research.openanalysis.net Open in urlscan Pro
2606:50c0:8000::153  Public Scan

10 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

12 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request mystic_stealer.html Show response research.openanalysis.net/mystic%20stealer/stealer/obfuscation/cpp/2023/10/01/	62 KB 12 KB	340ms 213ms	Document text/html	2606:50c0:8000::153 FASTLY
General Check archive.org Show headers Download Go to Full URL https://research.openanalysis.net/mystic%20stealer/stealer/obfuscation/cpp/2023/10/01/mystic_stealer.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:50c0:8000::153 , United States, ASN54113 (FASTLY, US), Reverse DNS Software GitHub.com / Resource Hash 995d7ebd0bee51845cbfb58a582856317b59a631a3ee84e41795afb6176772f9 Request headers Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Response headers accept-ranges bytes access-control-allow-origin * age 0 cache-control max-age=600 content-encoding gzip content-length 11666 content-type text/html; charset=utf-8 date Thu, 21 Nov 2024 08:11:30 GMT etag W/"66fb34f2-f88a" expires Thu, 21 Nov 2024 08:21:30 GMT last-modified Mon, 30 Sep 2024 23:32:02 GMT server GitHub.com vary Accept-Encoding via 1.1 varnish x-cache MISS x-cache-hits 0 x-fastly-request-id a63a5c434a40a520a8452ad6f4888f8860431da7 x-github-request-id 72D9:52DD1:FFD64F:10632E6:673EEB32 x-proxy-cache MISS x-served-by cache-mxp6974-MXP x-timer S1732176690.322562,VS0,VE165
GET H2	200	style.css research.openanalysis.net/assets/css/	20 KB 5 KB	161ms 160ms	Stylesheet text/css	2606:50c0:8000::153 FASTLY
General Check archive.org Show headers Download Go to Full URL https://research.openanalysis.net/assets/css/style.css Requested by Host: research.openanalysis.net URL: https://research.openanalysis.net/mystic%20stealer/stealer/obfuscation/cpp/2023/10/01/mystic_stealer.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:50c0:8000::153 , United States, ASN54113 (FASTLY, US), Reverse DNS Software GitHub.com / Resource Hash 7520646fc7e1337f44f20886643f665d18dd11127ac82dcae77f772d9ccb4d33 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://research.openanalysis.net/mystic%20stealer/stealer/obfuscation/cpp/2023/10/01/mystic_stealer.html Response headers x-fastly-request-id adb51f2422ea004a97edccba7483827f39927b09 content-encoding gzip etag W/"66fb34f2-4e1f" age 0 x-github-request-id 4E02:2FD908:F6EA2D:FD442D:673EEB32 expires Thu, 21 Nov 2024 08:21:30 GMT x-proxy-cache MISS x-cache MISS date Thu, 21 Nov 2024 08:11:30 GMT content-type text/css; charset=utf-8 last-modified Mon, 30 Sep 2024 23:32:02 GMT x-served-by cache-mxp6974-MXP x-cache-hits 0 vary Accept-Encoding cache-control max-age=600 x-timer S1732176691.543051,VS0,VE111 via 1.1 varnish accept-ranges bytes access-control-allow-origin * content-length 4802 server GitHub.com
GET H3	200	primer.css cdnjs.cloudflare.com/ajax/libs/Primer/15.2.0/	200 KB 21 KB	126ms 83ms	Stylesheet text/css	104.17.24.14 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/Primer/15.2.0/primer.css Requested by Host: research.openanalysis.net URL: https://research.openanalysis.net/mystic%20stealer/stealer/obfuscation/cpp/2023/10/01/mystic_stealer.html Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash e85c012e50453d8f6df10075c60e872e24bdf889707b51462d3af8292d74691f Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Origin https://research.openanalysis.net Referer https://research.openanalysis.net/ Response headers cf-cdnjs-via cfworker/kv content-encoding br cf-cache-status HIT etag "5f68c793-320ac" age 43028 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TcvzWM0w88azfivi0BvD7TGvEQFoabB4QPCG7b3uItfcsB16HYijJd5iHjy603O2LELl0JQgc6O%2FPrLFBKPVv7%2FnSZgjjDZiMj2qeWhm4DKnSVCkqtQMy1qVkcLqiDp3YVDJxrlH"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff expires Tue, 11 Nov 2025 08:11:30 GMT alt-svc h3=":443"; ma=86400 server-timing cfExtPri date Thu, 21 Nov 2024 08:11:30 GMT content-type text/css; charset=utf-8 last-modified Mon, 21 Sep 2020 15:32:35 GMT vary Accept-Encoding priority u=0,i=?0 strict-transport-security max-age=15780000 cache-control public, max-age=30672000 timing-allow-origin * nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} cross-origin-resource-policy cross-origin cf-ray 8e5f359c2c25dbef-FRA accept-ranges bytes access-control-allow-origin * content-length 20730 server cloudflare
