URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data...
Submission: On January 18 via api from TR — Scanned from DE

Summary

This website contacted 48 IPs in 4 countries across 34 domains to perform 192 HTTP transactions. The main IP is 192.0.78.231, located in San Francisco, United States and belongs to AUTOMATTIC, US. The main domain is cyble.com.
TLS certificate: Issued by R3 on November 27th 2023. Valid for: 3 months.
This is the only time cyble.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
71 192.0.78.231 2635 (AUTOMATTIC)
9 192.0.77.32 2635 (AUTOMATTIC)
3 2a00:1450:400... 15169 (GOOGLE)
1 18.66.112.13 16509 (AMAZON-02)
1 192.0.77.2 2635 (AUTOMATTIC)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
3 192.0.76.3 2635 (AUTOMATTIC)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
4 2600:9000:264... 16509 (AMAZON-02)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 6 2606:4700:20:... 13335 (CLOUDFLAR...)
2 2001:4860:480... 15169 (GOOGLE)
1 2a02:26f0:480... 20940 (AKAMAI-ASN1)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a03:2880:f08... 32934 (FACEBOOK)
2 2620:1ec:bdf::63 8075 (MICROSOFT...)
1 2a05:d018:cc3... 16509 (AMAZON-02)
2 3 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
10 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a03:2880:f17... 32934 (FACEBOOK)
5 20.231.53.73 8075 (MICROSOFT...)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
21 2400:52e0:1e0... 200325 (BUNNYCDN)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 18.66.112.19 16509 (AMAZON-02)
1 2600:9000:267... 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
2 18.153.4.44 16509 (AMAZON-02)
5 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:2c40::c7... 209242 (CLOUDFLAR...)
1 3.127.196.46 16509 (AMAZON-02)
4 2a00:1450:400... 15169 (GOOGLE)
1 2 68.219.88.97 8075 (MICROSOFT...)
1 1 2620:1ec:c11:... 8068 (MICROSOFT...)
2 2606:4700:440... 13335 (CLOUDFLAR...)
192 48
Apex Domain
Subdomains
Transfer
72 cyble.com
cyble.com
labs.cyble.com
935 KB
22 omappapi.com
a.omappapi.com — Cisco Umbrella Rank: 5597
api.omappapi.com — Cisco Umbrella Rank: 5857
114 KB
13 wp.com
fonts-api.wp.com — Cisco Umbrella Rank: 16464
i0.wp.com — Cisco Umbrella Rank: 3696
s0.wp.com — Cisco Umbrella Rank: 8186
stats.wp.com — Cisco Umbrella Rank: 2723
fonts.wp.com — Cisco Umbrella Rank: 17444
pixel.wp.com — Cisco Umbrella Rank: 2679
131 KB
10 hubspot.com
js.hubspot.com — Cisco Umbrella Rank: 4796
api.hubspot.com — Cisco Umbrella Rank: 4876
cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 4669
app.hubspot.com — Cisco Umbrella Rank: 5571
track.hubspot.com — Cisco Umbrella Rank: 2301
forms.hubspot.com — Cisco Umbrella Rank: 5234
52 KB
9 clarity.ms
www.clarity.ms — Cisco Umbrella Rank: 747
q.clarity.ms — Cisco Umbrella Rank: 7008
c.clarity.ms — Cisco Umbrella Rank: 1351
28 KB
7 gstatic.com
fonts.gstatic.com
www.gstatic.com
482 KB
6 rss.app
rss.app — Cisco Umbrella Rank: 56204
widget.rss.app — Cisco Umbrella Rank: 92440
72 KB
5 hsappstatic.net
static.hsappstatic.net — Cisco Umbrella Rank: 5660
306 KB
5 google.com
www.google.com — Cisco Umbrella Rank: 2
35 KB
5 adroll.com
s.adroll.com — Cisco Umbrella Rank: 3274
d.adroll.com — Cisco Umbrella Rank: 1407
139 KB
4 hsforms.com
forms.hsforms.com — Cisco Umbrella Rank: 4278
perf-na1.hsforms.com — Cisco Umbrella Rank: 5196
forms-na1.hsforms.com — Cisco Umbrella Rank: 6786
10 KB
4 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 349
px4.ads.linkedin.com — Cisco Umbrella Rank: 6550
2 KB
4 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2029
www.google-analytics.com — Cisco Umbrella Rank: 27
21 KB
3 hs-scripts.com
js-na1.hs-scripts.com — Cisco Umbrella Rank: 6564
js.hs-scripts.com — Cisco Umbrella Rank: 2407
3 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 37
265 KB
2 getnitropack.com
to.getnitropack.com — Cisco Umbrella Rank: 19009
254 B
2 clearbitjs.com
x.clearbitjs.com — Cisco Umbrella Rank: 14038
45 KB
2 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 38
stats.g.doubleclick.net — Cisco Umbrella Rank: 79
2 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 174
92 KB
2 hsforms.net
js.hsforms.net — Cisco Umbrella Rank: 6523
304 KB
1 bing.com
c.bing.com — Cisco Umbrella Rank: 247
764 B
1 clearbit.com
app.clearbit.com — Cisco Umbrella Rank: 14315
1 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 28
2 KB
1 clearbitscripts.com
tag.clearbitscripts.com — Cisco Umbrella Rank: 12061
5 KB
1 google.de
www.google.de — Cisco Umbrella Rank: 6518
455 B
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 107
185 B
1 hsleadflows.net
js.hsleadflows.net — Cisco Umbrella Rank: 4975
88 KB
1 usemessages.com
js.usemessages.com — Cisco Umbrella Rank: 4841
24 KB
1 hs-analytics.net
js.hs-analytics.net — Cisco Umbrella Rank: 2120
21 KB
1 hs-banner.com
js.hs-banner.com — Cisco Umbrella Rank: 2148
21 KB
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 783
16 KB
1 nitroscripts.com
nitroscripts.com — Cisco Umbrella Rank: 18279
10 KB
1 hellobar.com
my.hellobar.com — Cisco Umbrella Rank: 17117
1 webflow.com
uploads-ssl.webflow.com — Cisco Umbrella Rank: 13831
278 KB
192 34
Domain Requested by
71 cyble.com cyble.com
21 a.omappapi.com cyble.com
a.omappapi.com
6 fonts.wp.com fonts-api.wp.com
5 static.hsappstatic.net app.hubspot.com
static.hsappstatic.net
5 www.google.com cyble.com
a.omappapi.com
www.gstatic.com
www.google.com
5 q.clarity.ms www.clarity.ms
5 rss.app 1 redirects cyble.com
widget.rss.app
rss.app
4 www.gstatic.com www.google.com
www.gstatic.com
4 s.adroll.com cyble.com
s.adroll.com
www.googletagmanager.com
3 fonts.gstatic.com fonts.googleapis.com
www.google.com
3 app.hubspot.com js.usemessages.com
static.hsappstatic.net
3 px.ads.linkedin.com 2 redirects snap.licdn.com
3 www.googletagmanager.com cyble.com
www.googletagmanager.com
2 to.getnitropack.com nitroscripts.com
2 track.hubspot.com
2 c.clarity.ms 1 redirects
2 x.clearbitjs.com tag.clearbitscripts.com
2 api.hubspot.com js.usemessages.com
2 pixel.wp.com cyble.com
2 forms.hsforms.com js.hsforms.net
cyble.com
2 www.clarity.ms cyble.com
www.clarity.ms
2 connect.facebook.net www.googletagmanager.com
connect.facebook.net
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 region1.google-analytics.com www.googletagmanager.com
2 js.hs-scripts.com cyble.com
www.googletagmanager.com
2 js.hsforms.net cyble.com
js.hsforms.net
2 fonts-api.wp.com cyble.com
1 forms.hubspot.com js.hsleadflows.net
1 c.bing.com 1 redirects
1 app.clearbit.com x.clearbitjs.com
1 labs.cyble.com cyble.com
1 fonts.googleapis.com a.omappapi.com
1 forms-na1.hsforms.com cyble.com
1 perf-na1.hsforms.com cyble.com
1 tag.clearbitscripts.com www.googletagmanager.com
1 cta-service-cms2.hubspot.com js.hubspot.com
1 api.omappapi.com a.omappapi.com
1 www.google.de cyble.com
1 stats.g.doubleclick.net www.google-analytics.com
1 googleads.g.doubleclick.net www.googletagmanager.com
1 www.facebook.com cyble.com
1 widget.rss.app rss.app
1 js.hsleadflows.net js.hs-scripts.com
1 js.hubspot.com js.hs-scripts.com
1 js.usemessages.com js.hs-scripts.com
1 js.hs-analytics.net js.hs-scripts.com
1 js.hs-banner.com js.hs-scripts.com
1 px4.ads.linkedin.com cyble.com
1 d.adroll.com s.adroll.com
1 snap.licdn.com www.googletagmanager.com
1 nitroscripts.com cyble.com
1 my.hellobar.com cyble.com
1 stats.wp.com cyble.com
1 s0.wp.com cyble.com
1 js-na1.hs-scripts.com cyble.com
1 i0.wp.com cyble.com
1 uploads-ssl.webflow.com cyble.com
192 57
Subject Issuer Validity Valid
tls.automattic.com
R3
2023-11-27 -
2024-02-25
3 months crt.sh
*.wp.com
Sectigo ECC Domain Validation Secure Server CA
2023-11-28 -
2024-12-28
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
uploads-ssl.webflow.com
Amazon RSA 2048 M02
2023-07-29 -
2024-08-26
a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3
2023-05-16 -
2024-05-15
a year crt.sh
s.adroll.com
Amazon RSA 2048 M01
2023-06-03 -
2024-07-01
a year crt.sh
nitroscripts.com
GTS CA 1P5
2024-01-04 -
2024-04-03
3 months crt.sh
rss.app
GTS CA 1P5
2023-12-06 -
2024-03-05
3 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA
2023-12-13 -
2024-12-12
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2023-10-27 -
2024-01-25
3 months crt.sh
www.clarity.ms
DigiCert TLS RSA SHA256 2020 CA1
2023-12-07 -
2024-12-07
a year crt.sh
d.adroll.com
Amazon RSA 2048 M01
2023-10-09 -
2024-11-07
a year crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA
2023-11-03 -
2024-05-03
6 months crt.sh
hubspot.com
Cloudflare Inc ECC CA-3
2024-01-06 -
2024-12-31
a year crt.sh
a.clarity.ms
Microsoft Azure TLS Issuing CA 01
2024-01-14 -
2024-06-27
5 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
www.google.com
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
www.google.de
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
a.omappapi.com
R3
2024-01-01 -
2024-03-31
3 months crt.sh
api.opmnstr.com
Amazon RSA 2048 M03
2023-12-11 -
2025-01-07
a year crt.sh
clearbitscripts.com
Amazon RSA 2048 M01
2023-06-11 -
2024-07-09
a year crt.sh
upload.video.google.com
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
*.gstatic.com
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
clearbitjs.com
Amazon RSA 2048 M01
2023-03-17 -
2024-04-14
a year crt.sh
hsappstatic.net
Cloudflare Inc ECC CA-3
2023-04-10 -
2024-04-09
a year crt.sh
labs.cyble.com
GTS CA 1P5
2023-12-27 -
2024-03-26
3 months crt.sh
clearbit.com
Amazon RSA 2048 M02
2023-03-17 -
2024-04-14
a year crt.sh
*.google.com
GTS CA 1C3
2023-12-11 -
2024-03-04
3 months crt.sh
getnitropack.com
Cloudflare Inc ECC CA-3
2024-01-13 -
2024-12-31
a year crt.sh

This page contains 6 frames:

Primary Page: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Frame ID: E47FB37606C586FB63BFAEC2862818C6
Requests: 169 HTTP requests in this frame

Frame: https://rss.app/embed/v1/ticker/P2fHZrBhF33hkw0R
Frame ID: D84D2F7D4D323257B766C176702E3215
Requests: 3 HTTP requests in this frame

Frame: https://rss.app/cdn-cgi/challenge-platform/h/b/scripts/jsd/c8377512/main.js
Frame ID: 204970BD01C286EC86EB8EED9048A4C5
Requests: 2 HTTP requests in this frame

Frame: https://js.hsforms.net/forms/v2.js
Frame ID: FE2A00AFB017ED2B5DCC9E6A5FAB0FAA
Requests: 1 HTTP requests in this frame

Frame: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/86e27fb9bb5c4e9f9ebac94649615f07?uuid=c8e6ce8806134ee3aae806202db20e54&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=cyble.com&inApp53=false&messagesUtk=86e27fb9bb5c4e9f9ebac94649615f07&url=https%3A%2F%2Fcyble.com%2Fblog%2Fcyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
Frame ID: 0330D872EA98F51FB1F27194B7F09709
Requests: 9 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ld852MnAAAAAFzgX2FpHqe1Ic4SAQOJBd3NkMga&co=aHR0cHM6Ly9jeWJsZS5jb206NDQz&hl=de&v=Ya-Cd6PbRI5ktAHEhm9JuKEu&size=invisible&cb=cux9dwwrsolp
Frame ID: 6702409A46162E17737B3A50A6E189F1
Requests: 8 HTTP requests in this frame

Screenshot

Page Title

Cyber Espionage Attack on the Indian Air Force: Go-Based Infostealer Exploits Slack for Data Theft — Cyble

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link rel=["']stylesheet["'] [^>]+/wp-(?:content|includes)/
  • <link[^>]+s\d+\.wp\.com
  • /wp-(?:content|includes)/

Overall confidence: 100%
Detected patterns
  • (?:a|s)\.adroll\.com

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • js\.hs-analytics\.net/analytics

Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Overall confidence: 100%
Detected patterns
  • /revslider/[/\w-]+/js

Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

192
Requests

98 %
HTTPS

77 %
IPv6

34
Domains

57
Subdomains

48
IPs

4
Countries

3504 kB
Transfer

10952 kB
Size

39
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 92
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1705543760472&url=https%3A%2F%2Fcyble.com%2Fblog%2Fcyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft%2F HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1705543760472&url=https%3A%2F%2Fcyble.com%2Fblog%2Fcyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft%2F&cookiesTest=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1705543760472&url=https%3A%2F%2Fcyble.com%2Fblog%2Fcyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft%2F&cookiesTest=true&e_ipv6=AQKjWSmukHry2QAAAY0aVHt9fRZoTRVNiDFgaC9M8iIZ0lmXUt4bYdrlpb63vhBqMsAFDIa5N1l-
Request Chain 106
  • https://rss.app/cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP 302
  • https://rss.app/cdn-cgi/challenge-platform/h/b/scripts/jsd/c8377512/main.js
Request Chain 184
  • https://c.clarity.ms/c.gif HTTP 302
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=8DFB66B388AA4521BA13951482E906B7&RedC=c.clarity.ms&MXFR=25DA98876D80632D15D18C8D69806D2B HTTP 302
  • https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=8DFB66B388AA4521BA13951482E906B7&MUID=1C73BAA0B44F6B503E68AEAAB54F6A54

192 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
416 KB
81 KB
Document
General
Full URL
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e34124a12a9dc2f131c62ee30a7f3a4162213c5e7293f15d8ac8700070ab2072
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
no-cache
cf-edge-cache
no-cache
content-encoding
br
content-type
text/html; charset=UTF-8
date
Thu, 18 Jan 2024 02:09:19 GMT
host-header
WordPress.com
link
<https://cyble.com/wp-json/>; rel="https://api.w.org/" <https://cyble.com/wp-json/wp/v2/posts/33086>; rel="alternate"; type="application/json" <https://wp.me/pf01Lu-8BE>; rel=shortlink
referrer-policy
no-referrer-when-downgrade
server
nginx
strict-transport-security
max-age=31536000
vary
Accept-Encoding Cookie
x-ac
2.hhn _atomic_ams MISS
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-hacker
Want root? Visit join.a8c.com and mention this header.
x-nitro-cache
MISS
x-xss-protection
1; mode=block
frontend.min.css
cyble.com/wp-content/themes/astra/assets/css/minified/
47 KB
10 KB
Stylesheet
General
Full URL
https://cyble.com/wp-content/themes/astra/assets/css/minified/frontend.min.css?ver=4.6.3
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
564a710221e64d78f8178a9e34e5c54fb8d0f3c72253adac0a7b73fbb43ca650
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Tue, 09 Jan 2024 18:11:06 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"659d8c3a-bbeb"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
426c28e7-0f0c-4163-8006-a69e233e42d7
https://cyble.com/
1 KB
0
Other
General
Full URL
blob:https://cyble.com/426c28e7-0f0c-4163-8006-a69e233e42d7
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Length
1245
Content-Type
text/javascript
css
fonts-api.wp.com/
8 KB
1 KB
Stylesheet
General
Full URL
https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%2C500%7CRoboto%3A500%2C400&display=fallback&ver=4.6.3
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
a61adcba5535446226b967547c5a240a0c58588d868a17890e04c990b67c5f82
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-encoding
gzip
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
x-nc
BYPASS hhn 1
last-modified
Thu, 18 Jan 2024 02:09:20 GMT
server
nginx
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
style.css
cyble.com/wp-content/plugins/gutenberg/build/block-library/
110 KB
15 KB
Stylesheet
General
Full URL
https://cyble.com/wp-content/plugins/gutenberg/build/block-library/style.css?ver=17.4.1
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
c9888540dccd636c2edffbc0986fcec9a2efc37d43c2f949bfebae77c8a141c8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Wed, 20 Dec 2023 13:40:02 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"6582eeb2-1b978"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
style.css
cyble.com/wp-content/plugins/layout-grid/
58 KB
3 KB
Stylesheet
General
Full URL
https://cyble.com/wp-content/plugins/layout-grid/style.css?ver=1643201242
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
4ff079893cbfe8eebd0d49b7c8bcbeba131173b3e0da0e13210ad611869e0e36
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Wed, 26 Jan 2022 12:47:22 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"61f142da-e64d"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
mediaelementplayer-legacy.min.css
cyble.com/wp-includes/js/mediaelement/
11 KB
3 KB
Stylesheet
General
Full URL
https://cyble.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.17
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Tue, 29 Sep 2020 15:53:06 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"5f735862-2bf8"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
wp-mediaelement.min.css
cyble.com/wp-includes/js/mediaelement/
4 KB
1 KB
Stylesheet
General
Full URL
https://cyble.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=6.4.2
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Fri, 07 Jun 2019 20:45:02 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"5cfaccce-105a"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
slick.css
cyble.com/wp-content/plugins/wp-responsive-recent-post-slider/assets/css/
1 KB
802 B
Stylesheet
General
Full URL
https://cyble.com/wp-content/plugins/wp-responsive-recent-post-slider/assets/css/slick.css?ver=3.5.1
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
82dfce8760ca230bb796f728f5444cec9f3611c94bfe33298cad70aa524e0eb2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Fri, 12 Jan 2024 18:42:04 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"65a187fc-591"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
recent-post-style.css
cyble.com/wp-content/plugins/wp-responsive-recent-post-slider/assets/css/
12 KB
2 KB
Stylesheet
General
Full URL
https://cyble.com/wp-content/plugins/wp-responsive-recent-post-slider/assets/css/recent-post-style.css?ver=3.5.1
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
906a1c7b899193c5ff4f6a373f6584155142dcaaaf3d7d2c2c71bd3cd02a8b42
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Fri, 12 Jan 2024 18:42:04 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"65a187fc-2ff4"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
header-footer-elementor.css
cyble.com/wp-content/plugins/header-footer-elementor/assets/css/
776 B
608 B
Stylesheet
General
Full URL
https://cyble.com/wp-content/plugins/header-footer-elementor/assets/css/header-footer-elementor.css?ver=1.6.23
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
25825611ade7ceaed7df3862ec56dc91ad1d2be539966ef7bbe84306e51cfb08
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Wed, 03 Jan 2024 18:11:09 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"6595a33d-308"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
elementor-icons.min.css
cyble.com/wp-content/plugins/elementor/assets/lib/eicons/css/
19 KB
4 KB
Stylesheet
General
Full URL
https://cyble.com/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5.25.0
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
d2f82e2e141c7a7f31f40ab9ed8c499bba09505bac8b806cf016d10550e2a6d7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Wed, 20 Dec 2023 18:11:07 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"65832e3b-4c73"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
frontend.min.css
cyble.com/wp-content/plugins/elementor/assets/css/
167 KB
21 KB
Stylesheet
General
Full URL
https://cyble.com/wp-content/plugins/elementor/assets/css/frontend.min.css?ver=3.18.3
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
abe1725ffb70a32273f47bad7ce88db19fc3892d6789c4b4a7e2404f89da6b98
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Wed, 20 Dec 2023 18:11:07 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"65832e3b-29be7"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
swiper.min.css
cyble.com/wp-content/plugins/elementor/assets/lib/swiper/css/
13 KB
3 KB
Stylesheet
General
Full URL
https://cyble.com/wp-content/plugins/elementor/assets/lib/swiper/css/swiper.min.css?ver=5.3.6
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
d622534d53d3ac1095af275f0b30274fcd835785577df2dde6d9398e6f7a2c8f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Wed, 20 Dec 2023 18:11:07 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"65832e3b-324c"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
post-5708.css
cyble.com/wp-content/uploads/elementor/css/
1 KB
719 B
Stylesheet
General
Full URL
https://cyble.com/wp-content/uploads/elementor/css/post-5708.css?ver=1703231786
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
9281e92347951df7b3764862686c89f3344547c77e10096acbb5196ff6c8645f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Fri, 22 Dec 2023 07:56:26 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"6585412a-4bd"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
frontend.min.css
cyble.com/wp-content/plugins/elementor-pro/assets/css/
440 KB
44 KB
Stylesheet
General
Full URL
https://cyble.com/wp-content/plugins/elementor-pro/assets/css/frontend.min.css?ver=3.18.2
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
3724e2da1a3d12b529100cd37765782ed4ad2e1da79b4f0c61f888504d1706fe
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Thu, 21 Dec 2023 06:11:12 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"6583d700-6e130"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
uael-frontend.min.css
cyble.com/wp-content/plugins/ultimate-elementor/assets/min-css/
633 KB
69 KB
Stylesheet
General
Full URL
https://cyble.com/wp-content/plugins/ultimate-elementor/assets/min-css/uael-frontend.min.css?ver=1.36.28
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
964da5c5d511063ca3629bb9c241c3c66fe796e75e79a6922a289e1b9dbdcc14
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Thu, 28 Dec 2023 02:47:45 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"658ce1d1-9e59d"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
post-9211.css
cyble.com/wp-content/uploads/elementor/css/
22 KB
2 KB
Stylesheet
General
Full URL
https://cyble.com/wp-content/uploads/elementor/css/post-9211.css?ver=1705314365
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
63a73385264092b260c1ce3fff21c1bc5b582fe72088288f8bcdf24378498a7f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Mon, 15 Jan 2024 10:26:05 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"65a5083d-58c0"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
frontend.css
cyble.com/wp-content/plugins/header-footer-elementor/inc/widgets-css/
74 KB
8 KB
Stylesheet
General
Full URL
https://cyble.com/wp-content/plugins/header-footer-elementor/inc/widgets-css/frontend.css?ver=1.6.23
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ea14d1b1233e6cbc9b1a156ac532f076f7adafc309726fca7bf8833f882ac872
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Wed, 03 Jan 2024 18:11:09 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"6595a33d-127a4"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
astra-addon-659d8c3f1961f7-72284758.css
cyble.com/wp-content/uploads/astra-addon/
50 KB
7 KB
Stylesheet
General
Full URL
https://cyble.com/wp-content/uploads/astra-addon/astra-addon-659d8c3f1961f7-72284758.css?ver=4.6.1
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
da614c06a9daea4f0b2773fc3ce151ac74e5e62966db6315edffe9f7701918a6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Tue, 09 Jan 2024 18:11:11 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"659d8c3f-c6f3"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
front.min.css
cyble.com/wp-content/plugins/cookie-notice/css/
5 KB
1 KB
Stylesheet
General
Full URL
https://cyble.com/wp-content/plugins/cookie-notice/css/front.min.css?ver=2.4.13
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
029dedf319bc4536d9c663ae9c0b10c95d1e9f5dd1de0aa73172e9e89ae254cc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Wed, 29 Nov 2023 04:49:21 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"6566c2d1-13c8"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
css
fonts-api.wp.com/
109 KB
5 KB
Stylesheet
General
Full URL
https://fonts-api.wp.com/css?family=Open+Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.4.2
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
e8bedb6d8f202fea8926a8236b3c032a5122768ca7948f490da9e8c5fa26f84c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-encoding
gzip
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
x-nc
BYPASS hhn 1
last-modified
Thu, 18 Jan 2024 01:05:57 GMT
server
nginx
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding, Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
fontawesome.min.css
cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/
57 KB
13 KB
Stylesheet
General
Full URL
https://cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver=5.15.3
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
d01a2ba2805c78957e15a2958135de0f3cb88e95159dd0f6c0a032bd76b1b0e9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Wed, 20 Dec 2023 18:11:07 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"65832e3b-e238"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
brands.min.css
cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/
675 B
632 B
Stylesheet
General
Full URL
https://cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
9cd63b8cea25045c14623c538d26752518a58c0c682795ce6ad3078976c65a37
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Wed, 20 Dec 2023 18:11:07 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"65832e3b-2a3"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
jetpack.css
cyble.com/wp-content/plugins/jetpack/css/
99 KB
19 KB
Stylesheet
General
Full URL
https://cyble.com/wp-content/plugins/jetpack/css/jetpack.css?ver=13.0
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
274928f2bf62780b9b7e9d27705d30ed9647c4243ae6a0abf1fa53fc1b6c1989
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Mon, 08 Jan 2024 20:42:16 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"659c5e28-18cfd"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery.min.js
cyble.com/wp-includes/js/jquery/
86 KB
31 KB
Script
General
Full URL
https://cyble.com/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Mon, 28 Aug 2023 17:14:23 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"64ecd5ef-15601"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery-migrate.min.js
cyble.com/wp-includes/js/jquery/
13 KB
5 KB
Script
General
Full URL
https://cyble.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Fri, 09 Jun 2023 05:49:24 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"6482bd64-3509"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
related-posts.min.js
cyble.com/wp-content/plugins/jetpack/_inc/build/related-posts/
6 KB
2 KB
Script
General
Full URL
https://cyble.com/wp-content/plugins/jetpack/_inc/build/related-posts/related-posts.min.js?ver=20211209
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
a68827190bc01a61ee0a62ec59efa74497a6bc5aa8586f1fac50a58d0cf42d88
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Mon, 19 Jun 2023 19:16:28 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"6490a98c-1661"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
front.min.js
cyble.com/wp-content/plugins/cookie-notice/js/
8 KB
2 KB
Script
General
Full URL
https://cyble.com/wp-content/plugins/cookie-notice/js/front.min.js?ver=2.4.13
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
08756c47213d461baa3b01f42448a76d11f524470c7a34f9018733889bd4f49c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Wed, 29 Nov 2023 04:49:21 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"6566c2d1-21fc"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
js
www.googletagmanager.com/gtag/
328 KB
106 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=GT-WKTZW36
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
743ff8ea292dd92b9fe1bd32be7a2a528c4fd0f042720ab38be1f014877ecbec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
108484
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Thu, 18 Jan 2024 02:09:20 GMT
/
cyble.com/
11 KB
2 KB
Stylesheet
General
Full URL
https://cyble.com/?custom-css=d8f859cb7a
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
a9fe76154119e569200be13db87f53d6f8007ebcc71b27bbcfc1c1a9fad719f9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

