urlscan.io logo urlscan.io
SecurityTrails logo

www.threatfabric.com Open in urlscan Pro
2606:2c40::c73c:67fe  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Submission: On November 07 via api from TR — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 17 IPs in 2 countries across 18 domains to perform 67 HTTP transactions. The main IP is 2606:2c40::c73c:67fe, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.threatfabric.com.
TLS certificate: Issued by GTS CA 1P5 on September 17th 2023. Valid for: 3 months.
This is the only time www.threatfabric.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
27 2606:2c40::c7... 209242 (CLOUDFLAR...)
6 2606:4700::68... 13335 (CLOUDFLAR...)
3 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
2 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a02:26f0:480... 20940 (AKAMAI-ASN1)
5 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
5 2606:4700:440... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2001:4860:480... 15169 (GOOGLE)
4 4 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
4 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
67 17
27    2606:2c40::c73c:67fe (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)
www.threatfabric.com
6    2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
3    2606:4700::6810:6fd1 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn2.hubspot.net
1    2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2606:4700::6811:c060 (United States)

ASN13335 (CLOUDFLARENET, US)
static.hsappstatic.net
1    2606:4700::6810:bb59 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-scripts.com
2    2a02:26f0:480:f::213:7ec6 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
5    2606:4700::6813:9a53 (United States)

ASN13335 (CLOUDFLARENET, US)
app.hubspot.com
js.hubspot.com
cta-service-cms2.hubspot.com
track.hubspot.com
1    2606:4700::6810:50ba (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-analytics.net
2    2606:4700::6811:589a (United States)

ASN13335 (CLOUDFLARENET, US)
js.hscollectedforms.net
forms.hscollectedforms.net
5    2606:4700:4400::6812:22e5 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-banner.com
1    2606:4700::6811:e3a3 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hsadspixel.net
1    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.google-analytics.com
4    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
www.linkedin.com
1    13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px4.ads.linkedin.com
4    2606:4700::6811:af5d (United States)

ASN13335 (CLOUDFLARENET, US)
threatfabric-6701575.hs-sites.com
2    2606:4700::6811:eff9 (United States)

ASN13335 (CLOUDFLARENET, US)
perf-na1.hsforms.com
Apex Domain
Subdomains		 Transfer
27 threatfabric.com
www.threatfabric.com
1 MB
6 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 223
64 KB
5 hs-banner.com
js.hs-banner.com — Cisco Umbrella Rank: 2155
382 KB
5 hubspot.com
app.hubspot.com — Cisco Umbrella Rank: 5456
js.hubspot.com — Cisco Umbrella Rank: 5485
cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 5222
track.hubspot.com — Cisco Umbrella Rank: 2298
35 KB
5 linkedin.com
platform.linkedin.com Failed
px.ads.linkedin.com — Cisco Umbrella Rank: 377
www.linkedin.com — Cisco Umbrella Rank: 629
px4.ads.linkedin.com — Cisco Umbrella Rank: 6003
5 KB
4 hs-sites.com
threatfabric-6701575.hs-sites.com
60 KB
3 hubspot.net
cdn2.hubspot.net — Cisco Umbrella Rank: 8342
4 KB
2 hsforms.com
perf-na1.hsforms.com — Cisco Umbrella Rank: 5955
2 KB
2 hscollectedforms.net
js.hscollectedforms.net — Cisco Umbrella Rank: 4607
forms.hscollectedforms.net — Cisco Umbrella Rank: 4689
26 KB
2 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 778
7 KB
2 hsappstatic.net
static.hsappstatic.net — Cisco Umbrella Rank: 5567
11 KB
1 google-analytics.com
region1.google-analytics.com — Cisco Umbrella Rank: 2462
257 B
1 hsadspixel.net
js.hsadspixel.net — Cisco Umbrella Rank: 3050
4 KB
1 hs-analytics.net
js.hs-analytics.net — Cisco Umbrella Rank: 2150
21 KB
1 hs-scripts.com
js.hs-scripts.com — Cisco Umbrella Rank: 2386
1 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 35
80 KB
0 twitter.com Failed
platform.twitter.com Failed
0 facebook.net Failed
connect.facebook.net Failed
67 18
Domain Requested by
27 www.threatfabric.com www.threatfabric.com
threatfabric-6701575.hs-sites.com
6 cdnjs.cloudflare.com www.threatfabric.com
5 js.hs-banner.com js.hs-scripts.com
js.hs-banner.com
www.threatfabric.com
4 threatfabric-6701575.hs-sites.com js.hubspot.com
www.threatfabric.com
threatfabric-6701575.hs-sites.com
3 px.ads.linkedin.com 3 redirects
3 cdn2.hubspot.net www.threatfabric.com
threatfabric-6701575.hs-sites.com
2 perf-na1.hsforms.com www.threatfabric.com
2 js.hubspot.com js.hs-scripts.com
threatfabric-6701575.hs-sites.com
2 snap.licdn.com www.threatfabric.com
snap.licdn.com
2 static.hsappstatic.net www.threatfabric.com
threatfabric-6701575.hs-sites.com
1 track.hubspot.com
1 forms.hscollectedforms.net js.hscollectedforms.net
1 cta-service-cms2.hubspot.com js.hubspot.com
1 px4.ads.linkedin.com www.threatfabric.com
1 www.linkedin.com 1 redirects
1 region1.google-analytics.com www.googletagmanager.com
1 js.hsadspixel.net js.hs-scripts.com
1 js.hscollectedforms.net js.hs-scripts.com
1 js.hs-analytics.net js.hs-scripts.com
1 app.hubspot.com www.threatfabric.com
1 js.hs-scripts.com www.threatfabric.com
1 www.googletagmanager.com www.threatfabric.com
0 platform.twitter.com Failed www.threatfabric.com
0 connect.facebook.net Failed www.threatfabric.com
0 platform.linkedin.com Failed www.threatfabric.com
67 25

This site contains links to these domains. Also see Links.

Domain
www.linkedin.com
twitter.com
Subject Issuer Validity Valid
www.threatfabric.com
GTS CA 1P5		 2023-09-17 -
2023-12-16		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-07-03 -
2024-07-02		 a year crt.sh
hubspot.net
Cloudflare Inc ECC CA-3		 2023-04-06 -
2024-04-05		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-10-16 -
2024-01-08		 3 months crt.sh
hsappstatic.net
Cloudflare Inc ECC CA-3		 2023-04-10 -
2024-04-09		 a year crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA		 2023-02-01 -
2024-01-31		 a year crt.sh
hubspot.com
Cloudflare Inc ECC CA-3		 2023-02-05 -
2024-02-05		 a year crt.sh
hs-sites.com
Cloudflare Inc ECC CA-3		 2023-04-10 -
2024-04-09		 a year crt.sh

This page contains 2 frames:

Primary Page: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Frame ID: 544ED2717AF6B3B2A0B1AFC9136456CC
Requests: 58 HTTP requests in this frame

Frame: https://threatfabric-6701575.hs-sites.com/hs-web-interactive-6701575-139494617102
Frame ID: 4BE6D0274A2D4F4B8ABFE489A00375F6
Requests: 8 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Bypassing Android 13 Restrictions with SecuriDropper

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
  • (?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • js\.hs-analytics\.net/analytics
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Overall confidence: 100%
Detected patterns
  • jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

67
Requests

94 %
HTTPS

94 %
IPv6

18
Domains

25
Subdomains

17
IPs

2
Countries

1941 kB
Transfer

3252 kB
Size

11
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 48
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3969834&time=1699323053268&url=https%3A%2F%2Fwww.threatfabric.com%2Fblogs%2Fdroppers-bypassing-android-13-restrictions HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3969834&time=1699323053268&url=https%3A%2F%2Fwww.threatfabric.com%2Fblogs%2Fdroppers-bypassing-android-13-restrictions&cookiesTest=true HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3969834%26time%3D1699323053268%26url%3Dhttps%253A%252F%252Fwww.threatfabric.com%252Fblogs%252Fdroppers-bypassing-android-13-restrictions%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3969834&time=1699323053268&url=https%3A%2F%2Fwww.threatfabric.com%2Fblogs%2Fdroppers-bypassing-android-13-restrictions&cookiesTest=true&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3969834&time=1699323053268&url=https%3A%2F%2Fwww.threatfabric.com%2Fblogs%2Fdroppers-bypassing-android-13-restrictions&cookiesTest=true&liSync=true&e_ipv6=AQJ1UC7tmpw6QwAAAYunjAdQx5Xgxf0htnqGNYqQYoiI4_zjr0OXCjviNDH1zSW-XVCDqrYBWE3A

