www.threatfabric.com Open in urlscan Pro
2606:2c40::c73c:6702 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant
Submission: On September 25 via api (September 25th 2024, 2:14:40 am UTC) from TR — Scanned from DE

Summary HTTP 64 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 21 IPs in 2 countries across 20 domains to perform 64 HTTP transactions. The main IP is 2606:2c40::c73c:6702, located in United States and belongs to CLOUDFLARESPECTRUM Cloudflare, Inc., US. The main domain is www.threatfabric.com.
TLS certificate: Issued by WE1 on September 6th 2024. Valid for: 3 months.

This is the only time www.threatfabric.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
26	2606:2c40::c7... 2606:2c40::c73c:6702	209242 (CLOUDFLAR...) (CLOUDFLARESPECTRUM Cloudflare)
6	2606:4700::68... 2606:4700::6811:180e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6812:5b3e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:831::2008	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:af5b	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:8cd1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:350... 2a02:26f0:3500:10::210:a9a	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2606:4700::68... 2606:4700::6810:7674	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	2606:4700:440... 2606:4700:4400::6812:28f0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:6bfe	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:80ac	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6811:afc9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:4700::68... 2606:4700::6810:7574	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 2	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2	2606:4700::68... 2606:4700::6812:50cc	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:e072	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:80b::200a	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:82b::2003	15169 (GOOGLE) (GOOGLE)
64	21

26 2606:2c40::c73c:6702 (United States)

ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US)

www.threatfabric.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6811:180e (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:5b3e (United States)

ASN13335 (CLOUDFLARENET, US)

cdn2.hubspot.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:831::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:af5b (United States)

ASN13335 (CLOUDFLARENET, US)

static.hsappstatic.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:8cd1 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:10::210:a9a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:7674 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2606:4700:4400::6812:28f0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:6bfe (United States)

ASN13335 (CLOUDFLARENET, US)

js.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hscollectedforms.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:80ac (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsadspixel.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:afc9 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:7574 (United States)

ASN13335 (CLOUDFLARENET, US)

app.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:50cc (United States)

ASN13335 (CLOUDFLARENET, US)

perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:e072 (United States)

ASN13335 (CLOUDFLARENET, US)

threatfabric-6701575.hs-sites.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
26	threatfabric.com www.threatfabric.com	2 MB
6	cloudflare.com cdnjs.cloudflare.com — Cisco Umbrella Rank: 257	65 KB
4	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2719	28 KB
4	hubspot.com js.hubspot.com — Cisco Umbrella Rank: 4150 app.hubspot.com — Cisco Umbrella Rank: 6391 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 4335 track.hubspot.com — Cisco Umbrella Rank: 2877	28 KB
3	linkedin.com platform.linkedin.com Failed px.ads.linkedin.com — Cisco Umbrella Rank: 358 Failed px4.ads.linkedin.com — Cisco Umbrella Rank: 6989	2 KB
2	gstatic.com fonts.gstatic.com	46 KB
2	hsforms.com perf-na1.hsforms.com — Cisco Umbrella Rank: 4463	1 KB
2	hscollectedforms.net js.hscollectedforms.net — Cisco Umbrella Rank: 5221 forms.hscollectedforms.net — Cisco Umbrella Rank: 5386	25 KB
2	hubspot.net cdn2.hubspot.net — Cisco Umbrella Rank: 10281	4 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 3391
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 46	865 B
1	hs-sites.com threatfabric-6701575.hs-sites.com
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2752	25 KB
1	hsadspixel.net js.hsadspixel.net — Cisco Umbrella Rank: 3701	4 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 906	14 KB
1	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2991	1 KB
1	hsappstatic.net static.hsappstatic.net — Cisco Umbrella Rank: 6517	5 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 57	96 KB
0	twitter.com Failed platform.twitter.com Failed
0	facebook.net Failed connect.facebook.net Failed
64	20

	Domain	Requested by
26	www.threatfabric.com	www.threatfabric.com
6	cdnjs.cloudflare.com	www.threatfabric.com
4	js.hs-banner.com	www.threatfabric.com js.hs-banner.com
2	fonts.gstatic.com	fonts.googleapis.com
2	perf-na1.hsforms.com	www.threatfabric.com
2	px.ads.linkedin.com	snap.licdn.com www.threatfabric.com
2	cdn2.hubspot.net	www.threatfabric.com
1	track.hubspot.com
1	region1.google-analytics.com	www.googletagmanager.com
1	fonts.googleapis.com	js.hs-banner.com
1	threatfabric-6701575.hs-sites.com	js.hubspot.com
1	forms.hscollectedforms.net	js.hscollectedforms.net
1	cta-service-cms2.hubspot.com	js.hubspot.com
1	px4.ads.linkedin.com	www.threatfabric.com
1	app.hubspot.com	www.threatfabric.com
1	js.hs-analytics.net	www.threatfabric.com
1	js.hsadspixel.net	www.threatfabric.com
1	js.hscollectedforms.net	www.threatfabric.com
1	js.hubspot.com	www.threatfabric.com
1	snap.licdn.com	www.threatfabric.com
1	js.hs-scripts.com	www.threatfabric.com
1	static.hsappstatic.net	www.threatfabric.com
1	www.googletagmanager.com	www.threatfabric.com
0	platform.twitter.com Failed	www.threatfabric.com
0	connect.facebook.net Failed	www.threatfabric.com
0	platform.linkedin.com Failed	www.threatfabric.com
64	26

This site contains links to these domains. Also see Links.

Domain
www.linkedin.com
twitter.com

Subject Issuer	Validity	Valid
www.threatfabric.com WE1	`2024-09-06` - `2024-12-05`	3 months	crt.sh
cdnjs.cloudflare.com WE1	`2024-07-31` - `2024-10-29`	3 months	crt.sh
hubspot.net Cloudflare Inc ECC CA-3	`2024-03-06` - `2024-12-31`	10 months	crt.sh
*.google-analytics.com WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh
hsappstatic.net WE1	`2024-09-06` - `2024-12-05`	3 months	crt.sh
hs-scripts.com WE1	`2024-07-29` - `2024-10-27`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
hubspot.com E5	`2024-09-18` - `2024-12-17`	3 months	crt.sh
hs-banner.com WE1	`2024-09-24` - `2024-12-23`	3 months	crt.sh
hscollectedforms.net WE1	`2024-09-22` - `2024-12-21`	3 months	crt.sh
hsadspixel.net WE1	`2024-08-12` - `2024-11-10`	3 months	crt.sh
hs-analytics.net WE1	`2024-08-09` - `2024-11-07`	3 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-09-11` - `2025-03-11`	6 months	crt.sh
hsforms.com WE1	`2024-08-12` - `2024-11-10`	3 months	crt.sh
hs-sites.com Cloudflare Inc ECC CA-3	`2024-03-10` - `2024-12-31`	10 months	crt.sh
upload.video.google.com WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh
*.gstatic.com WR2	`2024-08-26` - `2024-11-18`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant
Frame ID: EFBBE80166498E37C4AECD74F352CAB5
Requests: 62 HTTP requests in this frame

Frame: https://threatfabric-6701575.hs-sites.com/hs-web-interactive-6701575-139494617102
Frame ID: CD0FBA553FC8D4DECF8B25BF1DCEA105
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Octo2: European Banks Already Under Attack by New Malware Variant

Detected technologies

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery Migrate (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]migrate(?:-([\d.]+))?(?:\.min)?\.js(?:\?ver=([\d.]+))?

