c7059db8ecde84490f26faabf052049c5f9dd7595351e715d1d62f3f192626d
81cc2a3a0c0b6e8335f5f3143390b8b6f036dc573e73d3f4b5742482f0bdca73
81f6b04ca6f18d9cfe91a818583834621b8fe054adc3f51d61f0461c580b28e6
8265f64786397d6b832d1ca0aafdf149ad84e72759fffa9f7272e91a0fb015d1
8862216dc79ff8f6b3fe740b6d57e6faa76199dca433d61c9dfadf567615f5be
8ce32f317145ffbc0b0f98bbcef233324ca5e78c8ac355bd382a91ba1591b1d3
8d15a221986226efe4f742f390f46f9d5ae8b2008a6edd40e10ff121ef9cca9b
90feab54b3acd83fa6182b1099d882d4aa602ec61b8bcdfec8c3c8f413df5fe0
942e02acf640c0308f65e057a8afaed63dfaf995034cda9cfc75532a1009ec72
981884a2170d41957d529dabdc5a5e5238fa4646fd5970ad836a39aa4431efbe
997d49d316b533985208f14602a1ff15a76bf6a567afbb6b6980629ca8d78bab
9f8071021e298fd173986fe9782751cecf153ba0b7aa6071228066660fc5a493
a096a0aafef83789962be79a019a05c4fd75f0deee1097a8a6bed3fce7902606
a28f2b877315f75c80dc0f39ad949b8e4c20475100d2d2ee9f551c5aabc37704
a2e2a553de76ad92939be48c5f348dfa160fa814290f0b6f9c5f686867d7c09e
a300a894e169169882504968fae71958a87e0a4322e2aee1b6b0bbd63fd9621f
a3eb29bd1810f6dc325d5d90174899e8b06d371cc8f5df87e2806ddf680659aa
a6d841061256895fcb16493e205c7b7fedbf27c870ee2f25b4822ded7148673e
a85d61fd6676ad7f7f71cd6ae0fb6f87447b321d8d30f8dab30d1dcdc316214f
a8db2c5feaeae215fc02c7a068b7c1f624adf29f5344f1ed90e5eaac466f6517
abb911f3562afc79c9fa40fb6afd6ab67e0eeb2ff43adbaa4a9c83919b5484fa
ae54b2e6e9ef4a49e3134f9817611089b0b36960cddb2ba200d74ba5f262897b
ae9dad69229703dfa3b6d226c4c7d692e2f2809bf2475f22612824c2f7602efc
aef482b715a26c6ccb12e7d14e7ab2c4da85f7e5e1270caddf5c30222c4433e6
afc10dbb85591591df5cbf6eef6030a02b8839639e046b85b7ec0348b1d1cb17
b3268ee929707d925ad2f2d336154a2e3f432e53ddc15c6c3223204d44f86590
b624e1e378abe009ef0de69a698b0a3e734af47efcdbd6816d5fcb8fc64c8bfe
c0bce3c69009ee89078e9eed1305d9e6df0ff6ca83bd3fdab59ee0ba03e23b31
c21e5a2b32c47bc5f9d9efc97bc0e29fd081946d1d3ebffc5621cfafb1d3960e
c2aa75893eebc519eb5cad16aa6971dab0da96dcd15f52ea66d966e068e2071a
c47a5cbe1a822b9eaa43e9d17f5dc6e31c340f3ed3f5b78103da1ea6a3c50604
c75ce78367d99e641567420678abf3731c7bd570cdaa84457d6eebc47f00d76c
c99d11cb4960d6e1918ed55d5bcbb316d38b51098e2efc1201904d7274d3273e
cc2a604a1e6f73444e8db5d749a64c62899943e68ad07feeee39050b4fdb32cb
cc5dcea4d483d798630d7fe0846a1b784618aa3d4f86bdfa655083d81750322a
cc7403bab52ed166e24ea9324241045af370be482f5b594468f4a6ac6e7e7981
cdc4d10b6b74ad79b55333b9882e854f054ee8b9953c6203dc46c68dc74eb0fb
ce368bda9fe4ef085b118afb690d0a6cfceac733cb3089fe540e9fb9b0783bf6
d120dc1bf1508c3b534b878904fc84b8bf36fbbe1e2c5bf19dc7cb4f41f4e196
d1291e20cf0f75a972b9cf14dc9fad9525cb8cc3f0fcbcb1f7cf5468ff96ce39
d4c9ffda6ca556f36f402f6d1131a4f3f567505320a9f60151023d4a8bbdb458
d6d202b47c270f0cb480d2b58da3852bae3023b95f6fc1a2fdfe41e7d0a24ee3
da64f7d27aabf5b907e5956a23532c0fc88ae16ad0f5b21685047be69d414611
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dedf6c9294a8b9e4b13b1575641071e45c8e61235bd154d19103fd2893ccd708
dfb059f8aa219769088fd6c85d85aae789f1e72bfe3d314748f1f3ccfffffb1c
e2bc964baa3f3b79d9ef59a46164809bde86d6550a4de912535d056e514ae152
e33a6e8fa280f33dcb95bd32a5da53ed5271a451342391bcfb95fedb101a2ba7
e390548c13c513820a6467749400ba0f5a87d7ebd5ac3e46d4498b9fe9a47012
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5c4c6e47690f81487678532ea9562e08b7736d4d93039b0210c417aa1a5009d
e633655cc5f51b071543edb767f72bb65fe2064bc2a9aee38c075467164971bd
e6df8eaa7ebb0ef055b7bffacf16c2e20c66d26fbad0bac2903d305d1be4e9ac
e91c5731358570d3e4cd684118251d243fc799059648b152403dcd775ceba632
e9c6896e3a26a47ef38dbacefdc9d0f142c56c6d2b659a464f90f45d1c270437
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f006e8bbfa4f0537780571436b5bed50ff10ff28759924c53b67732ec5af28ba
f0e3a799744c0c67782742af2c13b85f769b58abd04800a04853d26f60cf7314
f367bbc4429fc9fb0a93045245aef519a000ab275549645cddecb3f953e0a05f
f3fa4ce6cc54a7a5721846f19ca4fcfeab554ef385ba30cf9dca882290b79999
f4991587d5312981e74087707ed399bd3820d83f773e7773c013ce00d6835f28
f5b327d74e99262db4376f7e082c6ccc5c2acf4d00379b12abd43a2433d7243a
f63332d5481eca395f04b240deb00803ce596edee81917c285aae35b743190f9
f68055916fa979cecff160c54134f166999cd4d92a29d81e39fca679b126d92e
f88ae160abe64fb83a259b33ec271d5528948092220ca3d56f11b5a64f32c71a
f9e7d7743a88f65d1029df3e6b20a7797ef38ac13fa794194b638d46969f059c
fa4859289ded4c674dcee233811758743116b1d7ce4e9f0c0e7e259391504c43
fa97d5a93f1d1e252fd0259295827c1a0713d434e3acbd2e33786adfceb534ce
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
fffe17f6fe0ca9bf2e69d087a687c9d2340f67d742a70a810a57ef3c7d17cefe