cf-edge-cache
no-cache
x-hacker
Want root? Visit join.a8c.com and mention this header.
date
Thu, 18 Jan 2024 02:09:21 GMT
strict-transport-security
max-age=31536000
content-encoding
br
x-ac
2.hhn _atomic_ams MISS
server
nginx
vary
Accept-Encoding, Cookie
content-type
text/css;charset=utf-8
cache-control
no-cache
host-header
WordPress.com
alt-svc
h3=":443"; ma=86400
expires
Fri, 17 Jan 2025 02:09:21 GMT
cyble_white.svg
cyble.com/wp-content/uploads/2024/01/
11 KB
4 KB
Image
General
Full URL
https://cyble.com/wp-content/uploads/2024/01/cyble_white.svg
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
6d7c5230c3fd8042cabac27443c1df268add55d85b48b34e0555f09759b57497
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Wed, 03 Jan 2024 09:05:45 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"65952369-2c21"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=604800
alt-svc
h3=":443"; ma=86400
expires
Wed, 24 Jan 2024 17:23:39 GMT
visioncyble.png
cyble.com/wp-content/uploads/2023/08/
6 KB
7 KB
Image
General
Full URL
https://cyble.com/wp-content/uploads/2023/08/visioncyble.png
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
b674ae72e31570fbfba5dd723788233676575b3d5ae6ca6f08846f1af6cd951c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
x-ac
2.hhn _atomic_ams HIT
last-modified
Thu, 31 Aug 2023 04:03:56 GMT
server
nginx
etag
"64f0112c-19b2"
access-control-allow-methods
GET, HEAD
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
content-length
6578
expires
Wed, 24 Jan 2024 17:23:39 GMT
hawkbycyble.png
cyble.com/wp-content/uploads/2023/08/
4 KB
4 KB
Image
General
Full URL
https://cyble.com/wp-content/uploads/2023/08/hawkbycyble.png
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
50609579a0013a9543bdf2f3b69b484dafea8e313a2ce1a65f5ae93a930991d6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
x-ac
2.hhn _atomic_ams HIT
last-modified
Thu, 31 Aug 2023 06:39:32 GMT
server
nginx
etag
"64f035a4-e06"
access-control-allow-methods
GET, HEAD
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
content-length
3590
expires
Wed, 24 Jan 2024 17:23:39 GMT
Ami-Breached.png
cyble.com/wp-content/uploads/2023/08/
5 KB
5 KB
Image
General
Full URL
https://cyble.com/wp-content/uploads/2023/08/Ami-Breached.png
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
39badaa7254daebaccbfc900a8ab3e619aaa048a7306b182ecf19655fdaf3976
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
x-ac
2.hhn _atomic_ams HIT
last-modified
Mon, 04 Sep 2023 07:06:50 GMT
server
nginx
etag
"64f5820a-1282"
access-control-allow-methods
GET, HEAD
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
content-length
4738
expires
Wed, 24 Jan 2024 17:23:39 GMT
cybleodin.png
cyble.com/wp-content/uploads/2023/08/
7 KB
7 KB
Image
General
Full URL
https://cyble.com/wp-content/uploads/2023/08/cybleodin.png
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
02691c38db1b70e6897e594025a6080e91d8ff8e6af11d3c76d922af318cdc69
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
x-ac
2.hhn _atomic_ams HIT
last-modified
Mon, 04 Sep 2023 07:06:50 GMT
server
nginx
etag
"64f5820a-1a66"
access-control-allow-methods
GET, HEAD
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
content-length
6758
expires
Wed, 24 Jan 2024 17:23:39 GMT
tce-logo.png
cyble.com/wp-content/uploads/2023/08/
10 KB
10 KB
Image
General
Full URL
https://cyble.com/wp-content/uploads/2023/08/tce-logo.png
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f650518059b9901bbf0175fde4089bda6ac93efef083514d37c3245a7f50abdf
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
x-ac
2.hhn _atomic_ams HIT
last-modified
Thu, 31 Aug 2023 06:41:34 GMT
server
nginx
etag
"64f0361e-271a"
access-control-allow-methods
GET, HEAD
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
content-length
10010
expires
Wed, 24 Jan 2024 17:23:39 GMT
63e0e74f21fa4757c3a4f79f_products.png
uploads-ssl.webflow.com/63dd0ddca5abb1b5aff27e38/
277 KB
278 KB
Image
General
Full URL
https://uploads-ssl.webflow.com/63dd0ddca5abb1b5aff27e38/63e0e74f21fa4757c3a4f79f_products.png
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.13 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-13.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e5c524e3e761e7f83d82d0713c43a707f52e9d2bac9d3705a09857714e094fac

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 17:02:15 GMT
x-amz-version-id
8j9.sXtilP1QVSLFuZIMlcthaYrBO2bI
via
1.1 83f46196ad7d99e4351e2a7adab8f174.cloudfront.net (CloudFront)
age
3229625
x-amz-cf-pop
FRA56-P5
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
283614
last-modified
Mon, 06 Feb 2023 11:41:05 GMT
server
AmazonS3
etag
"c9ae576c481235e660203b28916cb3fc"
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=31536000, must-revalidate
accept-ranges
bytes
x-amz-cf-id
ig2XxLHYvCP_NrjN6uASK33CmguXAdSvqjJXTFU_Ljsr5Tr2piZPUw==
Go-Stealer-Indian-Air-Force-1024x512.webp
cyble.com/wp-content/uploads/2024/01/
38 KB
39 KB
Image
General
Full URL
https://cyble.com/wp-content/uploads/2024/01/Go-Stealer-Indian-Air-Force-1024x512.webp
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
5ba92ae2fac4723f2d2d1f2ddf4535efe1a2ad4506052d9e6412027ba555083a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
x-ac
2.hhn _atomic_ams HIT
alt-svc
h3=":443"; ma=86400
content-length
39134
x-nc
HIT dca 3
last-modified
Wed, 17 Jan 2024 09:36:03 GMT
server
nginx
etag
"5b43a31b07ad55e4"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
expires
Fri, 16 Jan 2026 21:36:03 GMT
Figure-1-Infection-Chain-1.png
cyble.com/wp-content/uploads/2024/01/
45 KB
45 KB
Image
General
Full URL
https://cyble.com/wp-content/uploads/2024/01/Figure-1-Infection-Chain-1.png
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
683f797f0026aa30f2ba5e6cc39f6bda8ca2c64bb90cac8e0642b76846e8b054
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
x-ac
2.hhn _atomic_ams HIT
last-modified
Wed, 17 Jan 2024 09:22:03 GMT
server
nginx
etag
"65a79c3b-b499"
access-control-allow-methods
GET, HEAD
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
content-length
46233
expires
Wed, 24 Jan 2024 17:44:07 GMT
image-71.png
cyble.com/wp-content/uploads/2021/02/
37 KB
37 KB
Image
General
Full URL
https://cyble.com/wp-content/uploads/2021/02/image-71.png
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
7f5b0ef792cd9f4f4dfc24775cbd9802b783db627914fd71549c8ff60d544253
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
x-ac
2.hhn _atomic_ams HIT
last-modified
Tue, 16 Feb 2021 01:01:26 GMT
server
nginx
etag
"602b1966-932c"
access-control-allow-methods
GET, HEAD
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
content-length
37676
expires
Wed, 24 Jan 2024 17:44:07 GMT
9aecc382-4f9c-4b98-84b5-bff91dbc6d50.png
cyble.com/wp-content/uploads/2021/02/
10 KB
11 KB
Image
General
Full URL
https://cyble.com/wp-content/uploads/2021/02/9aecc382-4f9c-4b98-84b5-bff91dbc6d50.png
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
eb69a3fbdfb147c334fe4897c060071321309a3a167adb83dbfb3ea1321ae154
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
x-ac
2.hhn _atomic_ams HIT
last-modified
Wed, 17 Feb 2021 15:07:53 GMT
server
nginx
etag
"602d3149-29d2"
access-control-allow-methods
GET, HEAD
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
content-length
10706
expires
Wed, 24 Jan 2024 17:44:07 GMT
subscribe-to-CRIL.jpg
i0.wp.com/blog.cyble.com//srv/htdocs/wp-content/uploads/2021/11/
16 KB
16 KB
Image
General
Full URL
https://i0.wp.com/blog.cyble.com//srv/htdocs/wp-content/uploads/2021/11/subscribe-to-CRIL.jpg
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.2 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
i1.wp.com
Software
nginx /
Resource Hash
382e9768b5578d5ad05e51e37670a3cf93d4593a49bcbee1f5e8b66d0d8c1c53
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
x-content-type-options
nosniff
alt-svc
h3=":443"; ma=86400
content-length
16232
x-nc
HIT hhn 1
last-modified
Wed, 26 Jul 2023 23:15:01 GMT
server
nginx
etag
"27ade7d444618f64"
vary
Accept
access-control-allow-methods
GET, HEAD
content-type
image/webp
access-control-allow-origin
*
cache-control
public, max-age=63115200
timing-allow-origin
*
link
<http://blog.cyble.com//srv/htdocs/wp-content/uploads/2021/11/subscribe-to-CRIL.jpg>; rel="canonical"
expires
Sat, 26 Jul 2025 11:15:01 GMT
v2.js
js.hsforms.net/forms/
477 KB
152 KB
Script
General
Full URL
https://js.hsforms.net/forms/v2.js
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:89ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
72427688bf5fd3d197ee8b6761345fa51cb0fe26c5fa669577a45b72d46be04f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-encoding
br
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.4517/bundles/project-v2.js&cfRay=84734b950a53924f-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"d157820700e303c59e15373c95d85332"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=600, max-age=300
x-hs-target-asset
forms-embed/static-1.4517/bundles/project-v2.js
date
Thu, 18 Jan 2024 02:09:20 GMT
x-amz-version-id
DsPINmPpEK1rj8qQVqMbyQWTeGZJROAK
via
1.1 7375f2360b80ec8c602f04aa2cc7a57c.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
845d93b1-51c5-4693-b1ca-ffae12d12286
x-cache
Hit from cloudfront
cache-tag
staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
0
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
845d93b1-51c5-4693-b1ca-ffae12d12286
last-modified
Tue, 16 Jan 2024 11:21:30 UTC
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YzYWYQe5YjllyxjWw%2BV%2BABqt6X1EgEPRiSMwJ7LR1SObyRlxpUqvR%2BeSU%2Bk8CzqGQVUtKi6qcv7r2zWjlv4pfAIVhZ3azrrmZwJRooAyH6WAIuxPm1NMqIZOJ3HOckSgnbWEtu2CdI0KWjSt"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status
HIT
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-bf946f66b-b4w97
cf-ray
84734b950a53924f-FRA
x-amz-cf-id
7i-qCJr2t_ggPEYnhASyB6oXHdIPnKD5jcMDs_Le-67msFSsh0e7DA==
21289959.js
js-na1.hs-scripts.com/
2 KB
1 KB
Script
General
Full URL
https://js-na1.hs-scripts.com/21289959.js
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:bc59 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0f8b49132eba8075f78a37c968b2464149211d99f34329ac6d668647faaf4541
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
EXPIRED
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
33640629-c6db-49b6-872d-78e17ca4241b
x-envoy-upstream-service-time
6
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
33640629-c6db-49b6-872d-78e17ca4241b
last-modified
Thu, 18 Jan 2024 01:41:46 GMT
server
cloudflare
x-trace
2BA4D4A3277B18F1C635BBAAEED43A91C9BFD28BB0000000000000000000
vary
origin, Accept-Encoding
access-control-max-age
3600
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://cyble.com
x-evy-trace-virtual-host
all
cache-control
public, max-age=30
access-control-allow-credentials
true
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-fcdc68c87-7llll
cf-ray
84734b956c8a698f-FRA
bilmur.min.js
s0.wp.com/wp-content/js/
6 KB
3 KB
Script
General
Full URL
https://s0.wp.com/wp-content/js/bilmur.min.js?m=202403
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
216728e33a7de4be9b784eff527c6ccf1658319ea78fe66a7864c0b923200252

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Thu, 18 Jan 2024 02:09:20 GMT
content-encoding
br
x-ac
2.hhn _dca MISS
last-modified
Wed, 15 Nov 2023 17:05:24 GMT
server
nginx
etag
W/"6554fa54-161b"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
timing-allow-origin
*
alt-svc
h3=":443"; ma=86400, h3=":443"; ma=86400
expires
Tue, 14 Jan 2025 00:00:01 GMT
magamenu-frontend.min.css
cyble.com/wp-content/plugins/astra-addon/addons/nav-menu/assets/css/minified/
0
298 B
Stylesheet
General
Full URL
https://cyble.com/wp-content/plugins/astra-addon/addons/nav-menu/assets/css/minified/magamenu-frontend.min.css?ver=4.6.1
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
x-ac
2.hhn _atomic_ams HIT
last-modified
Tue, 09 Jan 2024 18:11:05 GMT
server
nginx
etag
"659d8c39-0"
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=315360000
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
content-length
0
expires
Thu, 31 Dec 2037 23:55:55 GMT
rs6.css
cyble.com/wp-content/plugins/revslider/public/assets/css/
57 KB
13 KB
Stylesheet
General
Full URL
https://cyble.com/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.6.20
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
d2a7a173045c7ed2c9474ee0edd3ebc0389454132b0a16e55b3eae6402c46a05
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Fri, 12 Jan 2024 03:57:42 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"65a0b8b6-e3d7"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
text/css
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
frontend.min.js
cyble.com/wp-content/themes/astra/assets/js/minified/
21 KB
5 KB
Script
General
Full URL
https://cyble.com/wp-content/themes/astra/assets/js/minified/frontend.min.js?ver=4.6.3
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
00cfed1d7680f3a3435bf24ed4286fa745c0b33d78f5f169e6fcf94852b93589
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Tue, 09 Jan 2024 18:11:06 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"659d8c3a-530a"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
21289959.js
js.hs-scripts.com/
2 KB
795 B
Script
General
Full URL
https://js.hs-scripts.com/21289959.js?integration=WordPress&ver=10.2.17
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:bd59 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0f8b49132eba8075f78a37c968b2464149211d99f34329ac6d668647faaf4541
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
EXPIRED
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
ad5c21d2-2185-4fb8-84d9-35f30efab695
x-envoy-upstream-service-time
6
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
ad5c21d2-2185-4fb8-84d9-35f30efab695
last-modified
Wed, 17 Jan 2024 23:51:23 GMT
server
cloudflare
x-trace
2B2865894CD40E3AADEC039F3E2CCECE9B3F896030000000000000000000
vary
origin, Accept-Encoding
access-control-max-age
3600
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://cyble.com
x-evy-trace-virtual-host
all
cache-control
public, max-age=90
access-control-allow-credentials
true
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-fcdc68c87-rw5nf
cf-ray
84734b956b913a8e-FRA
expires
Thu, 18 Jan 2024 02:10:50 GMT
rbtools.min.js
cyble.com/wp-content/plugins/revslider/public/assets/js/
161 KB
62 KB
Script
General
Full URL
https://cyble.com/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.6.20
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
c4596b16b126326b0d8fc2fb8bf91389ad3dc4671a269187913c19a8f2ad1094
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Fri, 12 Jan 2024 03:57:42 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"65a0b8b6-285db"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
rs6.min.js
cyble.com/wp-content/plugins/revslider/public/assets/js/
401 KB
106 KB
Script
General
Full URL
https://cyble.com/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.6.20
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
c5f3b2f654d2d8210a481c0164f0a53430cd09b77c34374fe23c9a03f5ad00fb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Fri, 12 Jan 2024 03:57:42 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"65a0b8b6-642f9"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
wp-polyfill-inert.min.js
cyble.com/wp-includes/js/dist/vendor/
8 KB
3 KB
Script
General
Full URL
https://cyble.com/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.2
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Wed, 18 Jan 2023 11:16:33 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"63c7d511-1feb"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
regenerator-runtime.min.js
cyble.com/wp-includes/js/dist/vendor/
6 KB
3 KB
Script
General
Full URL
https://cyble.com/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.14.0
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
1d52e1ac7d3bc25a8b0ffc257153f9dd50249f96fe9a4df5e0d771241a69062c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Tue, 19 Sep 2023 19:30:24 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"6509f6d0-19e1"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
wp-polyfill.min.js
cyble.com/wp-includes/js/dist/vendor/
112 KB
36 KB
Script
General
Full URL
https://cyble.com/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
da9ed5720b674f0d297fe621ac2d8d518c4e622bef1e9b0d4ae489dee9aa43f8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Tue, 26 Sep 2023 14:23:26 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"6512e95e-1c1b7"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
index.min.js
cyble.com/wp-content/plugins/gutenberg/build/dom-ready/
501 B
628 B
Script
General
Full URL
https://cyble.com/wp-content/plugins/gutenberg/build/dom-ready/index.min.js?ver=8ef91b5d96d5175674de
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
d8389d26351a0f26efc3c89b4a46c543f012905dd9dd8056ecef0eb72285c4e1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Wed, 11 Oct 2023 19:29:26 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"6526f796-1f5"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
main.js
cyble.com/wp-content/plugins/astra-pro-sites/inc/lib/onboarding/assets/dist/template-preview/
6 KB
3 KB
Script
General
Full URL
https://cyble.com/wp-content/plugins/astra-pro-sites/inc/lib/onboarding/assets/dist/template-preview/main.js?ver=06758d4d807d9d22c6ea
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
4a8bd33bfe771e0bd46fade45435a9fa2d0c3a8af2409b1f5a74a6b96b03faa9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Mon, 15 Jan 2024 18:11:16 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"65a57544-19b5"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
astra-addon-659d8c3f29d6d0-33051380.js
cyble.com/wp-content/uploads/astra-addon/
37 KB
8 KB
Script
General
Full URL
https://cyble.com/wp-content/uploads/astra-addon/astra-addon-659d8c3f29d6d0-33051380.js?ver=4.6.1
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
a0520951344a0a82548f72736baa2072e965cfdaeb51f397b3a5901b1024a406
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Tue, 09 Jan 2024 18:11:11 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"659d8c3f-93f1"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
e-202403.js
stats.wp.com/
7 KB
3 KB
Script
General
Full URL
https://stats.wp.com/e-202403.js
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
4f9f4e2e225088f9cf3b6b54aa421e0f776d1802255505d2f752e1f83f441641