Page Statistics

64
Requests

91 %
HTTPS

95 %
IPv6

20
Domains

26
Subdomains

21
IPs

2
Countries

2474 kB
Transfer

3924 kB
Size

10
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://www.linkedin.com/company/threatfabric
Title: Linkedin

Search URL Search Domain Scan URL

URL: https://twitter.com/threatfabric
Title: Twitter

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 46

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3969834&time=1727230475459&url=https%3A%2F%2Fwww.threatfabric.com%2Fblogs%2Focto2-european-banks-already-under-attack-by-new-malware-variant HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3969834&time=1727230475459&url=https%3A%2F%2Fwww.threatfabric.com%2Fblogs%2Focto2-european-banks-already-under-attack-by-new-malware-variant&e_ipv6=AQLdkJa6yPfSLwAAAZIm9X2l0PgXS05PY0mwc2F1d4CfM31RzT9ZMPoy-iHy2kXPVWbh77NPjYdtKatrcfOcN6Kd25LTrg

64 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H3 200 Primary Request octo2-european-banks-already-under-attack-by-new-malware-variant Show response
www.threatfabric.com/blogs/ 670 KB
89 KB 461ms
382ms Document
text/html 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

03dda228d170d183aa55f86b217ed588625441ade833d571a95252eff3bb4cad

Security Headers

Name

Value

Content-Security-Policy

default-src 'self' static.hsappstatic.net; script-src 'self' 'unsafe-inline' *.hubspot.com cdnjs.cloudflare.com *.hubspot.net *.hs-scripts.com *.hubspotfeedback.com www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com static.hsappstatic.net *.hs-banner.com *.hs-analytics.net *.hsadspixel.net js.hscta.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.com *.hsforms.net feedback.hubapi.com *.usemessages.com snap.licdn.com *.doubleclick.net; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.hubspot.net static.hsappstatic.net fonts.googleapis.com; img-src 'self' data: *.hubspot.com *.hubspot.net static.hsappstatic.net *.hsforms.com *.hsforms.net js.hscta.net *.linkedin.com www.google.com maps.gstatic.com maps.googleapis.com; font-src 'self' cdnjs.cloudflare.com *.hs-banner.com fonts.gstatic.com; connect-src 'self' *.hubspot.com *.hubapi.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com js.hscta.net *.google-analytics.com www.google.com maps.googleapis.com *.doubleclick.net; child-src 'self' *.hsforms.com; frame-src 'self' *.hubspot.com *.hubspot.net *.hs-sites.com *.hsforms.com *.hsforms.net play.hubspotvideo.com www.google.com www.youtube.com; frame-ancestors 'self'; upgrade-insecure-requests

Strict-Transport-Security

max-age=31536000; includeSubDomains; preload

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control: no-store, no-cache, must-revalidate
cf-ray: 8c878062c979972b-FRA
content-encoding: br
content-security-policy: default-src 'self' static.hsappstatic.net; script-src 'self' 'unsafe-inline' *.hubspot.com cdnjs.cloudflare.com *.hubspot.net *.hs-scripts.com *.hubspotfeedback.com www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com static.hsappstatic.net *.hs-banner.com *.hs-analytics.net *.hsadspixel.net js.hscta.net *.hscollectedforms.net *.hsleadflows.net *.hsforms.com *.hsforms.net feedback.hubapi.com *.usemessages.com snap.licdn.com *.doubleclick.net; style-src 'self' 'unsafe-inline' cdnjs.cloudflare.com *.hubspot.net static.hsappstatic.net fonts.googleapis.com; img-src 'self' data: *.hubspot.com *.hubspot.net static.hsappstatic.net *.hsforms.com *.hsforms.net js.hscta.net *.linkedin.com www.google.com maps.gstatic.com maps.googleapis.com; font-src 'self' cdnjs.cloudflare.com *.hs-banner.com fonts.gstatic.com; connect-src 'self' *.hubspot.com *.hubapi.com *.hs-banner.com *.hscollectedforms.net *.hsforms.com js.hscta.net *.google-analytics.com www.google.com maps.googleapis.com *.doubleclick.net; child-src 'self' *.hsforms.com; frame-src 'self' *.hubspot.com *.hubspot.net *.hs-sites.com *.hsforms.com *.hsforms.net play.hubspotvideo.com www.google.com www.youtube.com; frame-ancestors 'self'; upgrade-insecure-requests
content-type: text/html; charset=UTF-8
date: Wed, 25 Sep 2024 02:14:35 GMT
edge-cache-tag: CT-133228161819,CT-134737809176,CT-147416886346,CT-178980931888,CG-101307487134,CG-6701575,P-6701575,CW-101038360946,CW-101039839309,CW-102233451816,CW-102407694414,E-100565238538,E-100565238539,E-100565269936,E-100565269944,E-100565487229,E-100565487231,E-100565487741,E-100565506231,E-100565506232,E-100565506233,E-100565655941,E-100565655947,E-100565703320,E-100565703322,E-100565704807,E-100565704815,E-100565704816,E-100565705870,E-100565708899,E-100565708901,E-100565708902,E-100565738379,E-100565738381,E-100565738923,E-100565738925,E-100565738926,E-100565738928,E-100565758272,E-100565758273,E-100565786188,E-100565786194,E-100565786195,E-100565906251,E-100565938481,E-100565938482,E-100565943822,E-100565944442,E-100565944444,E-100565944445,E-100565945205,E-100565982810,E-100566502479,E-100566502480,E-100566503258,E-100566503260,E-100566503745,E-100566503751,E-100566503753,E-100566503755,E-100566507657,E-100566508416,E-100566595756,E-101038360928,E-101040014386,E-101040140217,E-101294760764,E-101294760784,E-101312928029,MENU-101041626940,MENU-110583778143,PGS-ALL,SW-2,B-101307487134,GC-101041468817,GC-101042470934,GC-101758895261,GC-101962663308,TS-101040118157
etag: W/"cf1e5a29d5b334e286bd838f90b932b0"
last-modified: Tue, 24 Sep 2024 09:14:18 GMT
link: </hs/hsstatic/cos-i18n/static-1.53/bundles/project.js>; rel=preload; as=script
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
referrer-policy: no-referrer-when-downgrade
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ku987GR5UutnTNDiAhfrDe9qzdYNXhfYQjga9tBE4rh%2FcpppvTfNx%2BAnmQHxVMxT1kZveK2sRpOTdkFlqBn1%2FfGi0GHCun%2B2OIHN7udGsRxBBEHTBQJcfeGzCd3b2mDf0GmO2fclWKdT7zEt%2FB4PhJDk"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-hs-cache-config: BrowserCache-5s-EdgeCache-180s
x-hs-cache-control: s-maxage=10800, max-age=0
x-hs-cf-cache-status: HIT
x-hs-content-campaign-id: 0df59ec2-2442-45fe-ae96-02a8fa884f5b
x-hs-content-id: 178980931888
x-hs-hub-id: 6701575
x-hs-prerendered: two-phase;Tue, 24 Sep 2024 09:14:17 GMT

