www.threatfabric.com Open in urlscan Pro
99.84.238.92  Public Scan

5 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

36 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request deceive-the-heavens-to-cross-the-sea.html Show response www.threatfabric.com/blogs/	135 KB 25 KB	1310ms 751ms	Document text/html	99.84.238.92 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.238.92 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-238-92.sfo5.r.cloudfront.net Software AmazonS3 / Resource Hash e63ac5b640de13e7c614a32b8fbc59e4fb92a409b30b45ed850fcaab1278b970 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Accept-Language jp-JP,jp;q=0.9 Response headers content-type text/html; charset=utf-8 content-length 25216 last-modified Mon, 29 Nov 2021 12:57:42 GMT content-encoding gzip accept-ranges bytes server AmazonS3 date Mon, 06 Dec 2021 15:22:58 GMT cache-control max-age=300 etag "b7dd891b2b2dc24d6809f20d531e2247" x-cache RefreshHit from cloudfront via 1.1 6328d32449cd285f3f7c7b3c41dbe9ad.cloudfront.net (CloudFront) x-amz-cf-pop SFO5-C3 x-amz-cf-id B16wr5VlxU8cxBpMAYlfd3XmpRceleQDOEreI9m203xFTA3O2ThVYw==
GET H2	200	style.css www.threatfabric.com/assets/css/	43 KB 7 KB	118ms 117ms	Stylesheet text/css	99.84.238.92 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.threatfabric.com/assets/css/style.css?v=1638184224 Requested by Host: www.threatfabric.com URL: https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.238.92 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-238-92.sfo5.r.cloudfront.net Software AmazonS3 / Resource Hash 191ae9510fb8cfe2a209f6c2401c3475d5f726f0112dd14c2d37a0d31865e7a4 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 06 Dec 2021 15:22:58 GMT content-encoding gzip last-modified Mon, 29 Nov 2021 12:57:43 GMT server AmazonS3 x-amz-cf-pop SFO5-C3 etag "e4b1b6f5c91b70affc3f4bb0d841d9fd" x-cache Hit from cloudfront content-type text/css; charset=utf-8 via 1.1 6328d32449cd285f3f7c7b3c41dbe9ad.cloudfront.net (CloudFront) cache-control max-age=6000 accept-ranges bytes content-length 6611 x-amz-cf-id vmwQHk-8tCOcvF1_yBNC-DAy9fPfuy2M0b0geeFFMcvI6TWrNr7j5Q==
GET H2	200	css2 fonts.googleapis.com/	5 KB 1 KB	82ms 37ms	Stylesheet text/css	2404:6800:4004:80c::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.googleapis.com/css2?family=Kanit:wght@100;200;300;400&display=swap Requested by Host: www.threatfabric.com URL: https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:80c::200a , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software ESF / Resource Hash e35f6345bf90a5fd6a9560f42ea23874122e52957c67c66b8b7e64b993e4aebb Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 0 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://www.threatfabric.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers strict-transport-security max-age=31536000 content-encoding gzip x-content-type-options nosniff cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" x-xss-protection 0 last-modified Mon, 06 Dec 2021 15:22:58 GMT server ESF cross-origin-opener-policy same-origin-allow-popups date Mon, 06 Dec 2021 15:22:58 GMT x-frame-options SAMEORIGIN content-type text/css; charset=utf-8 access-control-allow-origin * cache-control private, max-age=86400, stale-while-revalidate=604800 timing-allow-origin * link <https://fonts.gstatic.com>; rel=preconnect; crossorigin expires Mon, 06 Dec 2021 15:22:58 GMT
GET H2	200	threatfabric-logo-light.svg www.threatfabric.com/assets/images/	3 KB 1 KB	627ms 624ms	Image image/svg+xml	99.84.238.92 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.threatfabric.com/assets/images/threatfabric-logo-light.svg Requested by Host: www.threatfabric.com URL: https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.238.92 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-238-92.sfo5.r.cloudfront.net Software AmazonS3 / Resource Hash e082d568fb44df37fa453a514a8e553c889abe144c5c73866c1f020e4ccfbc49 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 06 Dec 2021 15:22:58 GMT content-encoding gzip last-modified Thu, 22 Apr 2021 11:49:27 GMT server AmazonS3 x-amz-cf-pop SFO5-C3 etag W/"8b008611e237cad1162ac34fa0566106" vary Accept-Encoding x-cache Hit from cloudfront content-type image/svg+xml via 1.1 6328d32449cd285f3f7c7b3c41dbe9ad.cloudfront.net (CloudFront) cache-control max-age=6000 x-amz-cf-id CZd5xwknZ9peztoUO3dfDfRd_XUS00-xUNN72pzy5qnHxEwRlRPxWw==
GET H2	200	cover.png www.threatfabric.com/assets/images/blog/droppers/	220 KB 220 KB	1471ms 1467ms	Image image/jpeg	99.84.238.92 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.threatfabric.com/assets/images/blog/droppers/cover.png Requested by Host: www.threatfabric.com URL: https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.238.92 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-238-92.sfo5.r.cloudfront.net Software AmazonS3 / Resource Hash 940306309004c11651faa890afa7e9337c7b66d63a8555e28ef41467c28a876d Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 06 Dec 2021 15:22:59 GMT via 1.1 6328d32449cd285f3f7c7b3c41dbe9ad.cloudfront.net (CloudFront) last-modified Mon, 29 Nov 2021 12:57:42 GMT server AmazonS3 x-amz-cf-pop SFO5-C3 etag "3a0dc435e09a7d4b3b2a92d36343f8ad" x-cache RefreshHit from cloudfront content-type image/jpeg cache-control max-age=6000 accept-ranges bytes content-length 224909 x-amz-cf-id xUA227gtUVvmT_acrfCb5ERfXm6s397Ct8t0eUKxQkElcNs63LX_Gw==