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-minify-cache
hit
x-nc
HIT hhn
date
Thu, 18 Jan 2024 02:09:20 GMT
content-encoding
br
server
nginx
x-minify
t
etag
W/14377-1704402356443.5398
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=31536000
alt-svc
h3=":443"; ma=86400
expires
Mon, 13 Jan 2025 06:47:39 GMT
jetpack-carousel.min.js
cyble.com/wp-content/plugins/jetpack/_inc/build/carousel/
23 KB
8 KB
Script
General
Full URL
https://cyble.com/wp-content/plugins/jetpack/_inc/build/carousel/jetpack-carousel.min.js?ver=13.0
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
66e324493b6a145a004d03c0548370be06c879ef95e8072ff8247d0964b26499
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Mon, 18 Dec 2023 16:25:24 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"65807274-5d6b"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
helper.min.js
cyble.com/wp-content/plugins/optinmonster/assets/dist/js/
3 KB
1 KB
Script
General
Full URL
https://cyble.com/wp-content/plugins/optinmonster/assets/dist/js/helper.min.js?ver=2.15.3
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
60a7eb0f25425d3cb621d7ad641aa292dfaec0a6b886234c427721ba7194c431
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Thu, 04 Jan 2024 04:43:12 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"65963760-bb9"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
uael-nav-menu.min.js
cyble.com/wp-content/plugins/ultimate-elementor/assets/min-js/
20 KB
4 KB
Script
General
Full URL
https://cyble.com/wp-content/plugins/ultimate-elementor/assets/min-js/uael-nav-menu.min.js?ver=1.36.28
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
a72fb86e087a914701c121d199dbd32977ba67eb19b327c040f02010736eb012
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Wed, 27 Dec 2023 18:11:21 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"658c68c9-51a4"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
jquery_resize.min.js
cyble.com/wp-content/plugins/ultimate-elementor/assets/lib/jquery-element-resize/
3 KB
2 KB
Script
General
Full URL
https://cyble.com/wp-content/plugins/ultimate-elementor/assets/lib/jquery-element-resize/jquery_resize.min.js?ver=1.36.28
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
54c8ea0d64c3d52573359befbd4e5fab7ff3d18abedf40759fba7d500832177a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Wed, 27 Dec 2023 18:11:21 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"658c68c9-d5e"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
js_cookie.min.js
cyble.com/wp-content/plugins/ultimate-elementor/assets/lib/js-cookie/
2 KB
1 KB
Script
General
Full URL
https://cyble.com/wp-content/plugins/ultimate-elementor/assets/lib/js-cookie/js_cookie.min.js?ver=1.36.28
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
945f333ee61c0da7432df2210a10e3670b38ac2949abe8599a969c00c5db8965
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Wed, 27 Dec 2023 18:11:21 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"658c68c9-7a4"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
webpack-pro.runtime.min.js
cyble.com/wp-content/plugins/elementor-pro/assets/js/
6 KB
3 KB
Script
General
Full URL
https://cyble.com/wp-content/plugins/elementor-pro/assets/js/webpack-pro.runtime.min.js?ver=3.18.2
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
7a84b8a454e84c689e5d3e3078c165647b2e4e13795814fc25b5932bd2e96402
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Thu, 21 Dec 2023 06:11:12 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"6583d700-16c1"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
webpack.runtime.min.js
cyble.com/wp-content/plugins/elementor/assets/js/
5 KB
2 KB
Script
General
Full URL
https://cyble.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.18.3
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
942c9264f9de00fecac162d8f657d9d32a977882341f6ab66e8bf98dab5e1e76
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Wed, 20 Dec 2023 18:11:07 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"65832e3b-1385"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
frontend-modules.min.js
cyble.com/wp-content/plugins/elementor/assets/js/
59 KB
18 KB
Script
General
Full URL
https://cyble.com/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.18.3
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
8e604215fe4a988196d6b824554fad49143f7450349b4a2a285dad3faeba2f7b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Wed, 20 Dec 2023 18:11:07 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"65832e3b-eb0d"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
index.min.js
cyble.com/wp-content/plugins/gutenberg/build/hooks/
4 KB
2 KB
Script
General
Full URL
https://cyble.com/wp-content/plugins/gutenberg/build/hooks/index.min.js?ver=700a21be8955e3eb9568
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
761c4ef72f1aa7bcaf50a6562e915e33d2713aefa1384d6ee1d77a3a07fb7be3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Wed, 11 Oct 2023 19:29:26 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"6526f796-11f6"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
index.min.js
cyble.com/wp-content/plugins/gutenberg/build/i18n/
9 KB
4 KB
Script
General
Full URL
https://cyble.com/wp-content/plugins/gutenberg/build/i18n/index.min.js?ver=f5a63315d8d2f363ce59
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
9ddaa48947691f4edbd85d83e34061cdf5eaabf0b10b59b3922d95233b8950ee
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Wed, 11 Oct 2023 19:29:26 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"6526f796-23b2"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
frontend.min.js
cyble.com/wp-content/plugins/elementor-pro/assets/js/
25 KB
7 KB
Script
General
Full URL
https://cyble.com/wp-content/plugins/elementor-pro/assets/js/frontend.min.js?ver=3.18.2
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ea545fbe45f0f4005e27955f6b63c236438679566c666842f98c24dac9d3e70e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Thu, 21 Dec 2023 06:11:12 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"6583d700-6237"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
waypoints.min.js
cyble.com/wp-content/plugins/elementor/assets/lib/waypoints/
12 KB
3 KB
Script
General
Full URL
https://cyble.com/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Wed, 20 Dec 2023 18:11:07 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"65832e3b-2fa6"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
core.min.js
cyble.com/wp-includes/js/jquery/ui/
21 KB
7 KB
Script
General
Full URL
https://cyble.com/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Thu, 02 Feb 2023 16:36:32 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"63dbe690-53be"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
frontend.min.js
cyble.com/wp-content/plugins/elementor/assets/js/
39 KB
13 KB
Script
General
Full URL
https://cyble.com/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.18.3
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f7e5b0c06ee5bbc14d3e9e9f3055b8108bab899e37aec44a227485f3c3624cee
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Wed, 20 Dec 2023 18:11:07 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"65832e3b-9df4"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
elements-handlers.min.js
cyble.com/wp-content/plugins/elementor-pro/assets/js/
37 KB
10 KB
Script
General
Full URL
https://cyble.com/wp-content/plugins/elementor-pro/assets/js/elements-handlers.min.js?ver=3.18.2
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
503f20b8f6709c55f119a78910163881b3b3ac32d9b6283a914be20107111f3b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Thu, 21 Dec 2023 06:11:12 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"6583d700-94f4"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
.js
my.hellobar.com/
0
0
Script
General
Full URL
https://my.hellobar.com/.js
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:e17 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

roundtrip.js
s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/
94 KB
29 KB
Script
General
Full URL
https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2644:de00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
df751ba7f07cf175d5fbec6305339ad3908875ba8e274b02d3aaa4ea8adfe11b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

X-Amz-Version-Id
_c.3Zu0rr0QU_7Cc56jX4pKE6ztDZxEW
Content-Encoding
gzip
Via
1.1 1c3c1c03f4bbd4e68725363918cb3454.cloudfront.net (CloudFront)
Date
Thu, 18 Jan 2024 01:23:29 GMT
Age
2752
X-Amz-Cf-Pop
FRA60-P6
X-Amz-Server-Side-Encryption
AES256
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Connection
keep-alive
Last-Modified
Wed, 17 Jan 2024 11:47:44 GMT
Server
AmazonS3
Etag
W/"f170ad78ffdc871b97f3f88bd885f2b0"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Access-Control-Max-Age
600
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
QH6pGufMWgsvWiI5YpeeGAEREBiXp0jynnHF2Phl1_1T0cUA5napBA==
JPtKKXLsjJbtelUWnenRbIbVJOerqPTK
nitroscripts.com/generic/
31 KB
10 KB
Script
General
Full URL
https://nitroscripts.com/generic/JPtKKXLsjJbtelUWnenRbIbVJOerqPTK
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:9af8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
17fa2c1abf10d3dbfbc6ae7ea77fbf3a3adc44fc5d8b250cbe2cccf4514a76f4
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
cf-cache-status
HIT
last-modified
Wed, 17 Jan 2024 08:44:00 GMT
server
cloudflare
age
62720
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=600, stale-while-revalidate=31536000
cf-ray
84734b966cc990ec-FRA
gtm.js
www.googletagmanager.com/
246 KB
87 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d0d64c3f9eda799e678ba2a9d8c2b155345e8e0846570204dc14d16a010a331e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
88773
x-xss-protection
0
last-modified
Thu, 18 Jan 2024 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 18 Jan 2024 02:09:20 GMT
P2fHZrBhF33hkw0R
rss.app/embed/v1/ticker/ Frame D84D
1 KB
1 KB
Document
General
Full URL
https://rss.app/embed/v1/ticker/P2fHZrBhF33hkw0R
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:dfa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
269eea553268c80a33059695a4ad3726bbd6982db73afa9718456600ac7c3cac

Request headers

Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cf-cache-status
DYNAMIC
cf-ray
84734b9569c75d81-FRA
content-encoding
br
content-type
text/html
date
Thu, 18 Jan 2024 02:09:20 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pHwaN5juLTJLPqSGCX7bwCZ1bjxPuiQAL04cQNY2D%2F%2FC9CuStJGnJWiaioYGZ6S%2B%2BIqm0VHztNAlrGyV70zGuqfUL3nGMb%2FyDJe2XwPvpxgVJ%2B%2BHCBC7piY5H480R332CgGqkFE%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
vary
Accept-Encoding
collect
region1.google-analytics.com/g/
0
250 B
Ping
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-N9ZXY95EM4&gtm=45Pe41a0v9106873920&_p=1705543760146&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&tcfd=10001&gdid=dZTNiMT&cid=2126298577.1705543760&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1705543760&sct=1&seg=0&dl=https%3A%2F%2Fcyble.com%2Fblog%2Fcyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft%2F&dt=Cyber%20Espionage%20Attack%20on%20the%20Indian%20Air%20Force%3A%20Go-Based%20Infostealer%20Exploits%20Slack%20for%20Data%20Theft%20%E2%80%94%20Cyble&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=2140
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=GT-WKTZW36
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Jan 2024 02:09:20 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://cyble.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
pxiEyp8kv8JHgFVrJJfecg.woff2
fonts.wp.com/s/poppins/v20/
8 KB
8 KB
Font
General
Full URL
https://fonts.wp.com/s/poppins/v20/pxiEyp8kv8JHgFVrJJfecg.woff2
Requested by
Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%2C500%7CRoboto%3A500%2C400&display=fallback&ver=4.6.3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts-api.wp.com/
Origin
https://cyble.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Thu, 18 Jan 2024 02:09:20 GMT
x-content-type-options
nosniff
last-modified
Wed, 27 Apr 2022 17:03:52 GMT
server
nginx
age
353875
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443"; ma=86400
content-length
7884
x-xss-protection
0
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.wp.com/s/roboto/v30/
15 KB
16 KB
Font
General
Full URL
https://fonts.wp.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%2C500%7CRoboto%3A500%2C400&display=fallback&ver=4.6.3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts-api.wp.com/
Origin
https://cyble.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Thu, 18 Jan 2024 02:09:20 GMT
x-content-type-options
nosniff
last-modified
Wed, 11 May 2022 19:24:48 GMT
server
nginx
age
288821
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443"; ma=86400
content-length
15744
x-xss-protection
0
astra.woff
cyble.com/wp-content/themes/astra/assets/fonts/
3 KB
4 KB
Font
General
Full URL
https://cyble.com/wp-content/themes/astra/assets/fonts/astra.woff
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ec7ef7aa5fd1e019f1c26193e95e46d481d4983673936a9dda086705ada6e3d5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Origin
https://cyble.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
strict-transport-security
max-age=31536000
x-ac
2.hhn _atomic_ams HIT
last-modified
Tue, 09 Jan 2024 18:11:06 GMT
server
nginx
etag
"659d8c3a-ce8"
access-control-allow-methods
GET, HEAD
content-type
application/font-woff
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
content-length
3304
expires
Wed, 24 Jan 2024 17:23:40 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.wp.com/s/roboto/v30/
16 KB
16 KB
Font
General
Full URL
https://fonts.wp.com/s/roboto/v30/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%2C500%7CRoboto%3A500%2C400&display=fallback&ver=4.6.3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts-api.wp.com/
Origin
https://cyble.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Thu, 18 Jan 2024 02:09:20 GMT
x-content-type-options
nosniff
last-modified
Wed, 11 May 2022 19:24:45 GMT
server
nginx
age
308394
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443"; ma=86400
content-length
15920
x-xss-protection
0
pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
fonts.wp.com/s/poppins/v20/
8 KB
8 KB
Font
General
Full URL
https://fonts.wp.com/s/poppins/v20/pxiByp8kv8JHgFVrLCz7Z1xlFQ.woff2
Requested by
Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%2C500%7CRoboto%3A500%2C400&display=fallback&ver=4.6.3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts-api.wp.com/
Origin
https://cyble.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Thu, 18 Jan 2024 02:09:20 GMT
x-content-type-options
nosniff
last-modified
Wed, 27 Apr 2022 16:11:40 GMT
server
nginx
age
336680
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443"; ma=86400
content-length
7816
x-xss-protection
0
js
www.googletagmanager.com/gtag/
194 KB
72 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-361856552&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
571c5e92dba542d755f7e907c63569078c814fc9d2d6d5e17f5a3d7bb870be6b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
73238
x-xss-protection
0
last-modified
Thu, 18 Jan 2024 01:49:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 18 Jan 2024 02:09:20 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/
43 KB
16 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:f::213:7edd Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
b5474d3ed408366dcebededf5c987f44b43b389137272c282c6c972852a14fc0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 16 Jan 2024 16:29:26 GMT
x-cdn
AKAM
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
cache-control
max-age=42993
accept-ranges
bytes
content-length
15732
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Thu, 18 Jan 2024 01:26:34 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
2566
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Thu, 18 Jan 2024 03:26:34 GMT
fbevents.js
connect.facebook.net/en_US/
212 KB
57 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
0c9cc88c27618b01e95063377382195b9062bdbef5eb1687e5881d3f318dbe63
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only
autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 18 Jan 2024 02:09:20 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
56915
x-xss-protection
0
reporting-endpoints
pragma
public
x-fb-debug
JJOagYe3VQF1JvbfSCTnZ/Xb/QbskTUVUAI8gY9NeFRAs3Q08RcWuDUr5gGyt51A5YbF8ze03+cM2Yc8sB8mJg==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
21289959.js
js.hs-scripts.com/
2 KB
1 KB
Script
General
Full URL
https://js.hs-scripts.com/21289959.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:bd59 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e6a122a64b302b858b48b9d573be02ffa7c20282a492a47ef18db8e2907e1078
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
EXPIRED
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
e6288a48-6869-48fb-8f80-0e56cd453381
x-envoy-upstream-service-time
4
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
e6288a48-6869-48fb-8f80-0e56cd453381
last-modified
Wed, 17 Jan 2024 23:51:23 GMT
server
cloudflare
x-trace
2B938B0E7B4D08714DA4C7F7C0DCE992D4210C9D7F000000000000000000
vary
origin, Accept-Encoding
access-control-max-age
3600
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://cyble.com
x-evy-trace-virtual-host
all
cache-control
public, max-age=90
access-control-allow-credentials
true
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-fcdc68c87-bnf9s
cf-ray
84734b969bfd3a8e-FRA
expires
Thu, 18 Jan 2024 02:10:50 GMT
hf2o0cm7gp
www.clarity.ms/tag/
650 B
1013 B
Script
General
Full URL
https://www.clarity.ms/tag/hf2o0cm7gp?ref=gtm2
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:bdf::63 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
8be7671dd442b72a00fefdcf3890f384553862136f5087bb880a37fe07ee7dfe

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

expires
-1
date
Thu, 18 Jan 2024 02:09:20 GMT
x-azure-ref
20240118T020920Z-3scbqnfcr92tv817n4uytaefn800000000tg0000000055s8
x-cache
CONFIG_NOCACHE
content-type
application/x-javascript
cache-control
no-cache, no-store
accept-ranges
bytes
content-length
650
request-context
appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0
ELNAF2EZDFHJRAP3ODLCUU
d.adroll.com/consent/check/
485 B
578 B
Script
General
Full URL
https://d.adroll.com/consent/check/ELNAF2EZDFHJRAP3ODLCUU?pv=6304998969.150688&arrfrr=https%3A%2F%2Fcyble.com%2Fblog%2Fcyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft%2F&_s=7edd623517225457172ca2e5ea8ff660&_b=2
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:d018:cc3:fe05:418d:1d:4292:e8cd Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.22.1 /
Resource Hash
58a530d7415729915240d4af7c8ff134ee4fd9feac9c0ef296e18e0b7fbae208

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
server
nginx/1.22.1
content-length
485
content-type
application/javascript
collect
region1.google-analytics.com/g/
0
54 B
Ping
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-361856552&gtm=45je41a0z8868834701&_p=1705543760146&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&tcfd=10001&cid=2126298577.1705543760&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1705543760&sct=1&seg=0&dl=https%3A%2F%2Fcyble.com%2Fblog%2Fcyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft%2F&dt=Cyber%20Espionage%20Attack%20on%20the%20Indian%20Air%20Force%3A%20Go-Based%20Infostealer%20Exploits%20Slack%20for%20Data%20Theft%20%E2%80%94%20Cyble&en=page_view&_fv=1&_ss=1&tfd=2258
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-361856552&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Jan 2024 02:09:20 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://cyble.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1705543760472&url=https%3A%2F%2Fcyble.com%2Fblog%2Fcyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1705543760472&url=https%3A%2F%2Fcyble.com%2Fblog%2Fcyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1705543760472&url=https%3A%2F%2Fcyble.com%2Fblog%2Fcyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slac...
0
264 B
Image
General
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1705543760472&url=https%3A%2F%2Fcyble.com%2Fblog%2Fcyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft%2F&cookiesTest=true&e_ipv6=AQKjWSmukHry2QAAAY0aVHt9fRZoTRVNiDFgaC9M8iIZ0lmXUt4bYdrlpb63vhBqMsAFDIa5N1l-
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: EF5CCA3B7A6B457FA19C433D70571E46 Ref B: FRAEDGE1809 Ref C: 2024-01-18T02:09:21Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-fabric
prod-ltx1
x-li-proto
http/2
content-length
0
x-li-uuid
AAYPLtoHBghx5mgtV4b5ow==

Redirect headers

date
Thu, 18 Jan 2024 02:09:20 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 96451F0956B64EA088DDDACFEE50DB66 Ref B: DUS30EDGE0418 Ref C: 2024-01-18T02:09:20Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-ltx1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=4053396&time=1705543760472&url=https%3A%2F%2Fcyble.com%2Fblog%2Fcyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft%2F&cookiesTest=true&e_ipv6=AQKjWSmukHry2QAAAY0aVHt9fRZoTRVNiDFgaC9M8iIZ0lmXUt4bYdrlpb63vhBqMsAFDIa5N1l-
x-li-proto
http/2
content-length
0
x-li-uuid
AAYPLtoCSflNdyrckaJ7Kw==
/
px.ads.linkedin.com/wa/
0
695 B
XHR
General
Full URL
https://px.ads.linkedin.com/wa/
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
*
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 18 Jan 2024 02:09:19 GMT
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: B82AD045B89643DCA579BA8BB5DAAAAA Ref B: DUS30EDGE0418 Ref C: 2024-01-18T02:09:20Z
linkedin-action
1
vary
Origin
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-lva1
access-control-allow-origin
https://cyble.com
x-li-proto
http/2
access-control-allow-credentials
true
x-li-uuid
AAYPLtn/d191jbOilPuIfQ==
1126903675356441
connect.facebook.net/signals/config/
132 KB
35 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/1126903675356441?v=2.9.140&r=stable&domain=cyble.com
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
c1100b17cf71d52be3466b5c1f975cdc36076c5f2c008f0e66229d432c3a1cd3
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

permissions-policy-report-only
autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 18 Jan 2024 02:09:20 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
pragma
public
x-fb-debug
xKLqkgYbR6VkFO4oqSszMfm+5u7DQbXcNH8HlqkFbX+MCORqAccQrzFVjPpGSvNYy9uEL4w6WBn1ruyPbqcv3w==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
banner.js
js.hs-banner.com/v2/21289959/
66 KB
21 KB
Script
General
Full URL
https://js.hs-banner.com/v2/21289959/banner.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::ac40:991b , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
338640e86aa6516cd58e770434a46b59daee39355996731f7db2054be0fbe229

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
x-amz-version-id
JmnT5RuEm2xOCuE8aEmoi_CKcfDlivSh
content-encoding
br
cf-cache-status
REVALIDATED
x-amz-request-id
BX1C21P0ZFBVM6P8
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
096e7ec3-405c-4f5a-a331-cfd494bbf9c3
x-envoy-upstream-service-time
37
x-amz-id-2
9s8x6dku5aszRvLQnGa3IKuPPBsNZbkKdzFoIY7FHZE5H1VPAwqckRlA+JHC3ugR0xuqbt0qebo=
x-evy-trace-listener
listener_https
x-request-id
096e7ec3-405c-4f5a-a331-cfd494bbf9c3
x-evy-trace-route-configuration
listener_https/all
last-modified
Thu, 11 Jan 2024 23:16:37 GMT
server
cloudflare
etag
W/"e5e8a3f0ca87670fb3e2d0f79ca5dca9"
access-control-max-age
604800
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
https://cyble.com
x-evy-trace-virtual-host
all
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300,public
access-control-allow-credentials
true
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-855d6bfb88-kff6g
vary
origin, Accept-Encoding
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray
84734b97be329104-FRA
expires
Thu, 18 Jan 2024 02:14:20 GMT
21289959.js
js.hs-analytics.net/analytics/1705543500000/
66 KB
21 KB
Script
General
Full URL
https://js.hs-analytics.net/analytics/1705543500000/21289959.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:4fba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4e5f422e1144d7a6e05cef8c8684a2a7f28efa9f67cea6d92b305a90abe8ebdc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
x-amz-version-id
null
content-encoding
br
cf-cache-status
MISS
x-amz-request-id
AN80H1QCYXQH7909
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
79b0efbb-ccad-48ea-8dba-982df12b58c1
x-envoy-upstream-service-time
18
x-amz-id-2
Ge4Zl97it8O3BWrA5eWEWDt4dX2X7X/wFqWjXlEqM5aIFy/X+oTyxrHZ2E9LsNEhvNloi4/Pz54=
x-evy-trace-listener
listener_https
x-request-id
79b0efbb-ccad-48ea-8dba-982df12b58c1
x-evy-trace-route-configuration
listener_https/all
last-modified
Wed, 03 Jan 2024 16:59:32 GMT
server
cloudflare
etag
W/"8f97538cd9d5a8676b39906504f20ec6"
vary
origin, Accept-Encoding
content-type
text/javascript
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-855d6bfb88-dk98m
cache-control
max-age=300,public
access-control-allow-credentials
false
cf-ray
84734b97b8cb3a49-FRA
expires
Thu, 18 Jan 2024 02:14:20 GMT
conversations-embed.js
js.usemessages.com/
84 KB
24 KB
Script
General
Full URL
https://js.usemessages.com/conversations-embed.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:faa8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
08f09e95e50ae9c0181382558ff935903a7b273b4a8e5006788e85ae1c72c7c6
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
x-amz-version-id
KYDl9V0le_8eNyhqu8y2yzPaUoKjKmsM
via
1.1 e8eec15d9551dd475d4c478f9fbb5f04.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
x-amz-cf-pop
IAD12-P3
age
407
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.15030/bundles/project.js&cfRay=847341a76e8939ee-FRA
x-cache
Hit from cloudfront
x-hubspot-correlation-id
5cbc89ea-c915-4032-9753-571ebd499665
cache-tag
staticjsapp-conversations-embed-web-prod,staticjsapp-prod
content-encoding
br
x-envoy-upstream-service-time
1
x-amz-replication-status
COMPLETED
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
5cbc89ea-c915-4032-9753-571ebd499665
last-modified
Wed, 20 Dec 2023 17:16:05 UTC
server
cloudflare
etag
W/"64e2daa01b1349fee44794df69e776a8"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
x-hs-cache-status
HIT
x-evy-trace-virtual-host
all
cache-control
max-age=600
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-bf946f66b-h748p
cf-ray
84734b97bb0737e9-FRA
x-amz-cf-id
f2QpOQoCyh4jOA0gClUg-PigE97SRmlufJgajepzAPxY_x4oebTMKQ==
x-hs-target-asset
conversations-embed/static-1.15030/bundles/project.js
web-interactives-embed.js
js.hubspot.com/
80 KB
24 KB
Script
General
Full URL
https://js.hubspot.com/web-interactives-embed.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f285f832bdee154f19636c329d9812c7b37695e6af794fb7449831f7e5aa30ab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Origin
https://cyble.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-encoding
br
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.811/bundles/project.js&cfRay=84734b97bd4b9bc4-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"b79a052e45d9ff379a2eebc5c01dff68"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
max-age=600
x-hs-target-asset
web-interactives-embed/static-2.811/bundles/project.js
date
Thu, 18 Jan 2024 02:09:20 GMT
x-amz-version-id
ixWR37UqrUEzxfs2YVxH6u5QHtBGCTp4
via
1.1 736ad67f05a9a5a8fd5ed8cba30196f4.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
8b04f051-aa94-41df-a642-06bce0576c31
x-cache
Hit from cloudfront
cache-tag
staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
2
x-evy-trace-route-configuration
listener_https/all
x-request-id
8b04f051-aa94-41df-a642-06bce0576c31
last-modified
Tue, 16 Jan 2024 13:48:15 UTC
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WrmcGz0PSp3E4hb8wgqNTLBWvoRdsYbeMkt7o2uzcVloeNrZ0G8S9ItzccgEMvXDNLTUbZddkVl8Yt9oI6%2Bgo%2FIOmljIx%2FVK%2Bwxh9yamXYio95xwxVFu3w6KYL5aHaphZRVn8tw%2BsUTFGdmP"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status
HIT
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-bf946f66b-j2dfp
cf-ray
84734b97bd4b9bc4-FRA
x-amz-cf-id
bcXj3zbso9xslEHkLVRFR0om3r4hcGa4R0prL8Vz0rEGmHv5fpMkXQ==
leadflows.js
js.hsleadflows.net/
551 KB
88 KB
Script
General
Full URL
https://js.hsleadflows.net/leadflows.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/21289959.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:7d0c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b49a5d05ca41478b31f51cc2539a75937c3f921540aa90116a8f609e094d1811
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Origin
https://cyble.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-encoding
br
age
78484
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1301/bundle/main/lead-flows-release.js&cfRay=846bcf756dcb1d9c-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"8a35e91df79ea2127dd121bdbbef865e"
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=86400, max-age=0
x-hs-target-asset
lead-flows-js/static-1.1301/bundle/main/lead-flows-release.js
date
Thu, 18 Jan 2024 02:09:20 GMT
x-amz-version-id
z6CxNR7tOyvY9WtgJDh3TL771JIvwERG
via
1.1 e21fbbed60133ff896ee44224814dc5c.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
187fe170-3bc2-4384-970b-963bce7c7892
x-cache
Hit from cloudfront
cache-tag
staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
9
x-evy-trace-route-configuration
listener_https/all
x-request-id
187fe170-3bc2-4384-970b-963bce7c7892
last-modified
Wed, 03 Jan 2024 10:02:41 UTC
server
cloudflare
access-control-max-age
3000
x-hs-cache-status
MISS
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-bf946f66b-p96vr
cf-ray
84734b97bde21db1-FRA
x-amz-cf-id
-YJ1i3tW3Wejxqeb09XT7fVkkmgTb2j-ye1fyHMpOiK5GhWrg652KA==
ticker.js
widget.rss.app/v1/ Frame D84D
197 KB
60 KB
Script
General
Full URL
https://widget.rss.app/v1/ticker.js
Requested by
Host: rss.app
URL: https://rss.app/embed/v1/ticker/P2fHZrBhF33hkw0R
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:dfa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7bcd5bd149dac8a9e6e4389d8fb72af693cceeb56b8c382d9a05167a57f45b99
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://rss.app/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 17 Jan 2024 20:45:09 GMT
server
cloudflare
etag
W/"312df-18d192bac08"
x-frame-options
SAMEORIGIN
access-control-allow-methods
GET, POST
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=BQVmXUuZ6o%2B2YVHAosfujfcwlkJ1V84fRaINSuwFGQw5NNcGhX7ZAlDmI0st17gTOBJZ%2FvmmD1cXXjSz%2Bhi3hRgsbteZPWuHTS7mhWeg3RBcEMIeuBsAl5SUV0orU31QNBaY4iWh0kPNtX04"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=172800
access-control-allow-credentials
true
vary
Accept-Encoding
cf-ray
84734b977a705d81-FRA
consent_tcfv2.js
s.adroll.com/j/
407 KB
83 KB
Script
General
Full URL
https://s.adroll.com/j/consent_tcfv2.js
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/ELNAF2EZDFHJRAP3ODLCUU/roundtrip.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2644:de00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
6b117d83a80faf1b382ea93574869ce88e5d7c64564c9c7e5e9bf848707a5206