GET
H3 200 project.js Show response
www.threatfabric.com/hs/hsstatic/cos-i18n/static-1.53/bundles/ 1 KB
1 KB 28ms
28ms Script
application/javascript 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.threatfabric.com/hs/hsstatic/cos-i18n/static-1.53/bundles/project.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"61ca66de658cab9587e4636894680d5d"
age: 16886501
x-amz-version-id: P9ES7sOpFzrLl1QoRwjEAy5outPo5_GO
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I2uEcTR%2FFsZSOia%2FS7eRSIHemnrUUzU3TE9qeEA%2FpSSPbhMVu%2BAuDpkWr3BEoxDxb3ZfgwzOBDth9HJaSuaZR77iKm39q8B0%2FOJlSN8TKm3ExkJw0wipXmQLNsb4Jc3WAEnVJTrGuX5h4J7buuTa7YTN"}],"group":"cf-nel","max_age":604800}
expires: Thu, 25 Sep 2025 02:14:35 GMT
x-cache: Hit from cloudfront
x-amz-cf-id: vMxH2clCDRRjd7emHmifSLXhLc2TFOGFc0VsUqlcTSiVQmWY_1aUGQ==
date: Wed, 25 Sep 2024 02:14:35 GMT
content-type: application/javascript
last-modified: Tue, 09 Nov 2021 16:12:42 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 93b8205e2f07a7099af2e6fd126d9658.cloudfront.net (CloudFront)
cf-ray: 8c8780653ab0972b-FRA
x-amz-cf-pop: FRA56-P2
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 100.woff2
www.threatfabric.com/_hcms/googlefonts/Kanit/ 25 KB
26 KB 800ms
799ms Font
font/woff2 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.threatfabric.com/_hcms/googlefonts/Kanit/100.woff2

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fa7fe4fd0aef1b94a3910f43b99060d1fcf2b12302726c4f52146ca1f613e516

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.threatfabric.com
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-cache-status: REVALIDATED
etag: "bd6ef5dfe3fb409deb99fd2dfa07649a"
x-amz-version-id: Ex_PSmZfVx9KiCmfDr58lb1Qor1iW7rw
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fdlGtwK1YgJ0f5BVOKklCR6jEhO3orruaknrk6PXsRap3Iwr%2F82w6NLBfp39mWYPtcxlxf6ayuvhgw1qWrLfNcyJ6ecu7euyyk0dtGvIkkmNRRqDcmqPVGC80UatVUwun%2B%2FbYe7e0wGh0ofglCtsD5Rk"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET
expires: Wed, 09 Oct 2024 02:14:35 GMT
alt-svc: h3=":443"; ma=86400
x-cache: RefreshHit from cloudfront
x-amz-cf-id: mqVmv0t_962qYuBGRihREEu2Bw0lJrswQsGDFjPKb9PQKeteeg_KGg==
date: Wed, 25 Sep 2024 02:14:35 GMT
content-type: font/woff2
last-modified: Tue, 12 Sep 2023 20:06:52 GMT
vary: Accept-Encoding
x-amz-id-2: MuNTsfh9w2gl1nT8tGvtWFvjp2rxU3qA+DlIp2DW0zRxkYXUCP6KCzBT30MthYfEQK8nWbW/7Ow=
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=1209600
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 f0aabb4cf746d4b45640e8d63e2aaf1c.cloudfront.net (CloudFront)
cf-ray: 8c8780653ab3972b-FRA
x-amz-request-id: 7GB3NZM37W7ANQFF
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
access-control-allow-origin: *
content-length: 25596
x-amz-cf-pop: VIE50-P1
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 regular.woff2
www.threatfabric.com/_hcms/googlefonts/Kanit/ 26 KB
27 KB 798ms
797ms Font
font/woff2 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.threatfabric.com/_hcms/googlefonts/Kanit/regular.woff2

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b023c3b26ca69356ad0aa6b6296d5e6a337ec10ca1f8275483437202a03c381c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.threatfabric.com
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-cache-status: REVALIDATED
etag: "d4d741d6401097b23f04835fd935ddb4"
x-amz-version-id: bAYRw1sYNu.wmT8XwlZwAQJgnZBDE9Oo
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yoQD5FvWFKqt3OlVFdggkztQzOMmVVU5nT8%2B3wGNGez3b8NveJklazqJq2%2FVt8SYxgkjt3%2FWAlHN4QDOiiNHba4DKHOY5ZRsHSkegZW2m%2FwB7JcNJV8%2BOmS2Sf3IrWfIWerc4VHpraNAfhYd2uVOW3ZX"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET
expires: Wed, 09 Oct 2024 02:14:35 GMT
x-cache: RefreshHit from cloudfront
x-amz-cf-id: cqLJ4TI4ETzKCXEmFs1R4qaZK9ktYlCLM8XcD-Q6CY6K3030W_6ARA==
date: Wed, 25 Sep 2024 02:14:35 GMT
content-type: font/woff2
last-modified: Sat, 07 Sep 2024 14:23:55 GMT
vary: Accept-Encoding
x-amz-id-2: HEU2PGn0aPbRnY1BgXzweYvvt71VS/mCi9LaaztMSB/GmdF7W48R32qfYgQLO0tCjRcgsdCfHb8=
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=1209600
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 54bffa1ff461e3a94ff195ca7a565c94.cloudfront.net (CloudFront)
cf-ray: 8c8780653ab4972b-FRA
x-amz-request-id: ESM8YFREBCFT58XR
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
access-control-allow-origin: *
content-length: 26352
x-amz-cf-pop: WAW51-P1
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 200.woff2
www.threatfabric.com/_hcms/googlefonts/Kanit/ 26 KB
27 KB 42ms
42ms Font
font/woff2 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.threatfabric.com/_hcms/googlefonts/Kanit/200.woff2