67 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request droppers-bypassing-android-13-restrictions
www.threatfabric.com/blogs/ 		62 KB
18 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
da2bc945387c1c0a90d26398a695c73ad21b5c258c4835746e9f09401feb3001
Security Headers
Name Value
Content-Security-Policy default-src 'self' static.hsappstatic.net; script-src 'self' 'unsafe-inline' *.hubspot.com cdnjs.cloudflare.com *.hubspot.net *.hs-scripts.com *.hubspotfeedback.com www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com static.hsappstatic.net *.hs-banner.com *.hs-analytics.net *.hsadspixel.net js.hscta.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.com *.hsforms.net feedback.hubapi.com *.usemessages.com snap.licdn.com *.doubleclick.net; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.hubspot.net static.hsappstatic.net fonts.googleapis.com; img-src 'self' data: *.hubspot.com *.hubspot.net static.hsappstatic.net *.hsforms.com *.hsforms.net js.hscta.net *.linkedin.com www.google.com maps.gstatic.com maps.googleapis.com; font-src 'self' cdnjs.cloudflare.com *.hs-banner.com fonts.gstatic.com; connect-src 'self' *.hubspot.com *.hubapi.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com js.hscta.net *.google-analytics.com www.google.com maps.googleapis.com *.doubleclick.net; child-src 'self' *.hsforms.com; frame-src 'self' *.hubspot.com *.hubspot.net *.hs-sites.com *.hsforms.com *.hsforms.net play.hubspotvideo.com www.google.com; frame-ancestors 'self'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400
cache-control
s-maxage=10800, max-age=0
cf-ray
82220ad71c3b3631-FRA
content-encoding
br
content-security-policy
default-src 'self' static.hsappstatic.net; script-src 'self' 'unsafe-inline' *.hubspot.com cdnjs.cloudflare.com *.hubspot.net *.hs-scripts.com *.hubspotfeedback.com www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com static.hsappstatic.net *.hs-banner.com *.hs-analytics.net *.hsadspixel.net js.hscta.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.com *.hsforms.net feedback.hubapi.com *.usemessages.com snap.licdn.com *.doubleclick.net; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.hubspot.net static.hsappstatic.net fonts.googleapis.com; img-src 'self' data: *.hubspot.com *.hubspot.net static.hsappstatic.net *.hsforms.com *.hsforms.net js.hscta.net *.linkedin.com www.google.com maps.gstatic.com maps.googleapis.com; font-src 'self' cdnjs.cloudflare.com *.hs-banner.com fonts.gstatic.com; connect-src 'self' *.hubspot.com *.hubapi.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com js.hscta.net *.google-analytics.com www.google.com maps.googleapis.com *.doubleclick.net; child-src 'self' *.hsforms.com; frame-src 'self' *.hubspot.com *.hubspot.net *.hs-sites.com *.hsforms.com *.hsforms.net play.hubspotvideo.com www.google.com; frame-ancestors 'self'; upgrade-insecure-requests
content-type
text/html; charset=UTF-8
date
Tue, 07 Nov 2023 02:10:52 GMT
edge-cache-tag
CT-104395289364,CT-104409191736,CT-104889774686,CT-139498405777,CG-101307487134,CG-6701575,P-6701575,CW-101038360946,CW-101039839309,CW-102233451816,CW-102407694414,E-100565705870,E-100565738928,E-100565906251,E-100565938482,E-100565944445,E-100566507657,E-101038360928,E-101040014386,E-101040140217,E-101294760764,E-101294760784,E-101312928029,MENU-101041626940,MENU-110583778143,PGS-ALL,SW-2,B-101307487134,GC-101041468817,GC-101042470934,GC-101758895261,GC-101962663308,TS-101040118157
etag
W/"af5e54e879f787beed19864c7809da0e"
last-modified
Tue, 07 Nov 2023 00:28:54 GMT
link
</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy
no-referrer-when-downgrade
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7JvvEPaWKuAzN%2FZDIv%2BHSEhLIapOKknxM6n21FMnQl%2BhMhjsEj22HP%2FqTTuTKc4iFjoK%2BS7Q9T0V5s5myB28Q80puqxwyKyCMZIg8sg7BkP1KVYRNKo7FbxezyVff6BeCsG9ywNzujtZG%2F3N1jhLc4ff"}],"group":"cf-nel","max_age":604800}
server
cloudflare
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-hs-cache-config
BrowserCache-5s-EdgeCache-180s
x-hs-cache-control
s-maxage=10800, max-age=0
x-hs-cf-cache-status
HIT
x-hs-content-id
139498405777
x-hs-https-only
worker
x-hs-hub-id
6701575
x-hs-prerendered
Tue, 07 Nov 2023 00:28:54 GMT
project.js
www.threatfabric.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.threatfabric.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 02:10:52 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 f7b7cf90592cf6a380fd34cc45e9c4b4.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
602166
x-amz-cf-pop
FRA50-C1
x-amz-server-side-encryption
AES256
x-amz-version-id
P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
content-encoding
br
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 09 Nov 2021 16:12:42 GMT
server
cloudflare
etag
W/"61ca66de658cab9587e4636894680d5d"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RJEIJrzsu%2BeYnYNf5l26jFT4trpxksZCareGR4MWaBijDE8hJ%2FwWpgTeRXs3uO%2F%2FhwIItDq%2ByKDHnvxrjVm5aBZR%2FXCq865khMy3Pr0n%2BhaCl4lokXy0apDHvBElKMt3Usgim6zYayz%2FYGg4V2XIelM2"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
82220ad85ce23631-FRA
x-amz-cf-id
tyTcy9dgKTSNID40zzq7pAE5RO6j0NXSyXm_SEcHdFKq3bYxrnlF3A==
expires
Wed, 06 Nov 2024 02:10:52 GMT
100.woff2
www.threatfabric.com/_hcms/googlefonts/Kanit/ 		25 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.threatfabric.com/_hcms/googlefonts/Kanit/100.woff2
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fa7fe4fd0aef1b94a3910f43b99060d1fcf2b12302726c4f52146ca1f613e516
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Origin
https://www.threatfabric.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires
Tue, 21 Nov 2023 02:10:52 GMT
date
Tue, 07 Nov 2023 02:10:52 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 ca339b9e98820e424be1609317fd0314.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-amz-cf-pop
FRA56-P7
x-amz-request-id
TANH0XVPZM95WRC6
x-amz-server-side-encryption
AES256
x-amz-version-id
Ex_PSmZfVx9KiCmfDr58lb1Qor1iW7rw
x-cache
Miss from cloudfront
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 2
alt-svc
h3=":443"; ma=86400
content-length
25596
x-amz-id-2
w1rH9kBaNDL89QEnd+SR6L3W0IQyCxpOki+NpN1KB8MrGFHTC8EOWFftKbiD8PRKj/ZpLGIymxBBUfn+1Ap47D/a+mH5ZI93ma8pGeHuVyI=
last-modified
Tue, 12 Sep 2023 20:06:52 GMT
server
cloudflare
etag
"bd6ef5dfe3fb409deb99fd2dfa07649a"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
font/woff2
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Cg%2Frxby0uo2YfKCOMoafeTuk8U8kHG1D4cWAQRoTVRsIYoVuNPCit3hLzrZ38L8IVysFtsvN737RBoQIu0ghk4TZgISqgS5IwV80qGjBMFz29BCJhropfuOmGvahiRhPJh6SZWnvGPAUXwuzqg1i3ozw"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=1209600
accept-ranges
bytes
cf-ray
82220ad86cea3631-FRA
x-amz-cf-id
Vh4M-4vnW_uamTc5TIpqOCBmSm_oni4afGS-gaNVVpppqLC45oHKDw==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 2
regular.woff2
www.threatfabric.com/_hcms/googlefonts/Kanit/ 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.threatfabric.com/_hcms/googlefonts/Kanit/regular.woff2
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b023c3b26ca69356ad0aa6b6296d5e6a337ec10ca1f8275483437202a03c381c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Origin
https://www.threatfabric.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires
Tue, 21 Nov 2023 02:10:53 GMT
date
Tue, 07 Nov 2023 02:10:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 4b69099d64ffa1fbe8adbe1235065a14.cloudfront.net (CloudFront)
cf-cache-status
REVALIDATED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-amz-cf-pop
FRA56-P7
x-amz-request-id
GQGGJSGY448444W2
x-amz-server-side-encryption
AES256
x-amz-version-id
R8IBymNhr0oWzfN7i1miwZxu391_6F8B
x-cache
Miss from cloudfront
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 2
alt-svc
h3=":443"; ma=86400
content-length
26352
x-amz-id-2
faTATLvz2CE5m+0ac7J8Wl3Rb4ywW5CxtEmFawqqhbol/Z0paqbFVUOHCLh6TYqrfHxb7glKR7Y=
last-modified
Tue, 12 Sep 2023 20:06:55 GMT
server
cloudflare
etag
"d4d741d6401097b23f04835fd935ddb4"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
font/woff2
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=r2cCEIbgd%2B%2FNNCIxyztTJnyvY7Q5P94YBPPmK61fnoWC7qvQt%2FDf2MoSwTXTHnI9kSzfksNe8eGD%2Bysq1y%2Bunp2toPXBpxoPWkL%2BnRN7yMgOsiE3Ni90f0yYNBu6fQfZnOrSlHjf2mHLw9YSeGuDw%2Fhr"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=1209600
accept-ranges
bytes
cf-ray
82220ad86ceb3631-FRA
x-amz-cf-id
tVS2tCeO22H0_cxeEsE62_q5m_hVzDl5Gt8p1EtxzDNDWSUUvhCuug==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 2
200.woff2
www.threatfabric.com/_hcms/googlefonts/Kanit/ 		26 KB
27 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.threatfabric.com/_hcms/googlefonts/Kanit/200.woff2
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
0adb227efa2074c6ae2b5e686cf4d1949a6edfc05bd56fa81e34c9a2c69fb50a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Origin
https://www.threatfabric.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires
Tue, 21 Nov 2023 02:10:53 GMT
date
Tue, 07 Nov 2023 02:10:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 a5010656f4f762c0fdffac3448496b86.cloudfront.net (CloudFront)
cf-cache-status
REVALIDATED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-amz-cf-pop
FRA56-P7
x-amz-request-id
2MJQH8BY6X75ZVFP
x-amz-server-side-encryption
AES256
x-amz-version-id
.Y4_sica4_7w7dZrWB8zUo33LkbHGzIv
x-cache
RefreshHit from cloudfront
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
alt-svc
h3=":443"; ma=86400
content-length
26228
x-amz-id-2
OERQj6EB4G2GbaGgh1EFByjrBNETh7ogR/D3wNDOXFNOiFBx3CBcqlO0NKCSWCeKMQy826v78sM=
last-modified
Tue, 12 Sep 2023 20:07:00 GMT
server
cloudflare
etag
"a3acdea9b09d1ffdf16868a322d89c6c"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
font/woff2
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rbcr%2B3W9WFZqq7nMkKqMWine6KhvZ9TNSIbbwAXwHnkjTsu5l6OlhkjZjw6Xuy6YdTtxA7OPhBDkW4poJMrGG4kyakRcqrdbKcgZVJhgQ90UzdamtdO1Uev52X3Gx3uF4SaipsVz22LWUR2bm5oxHjcy"}],"group":"cf-nel","max_age":604800}
cache-control
public, max-age=1209600
accept-ranges
bytes
cf-ray
82220ad86ced3631-FRA
x-amz-cf-id
hP-GCNeb4F0-yF7Gc6M-z8vUg7HMVNbjykjrv8NL-zum5fJ1Oms6Ew==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
main.min.css
www.threatfabric.com/hs-fs/hub/6701575/hub_generated/template_assets/100565938482/1687936309181/Threatfabric_Hatch/css/ 		474 KB
65 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.threatfabric.com/hs-fs/hub/6701575/hub_generated/template_assets/100565938482/1687936309181/Threatfabric_Hatch/css/main.min.css
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
cb34d8636a245588609d628db0729f52b2528476f5ce3f45e53b1e5b6adacfbf
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
S0X56JBBVEKWRA69
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
PENDING
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"decd10dac8a8f3e2aa46aa1030041179"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1687936311454
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Tue, 07 Nov 2023 02:10:52 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 99baebf4b5bb631267dcfa82456151cc.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
i4DpTpospF0aY6gZISwtxNf0wz0dKvT8
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-cache
Miss from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
155
alt-svc
h3=":443"; ma=86400
x-amz-id-2
clniW8sfuXhf8aM44MViTFSJpQ3SfRpmrLnmKwwtGHb/tEfxWyLNwmJwm5YQ2Dy9pwGOUQZuZtE=
x-evy-trace-route-configuration
listener_https/all
x-request-id
cfffd8c9-d0a0-4e0c-bd01-a58ca4812cac
last-modified
Wed, 28 Jun 2023 07:11:52 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7adIFw9%2BNTT%2FboFj8lEYXalWwvgyQAtyxIwBXTfu6F39BEb%2FYsCFlrtS7hHFrygylkXZpxBz9sXjStxRXummv12lHn6jtN6M80Rg7St5mp2YuSWVagiA5X%2BXZUC%2BkeoiIbSn5d%2BDVXclfx9GbAS%2Foyiz"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-tfpt7
access-control-allow-credentials
false
cf-ray
82220ad85ce93631-FRA
x-amz-cf-id
wHSBCAJNr8n9P9w2vWRYcKtUhCN2odtDc4Vvjwd5TCWDFGapTaMT4Q==
child.min.css
www.threatfabric.com/hs-fs/hub/6701575/hub_generated/template_assets/101040140217/1690200714709/Threatfabric_Hatch/ 		18 KB
5 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.threatfabric.com/hs-fs/hub/6701575/hub_generated/template_assets/101040140217/1690200714709/Threatfabric_Hatch/child.min.css
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
4554c59ffaf9a86e08194f2af04f58a31cc3eff5fc829869cfcaf1b90e7fda5c
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
5WDWW27RB4081Y1Z
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
PENDING
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 2
x-evy-trace-listener
listener_https
etag
W/"375e2d364559758f00f4672f2337f027"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1690200715438
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 2
date
Tue, 07 Nov 2023 02:10:52 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 511745193044dd821565d8b363201e08.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
YHUGG0qRBVQlbkubNRJeOinKfbxX5XfR
x-amz-cf-pop
IAD55-P1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
73361ecc-d6c4-4b7c-af7a-060d416b205e
x-cache
Miss from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
153
alt-svc
h3=":443"; ma=86400
x-amz-id-2
hKOVw//rOnS8jKa21FT/2ZCZP+6PLsPfVvGSTUyHsoyVg85vzWRJ7mooAgqV06labA8SR3EWKd75bZuqTY3tAejJ/A281mml+iWB/YgVKEY=
x-evy-trace-route-configuration
listener_https/all
x-request-id
73361ecc-d6c4-4b7c-af7a-060d416b205e
last-modified
Mon, 24 Jul 2023 12:11:56 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3O0jDHGJGCS0uu0wN4u7%2BqPFdJWGedpKHhS0JgnmxjeHsjYi%2B4GMUEX7qLP5WDZQIFc3I2D4z0WZzGY7ja%2Fft0tdurFailg%2FLzDwY6UtRaiFpe8Wgh21lFQWS43kv0HngJhpgPi1xWDwfGVAC5L8m947"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-9xkdz
access-control-allow-credentials
false
cf-ray
82220ad86cef3631-FRA
x-amz-cf-id
h8hu2ymZ7TJkmosz_4y2i0Up6XRl4EhkkXw7mUovkK6JvFXaspPLbQ==
icons.css
www.threatfabric.com/hs-fs/hub/6701575/hub_generated/template_assets/101294760764/1688634016207/Threatfabric_Hatch/css/ 		8 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.threatfabric.com/hs-fs/hub/6701575/hub_generated/template_assets/101294760764/1688634016207/Threatfabric_Hatch/css/icons.css
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b754a50214c3af13ad5b80267b36a52a379030f4cdf28ea62bdc23121fb63963
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
ASMK73EE12PMX67X
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
PENDING
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"f485b62b545a7fcece25c8883be79caa"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1688634016207
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Tue, 07 Nov 2023 02:10:52 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 511745193044dd821565d8b363201e08.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
5nj8DyG_fzY9UD_XVa9rI2VVLKA_WOmB
x-amz-cf-pop
IAD55-P1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
e48d9046-cf95-4b33-afab-81294987c83c
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
140
alt-svc
h3=":443"; ma=86400
x-amz-id-2
+tFak3i9HdBs6rLZgsouhYOWGylnBjKE7edtvM3PFyqj1NST60YCtbbw8cRWyQWBu0UnS/OC55c=
x-evy-trace-route-configuration
listener_https/all
x-request-id
e48d9046-cf95-4b33-afab-81294987c83c
last-modified
Thu, 06 Jul 2023 09:00:17 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=F%2FYUS6wMo85uyG9SiBcZId4wdrZte8ZT9vgUOMXCkjjFWZKmAML0V%2FC2Kcw3vtQ6VUDwiBqy366C3M0OQU94xOpxIwrHWdDnzAHcT%2FkOeosSXsFIh%2BY5O2hOBqhYd%2FGFrfA3Q%2F1OXReC7pkkW7s13FF4"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-ph7zk
access-control-allow-credentials
false
cf-ray
82220ad86cf03631-FRA
x-amz-cf-id
mbIRjhSsdeV3o6QWE6_nchuebVLbQUQzSXBy9jVg7wf8Iv1FwKE4SQ==
nucleo.min.css
www.threatfabric.com/hs-fs/hub/6701575/hub_generated/template_assets/101294760784/1688634017698/Threatfabric_Hatch/css/ 		2 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.threatfabric.com/hs-fs/hub/6701575/hub_generated/template_assets/101294760784/1688634017698/Threatfabric_Hatch/css/nucleo.min.css
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
74c17452683150ad0f623fdd9a849ba85d73fb9d221cebe9aa11db52969dbe23
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
6SN1CYWR6DEYTBBN
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"49397c87250109646a57314c716d8517"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1688634018325
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Tue, 07 Nov 2023 02:10:52 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 b4f7307b0bd82e33fcc14ab1b84bcd7c.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
izNRL5rIQmPgjsTIc9ETzUXSIAYDVuDR
x-amz-cf-pop
IAD12-P2
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
e2310a41-cb8e-4987-a5d0-1ae18dfea9f9
x-cache
Miss from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
232
alt-svc
h3=":443"; ma=86400
x-amz-id-2
rdoIqToodeUcTRW3omyLpg3jLN/E4EWVJnerdIwS7JL8RGnKdfRniGqxk8nIuDCYKCDJrX4KjQY=
x-evy-trace-route-configuration
listener_https/all
x-request-id
e2310a41-cb8e-4987-a5d0-1ae18dfea9f9
last-modified
Thu, 06 Jul 2023 09:00:19 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=uwPMcxgzK9K4f5RkPr51927BBM65pjzK%2FwCAY8DBJI0DnYj%2BV2A2m%2FQwlAlu0UxfnI7I6SweZ3kxw6%2BMM2TmMGCEr8Q%2FVd15ZH6K%2BasY%2FzmBF7rgxHLe2Td5eFakESpdISL1LVI9PxWIGNntfBfl0zIO"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-6c8d5c7998-b6rgr
access-control-allow-credentials
false
cf-ray
82220ad86cf13631-FRA
x-amz-cf-id
A5wNf1K5KkS8Ef-MeigXzd_WEr-DUPtLNN9lOfFK8jQGBYVhOoAsMg==
all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/css/ 		58 KB
11 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/css/all.min.css
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
af1e6edc875a382b338bb25bd7c5c3f474a7f1b36212002a5896dd06f2186325
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 02:10:52 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
1483677
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
10491
last-modified
Mon, 05 Oct 2020 17:43:59 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5f7b5b5f-e7d0"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4tFpVqu0hZuJrMzzj0vKq1qyLI5sF6FZmei31C1YQJd%2BYqO3zd1Kyti6D10ArBIylOC2oFbqa7KswgGzVitHJtWEDQjkEepXnCIMf2kSps3QNapVF9hbzLZKKsJO2FY49g3TMehWXvhtIqgrRbYCubZG"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
82220ad87b749bce-FRA
expires
Sun, 27 Oct 2024 02:10:52 GMT
module_101038360946_Header.min.css
www.threatfabric.com/hs-fs/hub/6701575/hub_generated/module_assets/101038360946/1688634802882/ 		365 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.threatfabric.com/hs-fs/hub/6701575/hub_generated/module_assets/101038360946/1688634802882/module_101038360946_Header.min.css
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5172f440714da51e243a13e0f93911405618326b2013313b682caa428c47e6ef
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
1938
x-amz-request-id
BVYF0NC0PTBNX955
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"9256add48c317a196c6723f7f46739fd"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1688634802882
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Tue, 07 Nov 2023 02:10:52 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 148f45d892bd2198be5295012ed59888.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
gVyaXIU3JxB7cR9Hx9mqhXufUagRPpyd
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
ed929bce-af3e-44f6-b527-ca8a3691934e
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
106
alt-svc
h3=":443"; ma=86400
x-amz-id-2
DEE2E7jms38jt+B6W9yJtgQ3enq5P6WeQh5+dvuyEGsfHj1HTsTGh7qFwu5lIAuGXbslneOMHCY=
x-evy-trace-route-configuration
listener_https/all
x-request-id
ed929bce-af3e-44f6-b527-ca8a3691934e
last-modified
Thu, 06 Jul 2023 09:13:23 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=722vcRtBOdrRhv%2BpF2fphlPY84cDzcxKoQPx%2F%2FYC%2FlrPp3KUcvkfgjmJEAK%2FX4CaXlYn%2FIOCxn0DG1S4pYYPzoiy6OW2QXuec7x7XvhZlMApQ7Kepx6oWC%2B2JWSpYpPCN%2BRtTMfxly4FHitQj0niSJ5N"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-9xkdz
access-control-allow-credentials
false
cf-ray
82220ad86cf23631-FRA
x-amz-cf-id
ud1z3oEgYf6BqvTONg6H5GAlk_dxGifJ9C2prvo9F_zViWVMKVjXyw==
module_-2712622_Site_Search_Input.min.css
cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1699304503380/ 		612 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1699304503380/module_-2712622_Site_Search_Input.min.css
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6fd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
401925a1114f7003121630392768d35516be54a4028f01024528aeae99a45a56