GET H3	200	all.min.css cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/	58 KB 11 KB	90ms 46ms	Stylesheet text/css	104.17.24.14 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css Requested by Host: research.openanalysis.net URL: https://research.openanalysis.net/mystic%20stealer/stealer/obfuscation/cpp/2023/10/01/mystic_stealer.html Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Origin https://research.openanalysis.net Referer https://research.openanalysis.net/ Response headers cf-cdnjs-via cfworker/kv content-encoding br cf-cache-status HIT etag "5f0f47d3-e637" age 41262 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8BUW4MdscFxdGn6Za8HH%2FaxeZFfRFUu24WGBp7oQyGWoWU33%2FJ1BLeAr3%2B6aOYY%2FuuN3yEFwW4bue6AUuGWw0MVPmZP8zq8J3%2B6z0H0NkUY7FGTppnXxZxZ6JPlyJKLrviJFjRy%2B"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff expires Tue, 11 Nov 2025 08:11:30 GMT alt-svc h3=":443"; ma=86400 server-timing cfExtPri date Thu, 21 Nov 2024 08:11:30 GMT content-type text/css; charset=utf-8 last-modified Wed, 15 Jul 2020 18:15:47 GMT vary Accept-Encoding priority u=0,i=?0 strict-transport-security max-age=15780000 cache-control public, max-age=30672000 timing-allow-origin * nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} cross-origin-resource-policy cross-origin cf-ray 8e5f359c2c22dbef-FRA accept-ranges bytes access-control-allow-origin * content-length 10391 server cloudflare
GET H3	200	-YouTube-FF0000 img.shields.io/badge/	915 B 1 KB	105ms 50ms	Image image/svg+xml	172.67.173.89 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://img.shields.io/badge/-YouTube-FF0000 Requested by Host: research.openanalysis.net URL: https://research.openanalysis.net/mystic%20stealer/stealer/obfuscation/cpp/2023/10/01/mystic_stealer.html Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.173.89 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 958b273c7907e71e100edb668de5e9c220130dc4a10c483cac9f90d43f111c85 Security Headers Name Value Content-Security-Policy script-src 'none'; Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://research.openanalysis.net/ Response headers content-encoding zstd cf-cache-status HIT age 379978 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UWIP5SVSl2vwpsmOAilAc0jFK7%2FKV2wMCAc3mCiyvtjwMmgSD3c1dQ%2Bg3IueiJuqNkbvUF5RCOKP8sCucRA8m4q5ukRa0Zgj9yrQamfyVRcXHh%2FEpcdfsuRUL%2Fej5hGWRQ%3D%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=39923&sent=11&recv=8&lost=0&retrans=0&sent_bytes=4129&recv_bytes=4689&delivery_rate=79482&cwnd=12000&unsent_bytes=0&cid=9a82a508d4e8c836&ts=54&x=1", cfExtPri, cfHdrFlush;dur=0 date Thu, 21 Nov 2024 08:11:30 GMT content-type image/svg+xml;charset=utf-8 last-modified Mon, 11 Nov 2024 04:06:39 GMT fly-request-id 01JCVJ1ETC24W1ECE3FZXTKWZD-fra priority u=2,i vary Accept-Encoding content-security-policy script-src 'none'; cache-control max-age=432000, s-maxage=432000 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cross-origin-resource-policy cross-origin via 1.1 fly.io cf-ray 8e5f359c3dcfd9da-FRA access-control-allow-origin * server cloudflare