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0adb227efa2074c6ae2b5e686cf4d1949a6edfc05bd56fa81e34c9a2c69fb50a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.threatfabric.com
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-cache-status: HIT
etag: "a3acdea9b09d1ffdf16868a322d89c6c"
age: 734
x-amz-version-id: Yxw4_b_JjG2CSXOm1UQ2hffDaOGTYTew
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=51onBf8JFfRpliaONICGNhg9khu0yutHMnScUM2%2Byia2MP%2FoO6zJ1Scbdy9pWahbpIIAKojZ1ZYwg%2BbBU40xey8O7sE032GmUVHslw%2Bo23F6Cg9%2Fl4E5T2SEoqVPnchT7D7L5gN%2F5ssL7N5pmmK%2FrkMz"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET
expires: Wed, 09 Oct 2024 02:14:35 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: zH9SLRur5dwkWbMJl5rYcAm_ETUYIL5B6dnUozEicUCzBPasc1neCA==
date: Wed, 25 Sep 2024 02:14:35 GMT
content-type: font/woff2
last-modified: Sat, 07 Sep 2024 14:23:43 GMT
vary: Accept-Encoding
x-amz-id-2: cQktz9BldMCEyWTNvNa8hsr88OBUocKMPOJpRgIF0/QGpE/X1jvevjuWcPhJcl1m9WOIX2PYkMM=
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: public, max-age=1209600
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 01508c56da60b38ed14eba678e55a38c.cloudfront.net (CloudFront)
cf-ray: 8c8780653ab5972b-FRA
x-amz-request-id: THR17XYKVM1ZKYC9
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
access-control-allow-origin: *
content-length: 26228
x-amz-cf-pop: WAW51-P1
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 child.min.css
www.threatfabric.com/hs-fs/hub/6701575/hub_generated/template_assets/101040140217/1725349581426/Threatfabric_Hatch/ 18 KB
6 KB 51ms
49ms Stylesheet
text/css 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.threatfabric.com/hs-fs/hub/6701575/hub_generated/template_assets/101040140217/1725349581426/Threatfabric_Hatch/child.min.css

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c72453555e07b39f889a9a676fca1a86a18213ffb7cb2667de5f0f277c4014d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

x-request-id: 5c465d40-d0b6-4c41-a40c-871a19570139
content-encoding: gzip
cf-cache-status: HIT
etag: W/"fd946fa5ca56a72c8463e6c38fa730db"
x-amz-version-id: O0MKxTY.ECUVt8JMXJs14TQF7eIgwoag
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cFcbFOekNRBKB4OZmx8znVCA36BLAOoQztdYxF526ChT%2BOBdzdESnwRQZTuGLvfKywt7Z582jFIVIOC2WPh7rgfP9jO5B0j3na%2B1YoQUnjV2oIENezXaHuRvjThEHDZMYmxihHnTSqSTmDu5f%2Bht%2FU5e"}],"group":"cf-nel","max_age":604800}
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: SfJb28pSwt-sPtLJXTPpwBNkGHvp9Rrl4HnjbCIZGA7Iss2NmO93Gg==
x-hubspot-correlation-id: 5c465d40-d0b6-4c41-a40c-871a19570139
content-type: text/css
last-modified: Tue, 03 Sep 2024 07:46:23 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-7849459c5c-gk5p8
x-envoy-upstream-service-time: 383
x-amz-request-id: 4FY56VWN4QRMZ2VT
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 25 Sep 2024 02:14:35 GMT
vary: origin, Accept-Encoding
x-amz-id-2: azMJ4YAZ3sxeNIu5xioQxD63I6FE4VZgl6eB/WVrHK9CbR8aspeGjdcSQtFp0GfL/2v+Mqn/QxZ5dU6sHqF8nj+8kBB70Ove
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.threatfabric.com
access-control-allow-credentials: false
via: 1.1 55b6418a8a2f714a67d8e4d292154ef2.cloudfront.net (CloudFront)
cf-ray: 8c8780658ae2972b-FRA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1725349582182

GET
H3 200 icons.css
www.threatfabric.com/hs-fs/hub/6701575/hub_generated/template_assets/101294760764/1688634016207/Threatfabric_Hatch/css/ 8 KB
3 KB 41ms
38ms Stylesheet
text/css 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.threatfabric.com/hs-fs/hub/6701575/hub_generated/template_assets/101294760764/1688634016207/Threatfabric_Hatch/css/icons.css

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b754a50214c3af13ad5b80267b36a52a379030f4cdf28ea62bdc23121fb63963

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

x-request-id: c54f9a32-1789-42ef-832b-96d6f7e973a3
content-encoding: gzip
cf-cache-status: HIT
etag: W/"f485b62b545a7fcece25c8883be79caa"
age: 732
x-amz-version-id: 5nj8DyG_fzY9UD_XVa9rI2VVLKA_WOmB
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qwx%2BLReeN8uEzLSa4JUsm139jy0okDJFqz%2FruhGKAAcWQIUFwXc920rJDXCKLSmjj7KnHSC84t%2F%2FYSaiENZRS0IQ9dkRaFGmnQ18Wo0fVOw5ldBKO574seOkhLssP1uxnVj%2FvzzaZCJYTwzumCEprRFm"}],"group":"cf-nel","max_age":604800}
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: tLaW0TrNMqYLN2R5g4m1_1FRwoJVKGt-3uKTHtjjIi_91DL_R1jS-Q==
x-hubspot-correlation-id: c54f9a32-1789-42ef-832b-96d6f7e973a3
content-type: text/css
last-modified: Thu, 06 Jul 2023 09:00:17 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-7849459c5c-rz8x5
x-envoy-upstream-service-time: 153
x-amz-request-id: X65PE7NNED0T10XF
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 25 Sep 2024 02:14:35 GMT
vary: origin, Accept-Encoding
x-amz-id-2: cbCeUcaZiWqUcAmVphHtCFobuAa4eS8jumBfOY/RpDSuIXQmmu/vAFwpyWnckiuqpNaPWFWFcVI=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.threatfabric.com
access-control-allow-credentials: false
via: 1.1 7dc4818c830423900ae855831181d2b8.cloudfront.net (CloudFront)
cf-ray: 8c8780659ae4972b-FRA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1688634016207

GET
H3 200 nucleo.min.css
www.threatfabric.com/hs-fs/hub/6701575/hub_generated/template_assets/101294760784/1688634017698/Threatfabric_Hatch/css/ 2 KB
2 KB 55ms
52ms Stylesheet
text/css 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.threatfabric.com/hs-fs/hub/6701575/hub_generated/template_assets/101294760784/1688634017698/Threatfabric_Hatch/css/nucleo.min.css

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

74c17452683150ad0f623fdd9a849ba85d73fb9d221cebe9aa11db52969dbe23

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

x-request-id: 19b90769-4054-4364-84a8-06eb918663e9
content-encoding: gzip
cf-cache-status: HIT
etag: W/"49397c87250109646a57314c716d8517"
x-amz-version-id: izNRL5rIQmPgjsTIc9ETzUXSIAYDVuDR
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=P8qsJPrf87YfGUyHlkyr%2BVsObFTUrc%2BXkxtqlzdAMaS4M%2FWM2vtC%2BgL5NGM7RRBaQ8KloV8fe%2FfsW4skwzu%2F2hIsswdwrOZX2mZBGln4pSzBi7%2B3Jz%2F%2BHdUJcI6fSJqyMDVPAm%2B4tGViDT%2BnZy53JTRW"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: dxcdXGW6cs0PgrGxqWASI0p_XULsia5n8rQzTGE8JygiJ_mTk5o2Sg==
x-hubspot-correlation-id: 19b90769-4054-4364-84a8-06eb918663e9
content-type: text/css
last-modified: Thu, 06 Jul 2023 09:00:19 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-7849459c5c-rdg89
x-envoy-upstream-service-time: 213
x-amz-request-id: FQPHH664QBNYNEHA
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 25 Sep 2024 02:14:35 GMT
vary: origin, Accept-Encoding
x-amz-id-2: V4ksCaHQY7DA5lIjl6lgWL0C1bG1cfbUt2CVFMhvjznQsP+drw4jyPPsciWFhHjvBV+bc1DZqVvjdUvehS8b5bhs2z1bKvuYauwlLdxzFhI=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.threatfabric.com
access-control-allow-credentials: false
via: 1.1 13f73562b215175ddd75c2902ae36650.cloudfront.net (CloudFront)
cf-ray: 8c8780659ae6972b-FRA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD61-P1
x-amz-meta-created-unix-time-millis: 1688634018325