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-encoding
br
age
18480
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
PENDING
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"c708989561e0cdbfcf996d1b7f47482c"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1699304503380
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Tue, 07 Nov 2023 02:10:52 GMT
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
c2ac505d-2fa1-41cd-b719-28fcd44e72dd
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
179
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
c2ac505d-2fa1-41cd-b719-28fcd44e72dd
last-modified
Mon, 06 Nov 2023 21:01:44 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gvQAYsQE8%2Fv5Cj1OBG4%2FsXQJE8QCqypjqpHNkgMzUaWodQZtr%2Fy1Y3L30nHhsvgFXoFg64iPQ3mjEk6W308h5PByxJT4oe8WgBAKL4bGAw1hZuKaO9AVEWb2zzUdhKoeZYXHJyi%2FHkUgOrfCPlA%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-cdn2-td/envoy-proxy-5745477c8b-fc8qf
cf-ray
82220ad88c5a5d61-FRA
module_102233451816_Blog_Post_01_-_Banner.min.css
www.threatfabric.com/hs-fs/hub/6701575/hub_generated/module_assets/102233451816/1694502536285/ 		208 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.threatfabric.com/hs-fs/hub/6701575/hub_generated/module_assets/102233451816/1694502536285/module_102233451816_Blog_Post_01_-_Banner.min.css
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
6685b4f71edb4ae81b8a710e36f8c794c3e731feeb17614e476daf056b06a824
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
MWWEPRQC3Y01X8RE
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
PENDING
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 2
x-evy-trace-listener
listener_https
etag
W/"835a1aea3731b5d0aa01d0cad90f4c2f"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1694502536285
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 2
date
Tue, 07 Nov 2023 02:10:52 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 3fad6888361bd8bcd9c5b458635f78d0.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
ssRnpRBke62diMBB.QBnNR1bBVg.nduX
x-amz-cf-pop
IAD61-P1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
55bd6141-eae1-47d0-bd15-059ed642d559
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
215
alt-svc
h3=":443"; ma=86400
x-amz-id-2
giFUVWnkTe+aI5+5J/k4lIS5fSyQoiHJgaRuVu+PI+RKTMvvxyCwwTTRlHKPfUf5hfmaP0guc3rp+lQ5kJp6bgDFjz7jDaTJ
x-evy-trace-route-configuration
listener_https/all
x-request-id
55bd6141-eae1-47d0-bd15-059ed642d559
last-modified
Tue, 12 Sep 2023 07:08:57 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2B%2BImGhiQJoi5WTRU6YMT2iZ963j1NbIjplX1hsRj9R4wXpPgxDpQ9IZy0B7En9WFt77JPcJsBtIGIjqTwRJnWcUvLgfcPxZDtDviTvFK5bOv5ddu9qBnkSZzEkpqqvvueNSzl93qi%2FZUynAc2Agh5bNN"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-pfskq
access-control-allow-credentials
false
cf-ray
82220ad86cf33631-FRA
x-amz-cf-id
1fXPvOaJbXf1k-6QKWUPoi6MDeVOsYPuTzv9W5y-_ezX0JW_ACV79g==
module_102407694414_Blog_Post_01_-_CTA.css
www.threatfabric.com/hs-fs/hub/6701575/hub_generated/module_assets/1688634804987/ 		749 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.threatfabric.com/hs-fs/hub/6701575/hub_generated/module_assets/1688634804987/module_102407694414_Blog_Post_01_-_CTA.css
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a924c55af6e42515871fdd850703bea91aedd280d30febc3ddc9f674df234785
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
HG6JW9T695JY4MKC
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 2
x-evy-trace-listener
listener_https
etag
W/"e2815258c7a6f2ee41cbfe804e58e066"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1688634804987
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 2
date
Tue, 07 Nov 2023 02:10:52 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 148f45d892bd2198be5295012ed59888.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
K1nt1Fuq.UumOXfREd8pVf7ARGCOFlEV
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
9535dc26-52dd-4f84-b814-de397b55740c
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
202
alt-svc
h3=":443"; ma=86400
x-amz-id-2
atrhYWpu6OFdHEMXun66vNp5YwSD2Jrx1fnaRXvTY93KvEheaW169/3AfxaK9zl+uqPXBrL1C3Q=
x-evy-trace-route-configuration
listener_https/all
x-request-id
9535dc26-52dd-4f84-b814-de397b55740c
last-modified
Thu, 06 Jul 2023 09:13:25 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=RT2B5VDpQTe1yCQJjhbVtqa3HNxJG1rcUFpUpUnw25WT9soL8gOBxseWOnZa7rNITfL2nRjpLq7TlBsrbRxTCftKGjaFRVSypkJ3Fy6AGvEUCBluidSqJlYuLZViZQrpn%2BMvUC0Jmd7Xrw3bQCrXglcT"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-tfpt7
access-control-allow-credentials
false
cf-ray
82220ad86d003631-FRA
x-amz-cf-id
y0nt9fwlSgLZdbkzxUNw6Xc1Hc66m9NVIMHufuqm1Vr1Z-YhdM8g5g==
prism.min.css
cdnjs.cloudflare.com/ajax/libs/prism/1.23.0/themes/ 		2 KB
908 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/prism/1.23.0/themes/prism.min.css
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
928e23e6b9fcef82c5f1d1f05b6f7fc5a6e187c60195e59fbf16fc9d071ee057
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 02:10:52 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
22499100
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
563
last-modified
Thu, 31 Dec 2020 20:37:58 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5fee36a6-6fd"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=YupxqYZ25bNWSxqgSNvBezUR3OLhIR8MrJBqDJS1QQ1f25C4pazjT2ZGkgWUQGQZk5i%2B2M7mB7c06mapUf09WMPnCtSwunzw%2F4MJ8OQ76IvkdGfc2K%2Fh%2BKvmt494w1JGMTX%2BzG0KOCrdf%2FLTyBckMlE5"}],"group":"cf-nel","max_age":604800}
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
82220ad87b759bce-FRA
expires
Sun, 27 Oct 2024 02:10:52 GMT
module_101039839309_Footer.min.css
www.threatfabric.com/hs-fs/hub/6701575/hub_generated/module_assets/101039839309/1688634802817/ 		542 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.threatfabric.com/hs-fs/hub/6701575/hub_generated/module_assets/101039839309/1688634802817/module_101039839309_Footer.min.css
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
0d65652e4a1175891a46374d16ec569329b2e667eedb5770ce7ce193fd8fd41a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
BVY57641XR8WRPYD
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"ed0772c6a57504bedc0b6dd9703ab3f1"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1688634802817
content-type
text/css
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Tue, 07 Nov 2023 02:10:52 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 b5e757a7da6f6fe6261f56a8a9646880.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
aEtuO57JBQ7Fe7bp8NQY6TbBJpxyVa2Z
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
1eb0eebd-b6d9-45d3-842d-8b5605eab7ab
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
118
alt-svc
h3=":443"; ma=86400
x-amz-id-2
Wc0VtQ6zvNwBhpnOFEchH2mkXDgmUaoy9ZKauX7EB/I3Moz9Xe82a+990C9lo0ko1aFkue/2vLY=
x-evy-trace-route-configuration
listener_https/all
x-request-id
1eb0eebd-b6d9-45d3-842d-8b5605eab7ab
last-modified
Thu, 06 Jul 2023 09:13:23 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0paPIcNvVgQf9Bs0XY93Nvl2jK5q8sd9cgZPSsoraySbOvTNsLvt4xVEm2JfOT1qHC1dlDaQ49WaarDi4lh7m8zM4bIj7WtjRqiVj1RjIh1rxA1DVYaVnh4y6OjMJ1xmPEH4zvhqged2NkkhyjwcxkPy"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-mxtb7
access-control-allow-credentials
false
cf-ray
82220ad86d023631-FRA
x-amz-cf-id
aaZxaVlkwKGnXI0lzVHMFUz2ebIU4RaWxcXu-OluFiqa7sZ6TWLw8A==
js
www.googletagmanager.com/gtag/ 		227 KB
80 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-SZHLN4DST6
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
02171f0bcc688e2ceedccddb2a68b0e7a0187ccffce23671564f1c51573ad5a7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 02:10:53 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
81378
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Tue, 07 Nov 2023 02:10:53 GMT
threatfabric-logo-light.svg
www.threatfabric.com/hubfs/Threatfabric/logos/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.threatfabric.com/hubfs/Threatfabric/logos/threatfabric-logo-light.svg
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e082d568fb44df37fa453a514a8e553c889abe144c5c73866c1f020e4ccfbc49
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-101040308776,FD-101040367016,P-6701575,FLS-ALL
age
32035
x-amz-request-id
PM1EHJ8G29Z5CPC3
x-amz-server-side-encryption
AES256
edge-cache-tag
F-101040308776,FD-101040367016,P-6701575,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
W/"8b008611e237cad1162ac34fa0566106"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1675415283131
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Tue, 07 Nov 2023 02:10:52 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 da749f044be44d389a30372d73356c4e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
YCo1pSCjPp8.6ZHhoecaW6WpJqmNwWPZ
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-101040308776,FD-101040367016,P-6701575,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
5sNOuX/jkxlcaj5ixwp1Mgi6Q9j5qD8vTnFJMRpdE5JypKyjXs1/NGFGaezy55USmNVeA9BrG4M4bPn9lYWX9+L4FL48rxBpSHGY+5/iD2U=
last-modified
Fri, 03 Feb 2023 09:08:04 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=topbXWhhg7TPBWMV0s96iRbsF56hdeKMEjcaCz5pzXgwx3VpZrSN1Ktw7tU37aANmk6M59kJj5E3cVJR%2FUuMf0nvZsIh%2FL%2B2cpvJ3cMXGc3L7uh0a8ioOHgX8t7%2FPd9b%2By%2BiSdGla%2BLb8zkVAOLsWZCb"}],"group":"cf-nel","max_age":604800}
cf-ray
82220ad86d043631-FRA
x-amz-cf-id
r0at4dmXX73i-kx7QkNw6DXiq-Y8r_ZWqbO4FwYDY6UzOK0rqa5aFA==
embed.js
static.hsappstatic.net/content-cwv-embed/static-1.388/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hsappstatic.net/content-cwv-embed/static-1.388/embed.js
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:c060 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 02:10:52 GMT
x-amz-version-id
GNgANes_HpxlXMl5IDFfVeYnBgfaeeYN
via
1.1 018ffb575888f1c9ec960e3e977c042e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA56-P2
age
589211
x-amz-server-side-encryption
AES256
content-encoding
br
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 15 Aug 2023 19:48:57 GMT
server
cloudflare
etag
W/"8741985292d64b839be39c64b14f3783"
vary
Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=0b5J7u7wQh8SX2mtI6VyYLY78KLsFwrWVIEV3FUZ0H%2BALTgl1A4q0%2Fyird2Gpx08wLPgWFt%2FtvVK%2FFqJRm1ZVx40fz%2F84d1KVAa4AicOXhtaymrecRn3aTL90NsWXiZuPlG3zYXckKBzDJhM%2FSIlSXdSi8k%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
82220ad92b6518e2-FRA
x-amz-cf-id
k_gHpvfnGWP3KOaVi1deeMqYFTweB1UnYNK_3W6jSRA-UzfpyBEvZw==
expires
Wed, 06 Nov 2024 02:10:52 GMT
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/ 		87 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 02:10:52 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
4096098
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
27958
last-modified
Mon, 04 May 2020 23:01:39 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb09ed3-15d84"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=JdaedVzDEGzkPvogLMAGo5dIAA%2FN4WEgAIHJ4Ph%2FAoL3IV60wjVzYfTRp0oqErI3CqH97jtqsvYINkD10tF9snYy2LBoAwhHQRNMW%2FmKAeqavJ6cqUNwlrvVfmjqjXz5tMr2UEHTNuYINIb1otAg7lcl"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
82220ad87b779bce-FRA
expires
Sun, 27 Oct 2024 02:10:52 GMT
jquery-migrate.min.js
cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.3.1/ 		11 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.3.1/jquery-migrate.min.js
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
89bf8cdea73ce776d6b81d03837bc7f04af5e3946b839a3c0bfbf3094ad3f7be
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 02:10:52 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
7722436
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
3592
last-modified
Thu, 22 Jun 2023 11:06:02 GMT
server
cloudflare
cf-cdnjs-via
cfworker/r2
etag
"64942b1a-e08"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=NQ3bX0Bg%2BTW4wouLLN%2FeV28WNFjUm%2FCgxD1FoeciMibY1jGzlrX6eChTpOnDQMG%2B%2B%2FPfK5vHfYj54lfZYdMr3EeGKwip89L0h7PjqSJOnfH%2F44w%2B%2Fyv4vsI0uWi9IxWiCjTrgUHXOl7I6EXuBhu%2B1d3u"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
82220ad8ab879bce-FRA
expires
Sun, 27 Oct 2024 02:10:52 GMT
plugins.min.js
www.threatfabric.com/hs-fs/hub/6701575/hub_generated/template_assets/100565705870/1687936300836/Threatfabric_Hatch/js/plugins/ 		203 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.threatfabric.com/hs-fs/hub/6701575/hub_generated/template_assets/100565705870/1687936300836/Threatfabric_Hatch/js/plugins/plugins.min.js
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
88e53f842be1a989a5194700504adb35a8a6be7d809a95f5c905d9235074d7bd
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
04V6MBRD3BAJQ8CA
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
PENDING
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"ab6084c0f2d06195525b35b89e4d786c"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1687936302031
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Tue, 07 Nov 2023 02:10:52 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 f9efe5e72b7e5cc47bf34a0b0debcbe2.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
yxdR5TFeTgKQOODytJSmOJsjFalNRyFc
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-cache
Miss from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
165
alt-svc
h3=":443"; ma=86400
x-amz-id-2
sazpQ4dhFzvxHFXVKo+Fz+kXPjSKo7XhBSd7k2EF6nYQT7MtTWkWIVz6S5Dm3r95SmlkqCBegrI=
x-evy-trace-route-configuration
listener_https/all
x-request-id
571113b6-05a1-43c3-a1f4-1a5e33c754e3
last-modified
Wed, 28 Jun 2023 07:11:43 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ENk2xLNiZpYQf4ryWNsAJ0VV4O0XC4YtlGkM8MYcVmilung634OeQ17IIIx%2F3y7YJAfpPsz0OSSyEmAY%2BN3RR1cGZTRg%2BzA78m5PqIaRguNiGH24RPLZY0TWajFDq4m2K1VQOGHQdlFFKsvqvba7bxlK"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-mxtb7
access-control-allow-credentials
false
cf-ray
82220ad8fdf79290-FRA
x-amz-cf-id
7UF7DeE919_YJJhP_VnUogVQKehhnlKnqIo9VEmP5m_1mkbAZvxjvQ==
main.min.js
www.threatfabric.com/hs-fs/hub/6701575/hub_generated/template_assets/100565738928/1687936299967/Threatfabric_Hatch/js/ 		30 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.threatfabric.com/hs-fs/hub/6701575/hub_generated/template_assets/100565738928/1687936299967/Threatfabric_Hatch/js/main.min.js
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9c3ceec955f96bbdef0567a87a60077187cf7fd717f1ae28b044f5930a1c6847
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
04VE7HG4TCQ0BB3A
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
PENDING
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"2c91f63cff05be1dad3f4eab27886ce4"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1687936300386
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Tue, 07 Nov 2023 02:10:52 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 b5e757a7da6f6fe6261f56a8a9646880.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
AiQqVy7HUbOWJu__8x887EPr5dk59bJE
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-cache
Miss from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
154
alt-svc
h3=":443"; ma=86400
x-amz-id-2
/W46GnNSD7H5LmGXo6DohD9CX5iGLVs9wAl4dL7Y0+qAeekuEiJE86QWJrEkaDrPgxivkVZ/UWy/OsX/8opnlnwG5gaatBmsr7TgauXquVE=
x-evy-trace-route-configuration
listener_https/all
x-request-id
c725a83c-99e9-493b-9c14-987813c9b266
last-modified
Wed, 28 Jun 2023 07:11:41 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ALJJoQiBpmz2Y8oqi%2BTkkwHOTw%2BNiSaDOwOBw3SNMZZ73QT1KZ8Oay%2BkycrwuFoI8Z2btw%2F%2BSwjqG4%2F3a%2BYeQZ0%2FPSAWBMrkJl3kUq4lndZnEi440kK8NWg%2FldGT3A1t%2BIHV5o6Dpsm6sM4uDGXquQm4"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-mxtb7
access-control-allow-credentials
false
cf-ray
82220ad8fdf89290-FRA
x-amz-cf-id
mu62WdSBLrFAtnQP9GZcBt9q1Qe06frPDbeXkOeJ9g8qOA4xXa8lcg==
child.min.js
www.threatfabric.com/hs-fs/hub/6701575/hub_generated/template_assets/101040014386/1687845070161/Threatfabric_Hatch/ 		654 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.threatfabric.com/hs-fs/hub/6701575/hub_generated/template_assets/101040014386/1687845070161/Threatfabric_Hatch/child.min.js
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c16d59010b5c7bc246cc28fa0b991da4aaf6ed332f99940a4d5bd29de1ad43de
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-request-id
6AJZ7VVY663HMF45
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"6748e45b4b9a78b567cc67c4bbe101c4"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1687845070347
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Tue, 07 Nov 2023 02:10:52 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 f0a9678a89ea6fb10debcb7507e49828.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
tWyHUvyl_PrBUjYVhQfi.cVUEpkzlair
x-amz-cf-pop
IAD12-P2
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
b1799fdb-a8e0-49a6-b32b-0bf238ce57f6
x-cache
RefreshHit from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
187
alt-svc
h3=":443"; ma=86400
x-amz-id-2
lVx/0/dPNg0BmFjecU+kLww9EXDKHcRePpkrtXcAoUBThBxLcajxWAV1iTwxA4rnWXFpuR5aZ98=
x-evy-trace-route-configuration
listener_https/all
x-request-id
b1799fdb-a8e0-49a6-b32b-0bf238ce57f6
last-modified
Tue, 27 Jun 2023 05:51:11 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dULIYolMSSRrJDnXLZ2jzkyJnOCscBF%2BDko9LU9T6rf8EcG2Ia1U00W0%2BfhMGFfX6FB6LpLFB4ItsdVhCS0QQFskmE27CcDv6iOktaz1ybUa0nC%2B2WgyR0KyBe6osKeEvZa1pnvpnkSl4OKSrMBB1wLv"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-6c8d5c7998-vbm4n
access-control-allow-credentials
false
cf-ray
82220ad8bddf9290-FRA
x-amz-cf-id
E92XPRciFTZGdI0CqYwLIuINiXkydGZlL4RJZw71RL7lY-xdI4Royg==
module_-2712622_Site_Search_Input.min.js
cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1699304502720/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1699304502720/module_-2712622_Site_Search_Input.min.js
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6fd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
863886e2347be57cf71d7ed3fc614593e94bbce61858cd8c0761ba7a78d2ace4