GET H2	200	GP_tactics.png www.threatfabric.com/assets/images/blog/droppers/	228 KB 229 KB	626ms 623ms	Image image/png	99.84.238.92 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.threatfabric.com/assets/images/blog/droppers/GP_tactics.png Requested by Host: www.threatfabric.com URL: https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.238.92 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-238-92.sfo5.r.cloudfront.net Software AmazonS3 / Resource Hash dd7443543c61020df859556302ec632f42da56b9a90e01e8012818b16f17cbea Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 06 Dec 2021 15:22:58 GMT via 1.1 6328d32449cd285f3f7c7b3c41dbe9ad.cloudfront.net (CloudFront) last-modified Mon, 29 Nov 2021 12:57:42 GMT server AmazonS3 x-amz-cf-pop SFO5-C3 etag "db3ff3efda745bca44608c7f60bbe80d" x-cache Hit from cloudfront content-type image/png cache-control max-age=6000 accept-ranges bytes content-length 233859 x-amz-cf-id NxBYlWtdR3n3L7Ifd60TRt-p61DxBlxKlsG0kUdVsW3bUzxSlZWm4Q==
GET H2	200	GP_fud.png www.threatfabric.com/assets/images/blog/droppers/	124 KB 124 KB	1802ms 1798ms	Image image/png	99.84.238.92 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.threatfabric.com/assets/images/blog/droppers/GP_fud.png Requested by Host: www.threatfabric.com URL: https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.238.92 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-238-92.sfo5.r.cloudfront.net Software AmazonS3 / Resource Hash 2beaffdf5451bb24dd5f08660dee134fea5dd18b37a04f151ea56b60a6a9d2f5 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 06 Dec 2021 15:22:59 GMT via 1.1 6328d32449cd285f3f7c7b3c41dbe9ad.cloudfront.net (CloudFront) last-modified Mon, 29 Nov 2021 12:57:42 GMT server AmazonS3 x-amz-cf-pop SFO5-C3 etag "fe2703a252f0d43a5a6a13c70f866e75" x-cache RefreshHit from cloudfront content-type image/png cache-control max-age=6000 accept-ranges bytes content-length 126810 x-amz-cf-id Cm_sqT-hPqgHehWaS_AHPi5o4jeACFaYsRiwnT6L83ZEIDuOhdMAiQ==
GET H2	200	GP_fam_stats.png www.threatfabric.com/assets/images/blog/droppers/	135 KB 135 KB	2335ms 2331ms	Image image/png	99.84.238.92 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.threatfabric.com/assets/images/blog/droppers/GP_fam_stats.png Requested by Host: www.threatfabric.com URL: https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.238.92 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-238-92.sfo5.r.cloudfront.net Software AmazonS3 / Resource Hash f69f5783f3beaf6b93ccd4aa962d6fe6062701c632c3590f1c441dc5302285a8 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 06 Dec 2021 15:22:59 GMT via 1.1 6328d32449cd285f3f7c7b3c41dbe9ad.cloudfront.net (CloudFront) last-modified Mon, 29 Nov 2021 12:57:42 GMT server AmazonS3 x-amz-cf-pop SFO5-C3 etag "9cc3faaa6a481495f02b9df7e611b51a" x-cache RefreshHit from cloudfront content-type image/png cache-control max-age=6000 accept-ranges bytes content-length 138017 x-amz-cf-id blr1Z3Im7YUFTHCGFA6Qxut8s1slebMvwuCpM8EtfCZV79tWIkhO1Q==
GET H2	200	droppers.png www.threatfabric.com/assets/images/blog/droppers/	671 KB 672 KB	436ms 433ms	Image image/png	99.84.238.92 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.threatfabric.com/assets/images/blog/droppers/droppers.png Requested by Host: www.threatfabric.com URL: https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.238.92 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-238-92.sfo5.r.cloudfront.net Software AmazonS3 / Resource Hash 2a9aa62f1cb2d7c50a1d8698045229be80f7606a30db8587b0c246024f4db336 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 06 Dec 2021 15:22:58 GMT via 1.1 6328d32449cd285f3f7c7b3c41dbe9ad.cloudfront.net (CloudFront) last-modified Mon, 29 Nov 2021 12:57:42 GMT server AmazonS3 x-amz-cf-pop SFO5-C3 etag "1c9f11d280b1bc358a34abc907f3c338" x-cache Hit from cloudfront content-type image/png cache-control max-age=6000 accept-ranges bytes content-length 686918 x-amz-cf-id xjG1jM_GYBO2AB3OyyeLvbneaA1HDR8gNJ4Sh3aWAeStqxUUzvuzKA==
GET H2	200	qr_scanner.png www.threatfabric.com/assets/images/blog/droppers/	476 KB 477 KB	782ms 779ms	Image image/png	99.84.238.92 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.threatfabric.com/assets/images/blog/droppers/qr_scanner.png Requested by Host: www.threatfabric.com URL: https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.238.92 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-238-92.sfo5.r.cloudfront.net Software AmazonS3 / Resource Hash 83d3a74065f0392803bc1646b5789bc43fa17ad65f06a1259de37c355c503372 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 06 Dec 2021 15:22:59 GMT via 1.1 6328d32449cd285f3f7c7b3c41dbe9ad.cloudfront.net (CloudFront) last-modified Mon, 29 Nov 2021 12:57:42 GMT server AmazonS3 x-amz-cf-pop SFO5-C3 etag "5437626ac4a9e026d0d317a2a8c04d43" x-cache RefreshHit from cloudfront content-type image/png cache-control max-age=6000 accept-ranges bytes content-length 487488 x-amz-cf-id 2hAPVk_CA6p9hyfoSyBWpYwYnZh0qbiVCZMe8RNktu11Kik9WTcW5w==