GET
H3 200 all.min.css
cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/css/ 58 KB
11 KB 93ms
22ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.1/css/all.min.css

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af1e6edc875a382b338bb25bd7c5c3f474a7f1b36212002a5896dd06f2186325

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "5f7b5b5f-e7d0"
age: 437235
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ttuF3DnkrCYqO0UQ4XUXWb0Qqv0Q9bIfhN3flxgt%2BcnRHLGw35kWX1QVHizRHJuQ8%2F8d89orPe9XGFIz%2B4mcPa8Hn2O4XWbaF3CY3FaIhn9jyRRszs1tZ6ezoyyq1Jwij%2BHN6447J45db%2B788MjWgdht"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Mon, 15 Sep 2025 02:14:35 GMT
date: Wed, 25 Sep 2024 02:14:35 GMT
content-type: text/css; charset=utf-8
last-modified: Mon, 05 Oct 2020 17:43:59 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8c878065fff5381b-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 10491
server: cloudflare

GET
H3 200 module_101038360946_Header.min.css
www.threatfabric.com/hs-fs/hub/6701575/hub_generated/module_assets/101038360946/1688634802882/ 365 B
2 KB 32ms
30ms Stylesheet
text/css 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.threatfabric.com/hs-fs/hub/6701575/hub_generated/module_assets/101038360946/1688634802882/module_101038360946_Header.min.css

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

5172f440714da51e243a13e0f93911405618326b2013313b682caa428c47e6ef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

x-request-id: a518956f-36d7-4ed5-8c3b-d97e838f93e0
content-encoding: br
cf-cache-status: HIT
etag: W/"9256add48c317a196c6723f7f46739fd"
age: 732
x-amz-version-id: gVyaXIU3JxB7cR9Hx9mqhXufUagRPpyd
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3eEhJW1Ab6oF4yldcPF7lUxXz70844b4kjEyc%2BrZ0%2FVNSbN44O5mYM%2BmGk%2B33yZ8eCYfKYvFB%2BIVVj4CgH2uFDqWuIKdT94Jt4ltRklZqyUZV951iN3bnc8NIDfg9ASedBWUI5pTVGE2i0FsdeNSA%2BM7"}],"group":"cf-nel","max_age":604800}
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: tnGBCHIllstUowVm-pInpA8ggCjYPewcgNiwIW-cGvU5GfDqrQhYQw==
x-hubspot-correlation-id: a518956f-36d7-4ed5-8c3b-d97e838f93e0
content-type: text/css
last-modified: Thu, 06 Jul 2023 09:13:23 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-7849459c5c-44jcm
x-envoy-upstream-service-time: 157
x-amz-request-id: 1ZJ1SRFV214VNXZT
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 25 Sep 2024 02:14:35 GMT
vary: origin, Accept-Encoding
x-amz-id-2: GnAyZ9gYZ0l2XlB4uULqEGqlpjXgYLn2WuO3H/ddDKkreRGA855ElmruEwO3ZOdV5IIGAg7lyIw=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.threatfabric.com
access-control-allow-credentials: false
via: 1.1 85fc1201a1918facbeb30836e7391660.cloudfront.net (CloudFront)
cf-ray: 8c8780659ae7972b-FRA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1688634802882

GET
H3 200 module_-2712622_Site_Search_Input.min.css
cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1726992596372/ 612 B
1 KB 105ms
35ms Stylesheet
text/css 2606:4700::6812:5b3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1726992596372/module_-2712622_Site_Search_Input.min.css
Requested by: Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:5b3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 401925a1114f7003121630392768d35516be54a4028f01024528aeae99a45a56

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-request-id: 8b1ca630-37b7-46be-964a-03d648d776b1
content-encoding: br
cf-cache-status: HIT
etag: W/"c708989561e0cdbfcf996d1b7f47482c"
age: 237729
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QfWuAcoZeQq3ZQ3v6cQh%2F%2FyoDfSILtmPJpG1LHghmAtcwtfPpwNcdJ3Th0G%2FKwE4Dfcj8VgM%2FJlaI7IPSMJ%2F50NLGjmZOFihNQ%2BYyXD4yiA%2ByEDaCxos0RsLMyHOnU%2BS8TzvxR3fYF3uwug0m1s%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
x-evy-trace-listener: listener_https
date: Wed, 25 Sep 2024 02:14:35 GMT
x-hubspot-correlation-id: 8b1ca630-37b7-46be-964a-03d648d776b1
content-type: text/css
last-modified: Sun, 22 Sep 2024 08:09:57 GMT
vary: Accept-Encoding
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-6748d4cfc8-6wfdh
x-envoy-upstream-service-time: 222
cf-ray: 8c8780660b6b1961-FRA
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD61-P1
x-hs-alternate-content-type: text/plain
server: cloudflare
x-amz-meta-created-unix-time-millis: 1726992596372
x-amz-server-side-encryption: AES256

GET
H3 200 module_102233451816_Blog_Post_01_-_Banner.min.css
www.threatfabric.com/hs-fs/hub/6701575/hub_generated/module_assets/102233451816/1694502536285/ 208 B
2 KB 53ms
52ms Stylesheet
text/css 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.threatfabric.com/hs-fs/hub/6701575/hub_generated/module_assets/102233451816/1694502536285/module_102233451816_Blog_Post_01_-_Banner.min.css

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6685b4f71edb4ae81b8a710e36f8c794c3e731feeb17614e476daf056b06a824