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-encoding
br
age
18366
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
PENDING
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"f9134a973469f840bf03f740af92c65f"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1699304502720
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Tue, 07 Nov 2023 02:10:52 GMT
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
705cc7d9-80b3-4650-a8a1-89fc84e41abb
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
179
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
705cc7d9-80b3-4650-a8a1-89fc84e41abb
last-modified
Mon, 06 Nov 2023 21:01:43 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yGuUUdxbEXEcjWe7rVjKVJduKh7CqUVbBoR3eMJIZuFgzQ%2B7xzgjtejOJwrqZhBdulAZK1F2kMWRD31Vuq9neLdFrmVFYbmViBJRMdymPcufn9DVvOhMbR3OrTIci6UQlio6TeR%2B%2BUlweJeZbM8%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-cdn2-td/envoy-proxy-5745477c8b-fc8qf
cf-ray
82220ad8dc7b5d61-FRA
blog.min.js
www.threatfabric.com/hs-fs/hub/6701575/hub_generated/template_assets/100565906251/1687936291180/Threatfabric_Hatch/js/ 		392 B
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.threatfabric.com/hs-fs/hub/6701575/hub_generated/template_assets/100565906251/1687936291180/Threatfabric_Hatch/js/blog.min.js
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2a448b9bbfefb181e970942d95b976b8c437cae5dc6fb283336186fb337449a0
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
age
353
x-amz-request-id
JJ7E5B1W63T8FGZ2
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
x-amz-replication-status
PENDING
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.enforceAclForReadsProd 20
x-evy-trace-listener
listener_https
etag
W/"10407d190f7c12f4a617d1986ba65407"
vary
origin, Accept-Encoding
x-amz-meta-created-unix-time-millis
1687936291342
content-type
application/javascript; charset=utf-8
x-evy-trace-virtual-host
all
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-hs-cf-lambda-enforce
us-east-1.enforceAclForReadsProd 20
date
Tue, 07 Nov 2023 02:10:52 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 baddfcb4f2a6876b4fcc03bcd62427ee.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
U1oZoL1x_Bcd.2kwayzHcjPAcIFFWmTV
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-cache
Miss from cloudfront
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
223
alt-svc
h3=":443"; ma=86400
x-amz-id-2
QjOz9GaKNcUYnQbLkr1G2PZlWdrE0Zo9pXx/32Ewa3oVkSwV7rxx4dZJWIfCeibIXf9f/TXmp5o=
x-evy-trace-route-configuration
listener_https/all
x-request-id
9f9c5298-ebc8-41c5-84d7-c3d038f0e739
last-modified
Wed, 28 Jun 2023 07:11:32 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ux2zmjU9G6UhPN2l%2BG3PmFenpJLzqTXHNtyCRz7IBjx4xk%2Bo6AGX%2FoEvMTNwYBw5BvTg1Qb7aqcJtCuTzSYvGK4fixTjQ%2Fm0iQC4rxhDx%2B29zA4F2aEgttXnixQjyed82ahC4Yao8cYsDnEPu6Lw0fu3"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-hubfs-td/envoy-proxy-fd8f7bc74-ph7zk
access-control-allow-credentials
false
cf-ray
82220ad8edf59290-FRA
x-amz-cf-id
nJ0_Oc2BJ1_QtB1VXgUDRK8Lfvh1ZqTBfLAv6drNl5jynHwCXJStHQ==
beautify.min.js
cdnjs.cloudflare.com/ajax/libs/js-beautify/1.14.8/ 		73 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/js-beautify/1.14.8/beautify.min.js
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2d5c291cc9ce12740d42109fbf4384252918103351a98793ffa71f764ea3e4cf
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 02:10:52 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
3150446
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
14063
last-modified
Tue, 01 Aug 2023 15:27:43 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"64c9246f-36ef"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=4OguX%2BKSSG7NQwvIfjJNT%2FfkMSzl4M4M1%2BVvblu%2BHxTl5eEASVVAEFrXxpTQwV7Lmex5YI%2F0yElq0gvpDQh7baJ2QrqPWkOIEJt%2BXsF4XwFqdnkgfWOaLRKwdSdW%2FTSvWE%2BVWUTrdlt36%2BJakRYFdCe6"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
82220ad8fbba19b1-FRA
expires
Sun, 27 Oct 2024 02:10:52 GMT
prism.min.js
cdnjs.cloudflare.com/ajax/libs/prism/1.24.1/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/prism/1.24.1/prism.min.js
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc377d0b25d1c78cd2fb2d8c9b3cc8fe12db24bd47084deda1129905ca256099
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 02:10:52 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=15780000
age
9426414
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
5980
last-modified
Thu, 22 Jun 2023 11:16:45 GMT
server
cloudflare
cf-cdnjs-via
cfworker/r2
etag
"64942d9d-175c"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=g1XBTyEVCSCdhRYOgd8EmTXlEJ8qOg8btivBAl5hAsZKigPnUJLdBl3mIjuSMjggCVjGg%2BIQVJbNoxzMmDiKZoEPyFEwsfumfi5E6%2F3xUe%2FDZti7vISt%2BjOXQvDUhcw186YPkcRVD2gO%2FsUHlhVZdEeu"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
accept-ranges
bytes
timing-allow-origin
*
cf-ray
82220ad8fbbb19b1-FRA
expires
Sun, 27 Oct 2024 02:10:52 GMT
6701575.js
www.threatfabric.com/hs/scriptloader/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.threatfabric.com/hs/scriptloader/6701575.js
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c34c987489e3315e129e833033d48f98eca5aeb8b5f8967e86ae4f9244645cb8
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 02:10:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
1898c8b3-0fd1-4edc-b810-80c429fb2eba
content-encoding
br
x-envoy-upstream-service-time
24
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
1898c8b3-0fd1-4edc-b810-80c429fb2eba
last-modified
Mon, 06 Nov 2023 22:29:12 GMT
server
cloudflare
x-trace
2B2423484BC545776AACA1ECF7834E78FFE2D2BA30000000000000000000
vary
origin, Accept-Encoding
access-control-max-age
3600
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://www.threatfabric.com
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-5b5c96c966-rmgdk
cache-control
public, max-age=60
access-control-allow-credentials
true
x-evy-trace-virtual-host
all
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qw93kulQV6p3MJGX0ZW%2FNCE%2F%2FV3oxL6%2F3QgktC1hkteK%2B7A39NV%2F99sEhVedkiazinkbAvzYuI5lJVpKdQQRe%2B6VX53frVA4xK2kARQ5cBxBzxxg6IsPoa73wsN4It30zJfAAG8i%2FnhBv%2BhHn92j9tIN"}],"group":"cf-nel","max_age":604800}
cf-ray
82220ad8fdf99290-FRA
expires
Tue, 07 Nov 2023 02:11:53 GMT
index.js
www.threatfabric.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.threatfabric.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 02:10:52 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 a355d8f903a0cf5525893c863fcdf216.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy
upgrade-insecure-requests
age
17232341
x-amz-cf-pop
CDG52-P4
x-amz-server-side-encryption
AES256
x-amz-version-id
inhS2tX2f2C4tITR3p2haS.uhsvA9eGz
content-encoding
br
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
last-modified
Fri, 21 Apr 2023 15:17:56 GMT
server
cloudflare
etag
W/"0bbd63c0750f141fd5cec04a9393647e"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=XSFzHlCY8vQAHOzCb1Se8d089EWsQvYUTqHUyyNRP%2B%2FLBE4PiqNKViBUf89DV6Kv1iONw9Oj6lLVfXDBEUTogRdFLYRWTRlyhMlW1ZKl7VLabAmpKVLUfxCqfE5j7ezaAeHpUsqpZ6%2BXWLmcsGnMpHYh"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
82220ad8fdfa9290-FRA
x-amz-cf-id
TYHgsp09grVKpYA9dxiozj2UAW4tlG6PoALJeeeJ-H2x7PoACqsm6Q==
expires
Wed, 06 Nov 2024 02:10:52 GMT
6701575.js
js.hs-scripts.com/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-scripts.com/6701575.js
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:bb59 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c34c987489e3315e129e833033d48f98eca5aeb8b5f8967e86ae4f9244645cb8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 02:10:53 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
EXPIRED
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
b1897d57-3c15-42bb-b30b-00eca9f328a2
x-envoy-upstream-service-time
8
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
b1897d57-3c15-42bb-b30b-00eca9f328a2
last-modified
Tue, 07 Nov 2023 00:23:20 GMT
server
cloudflare
x-trace
2BC376567ACBC2AB23216180415C0E0013A348725D000000000000000000
vary
origin, Accept-Encoding
access-control-max-age
3600
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://www.threatfabric.com
x-evy-trace-virtual-host
all
cache-control
public, max-age=60
access-control-allow-credentials
true
x-evy-trace-served-by-pod
iad02/hubapi-td/envoy-proxy-5b5c96c966-fvfc4
cf-ray
82220ad91e641953-FRA
expires
Tue, 07 Nov 2023 02:11:53 GMT
in.js
platform.linkedin.com/ 		0
0
tf-blogpost-banner-divider-01.svg
www.threatfabric.com/hubfs/Threatfabric/images/ 		576 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.threatfabric.com/hubfs/Threatfabric/images/tf-blogpost-banner-divider-01.svg
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d92c25b1d90bdf3fb25373c5e3de35b1256f47a96575d58b4e6ae10be499d76d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-102446427186,FD-101619062546,P-6701575,FLS-ALL
age
45541
x-amz-request-id
FDPYERTJ9BSZT8G3
x-amz-server-side-encryption
AES256
edge-cache-tag
F-102446427186,FD-101619062546,P-6701575,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
W/"af4732c5d3ba47ba314c39750f2c2e6f"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1676379615960
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Tue, 07 Nov 2023 02:10:52 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 4dd80d99fd5d0f6baaaf5179cd921f72.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
LvbdpHvwKMpHzOWR2c2lhGUzlD608lQ_
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-102446427186,FD-101619062546,P-6701575,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
jFh3mItxfvPw2+38Zvx9c/xQ9uBLbPpO9a4PD7yeUWBv5QJCmF8y78dSyDzctxEMVg9fdCPn+jU=
last-modified
Tue, 14 Feb 2023 13:00:17 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aKjdi6QjD74CsOIglKYaFEoYqxAC%2F5MVdJkFpOj6%2Fy%2BqPwMG%2FqYTg1WnC15ZjwZRjpLt0B3Uf4ZJfLgUwDraEK9WC4TiTQQBaTxgmeAmpv2KB5SNmwR0svq5g5wovULJ%2FbHt%2FzU%2F5b157KTErgh5iCsF"}],"group":"cf-nel","max_age":604800}
cf-ray
82220ad90e039290-FRA
x-amz-cf-id
IoeReHSvrDyJohYIe3D0QnvuVWpTRS1YD9FzkwaBn39XWOFu_crMUQ==
tf-offer-bg-divider-01.svg
www.threatfabric.com/hubfs/Threatfabric/images/ 		556 B
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.threatfabric.com/hubfs/Threatfabric/images/tf-offer-bg-divider-01.svg
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
639127081177ea5058409066f97e84fb8ffdad426754956248f4ed77b45bd606
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-102241528447,FD-101619062546,P-6701575,FLS-ALL
age
49112
x-amz-request-id
8NHQK47E6J3XGE6S
x-amz-server-side-encryption
AES256
edge-cache-tag
F-102241528447,FD-101619062546,P-6701575,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
etag
W/"3c05186b36e65acf42dc5ace50a34360"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/svg+xml
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1676276654996
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Tue, 07 Nov 2023 02:10:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 f1a22cc8d842b0950e4bd5bda60806f2.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
.HXvxpbfuTohzDbnYKcJooLLN3h3f42c
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-102241528447,FD-101619062546,P-6701575,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
hKrPKjDMnzFL+QLQe5HhO1o2csKJcK4c3w1PHpzzr+aWppCvU30tsThFualrBgUY+UvoK2oF+lw=
last-modified
Mon, 13 Feb 2023 08:24:16 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oiVKZD8EXyAJ%2FIFZhTN%2F%2FLGyVELiY8d0GUDYjWhw7BfBlcsYDLDCU6bEZhpUXmAK1k5Gk6FzebUYU7JO5QyqnVnaYKWdy%2BQ3Fn05k2iwlotrUE4%2BZLcrM%2FlAbKeBp0GU9umP3C8Pocy9PYy1MKt35u9n"}],"group":"cf-nel","max_age":604800}
cf-ray
82220ad92e069290-FRA
x-amz-cf-id
OBkeeNukUrH29-OVvtEosseNfFw6hPorwwDOyHPdJohLRyDz5Mrfkg==
Kanit-Light.ttf
www.threatfabric.com/hubfs/Threatfabric/fonts/kanit/ 		163 KB
64 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.threatfabric.com/hubfs/Threatfabric/fonts/kanit/Kanit-Light.ttf
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/hs-fs/hub/6701575/hub_generated/template_assets/101040140217/1690200714709/Threatfabric_Hatch/child.min.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b7b87f1b48aa75784afb205b3d567664641bc056af2e20b5873da2c90605b7d2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.threatfabric.com/hs-fs/hub/6701575/hub_generated/template_assets/101040140217/1690200714709/Threatfabric_Hatch/child.min.css
Origin
https://www.threatfabric.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
content-encoding
br
x-amz-meta-cache-tag
F-112819245065,FD-112819245060,P-6701575,FLS-ALL
age
53408
x-amz-request-id
Z9PTCYSY9NY0AKEC
x-amz-server-side-encryption
AES256
edge-cache-tag
F-112819245065,FD-112819245060,P-6701575,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 2
etag
W/"0c443ef22ca3ce98e0b670310f5ebb36"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
font/ttf
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1682489433648
cache-control
s-maxage=1814400, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 2
date
Tue, 07 Nov 2023 02:10:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 4b69099d64ffa1fbe8adbe1235065a14.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
Tqpimg7QV74KE9DspBbqQUupRuYfGKOs
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
x-cache
RefreshHit from cloudfront
cache-tag
F-112819245065,FD-112819245060,P-6701575,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
x-amz-id-2
y1d8tJdcvY99ZdK+6+Q7lVKA+rj1i8uxAJ1h4by9vLRCcewZ0iHplVwk2n57mhDhI9k3rg3/Dec8o2usYEjHDRdbZhLF+/hB
last-modified
Wed, 26 Apr 2023 06:10:34 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OVSpz8fUaWlpO7iR5khCGRv5JYnn5POSDOzLaE2IhoOgY32WM4llssSVEC0MdN6s%2FqsH2DIgRFt%2ByM016dL5BYIx4eK6LLMubjeO6%2BasaD5UQW%2FmZFmUGBEai3Ud9gPSprFWpMDgbhgb7%2BtHu6UPWx3H"}],"group":"cf-nel","max_age":604800}
cf-ray
82220ad92e099290-FRA
x-amz-cf-id
GTJ6L85zjxYeSEPnbtdCsCm88HHEi8JgnkPNjYq8FXE4jp1fnocJsQ==
TF_SecuriDropper_Social.jpg
www.threatfabric.com/hubfs/ 		633 KB
635 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.threatfabric.com/hubfs/TF_SecuriDropper_Social.jpg
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
04fab1c78f8bb058ca2878689aa72b5dc437efd5370f520a682291a6e9a6c190
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-140952930401,P-6701575,FLS-ALL
age
45543
x-amz-request-id
YK2K90HRHGHF2G3A
x-amz-server-side-encryption
AES256
edge-cache-tag
F-140952930401,P-6701575,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"f6f82d2a40531a3e3e956af710c58a9d"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
image/jpeg
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1697704350336
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Tue, 07 Nov 2023 02:10:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 f1a22cc8d842b0950e4bd5bda60806f2.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
Yvz5U5nz0vvrPmtKvfRyF_Z.uX.14axe
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
cf-polished
degrade=85, origSize=1019623, status=webp_bigger
x-cache
RefreshHit from cloudfront
cache-tag
F-140952930401,P-6701575,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
content-length
648480
x-amz-id-2
EzewnWYiQsY9pkavoL7ObhVBqdbI5uV5wG07b75pGbKSoIM/DHHp3tRL15vqReqOO8gXW8uepDw=
last-modified
Thu, 19 Oct 2023 08:32:31 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ae19jS5Yf2wHl9cWTm0s5j83x44PHOB0LfIK1nbLQToKfVtDuMBMfIJInsHvL24SMRMRZPA38Ty7H0qUny8O7Oi3UTuqRhZSXyid%2FDu2ouJECZLxPp%2Bz1epbWJrUzOpggQxgTyhcMVtpsuOKaxPx2Cj%2B"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
82220ad95e189290-FRA
x-amz-cf-id
LyIVO1ZZJrqSjOHt5P7Sov_8gBdx-S6mBS1msis3pPCp2uVJZKQ87A==
Slide6-4.png
www.threatfabric.com/hs-fs/hubfs/ 		136 KB
137 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.threatfabric.com/hs-fs/hubfs/Slide6-4.png?quality=high&width=1920&height=1080&name=Slide6-4.png
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
5c3ab0c8c22e0b7d05b7c9a5a8caca6de4aa184eac72ddfecbed5dab3c277abe
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 02:10:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 8109fadbc132b410ecc2c3df250d6144.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-141933455137,P-6701575,FLS-ALL
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
content-length
139220
cf-resized
internal=ok/h q=0 n=17+175 c=0+0 v=2023.9.8 l=139220
last-modified
Wed, 25 Oct 2023 13:18:54 GMT
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"cf4EukUqAdFcQhSxXyzzvoeEExHgsq8QfHIfRviYeeDQ:fd2a034c5f056db968b6f94754fbfbd5"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=gqo3cXdA8RWdKnkEUrF5x15jbej9%2BKjFdzSjQ0VZ5yRAwBdb6xuuv1tju%2F6yauA1udGf84pjhL9vMaQ0254%2FPUYg6yxkLK9r3B%2FDR0xH%2BVH%2B%2F7hWZGZAh2RSmkGXuaHpJN9FkKaka2ce7anB7LaSPAMh"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
82220ad95e199290-FRA
Slide1-3.png
www.threatfabric.com/hs-fs/hubfs/ 		90 KB
91 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.threatfabric.com/hs-fs/hubfs/Slide1-3.png?width=1920&height=1080&name=Slide1-3.png
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b2786ec27f79bfe80d53f8d343d744075018bd8172a667f8c592ba76df73611e
Security Headers
Name Value
Content-Security-Policy default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 02:10:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 0d78cc90106520d13c1b5c5b16dd8246.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-content-type-options
nosniff
content-security-policy
default-src 'none'; navigate-to 'none'; form-action 'none'; upgrade-insecure-requests
cache-tag
F-141934184298,P-6701575,FLS-ALL
x-hs-https-only
worker
alt-svc
h3=":443"; ma=86400
content-length
91894
cf-resized
internal=ok/h q=0 n=16+155 c=0+0 v=2023.9.8 l=91894
last-modified
Wed, 25 Oct 2023 13:13:15 GMT
cf-bgj
imgq:100,h2pri
server
cloudflare
etag
"cfvJaIvCjQ3TiZm548rmA6OCf5IKc0wKeDGijcIDPWDQ:bba40c31c5ec4882f0a04db5fd7e4a62"
vary
Accept, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=qpecYOkbUBbO6H7tkAuFnNgvteiGqix9npk7O6wPYGdsj0IxshHf8qCQiUejcltwxVKtLQK%2F8tx4q3Nb6Oh4n2tTjTli%2FAc2rOzBXo6KUfuBdzJo6xk33uvqOYslM7JE52IXvFHi3KVdgxxsFgq0Etly"}],"group":"cf-nel","max_age":604800}
content-type
image/webp
access-control-allow-origin
*
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
accept-ranges
bytes
cf-ray
82220ad95e1a9290-FRA
insight.min.js
snap.licdn.com/li.lms-analytics/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:f::213:7ec6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
2126d13951d660b735a803ddd2572268e66210fa2a60a1be6b56e9fca2d8fb58
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 02:10:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 06 Nov 2023 10:38:42 GMT
x-cdn
AKAM
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
cache-control
max-age=86378
accept-ranges
bytes
content-length
3840
all.js
connect.facebook.net/en_GB/ 		0
0
widgets.js
platform.twitter.com/ 		0
0
has-permission
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 		0
980 B 		Script
General
Check archive.org
Download Go to
Full URL
https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission?portalId=6701575&callback=jsonpHandler
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/hs/hsstatic/HubspotToolsMenu/static-1.191/js/index.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options no-sniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 02:10:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
no-sniff
cf-cache-status
DYNAMIC
x-hs-worker-debug-mode
false
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
35b57e79-3ac1-4e6c-9c69-ea5db0dc287c
x-envoy-upstream-service-time
2
x-evy-trace-route-configuration
listener_https/all
reporting-endpoints
default="https://send.hsbrowserreports.com/csp/reports?cfRay=82220ad9dfafbb61&resource=unknown"
x-evy-trace-listener
listener_https
x-request-id
35b57e79-3ac1-4e6c-9c69-ea5db0dc287c
server
cloudflare
x-trace
2BDBBE94C581D6CDEB8DBB99E669463635BB0A9112000000000000000000
vary
origin, Accept-Encoding
access-control-allow-methods
GET
report-to
{"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-7c89bb96b9-mqbv2
x-evy-trace-virtual-host
all
cache-control
max-age=0
access-control-allow-credentials
true
cf-ray
82220ad9dfafbb61-FRA
6701575.js
js.hs-analytics.net/analytics/1699323000000/ 		66 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1699323000000/6701575.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/6701575.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:50ba , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b7def49f05a6bc9e59008235ad2ae2ef64bbe1378b6a9ad3afdd7afb0ab8d74c