GET H2	200	c2_communication.png www.threatfabric.com/assets/images/blog/droppers/	248 KB 248 KB	782ms 779ms	Image image/png	99.84.238.92 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.threatfabric.com/assets/images/blog/droppers/c2_communication.png Requested by Host: www.threatfabric.com URL: https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.238.92 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-238-92.sfo5.r.cloudfront.net Software AmazonS3 / Resource Hash 5dd271f1a1fcd7018797fcd532679ce04239d0e995a8448f8c70aa2af1cbaf6f Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 06 Dec 2021 15:22:59 GMT via 1.1 6328d32449cd285f3f7c7b3c41dbe9ad.cloudfront.net (CloudFront) last-modified Mon, 29 Nov 2021 12:57:42 GMT server AmazonS3 x-amz-cf-pop SFO5-C3 etag "5c44019d4c4a81a798cfe6b398fa976c" x-cache RefreshHit from cloudfront content-type image/png cache-control max-age=6000 accept-ranges bytes content-length 253789 x-amz-cf-id fdwNE6F-6gJ-wcSpHWP32EJohtZnzOBTg0n-ZI4_TFHZG5R-gi_a1Q==
GET H2	200	filtering.png www.threatfabric.com/assets/images/blog/droppers/	279 KB 279 KB	133ms 130ms	Image image/png	99.84.238.92 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.threatfabric.com/assets/images/blog/droppers/filtering.png Requested by Host: www.threatfabric.com URL: https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.238.92 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-238-92.sfo5.r.cloudfront.net Software AmazonS3 / Resource Hash c7f4006bee20f30d4ede342e640f93119e313a603227db071e04ebb025e2f636 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 06 Dec 2021 15:22:58 GMT via 1.1 6328d32449cd285f3f7c7b3c41dbe9ad.cloudfront.net (CloudFront) last-modified Mon, 29 Nov 2021 12:57:42 GMT server AmazonS3 x-amz-cf-pop SFO5-C3 etag "05242b813458a12af4633e0027edf41c" x-cache Hit from cloudfront content-type image/png cache-control max-age=6000 accept-ranges bytes content-length 285317 x-amz-cf-id w50V1yAYEtJeSvSsjUk--B28SE8LasF2zjUrmIdc8NkWHwE83pg_bg==
GET H2	200	versions.png www.threatfabric.com/assets/images/blog/droppers/	338 KB 339 KB	792ms 789ms	Image image/png	99.84.238.92 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.threatfabric.com/assets/images/blog/droppers/versions.png Requested by Host: www.threatfabric.com URL: https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.238.92 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-238-92.sfo5.r.cloudfront.net Software AmazonS3 / Resource Hash 381dc1970e562b0a12ff0be0b22bb5be76af2645ede3d438b3d8d7b942db0de3 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 06 Dec 2021 15:22:59 GMT via 1.1 6328d32449cd285f3f7c7b3c41dbe9ad.cloudfront.net (CloudFront) last-modified Mon, 29 Nov 2021 12:57:42 GMT server AmazonS3 x-amz-cf-pop SFO5-C3 etag "d3a4b723aaef3baab839843f81e1ee01" x-cache RefreshHit from cloudfront content-type image/png cache-control max-age=6000 accept-ranges bytes content-length 346440 x-amz-cf-id R9pon05X215c0PwE9fhBmT6KmByUtOrU-u65KAnY10G6JGE9Hxn2xQ==
GET H2	200	update_process.png www.threatfabric.com/assets/images/blog/droppers/	439 KB 440 KB	1317ms 1314ms	Image image/png	99.84.238.92 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.threatfabric.com/assets/images/blog/droppers/update_process.png Requested by Host: www.threatfabric.com URL: https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.238.92 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-238-92.sfo5.r.cloudfront.net Software AmazonS3 / Resource Hash 2239efa39b2b69c2d0d883839845d77f882b3be661dde70df89f78b34924c5f4 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 06 Dec 2021 15:22:59 GMT via 1.1 6328d32449cd285f3f7c7b3c41dbe9ad.cloudfront.net (CloudFront) last-modified Mon, 29 Nov 2021 12:57:42 GMT server AmazonS3 x-amz-cf-pop SFO5-C3 etag "55d16cb4edaf41f01bacf22f52c762fc" x-cache RefreshHit from cloudfront content-type image/png cache-control max-age=6000 accept-ranges bytes content-length 449860 x-amz-cf-id cIHY07rRwxj4finSi1hg4eA-9mjZnJULLqdQGqO-GRh47W1JZtbhpg==
GET H2	200	anatsa.png www.threatfabric.com/assets/images/blog/droppers/	265 KB 266 KB	131ms 128ms	Image image/png	99.84.238.92 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.threatfabric.com/assets/images/blog/droppers/anatsa.png Requested by Host: www.threatfabric.com URL: https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.238.92 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-238-92.sfo5.r.cloudfront.net Software AmazonS3 / Resource Hash 7d9d8fe5082d660c653022d61e40481504d23e9f5f62dbe564d26491560467f8 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 06 Dec 2021 15:22:58 GMT via 1.1 6328d32449cd285f3f7c7b3c41dbe9ad.cloudfront.net (CloudFront) last-modified Mon, 29 Nov 2021 12:57:42 GMT server AmazonS3 x-amz-cf-pop SFO5-C3 etag "58693256686cbd9b8d87cb9ee559f7a6" x-cache Hit from cloudfront content-type image/png cache-control max-age=6000 accept-ranges bytes content-length 271560 x-amz-cf-id 3c4h7paXjtHYaJ28cY63KqxZA8zPP7hWe-tllxyLVGX2RjQNr4aAhQ==