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

x-request-id: ce38a1b1-3ad9-4ab6-9a8c-82fbddaa3c06
content-encoding: br
cf-cache-status: HIT
etag: W/"835a1aea3731b5d0aa01d0cad90f4c2f"
x-amz-version-id: ssRnpRBke62diMBB.QBnNR1bBVg.nduX
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1JCnY1Ix5WTJ7GKUrL6uz3fYThS4I1%2Ft8iaz5QnwsUzF%2FGGYH0fU6QxcQtCAg4jBCGrFt7x%2FlWSju37ojTAQl9V3XQp%2FH0ZVV4fyd4s2TCR2awE2B%2FlLWz7i3aX1MTB29TWcDBuXeA32oZ%2BxL2Ft%2BFxn"}],"group":"cf-nel","max_age":604800}
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: v8Sna9HqgN5GlOTeiJ_QemFBA38zw8toQeFzcyF4iFFIy5J5CR-fcA==
x-hubspot-correlation-id: ce38a1b1-3ad9-4ab6-9a8c-82fbddaa3c06
content-type: text/css
last-modified: Tue, 12 Sep 2023 07:08:57 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-lrfms
x-envoy-upstream-service-time: 186
x-amz-request-id: MBJNCDWJ168XM0A7
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 25 Sep 2024 02:14:35 GMT
vary: origin, Accept-Encoding
x-amz-id-2: z5+O+CG9XHBd+nX5AhAJsLQ2BkkoDBq9izOf1T/0w1lY5wJCEu2/Atgh/yLaQNR4U94sqTFbL1KsxUaPewpdwcArOVJYxBy8EMSST2NkZkI=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.threatfabric.com
access-control-allow-credentials: false
via: 1.1 2e50d9b1ee017f302768660f02b7418e.cloudfront.net (CloudFront)
cf-ray: 8c8780659ae9972b-FRA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1694502536285

GET
H3 200 module_102407694414_Blog_Post_01_-_CTA.css
www.threatfabric.com/hs-fs/hub/6701575/hub_generated/module_assets/1718609428269/ 749 B
2 KB 61ms
60ms Stylesheet
text/css 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.threatfabric.com/hs-fs/hub/6701575/hub_generated/module_assets/1718609428269/module_102407694414_Blog_Post_01_-_CTA.css

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a924c55af6e42515871fdd850703bea91aedd280d30febc3ddc9f674df234785

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

x-request-id: b3871c9a-cd74-4741-8b49-f9bfd416e7d4
content-encoding: br
cf-cache-status: HIT
etag: W/"e2815258c7a6f2ee41cbfe804e58e066"
x-amz-version-id: TqETGXjPmLIPWPl8IqOMcPpc8lXb7CNv
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GYc8PdZDWXqMOLn2tyK9u73nzDL62ecGj9LfgDLT%2BXpJS94100cnZiTYBrL7GLtLtV5PzOYplL27PX7YbV8cETPeCctTB2ocGt4jgEUej%2BbP%2BfMOR7KK4dC4Yh7Y0GsK485nbAfcAeHfwtF%2FTAHHXs9g"}],"group":"cf-nel","max_age":604800}
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: C53LA1xNtXRwpXWVpx7B5U0hJN2NraORNKhY2BKcxRety31ChR5yMA==
x-hubspot-correlation-id: b3871c9a-cd74-4741-8b49-f9bfd416e7d4
content-type: text/css
last-modified: Mon, 17 Jun 2024 07:30:29 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-7849459c5c-nnksg
x-envoy-upstream-service-time: 187
x-amz-request-id: 6SPN3EEHM3WMTK4X
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 25 Sep 2024 02:14:35 GMT
vary: origin, Accept-Encoding
x-amz-id-2: awM35iNRSQqry7805an9Abzk+NVp5xfrFX5t6tOym/Va9i/cSY4uamGvQ/0IasKPoKQlM+qjNYw=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.threatfabric.com
access-control-allow-credentials: false
via: 1.1 dd169cfdbbafbb3da513bede6bc6640e.cloudfront.net (CloudFront)
cf-ray: 8c8780659aeb972b-FRA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1718609428269

GET
H3 200 prism.min.css
cdnjs.cloudflare.com/ajax/libs/prism/1.23.0/themes/ 2 KB
1 KB 90ms
21ms Stylesheet
text/css 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/prism/1.23.0/themes/prism.min.css

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

928e23e6b9fcef82c5f1d1f05b6f7fc5a6e187c60195e59fbf16fc9d071ee057

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "5fee36a6-6fd"
age: 472790
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vbIVfvgJQ3PlSpgNAXhwuO6XT%2BTzzp0MAwAZ2HQXUkJqLe7t9UAHZ5CzW6IPYkEk4QLR85eOFKNcaDSF9d2IKyPMtXNrnDJAbWHwp%2BKvqiI3mGmFGHdZR8ZwKuWKepifM7z4B6p9e1%2FQmhlgpt6clZKm"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Mon, 15 Sep 2025 02:14:35 GMT
date: Wed, 25 Sep 2024 02:14:35 GMT
content-type: text/css; charset=utf-8
last-modified: Thu, 31 Dec 2020 20:37:58 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8c878065fff1381b-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 563
server: cloudflare

GET
H3 200 module_101039839309_Footer.min.css
www.threatfabric.com/hs-fs/hub/6701575/hub_generated/module_assets/101039839309/1688634802817/ 542 B
2 KB 50ms
50ms Stylesheet
text/css 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.threatfabric.com/hs-fs/hub/6701575/hub_generated/module_assets/101039839309/1688634802817/module_101039839309_Footer.min.css

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

0d65652e4a1175891a46374d16ec569329b2e667eedb5770ce7ce193fd8fd41a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

x-request-id: 47d3682b-0272-4298-a2ac-882c2e27ebee
content-encoding: br
cf-cache-status: HIT
etag: W/"ed0772c6a57504bedc0b6dd9703ab3f1"
x-amz-version-id: aEtuO57JBQ7Fe7bp8NQY6TbBJpxyVa2Z
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eChmeSnh6gSU8JGtfNIWXqeWVmHRzM5LIhb2XEF3aw9Cqy0dQkQPR7ZsnMXI45DKZKczu7rVSH4vzVwZeV86gUeb4Xt9uxuY5DISI0hVKHLt7PZ4WxvMBRaoIfbq7iSBV9wQqjOR9r9%2BghRFpNf%2FQZGt"}],"group":"cf-nel","max_age":604800}
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: H5S3w5pZ4ded1ViFthoiNQ_bkoZDpl0imh-uM04RjPDLX0UI0GGp2g==
x-hubspot-correlation-id: 47d3682b-0272-4298-a2ac-882c2e27ebee
content-type: text/css
last-modified: Thu, 06 Jul 2023 09:13:23 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-7849459c5c-rz8x5
x-envoy-upstream-service-time: 185
x-amz-request-id: 834KT7SSZDEQWAQW
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 25 Sep 2024 02:14:35 GMT
vary: origin, Accept-Encoding
x-amz-id-2: DxQxUQ4nRjxRVSTWOP9CPtAAj7fdeW31tCbfitgtjAdyj0cVtCpK2GC17jO5hn1+tOYFX3PCN6X2QHV0BefH9hlkTPUayzl/n/AvDdmPCtk=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.threatfabric.com
access-control-allow-credentials: false
via: 1.1 dd169cfdbbafbb3da513bede6bc6640e.cloudfront.net (CloudFront)
cf-ray: 8c8780659aec972b-FRA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1688634802817

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 275 KB
96 KB 201ms
31ms Script
application/javascript 2a00:1450:4001:831::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-SZHLN4DST6