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 02:10:53 GMT
x-amz-version-id
null
content-encoding
br
cf-cache-status
MISS
x-amz-request-id
XYRZRY3FNHY0DFA0
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
8e1d1b71-4c24-4280-874a-8038ada00620
x-envoy-upstream-service-time
65
x-amz-id-2
NZx4XRNjWdjnq760H98QrZyHpN45lbN92hOruMazOOXumNwMVDap3Urjedqdja6K3DTwJbHXeDM=
x-evy-trace-listener
listener_https
x-request-id
8e1d1b71-4c24-4280-874a-8038ada00620
x-evy-trace-route-configuration
listener_https/all
last-modified
Thu, 12 Oct 2023 15:09:09 GMT
server
cloudflare
etag
W/"090e0210eed77a8652f430240d8cf7e5"
vary
origin, Accept-Encoding
content-type
text/javascript
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-85c95667b4-jgkmt
cache-control
max-age=300,public
access-control-allow-credentials
false
cf-ray
82220adaf8c20482-FRA
expires
Tue, 07 Nov 2023 02:15:53 GMT
collectedforms.js
js.hscollectedforms.net/ 		69 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hscollectedforms.net/collectedforms.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/6701575.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:589a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
200cef31a4664eb38f1293062efc3d5acf8e769cc27242418b198a0aa4b20492
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Origin
https://www.threatfabric.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 02:10:53 GMT
x-amz-version-id
XYPPFvciWFKtpS2hNgrEqmNT6fxOdL.H
via
1.1 2a3aa853116c0a37d6c7762eca54d208.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
EXPIRED
x-amz-cf-pop
IAD12-P3
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
5db2bd9b-2475-47da-bef6-f476f2fa8b53
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.433/bundles/project.js&cfRay=82220adaf80965aa-FRA
x-cache
Hit from cloudfront
cache-tag
staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
content-encoding
br
x-envoy-upstream-service-time
1
x-amz-replication-status
COMPLETED
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
5db2bd9b-2475-47da-bef6-f476f2fa8b53
last-modified
Mon, 23 Oct 2023 13:11:34 UTC
server
cloudflare
etag
W/"7864f8fd485be672e98358eb894b6fd7"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
x-hs-cache-status
HIT
cache-control
s-maxage=600, max-age=300
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-7c89bb96b9-mlg6m
cf-ray
82220adaf80965aa-FRA
x-amz-cf-id
V1iu0wD4CQB1JQ_0qYlI8E0ZzDqjWUCy_WWxw57zJvLLxbAOxAjywQ==
x-hs-target-asset
collected-forms-embed-js/static-1.433/bundles/project.js
web-interactives-embed.js
js.hubspot.com/ 		77 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hubspot.com/web-interactives-embed.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/6701575.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1792bc5e743bd0ac0fd96fbb6009f36867ffc40ee02f99b87b142a5720e59894
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Origin
https://www.threatfabric.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-encoding
br
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.670/bundles/project.js&cfRay=82220adafc8fbb5f-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"42b57e1143f6aa475fdeb427c59693f8"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
max-age=600
x-hs-target-asset
web-interactives-embed/static-2.670/bundles/project.js
date
Tue, 07 Nov 2023 02:10:53 GMT
x-amz-version-id
m.Nbb3nZrFYCpU.uAzEgjZqcTWnoEvq6
via
1.1 872e43fac89d80c9557000efb9c31650.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
0a852144-8d05-4fd7-a491-b7ccfb9f01e8
x-cache
Hit from cloudfront
cache-tag
staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
1
x-evy-trace-route-configuration
listener_https/all
x-request-id
0a852144-8d05-4fd7-a491-b7ccfb9f01e8
last-modified
Mon, 06 Nov 2023 15:34:56 UTC
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=jsWVrLXG7Jups63gmzmomrPWg8xA%2FdQlYCYDCNyQwkePUFLivdAJ0X%2FatmO7lpDnqVzfqLwc1D30w8indZm9w108FR08a28Q4Rq7x567ck1QlXSFNxyiM2Z3dRvKCGjaE987kcVEGlWqz1Sf"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status
HIT
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-7c89bb96b9-95l7k
cf-ray
82220adafc8fbb5f-FRA
x-amz-cf-id
W20TSwR7OnJfRQQsgabPsitO2-7FN5LSyy2TxeG9TWXyXBwjSDY6vQ==
banner.js
js.hs-banner.com/v2/6701575/ 		69 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/v2/6701575/banner.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/6701575.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
81c7e857eda5199104006f9321bf5587cf27fcf5057cbb1052aee01e33c182e5