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

X-Amz-Version-Id
crNc63Gv0u92JMWh0Shd6y2KbRGKZNX.
Content-Encoding
gzip
Via
1.1 1c3c1c03f4bbd4e68725363918cb3454.cloudfront.net (CloudFront)
Date
Thu, 18 Jan 2024 02:08:22 GMT
Age
81
X-Amz-Cf-Pop
FRA60-P6
X-Amz-Server-Side-Encryption
AES256
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Connection
keep-alive
Last-Modified
Fri, 17 Nov 2023 19:37:04 GMT
Server
AmazonS3
Etag
W/"e993329a4c7e4890d9ff6e0b28807da2"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=300, must-revalidate
Access-Control-Allow-Credentials
false
Access-Control-Max-Age
600
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
MPZ9SmGfqJZzREAum7UAPPx8zH8_XTM7fp8fAjT3k7uND3XZ_pI8PQ==
nextroll-32x32.png
s.adroll.com/i/favicon/
2 KB
2 KB
Image
General
Full URL
https://s.adroll.com/i/favicon/nextroll-32x32.png
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2644:de00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

X-Amz-Version-Id
eTpwxbAIDHDUN.4tfrROIgU_pzKN9Xh0
Date
Thu, 18 Jan 2024 00:02:49 GMT
Via
1.1 1c3c1c03f4bbd4e68725363918cb3454.cloudfront.net (CloudFront)
Age
7674
X-Amz-Cf-Pop
FRA60-P6
X-Amz-Server-Side-Encryption
AES256
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
1615
Last-Modified
Mon, 28 Jun 2021 18:19:21 GMT
Server
AmazonS3
Etag
"403a0a7dcf2d617e7ea852bfb9d11945"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Max-Age
600
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
V-eteBxFx7gWJIDuHraYXEBL6jhdQQAc2l25t0LiReb1BFE1kxAR-Q==
/
www.facebook.com/tr/
0
185 B
Image
General
Full URL
https://www.facebook.com/tr/?id=1126903675356441&ev=PageView&dl=https%3A%2F%2Fcyble.com%2Fblog%2Fcyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft%2F&rl=&if=false&ts=1705543760689&sw=1600&sh=1200&v=2.9.140&r=stable&a=tmSimo-GTM-WebTemplate&ec=0&o=4126&fbp=fb.1.1705543760689.1163142126&ler=empty&it=1705543760525&coo=false&tm=1&rqm=GET
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 18 Jan 2024 02:09:20 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
clarity.js
www.clarity.ms/s/0.7.20/
60 KB
25 KB
Script
General
Full URL
https://www.clarity.ms/s/0.7.20/clarity.js
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/tag/hf2o0cm7gp?ref=gtm2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:bdf::63 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
cbcfb303a1e7d1f9da8965565b535f4122f2de2f1f3ed9f61f3f9e2dad3dcf9d

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
content-encoding
br
last-modified
Wed, 17 Jan 2024 09:38:21 GMT
etag
W/"0x8DC17400B6A7365"
vary
Accept-Encoding
x-azure-ref
20240118T020920Z-3scbqnfcr92tv817n4uytaefn800000000tg0000000055sa
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
x-ms-request-id
5bafff2b-501e-004b-1c2a-49d288000000
cache-control
public, max-age=86400
x-cache
TCP_HIT
x-ms-version
2018-03-28
P2fHZrBhF33hkw0R
rss.app/api/widget/ticker/ Frame D84D
32 KB
7 KB
Fetch
General
Full URL
https://rss.app/api/widget/ticker/P2fHZrBhF33hkw0R
Requested by
Host: widget.rss.app
URL: https://widget.rss.app/v1/ticker.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681a:dfa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare / Express
Resource Hash
ef068886081bafdcfa106807748e246a92597422d4f17bd2db3f0b4274e43328

Request headers

Parent
https://cyble.com
Referer
https://rss.app/embed/v1/ticker/P2fHZrBhF33hkw0R
accept-language
de-DE,de;q=0.9
Authorization
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
content-encoding
br
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
x-powered-by
Express
etag
W/"7f9d-D3FafW2dnoWB7k0v3a4MsPvorFA"
vary
Origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=24K%2FcQ37Tdej%2BfcVFlLwUVnJOsLd4gfoubXyMPB4MYfw7aTNiqhQUCwGUhohsWAluwraqpXUhcHTliNSncbogTr8sRR4l%2FTPNszHhBk%2F6jTA8lioiMLtE0jt8rdZf9Px2dDIys4%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-credentials
true
cf-ray
84734b988ab85d81-FRA
alt-svc
h3=":443"; ma=86400
main.js
rss.app/cdn-cgi/challenge-platform/h/b/scripts/jsd/c8377512/ Frame 2049
Redirect Chain
  • https://rss.app/cdn-cgi/challenge-platform/scripts/jsd/main.js
  • https://rss.app/cdn-cgi/challenge-platform/h/b/scripts/jsd/c8377512/main.js
7 KB
4 KB
Script
General
Full URL
https://rss.app/cdn-cgi/challenge-platform/h/b/scripts/jsd/c8377512/main.js
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Server
2606:4700:20::681a:dfa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c29b5dfcc5c9e30070ed36b72aed962f925d9a36cdbe1da49b011cf93cd9440
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
content-encoding
br
x-content-type-options
nosniff
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ehgkxmIduYcfwte%2BKVdFasTNPuAG8%2FTAOMif0nPgu4FoGx90b9yP4PtpP2R2RehB5gkJsPTtf6%2FOXVRERIwMI3tFt8P7Wj3%2B%2BnmhwAR8iZIQz%2BrhlMAafyskyU22iw7WKo%2BHjy0%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=UTF-8
cache-control
max-age=14400, public
cf-ray
84734b98fb8f37ce-FRA
alt-svc
h3=":443"; ma=86400

Redirect headers

date
Thu, 18 Jan 2024 02:09:20 GMT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
vary
accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=CwV%2B0zNO5ZywtkSt3KvMwPFxfKPDhM5Gegx7utFqw3cZ574f%2BM3kf2IKA09ScVleY1x9VxVD1Frfuw6shTS5XiS5pSYBSY8yCrHegKvSoi4rkjE3aeT%2B1LA90Q%2Bowq%2FuJqzYYFQ%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
location
/cdn-cgi/challenge-platform/h/b/scripts/jsd/c8377512/main.js
cache-control
max-age=300, public
cf-ray
84734b989abd5d81-FRA
alt-svc
h3=":443"; ma=86400
84734b9569c75d81
rss.app/cdn-cgi/challenge-platform/h/b/jsd/r/ Frame 2049
0
581 B
XHR
General
Full URL
https://rss.app/cdn-cgi/challenge-platform/h/b/jsd/r/84734b9569c75d81
Requested by
Host: rss.app
URL: https://rss.app/cdn-cgi/challenge-platform/scripts/jsd/main.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700:20::681a:dfa , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
application/json

Response headers

date
Thu, 18 Jan 2024 02:09:20 GMT
content-encoding
br
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=iiRPXODxkshc6sAHd0myluMVIjFy5xRb8rpNIfBnEpeFPzConPcbfkiDsEwUXytcZN%2BkEkbOk3RF5kUWNIfZcZfzfWpPy57W1Nq6DRdNiRDQ6pWF2OO4xiWR07iOhF0OYbr9MFg%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/plain; charset=UTF-8
cf-ray
84734b99dbe137ce-FRA
alt-svc
h3=":443"; ma=86400
collect
q.clarity.ms/
0
289 B
XHR
General
Full URL
https://q.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.20/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.231.53.73 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://cyble.com
Date
Thu, 18 Jan 2024 02:09:21 GMT
Access-Control-Allow-Credentials
true
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/10996750928/
3 KB
2 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10996750928/?random=1705543760348&cv=11&fst=1705543760348&bg=ffffff&guid=ON&async=1&gtm=45Pe41a0v9106873920&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&tcfd=1000h&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Fcyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft%2F&hn=www.googleadservices.com&frm=0&tiba=Cyber%20Espionage%20Attack%20on%20the%20Indian%20Air%20Force%3A%20Go-Based%20Infostealer%20Exploits%20Slack%20for%20Data%20Theft%20%E2%80%94%20Cyble&did=dZTNiMT&gdid=dZTNiMT&auid=1740417904.1705543761&uamb=0&uaw=0&data=event%3Dgtag.config&rfmt=3&fmt=4
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=GT-WKTZW36
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
1be5011ee250f587d908dfe4ca639f7df13005f1c7ea99c914c81f93c5d17dd1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Jan 2024 02:09:21 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1380
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/
4 B
205 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1120113903&t=pageview&_s=1&dl=https%3A%2F%2Fcyble.com%2Fblog%2Fcyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft%2F&ul=en-us&de=UTF-8&dt=Cyber%20Espionage%20Attack%20on%20the%20Indian%20Air%20Force%3A%20Go-Based%20Infostealer%20Exploits%20Slack%20for%20Data%20Theft%20%E2%80%94%20Cyble&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=aADAAAABEAAAAC~&jid=1013408344&gjid=1056384128&cid=2126298577.1705543760&tid=UA-201575643-1&_gid=1554041934.1705543761&_r=1&_slc=1&gtm=45He41a0n81PMWT557v868834701&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&tcfd=1000h&z=1596236814
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Thu, 18 Jan 2024 02:09:20 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://cyble.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/
1 B
342 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-201575643-1&cid=2126298577.1705543760&jid=1013408344&gjid=1056384128&_gid=1554041934.1705543761&_u=aADAAAAAEAAAAC~&z=636699982
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c07::9b Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Thu, 18 Jan 2024 02:09:21 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://cyble.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/10996750928/
42 B
455 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/10996750928/?random=1705543760348&cv=11&fst=1705543200000&bg=ffffff&guid=ON&async=1&gtm=45Pe41a0v9106873920&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Fcyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft%2F&frm=0&tiba=Cyber%20Espionage%20Attack%20on%20the%20Indian%20Air%20Force%3A%20Go-Based%20Infostealer%20Exploits%20Slack%20for%20Data%20Theft%20%E2%80%94%20Cyble&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_IqvGdqvrJGms-eOg79HhIb84ovjtnA&random=4148247212&rmt_tld=0&ipr=y
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Jan 2024 02:09:21 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/10996750928/
42 B
455 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/10996750928/?random=1705543760348&cv=11&fst=1705543200000&bg=ffffff&guid=ON&async=1&gtm=45Pe41a0v9106873920&u_w=1600&u_h=1200&url=https%3A%2F%2Fcyble.com%2Fblog%2Fcyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft%2F&frm=0&tiba=Cyber%20Espionage%20Attack%20on%20the%20Indian%20Air%20Force%3A%20Go-Based%20Infostealer%20Exploits%20Slack%20for%20Data%20Theft%20%E2%80%94%20Cyble&data=event%3Dgtag.config&fmt=3&is_vtc=1&cid=CAQSGwAvHhf_IqvGdqvrJGms-eOg79HhIb84ovjtnA&random=4148247212&rmt_tld=1&ipr=y
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Jan 2024 02:09:21 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
api.min.js
a.omappapi.com/app/js/
51 KB
18 KB
Script
General
Full URL
https://a.omappapi.com/app/js/api.min.js
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1080 /
Resource Hash
08745f637dd9ab266f748acc77062ef5c213e40922e712de0b272582c3c6abbb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:21 GMT
content-encoding
br
cdn-edgestorageid
1080
perma-cache
HIT
cdn-storageserver
DE-51
cdn-cachedat
01/17/2024 22:21:37
cdn-pullzone
293267
last-modified
Tue, 16 Jan 2024 23:35:32 GMT
server
BunnyCDN-DE1-1080
cdn-fileserver
750
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"65a712c4-cb9e"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
cdn-requestid
d776bae689433d78bbc5bef6ff26e4c0
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
fonts.wp.com/s/poppins/v20/
8 KB
8 KB
Font
General
Full URL
https://fonts.wp.com/s/poppins/v20/pxiByp8kv8JHgFVrLGT9Z1xlFQ.woff2
Requested by
Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Poppins%3A400%2C700%2C500%7CRoboto%3A500%2C400&display=fallback&ver=4.6.3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts-api.wp.com/
Origin
https://cyble.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Thu, 18 Jan 2024 02:09:21 GMT
x-content-type-options
nosniff
last-modified
Wed, 27 Apr 2022 16:21:30 GMT
server
nginx
age
444210
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443"; ma=86400
content-length
7748
x-xss-protection
0
Figure-2-Decoy-PDF.png
cyble.com/wp-content/uploads/2024/01/
2 KB
0
Image
General
Full URL
https://cyble.com/wp-content/uploads/2024/01/Figure-2-Decoy-PDF.png
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:21 GMT
strict-transport-security
max-age=31536000
x-ac
2.hhn _atomic_ams HIT
last-modified
Wed, 17 Jan 2024 09:24:01 GMT
server
nginx
etag
"65a79cb1-1c124"
access-control-allow-methods
GET, HEAD
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
content-length
114980
expires
Wed, 24 Jan 2024 20:16:27 GMT
Cyble-Demo.png
cyble.com/wp-content/uploads/2023/06/
763 B
0
Image
General
Full URL
https://cyble.com/wp-content/uploads/2023/06/Cyble-Demo.png
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:21 GMT
strict-transport-security
max-age=31536000
x-ac
2.hhn _atomic_ams HIT
last-modified
Mon, 26 Jun 2023 08:04:44 GMT
server
nginx
etag
"6499469c-14f03"
access-control-allow-methods
GET, HEAD
content-type
image/png
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
content-length
85763
expires
Wed, 24 Jan 2024 17:23:40 GMT
json
forms.hsforms.com/embed/v3/form/21289959/f7da69d1-3801-430f-b109-5f44b65a9326/
38 KB
7 KB
XHR
General
Full URL
https://forms.hsforms.com/embed/v3/form/21289959/f7da69d1-3801-430f-b109-5f44b65a9326/json?hs_static_app=forms-embed&hs_static_app_version=1.4517&X-HubSpot-Static-App-Info=forms-embed-1.4517
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:b07d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e4b3ccb6e7fd061e3084ddc47637b3d5ded0a5b49e79fbedbb7a173799aec06f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

X-Origin-Hublet
na1
Date
Thu, 18 Jan 2024 02:09:21 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
CF-Cache-Status
DYNAMIC
Content-Encoding
br
x-evy-trace-route-service-name
envoyset-translator
X-HubSpot-Correlation-Id
caeb3607-0e1f-4119-abd0-99653eba7301
Transfer-Encoding
chunked
x-envoy-upstream-service-time
20
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
caeb3607-0e1f-4119-abd0-99653eba7301
Server
cloudflare
X-Trace
2B92BAF11638CEE4473047EAC7BD55127D8FAB97F6000000000000000000
Vary
origin
Access-Control-Allow-Methods
OPTIONS, GET
Content-Type
application/json;charset=utf-8
Access-Control-Allow-Origin
https://cyble.com
x-evy-trace-virtual-host
all
Access-Control-Expose-Headers
X-Origin-Hublet
Access-Control-Max-Age
180
Access-Control-Allow-Credentials
false
Cache-Control
max-age=0, no-cache, no-store
X-Robots-Tag
none
Access-Control-Allow-Headers
*
CF-RAY
84734b9c3d532c5d-FRA
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-547b899f8d-hzvvh
/
cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
15 B
326 B
Ping
General
Full URL
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
88aaa00ed63445a1d87d9d2c4473d0b8ed19a8365c8fdfa5b4ce13580229fcc7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundaryzXqovjau1x40Byj4

Response headers

cf-edge-cache
no-cache
x-hacker
Want root? Visit join.a8c.com and mention this header.
date
Thu, 18 Jan 2024 02:09:28 GMT
strict-transport-security
max-age=31536000
content-encoding
br
x-ac
2.hhn _atomic_ams BYPASS
server
nginx
vary
Accept-Encoding
x-nitro-beacon
FORWARD
content-type
text/html; charset=utf-8
cache-control
no-cache
host-header
WordPress.com
alt-svc
h3=":443"; ma=86400
fa-brands-400.woff2
cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/
75 KB
75 KB
Font
General
Full URL
https://cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2
Requested by
Host: cyble.com
URL: https://cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://cyble.com/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15.3
Origin
https://cyble.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:28 GMT
strict-transport-security
max-age=31536000
x-ac
2.hhn _atomic_ams HIT
last-modified
Wed, 20 Dec 2023 18:11:07 GMT
server
nginx
etag
"65832e3b-12bdc"
access-control-allow-methods
GET, HEAD
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
max-age=604800
accept-ranges
bytes
alt-svc
h3=":443"; ma=86400
content-length
76764
expires
Wed, 24 Jan 2024 17:23:40 GMT
api.min.css
a.omappapi.com/app/js/
10 KB
3 KB
Stylesheet
General
Full URL
https://a.omappapi.com/app/js/api.min.css
Requested by
Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1080 /
Resource Hash
7f941132a0b7f39cdc561896405b75e90922ab4eb06c55c6775befc2b2243a19

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:21 GMT
content-encoding
br
cdn-edgestorageid
1082
perma-cache
HIT
cdn-storageserver
DE-663
cdn-cachedat
01/17/2024 22:21:37
cdn-pullzone
293267
last-modified
Tue, 16 Jan 2024 23:36:56 GMT
server
BunnyCDN-DE1-1080
cdn-fileserver
382
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"65a71318-2644"
vary
Accept-Encoding, Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
cdn-requestid
f480adc00bd1dab271e90ff16df3e6f1
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
r0hediyvvmvme9sqc9m4
api.omappapi.com/v2/embed/239265/
4 KB
2 KB
XHR
General
Full URL
https://api.omappapi.com/v2/embed/239265/r0hediyvvmvme9sqc9m4
Requested by
Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.19 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-19.fra56.r.cloudfront.net
Software
Pagely Gateway/1.5.1 /
Resource Hash
283547740fcb77b2440b432515bfb0437fcbcb49dae73c5835d0087dcfd54a31

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:21 GMT
content-encoding
gzip
via
1.1 d4744f6f4cb683596fb4a26e59b2aba8.cloudfront.net (CloudFront)
x-cache-config
0 0
x-amz-cf-pop
FRA56-P5
x-cache-status
EXPIRED
x-cache
Miss from cloudfront
x-optinmonster-campaign
r0hediyvvmvme9sqc9m4
x-user-agent
standard--
last-modified
Mon, 21 Aug 2023 11:57:48 GMT
server
Pagely Gateway/1.5.1
etag
W/"b68a1a774bac47ced8f1623f6053bc08"
vary
Accept-Encoding, User-Agent
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
X-OptinMonster-Campaign, X-User-Agent
cache-control
public, max-age=30, stale-while-revalidate=1800
access-control-allow-headers
X-CSRF-Token
x-amz-cf-id
A53JJ3T3L5M3s-1oW6H4cWu7rtnohXYQQhhE9AoFUMXhFZ3WahDj_w==
expires
Thu, 18 Jan 2024 02:09:51 GMT
5.c3191d3c.min.js
a.omappapi.com/app/js/
16 KB
6 KB
Script
General
Full URL
https://a.omappapi.com/app/js/5.c3191d3c.min.js
Requested by
Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1080 /
Resource Hash
745b79544835c8ee16198c039bdde0b6ec42333c0f830df5770bd4dcd60a6ac6

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:21 GMT
content-encoding
br
cdn-edgestorageid
1081
perma-cache
HIT
cdn-storageserver
DE-383
cdn-cachedat
01/17/2024 22:21:38
cdn-pullzone
293267
last-modified
Wed, 25 Oct 2023 17:45:58 GMT
server
BunnyCDN-DE1-1080
cdn-fileserver
709
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"65395456-4146"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
cdn-requestid
7258d571907cefc84a94827fe9efde22
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
api.min.js
a.omappapi.com/app/js/
51 KB
18 KB
Script
General
Full URL
https://a.omappapi.com/app/js/api.min.js
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1080 /
Resource Hash
08745f637dd9ab266f748acc77062ef5c213e40922e712de0b272582c3c6abbb