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:831::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9a99582509ef12cb1bce9fd579678e502e8a3c064e193b977cecc1b2c46cf48b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
content-encoding: br
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Wed, 25 Sep 2024 02:14:35 GMT
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 97580
date: Wed, 25 Sep 2024 02:14:35 GMT
x-xss-protection: 0
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
server: Google Tag Manager
access-control-allow-headers: Cache-Control

GET
H3 200 threatfabric-logo-light.svg
www.threatfabric.com/hubfs/Threatfabric/logos/ 3 KB
2 KB 34ms
34ms Image
image/svg+xml 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.threatfabric.com/hubfs/Threatfabric/logos/threatfabric-logo-light.svg

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e082d568fb44df37fa453a514a8e553c889abe144c5c73866c1f020e4ccfbc49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"8b008611e237cad1162ac34fa0566106"
age: 1629292
cache-tag: F-101040308776,FD-101040367016,P-6701575,FLS-ALL
x-amz-version-id: YCo1pSCjPp8.6ZHhoecaW6WpJqmNwWPZ
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=rIZJLPIb7dV5dcrechzmHFm7zWsDVtOAU%2F9lXDth%2Bt7dNwLh4pEJ5zAgfX3vKWc7mvNQKHyjslvS9VFjj6x5mbQG39nF9Rfhjlsr0REOC3RFXIY1mbtxNsIamEP4el7mHvRDZrwxUEYfKgptdN9MiXgW"}],"group":"cf-nel","max_age":604800}
x-cache: RefreshHit from cloudfront
x-amz-cf-id: kMjAzTpu2V5rePGyJnGlpc71Y_AnA8GNgLxYo5Jy0LZ65udw6DiAvg==
content-type: image/svg+xml
last-modified: Fri, 03 Feb 2023 09:08:04 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-101040308776,FD-101040367016,P-6701575,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 5986RV9PN7W4M0XS
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-101040308776,FD-101040367016,P-6701575,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 25 Sep 2024 02:14:35 GMT
vary: Accept-Encoding
x-amz-id-2: 5xy8nPxfW1+Acn2gvhkyP54KeAh0oehSmDtz/YVMKU5dLg/0YnL2+Ur9+klImtGB/XnydxFfsCz7hSmGT2C3FhMRDXeaxn/P
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 e7901684d85170d527aec3a64956def6.cloudfront.net (CloudFront)
cf-ray: 8c878065eb0f972b-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1675415283131

GET
H2 200 embed.js Show response
static.hsappstatic.net/content-cwv-embed/static-1.971/ 13 KB
5 KB 176ms
15ms Script
application/javascript 2606:4700::6811:af5b
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hsappstatic.net/content-cwv-embed/static-1.971/embed.js

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:af5b , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

98dfeb1d061e8788b320a130a84723813efed0b2518921f30b40cc8a09bf8ecf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

content-encoding: gzip
cf-cache-status: HIT
x-amz-version-id: 1gm1MaaLzWiIBc2FerIVtLdckhSMSaY7
etag: W/"26c40482b55a607cd44486a2958741d4"
age: 2364235
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5iJoIcsA2f2Xjj82I9cz5qCQqjeYKTivlkxbVyF4y16gdGleiaiCxj%2FK7PNkl2ji4p7EjSBgxHFi4bXzh14qpLDhPOL7%2FVBC1E0DEi6MLKjx9lB2tI8xMw9poTuUJ%2FqJNG3r91ThtL%2FGHq7BnDKWxBkWDpo%3D"}],"group":"cf-nel","max_age":604800}
expires: Thu, 25 Sep 2025 02:14:35 GMT
x-cache: Hit from cloudfront
x-amz-cf-id: 4KGI5t64pXc0VBpiZlqrGzYDMFRUiAtNY-kZWNgC73HhfnStC05rHQ==
date: Wed, 25 Sep 2024 02:14:35 GMT
content-type: application/javascript
last-modified: Wed, 05 Jun 2024 15:05:39 GMT
vary: Origin,Accept-Encoding,Access-Control-Request-Headers,Access-Control-Request-Method
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 9d1f21fface75767578955e1853e754e.cloudfront.net (CloudFront)
cf-ray: 8c8780673c6bd2d2-FRA
x-amz-cf-pop: FRA60-P6
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H3 200 jquery.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/ 87 KB
28 KB 82ms
15ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "5eb09ed3-15d84"
age: 425164
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZMVxMB99foR7j3VoXQcMXbU%2B9ZsZ%2FJckDADT8c4A215NSIBa9cOYvg0WtS3tdo0Xb4NNOcaBRqCYROTFfan%2F%2Fx%2FVkodYTxvo6xGqbB8GjIqd5bEvWS52Qq8YWYPAOJt7TJJ4yNEoPCqiTvLYgktCdQxF"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Mon, 15 Sep 2025 02:14:35 GMT
date: Wed, 25 Sep 2024 02:14:35 GMT
content-type: application/javascript; charset=utf-8
last-modified: Mon, 04 May 2020 23:01:39 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8c878065fff4381b-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 27958
server: cloudflare

GET
H3 200 jquery-migrate.min.js Show response
cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.3.1/ 11 KB
4 KB 18ms
17ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/jquery-migrate/3.3.1/jquery-migrate.min.js

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89bf8cdea73ce776d6b81d03837bc7f04af5e3946b839a3c0bfbf3094ad3f7be

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "5ef3fc71-2b0b"
age: 472102
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h7XJtyUPOCZDy7K8TeYsrxTyUFA0pQw8eIp3r42tZU%2BKhuTdvvHzpClXJmiv7baIMt6Mzmm6eCSyuoozgc2JaMJGEZRKrv9uIFUQXeV%2BLKM9oaAZHhCwDzLumZMBMPzCbAvBe7Ri6AMC6bFKW14yTWbg"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Mon, 15 Sep 2025 02:14:35 GMT
date: Wed, 25 Sep 2024 02:14:35 GMT
content-type: application/javascript; charset=utf-8
last-modified: Thu, 25 Jun 2020 01:22:57 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8c8780662807381b-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 3592
server: cloudflare

GET
H3 200 plugins.min.js Show response
www.threatfabric.com/hs-fs/hub/6701575/hub_generated/template_assets/100565705870/1712566990318/Threatfabric_Hatch/js/plugins/ 203 KB
56 KB 51ms
49ms Script
application/javascript 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.threatfabric.com/hs-fs/hub/6701575/hub_generated/template_assets/100565705870/1712566990318/Threatfabric_Hatch/js/plugins/plugins.min.js