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 02:10:53 GMT
x-amz-version-id
.ZsY4NRqOKQP3IYvbtL3pcZLK1BPYFcp
content-encoding
br
cf-cache-status
REVALIDATED
x-amz-request-id
R8YSZ0ZWNZBFC385
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
93016a6f-ddec-4de5-aae3-e268c2301764
x-envoy-upstream-service-time
39
x-amz-id-2
bg3gUw1JFUps5XtnZ2EhFbgKVuxHuerdJUQcdqLbm/FQV3LGw3QtryCo/MRtomzRoU+Pz8sz5tA=
x-evy-trace-listener
listener_https
x-request-id
93016a6f-ddec-4de5-aae3-e268c2301764
x-evy-trace-route-configuration
listener_https/all
last-modified
Wed, 18 Oct 2023 16:47:28 GMT
server
cloudflare
etag
W/"c91f4e22e14dea6e757b371113845752"
access-control-max-age
604800
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
https://www.threatfabric.com
x-evy-trace-virtual-host
all
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cache-control
max-age=300,public
access-control-allow-credentials
true
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-85c95667b4-fc6l5
vary
origin, Accept-Encoding
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray
82220adadbd39a30-FRA
expires
Tue, 07 Nov 2023 02:15:53 GMT
fb.js
js.hsadspixel.net/ 		6 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsadspixel.net/fb.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/6701575.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:e3a3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2148aae183c99fd22de0fa5ac66943716f59908dc935b3b3ca7f02cfdeca17f4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 02:10:53 GMT
x-amz-version-id
MNLx4JOx3WSJAJIp0HalotEMdYQEQdMj
via
1.1 caafbc8a9aa04b09dd564a3ddef60622.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
x-amz-cf-pop
IAD12-P3
age
385
x-amz-server-side-encryption
AES256
x-evy-trace-route-service-name
envoyset-translator
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.494/bundles/pixels-release.js&cfRay=82220172dc3168fe-FRA
x-cache
Hit from cloudfront
x-hubspot-correlation-id
ab6eab61-5a9f-428c-95ef-0b0562fbab89
cache-tag
staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
content-encoding
br
x-envoy-upstream-service-time
0
x-amz-replication-status
COMPLETED
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
ab6eab61-5a9f-428c-95ef-0b0562fbab89
last-modified
Fri, 27 Oct 2023 13:56:49 UTC
server
cloudflare
etag
W/"14edbc97b72939e54b0993394190ecf8"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
x-hs-cache-status
HIT
x-evy-trace-virtual-host
all
cache-control
max-age=600
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-7c89bb96b9-sgzbx
cf-ray
82220adadcc39b2e-FRA
x-amz-cf-id
b2-t-XSyuznuJQemTUOrk6KWJXGHiEF06OyAhWrCszDlEi9MgCEtvQ==
x-hs-target-asset
adsscriptloaderstatic/static-1.494/bundles/pixels-release.js
insight.old.min.js
snap.licdn.com/li.lms-analytics/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:480:f::213:7ec6 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
5b3086a886aa8649ecbf496ac913a1aa443926cd2fff610be2d136c9598bcd8b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 02:10:53 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Sun, 15 Oct 2023 08:32:45 GMT
x-cdn
AKAM
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/x-javascript;charset=utf-8
cache-control
max-age=66953
accept-ranges
bytes
content-length
3272
collect
region1.google-analytics.com/g/ 		0
257 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-SZHLN4DST6&gtm=45je3b60v896951265&_p=1699323052947&gcs=G100&gcd=11p1p1l1l5&gdid=dZTQ1Zm&cid=2008000034.1699323053&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1699323053&sct=1&seg=0&dl=https%3A%2F%2Fwww.threatfabric.com%2Fblogs%2Fdroppers-bypassing-android-13-restrictions&dt=Bypassing%20Android%2013%20Restrictions%20with%20SecuriDropper&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=662
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-SZHLN4DST6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 07 Nov 2023 02:10:53 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.threatfabric.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3969834&time=1699323053268&url=https%3A%2F%2Fwww.threatfabric.com%2Fblogs%2Fdroppers-bypassing-android-13-restrictions
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3969834&time=1699323053268&url=https%3A%2F%2Fwww.threatfabric.com%2Fblogs%2Fdroppers-bypassing-android-13-restrictions&cookiesTest=true
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D3969834%26time%3D1699323053268%26url%3Dhttps%253A%252F%252Fwww.threatfabric.com%2...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3969834&time=1699323053268&url=https%3A%2F%2Fwww.threatfabric.com%2Fblogs%2Fdroppers-bypassing-android-13-restrictions&cookiesTest=true&liSync=true
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3969834&time=1699323053268&url=https%3A%2F%2Fwww.threatfabric.com%2Fblogs%2Fdroppers-bypassing-android-13-restrictions&cookiesTest=true&liSync=tr...
0
263 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3969834&time=1699323053268&url=https%3A%2F%2Fwww.threatfabric.com%2Fblogs%2Fdroppers-bypassing-android-13-restrictions&cookiesTest=true&liSync=true&e_ipv6=AQJ1UC7tmpw6QwAAAYunjAdQx5Xgxf0htnqGNYqQYoiI4_zjr0OXCjviNDH1zSW-XVCDqrYBWE3A
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 02:10:53 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: D8AFCE8027584335BC7113510D706B15 Ref B: FRAEDGE1306 Ref C: 2023-11-07T02:10:54Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-fabric
prod-ltx1
x-li-proto
http/2
content-length
0
x-li-uuid
AAYJhnr/dF5h/Zr9d1N5ow==

Redirect headers

date
Tue, 07 Nov 2023 02:10:53 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 54255FB363184F90AFA808BCA28557A1 Ref B: FRAEDGE1810 Ref C: 2023-11-07T02:10:53Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-ltx1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3969834&time=1699323053268&url=https%3A%2F%2Fwww.threatfabric.com%2Fblogs%2Fdroppers-bypassing-android-13-restrictions&cookiesTest=true&liSync=true&e_ipv6=AQJ1UC7tmpw6QwAAAYunjAdQx5Xgxf0htnqGNYqQYoiI4_zjr0OXCjviNDH1zSW-XVCDqrYBWE3A
x-li-proto
http/2
content-length
0
x-li-uuid
AAYJhnr8U1EtRlWcMJnwbA==
combinedConfigs
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 		1 KB
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=6701575&currentUrl=https%3A%2F%2Fwww.threatfabric.com%2Fblogs%2Fdroppers-bypassing-android-13-restrictions&contentId=139498405777
Requested by
Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fe39ad014d6978fa31159dc5f0fb13d1f7f443571507566a2f6b8e95e90496c2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 02:10:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
4c5023f9-8870-4ea4-91e4-f0b45643b4e2
content-encoding
br
x-envoy-upstream-service-time
67
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
4c5023f9-8870-4ea4-91e4-f0b45643b4e2
server
cloudflare
vary
origin
access-control-allow-methods
OPTIONS, GET
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.threatfabric.com
x-evy-trace-virtual-host
all
access-control-max-age
180
access-control-allow-credentials
true
cache-control
max-age=0, no-cache, no-store
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=UaCaIm73LZoMtXGDjGOrj%2BIJXrCcC1Wx0X8RDDK%2BTpeOm2evrEHLuWjkpfOQ2rJqI2WuE8Gm%2Fx%2BcB9wM8829R5YFGIzoeEpKhh6EOXb0%2BtMsPwBLf7zqygzYeXb46u22PILvtggxYGHQYvV1y3iV6tWlt2eM8hhrerI%3D"}],"group":"cf-nel","max_age":604800}
x-robots-tag
noindex, follow
access-control-allow-headers
Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
cf-ray
82220adc1d13bb5f-FRA
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-79986f96f-hjwld
json
forms.hscollectedforms.net/collected-forms/v1/config/ 		115 B
437 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=6701575&utk=
Requested by
Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:589a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
24ff2277e918bba1af6262f196757d83d3700f77029576dda90fd36b14858731
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept
application/json, text/plain, */*
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 02:10:53 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
72efbe55-6f14-49b9-8a9e-84517468148e
x-envoy-upstream-service-time
7
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
72efbe55-6f14-49b9-8a9e-84517468148e
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.threatfabric.com
x-evy-trace-virtual-host
all
cache-control
max-age=0
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-7c89bb96b9-mqbv2
access-control-max-age
180
x-robots-tag
none
access-control-allow-headers
*
cf-ray
82220adc88e365aa-FRA
hs-web-interactive-6701575-139494617102
threatfabric-6701575.hs-sites.com/ Frame 4BE6 		24 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://threatfabric-6701575.hs-sites.com/hs-web-interactive-6701575-139494617102
Requested by
Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:af5d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9bbf491721b1c52d20bbdfecdcb429e0d8ad60747669e16de280b17aaf601fda
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
X-Content-Type-Options nosniff

Request headers

Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-credentials
false
alt-svc
h3=":443"; ma=86400
cache-control
s-maxage=7200,max-age=5
cache-tag
CT-139494617102,P-6701575,PGS-ALL,SW-2
cf-cache-status
HIT
cf-ray
82220add9e2f18d1-FRA
content-encoding
br
content-security-policy
upgrade-insecure-requests
content-type
text/html;charset=utf-8
date
Tue, 07 Nov 2023 02:10:53 GMT
edge-cache-tag
CT-139494617102,P-6701575,PGS-ALL,SW-2
last-modified
Tue, 07 Nov 2023 00:30:52 GMT
link
</hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script
server
cloudflare
vary
origin, Accept-Encoding
x-content-type-options
nosniff
x-envoy-upstream-service-time
84
x-evy-trace-listener
listener_https
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-route-service-name
envoyset-translator
x-evy-trace-served-by-pod
iad02/cms-bots-td/envoy-proxy-597f8f5b5-w9kg8
x-evy-trace-virtual-host
all
x-hs-cache-config
BrowserCache-5s-EdgeCache-7200s
x-hs-content-id
139494617102
x-hs-hub-id
6701575
x-hubspot-correlation-id
e505ff3b-d3e8-43ad-b6f4-ccd3ae96e231
x-request-id
e505ff3b-d3e8-43ad-b6f4-ccd3ae96e231
x-robots-tag
none
x-trace
2B6AF9BBE6CA544312473E67CE25C869D41B8306F9000000000000000000
counters.gif
perf-na1.hsforms.com/embed/v3/ 		35 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:eff9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

Date
Tue, 07 Nov 2023 02:10:53 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
CF-Cache-Status
MISS
x-evy-trace-route-service-name
envoyset-translator
X-HubSpot-Correlation-Id
eb4bc621-64a2-4d9a-a0b6-23ea03b7f5b3
x-envoy-upstream-service-time
5
Connection
keep-alive
alt-svc
h3=":443"; ma=86400
Content-Length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
eb4bc621-64a2-4d9a-a0b6-23ea03b7f5b3
Last-Modified
Tue, 07 Nov 2023 02:10:53 GMT
Server
cloudflare
X-Trace
2BC7E8C9328640CA67877F6BFAAFC4405D6A9F9B29000000000000000000
Vary
origin, Accept-Encoding
Content-Type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-79986f96f-r4cs8
Access-Control-Expose-Headers
X-Origin-Hublet
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
X-Robots-Tag
none
CF-RAY
82220add8b49362b-FRA
view
js.hs-banner.com/v2/activity/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/v2/activity/view
Requested by
Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/6701575/banner.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36
Content-Type
application/json

Response headers

date
Tue, 07 Nov 2023 02:10:54 GMT
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
x-evy-trace-route-service-name
envoyset-translator, envoyset-translator
x-hubspot-correlation-id
3d18034e-83cf-493e-b31e-bbdd06fb9c25
x-envoy-upstream-service-time
22
x-evy-trace-route-configuration
listener_http/all, listener_https/all
x-evy-trace-listener
listener_http, listener_https
x-request-id
3d18034e-83cf-493e-b31e-bbdd06fb9c25
server
cloudflare
x-trace
2BD056965F6B2104F0C257E2EA9FCF864DFD4386DA000000000000000000
vary
origin
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-evy-trace-virtual-host
all, all
x-evy-trace-served-by-pod
iad02/private-hubapi-td/envoy-proxy-874b7f86f-gtv4s, iad02/analytics-js-proxy-td/envoy-proxy-85c95667b4-fc6l5
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-allow-origin
https://www.threatfabric.com
access-control-allow-credentials
true
access-control-max-age
604800
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray
82220adffc533804-FRA
view
js.hs-banner.com/v2/activity/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/v2/activity/view
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://www.threatfabric.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin
https://www.threatfabric.com
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age
604800
cf-cache-status
DYNAMIC
cf-ray
82220addaa4c3804-FRA
content-length
0
content-type
application/octet-stream
date
Tue, 07 Nov 2023 02:10:54 GMT
server
cloudflare
timing-allow-origin
*
vary
origin
x-envoy-upstream-service-time
1
x-evy-trace-listener
listener_https
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-route-service-name
envoyset-translator
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-85c95667b4-gcx66
x-evy-trace-virtual-host
all
x-hubspot-correlation-id
725f6be7-12ca-4cd1-994d-b968be7a1cec
x-request-id
725f6be7-12ca-4cd1-994d-b968be7a1cec
Lato-Regular.woff2
js.hs-banner.com/v2/fonts/Lato/ 		178 KB
180 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/v2/fonts/Lato/Lato-Regular.woff2
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
983b0caf336e8542214fc17019a4fc5e0360864b92806ca14d55c1fc1c2c5a0f

Request headers

Referer
https://www.threatfabric.com/
Origin
https://www.threatfabric.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 02:10:53 GMT
x-amz-version-id
19GiAjtnZtKA4vYvvfjxgs0SOFKRH2df
cf-cache-status
HIT
x-amz-request-id
JWXZDPHZG4FKJBT0
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
5a75e332-2364-4d6d-bd6c-0124cf268ac4
age
1590559
x-envoy-upstream-service-time
28
content-length
182708
x-amz-id-2
5CdeuGzxeEf0Np9oJZLzIRuvhxPEv7yDeqkSE/QWR/8YIy6URk8duF1MVwTLey7GrTELKf0+lvKG9ukuvLkg6ckdD/p+b3YD2LZa0K/f2R4=
x-evy-trace-listener
listener_https
x-request-id
5a75e332-2364-4d6d-bd6c-0124cf268ac4
x-evy-trace-route-configuration
listener_https/all
last-modified
Mon, 12 Sep 2022 19:35:55 GMT
server
cloudflare
etag
"bd03a2cc277bbbc338d464e679fe9942"
vary
origin, Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
binary/octet-stream
access-control-allow-origin
https://www.threatfabric.com
x-evy-trace-virtual-host
all
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age
604800
access-control-allow-credentials
true
cache-control
public, max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray
82220addaa493804-FRA
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-85c95667b4-fc6l5
Lato-Bold.woff2
js.hs-banner.com/v2/fonts/Lato/ 		181 KB
181 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/v2/fonts/Lato/Lato-Bold.woff2
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:22e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ae88fc0d7a961832f809527d30bd3983a6866d42f66a56ade23f543681594db6