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:21 GMT
content-encoding
br
cdn-edgestorageid
1080
perma-cache
HIT
cdn-storageserver
DE-51
cdn-cachedat
01/17/2024 22:21:37
cdn-pullzone
293267
last-modified
Tue, 16 Jan 2024 23:35:32 GMT
server
BunnyCDN-DE1-1080
cdn-fileserver
750
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"65a712c4-cb9e"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
cdn-requestid
06834e0f203cc5c68f79dd5e7ba21aa5
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
collect
q.clarity.ms/
0
289 B
XHR
General
Full URL
https://q.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.20/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.231.53.73 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://cyble.com
Date
Thu, 18 Jan 2024 02:09:22 GMT
Access-Control-Allow-Credentials
true
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8
g.gif
pixel.wp.com/
50 B
177 B
Image
General
Full URL
https://pixel.wp.com/g.gif?v=ext&blog=221651828&post=33086&tz=-5&srv=cyble.com&hp=atomic&ac=2&amp=0&j=1%3A13.0&host=cyble.com&ref=&fcp=2989&rand=0.3565223132579418
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 18 Jan 2024 02:09:22 GMT
cache-control
no-cache
server
nginx
alt-svc
h3=":443"; ma=86400
content-length
50
content-type
image/gif
wp-emoji-release.min.js
cyble.com/wp-includes/js/
18 KB
5 KB
Script
General
Full URL
https://cyble.com/wp-includes/js/wp-emoji-release.min.js?ver=6.4.2
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:28 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Thu, 02 Feb 2023 00:53:25 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"63db0985-4904"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=315360000
alt-svc
h3=":443"; ma=86400
expires
Thu, 31 Dec 2037 23:55:55 GMT
/
cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
4 KB
2 KB
XHR
General
Full URL
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/?relatedposts=1
Requested by
Host: cyble.com
URL: https://cyble.com/wp-content/plugins/jetpack/_inc/build/related-posts/related-posts.min.js?ver=20211209
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
553fbec66bfd9a96e150c860a3d0f7e257679051417d085c1561c455f9271ebc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
x-requested-with
XMLHttpRequest
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

cf-edge-cache
no-cache
x-hacker
Want root? Visit join.a8c.com and mention this header.
date
Thu, 18 Jan 2024 02:09:29 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
content-encoding
br
x-ac
2.hhn _atomic_ams MISS
x-nitro-disabled
1
host-header
WordPress.com
alt-svc
h3=":443"; ma=86400
x-xss-protection
1; mode=block
referrer-policy
no-referrer-when-downgrade
x-nitro-disabled-reason
ajax
server
nginx
vary
Accept-Encoding, Cookie
x-frame-options
SAMEORIGIN
content-type
application/json; charset=utf-8
cache-control
no-cache
x-nitro-cache
MISS
public
api.hubspot.com/livechat-public/v1/message/
3 KB
2 KB
XHR
General
Full URL
https://api.hubspot.com/livechat-public/v1/message/public?portalId=21289959&conversations-embed=static-1.15030&mobile=false&messagesUtk=86e27fb9bb5c4e9f9ebac94649615f07&traceId=86e27fb9bb5c4e9f9ebac94649615f07
Requested by
Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
464e378e989ece7ebb703d5870d1decaa1e2e24be4610458cfa65fb3b4c0a32f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
accept-language
de-DE,de;q=0.9
X-HubSpot-Messages-Uri
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
c1e3d99e-7242-41c2-a8d3-289182120663
x-envoy-upstream-service-time
94
content-length
1333
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
c1e3d99e-7242-41c2-a8d3-289182120663
server
cloudflare
x-trace
2B321C0EE027FAEF5D10D422375C29A1927F3D2EDD000000000000000000
vary
origin, Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://cyble.com
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-fcdc68c87-s88lp
cache-control
no-cache, no-store, no-transform, must-revalidate, max-age=0
access-control-allow-credentials
false
x-evy-trace-virtual-host
all
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0vgC%2FC4qibj3LxuUqqTLpnMUdsZV6nx6IQRZTyG7JGKytgFr2xu2liWYIdHwQr6aQkvsIVWG3dkP6vlQUVGcnvCnyWRwLVNWzOqWIYge%2FxU545vhQMwPhBoPA58CbZcLfrvCfK5%2FhkaSQ76NuQ%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
84734ba66bab9bc4-FRA
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
combinedConfigs
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/
369 B
1 KB
Fetch
General
Full URL
https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=21289959&currentUrl=https%3A%2F%2Fcyble.com%2Fblog%2Fcyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft%2F
Requested by
Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
14103b64df9857f9f7ad1f02efaafba97ce4772e8d8b448857de69c3537c338d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:22 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
d9ea0d7f-ce68-4009-8189-2ea6faf6a5cf
content-encoding
br
x-envoy-upstream-service-time
8
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
d9ea0d7f-ce68-4009-8189-2ea6faf6a5cf
server
cloudflare
vary
origin
access-control-allow-methods
OPTIONS, GET
content-type
application/json;charset=utf-8
access-control-allow-origin
https://cyble.com
x-evy-trace-virtual-host
all
access-control-max-age
180
access-control-allow-credentials
true
cache-control
max-age=0, no-cache, no-store
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=DVpPeh4KrDFovqDMkqFxNA6KoYFnBoSGzmBDhoEQa2k9lFukG62U4VfHuC1asX6tVGyPXN2C%2FB1%2FMlUvvzdp3Jdxpb3JXCt%2B1pKVF%2Bn%2FmsPQ6oe6jsyekPproT1g1eYmlqvRKLGG%2FRe7OLte4%2BZdX7blJT50YAvqg6w%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag
noindex, follow
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray
84734ba57b549bc4-FRA
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-547b899f8d-6xsvk
v2.js
js.hsforms.net/forms/ Frame FE2A
477 KB
151 KB
Script
General
Full URL
https://js.hsforms.net/forms/v2.js
Requested by
Host: js.hsforms.net
URL: https://js.hsforms.net/forms/v2.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:89ce , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
72427688bf5fd3d197ee8b6761345fa51cb0fe26c5fa669577a45b72d46be04f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

content-encoding
br
age
2
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=forms-embed/static-1.4517/bundles/project-v2.js&cfRay=84734b950a53924f-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"d157820700e303c59e15373c95d85332"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
s-maxage=600, max-age=300
x-hs-target-asset
forms-embed/static-1.4517/bundles/project-v2.js
date
Thu, 18 Jan 2024 02:09:22 GMT
x-amz-version-id
DsPINmPpEK1rj8qQVqMbyQWTeGZJROAK
via
1.1 7375f2360b80ec8c602f04aa2cc7a57c.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
845d93b1-51c5-4693-b1ca-ffae12d12286
x-cache
Hit from cloudfront
cache-tag
staticjsapp-forms-embed-v2-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
0
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
845d93b1-51c5-4693-b1ca-ffae12d12286
last-modified
Tue, 16 Jan 2024 11:21:30 UTC
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aOEt5XIA7VVMDEoU2kPbaVZQscWeDz4UA1SPS76BVoou09jVFBOzdiSXQWDitraJDz6DoglvJ1aucxh%2FY8ec4ZgC89uDM%2FVE9SIxzwjlBmPUbGjbh2E%2Fv5BMWVKYRVFhFnRP5JczOKQoTai%2B"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status
HIT
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-bf946f66b-b4w97
cf-ray
84734ba5af4e924f-FRA
x-amz-cf-id
7i-qCJr2t_ggPEYnhASyB6oXHdIPnKD5jcMDs_Le-67msFSsh0e7DA==
roundtrip.js
s.adroll.com/j/
78 KB
25 KB
Script
General
Full URL
https://s.adroll.com/j/roundtrip.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2644:de00:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b9495a3be04ee2efba3a2848a90fb8b9266b95df0e7bc44cc48c771f0587da65

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

X-Amz-Version-Id
GSFNLGMNzH7EFl0TL78LK6mY7UEwByMn
Content-Encoding
gzip
Via
1.1 1c3c1c03f4bbd4e68725363918cb3454.cloudfront.net (CloudFront)
Date
Thu, 18 Jan 2024 01:50:15 GMT
Age
1167
X-Amz-Cf-Pop
FRA60-P6
X-Amz-Server-Side-Encryption
AES256
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Connection
keep-alive
Last-Modified
Tue, 16 Jan 2024 19:43:14 GMT
Server
AmazonS3
Etag
W/"7ee68392a851df8f1a7e24264d297436"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Access-Control-Max-Age
600
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
D-zXjfqunsozx1rwRDYeKz-I_yEoacoNxEvx--SXc8xTFcc8Rz2Utw==
tags.js
tag.clearbitscripts.com/v1/pk_43e7489448ea26212d2c648f4818c8b5/
16 KB
5 KB
Script
General
Full URL
https://tag.clearbitscripts.com/v1/pk_43e7489448ea26212d2c648f4818c8b5/tags.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PMWT557
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2670:8c00:7:d7d6:3c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Clearbit /
Resource Hash
9e907e949bce3cec0efeaf4b707c2d5b1363467b174fced0e54fae1d501c36ed
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-envoy-response-flags
-
via
1.1 79d85d2de1f5aa38558ef6bab6274390.cloudfront.net (CloudFront)
server
Clearbit
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-amz-cf-pop
FRA56-P9
etag
W/"9bd0e6149c66576fdc7ae464697b7327"
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript;charset=utf-8
cache-control
private, max-age=600
x-amz-cf-id
DqDX-ESz-BAkMRrsCi4wSbFK6Z-TCxSWS1nVZ6eIaYeqqaoVHr3QdQ==
4.1dae6b4d.min.js
a.omappapi.com/app/js/
48 KB
14 KB
Script
General
Full URL
https://a.omappapi.com/app/js/4.1dae6b4d.min.js
Requested by
Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1080 /
Resource Hash
8d7293476de0d15a9417a6f896f642845e90a174c74455e095f5f9a69768b51c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:22 GMT
content-encoding
br
cdn-edgestorageid
1081
perma-cache
HIT
cdn-storageserver
DE-662
cdn-cachedat
01/17/2024 22:21:37
cdn-pullzone
293267
last-modified
Wed, 01 Nov 2023 17:12:10 GMT
server
BunnyCDN-DE1-1080
cdn-fileserver
599
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"654286ea-c029"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
cdn-requestid
bfddb6e8d6376203a2ec5e9a92e1b027
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
text-editor.2c35aafbe5bf0e127950.bundle.min.js
cyble.com/wp-content/plugins/elementor/assets/js/
1 KB
993 B
Script
General
Full URL
https://cyble.com/wp-content/plugins/elementor/assets/js/text-editor.2c35aafbe5bf0e127950.bundle.min.js
Requested by
Host: cyble.com
URL: https://cyble.com/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.18.3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.78.231 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
d191094291904cb0410cf3a475ea46eee6573c0922cc204759445e326d6d9233
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:28 GMT
strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Wed, 20 Dec 2023 18:11:07 GMT
server
nginx
x-ac
2.hhn _atomic_ams HIT
etag
W/"65832e3b-550"
vary
Accept-Encoding
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
max-age=604800
alt-svc
h3=":443"; ma=86400
expires
Wed, 24 Jan 2024 17:23:40 GMT
collect
q.clarity.ms/
0
289 B
XHR
General
Full URL
https://q.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.20/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.231.53.73 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://cyble.com
Date
Thu, 18 Jan 2024 02:09:23 GMT
Access-Control-Allow-Credentials
true
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8
public
api.hubspot.com/livechat-public/v1/message/ Frame
0
0
Preflight
General
Full URL
https://api.hubspot.com/livechat-public/v1/message/public?portalId=21289959&conversations-embed=static-1.15030&mobile=false&messagesUtk=86e27fb9bb5c4e9f9ebac94649615f07&traceId=86e27fb9bb5c4e9f9ebac94649615f07
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
x-hubspot-messages-uri
Access-Control-Request-Method
GET
Origin
https://cyble.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-credentials
false
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin
https://cyble.com
allow
HEAD,GET,OPTIONS
cf-cache-status
DYNAMIC
cf-ray
84734ba57b539bc4-FRA
content-length
18
content-type
text/plain; charset=utf-8
date
Thu, 18 Jan 2024 02:09:22 GMT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RA61gf5mczZMDWrx1JTn%2BZAq1cGrnVQ06Ur5imLGC2c8gZ1mnycPm7j1lLXdeYoJrY01zXu0Y8k7qaQ9DlcLvne7XIVW84Rr9BoTrGu2TZjgkqPT%2BXPJeWyuLbL%2FVcvM8c0UECCJOPrE%2BgMFnA%3D%3D"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
origin, Accept-Encoding
x-content-type-options
nosniff
x-envoy-upstream-service-time
3
x-evy-trace-listener
listener_https
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-route-service-name
envoyset-translator
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-fcdc68c87-lm7fb
x-evy-trace-virtual-host
all
x-hubspot-correlation-id
f329456a-f3ff-45f5-a1a4-7f055771663f
x-request-id
f329456a-f3ff-45f5-a1a4-7f055771663f
x-trace
2B2C43D2ED42124FA70CE6E6EFA8CEAF54D4D2CB4A000000000000000000
counters.gif
perf-na1.hsforms.com/embed/v3/
35 B
1 KB
Image
General
Full URL
https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:cff9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Thu, 18 Jan 2024 02:09:23 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
CF-Cache-Status
MISS
x-evy-trace-route-service-name
envoyset-translator
X-HubSpot-Correlation-Id
6a5e0db2-ca2a-45a8-86a8-642e0c834fac
x-envoy-upstream-service-time
2
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
Content-Length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
6a5e0db2-ca2a-45a8-86a8-642e0c834fac
Last-Modified
Thu, 18 Jan 2024 02:09:23 GMT
Server
cloudflare
X-Trace
2B8A97EB8A7062FCE1F6029A2D021601030626030D000000000000000000
Vary
origin, Accept-Encoding
Content-Type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-547b899f8d-jbr9r
Access-Control-Expose-Headers
X-Origin-Hublet
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
X-Robots-Tag
none
CF-RAY
84734ba779c72baf-FRA
17.24171f7e.min.js
a.omappapi.com/app/js/
975 B
1 KB
Script
General
Full URL
https://a.omappapi.com/app/js/17.24171f7e.min.js
Requested by
Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1080 /
Resource Hash
228739c5660b9818a95c3b2c13f6c65cf4364f871c0cde499446c985be07a682

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:23 GMT
content-encoding
br
cdn-edgestorageid
1080
perma-cache
HIT
cdn-storageserver
DE-588
cdn-cachedat
01/17/2024 22:21:39
cdn-pullzone
293267
last-modified
Tue, 12 Sep 2023 04:06:13 GMT
server
BunnyCDN-DE1-1080
cdn-fileserver
599
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"64ffe3b5-3cf"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
cdn-requestid
93508c23a9d086bbf0b8ae901c3d34dd
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
19.b93023b7.min.js
a.omappapi.com/app/js/
4 KB
3 KB
Script
General
Full URL
https://a.omappapi.com/app/js/19.b93023b7.min.js
Requested by
Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1080 /
Resource Hash
263c3a799ea39e2db3c3347bab23a9f98990d9d9633d2d8b833d8766c3dc2b36

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:23 GMT
content-encoding
br
cdn-edgestorageid
1080
perma-cache
HIT
cdn-storageserver
DE-168
cdn-cachedat
01/17/2024 22:21:37
cdn-pullzone
293267
last-modified
Mon, 18 Sep 2023 16:47:40 GMT
server
BunnyCDN-DE1-1080
cdn-fileserver
587
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"65087f2c-10b0"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
cdn-requestid
6e6d122f157a5bb30f27a53257438792
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
27.78393e5b.min.js
a.omappapi.com/app/js/
6 KB
3 KB
Script
General
Full URL
https://a.omappapi.com/app/js/27.78393e5b.min.js
Requested by
Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1080 /
Resource Hash
5405f21fd05a73a76a85b2021b366df4dcd00dd93ad956d671776622ea5e1ffc

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:23 GMT
content-encoding
br
cdn-edgestorageid
1081
perma-cache
HIT
cdn-storageserver
DE-587
cdn-cachedat
01/17/2024 22:21:37
cdn-pullzone
293267
last-modified
Mon, 18 Sep 2023 16:47:43 GMT
server
BunnyCDN-DE1-1080
cdn-fileserver
587
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"65087f2f-1973"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
cdn-requestid
82229c4401a068559e46bbc61715e1f0
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
32.b9065693.min.js
a.omappapi.com/app/js/
11 KB
5 KB
Script
General
Full URL
https://a.omappapi.com/app/js/32.b9065693.min.js
Requested by
Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1080 /
Resource Hash
978277c7385002bbd8eca4f51d7bdac7424ef8c6d267066e36b018b25bf88f7a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:23 GMT
content-encoding
br
cdn-edgestorageid
1080
perma-cache
HIT
cdn-storageserver
DE-164
cdn-cachedat
01/17/2024 22:21:37
cdn-pullzone
293267
last-modified
Mon, 18 Sep 2023 16:47:33 GMT
server
BunnyCDN-DE1-1080
cdn-fileserver
587
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"65087f25-2c41"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
cdn-requestid
652fd895cd3e7c397dfdee93cb25deeb
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
10.acdc9ced.min.js
a.omappapi.com/app/js/
33 KB
10 KB
Script
General
Full URL
https://a.omappapi.com/app/js/10.acdc9ced.min.js
Requested by
Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1080 /
Resource Hash
21111013521ce045115ade20ed1b0ac09b102688f010ecf84bb7f3f53574456c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:23 GMT
content-encoding
br
cdn-edgestorageid
1082
perma-cache
HIT
cdn-storageserver
DE-587
cdn-cachedat
01/17/2024 22:21:37
cdn-pullzone
293267
last-modified
Tue, 12 Dec 2023 19:57:31 GMT
server
BunnyCDN-DE1-1080
cdn-fileserver
383
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"6578bb2b-8515"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
cdn-requestid
8a07e35dd9d472efc6028e51d4e3313c
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
0.514c5def.min.js
a.omappapi.com/app/js/
7 KB
3 KB
Script
General
Full URL
https://a.omappapi.com/app/js/0.514c5def.min.js
Requested by
Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1080 /
Resource Hash
a0746aee5a2b0032d3d664b8383d97bb3e1f0dce11ececfa1258072a704b1a72

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:23 GMT
content-encoding
br
cdn-edgestorageid
1081
perma-cache
HIT
cdn-storageserver
DE-664
cdn-cachedat
01/17/2024 22:21:37
cdn-pullzone
293267
last-modified
Mon, 18 Sep 2023 16:47:37 GMT
server
BunnyCDN-DE1-1080
cdn-fileserver
383
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"65087f29-1d49"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
cdn-requestid
4b87e702036de69246325d75148d9f9f
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
9.c66ab701.min.js
a.omappapi.com/app/js/
2 KB
2 KB
Script
General
Full URL
https://a.omappapi.com/app/js/9.c66ab701.min.js
Requested by
Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1080 /
Resource Hash
8ad9a6bcdc20b0bb29576b861332e7b11719bd11af68024d7676724574070f05

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:23 GMT
content-encoding
br
cdn-edgestorageid
1080
perma-cache
HIT
cdn-storageserver
DE-51
cdn-cachedat
01/17/2024 22:21:37
cdn-pullzone
293267
last-modified
Mon, 18 Sep 2023 18:28:00 GMT
server
BunnyCDN-DE1-1080
cdn-fileserver
599
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"650896b0-879"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
cdn-requestid
44696920dba193f18b9382651a1fc8dc
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
11.38e902ad.min.js
a.omappapi.com/app/js/
3 KB
2 KB
Script
General
Full URL
https://a.omappapi.com/app/js/11.38e902ad.min.js
Requested by
Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1080 /
Resource Hash
c110d3e795d9bcb956d5c9ef500d23c7e480a259519d383d5c626293ee413815

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:23 GMT
content-encoding
br
cdn-edgestorageid
1081
perma-cache
HIT
cdn-storageserver
DE-164
cdn-cachedat
01/17/2024 22:21:37
cdn-pullzone
293267
last-modified
Mon, 18 Sep 2023 16:47:37 GMT
server
BunnyCDN-DE1-1080
cdn-fileserver
383
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"65087f29-a40"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
cdn-requestid
e4791dba6ae5884fc44de552c08fabe3
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
28.377be946.min.js
a.omappapi.com/app/js/
3 KB
2 KB
Script
General
Full URL
https://a.omappapi.com/app/js/28.377be946.min.js
Requested by
Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1080 /
Resource Hash
8f927cd54d7ef0ffd667f6537f9a9f3ef56fd8f86b32c8dfd534c29da2f2242a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:23 GMT
content-encoding
br
cdn-edgestorageid
1082
perma-cache
HIT
cdn-storageserver
DE-588
cdn-cachedat
01/17/2024 22:21:37
cdn-pullzone
293267
last-modified
Mon, 18 Sep 2023 16:47:51 GMT
server
BunnyCDN-DE1-1080
cdn-fileserver
383
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"65087f37-d7b"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
cdn-requestid
6eababb47732cc1c0c8803156901df37
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
26.1898e425.min.js
a.omappapi.com/app/js/
2 KB
1 KB
Script
General
Full URL
https://a.omappapi.com/app/js/26.1898e425.min.js
Requested by
Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1080 /
Resource Hash
c6fd60d4ecfcac36ecdcb7456ecf170d8eef75c883a1e34a4dd7855d23966cd2

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:23 GMT
content-encoding
br
cdn-edgestorageid
1081
perma-cache
HIT
cdn-storageserver
DE-680
cdn-cachedat
01/17/2024 22:21:37
cdn-pullzone
293267
last-modified
Mon, 18 Sep 2023 16:47:40 GMT
server
BunnyCDN-DE1-1080
cdn-fileserver
588
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"65087f2c-6b6"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
cdn-requestid
df7340af0893164f35fa79090499c27f
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
16.0e435a6f.min.js
a.omappapi.com/app/js/
1 KB
1 KB
Script
General
Full URL
https://a.omappapi.com/app/js/16.0e435a6f.min.js
Requested by
Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1080 /
Resource Hash
c4fbf61bcc8a017d5d9cd2d95105bf88005bc0a3b6c18be6bfee8fc94d0adf52

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:23 GMT
content-encoding
br
cdn-edgestorageid
1080
perma-cache
HIT
cdn-storageserver
DE-599
cdn-cachedat
01/17/2024 22:21:37
cdn-pullzone
293267
last-modified
Mon, 18 Sep 2023 16:47:35 GMT
server
BunnyCDN-DE1-1080
cdn-fileserver
383
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"65087f27-51f"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
cdn-requestid
7c184e86fcd95641b7ac5cd117fa2a3c
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
1.ea963399.min.js
a.omappapi.com/app/js/
11 KB
3 KB
Script
General
Full URL
https://a.omappapi.com/app/js/1.ea963399.min.js
Requested by
Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1080 /
Resource Hash
6507a044d207a767ec2971e891b149b58d6d32a6ee1b18068a6d6dd36bc5fa9a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:23 GMT
content-encoding
br
cdn-edgestorageid
1080
perma-cache
HIT
cdn-storageserver
DE-587
cdn-cachedat
01/17/2024 22:21:37
cdn-pullzone
293267
last-modified
Mon, 18 Sep 2023 16:47:50 GMT
server
BunnyCDN-DE1-1080
cdn-fileserver
587
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"65087f36-2abc"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
cdn-requestid
8a0e43e0dde20c1ad48883b2a8b109b6
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
21.5aa698b1.min.js
a.omappapi.com/app/js/
2 KB
2 KB
Script
General
Full URL
https://a.omappapi.com/app/js/21.5aa698b1.min.js
Requested by
Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1080 /
Resource Hash
5c756ba00bc22ff5690e08fc74aa2c70cde9b692a4acb7ca813a9dc7168c27d5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:23 GMT
content-encoding
br
cdn-edgestorageid
1082
perma-cache
HIT
cdn-storageserver
DE-661
cdn-cachedat
01/17/2024 22:21:37
cdn-pullzone
293267
last-modified
Mon, 18 Sep 2023 16:47:35 GMT
server
BunnyCDN-DE1-1080
cdn-fileserver
599
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"65087f27-81f"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
cdn-requestid
e65d66060c576b0af0a069019bd9620e
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
22.9757d45d.min.js
a.omappapi.com/app/js/
1 KB
1 KB
Script
General
Full URL
https://a.omappapi.com/app/js/22.9757d45d.min.js
Requested by
Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1080 /
Resource Hash
eef6905a10fc006637486692b9f493a373aabd7ec439fa81a99204ee389b2716

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:23 GMT
content-encoding
br
cdn-edgestorageid
1082
perma-cache
HIT
cdn-storageserver
DE-587
cdn-cachedat
01/17/2024 22:21:40
cdn-pullzone
293267
last-modified
Mon, 18 Sep 2023 16:48:13 GMT
server
BunnyCDN-DE1-1080
cdn-fileserver
587
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"65087f4d-5a1"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
cdn-requestid
73f815d361de2a1d78bfdfca09701516
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
18.ca86437f.min.js
a.omappapi.com/app/js/
2 KB
2 KB
Script
General
Full URL
https://a.omappapi.com/app/js/18.ca86437f.min.js
Requested by
Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1080 /
Resource Hash
220b328b851303eea8cf0c0bff31365783e87438e803e6d02bec6a5e0492f907