GET H2	200	GP2.png www.threatfabric.com/assets/images/blog/droppers/	355 KB 356 KB	131ms 129ms	Image image/png	99.84.238.92 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.threatfabric.com/assets/images/blog/droppers/GP2.png Requested by Host: www.threatfabric.com URL: https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.238.92 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-238-92.sfo5.r.cloudfront.net Software AmazonS3 / Resource Hash e8cf2a65d03d7f8733bc57e909a2461199a3b93bb1941969ccbe86bc95393db4 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 06 Dec 2021 15:22:58 GMT via 1.1 6328d32449cd285f3f7c7b3c41dbe9ad.cloudfront.net (CloudFront) last-modified Mon, 29 Nov 2021 12:57:42 GMT server AmazonS3 x-amz-cf-pop SFO5-C3 etag "cdbaa985736f9ebd7a3137880d7a9a12" x-cache Hit from cloudfront content-type image/png cache-control max-age=6000 accept-ranges bytes content-length 363771 x-amz-cf-id h5s_lNSGvAAy7OaqKR1QpFMIGZaLcM3lGxDBFwATIVH21hGUUUXi7g==
GET H2	200	brunhilda_installation.png www.threatfabric.com/assets/images/blog/droppers/	218 KB 219 KB	785ms 783ms	Image image/png	99.84.238.92 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.threatfabric.com/assets/images/blog/droppers/brunhilda_installation.png Requested by Host: www.threatfabric.com URL: https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.238.92 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-238-92.sfo5.r.cloudfront.net Software AmazonS3 / Resource Hash 74d4fc3967caa42db92a21b693fdf0d5da5e4e39a548bfa819e8ce3899b80bf0 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 06 Dec 2021 15:22:59 GMT via 1.1 6328d32449cd285f3f7c7b3c41dbe9ad.cloudfront.net (CloudFront) last-modified Mon, 29 Nov 2021 12:57:42 GMT server AmazonS3 x-amz-cf-pop SFO5-C3 etag "faa60013b03078952c13e5f810c2175e" x-cache RefreshHit from cloudfront content-type image/png cache-control max-age=6000 accept-ranges bytes content-length 223551 x-amz-cf-id PjsXF6d0Q-i9RCd2azvol0T_xQk0QJPVceoysWqoTUD4V7lOKT419w==
GET H2	200	us_campaigns.png www.threatfabric.com/assets/images/blog/droppers/	121 KB 122 KB	2264ms 2262ms	Image image/png	99.84.238.92 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.threatfabric.com/assets/images/blog/droppers/us_campaigns.png Requested by Host: www.threatfabric.com URL: https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.238.92 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-238-92.sfo5.r.cloudfront.net Software AmazonS3 / Resource Hash ce936b2493d40dcd5e4bd30d0092f686eff3fd86c7b09cc6df0758bff270056d Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 06 Dec 2021 15:22:59 GMT via 1.1 6328d32449cd285f3f7c7b3c41dbe9ad.cloudfront.net (CloudFront) last-modified Mon, 29 Nov 2021 12:57:42 GMT server AmazonS3 x-amz-cf-pop SFO5-C3 etag "2bc3cb335cd9518550b2a1755badd5a5" x-cache RefreshHit from cloudfront content-type image/png cache-control max-age=6000 accept-ranges bytes content-length 124045 x-amz-cf-id R8_0pZo_UxTkiec_Eh-6MS-DYh0P4wCU5gdBCnX2A8N_wm8qM0W3hg==
GET H2	200	GP1.png www.threatfabric.com/assets/images/blog/droppers/	390 KB 391 KB	737ms 735ms	Image image/png	99.84.238.92 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.threatfabric.com/assets/images/blog/droppers/GP1.png Requested by Host: www.threatfabric.com URL: https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.238.92 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-238-92.sfo5.r.cloudfront.net Software AmazonS3 / Resource Hash 47d7b0c3d3b9e7940546071146dbd97ae1ebc530f505043804711d627d23d32a Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 06 Dec 2021 15:22:59 GMT via 1.1 6328d32449cd285f3f7c7b3c41dbe9ad.cloudfront.net (CloudFront) last-modified Mon, 29 Nov 2021 12:57:42 GMT server AmazonS3 x-amz-cf-pop SFO5-C3 etag "c255824321862c13079a9f6b51c6d096" x-cache RefreshHit from cloudfront content-type image/png cache-control max-age=6000 accept-ranges bytes content-length 399201 x-amz-cf-id SoRkoWCKE9jr4G3qayd4uALLTKapEcWPs05ThcX7mnYhGIAx5qwIUA==