Request headers

Referer
https://www.threatfabric.com/
Origin
https://www.threatfabric.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 02:10:53 GMT
x-amz-version-id
sfEPVBYCXt80T0z5ul_KVf4SJIaFn86j
cf-cache-status
HIT
x-amz-request-id
JWXMA6TENNPB9ZEP
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-hubspot-correlation-id
1ddc3143-8aac-48c1-89ad-81a472aef713
age
1590559
x-envoy-upstream-service-time
34
content-length
184912
x-amz-id-2
IbAlzabc3sN0I6zY0gtKa/Coy+IEUhO5fo3BkkscRxMIJ2i0356NVSvRxbJCR/qXtljFqPWbddA=
x-evy-trace-listener
listener_https
x-request-id
1ddc3143-8aac-48c1-89ad-81a472aef713
x-evy-trace-route-configuration
listener_https/all
last-modified
Mon, 12 Sep 2022 19:35:53 GMT
server
cloudflare
etag
"cccb897485813c7c256901dbca54ecf2"
vary
origin, Accept-Encoding
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
binary/octet-stream
access-control-allow-origin
https://www.threatfabric.com
x-evy-trace-virtual-host
all
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age
604800
access-control-allow-credentials
true
cache-control
public, max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
cf-ray
82220addaa4b3804-FRA
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-85c95667b4-mlgh4
project.js
threatfabric-6701575.hs-sites.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ Frame 4BE6 		1 KB
953 B 		Script
General
Check archive.org
Download Go to
Full URL
https://threatfabric-6701575.hs-sites.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js
Requested by
Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:af5d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatfabric-6701575.hs-sites.com/hs-web-interactive-6701575-139494617102
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 02:10:53 GMT
via
1.1 f7b7cf90592cf6a380fd34cc45e9c4b4.cloudfront.net (CloudFront)
content-encoding
br
cf-cache-status
HIT
content-security-policy
upgrade-insecure-requests
age
602167
x-amz-cf-pop
FRA50-C1
x-amz-server-side-encryption
AES256
x-amz-version-id
P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 09 Nov 2021 16:12:42 GMT
server
cloudflare
etag
W/"61ca66de658cab9587e4636894680d5d"
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
82220ade4e7918d1-FRA
x-amz-cf-id
tyTcy9dgKTSNID40zzq7pAE5RO6j0NXSyXm_SEcHdFKq3bYxrnlF3A==
expires
Wed, 06 Nov 2024 02:10:53 GMT
module_-53649664999_Button_interactive.min.css
cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-53649664999/1699304531668/ Frame 4BE6 		114 B
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-53649664999/1699304531668/module_-53649664999_Button_interactive.min.css
Requested by
Host: threatfabric-6701575.hs-sites.com
URL: https://threatfabric-6701575.hs-sites.com/hs-web-interactive-6701575-139494617102
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:6fd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0b94925cc30a38d4cff4893ce00128a1314eeeee9fa06ffb2d3650a5077050ab

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatfabric-6701575.hs-sites.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-encoding
br
age
18486
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
x-amz-replication-status
PENDING
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
x-evy-trace-listener
listener_https
etag
W/"be7a4b154e718de7dee2ae186bac4fb8"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1699304531668
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-virtual-host
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Tue, 07 Nov 2023 02:10:53 GMT
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-cf-pop
IAD89-C1
x-hs-alternate-content-type
text/plain
x-hubspot-correlation-id
99f5b355-3729-4049-a55e-74b3b5237efb
x-amz-storage-class
INTELLIGENT_TIERING
x-envoy-upstream-service-time
171
alt-svc
h3=":443"; ma=86400
x-evy-trace-route-configuration
listener_https/all
x-request-id
99f5b355-3729-4049-a55e-74b3b5237efb
last-modified
Mon, 06 Nov 2023 21:02:12 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=J4YO998UJ3m14jB1hpplx%2FV0A4qoyiqjjEGIdni6IxU78mbT2lg2Fa2%2B94SlOz9wYG9TnBMJb94ZWkc0kENGaehDthwWC91W9Zfhgasjm1cZnBuF3Iu7af6UY9MrpCPxIN%2FcLRM30%2FgwNCmV16s%3D"}],"group":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/cms-cdn2-td/envoy-proxy-5745477c8b-fc8qf
cf-ray
82220ade4fcc925f-FRA
web-interactives-container.js
js.hubspot.com/ Frame 4BE6 		26 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hubspot.com/web-interactives-container.js
Requested by
Host: threatfabric-6701575.hs-sites.com
URL: https://threatfabric-6701575.hs-sites.com/hs-web-interactive-6701575-139494617102
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7923920bfd91508a3204881f312848ee362b0b94730a9688addf63319ddb22c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatfabric-6701575.hs-sites.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-encoding
br
age
444
x-evy-trace-route-service-name
envoyset-translator
x-amz-server-side-encryption
AES256
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-container/static-2.670/bundles/project.js&cfRay=822200034c54924f-FRA
x-amz-replication-status
COMPLETED
x-evy-trace-listener
listener_https
etag
W/"e41f306d205764e09a7c9157e5418925"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
x-evy-trace-virtual-host
all
cache-control
max-age=600
x-hs-target-asset
web-interactives-container/static-2.670/bundles/project.js
date
Tue, 07 Nov 2023 02:10:53 GMT
x-amz-version-id
O4H3NtYz6cYXAj2ZmmmEmiuNrYIeGt8c
via
1.1 3042bd56e0ca0a7910df89f6b5e95e9e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
IAD12-P3
x-hubspot-correlation-id
0e4cda24-6dd2-4831-9727-3c3ec9f4b122
x-cache
Hit from cloudfront
cache-tag
staticjsapp-web-interactives-container-web-prod,staticjsapp-prod
x-envoy-upstream-service-time
8
x-evy-trace-route-configuration
listener_https/all
x-request-id
0e4cda24-6dd2-4831-9727-3c3ec9f4b122
last-modified
Mon, 06 Nov 2023 15:34:56 UTC
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=zjt68BpcBnof1ms%2B81tS3Bvy6q5hR0LafqHBKGK9NBKLtPDHHMLngbPjEqc1Jaj6z4C8jHHYahr6ggX3IhdXGqvPdMjVtPtBdoqgkh8e%2BnoWWvi6Qf8tGZkYgcqYmt0qGakpy6a%2FGtyEF32z"}],"group":"cf-nel","max_age":604800}
x-hs-cache-status
MISS
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-7c89bb96b9-hjsqm
cf-ray
82220ade4a20bb61-FRA
x-amz-cf-id
qbRNFJmNV4UyPsJiswxxAYR_UmnHj7IUqkBviuA9m-qrVtwsx785zA==
Screenshot%202023-10-11%20at%2012.31.40.png
www.threatfabric.com/hubfs/ Frame 4BE6 		59 KB
60 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.threatfabric.com/hubfs/Screenshot%202023-10-11%20at%2012.31.40.png
Requested by
Host: threatfabric-6701575.hs-sites.com
URL: https://threatfabric-6701575.hs-sites.com/hs-web-interactive-6701575-139494617102
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:2c40::c73c:67fe , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
35865dbf3c65d9bb1073ae506fd96ecbd68e93f47010e4d76c253871c11dc3b8
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatfabric-6701575.hs-sites.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

content-security-policy
upgrade-insecure-requests
x-amz-meta-cache-tag
F-139652335544,P-6701575,FLS-ALL
age
59712
x-amz-request-id
0VR190HF0HCRW69R
x-amz-server-side-encryption
AES256
edge-cache-tag
F-139652335544,P-6701575,FLS-ALL
x-amz-replication-status
COMPLETED
x-hs-https-only
worker
content-disposition
inline; filename="Screenshot%202023-10-11%20at%2012.webp"
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
cf-bgj
imgq:85,h2pri
etag
"907f4f3544917764d0f78aa11c657e0e"
vary
Accept, Accept-Encoding
access-control-allow-methods
GET
content-type
image/webp
access-control-allow-origin
*
x-amz-meta-created-unix-time-millis
1697020322015
cache-control
s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-robots-tag
all
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
date
Tue, 07 Nov 2023 02:10:53 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 3199fed6c4260c9448326645d333530a.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-amz-version-id
p29qTtka7l5sxZPIe_n5XXo.M6EM7Psb
x-amz-cf-pop
FRA56-P7
x-hs-alternate-content-type
text/plain
cf-polished
origFmt=png, origSize=119469
x-cache
RefreshHit from cloudfront
cache-tag
F-139652335544,P-6701575,FLS-ALL
x-amz-meta-index-tag
all
x-amz-storage-class
INTELLIGENT_TIERING
alt-svc
h3=":443"; ma=86400
content-length
59942
x-amz-id-2
CsrtTz3lcd7V8RfBQzTfVnChSFA+Pz10mZDeIUcM0VqpzoThUl8lqHHqgwzedng3aM7/IW6UkG8i+Kms/snQliu8ic3r9M2wYZS7UdhRfwk=
last-modified
Wed, 11 Oct 2023 10:32:03 GMT
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aORLjufqa%2BAb%2BlCQmpID2W7tIz3Sa6ADfLVt1voaR7OypohWuVfwHlUWB6BYat57PvMfusr8sPRNtLQY7w5fjmfAEVgBjU17RoDiVzpXDyaSnO0Fp9V8CjnEkFOlXVAWoGpn%2FVwVlRv8vet0WeqAeM5p"}],"group":"cf-nel","max_age":604800}
accept-ranges
bytes
cf-ray
82220ade48469290-FRA
x-amz-cf-id
wzxKOvi0gQGYsxUYpeKEO0PvD_pJlES1RGwm5EhpGnNBoKyM8bkf1g==
embed.js
static.hsappstatic.net/content-cwv-embed/static-1.388/ Frame 4BE6 		14 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hsappstatic.net/content-cwv-embed/static-1.388/embed.js
Requested by
Host: threatfabric-6701575.hs-sites.com
URL: https://threatfabric-6701575.hs-sites.com/hs-web-interactive-6701575-139494617102
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:c060 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://threatfabric-6701575.hs-sites.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 02:10:53 GMT
x-amz-version-id
GNgANes_HpxlXMl5IDFfVeYnBgfaeeYN
via
1.1 018ffb575888f1c9ec960e3e977c042e.cloudfront.net (CloudFront)
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA56-P2
age
589212
x-amz-server-side-encryption
AES256
content-encoding
br
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Tue, 15 Aug 2023 19:48:57 GMT
server
cloudflare
etag
W/"8741985292d64b839be39c64b14f3783"
vary
Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=B6bfz9JinBQwvivRwwNnFhATjjd4K1o047D3QyxAwkaqDFpc11BUrMCyPDEeSD7%2FTab05RiWgDPrFZ14VclqdlG9UerojHFDPnO%2FkVobYGVkH6DWDBlkgnGG0G%2FWf8GDkFiZfG%2B%2BJUvQkePC84ssvZai6Cw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=31536000
cf-ray
82220ade7ec618e2-FRA
x-amz-cf-id
k_gHpvfnGWP3KOaVi1deeMqYFTweB1UnYNK_3W6jSRA-UzfpyBEvZw==
expires
Wed, 06 Nov 2024 02:10:53 GMT
200.woff2
threatfabric-6701575.hs-sites.com/_hcms/googlefonts/Kanit/ Frame 4BE6 		26 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatfabric-6701575.hs-sites.com/_hcms/googlefonts/Kanit/200.woff2
Requested by
Host: threatfabric-6701575.hs-sites.com
URL: https://threatfabric-6701575.hs-sites.com/hs-web-interactive-6701575-139494617102
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:af5d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0adb227efa2074c6ae2b5e686cf4d1949a6edfc05bd56fa81e34c9a2c69fb50a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Referer
https://threatfabric-6701575.hs-sites.com/hs-web-interactive-6701575-139494617102
Origin
https://threatfabric-6701575.hs-sites.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires
Tue, 21 Nov 2023 02:10:54 GMT
date
Tue, 07 Nov 2023 02:10:54 GMT
via
1.1 a5010656f4f762c0fdffac3448496b86.cloudfront.net (CloudFront)
cf-cache-status
REVALIDATED
content-security-policy
upgrade-insecure-requests
x-amz-cf-pop
FRA56-P7
x-amz-request-id
2MJQH8BY6X75ZVFP
x-amz-server-side-encryption
AES256
x-amz-version-id
.Y4_sica4_7w7dZrWB8zUo33LkbHGzIv
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
alt-svc
h3=":443"; ma=86400
content-length
26228
x-amz-id-2
OERQj6EB4G2GbaGgh1EFByjrBNETh7ogR/D3wNDOXFNOiFBx3CBcqlO0NKCSWCeKMQy826v78sM=
last-modified
Tue, 12 Sep 2023 20:07:00 GMT
server
cloudflare
etag
"a3acdea9b09d1ffdf16868a322d89c6c"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=1209600
accept-ranges
bytes
cf-ray
82220ade79dd4d2e-FRA
x-amz-cf-id
79WpW-jOR6CTWQWAiapUlpmbvYxntFk_EHlfwrNoWkXKp1XH4mq3xQ==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
300.woff2
threatfabric-6701575.hs-sites.com/_hcms/googlefonts/Kanit/ Frame 4BE6 		25 KB
26 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://threatfabric-6701575.hs-sites.com/_hcms/googlefonts/Kanit/300.woff2
Requested by
Host: threatfabric-6701575.hs-sites.com
URL: https://threatfabric-6701575.hs-sites.com/hs-web-interactive-6701575-139494617102
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:af5d , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9728b452d512186172bea32cce1b7783383378c4ef7154d5d91ea809b0945be0
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests

Request headers

Referer
https://threatfabric-6701575.hs-sites.com/hs-web-interactive-6701575-139494617102
Origin
https://threatfabric-6701575.hs-sites.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

expires
Tue, 21 Nov 2023 02:10:54 GMT
date
Tue, 07 Nov 2023 02:10:54 GMT
via
1.1 837a869ba82f4a85a2e5810b11746698.cloudfront.net (CloudFront)
cf-cache-status
REVALIDATED
content-security-policy
upgrade-insecure-requests
x-amz-cf-pop
FRA56-P7
x-amz-request-id
H2V1F7M5TDQV15FH
x-amz-server-side-encryption
AES256
x-amz-version-id
f23UgWIJex_4Ajk.sVq_m9m7teR.fwc2
x-cache
RefreshHit from cloudfront
x-hs-cf-lambda
us-east-1.EnforceAclForReads 3
alt-svc
h3=":443"; ma=86400
content-length
25584
x-amz-id-2
peKc79ndaJ1UjyOsCqDpIkj9c8sF7lMQuTY0u4UxZAOUnKPj8qaaycC9vJ1ssUKLxKu/rd0J6I4=
last-modified
Tue, 12 Sep 2023 20:06:50 GMT
server
cloudflare
etag
"7e8e7e46359db6f4601319808d1b17e5"
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=1209600
accept-ranges
bytes
cf-ray
82220ade79df4d2e-FRA
x-amz-cf-id
D6FLNeOyk-5v2kpRFtaXBOqbBQreQY1thy0jO6hnsMuTXFEdv1QoCQ==
x-hs-cf-lambda-enforce
us-east-1.EnforceAclForReads 3
__ptq.gif
track.hubspot.com/ 		45 B
758 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=1305947141&v=1.1&a=6701575&pi=139498405777&ct=blog-post&ccu=https%3A%2F%2Fwww.threatfabric.com%2Fblogs%2Fdroppers-bypassing-android-13-restrictions&cpi=139498405777&cgi=101307487134&lpi=139498405777&lvi=139498405777&lvc=en&pu=https%3A%2F%2Fwww.threatfabric.com%2Fblogs%2Fdroppers-bypassing-android-13-restrictions&t=Bypassing+Android+13+Restrictions+with+SecuriDropper&cts=1699323054748&rv=1&vi=e48f06dc7cea4b5e738543d6e0f68a1b&nc=true&ce=false&cc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:9a53 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 02:10:54 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
61ce0967-af12-4eb3-96e3-295b14edc95a
p3p
CP="NOI CUR ADM OUR NOR STA NID"
x-envoy-upstream-service-time
9
content-length
45
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
61ce0967-af12-4eb3-96e3-295b14edc95a
server
cloudflare
vary
origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3Ct6sub3rNKVY2XUGgg1nwmkr09wKQY4x0b3Gy%2BK9RBMscCiZeyZZ2GjxrTdkDB138Et%2B%2FnayfaGV0%2B97RqrfwQB65LRlRsiM5JIOmQjaNHOVoiH7%2Bejl1QSHcxyv5%2FKs3vhbbeA7Fhgi0tM2%2FOR"}],"group":"cf-nel","max_age":604800}
content-type
image/gif
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-674b9fb979-k752d
x-evy-trace-virtual-host
all
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
cf-ray
82220ae42d7dbb61-FRA
x-robots-tag
none
counters.gif
perf-na1.hsforms.com/embed/v3/ 		35 B
667 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://perf-na1.hsforms.com/embed/v3/counters.gif?key=interactive-shown&value=1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6811:eff9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.6045.105 Safari/537.36