GET H3	200	oalabslive img.shields.io/twitch/status/	2 KB 2 KB	424ms 369ms	Image image/svg+xml	172.67.173.89 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://img.shields.io/twitch/status/oalabslive?style=social Requested by Host: research.openanalysis.net URL: https://research.openanalysis.net/mystic%20stealer/stealer/obfuscation/cpp/2023/10/01/mystic_stealer.html Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.173.89 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 3102e7ea421c5b383635d9bc26c72442fedf142cbc2ffd1b4996ab66bd5dcd0d Security Headers Name Value Content-Security-Policy script-src 'none'; Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://research.openanalysis.net/ Response headers content-encoding zstd cf-cache-status EXPIRED report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1sQppRkQsF4Vg0g4D95Dh1yhFvVXlA9OBW2vC3HAyHIvExAFEgsjRPV%2FxQAabpnnx4x0su1rCG1vHfEGgBfb77T6VrZ8u6MlTxYrtgMnV4DDc%2Bbc0yFqvXIOUIvjXVEGSw%3D%3D"}],"group":"cf-nel","max_age":604800} expires Thu, 21 Nov 2024 08:12:00 GMT alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=45888&sent=20&recv=15&lost=0&retrans=0&sent_bytes=8148&recv_bytes=5646&delivery_rate=26116&cwnd=12000&unsent_bytes=0&cid=9a82a508d4e8c836&ts=368&x=1", cfExtPri, cfHdrFlush;dur=0 date Thu, 21 Nov 2024 08:11:30 GMT content-type image/svg+xml;charset=utf-8 last-modified Thu, 21 Nov 2024 08:11:30 GMT fly-request-id 01JD6WDFFK0WXP6R3FEHRBSAMJ-arn priority u=2,i vary Accept-Encoding content-security-policy script-src 'none'; cache-control max-age=30, s-maxage=30 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cross-origin-resource-policy cross-origin via 1.1 fly.io cf-ray 8e5f359c3dcdd9da-FRA access-control-allow-origin * server cloudflare
GET H3	200	-Join%20Our%20Discord-blueviolet img.shields.io/badge/	961 B 1 KB	50ms 50ms	Image image/svg+xml	172.67.173.89 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://img.shields.io/badge/-Join%20Our%20Discord-blueviolet Requested by Host: research.openanalysis.net URL: https://research.openanalysis.net/mystic%20stealer/stealer/obfuscation/cpp/2023/10/01/mystic_stealer.html Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.173.89 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cbfc31ced385e704856825a95b1b4646f73d6d09c8a12be51f56d1395e16f9a3 Security Headers Name Value Content-Security-Policy script-src 'none'; Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://research.openanalysis.net/ Response headers content-encoding zstd cf-cache-status HIT age 121700 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=NJO4%2FYmlFxWGn6tXqY%2FQjrHH3d5nBD9HhKaLT6Qj7HGfwBG1M88BOZ2gv9cMTZN5D2A3h0dwZOKMB275nfCfDZNQYwO0gXkVZJb3y5CazthadoJEgwI3MnKhe220Wx6KCA%3D%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=41850&sent=15&recv=12&lost=0&retrans=0&sent_bytes=5513&recv_bytes=5190&delivery_rate=44458&cwnd=12000&unsent_bytes=0&cid=9a82a508d4e8c836&ts=106&x=1", cfExtPri, cfHdrFlush;dur=0 date Thu, 21 Nov 2024 08:11:30 GMT content-type image/svg+xml;charset=utf-8 last-modified Tue, 19 Nov 2024 04:06:48 GMT fly-request-id 01JD38BFDWKASMJNK2R3DVA38E-fra priority u=2,i vary Accept-Encoding content-security-policy script-src 'none'; cache-control max-age=432000, s-maxage=432000 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cross-origin-resource-policy cross-origin via 1.1 fly.io cf-ray 8e5f359c8e72d9da-FRA access-control-allow-origin * server cloudflare
GET H3	200	-OALABS%20Patreon-FF424D img.shields.io/badge/	947 B 1 KB	52ms 52ms	Image image/svg+xml	172.67.173.89 CLOUDFLARENET