GET H2	200	gymdrop.png www.threatfabric.com/assets/images/blog/droppers/	321 KB 322 KB	2368ms 2366ms	Image image/png	99.84.238.92 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.threatfabric.com/assets/images/blog/droppers/gymdrop.png Requested by Host: www.threatfabric.com URL: https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.238.92 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-238-92.sfo5.r.cloudfront.net Software AmazonS3 / Resource Hash a2b97412c63a9972ed40eca5861a2aacc03ce00f9c483914cc658bbf8521dad1 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 06 Dec 2021 15:22:59 GMT via 1.1 6328d32449cd285f3f7c7b3c41dbe9ad.cloudfront.net (CloudFront) last-modified Mon, 29 Nov 2021 12:57:42 GMT server AmazonS3 x-amz-cf-pop SFO5-C3 etag "1c31a8c070045973237e26c7628524b0" x-cache RefreshHit from cloudfront content-type image/png cache-control max-age=6000 accept-ranges bytes content-length 328921 x-amz-cf-id feg0HtI6DXOba2zT9uC-8d_5Ad6ohpYHoYgqcL5t54Z8UrLzswwR7g==
GET H2	200	gymdrop_website.png www.threatfabric.com/assets/images/blog/droppers/	671 KB 672 KB	1631ms 1630ms	Image image/png	99.84.238.92 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.threatfabric.com/assets/images/blog/droppers/gymdrop_website.png Requested by Host: www.threatfabric.com URL: https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.238.92 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-238-92.sfo5.r.cloudfront.net Software AmazonS3 / Resource Hash ea0fabaf1ffa9551ce2679d054dddabc56c68241de68fa4062402276c118fe37 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 06 Dec 2021 15:22:59 GMT via 1.1 6328d32449cd285f3f7c7b3c41dbe9ad.cloudfront.net (CloudFront) last-modified Mon, 29 Nov 2021 12:57:42 GMT server AmazonS3 x-amz-cf-pop SFO5-C3 etag "a9669876b4bc2fe1e06c40e04a336be7" x-cache RefreshHit from cloudfront content-type image/png cache-control max-age=6000 accept-ranges bytes content-length 687174 x-amz-cf-id WDSsuofIm9OtWmCHZlb0J_M7wfCRZjaPBl5JskFya1gLmkr2LuNAPw==
GET H2	200	gymdrop_update.png www.threatfabric.com/assets/images/blog/droppers/	295 KB 296 KB	791ms 789ms	Image image/png	99.84.238.92 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.threatfabric.com/assets/images/blog/droppers/gymdrop_update.png Requested by Host: www.threatfabric.com URL: https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.238.92 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-238-92.sfo5.r.cloudfront.net Software AmazonS3 / Resource Hash 164bbc8c87088522063fd5057a7c66e15aa6146945b8ddf90d09615c428d2495 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 06 Dec 2021 15:22:59 GMT via 1.1 6328d32449cd285f3f7c7b3c41dbe9ad.cloudfront.net (CloudFront) last-modified Mon, 29 Nov 2021 12:57:42 GMT server AmazonS3 x-amz-cf-pop SFO5-C3 etag "f4147935473f8806a966e83f034795db" x-cache RefreshHit from cloudfront content-type image/png cache-control max-age=6000 accept-ranges bytes content-length 301992 x-amz-cf-id ubMfEFDQssjtSD96dmZmF_aONsd0MRyoU6IGlt2tpsnXLYP657RuUQ==
GET H2	200	gymdrop_filtering.png www.threatfabric.com/assets/images/blog/droppers/	257 KB 257 KB	791ms 789ms	Image image/png	99.84.238.92 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.threatfabric.com/assets/images/blog/droppers/gymdrop_filtering.png Requested by Host: www.threatfabric.com URL: https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.238.92 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-238-92.sfo5.r.cloudfront.net Software AmazonS3 / Resource Hash d325f778e88bc1b379ae87e3a5087d242e8de11af38c55b6e84d55e4b004689a Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 06 Dec 2021 15:22:59 GMT via 1.1 6328d32449cd285f3f7c7b3c41dbe9ad.cloudfront.net (CloudFront) last-modified Mon, 29 Nov 2021 12:57:42 GMT server AmazonS3 x-amz-cf-pop SFO5-C3 etag "9f08362e08cd112eaed7b3d719ddceaf" x-cache RefreshHit from cloudfront content-type image/png cache-control max-age=6000 accept-ranges bytes content-length 262951 x-amz-cf-id gLbsjXGcT53yMMOn0WNkq5QpjonVZM1O1ZhcLLqQ6iEVlyjd8gHzFA==
GET H2	200	alien_installation.png www.threatfabric.com/assets/images/blog/droppers/	329 KB 330 KB	737ms 736ms	Image image/png	99.84.238.92 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.threatfabric.com/assets/images/blog/droppers/alien_installation.png Requested by Host: www.threatfabric.com URL: https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.238.92 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-238-92.sfo5.r.cloudfront.net Software AmazonS3 / Resource Hash 29e70ea8efe9eda78592c2787a346e89363afc0f4cd94a72b03f883dc52bc50c Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 06 Dec 2021 15:22:59 GMT via 1.1 6328d32449cd285f3f7c7b3c41dbe9ad.cloudfront.net (CloudFront) last-modified Mon, 29 Nov 2021 12:57:42 GMT server AmazonS3 x-amz-cf-pop SFO5-C3 etag "7e62d8c376a46fc5b4db40b7081d26c1" x-cache RefreshHit from cloudfront content-type image/png cache-control max-age=6000 accept-ranges bytes content-length 336966 x-amz-cf-id MDjLfwlWXl796dByRfFN1xwPW6_ApCiopxzxsLl8FjYNe2sFxDWeLw==