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:23 GMT
content-encoding
br
cdn-edgestorageid
1082
perma-cache
HIT
cdn-storageserver
DE-167
cdn-cachedat
01/17/2024 22:21:40
cdn-pullzone
293267
last-modified
Mon, 18 Sep 2023 16:47:50 GMT
server
BunnyCDN-DE1-1080
cdn-fileserver
588
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"65087f36-7a4"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
cdn-requestid
71511537cc94a8dfc2ffa59b6707685d
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
counters.gif
forms.hsforms.com/embed/v3/
35 B
625 B
Image
General
Full URL
https://forms.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-DEFINITION_SUCCESS&count=1
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6812:b07d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
ea4f8b2c-538f-47ac-b9f9-8b0b201255b4
x-envoy-upstream-service-time
2
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
ea4f8b2c-538f-47ac-b9f9-8b0b201255b4
server
cloudflare
x-trace
2BBB452DA8F7394F050B2126E6F74C7F6D4D02126A000000000000000000
vary
origin
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-547b899f8d-km9n2
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
x-robots-tag
none
cf-ray
84734ba79d2d35e1-FRA
counters.gif
forms-na1.hsforms.com/embed/v3/
35 B
1016 B
Image
General
Full URL
https://forms-na1.hsforms.com/embed/v3/counters.gif?key=forms-embed-v2-RENDER_SUCCESS&count=1
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:c07d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Date
Thu, 18 Jan 2024 02:09:23 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
CF-Cache-Status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
X-HubSpot-Correlation-Id
1043e1d5-350d-4a02-ab3d-fb844ef73b8f
x-envoy-upstream-service-time
1
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
Content-Length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
1043e1d5-350d-4a02-ab3d-fb844ef73b8f
Server
cloudflare
X-Trace
2B1EB963FD6F70F14B7C74E82255EB9AB275A5085F000000000000000000
Vary
origin
Content-Type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-547b899f8d-72j94
Access-Control-Expose-Headers
X-Origin-Hublet
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
false
X-Robots-Tag
none
CF-RAY
84734ba7fd1c65a8-FRA
css2
fonts.googleapis.com/
6 KB
2 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Open+Sans%3Aital%2Cwght%400%2C400&display=swap
Requested by
Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/4.1dae6b4d.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
98f6f0be59cf33c961bbde1efce215467edbe4a02e110c3c28f1cf1d8adce530
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Thu, 18 Jan 2024 02:09:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Thu, 18 Jan 2024 01:20:31 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Thu, 18 Jan 2024 02:09:23 GMT
86e27fb9bb5c4e9f9ebac94649615f07
app.hubspot.com/conversations-visitor/21289959/threads/utk/ Frame 0330
53 KB
20 KB
Document
General
Full URL
https://app.hubspot.com/conversations-visitor/21289959/threads/utk/86e27fb9bb5c4e9f9ebac94649615f07?uuid=c8e6ce8806134ee3aae806202db20e54&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=cyble.com&inApp53=false&messagesUtk=86e27fb9bb5c4e9f9ebac94649615f07&url=https%3A%2F%2Fcyble.com%2Fblog%2Fcyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
Requested by
Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e84303d826aeaf19df684387b7aafffca15ce11a914bb55c13fb08d904850a51
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options no-sniff

Request headers

Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
false
age
2269
cache-control
max-age=600
cache-tag
staticjsapp-conversations-visitor-ui-web-prod,staticjsapp-prod
cf-cache-status
DYNAMIC
cf-ray
84734ba82b5a1da4-FRA
content-encoding
br
content-security-policy-report-only
script-src 'self' www.hubspot.com *.hsappstatic.net *.hs-analytics.net *.hs-banner.com *.hsforms.net *.hsleadflows.net *.hs-scripts.com *.hubspotfeedback.com *.usemessages.com js.hubspot.com *.hsadspixel.net *.hscollectedforms.net js-agent.newrelic.com bam.nr-data.net bam-cell.nr-data.net *.google-analytics.com www.googletagmanager.com data: 'unsafe-inline' 'unsafe-eval' blob: connect.facebook.net www.gstatic.cn www.gstatic.com www.google.com www.recaptcha.net *.fullstory.com fullstory.com apis.google.com snap.licdn.com; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-visitor-ui/static-1.17482/html/index.html&cfRay=84734ba82b5a1da4&reqUrl=https%3A%2F%2Fapp.hubspot.com%2Fconversations-visitor%2F21289959%2Fthreads%2Futk%2F86e27fb9bb5c4e9f9ebac94649615f07%3Fuuid%3Dc8e6ce8806134ee3aae806202db20e54%26mobile%3Dfalse%26mobileSafari%3Dfalse%26hideWelcomeMessage%3Dfalse%26hstc%3D%26domain%3Dcyble.com%26inApp53%3Dfalse%26messagesUtk%3D86e27fb9bb5c4e9f9ebac94649615f07%26url%3Dhttps%253A%252F%252Fcyble.com%252Fblog%252Fcyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft%252F%26inline%3Dfalse%26isFullscreen%3Dfalse%26globalCookieOptOut%3D%26isFirstVisitorSession%3Dtrue%26isAttachmentDisabled%3Dtrue%26isInitialInputFocusDisabled%3Dfalse%26enableWidgetCookieBanner%3Dfalse%26isInCMS%3Dfalse&referrer=https%3A%2F%2Fcyble.com%2Fblog%2Fcyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft%2F&cfenv=prod&pdt=2024-01-18&csp=ro
content-type
text/html; charset=utf-8
date
Thu, 18 Jan 2024 02:09:23 GMT
etag
W/"42d71e3fc861480ce15360e948ef69a9"
last-modified
Wed, 20 Dec 2023 17:16:05 UTC
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
reporting-endpoints
default="https://send.hsbrowserreports.com/csp/reports?cfRay=84734ba82b5a1da4&resource=conversations-visitor-ui/static-1.17482/html/index.html"
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
origin, Accept-Encoding
via
1.1 b77313059f3d50280ced20238b151620.cloudfront.net (CloudFront)
x-amz-cf-id
-IbIcQ8dkJviKnWHhsOm_bEbjD-dw_-rAZoQUh4LcgHJI0JhwTiPZw==
x-amz-cf-pop
IAD12-P3
x-amz-replication-status
COMPLETED
x-amz-server-side-encryption
AES256
x-amz-version-id
nQaexJYQXOeUe4sT1jrbLst5Q2XR68Ui
x-cache
Hit from cloudfront
x-content-type-options
no-sniff
x-envoy-upstream-service-time
5
x-evy-trace-listener
listener_https
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-route-service-name
envoyset-translator
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-bf946f66b-nxfs9
x-evy-trace-virtual-host
all
x-hs-cache-status
MISS
x-hs-target-asset
conversations-visitor-ui/static-1.17482/html/index.html
x-hs-worker-debug-mode
false
x-hubspot-correlation-id
afba37fa-0773-4d5b-b068-15db3fc68c74
x-request-id
afba37fa-0773-4d5b-b068-15db3fc68c74
memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
fonts.wp.com/s/opensans/v40/
47 KB
47 KB
Font
General
Full URL
https://fonts.wp.com/s/opensans/v40/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Requested by
Host: fonts-api.wp.com
URL: https://fonts-api.wp.com/css?family=Open+Sans%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto+Slab%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic%7CRoboto%3A100%2C100italic%2C200%2C200italic%2C300%2C300italic%2C400%2C400italic%2C500%2C500italic%2C600%2C600italic%2C700%2C700italic%2C800%2C800italic%2C900%2C900italic&display=auto&ver=6.4.2
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
wordpress.com
Software
nginx /
Resource Hash
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts-api.wp.com/
Origin
https://cyble.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

x-nc
HIT hhn 1
date
Thu, 18 Jan 2024 02:09:23 GMT
x-content-type-options
nosniff
last-modified
Thu, 14 Dec 2023 02:08:40 GMT
server
nginx
age
189600
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
h3=":443"; ma=86400
content-length
48236
x-xss-protection
0
memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
fonts.gstatic.com/s/opensans/v40/
18 KB
19 KB
Font
General
Full URL
https://fonts.gstatic.com/s/opensans/v40/memSYaGs126MiZpBA-UvWbX2vVnXBbObj2OVZyOOSr4dVJWUgsjZ0B4gaVI.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Open+Sans%3Aital%2Cwght%400%2C400&display=swap
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://cyble.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 17 Jan 2024 02:24:24 GMT
x-content-type-options
nosniff
age
85499
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18668
x-xss-protection
0
last-modified
Thu, 14 Dec 2023 02:00:39 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 16 Jan 2025 02:24:24 GMT
destinations.min.js
x.clearbitjs.com/v2/pk_43e7489448ea26212d2c648f4818c8b5/
0
172 B
Script
General
Full URL
https://x.clearbitjs.com/v2/pk_43e7489448ea26212d2c648f4818c8b5/destinations.min.js
Requested by
Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_43e7489448ea26212d2c648f4818c8b5/tags.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.153.4.44 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-153-4-44.eu-central-1.compute.amazonaws.com
Software
Clearbit /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:22 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-envoy-response-flags
-
server
Clearbit
content-type
application/javascript;charset=utf-8
cache-control
private, max-age=600
content-length
0
tracking.min.js
x.clearbitjs.com/v2/pk_43e7489448ea26212d2c648f4818c8b5/
168 KB
45 KB
Script
General
Full URL
https://x.clearbitjs.com/v2/pk_43e7489448ea26212d2c648f4818c8b5/tracking.min.js
Requested by
Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_43e7489448ea26212d2c648f4818c8b5/tags.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.153.4.44 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-153-4-44.eu-central-1.compute.amazonaws.com
Software
Clearbit /
Resource Hash
e5f578c050d7a40cfb1cdbc4482159b5177deb5a5cf606cc28cd4a2b42a97734
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-envoy-response-flags
-
server
Clearbit
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
cache-control
private, max-age=600
bundle.production.js
static.hsappstatic.net/head-dlb/static-1.368/ Frame 0330
44 KB
17 KB
Script
General
Full URL
https://static.hsappstatic.net/head-dlb/static-1.368/bundle.production.js
Requested by
Host: app.hubspot.com
URL: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/86e27fb9bb5c4e9f9ebac94649615f07?uuid=c8e6ce8806134ee3aae806202db20e54&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=cyble.com&inApp53=false&messagesUtk=86e27fb9bb5c4e9f9ebac94649615f07&url=https%3A%2F%2Fcyble.com%2Fblog%2Fcyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e05d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
15da0333da024365f065c44b1861355fac0211292dd57a0bb5f482ebcd166f4b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://app.hubspot.com/
Origin
https://app.hubspot.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:23 GMT
x-amz-version-id
wWLMJ6qW0lXJfco2m026CzodYMop32jV
via
1.1 9015971351bc982a04ee209a022bb1f8.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA56-P2
age
1894428
x-amz-server-side-encryption
AES256
content-encoding
br
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
server-timing
cfr;desc=84734ba9bf21360f-FRA
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 11 Jul 2023 18:31:41 GMT
server
cloudflare
etag
W/"63ec2a77119dfb2ddcae56ab3a029230"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
https://app.hubspot.com
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ru2BjjxspL7DiNg3YbTa5TwiL7AnW%2FwLrD%2BF7tSomgo8t%2FbA%2Bm7J2fTBac8Xu8F3EPmAi1koDvGgRTRvWhyxKBoR%2BFaXVu0Uay7l07eTBLyNjuyJyvcSGDWx5Vu%2F8%2BBKWUjESEncJlePDCILDNBHBZc5kyY%3D"}],"group":"cf-nel","max_age":604800}
vary
Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-credentials
true
cache-control
public, max-age=31536000
timing-allow-origin
*
cf-ray
84734ba9bf21360f-FRA
x-amz-cf-id
zNB0OHdKbIM-2O58UBSMNuibyHmrCYIYM9nU0kBUz5JeEWKMgn-EBQ==
expires
Fri, 17 Jan 2025 02:09:23 GMT
visitor.css
static.hsappstatic.net/conversations-visitor-ui/static-1.17110/sass/ Frame 0330
19 KB
4 KB
Stylesheet
General
Full URL
https://static.hsappstatic.net/conversations-visitor-ui/static-1.17110/sass/visitor.css
Requested by
Host: app.hubspot.com
URL: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/86e27fb9bb5c4e9f9ebac94649615f07?uuid=c8e6ce8806134ee3aae806202db20e54&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=cyble.com&inApp53=false&messagesUtk=86e27fb9bb5c4e9f9ebac94649615f07&url=https%3A%2F%2Fcyble.com%2Fblog%2Fcyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e05d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
405767448d618a7a326a509bf3c8484414ddf0f9518dad53f90794e7796bdde8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.hubspot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:23 GMT
x-amz-version-id
8JK3Qs8SBE2zTXCiSEFRAiP414rxQpaa
via
1.1 1ed131e2ff13a9b8852067b4dfb6f2dc.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P6
age
949473
x-amz-server-side-encryption
AES256
content-encoding
br
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
server-timing
cfr;desc=84734ba9bd0c91de-FRA
alt-svc
h3=":443"; ma=86400
last-modified
Thu, 02 Nov 2023 14:28:10 GMT
server
cloudflare
etag
W/"686ebda4c47b0bdb5d9460221c8036d1"
vary
Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ixekTiyHaZadmLEIpfNSp7VyQ4U%2FfhZGcQjvB3N4IL1lfdSlDB7nPRA1xMGnGlYz5F6ZeRPqT9qFJrwe3JCImLkfne5p9VXebinIwYzAVfLHEi2Q16ob8y9kaD2E%2BU7ADq3Rk%2BTrdhkQeKEF70D8dPGY%2FMc%3D"}],"group":"cf-nel","max_age":604800}
content-type
text/css
cache-control
public, max-age=31536000
timing-allow-origin
*
cf-ray
84734ba9bd0c91de-FRA
x-amz-cf-id
F679H3GnB1sqBTCVmn3Zjqw2f94BnbBwOEgCtdF1WRXMz_zjaRaDEg==
expires
Fri, 17 Jan 2025 02:09:23 GMT
bundle.production.js
static.hsappstatic.net/hubspot-dlb/static-1.504/ Frame 0330
295 KB
94 KB
Script
General
Full URL
https://static.hsappstatic.net/hubspot-dlb/static-1.504/bundle.production.js
Requested by
Host: app.hubspot.com
URL: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/86e27fb9bb5c4e9f9ebac94649615f07?uuid=c8e6ce8806134ee3aae806202db20e54&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=cyble.com&inApp53=false&messagesUtk=86e27fb9bb5c4e9f9ebac94649615f07&url=https%3A%2F%2Fcyble.com%2Fblog%2Fcyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e05d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5b61f5538c3fee3652999b99f2585d0183cc471f66baf66e4ad27a5988b71fd7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://app.hubspot.com/
Origin
https://app.hubspot.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:23 GMT
x-amz-version-id
pLRM47oWyQvFPXnQqB0Xnrdsef_7CtJj
via
1.1 3f52d342c56014599dee37446f6c9f2e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA56-P2
age
1299208
x-amz-server-side-encryption
AES256
content-encoding
br
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
server-timing
cfr;desc=84734ba9bf20360f-FRA
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 05 Dec 2023 22:46:47 GMT
server
cloudflare
etag
W/"a8668c0a3c3eb63a5f8c9c602c061d7c"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
https://app.hubspot.com
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LNrdPIeri4%2FlISVMxC%2BVcdd6gsSOBTY9p1UT7A1iO0qqdTAExawECyFzt02fRXWkboVoYUf%2FNU9tbkMox4lWyJGQy%2FLJKqX0%2FPQa9EaBACKXncNgC637SRk8mEbtk6ZjIkkYR2mSRbz0yH9224kPVoNG7TE%3D"}],"group":"cf-nel","max_age":604800}
vary
Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-credentials
true
cache-control
public, max-age=31536000
timing-allow-origin
*
cf-ray
84734ba9bf20360f-FRA
x-amz-cf-id
LLAI9h0evvyo3CB0oAPCPtx6ritiSd3gFhQoqtChjWgXEGGug3Xs8A==
expires
Fri, 17 Jan 2025 02:09:23 GMT
visitor.js
static.hsappstatic.net/conversations-visitor-ui/static-1.17482/bundles/ Frame 0330
643 KB
190 KB
Script
General
Full URL
https://static.hsappstatic.net/conversations-visitor-ui/static-1.17482/bundles/visitor.js
Requested by
Host: app.hubspot.com
URL: https://app.hubspot.com/conversations-visitor/21289959/threads/utk/86e27fb9bb5c4e9f9ebac94649615f07?uuid=c8e6ce8806134ee3aae806202db20e54&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=cyble.com&inApp53=false&messagesUtk=86e27fb9bb5c4e9f9ebac94649615f07&url=https%3A%2F%2Fcyble.com%2Fblog%2Fcyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e05d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe23081bb10b4f88ebb5371f5ddeff574f12fe65f181b261a06fbd0f1f6fec6f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://app.hubspot.com/
Origin
https://app.hubspot.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:23 GMT
x-amz-version-id
E8dY39a7B9kplJwC1wmTljlvnk_7cexN
via
1.1 fc486e72455da7c1d3be4472dd5ba8b2.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA60-P6
age
31983
x-amz-server-side-encryption
AES256
content-encoding
br
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
server-timing
cfr;desc=84734ba9bf1f360f-FRA
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 20 Dec 2023 16:57:14 GMT
server
cloudflare
etag
W/"7d3caf7a6d963525695abb1e99e347e0"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
https://app.hubspot.com
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FE%2BTjdu841ANwZ8fdnzaN4cb1AvidoIHxZrBlodKl3ioUi0l2RMA1NxgrTBzsU9q8%2BKG9ylKi6lzY9sfSlLoFxYjHsIpocWFh5PcwUTP4FufbmVJrDlbJv99C03Y3DEgbcmGsCxpclAhIk7HanvT%2F1VWLlQ%3D"}],"group":"cf-nel","max_age":604800}
vary
Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-credentials
true
cache-control
public, max-age=31536000
timing-allow-origin
*
cf-ray
84734ba9bf1f360f-FRA
x-amz-cf-id
UW6F_18qotOou_J1X7XCckpWFVgDmeUSiN-CKjuBbLgZOCnxhztCzA==
expires
Fri, 17 Jan 2025 02:09:23 GMT
i18n-data-data-locales-en-us.js
static.hsappstatic.net/conversations-visitor-ui/static-1.17463/ Frame 0330
841 B
1 KB
Script
General
Full URL
https://static.hsappstatic.net/conversations-visitor-ui/static-1.17463/i18n-data-data-locales-en-us.js
Requested by
Host: static.hsappstatic.net
URL: https://static.hsappstatic.net/conversations-visitor-ui/static-1.17482/bundles/visitor.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:e05d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b750bbe95d0c93af7e1f68971809f76b6ad8da24ede33819de25f73499d22c5d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://app.hubspot.com/
Origin
https://app.hubspot.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:23 GMT
x-amz-version-id
2PedFzTpXHkp2bsRaGaTobXs2AtcZbb.
via
1.1 ca0e18fe48e6994b3446a58a1e05c1ce.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
AMS58-P5
age
196828
x-amz-server-side-encryption
AES256
content-encoding
br
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
server-timing
cfr;desc=84734baaaf91360f-FRA
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 18 Dec 2023 18:01:14 GMT
server
cloudflare
etag
W/"7784b0f7a03801645cf88a9f389d710c"
access-control-max-age
3000
access-control-allow-methods
GET
content-type
application/javascript
access-control-allow-origin
https://app.hubspot.com
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=mvFNq86CjStXhuPTsHxC7GWc%2BBt2UjSdWIG1YKcS2EyD2paUyS6sJqXDsu4b2FtYJXW7Yr%2FcsXQbEMBfRMgQUXOrx7ARXcga%2FlKekg77LrsWjuFU%2BrV%2Fc6hIIvJIiLFo%2F8cKBPPcHaLe9u3K1HjoTrk3seg%3D"}],"group":"cf-nel","max_age":604800}
vary
Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
access-control-allow-credentials
true
cache-control
public, max-age=31536000
timing-allow-origin
*
cf-ray
84734baaaf91360f-FRA
x-amz-cf-id
4pGYCzfObE_jEhFc5LicAlH2upohaul2Uq2V_7Lkow4K4EcAM_373A==
expires
Fri, 17 Jan 2025 02:09:23 GMT
6ad65309edc539a4600440865bf6676d-yesno.json
a.omappapi.com/app/campaign-views/b584497dcf5c/r0hediyvvmvme9sqc9m4/
36 KB
10 KB
XHR
General
Full URL
https://a.omappapi.com/app/campaign-views/b584497dcf5c/r0hediyvvmvme9sqc9m4/6ad65309edc539a4600440865bf6676d-yesno.json
Requested by
Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2400:52e0:1e00::1080:1 , Germany, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software
BunnyCDN-DE1-1080 /
Resource Hash
55054ee1484536892852a636c238f8364ce6a89e525f52605d67cb2bfe8f7f5a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:23 GMT
content-encoding
br
cdn-edgestorageid
1080
perma-cache
HIT
cdn-storageserver
DE-164
cdn-cachedat
01/17/2024 23:11:40
cdn-pullzone
293267
last-modified
Thu, 10 Aug 2023 07:43:29 GMT
server
BunnyCDN-DE1-1080
cdn-fileserver
599
cdn-requestpullcode
200
cdn-proxyver
1.04
etag
W/"64d49521-91a0"
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
cdn-requestid
883918fd7dd110fb4d3d66f89415642d
cdn-requestcountrycode
DE
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status
200
cdn-requestpullsuccess
True
hawk.png
labs.cyble.com/hs-fs/hubfs/ Frame 0330
4 KB
5 KB
Image
General
Full URL
https://labs.cyble.com/hs-fs/hubfs/hawk.png?width=108&height=108
Requested by
Host: cyble.com
URL: https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:671e , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
079ceaa0981ce7f89ad67f2b125a26b02d93a4b400b0d01c1095d9d03b24c738
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.hubspot.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:23 GMT
via
1.1 cc763905c39a59494c951c09271b0422.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-83412232556,P-21289959,FLS-ALL
alt-svc
h3=":443"; ma=86400
content-length
4194
cf-resized
internal=ok/m q=0 n=893+0 c=57+49 v=2023.9.8 l=4194
last-modified
Tue, 30 Aug 2022 08:53:18 GMT
cf-bgj
imgq:86,h2pri
server
cloudflare
etag
"cfLv25S9_RZ9mVF-YFCFUfZcZkUn9Bg2vL7Sxl6y2PDQ:ac94ce2bd2684e2d18ebb6c3988701dd"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=LqC47Oi0c%2B29%2B9BX0JZNoQ3fzXUyTQ5DKQSgzyzm3yuiXbzu26gVxhvE6W5TZuW05f6jFtdWKK5GvHXJZAC1ZsO%2FcR64Ctp%2B6LIan%2Fx8nbH4g7HxhjSyU6kIue2nVEjFeNc4x2c19fsQMR1L"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
84734babebebbbd9-FRA
rhumb
app.hubspot.com/api/cartographer/v1/ Frame 0330
0
1 KB
Ping
General
Full URL
https://app.hubspot.com/api/cartographer/v1/rhumb?hs_static_app=conversations-visitor-ui&hs_static_app_version=1.17482
Requested by
Host: static.hsappstatic.net
URL: https://static.hsappstatic.net/conversations-visitor-ui/static-1.17482/bundles/visitor.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://app.hubspot.com/conversations-visitor/21289959/threads/utk/86e27fb9bb5c4e9f9ebac94649615f07?uuid=c8e6ce8806134ee3aae806202db20e54&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=cyble.com&inApp53=false&messagesUtk=86e27fb9bb5c4e9f9ebac94649615f07&url=https%3A%2F%2Fcyble.com%2Fblog%2Fcyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 18 Jan 2024 02:09:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
9ee4c1d7-6a28-4ab4-9a71-a4b215f2caf1
x-envoy-upstream-service-time
6
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
9ee4c1d7-6a28-4ab4-9a71-a4b215f2caf1
server
cloudflare
vary
origin, Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KKjguUDS%2BdpCv5eeRXQdRHFlRYNfdSdZkSSflBLjraz2eJeSCvHgs8NwWvdYh8Yp%2BOIm1iQBg%2FOZSQdtQpgkMgS%2F7JdQoOmvJFUQC1yW17T8r54CMUG7XOG2jYjOpDEBolDiaK88D0F6T9tCsQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
https://app.hubspot.com
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-fcdc68c87-hn6ws
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing, X-Hubspot-Correct-Hublet, X-HubSpot-Auth-Failure
access-control-max-age
604800
access-control-allow-credentials
true
x-evy-trace-virtual-host
all
cf-ray
84734bab6d511da4-FRA
access-control-allow-headers
Authorization, Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Dpl-Correlation-Group-Id, X-HubSpot-Dpl-Parent-Log-Id
timing-allow-origin
*
welcomeMessages
app.hubspot.com/api/livechat-public/v1/bots/public/bot/2122156/ Frame 0330
961 B
1 KB
XHR
General
Full URL
https://app.hubspot.com/api/livechat-public/v1/bots/public/bot/2122156/welcomeMessages?hs_static_app=conversations-visitor-ui&hs_static_app_version=1.17482&conversations-visitor-ui=static-1.17482&traceId=86e27fb9bb5c4e9f9ebac94649615f07&sessionId=AMOaWbJjCNT2WJMdz8l-Li1xS0r5oKcd2wNnf3wFN8O7tKVDkac4ZewO2mjWzKRMQEl9aBpxULR_LrtbqpBvdha0vNiVcVW5UZxzIW-ztmWWh8kv5gGVchg8yMwgoecritYm7iLu-uHBN_-JvRztFzz3ob56DK0Ko59BoK1BJSOgvDUMQerC3KQ
Requested by
Host: static.hsappstatic.net
URL: https://static.hsappstatic.net/head-dlb/static-1.368/bundle.production.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
23febb6123e35e58332596a52726968d7729c60305442ab76c67a35c72d0c915
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://app.hubspot.com/conversations-visitor/21289959/threads/utk/86e27fb9bb5c4e9f9ebac94649615f07?uuid=c8e6ce8806134ee3aae806202db20e54&mobile=false&mobileSafari=false&hideWelcomeMessage=false&hstc=&domain=cyble.com&inApp53=false&messagesUtk=86e27fb9bb5c4e9f9ebac94649615f07&url=https%3A%2F%2Fcyble.com%2Fblog%2Fcyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft%2F&inline=false&isFullscreen=false&globalCookieOptOut=&isFirstVisitorSession=true&isAttachmentDisabled=true&isInitialInputFocusDisabled=false&enableWidgetCookieBanner=false&isInCMS=false
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:23 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
023d9f85-bb43-43f5-a988-7a31a715c3f7
content-encoding
br
x-envoy-upstream-service-time
24
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
023d9f85-bb43-43f5-a988-7a31a715c3f7
server
cloudflare
x-trace
2B899BE0922F8B3A40F305317315A41827F39036E4000000000000000000
vary
origin, Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-fcdc68c87-k74t7
x-evy-trace-virtual-host
all
access-control-allow-credentials
false
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NdQgMtdGQD%2FBLhjqEJKGi282FDTP3R9GgrvSqzCYo93o2k20Ffmjd2kxoYJktdApMBk5Ez6qqqW16xIxvrGd9aRXssgYohwxeWcwUTu88BwuO1awecFpgItS1rmGu875gn6mrlQxht%2FKzTcinA%3D%3D"}],"group":"cf-nel","max_age":604800}
cf-ray
84734bab7d551da4-FRA
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
api.js
www.google.com/recaptcha/
1 KB
1 KB
Script
General
Full URL
https://www.google.com/recaptcha/api.js?render=6Ld852MnAAAAAFzgX2FpHqe1Ic4SAQOJBd3NkMga
Requested by
Host: a.omappapi.com
URL: https://a.omappapi.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
b414e97b0fa99b088ccd70810f56fac5c1a39873ef868631127eea2ca23daac6
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Thu, 18 Jan 2024 02:09:23 GMT
truncated
/
3 KB
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e5f47aaf7eabcee1ce2772f4fd77c75c252c80f9c48e4424e2f08b022aa0fa84