Response headers

date
Tue, 07 Nov 2023 02:10:54 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
x-evy-trace-route-service-name
envoyset-translator
x-hubspot-correlation-id
8663eb66-1987-468c-9b6e-e2181c571b0b
x-envoy-upstream-service-time
15
alt-svc
h3=":443"; ma=86400
content-length
35
x-evy-trace-route-configuration
listener_https/all
x-evy-trace-listener
listener_https
x-request-id
8663eb66-1987-468c-9b6e-e2181c571b0b
last-modified
Tue, 07 Nov 2023 02:10:54 GMT
server
cloudflare
x-trace
2BADBE929AF0E7B25AD2A6CFA792A66794A9FA172C000000000000000000
vary
origin, Accept-Encoding
content-type
image/gif
x-evy-trace-virtual-host
all
x-evy-trace-served-by-pod
iad02/star-hubspot-td/envoy-proxy-79986f96f-97gbm
access-control-expose-headers
X-Origin-Hublet
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
false
accept-ranges
bytes
x-robots-tag
none
cf-ray
82220ae44a4b2bee-FRA

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
platform.linkedin.com
URL
https://platform.linkedin.com/in.js
Domain
connect.facebook.net
URL
https://connect.facebook.net/en_GB/all.js
Domain
platform.twitter.com
URL
https://platform.twitter.com/widgets.js

Verdicts & Comments Add Verdict or Comment

59 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| documentPictureInPicture function| gtag object| _hsp object| dataLayer boolean| _hsGoogleConsentRunOnce function| $ function| jQuery object| hsVars function| hs_i18n_log function| hs_i18n_substituteStrings function| hs_i18n_insertPlaceholders function| hs_i18n_getMessage undefined| module_2712622 function| js_beautify object| _self object| Prism object| _hsq string| _linkedin_partner_id object| _linkedin_data_partner_ids function| lintrk function| ScrollReveal function| EvEmitter function| imagesLoaded function| jQueryBridget function| getSize function| matchesSelector object| fizzyUIUtils function| Outlayer function| Isotope function| Masonry function| Typed function| TimezZ object| tocbot function| jarallax function| jsonpHandler number| headerHeight object| google_tag_manager object| google_tag_data object| process object| gaGlobal boolean| _already_called_lintrk boolean| PIXELS_RAN object| enabledEventSettings object| hsCtasOnReady object| __PRIVATE__HubspotCtaClient object| __hsWebInteractiveInstance object| hsConversationsOnReady boolean| hubspot_web_interactives_running object| __hsCollectedFormsDebug object| _paq function| sanitizeKey boolean| _hstc_loaded boolean| _hspb_loaded boolean| _hspb_ran boolean| _hstc_ran string| __hsUserToken number| expireDateTime

11 Cookies

Domain/Path Name / Value
.www.threatfabric.com/ Name: __cf_bm
Value: z8XwgdYIOVsKZkBVSs5w080B4g3dDyR4UENvTZwnEDY-1699323052-0-ARRiE8d4rPXw2ehx3gC5/ouc/S67ebgj11xjjhp9vTFbPdDM0Fut9SWmjU6Lkh3wUPkuuXnLWOppEvWz1f6AAlk=
.www.threatfabric.com/ Name: __cfruid
Value: 66770db1bde40e33d1795d7713cdfb14349df5c5-1699323052
.hubspot.com/ Name: __cf_bm
Value: LswZvo.LzdBxRTYvl7HpMlhu4tItyyjjLihlJKaQMaE-1699323053-0-Ad1+SaF0eDfcEUoVMHFQQ+Rw84Kl+uA2F0x2ZDVfc7fcRdGzpSukpe8RLplC0kpx/0HVt8Vtxikn9d1ETXDqdEI=
.linkedin.com/ Name: li_sugr
Value: bddf622d-6fc8-418e-83ce-b2da8afec6ee
.linkedin.com/ Name: bcookie
Value: "v=2&bf409cba-ca27-47ad-8de5-98d6d4be3194"
.linkedin.com/ Name: lidc
Value: "b=TGST02:s=T:r=T:a=T:p=T:g=3119:u=1:x=1:i=1699323053:t=1699409453:v=2:sig=AQHuvSbi_abDVIQPd8sp4mzO3mFou1ts"
.linkedin.com/ Name: UserMatchHistory
Value: AQIKOuXx-Q8AtQAAAYunjAYDRqI7ZsNM_BpCrLHZXEYyTMvZSWrSh2mLmSmfx3f_qv85Ahv_JhVNzA
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQJiTCaqIUyHdAAAAYunjAYDZ7vzgyBFk9DednwfJHABHwnBlduPQxUJ0ve2uziocym10t_ZGs41Ltt9vVoQMw
.hs-sites.com/ Name: __cfruid
Value: b7ebdc967c79d3a0c530305d0a7ddc42b873f616-1699323053
.www.linkedin.com/ Name: bscookie
Value: "v=1&2023110702105371837a78-268b-494a-8d95-23015c7dac58AQH7E79mjw8eIfK1vS8qexBTHUN0wXlf"
.linkedin.com/ Name: li_gc
Value: MTswOzE2OTkzMjMwNTM7MjswMjFc8VJKAqlcVuFCluK8k+WrVkLtN3MUbKIfZwyeuXa/rw==

3 Console Messages

Source Level URL
Text
security error URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions
Message:
Refused to load the script 'https://platform.linkedin.com/in.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' *.hubspot.com cdnjs.cloudflare.com *.hubspot.net *.hs-scripts.com *.hubspotfeedback.com www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com static.hsappstatic.net *.hs-banner.com *.hs-analytics.net *.hsadspixel.net js.hscta.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.com *.hsforms.net feedback.hubapi.com *.usemessages.com snap.licdn.com *.doubleclick.net". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions(Line 1250)
Message:
Refused to load the script 'https://connect.facebook.net/en_GB/all.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' *.hubspot.com cdnjs.cloudflare.com *.hubspot.net *.hs-scripts.com *.hubspotfeedback.com www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com static.hsappstatic.net *.hs-banner.com *.hs-analytics.net *.hsadspixel.net js.hscta.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.com *.hsforms.net feedback.hubapi.com *.usemessages.com snap.licdn.com *.doubleclick.net". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security error URL: https://www.threatfabric.com/blogs/droppers-bypassing-android-13-restrictions(Line 1252)
Message:
Refused to load the script 'https://platform.twitter.com/widgets.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' *.hubspot.com cdnjs.cloudflare.com *.hubspot.net *.hs-scripts.com *.hubspotfeedback.com www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com static.hsappstatic.net *.hs-banner.com *.hs-analytics.net *.hsadspixel.net js.hscta.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.com *.hsforms.net feedback.hubapi.com *.usemessages.com snap.licdn.com *.doubleclick.net". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' static.hsappstatic.net; script-src 'self' 'unsafe-inline' *.hubspot.com cdnjs.cloudflare.com *.hubspot.net *.hs-scripts.com *.hubspotfeedback.com www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com static.hsappstatic.net *.hs-banner.com *.hs-analytics.net *.hsadspixel.net js.hscta.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.com *.hsforms.net feedback.hubapi.com *.usemessages.com snap.licdn.com *.doubleclick.net; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.hubspot.net static.hsappstatic.net fonts.googleapis.com; img-src 'self' data: *.hubspot.com *.hubspot.net static.hsappstatic.net *.hsforms.com *.hsforms.net js.hscta.net *.linkedin.com www.google.com maps.gstatic.com maps.googleapis.com; font-src 'self' cdnjs.cloudflare.com *.hs-banner.com fonts.gstatic.com; connect-src 'self' *.hubspot.com *.hubapi.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com js.hscta.net *.google-analytics.com www.google.com maps.googleapis.com *.doubleclick.net; child-src 'self' *.hsforms.com; frame-src 'self' *.hubspot.com *.hubspot.net *.hs-sites.com *.hsforms.com *.hsforms.net play.hubspotvideo.com www.google.com; frame-ancestors 'self'; upgrade-insecure-requests
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.hubspot.com
cdn2.hubspot.net
cdnjs.cloudflare.com
connect.facebook.net
cta-service-cms2.hubspot.com
forms.hscollectedforms.net
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
js.hscollectedforms.net
js.hubspot.com
perf-na1.hsforms.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.google-analytics.com
snap.licdn.com
static.hsappstatic.net
threatfabric-6701575.hs-sites.com
track.hubspot.com
www.googletagmanager.com
www.linkedin.com
www.threatfabric.com
connect.facebook.net
platform.linkedin.com
platform.twitter.com
13.107.42.14
2001:4860:4802:32::36
2606:2c40::c73c:67fe
2606:4700:4400::6812:22e5
2606:4700::6810:50ba
2606:4700::6810:6fd1
2606:4700::6810:bb59
2606:4700::6811:190e
2606:4700::6811:589a
2606:4700::6811:af5d
2606:4700::6811:c060
2606:4700::6811:e3a3
2606:4700::6811:eff9
2606:4700::6813:9a53
2620:1ec:21::14
2a00:1450:4001:810::2008
2a02:26f0:480:f::213:7ec6
02171f0bcc688e2ceedccddb2a68b0e7a0187ccffce23671564f1c51573ad5a7
04fab1c78f8bb058ca2878689aa72b5dc437efd5370f520a682291a6e9a6c190
0adb227efa2074c6ae2b5e686cf4d1949a6edfc05bd56fa81e34c9a2c69fb50a
0b94925cc30a38d4cff4893ce00128a1314eeeee9fa06ffb2d3650a5077050ab
0d65652e4a1175891a46374d16ec569329b2e667eedb5770ce7ce193fd8fd41a
1792bc5e743bd0ac0fd96fbb6009f36867ffc40ee02f99b87b142a5720e59894
200cef31a4664eb38f1293062efc3d5acf8e769cc27242418b198a0aa4b20492
2126d13951d660b735a803ddd2572268e66210fa2a60a1be6b56e9fca2d8fb58
2148aae183c99fd22de0fa5ac66943716f59908dc935b3b3ca7f02cfdeca17f4
24ff2277e918bba1af6262f196757d83d3700f77029576dda90fd36b14858731
2a448b9bbfefb181e970942d95b976b8c437cae5dc6fb283336186fb337449a0
2d5c291cc9ce12740d42109fbf4384252918103351a98793ffa71f764ea3e4cf
34942d531ecf961a2a6777526aef0c7d17f28a4ce9afcac868eb132c700bfe5a
35865dbf3c65d9bb1073ae506fd96ecbd68e93f47010e4d76c253871c11dc3b8
401925a1114f7003121630392768d35516be54a4028f01024528aeae99a45a56
4554c59ffaf9a86e08194f2af04f58a31cc3eff5fc829869cfcaf1b90e7fda5c
5172f440714da51e243a13e0f93911405618326b2013313b682caa428c47e6ef
5b3086a886aa8649ecbf496ac913a1aa443926cd2fff610be2d136c9598bcd8b
5c3ab0c8c22e0b7d05b7c9a5a8caca6de4aa184eac72ddfecbed5dab3c277abe
639127081177ea5058409066f97e84fb8ffdad426754956248f4ed77b45bd606
6685b4f71edb4ae81b8a710e36f8c794c3e731feeb17614e476daf056b06a824
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
74c17452683150ad0f623fdd9a849ba85d73fb9d221cebe9aa11db52969dbe23
81c7e857eda5199104006f9321bf5587cf27fcf5057cbb1052aee01e33c182e5
863886e2347be57cf71d7ed3fc614593e94bbce61858cd8c0761ba7a78d2ace4
88e53f842be1a989a5194700504adb35a8a6be7d809a95f5c905d9235074d7bd
89bf8cdea73ce776d6b81d03837bc7f04af5e3946b839a3c0bfbf3094ad3f7be
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
928e23e6b9fcef82c5f1d1f05b6f7fc5a6e187c60195e59fbf16fc9d071ee057
9728b452d512186172bea32cce1b7783383378c4ef7154d5d91ea809b0945be0
983b0caf336e8542214fc17019a4fc5e0360864b92806ca14d55c1fc1c2c5a0f
9bbf491721b1c52d20bbdfecdcb429e0d8ad60747669e16de280b17aaf601fda
9c3ceec955f96bbdef0567a87a60077187cf7fd717f1ae28b044f5930a1c6847
a924c55af6e42515871fdd850703bea91aedd280d30febc3ddc9f674df234785
ae88fc0d7a961832f809527d30bd3983a6866d42f66a56ade23f543681594db6
af1e6edc875a382b338bb25bd7c5c3f474a7f1b36212002a5896dd06f2186325
b023c3b26ca69356ad0aa6b6296d5e6a337ec10ca1f8275483437202a03c381c
b2786ec27f79bfe80d53f8d343d744075018bd8172a667f8c592ba76df73611e
b754a50214c3af13ad5b80267b36a52a379030f4cdf28ea62bdc23121fb63963
b7b87f1b48aa75784afb205b3d567664641bc056af2e20b5873da2c90605b7d2
b7def49f05a6bc9e59008235ad2ae2ef64bbe1378b6a9ad3afdd7afb0ab8d74c
c16d59010b5c7bc246cc28fa0b991da4aaf6ed332f99940a4d5bd29de1ad43de
c34c987489e3315e129e833033d48f98eca5aeb8b5f8967e86ae4f9244645cb8
cb34d8636a245588609d628db0729f52b2528476f5ce3f45e53b1e5b6adacfbf
d92c25b1d90bdf3fb25373c5e3de35b1256f47a96575d58b4e6ae10be499d76d
da2bc945387c1c0a90d26398a695c73ad21b5c258c4835746e9f09401feb3001
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dc377d0b25d1c78cd2fb2d8c9b3cc8fe12db24bd47084deda1129905ca256099
e082d568fb44df37fa453a514a8e553c889abe144c5c73866c1f020e4ccfbc49
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f7923920bfd91508a3204881f312848ee362b0b94730a9688addf63319ddb22c
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fa7fe4fd0aef1b94a3910f43b99060d1fcf2b12302726c4f52146ca1f613e516
fd5e0c3a0682f03217f201588e51e77bf778d5506224074918f505423f0e25a2
fe39ad014d6978fa31159dc5f0fb13d1f7f443571507566a2f6b8e95e90496c2