GET H2	200	alien_campaigns.png www.threatfabric.com/assets/images/blog/droppers/	425 KB 426 KB	2567ms 2566ms	Image image/png	99.84.238.92 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.threatfabric.com/assets/images/blog/droppers/alien_campaigns.png Requested by Host: www.threatfabric.com URL: https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.238.92 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-238-92.sfo5.r.cloudfront.net Software AmazonS3 / Resource Hash e349ef316fc7d187cf70ccf6a683f54fdf03a2e94f87dad21a39d6fa2b9042b2 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 06 Dec 2021 15:22:59 GMT via 1.1 6328d32449cd285f3f7c7b3c41dbe9ad.cloudfront.net (CloudFront) last-modified Mon, 29 Nov 2021 12:57:42 GMT server AmazonS3 x-amz-cf-pop SFO5-C3 etag "ff52e08b8c9e046187b273f4dc832f07" x-cache RefreshHit from cloudfront content-type image/png cache-control max-age=6000 accept-ranges bytes content-length 435526 x-amz-cf-id RAomGFmrWlOdEfrRwNQ0ReRN6ODt4s9b8Zs2dSe1V36qhTyre-veQg==
GET H2	200	timeline.png www.threatfabric.com/assets/images/blog/droppers/	188 KB 188 KB	2016ms 2015ms	Image image/png	99.84.238.92 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://www.threatfabric.com/assets/images/blog/droppers/timeline.png Requested by Host: www.threatfabric.com URL: https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.238.92 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-238-92.sfo5.r.cloudfront.net Software AmazonS3 / Resource Hash 3a1d44e2418104498d093ff8972d5a065afe53b2b05c3c7e2aba0e321d76535a Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 06 Dec 2021 15:22:59 GMT via 1.1 6328d32449cd285f3f7c7b3c41dbe9ad.cloudfront.net (CloudFront) last-modified Mon, 29 Nov 2021 12:57:42 GMT server AmazonS3 x-amz-cf-pop SFO5-C3 etag "1df2ed375f1d69d3849033d9a5b4bda2" x-cache RefreshHit from cloudfront content-type image/png cache-control max-age=6000 accept-ranges bytes content-length 192319 x-amz-cf-id NMouO3xakj2yhAp4JT8G7uj7rH9KY8PFf2h3iQ4gOd83Slu2MnV42A==
GET H2	200	scripts.js Show response www.threatfabric.com/assets/js/	4 KB 2 KB	618ms 618ms	Script application/javascript	99.84.238.92 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.threatfabric.com/assets/js/scripts.js Requested by Host: www.threatfabric.com URL: https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.238.92 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-238-92.sfo5.r.cloudfront.net Software AmazonS3 / Resource Hash 41691a59fc71a09c6285502112341cb34840a27c0d36728b27f8ea83c0a30464 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://www.threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 06 Dec 2021 15:22:58 GMT content-encoding gzip last-modified Thu, 22 Apr 2021 11:49:26 GMT server AmazonS3 x-amz-cf-pop SFO5-C3 etag "2d56b08de7c911fd2034bacbff49e6a6" x-cache Hit from cloudfront content-type application/javascript via 1.1 6328d32449cd285f3f7c7b3c41dbe9ad.cloudfront.net (CloudFront) cache-control max-age=6000 accept-ranges bytes content-length 1383 x-amz-cf-id w6ItdLSmuenB3s09DrPirrA7QB7GZuyDTNs-pm_zffkSoSpTs5XLtQ==
GET H2	200	nKKU-Go6G5tXcr4-ORWnVaE.woff2 fonts.gstatic.com/s/kanit/v7/	18 KB 19 KB	78ms 2ms	Font font/woff2	2404:6800:4004:825::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/kanit/v7/nKKU-Go6G5tXcr4-ORWnVaE.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Kanit:wght@100;200;300;400&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:825::2003 , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 4cf3ccdaa22b37724649b4c2a0b37ac8122dbb811ee64cec167b6cdebddc3f08 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.threatfabric.com Accept-Language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Wed, 01 Dec 2021 15:14:46 GMT x-content-type-options nosniff age 432492 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 18824 x-xss-protection 0 last-modified Tue, 01 Sep 2020 05:19:22 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Thu, 01 Dec 2022 15:14:46 GMT
GET H2	200	nKKX-Go6G5tXcr72KwKAcA.woff2 fonts.gstatic.com/s/kanit/v7/	18 KB 18 KB	80ms 5ms	Font font/woff2	2404:6800:4004:825::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/kanit/v7/nKKX-Go6G5tXcr72KwKAcA.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Kanit:wght@100;200;300;400&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:825::2003 , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 3721bb11f2fa3b60831d7596be0f80999a1a49e821ee3faf708ae0dccaea107b Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.threatfabric.com Accept-Language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Wed, 01 Dec 2021 15:37:37 GMT x-content-type-options nosniff age 431121 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 18264 x-xss-protection 0 last-modified Tue, 01 Sep 2020 05:15:03 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Thu, 01 Dec 2022 15:37:37 GMT
GET H2	200	nKKU-Go6G5tXcr5aOhWnVaE.woff2 fonts.gstatic.com/s/kanit/v7/	18 KB 18 KB	78ms 3ms	Font font/woff2	2404:6800:4004:825::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/kanit/v7/nKKU-Go6G5tXcr5aOhWnVaE.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Kanit:wght@100;200;300;400&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:825::2003 , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash d6e88a159986d6bffc99bb0033c2c3c34147ba0e83ded7d1acb19a5227651823 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.threatfabric.com Accept-Language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Tue, 30 Nov 2021 19:06:37 GMT x-content-type-options nosniff age 504981 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 18688 x-xss-protection 0 last-modified Tue, 01 Sep 2020 05:26:50 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Wed, 30 Nov 2022 19:06:37 GMT