General Check archive.org Show headers Download Go to Show image Full URL https://img.shields.io/badge/-OALABS%20Patreon-FF424D Requested by Host: research.openanalysis.net URL: https://research.openanalysis.net/mystic%20stealer/stealer/obfuscation/cpp/2023/10/01/mystic_stealer.html Protocol H3 Security QUIC, , AES_128_GCM Server 172.67.173.89 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a6d9fee6f4b9c5e9ac913a6d415b194bc16e151168f5c76de301e6e01f1eab39 Security Headers Name Value Content-Security-Policy script-src 'none'; Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://research.openanalysis.net/ Response headers content-encoding zstd cf-cache-status HIT age 121700 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cT2nkEDH3F2OTnpFTwBQhSoPQrz5EVocehc9WpK6KFYmeiDOWxYEgwSrG9cherHIgFfBu9DOxbUzbN02WGTJrpxuH5Va%2Fk7Y28XtsCgoDZ%2B5bl5JNcTaPnO62t1uKgx8mA%3D%3D"}],"group":"cf-nel","max_age":604800} alt-svc h3=":443"; ma=86400 server-timing cfL4;desc="?proto=QUIC&rtt=45322&sent=18&recv=14&lost=0&retrans=0&sent_bytes=6846&recv_bytes=5603&delivery_rate=26165&cwnd=12000&unsent_bytes=0&cid=9a82a508d4e8c836&ts=159&x=1", cfExtPri, cfHdrFlush;dur=0 date Thu, 21 Nov 2024 08:11:30 GMT content-type image/svg+xml;charset=utf-8 last-modified Sun, 17 Nov 2024 13:34:16 GMT fly-request-id 01JD38BFJ8FDWYA0HPFD9AV190-fra priority u=2,i vary Accept-Encoding content-security-policy script-src 'none'; cache-control max-age=432000, s-maxage=432000 nel {"success_fraction":0,"report_to":"cf-nel","max_age":604800} cross-origin-resource-policy cross-origin via 1.1 fly.io cf-ray 8e5f359cdefad9da-FRA access-control-allow-origin * server cloudflare
GET H2	200	github.svg research.openanalysis.net/assets/badges/	2 KB 1 KB	161ms 161ms	Image image/svg+xml	2606:50c0:8000::153 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://research.openanalysis.net/assets/badges/github.svg Requested by Host: research.openanalysis.net URL: https://research.openanalysis.net/mystic%20stealer/stealer/obfuscation/cpp/2023/10/01/mystic_stealer.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:50c0:8000::153 , United States, ASN54113 (FASTLY, US), Reverse DNS Software GitHub.com / Resource Hash d628f183c4edc3762b60c01b60b4b19358dda80f7cb660d08e6b0b326073b8ff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://research.openanalysis.net/mystic%20stealer/stealer/obfuscation/cpp/2023/10/01/mystic_stealer.html Response headers x-fastly-request-id edbb6b7007d58007ca50fdca0e100d5bd5d0dd11 content-encoding gzip etag W/"66fb34f2-7d6" age 0 x-github-request-id E605:2FD908:F6EA79:FD447D:673EEB32 expires Thu, 21 Nov 2024 08:21:30 GMT x-proxy-cache MISS x-cache MISS date Thu, 21 Nov 2024 08:11:30 GMT content-type image/svg+xml last-modified Mon, 30 Sep 2024 23:32:02 GMT x-served-by cache-mxp6974-MXP x-cache-hits 0 vary Accept-Encoding cache-control max-age=600 x-timer S1732176691.712897,VS0,VE108 via 1.1 varnish accept-ranges bytes access-control-allow-origin * content-length 1142 x-origin-cache HIT server GitHub.com
GET H2	200	minima-social-icons.svg research.openanalysis.net/assets/	15 KB 6 KB	170ms 170ms	Other image/svg+xml	2606:50c0:8000::153 FASTLY
General Check archive.org Show headers Download Go to Full URL https://research.openanalysis.net/assets/minima-social-icons.svg Requested by Host: research.openanalysis.net URL: https://research.openanalysis.net/mystic%20stealer/stealer/obfuscation/cpp/2023/10/01/mystic_stealer.html Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:50c0:8000::153 , United States, ASN54113 (FASTLY, US), Reverse DNS Software GitHub.com / Resource Hash 02ef9d85d5cf1081d5abd7f6a71bced5254a6b641aed8258c850a3a9245ce509 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://research.openanalysis.net/mystic%20stealer/stealer/obfuscation/cpp/2023/10/01/mystic_stealer.html Response headers x-fastly-request-id b35e4ffe4dd01c42efcfdf2ffd02f1076412e234 content-encoding gzip etag W/"66fb34f2-3a99" age 0 x-github-request-id 81B7:1CE726:FCD2EC:1032E7C:673EEB32 expires Thu, 21 Nov 2024 08:21:30 GMT x-proxy-cache MISS x-cache MISS date Thu, 21 Nov 2024 08:11:30 GMT content-type image/svg+xml last-modified Mon, 30 Sep 2024 23:32:02 GMT x-served-by cache-mxp6974-MXP x-cache-hits 0 vary Accept-Encoding cache-control max-age=600 x-timer S1732176691.714493,VS0,VE122 via 1.1 varnish accept-ranges bytes access-control-allow-origin * content-length 6282 server GitHub.com