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Content-Type
image/png
p
app.clearbit.com/v1/
16 B
1 KB
XHR
General
Full URL
https://app.clearbit.com/v1/p
Requested by
Host: x.clearbitjs.com
URL: https://x.clearbitjs.com/v2/pk_43e7489448ea26212d2c648f4818c8b5/tracking.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.127.196.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-196-46.eu-central-1.compute.amazonaws.com
Software
Clearbit /
Resource Hash
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
text/plain

Response headers

date
Thu, 18 Jan 2024 02:09:23 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-envoy-response-flags
-
server
Clearbit
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding, Origin
access-control-max-age
7200
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
https://cyble.com
access-control-expose-headers
content-security-policy-report-only
default-src 'self'; script-src 'unsafe-inline' 'report-sample' 'self' https://browser.sentry-cdn.com https://cdn.amplitude.com/libs/amplitude-5.2.2-min.gz.js https://cdn.clearbit.com https://cdn.segment.com/analytics.js/v1/auzWlbWIBrAsKnGQIiT0X3IjfZyepgW5/analytics.min.js https://checkout.stripe.com https://connect.facebook.net https://edge.fullstory.com/s/fs.js https://fast.appcues.com https://www.google-analytics.com/analytics.js https://x.clearbitjs.com https://cdn.clearbit.com https://*.commandbar.com; style-src 'unsafe-inline' 'report-sample' 'self' https://cdn.clearbit.com https://*.commandbar.com https://fast.appcues.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.amplitude.com https://*.commandbar.com https://api.segment.io https://checkout.stripe.com https://rs.fullstory.com https://www.google-analytics.com wss://api.appcues.net https://stats.g.doubleclick.net https://sentry.io https://logo.clearbit.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://*.commandbar.com https://checkout.stripe.com; img-src 'self' https://*.commandbar.com https://*.stripe.com data: https://cdn.clearbit.com https://images.ctfassets.net https://logo.clearbit.com https://www.facebook.com https://connect.facebook.net https://www.google.com https://unpkg.com/react-flag-kit https://cloudfront.net/v1/avatars https://*.googleusercontent.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
access-control-allow-credentials
true
content-type
application/json
recaptcha__de.js
www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/
506 KB
204 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?render=6Ld852MnAAAAAFzgX2FpHqe1Ic4SAQOJBd3NkMga
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
91088a015cd36dabb6639d0b6d08fadc57be7f1b85011f5f882d4e7a8611df31
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Origin
https://cyble.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 17 Jan 2024 14:01:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
43677
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
207845
x-xss-protection
0
last-modified
Mon, 08 Jan 2024 05:00:33 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 16 Jan 2025 14:01:26 GMT
anchor
www.google.com/recaptcha/api2/ Frame 6702
43 KB
27 KB
Document
General
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ld852MnAAAAAFzgX2FpHqe1Ic4SAQOJBd3NkMga&co=aHR0cHM6Ly9jeWJsZS5jb206NDQz&hl=de&v=Ya-Cd6PbRI5ktAHEhm9JuKEu&size=invisible&cb=cux9dwwrsolp
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/recaptcha__de.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
de74d93b0b8bc1920aa1242682f26d84d443cdbe44297b8bd6177c92d1b47aeb
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-VuqvBhCPtkqDu_X1FowDLg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-VuqvBhCPtkqDu_X1FowDLg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Thu, 18 Jan 2024 02:09:24 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
styles__ltr.css
www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/ Frame 6702
55 KB
24 KB
Stylesheet
General
Full URL
https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ld852MnAAAAAFzgX2FpHqe1Ic4SAQOJBd3NkMga&co=aHR0cHM6Ly9jeWJsZS5jb206NDQz&hl=de&v=Ya-Cd6PbRI5ktAHEhm9JuKEu&size=invisible&cb=cux9dwwrsolp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 00:09:22 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
7202
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
24606
x-xss-protection
0
last-modified
Mon, 08 Jan 2024 05:00:33 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Fri, 17 Jan 2025 00:09:22 GMT
recaptcha__de.js
www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/ Frame 6702
506 KB
203 KB
Script
General
Full URL
https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ld852MnAAAAAFzgX2FpHqe1Ic4SAQOJBd3NkMga&co=aHR0cHM6Ly9jeWJsZS5jb206NDQz&hl=de&v=Ya-Cd6PbRI5ktAHEhm9JuKEu&size=invisible&cb=cux9dwwrsolp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
91088a015cd36dabb6639d0b6d08fadc57be7f1b85011f5f882d4e7a8611df31
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Wed, 17 Jan 2024 14:01:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
43678
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
207845
x-xss-protection
0
last-modified
Mon, 08 Jan 2024 05:00:33 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Thu, 16 Jan 2025 14:01:26 GMT
Rbyc7s488VWd4IGfuE4gsnBiFwpTphWh5ZwgXcZl-nM.js
www.google.com/js/bg/ Frame 6702
17 KB
7 KB
Script
General
Full URL
https://www.google.com/js/bg/Rbyc7s488VWd4IGfuE4gsnBiFwpTphWh5ZwgXcZl-nM.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/recaptcha__de.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
45bc9ceece3cf1559de0819fb84e20b27062170a53a615a1e59c205dc665fa73
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ld852MnAAAAAFzgX2FpHqe1Ic4SAQOJBd3NkMga&co=aHR0cHM6Ly9jeWJsZS5jb206NDQz&hl=de&v=Ya-Cd6PbRI5ktAHEhm9JuKEu&size=invisible&cb=cux9dwwrsolp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 16 Jan 2024 15:00:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
126551
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/botguard-scs
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6871
x-xss-protection
0
last-modified
Wed, 03 Jan 2024 11:00:00 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="botguard-scs"
vary
Accept-Encoding
report-to
{"group":"botguard-scs","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/botguard-scs"}]}
content-type
text/javascript
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Wed, 15 Jan 2025 15:00:13 GMT
logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 6702
2 KB
2 KB
Image
General
Full URL
https://www.gstatic.com/recaptcha/api2/logo_48.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/styles__ltr.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.gstatic.com/recaptcha/releases/Ya-Cd6PbRI5ktAHEhm9JuKEu/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 16 Jan 2024 21:45:59 GMT
x-content-type-options
nosniff
age
102205
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2228
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
expires
Tue, 23 Jan 2024 21:45:59 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6702
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ld852MnAAAAAFzgX2FpHqe1Ic4SAQOJBd3NkMga&co=aHR0cHM6Ly9jeWJsZS5jb206NDQz&hl=de&v=Ya-Cd6PbRI5ktAHEhm9JuKEu&size=invisible&cb=cux9dwwrsolp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
Origin
https://www.google.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Mon, 15 Jan 2024 05:31:50 GMT
x-content-type-options
nosniff
age
247054
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 14 Jan 2025 05:31:50 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 6702
15 KB
15 KB
Font
General
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ld852MnAAAAAFzgX2FpHqe1Ic4SAQOJBd3NkMga&co=aHR0cHM6Ly9jeWJsZS5jb206NDQz&hl=de&v=Ya-Cd6PbRI5ktAHEhm9JuKEu&size=invisible&cb=cux9dwwrsolp
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
Origin
https://www.google.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Tue, 16 Jan 2024 09:09:14 GMT
x-content-type-options
nosniff
age
147610
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15552
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:02 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Wed, 15 Jan 2025 09:09:14 GMT
webworker.js
www.google.com/recaptcha/api2/ Frame 6702
102 B
135 B
Other
General
Full URL
https://www.google.com/recaptcha/api2/webworker.js?hl=de&v=Ya-Cd6PbRI5ktAHEhm9JuKEu
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ld852MnAAAAAFzgX2FpHqe1Ic4SAQOJBd3NkMga&co=aHR0cHM6Ly9jeWJsZS5jb206NDQz&hl=de&v=Ya-Cd6PbRI5ktAHEhm9JuKEu&size=invisible&cb=cux9dwwrsolp
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80b::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
f187dc8de7fe50f1f8825c3500b64080cc78ac39df7efd31a4b1bc562be9ca3d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Ld852MnAAAAAFzgX2FpHqe1Ic4SAQOJBd3NkMga&co=aHR0cHM6Ly9jeWJsZS5jb206NDQz&hl=de&v=Ya-Cd6PbRI5ktAHEhm9JuKEu&size=invisible&cb=cux9dwwrsolp
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:24 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
cross-origin-embedder-policy
require-corp
x-frame-options
SAMEORIGIN
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Thu, 18 Jan 2024 02:09:24 GMT
collect
q.clarity.ms/
0
289 B
XHR
General
Full URL
https://q.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.20/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.231.53.73 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://cyble.com
Date
Thu, 18 Jan 2024 02:09:26 GMT
Access-Control-Allow-Credentials
true
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8
c.gif
c.clarity.ms/
Redirect Chain
  • https://c.clarity.ms/c.gif
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=8DFB66B388AA4521BA13951482E906B7&RedC=c.clarity.ms&MXFR=25DA98876D80632D15D18C8D69806D2B
  • https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=8DFB66B388AA4521BA13951482E906B7&MUID=1C73BAA0B44F6B503E68AEAAB54F6A54
42 B
442 B
Image
General
Full URL
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=8DFB66B388AA4521BA13951482E906B7&MUID=1C73BAA0B44F6B503E68AEAAB54F6A54
Protocol
H2
Server
68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 18 Jan 2024 02:09:27 GMT
last-modified
Wed, 10 Jan 2024 21:11:32 GMT
server
Microsoft-IIS/10.0
etag
"d765ee95944da1:0"
x-powered-by
ASP.NET
content-type
image/gif
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-length
42

Redirect headers

pragma
no-cache
date
Thu, 18 Jan 2024 02:09:27 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: E6729801B0DF4005BA6BA4BD283D5A79 Ref B: FRAEDGE1811 Ref C: 2024-01-18T02:09:28Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=8DFB66B388AA4521BA13951482E906B7&MUID=1C73BAA0B44F6B503E68AEAAB54F6A54
cache-control
private, no-cache, proxy-revalidate, no-store
content-length
0
__ptq.gif
track.hubspot.com/
45 B
506 B
Image
General
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3725600676&v=1.1&a=21289959&ct=blog-post&rcu=https%3A%2F%2Fcyble.com%2Fblog%2Fcyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft%2F&pu=https%3A%2F%2Fcyble.com%2Fblog%2Fcyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft%2F&t=Cyber+Espionage+Attack+on+the+Indian+Air+Force%3A+Go-Based+Infostealer+Exploits+Slack+for+Data+Theft+%E2%80%94+Cyble&cts=1705543768053&vi=3e9bfa9121724caa6d6f6253642e3cb1&nc=true&u=27441379.3e9bfa9121724caa6d6f6253642e3cb1.1705543768048.1705543768048.1705543768048.1&b=27441379.1.1705543768048&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
d4237e16-58b2-4c82-b025-5fdad9aa758c
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
6
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
d4237e16-58b2-4c82-b025-5fdad9aa758c
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=k0mz%2BJ2FXMr0%2FiZArM3Zj7UpSONWty3FUsDKnRFpX6GRsI0TMok2j6NFPQdx3EI%2B6pOYVkaAutgYOGg4cPGvDF3CIIq3r2HMcDYN%2FLie6QnVuEzIBYJJ6qCj6bPqy4NHkIDASmrjJh4Xfsy5JFri"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-865d96945d-4w8pv
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
84734bc679911da4-FRA
x-robots-tag
none
__ptq.gif
track.hubspot.com/
45 B
549 B
Image
General
Full URL
https://track.hubspot.com/__ptq.gif?k=15&fi=f7da69d1-3801-430f-b109-5f44b65a9326&fci=65b4e895-d726-4836-af46-a127a1aedd04&ft=0&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=3725600676&v=1.1&a=21289959&ct=blog-post&rcu=https%3A%2F%2Fcyble.com%2Fblog%2Fcyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft%2F&pu=https%3A%2F%2Fcyble.com%2Fblog%2Fcyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft%2F&t=Cyber+Espionage+Attack+on+the+Indian+Air+Force%3A+Go-Based+Infostealer+Exploits+Slack+for+Data+Theft+%E2%80%94+Cyble&cts=1705543768059&vi=3e9bfa9121724caa6d6f6253642e3cb1&nc=true&u=27441379.3e9bfa9121724caa6d6f6253642e3cb1.1705543768048.1705543768048.1705543768048.1&b=27441379.1.1705543768048&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
ea6e5982-6344-4d04-85b7-5c509b4ca3b9
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
5
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
ea6e5982-6344-4d04-85b7-5c509b4ca3b9
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KXIDHQtRCAsOsR11AbW3rCh9Iwf3Kf8KzarE55q7hQOx%2BnWFaoNaH%2Bs4jHHQjqzYf0HsIodBKVgfYzsv1Feo77u2827%2BObdMWxSAa6p6W3Owh77V3635TjgBJ2RkracAOBprG%2FKLif8A0805tdUB"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-865d96945d-cg6mt
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
84734bc6798e1da4-FRA
x-robots-tag
none
json
forms.hubspot.com/lead-flows-config/v1/config/
178 B
1 KB
XHR
General
Full URL
https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=21289959&utk=3e9bfa9121724caa6d6f6253642e3cb1&__hstc=27441379.3e9bfa9121724caa6d6f6253642e3cb1.1705543768048.1705543768048.1705543768048.1&__hssc=27441379.1.1705543768048&currentUrl=https%3A%2F%2Fcyble.com%2Fblog%2Fcyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft%2F
Requested by
Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9b53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5ad9190fbc16d61ebc6ad1340f1b050be0447bec8bf38e0d3f1fd847d0ca9d0a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

date
Thu, 18 Jan 2024 02:09:28 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
e13b18cd-e9de-40f6-a02b-78ca69cdba82
content-encoding
br
x-envoy-upstream-service-time
30
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
e13b18cd-e9de-40f6-a02b-78ca69cdba82
server
cloudflare
vary
origin
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://cyble.com
x-evy-trace-virtual-host
all
access-control-max-age
180
access-control-allow-credentials
false
cache-control
max-age=0, no-cache, no-store
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=o51XRfl26exJvn2B06QuY4tXGyZq4AKQocrDPKCU0g8CuIClxnPWCP9lBvkxP%2Bd7MELog03s8dgIISd00o17o7Jkve%2FnB5O36j1iavp3GLoq4QI1dDs9xtCc17%2BeY%2FfleCkYqMHVf5FzNXV0u4px"}],"group":"cf-nel","max_age":604800}
x-robots-tag
none
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray
84734bc6a8c79bc4-FRA
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-547b899f8d-d5kjr
/
to.getnitropack.com/
20 B
182 B
Ping
General
Full URL
https://to.getnitropack.com/
Requested by
Host: nitroscripts.com
URL: https://nitroscripts.com/generic/JPtKKXLsjJbtelUWnenRbIbVJOerqPTK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:255d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a4d2b5c10747a9a02c401ece039329ec75c8a8f1dc4de0c7fb53a4ebde5555e4
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundaryukkmNXkn7pAU8Ae0

Response headers

date
Thu, 18 Jan 2024 02:09:29 GMT
content-encoding
none
strict-transport-security
max-age=15724800; includeSubDomains
cf-cache-status
DYNAMIC
server
cloudflare
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cf-ray
84734bccec9e36dc-FRA
dropoff
to.getnitropack.com/
20 B
72 B
Ping
General
Full URL
https://to.getnitropack.com/dropoff
Requested by
Host: nitroscripts.com
URL: https://nitroscripts.com/generic/JPtKKXLsjJbtelUWnenRbIbVJOerqPTK
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:255d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a4d2b5c10747a9a02c401ece039329ec75c8a8f1dc4de0c7fb53a4ebde5555e4
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36
Content-Type
multipart/form-data; boundary=----WebKitFormBoundaryr2jqLhcOUCsBwnrt

Response headers

date
Thu, 18 Jan 2024 02:09:29 GMT
content-encoding
none
strict-transport-security
max-age=15724800; includeSubDomains
cf-cache-status
DYNAMIC
server
cloudflare
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cf-ray
84734bccfc9f36dc-FRA
boom.gif
pixel.wp.com/
0
105 B
Image
General
Full URL
https://pixel.wp.com/boom.gif?bilmur=1&cumulative_layout_shift=0.002&largest_contentful_paint=2989&batcache_hit=0&provider=wordpress.com&service=atomic&effective_connection_type=4g&rtt=0&downlink=10000&host_name=cyble.com&url_path=%2Fblog%2Fcyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft%2F&nt_fetchStart=1&nt_domainLookupStart=11&nt_domainLookupEnd=11&nt_connectStart=11&nt_connectEnd=50&nt_secureConnectionStart=26&nt_requestStart=50&nt_responseStart=1780&nt_responseEnd=1828&nt_domLoading=1783&nt_domInteractive=4548&nt_domContentLoadedEventStart=4568&nt_domContentLoadedEventEnd=4613&nt_domComplete=9822&nt_loadEventStart=9822&nt_loadEventEnd=9863&nt_redirectCount=0&nt_nextHopProtocol=h2&nt_api_level=2&start_render=2989&first_contentful_paint=2989&resource_size=3845329&resource_transferred=923343&resource_cache_percent=0&js_size=1591422&js_transferred=476226&js_cache_percent=0&blocking_size=2106099&blocking_transferred=280281&blocking_cache_percent=0&last_resource_end=11029
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

access-control-allow-origin
*
date
Thu, 18 Jan 2024 02:09:31 GMT
cache-control
no-cache
server
nginx
alt-svc
h3=":443"; ma=86400
collect
q.clarity.ms/
0
289 B
XHR
General
Full URL
https://q.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.20/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.231.53.73 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
https://cyble.com/blog/cyber-espionage-attack-on-the-indian-air-force-go-based-infostealer-exploits-slack-for-data-theft/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.224 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://cyble.com
Date
Thu, 18 Jan 2024 02:09:32 GMT
Access-Control-Allow-Credentials
true
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8

Verdicts & Comments Add Verdict or Comment

196 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| _wpemojiSettings undefined| $ function| jQuery object| related_posts_js_options object| cnArgs function| gtag object| dataLayer object| _hsq string| adroll_adv_id string| adroll_pix_id string| adroll_version boolean| __adroll_loaded object| adroll object| NPTelemetryMetadata object| NitroPack object| hsConversationsSettings function| setREVStartSize function| __adroll__ string| adroll_sid object| __adroll function| __cmp function| __tcfapi function| __gpp boolean| adroll_sendrolling_cross_device object| adroll_form_fields object| adroll_third_party_forms object| adroll_third_party_detected object| adroll_snippet_errors function| adroll_tpc_callback object| google_tag_manager object| google_tag_data function| onYouTubeIframeAPIReady object| gaGlobal string| _linkedin_data_partner_id string| GoogleAnalyticsObject function| ga function| fbq function| _fbq object| _fbq_gtm_ids function| clarity object| __adroll_consent_data function| lintrk boolean| _already_called_lintrk object| ORIBILI object| gaplugins object| _hsp object| adroll_exp_list object| __adroll_consent boolean| __adroll_consent_is_gdpr string| __adroll_consent_user_country string| __adroll_consent_adv_country object| $jscomp string| BANNER_VERSION string| TCF_VERSION string| IABWRITE_NO_COOKIE object| __adroll_consent_banner object| __adroll_consent_prev_lastchild object| globalRoot undefined| hns function| bindToWindowOnError object| leadflows object| hubspot function| OutpostErrorReporter function| _registerAvailablePopup object| _availablePopups boolean| popupPoliceActive undefined| hns2 undefined| jade undefined| I18n undefined| Pikaday undefined| reqwest undefined| exports undefined| define boolean| LEAD_FLOWS_RAN boolean| COMMON_SETUP_RAN object| hsCtasOnReady object| __PRIVATE__HubspotCtaClient object| hsCallsToActionsReady object| __hsWebInteractiveInstance object| _paq function| sanitizeKey boolean| _hstc_loaded object| GooglebQhCsO object| gaData object| HubSpotForms object| hbspt object| hsFormsOnReady number| proxyPurgeOnly object| nitroData undefined| xhr object| webpackChunkom_api_js object| _omapp function| OptinMonsterApp boolean| om_loaded object| r0hediyvvmvme9sqc9m4 object| _omq function| omq object| RS_MODULES boolean| r0hediyvvmvme9sqc9m4_shortcode object| astra function| astraGetParents function| getParents function| astraToggleClass function| toggleClass function| astraTriggerEvent function| astraSmoothScroll function| astScrollToTopHandler function| popupTriggerClick function| AstraToggleSubMenu function| AstraToggleSetup function| astraNavMenuToggle object| leadin_wordpress object| gsapVersions object| tpGS object| punchgs object| RSANYID object| RSANYID_sliderID boolean| _R_is_Editor object| runtime object| regeneratorRuntime object| wp object| starter_templates_zip_preview object| astraAddon function| display_mega_menu_on_load object| items function| apply_megamenu_width_styles function| astraToggleSetupPro function| astraNavMenuTogglePro string| sticky_header_on_devices string| site_layout_box_width string| hook_sticky_footer string| sticky_footer_on_devices object| _stq object| jetpackSwiperLibraryPath object| jetpackCarouselStrings object| OMAPI_Helper function| addResizeListener function| removeResizeListener function| Cookies object| webpackChunkelementor_pro object| webpackChunkelementor object| elementorModules function| sprintf function| vsprintf object| ElementorProFrontendConfig object| elementorProFrontend function| Waypoint object| uael_particles_script object| elementorFrontendConfig object| elementorFrontend object| scope_array number| backend object| omapi_localized object| omapi_data function| st_go function| linktracker_init object| wpcom boolean| hubspot_live_messages_running object| HubSpotConversations object| HubSpotCallsToActions boolean| hubspot_web_interactives_running boolean| _hspb_loaded boolean| _hspb_ran number| stick_upto_scroll number| max_width number| gutter number| aboveHeaderSelectorValue object| omr0hediyvvmvme9sqc9m4 boolean| adroll_optout object| adroll_loaded boolean| __clearbit_tagsjs object| clearbit function| parcelRequire object| clearbitsq object| args string| method function| normalize object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| _omns object| recaptcha object| closure_lm_884738 object| twemoji boolean| _hstc_ran string| __hsUserToken number| expireDateTime number| link number| len boolean| LEAD_FLOW_DOCUMENT_READY_RAN