GET H2	200	nKKZ-Go6G5tXcraVGwA.woff2 fonts.gstatic.com/s/kanit/v7/	19 KB 19 KB	79ms 4ms	Font font/woff2	2404:6800:4004:825::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/kanit/v7/nKKZ-Go6G5tXcraVGwA.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Kanit:wght@100;200;300;400&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:825::2003 , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash d522ceba20f12d2594bca7ab06bc6cc877e8ee1c5d94c2ae3c3af0d90c38ccc6 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.threatfabric.com Accept-Language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Wed, 01 Dec 2021 15:20:35 GMT x-content-type-options nosniff age 432143 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 19040 x-xss-protection 0 last-modified Tue, 01 Sep 2020 05:14:17 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Thu, 01 Dec 2022 15:20:35 GMT
GET H2	200	nKKU-Go6G5tXcr5aOhWpVaF5NQ.woff2 fonts.gstatic.com/s/kanit/v7/	18 KB 18 KB	48ms 4ms	Font font/woff2	2404:6800:4004:825::2003 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://fonts.gstatic.com/s/kanit/v7/nKKU-Go6G5tXcr5aOhWpVaF5NQ.woff2 Requested by Host: fonts.googleapis.com URL: https://fonts.googleapis.com/css2?family=Kanit:wght@100;200;300;400&display=swap Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:825::2003 , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash 63180d29bd00c6bc1fd5a05972be9b8d43936016d1cfabb02d37ef6103cb9b11 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers Referer https://fonts.googleapis.com/ Origin https://www.threatfabric.com Accept-Language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Sun, 05 Dec 2021 13:10:17 GMT x-content-type-options nosniff age 94361 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 18760 x-xss-protection 0 last-modified Tue, 01 Sep 2020 05:13:18 GMT server sffe report-to {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]} content-type font/woff2 access-control-allow-origin * cache-control public, max-age=31536000 accept-ranges bytes timing-allow-origin * cross-origin-opener-policy-report-only same-origin; report-to="apps-themes" expires Mon, 05 Dec 2022 13:10:17 GMT
GET H2	200	js Show response www.googletagmanager.com/gtag/	90 KB 36 KB	119ms 44ms	Script application/javascript	2404:6800:4004:811::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=UA-118966954-1 Requested by Host: www.threatfabric.com URL: https://www.threatfabric.com/assets/js/scripts.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:811::2008 , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 8691681f7bce57c4892d4c3d0082d2d1309c017f70eddb06489923a16a923fd4 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://www.threatfabric.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 06 Dec 2021 15:22:58 GMT content-encoding br vary Accept-Encoding cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 36172 x-xss-protection 0 last-modified Mon, 06 Dec 2021 15:00:00 GMT server Google Tag Manager strict-transport-security max-age=31536000; includeSubDomains content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Mon, 06 Dec 2021 15:22:58 GMT
GET H2	200	Nucleo.woff2 www.threatfabric.com/assets/icons/fonts/	4 KB 4 KB	2067ms 2067ms	Font application/octet-stream	99.84.238.92 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://www.threatfabric.com/assets/icons/fonts/Nucleo.woff2 Requested by Host: www.threatfabric.com URL: https://www.threatfabric.com/assets/css/style.css?v=1638184224 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 99.84.238.92 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-99-84-238-92.sfo5.r.cloudfront.net Software AmazonS3 / Resource Hash 2f4fc4704e44ba1c6000615b6c45005d91fe6f608cc0059368506de0e11587b1 Request headers Referer https://www.threatfabric.com/assets/css/style.css?v=1638184224 Origin https://www.threatfabric.com Accept-Language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers date Mon, 06 Dec 2021 15:23:00 GMT via 1.1 6328d32449cd285f3f7c7b3c41dbe9ad.cloudfront.net (CloudFront) last-modified Thu, 22 Apr 2021 11:49:26 GMT server AmazonS3 x-amz-cf-pop SFO5-C3 etag "159d872ab422068e7bb7e46a67171200" x-cache RefreshHit from cloudfront content-type application/octet-stream cache-control max-age=6000 accept-ranges bytes content-length 3992 x-amz-cf-id Vu-6Aqu1l0O_oV6tz2_TcestDiyITL_tuaiQ1MjhlVQRUPkbwdOxMA==