GET H3	200	fa-solid-900.woff2 cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/webfonts/	78 KB 79 KB	51ms 51ms	Font application/octet-stream	104.17.24.14 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/webfonts/fa-solid-900.woff2 Requested by Host: cdnjs.cloudflare.com URL: https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash cfe3b7382e477059da11be2099914b94f0e2a4f08240c60542c376957b8d9658 Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Origin https://research.openanalysis.net Referer https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.14.0/css/all.min.css Response headers cf-cdnjs-via cfworker/kv cf-cache-status HIT etag "5f0f47d3-13914" age 55584 report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BiUBqKr%2FN867JBlqEeXOsCa6K7Hm0O7ScLRWIQPHchy1c1Qxm7i5UDZQmaoOXB2QaFhstHpHP6BBJyIC7zdon4%2BRWClMRS2yurzk77UYaFGWruVNqAsIHuUREGAl9sbhKKBHffVL"}],"group":"cf-nel","max_age":604800} x-content-type-options nosniff expires Tue, 11 Nov 2025 08:11:30 GMT alt-svc h3=":443"; ma=86400 server-timing cfExtPri date Thu, 21 Nov 2024 08:11:30 GMT content-type application/octet-stream; charset=utf-8 last-modified Wed, 15 Jul 2020 18:15:47 GMT vary Accept-Encoding priority u=0,i=?0 strict-transport-security max-age=15780000 cache-control public, max-age=30672000 timing-allow-origin * nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} cross-origin-resource-policy cross-origin cf-ray 8e5f359d2dd8dbef-FRA accept-ranges bytes access-control-allow-origin * content-length 80148 server cloudflare
GET H2	200	favicon.ico research.openanalysis.net/images/	2 KB 2 KB	167ms 167ms	Other image/vnd.microsoft.icon	2606:50c0:8000::153 FASTLY
General Check archive.org Show headers Download Go to Full URL https://research.openanalysis.net/images/favicon.ico Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:50c0:8000::153 , United States, ASN54113 (FASTLY, US), Reverse DNS Software GitHub.com / Resource Hash 36c8bbf98bdc49a0f69f3b192d927dfbdb5207a654b58685289ef23ab938ff63 Request headers User-Agent Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36 Referer https://research.openanalysis.net/mystic%20stealer/stealer/obfuscation/cpp/2023/10/01/mystic_stealer.html Response headers x-fastly-request-id d73238f86f0a321c789384d813e000c2c7a12048 content-encoding gzip etag W/"66fb34f2-8b8" age 0 x-github-request-id F530:59F72:F8D592:FF2F76:673EEB32 expires Thu, 21 Nov 2024 08:21:31 GMT x-proxy-cache MISS x-cache MISS date Thu, 21 Nov 2024 08:11:31 GMT content-type image/vnd.microsoft.icon last-modified Mon, 30 Sep 2024 23:32:02 GMT x-served-by cache-mxp6974-MXP x-cache-hits 0 vary Accept-Encoding cache-control max-age=600 x-timer S1732176691.973743,VS0,VE113 via 1.1 varnish accept-ranges bytes access-control-allow-origin * content-length 2212 server GitHub.com

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

function| wrap_img

0 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

cdnjs.cloudflare.com
img.shields.io
research.openanalysis.net
104.17.24.14
172.67.173.89
2606:50c0:8000::153
02ef9d85d5cf1081d5abd7f6a71bced5254a6b641aed8258c850a3a9245ce509
14cbd9b866a9b092e3a2e03a93b128da5baca005fd8b44a1956146eaab7b48b7
3102e7ea421c5b383635d9bc26c72442fedf142cbc2ffd1b4996ab66bd5dcd0d
36c8bbf98bdc49a0f69f3b192d927dfbdb5207a654b58685289ef23ab938ff63
7520646fc7e1337f44f20886643f665d18dd11127ac82dcae77f772d9ccb4d33
958b273c7907e71e100edb668de5e9c220130dc4a10c483cac9f90d43f111c85
995d7ebd0bee51845cbfb58a582856317b59a631a3ee84e41795afb6176772f9
a6d9fee6f4b9c5e9ac913a6d415b194bc16e151168f5c76de301e6e01f1eab39
cbfc31ced385e704856825a95b1b4646f73d6d09c8a12be51f56d1395e16f9a3
cfe3b7382e477059da11be2099914b94f0e2a4f08240c60542c376957b8d9658
d628f183c4edc3762b60c01b60b4b19358dda80f7cb660d08e6b0b326073b8ff
e85c012e50453d8f6df10075c60e872e24bdf889707b51462d3af8292d74691f