39 Cookies

Domain/Path Name / Value
.cyble.com/ Name: _ga_N9ZXY95EM4
Value: GS1.1.1705543760.1.0.1705543760.0.0.0
.cyble.com/ Name: _ga_361856552
Value: GS1.1.1705543760.1.0.1705543760.0.0.0
.linkedin.com/ Name: li_sugr
Value: 3dc22f3d-2caa-4900-80e9-0e61e5c834a9
.linkedin.com/ Name: bcookie
Value: "v=2&455d5a8b-1e08-4c72-817f-135414805bdf"
.linkedin.com/ Name: lidc
Value: "b=TGST00:s=T:r=T:a=T:p=T:g=3299:u=1:x=1:i=1705543760:t=1705630160:v=2:sig=AQHBBxJlSmKehOSeIG1OA0cjVhFraCAq"
.cyble.com/ Name: _fbp
Value: fb.1.1705543760689.1163142126
www.clarity.ms/ Name: CLID
Value: 315146c73bc446ff9110bc528d358272.20240118.20250117
.cyble.com/ Name: _clck
Value: 1udoj57%7C2%7Cfii%7C0%7C1478
.linkedin.com/ Name: li_gc
Value: MTswOzE3MDU1NDM3NjA7MjswMjG9yJ3JMOctoGqMJMSvl2RcqqvDAQHshi9+Ld4zwHXwhQ==
.cyble.com/ Name: _gcl_au
Value: 1.1.1740417904.1705543761
.rss.app/ Name: cf_clearance
Value: 8MkGuzM341qI2bHFt9npT7GlE6PaK1N9van_Q4OG4fI-1705543760-1-ATLolEpqQjR6xzhjxElfGMFm7dLrN/YwC7tIaUSSaSOkVw7bcZuirNvv3eePw38ECJA+UBJzwfksLkVCM1RGcOA=
.cyble.com/ Name: _ga
Value: GA1.2.2126298577.1705543760
.cyble.com/ Name: _gid
Value: GA1.2.1554041934.1705543761
.cyble.com/ Name: _gat_UA-201575643-1
Value: 1
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
cyble.com/ Name: nitroCachedPage
Value: 0
cyble.com/ Name: _omappvp
Value: t20o1MTLoP2kQ1QxTgMhy0SZy2VcOadMvvfXQVrGm8O2lf8PeuKdocpY45n8nWVe5wsT2y42LYuykJv2vjAfKu76K7VFV5Ui
cyble.com/ Name: _omappvs
Value: 1705543761336
.cyble.com/ Name: _clsk
Value: 1ksnj7m%7C1705543761338%7C1%7C1%7Cq.clarity.ms%2Fcollect
.hubspot.com/ Name: __cf_bm
Value: cn8Y9eKWt3c1mbahIn_7j6eCuaSuNSSMW6716sLLjko-1705543763-1-AW8yGfUtC/dgIAt9z/+pWYilBUwoNte+QHNGza4GRsOUZcwtdOC++h88yPnj2s4gnDxXH/MzCv73FmkxBfdle+A=
.hubspot.com/ Name: _cfuvid
Value: Z_mKVb3CKRQjQqcAVY7eN84vC1GlM7_BDKMqvekylwk-1705543763391-0-604800000
.cyble.com/ Name: messagesUtk
Value: 86e27fb9bb5c4e9f9ebac94649615f07
.cyble.com/ Name: cb_user_id
Value: null
.cyble.com/ Name: cb_group_id
Value: null
.cyble.com/ Name: cb_anonymous_id
Value: %223f80e57f-40c0-44bd-9600-099b6f4e7aff%22
cyble.com/ Name: omSeen-r0hediyvvmvme9sqc9m4
Value: 1705543763844
.labs.cyble.com/ Name: __cf_bm
Value: FwCk0Zc1e8SBqLMa22GsDBdwQBdGnSL4kn3xhPDiWvE-1705543763-1-Ad2uJ/3G+8pzfbIOr4PkRakVf3aS1zySxKUWa6/z3ZTwyoC5gl4cqs+DfsoVwVa5l5VY3vpcHLFNW0bPAn3UNhY=
.labs.cyble.com/ Name: __cfruid
Value: c3e12a29b4b4caaf01a4b8d78b223fb1352a0d27-1705543763
.cyble.com/ Name: __hstc
Value: 27441379.3e9bfa9121724caa6d6f6253642e3cb1.1705543768048.1705543768048.1705543768048.1
.cyble.com/ Name: hubspotutk
Value: 3e9bfa9121724caa6d6f6253642e3cb1
.cyble.com/ Name: __hssrc
Value: 1
.cyble.com/ Name: __hssc
Value: 27441379.1.1705543768048
.bing.com/ Name: MUID
Value: 1C73BAA0B44F6B503E68AEAAB54F6A54
.c.bing.com/ Name: MR
Value: 0
.c.bing.com/ Name: SRM_B
Value: 1C73BAA0B44F6B503E68AEAAB54F6A54
.c.clarity.ms/ Name: SM
Value: C
.clarity.ms/ Name: MUID
Value: 1C73BAA0B44F6B503E68AEAAB54F6A54
.c.clarity.ms/ Name: MR
Value: 0
.c.clarity.ms/ Name: ANONCHK
Value: 0

4 Console Messages

Source Level URL
Text
network error URL: https://my.hellobar.com/.js
Message:
Failed to load resource: the server responded with a status of 403 ()
other warning URL: https://connect.facebook.net/signals/config/1126903675356441?v=2.9.140&r=stable&domain=cyble.com(Line 127)
Message:
Unrecognized feature: 'attribution-reporting'.
network error URL: https://cyble.com/wp-content/uploads/2024/01/Figure-2-Decoy-PDF.png
Message:
Failed to load resource: net::ERR_QUIC_PROTOCOL_ERROR
network error URL: https://cyble.com/wp-content/uploads/2023/06/Cyble-Demo.png
Message:
Failed to load resource: net::ERR_QUIC_PROTOCOL_ERROR

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.omappapi.com
api.hubspot.com
api.omappapi.com
app.clearbit.com
app.hubspot.com
c.bing.com
c.clarity.ms
connect.facebook.net
cta-service-cms2.hubspot.com
cyble.com
d.adroll.com
fonts-api.wp.com
fonts.googleapis.com
fonts.gstatic.com
fonts.wp.com
forms-na1.hsforms.com
forms.hsforms.com
forms.hubspot.com
googleads.g.doubleclick.net
i0.wp.com
js-na1.hs-scripts.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsforms.net
js.hsleadflows.net
js.hubspot.com
js.usemessages.com
labs.cyble.com
my.hellobar.com
nitroscripts.com
perf-na1.hsforms.com
pixel.wp.com
px.ads.linkedin.com
px4.ads.linkedin.com
q.clarity.ms
region1.google-analytics.com
rss.app
s.adroll.com
s0.wp.com
snap.licdn.com
static.hsappstatic.net
stats.g.doubleclick.net
stats.wp.com
tag.clearbitscripts.com
to.getnitropack.com
track.hubspot.com
uploads-ssl.webflow.com
widget.rss.app
www.clarity.ms
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
x.clearbitjs.com
13.107.42.14
18.153.4.44
18.66.112.13
18.66.112.19
192.0.76.3
192.0.77.2
192.0.77.32
192.0.78.231
20.231.53.73
2001:4860:4802:34::36
2400:52e0:1e00::1080:1
2600:9000:2644:de00:6:9280:1080:93a1
2600:9000:2670:8c00:7:d7d6:3c40:93a1
2606:2c40::c73c:671e
2606:4700:10::6816:e17
2606:4700:20::681a:dfa
2606:4700:4400::6812:255d
2606:4700:4400::ac40:991b
2606:4700:4400::ac40:9af8
2606:4700::6810:4fba
2606:4700::6810:89ce
2606:4700::6810:bc59
2606:4700::6810:bd59
2606:4700::6810:e05d
2606:4700::6811:cff9
2606:4700::6811:faa8
2606:4700::6812:7d0c
2606:4700::6812:b07d
2606:4700::6812:c07d
2606:4700::6813:9b53
2620:1ec:21::14
2620:1ec:bdf::63
2620:1ec:c11::200
2a00:1450:4001:808::2003
2a00:1450:4001:80b::2004
2a00:1450:4001:810::2003
2a00:1450:4001:827::200a
2a00:1450:4001:82b::2003
2a00:1450:4001:82f::2002
2a00:1450:4001:82f::200e
2a00:1450:4001:830::2008
2a00:1450:400c:c07::9b
2a02:26f0:480:f::213:7edd
2a03:2880:f083:100:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
2a05:d018:cc3:fe05:418d:1d:4292:e8cd
3.127.196.46
68.219.88.97
00cfed1d7680f3a3435bf24ed4286fa745c0b33d78f5f169e6fcf94852b93589
02691c38db1b70e6897e594025a6080e91d8ff8e6af11d3c76d922af318cdc69
029dedf319bc4536d9c663ae9c0b10c95d1e9f5dd1de0aa73172e9e89ae254cc
079ceaa0981ce7f89ad67f2b125a26b02d93a4b400b0d01c1095d9d03b24c738
08745f637dd9ab266f748acc77062ef5c213e40922e712de0b272582c3c6abbb
08756c47213d461baa3b01f42448a76d11f524470c7a34f9018733889bd4f49c
08f09e95e50ae9c0181382558ff935903a7b273b4a8e5006788e85ae1c72c7c6
0c9cc88c27618b01e95063377382195b9062bdbef5eb1687e5881d3f318dbe63
0f8b49132eba8075f78a37c968b2464149211d99f34329ac6d668647faaf4541
14103b64df9857f9f7ad1f02efaafba97ce4772e8d8b448857de69c3537c338d
15da0333da024365f065c44b1861355fac0211292dd57a0bb5f482ebcd166f4b
17fa2c1abf10d3dbfbc6ae7ea77fbf3a3adc44fc5d8b250cbe2cccf4514a76f4
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1be5011ee250f587d908dfe4ca639f7df13005f1c7ea99c914c81f93c5d17dd1
1d52e1ac7d3bc25a8b0ffc257153f9dd50249f96fe9a4df5e0d771241a69062c
21111013521ce045115ade20ed1b0ac09b102688f010ecf84bb7f3f53574456c
214674cc77aba35ab3567b88e2739fd08e8e96c61d279559ad61874069683ea0
216728e33a7de4be9b784eff527c6ccf1658319ea78fe66a7864c0b923200252
220b328b851303eea8cf0c0bff31365783e87438e803e6d02bec6a5e0492f907
228739c5660b9818a95c3b2c13f6c65cf4364f871c0cde499446c985be07a682
23febb6123e35e58332596a52726968d7729c60305442ab76c67a35c72d0c915
25825611ade7ceaed7df3862ec56dc91ad1d2be539966ef7bbe84306e51cfb08
263c3a799ea39e2db3c3347bab23a9f98990d9d9633d2d8b833d8766c3dc2b36
269eea553268c80a33059695a4ad3726bbd6982db73afa9718456600ac7c3cac
274928f2bf62780b9b7e9d27705d30ed9647c4243ae6a0abf1fa53fc1b6c1989
283547740fcb77b2440b432515bfb0437fcbcb49dae73c5835d0087dcfd54a31
2e10d353ff038c2cad3492fc17801af3e6ef2669c9e9713bdb78b1dcb104c4fe
338640e86aa6516cd58e770434a46b59daee39355996731f7db2054be0fbe229
3724e2da1a3d12b529100cd37765782ed4ad2e1da79b4f0c61f888504d1706fe
382e9768b5578d5ad05e51e37670a3cf93d4593a49bcbee1f5e8b66d0d8c1c53
39badaa7254daebaccbfc900a8ab3e619aaa048a7306b182ecf19655fdaf3976
3c29b5dfcc5c9e30070ed36b72aed962f925d9a36cdbe1da49b011cf93cd9440
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
405767448d618a7a326a509bf3c8484414ddf0f9518dad53f90794e7796bdde8
43c072c16c9ee6d67acdfa6c6d6685ff1e74eb4237b7cc3c1348ab1c108b26af
453cb806084fdabec32e286af2e88899f79022125c2527afffbec507975d2c22
45bc9ceece3cf1559de0819fb84e20b27062170a53a615a1e59c205dc665fa73
464e378e989ece7ebb703d5870d1decaa1e2e24be4610458cfa65fb3b4c0a32f
4a8bd33bfe771e0bd46fade45435a9fa2d0c3a8af2409b1f5a74a6b96b03faa9
4e5f422e1144d7a6e05cef8c8684a2a7f28efa9f67cea6d92b305a90abe8ebdc
4f79a89d16a5f717110fe080c0bf90b7e05ff95a4c4983f64d33110bf5f9c230
4f9f4e2e225088f9cf3b6b54aa421e0f776d1802255505d2f752e1f83f441641
4ff079893cbfe8eebd0d49b7c8bcbeba131173b3e0da0e13210ad611869e0e36
503f20b8f6709c55f119a78910163881b3b3ac32d9b6283a914be20107111f3b
50609579a0013a9543bdf2f3b69b484dafea8e313a2ce1a65f5ae93a930991d6
5274f11e6fb32ae0cf2dfb9f8043272865c397a7c4223b4cfa7d50ea52fbde89
5405f21fd05a73a76a85b2021b366df4dcd00dd93ad956d671776622ea5e1ffc
54c8ea0d64c3d52573359befbd4e5fab7ff3d18abedf40759fba7d500832177a
55054ee1484536892852a636c238f8364ce6a89e525f52605d67cb2bfe8f7f5a
553fbec66bfd9a96e150c860a3d0f7e257679051417d085c1561c455f9271ebc
564a710221e64d78f8178a9e34e5c54fb8d0f3c72253adac0a7b73fbb43ca650
571c5e92dba542d755f7e907c63569078c814fc9d2d6d5e17f5a3d7bb870be6b
58a530d7415729915240d4af7c8ff134ee4fd9feac9c0ef296e18e0b7fbae208
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5ad9190fbc16d61ebc6ad1340f1b050be0447bec8bf38e0d3f1fd847d0ca9d0a
5b61f5538c3fee3652999b99f2585d0183cc471f66baf66e4ad27a5988b71fd7
5ba92ae2fac4723f2d2d1f2ddf4535efe1a2ad4506052d9e6412027ba555083a
5c756ba00bc22ff5690e08fc74aa2c70cde9b692a4acb7ca813a9dc7168c27d5
60a7eb0f25425d3cb621d7ad641aa292dfaec0a6b886234c427721ba7194c431
63a73385264092b260c1ce3fff21c1bc5b582fe72088288f8bcdf24378498a7f
6507a044d207a767ec2971e891b149b58d6d32a6ee1b18068a6d6dd36bc5fa9a
66e324493b6a145a004d03c0548370be06c879ef95e8072ff8247d0964b26499
683f797f0026aa30f2ba5e6cc39f6bda8ca2c64bb90cac8e0642b76846e8b054
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6b117d83a80faf1b382ea93574869ce88e5d7c64564c9c7e5e9bf848707a5206
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6d7c5230c3fd8042cabac27443c1df268add55d85b48b34e0555f09759b57497
72427688bf5fd3d197ee8b6761345fa51cb0fe26c5fa669577a45b72d46be04f
743ff8ea292dd92b9fe1bd32be7a2a528c4fd0f042720ab38be1f014877ecbec
745b79544835c8ee16198c039bdde0b6ec42333c0f830df5770bd4dcd60a6ac6
761c4ef72f1aa7bcaf50a6562e915e33d2713aefa1384d6ee1d77a3a07fb7be3
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050
7a84b8a454e84c689e5d3e3078c165647b2e4e13795814fc25b5932bd2e96402
7bcd5bd149dac8a9e6e4389d8fb72af693cceeb56b8c382d9a05167a57f45b99
7d93459d86585bfcdbb7e0376056226adb25821ee54b96236fe2123e9560929f
7f5b0ef792cd9f4f4dfc24775cbd9802b783db627914fd71549c8ff60d544253
7f941132a0b7f39cdc561896405b75e90922ab4eb06c55c6775befc2b2243a19
82dfce8760ca230bb796f728f5444cec9f3611c94bfe33298cad70aa524e0eb2
88aaa00ed63445a1d87d9d2c4473d0b8ed19a8365c8fdfa5b4ce13580229fcc7
8ad9a6bcdc20b0bb29576b861332e7b11719bd11af68024d7676724574070f05
8be7671dd442b72a00fefdcf3890f384553862136f5087bb880a37fe07ee7dfe
8d7293476de0d15a9417a6f896f642845e90a174c74455e095f5f9a69768b51c
8e604215fe4a988196d6b824554fad49143f7450349b4a2a285dad3faeba2f7b
8f927cd54d7ef0ffd667f6537f9a9f3ef56fd8f86b32c8dfd534c29da2f2242a
906a1c7b899193c5ff4f6a373f6584155142dcaaaf3d7d2c2c71bd3cd02a8b42
91088a015cd36dabb6639d0b6d08fadc57be7f1b85011f5f882d4e7a8611df31
9281e92347951df7b3764862686c89f3344547c77e10096acbb5196ff6c8645f
9338e65fc077355c7a87ae0d64cc101e23b9bf8ad78ae65f0f319c857311b526
942c9264f9de00fecac162d8f657d9d32a977882341f6ab66e8bf98dab5e1e76
945f333ee61c0da7432df2210a10e3670b38ac2949abe8599a969c00c5db8965
964da5c5d511063ca3629bb9c241c3c66fe796e75e79a6922a289e1b9dbdcc14
978277c7385002bbd8eca4f51d7bdac7424ef8c6d267066e36b018b25bf88f7a
98f6f0be59cf33c961bbde1efce215467edbe4a02e110c3c28f1cf1d8adce530
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9cd63b8cea25045c14623c538d26752518a58c0c682795ce6ad3078976c65a37
9ddaa48947691f4edbd85d83e34061cdf5eaabf0b10b59b3922d95233b8950ee
9e907e949bce3cec0efeaf4b707c2d5b1363467b174fced0e54fae1d501c36ed
a0520951344a0a82548f72736baa2072e965cfdaeb51f397b3a5901b1024a406
a0746aee5a2b0032d3d664b8383d97bb3e1f0dce11ececfa1258072a704b1a72
a4d2b5c10747a9a02c401ece039329ec75c8a8f1dc4de0c7fb53a4ebde5555e4
a61adcba5535446226b967547c5a240a0c58588d868a17890e04c990b67c5f82
a68827190bc01a61ee0a62ec59efa74497a6bc5aa8586f1fac50a58d0cf42d88
a72fb86e087a914701c121d199dbd32977ba67eb19b327c040f02010736eb012
a9fe76154119e569200be13db87f53d6f8007ebcc71b27bbcfc1c1a9fad719f9
abe1725ffb70a32273f47bad7ce88db19fc3892d6789c4b4a7e2404f89da6b98
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b019538234514166ec7665359d097403358f8a4c991901983922fb4d56989f1e
b414e97b0fa99b088ccd70810f56fac5c1a39873ef868631127eea2ca23daac6
b49a5d05ca41478b31f51cc2539a75937c3f921540aa90116a8f609e094d1811
b5474d3ed408366dcebededf5c987f44b43b389137272c282c6c972852a14fc0
b674ae72e31570fbfba5dd723788233676575b3d5ae6ca6f08846f1af6cd951c
b750bbe95d0c93af7e1f68971809f76b6ad8da24ede33819de25f73499d22c5d
b7908a015a567ec2363011df2475368dbff34360e9da3fdff50604d6395fb646
b9495a3be04ee2efba3a2848a90fb8b9266b95df0e7bc44cc48c771f0587da65
bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355
c1100b17cf71d52be3466b5c1f975cdc36076c5f2c008f0e66229d432c3a1cd3
c110d3e795d9bcb956d5c9ef500d23c7e480a259519d383d5c626293ee413815
c1a9a3e223bad631dff12d33b5499eb145cb08d8621c20d9d73870e78d97afe4
c4596b16b126326b0d8fc2fb8bf91389ad3dc4671a269187913c19a8f2ad1094
c4fbf61bcc8a017d5d9cd2d95105bf88005bc0a3b6c18be6bfee8fc94d0adf52
c5f3b2f654d2d8210a481c0164f0a53430cd09b77c34374fe23c9a03f5ad00fb
c6fd60d4ecfcac36ecdcb7456ecf170d8eef75c883a1e34a4dd7855d23966cd2
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
c9888540dccd636c2edffbc0986fcec9a2efc37d43c2f949bfebae77c8a141c8
ca7dce2391845e8aec7da135f33fabd10f74eed28a532ac66fd01f761fcfb42f
cb6f2d32c49d1c2b25e9ffc9aaafa3f83075346c01bcd4ae6eb187392a4292cf
cbcfb303a1e7d1f9da8965565b535f4122f2de2f1f3ed9f61f3f9e2dad3dcf9d
cd36de204aca2d5fa263a731f7c20009b5e3d754ba1f1e03c33e93a48f3e7446
d01a2ba2805c78957e15a2958135de0f3cb88e95159dd0f6c0a032bd76b1b0e9
d0d64c3f9eda799e678ba2a9d8c2b155345e8e0846570204dc14d16a010a331e
d191094291904cb0410cf3a475ea46eee6573c0922cc204759445e326d6d9233
d2a7a173045c7ed2c9474ee0edd3ebc0389454132b0a16e55b3eae6402c46a05
d2f82e2e141c7a7f31f40ab9ed8c499bba09505bac8b806cf016d10550e2a6d7
d622534d53d3ac1095af275f0b30274fcd835785577df2dde6d9398e6f7a2c8f
d8389d26351a0f26efc3c89b4a46c543f012905dd9dd8056ecef0eb72285c4e1
da614c06a9daea4f0b2773fc3ce151ac74e5e62966db6315edffe9f7701918a6
da9ed5720b674f0d297fe621ac2d8d518c4e622bef1e9b0d4ae489dee9aa43f8
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
de74d93b0b8bc1920aa1242682f26d84d443cdbe44297b8bd6177c92d1b47aeb
df751ba7f07cf175d5fbec6305339ad3908875ba8e274b02d3aaa4ea8adfe11b
e34124a12a9dc2f131c62ee30a7f3a4162213c5e7293f15d8ac8700070ab2072
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4b3ccb6e7fd061e3084ddc47637b3d5ded0a5b49e79fbedbb7a173799aec06f
e5c524e3e761e7f83d82d0713c43a707f52e9d2bac9d3705a09857714e094fac
e5f47aaf7eabcee1ce2772f4fd77c75c252c80f9c48e4424e2f08b022aa0fa84
e5f578c050d7a40cfb1cdbc4482159b5177deb5a5cf606cc28cd4a2b42a97734
e6a122a64b302b858b48b9d573be02ffa7c20282a492a47ef18db8e2907e1078
e7af9d60d875eb1c1b1037bbbfdec41fcb096d0ebcf98a48717ad8b07906ced6
e84303d826aeaf19df684387b7aafffca15ce11a914bb55c13fb08d904850a51
e8bedb6d8f202fea8926a8236b3c032a5122768ca7948f490da9e8c5fa26f84c
ea14d1b1233e6cbc9b1a156ac532f076f7adafc309726fca7bf8833f882ac872
ea545fbe45f0f4005e27955f6b63c236438679566c666842f98c24dac9d3e70e
eb69a3fbdfb147c334fe4897c060071321309a3a167adb83dbfb3ea1321ae154
ec7ef7aa5fd1e019f1c26193e95e46d481d4983673936a9dda086705ada6e3d5
eef6905a10fc006637486692b9f493a373aabd7ec439fa81a99204ee389b2716
ef068886081bafdcfa106807748e246a92597422d4f17bd2db3f0b4274e43328
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f187dc8de7fe50f1f8825c3500b64080cc78ac39df7efd31a4b1bc562be9ca3d
f285f832bdee154f19636c329d9812c7b37695e6af794fb7449831f7e5aa30ab
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f650518059b9901bbf0175fde4089bda6ac93efef083514d37c3245a7f50abdf
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
f7e5b0c06ee5bbc14d3e9e9f3055b8108bab899e37aec44a227485f3c3624cee
fe23081bb10b4f88ebb5371f5ddeff574f12fe65f181b261a06fbd0f1f6fec6f