GET H2	200	analytics.js Show response www.google-analytics.com/	49 KB 20 KB	41ms 2ms	Script text/javascript	2404:6800:4004:80c::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=UA-118966954-1 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:80c::200e , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210 Security Headers Name Value Strict-Transport-Security max-age=10886400; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language jp-JP,jp;q=0.9 Referer https://www.threatfabric.com/ User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Response headers strict-transport-security max-age=10886400; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff last-modified Tue, 02 Nov 2021 17:39:06 GMT server Golfe2 age 5951 date Mon, 06 Dec 2021 13:43:47 GMT vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 20006 expires Mon, 06 Dec 2021 15:43:47 GMT
POST H2	200	collect Show response www.google-analytics.com/j/	1 B 209 B	36ms 36ms	XHR text/plain	2404:6800:4004:80c::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j96&a=2067944540&t=pageview&_s=1&dl=https%3A%2F%2Fwww.threatfabric.com%2Fblogs%2Fdeceive-the-heavens-to-cross-the-sea.html&ul=en-us&de=UTF-8&dt=Deceive%20the%20Heavens%20to%20Cross%20the%20sea%20%E2%80%94%20ThreatFabric&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1613577845&gjid=1469536409&cid=2087055846.1638804179&tid=UA-118966954-1&_gid=699242737.1638804179&_r=1&gtm=2ouc10&z=1812319958 Requested by Host: www.google-analytics.com URL: https://www.google-analytics.com/analytics.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2404:6800:4004:80c::200e , Australia, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b Security Headers Name Value X-Content-Type-Options nosniff Request headers Referer https://www.threatfabric.com/ Accept-Language jp-JP,jp;q=0.9 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Mon, 06 Dec 2021 15:22:58 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://www.threatfabric.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43" content-length 1 expires Fri, 01 Jan 1990 00:00:00 GMT

14 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler object| api-keys function| initMap object| dataLayer object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData

3 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			.threatfabric.com/	1970-01-20 16:44:36	Name: _ga Value: GA1.2.2087055846.1638804179
			.threatfabric.com/	1970-01-19 23:14:50	Name: _gid Value: GA1.2.699242737.1638804179
			.threatfabric.com/	1970-01-19 23:13:24	Name: _gat_gtag_UA_118966954_1 Value: 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

fonts.googleapis.com
fonts.gstatic.com
www.google-analytics.com
www.googletagmanager.com
www.threatfabric.com
2404:6800:4004:80c::200a
2404:6800:4004:80c::200e
2404:6800:4004:811::2008
2404:6800:4004:825::2003
99.84.238.92
164bbc8c87088522063fd5057a7c66e15aa6146945b8ddf90d09615c428d2495
191ae9510fb8cfe2a209f6c2401c3475d5f726f0112dd14c2d37a0d31865e7a4
2239efa39b2b69c2d0d883839845d77f882b3be661dde70df89f78b34924c5f4
29e70ea8efe9eda78592c2787a346e89363afc0f4cd94a72b03f883dc52bc50c
2a9aa62f1cb2d7c50a1d8698045229be80f7606a30db8587b0c246024f4db336
2beaffdf5451bb24dd5f08660dee134fea5dd18b37a04f151ea56b60a6a9d2f5
2f4fc4704e44ba1c6000615b6c45005d91fe6f608cc0059368506de0e11587b1
3721bb11f2fa3b60831d7596be0f80999a1a49e821ee3faf708ae0dccaea107b
381dc1970e562b0a12ff0be0b22bb5be76af2645ede3d438b3d8d7b942db0de3
3a1d44e2418104498d093ff8972d5a065afe53b2b05c3c7e2aba0e321d76535a
41691a59fc71a09c6285502112341cb34840a27c0d36728b27f8ea83c0a30464
47d7b0c3d3b9e7940546071146dbd97ae1ebc530f505043804711d627d23d32a
4cf3ccdaa22b37724649b4c2a0b37ac8122dbb811ee64cec167b6cdebddc3f08
5dd271f1a1fcd7018797fcd532679ce04239d0e995a8448f8c70aa2af1cbaf6f
63180d29bd00c6bc1fd5a05972be9b8d43936016d1cfabb02d37ef6103cb9b11
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
74d4fc3967caa42db92a21b693fdf0d5da5e4e39a548bfa819e8ce3899b80bf0
7d9d8fe5082d660c653022d61e40481504d23e9f5f62dbe564d26491560467f8
83d3a74065f0392803bc1646b5789bc43fa17ad65f06a1259de37c355c503372
8691681f7bce57c4892d4c3d0082d2d1309c017f70eddb06489923a16a923fd4
940306309004c11651faa890afa7e9337c7b66d63a8555e28ef41467c28a876d
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a2b97412c63a9972ed40eca5861a2aacc03ce00f9c483914cc658bbf8521dad1
c7f4006bee20f30d4ede342e640f93119e313a603227db071e04ebb025e2f636
ce936b2493d40dcd5e4bd30d0092f686eff3fd86c7b09cc6df0758bff270056d
d325f778e88bc1b379ae87e3a5087d242e8de11af38c55b6e84d55e4b004689a
d522ceba20f12d2594bca7ab06bc6cc877e8ee1c5d94c2ae3c3af0d90c38ccc6
d6e88a159986d6bffc99bb0033c2c3c34147ba0e83ded7d1acb19a5227651823
dd7443543c61020df859556302ec632f42da56b9a90e01e8012818b16f17cbea
e082d568fb44df37fa453a514a8e553c889abe144c5c73866c1f020e4ccfbc49
e349ef316fc7d187cf70ccf6a683f54fdf03a2e94f87dad21a39d6fa2b9042b2
e35f6345bf90a5fd6a9560f42ea23874122e52957c67c66b8b7e64b993e4aebb
e63ac5b640de13e7c614a32b8fbc59e4fb92a409b30b45ed850fcaab1278b970
e8cf2a65d03d7f8733bc57e909a2461199a3b93bb1941969ccbe86bc95393db4
ea0fabaf1ffa9551ce2679d054dddabc56c68241de68fa4062402276c118fe37
f69f5783f3beaf6b93ccd4aa962d6fe6062701c632c3590f1c441dc5302285a8