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

42db2b6421ba0667a52a6f929b6f61decd0a6efd16ac1bde0701bcc0e132d4ea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

x-request-id: 04411fe0-2433-4178-8156-d04b7cbed38a
content-encoding: br
cf-cache-status: HIT
etag: W/"0c0f5074d4f875852639ceb3929df89a"
x-amz-version-id: fjOXJuabDfIf8ylKYtupYQJB8ocmEl78
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eavIu4Y3GNvVeivXrqgEc2lKoOxzuAv68B2bzt4c8JjYaIIM5qS1qCjwRURXqNZx7EmjkItBtg53j2Fhj6FNeO7LjyKRWDYvc9szdPwqsrnEEbsdaIlCoNX6SwOV4ebHUiy90vNV8rp9cf%2FTZ%2BhnVVik"}],"group":"cf-nel","max_age":604800}
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: 8YiL-Am_jd6OEvrnU5pL0Ac_fyfKU7Lgnyljj381LGXYFhc-HPR4fg==
x-hubspot-correlation-id: 04411fe0-2433-4178-8156-d04b7cbed38a
content-type: application/javascript; charset=utf-8
last-modified: Mon, 08 Apr 2024 09:03:12 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-jn7vt
x-envoy-upstream-service-time: 208
x-amz-request-id: 51ETDZYGQ2D4GF9K
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 25 Sep 2024 02:14:35 GMT
vary: origin, Accept-Encoding
x-amz-id-2: 1T0XetbZzAIpH2TXyFji0lwNqp+4rNniktRUZeqVjKyR04dtlulRlcobQoWP2MCcLOzqJhEMGSo=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.threatfabric.com
access-control-allow-credentials: false
via: 1.1 2e50d9b1ee017f302768660f02b7418e.cloudfront.net (CloudFront)
cf-ray: 8c8780663b3e972b-FRA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1712566991454

GET
H3 200 main.min.js Show response
www.threatfabric.com/hs-fs/hub/6701575/hub_generated/template_assets/100565738928/1712566988034/Threatfabric_Hatch/js/ 30 KB
8 KB 62ms
61ms Script
application/javascript 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.threatfabric.com/hs-fs/hub/6701575/hub_generated/template_assets/100565738928/1712566988034/Threatfabric_Hatch/js/main.min.js

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c917923119f99ca28c29eca25a2a4a9606edd23f26633bab2e212ce053dd5f1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

x-request-id: dc541e6d-463c-46b8-b0dd-f415f717ccc7
content-encoding: br
cf-cache-status: HIT
etag: W/"0af793e68edebfa90f8e52a942155cc6"
x-amz-version-id: 5wOCXUk6GlkhCRHCrKIei1hIBxtJntKl
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MwzwBjOuxhkpinUn%2B00TyfYIiemQvfV1Wpy0YfDHX%2BhH0hKOir0IkXZ5iruPp3DrlOM9b1xt1wNPD7jLMIaSf65gEBg7n8Npw2GNDuVOaE%2BOdpUyLiKS4ay9MEGdtQjzBJxHViuTsVejseHkoTiRaEDM"}],"group":"cf-nel","max_age":604800}
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: knYrIZ-PgmJecrVVs9vNvxapBum5kFTiirFGB9YYm6T_D8_97DWbTg==
x-hubspot-correlation-id: dc541e6d-463c-46b8-b0dd-f415f717ccc7
content-type: application/javascript; charset=utf-8
last-modified: Mon, 08 Apr 2024 09:03:09 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-656644bdb-jn7vt
x-envoy-upstream-service-time: 305
x-amz-request-id: MBJMZNG1AC5F2KZM
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 25 Sep 2024 02:14:35 GMT
vary: origin, Accept-Encoding
x-amz-id-2: PrvjrZBk9cMiC5xfW8AkAwD8FR50XEuyhldeukCgQs0rnTIKjv2+BYQpcgzZ+dDd2XqjqRiH0liaa7EHrFEmSA==
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.threatfabric.com
access-control-allow-credentials: false
via: 1.1 7c4bbd97f5be908e33f403c3794f629a.cloudfront.net (CloudFront)
cf-ray: 8c8780663b3f972b-FRA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1712566988355

GET
H3 200 child.min.js Show response
www.threatfabric.com/hs-fs/hub/6701575/hub_generated/template_assets/101040014386/1687845070161/Threatfabric_Hatch/ 654 B
2 KB 49ms
48ms Script
application/javascript 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.threatfabric.com/hs-fs/hub/6701575/hub_generated/template_assets/101040014386/1687845070161/Threatfabric_Hatch/child.min.js

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

c16d59010b5c7bc246cc28fa0b991da4aaf6ed332f99940a4d5bd29de1ad43de

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

x-request-id: 07d2b7cd-9ebb-4402-8c45-a0ae570c57bc
content-encoding: br
cf-cache-status: HIT
etag: W/"6748e45b4b9a78b567cc67c4bbe101c4"
x-amz-version-id: tWyHUvyl_PrBUjYVhQfi.cVUEpkzlair
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=nfGKKCUg4w1hherDHQghE1XSPs8fsxnOnjyefIfHgwBahzq4L7p3oVEC96ELt4bPxOsAsjlEIsiF4FWBTdCCBVrN5jlRK9wtpJ%2FLkOc71Iv%2FWI%2BiYVz5yGTqAepNj0W3Llq0loLzYNWTHY%2FDgAebzzVC"}],"group":"cf-nel","max_age":604800}
x-cache: RefreshHit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: QkSjMZ6ggs-I5YEku25Z-LM7FU2gMUcVo9oVqLwVrP70mfwQHtvP5g==
x-hubspot-correlation-id: 07d2b7cd-9ebb-4402-8c45-a0ae570c57bc
content-type: application/javascript; charset=utf-8
last-modified: Tue, 27 Jun 2023 05:51:11 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-7849459c5c-bm26k
x-envoy-upstream-service-time: 191
x-amz-request-id: 0D0VDEYEMPZKJEET
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 25 Sep 2024 02:14:35 GMT
vary: origin, Accept-Encoding
x-amz-id-2: MH1peEcU2E92v+PUUscnu0W+TFqUSXNfZPLz4lQsjJgeUFCuBKU25mc/SY9MzALrSLiOCAzsC4/HPeNfc6rCqAwcL/yuvLFa
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.threatfabric.com
access-control-allow-credentials: false
via: 1.1 4715507645a6516d2df35cd342cb5be0.cloudfront.net (CloudFront)
cf-ray: 8c8780663b31972b-FRA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3
x-amz-meta-created-unix-time-millis: 1687845070347

GET
H3 200 module_-2712622_Site_Search_Input.min.js Show response
cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1726992595742/ 4 KB
2 KB 28ms
27ms Script
application/javascript 2606:4700::6812:5b3e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn2.hubspot.net/hub/-1/hub_generated/module_assets/-2712622/1726992595742/module_-2712622_Site_Search_Input.min.js
Requested by: Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700::6812:5b3e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 863886e2347be57cf71d7ed3fc614593e94bbce61858cd8c0761ba7a78d2ace4

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

x-request-id: 6ef1f686-4acc-4a7c-ba95-8eda3664b350
content-encoding: br
cf-cache-status: HIT
etag: W/"f9134a973469f840bf03f740af92c65f"
age: 237729
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MZrNrI%2BqLY4VdAeIBew2%2FYDRQojGP5wCAlYpSeeM4kmKqL%2BYcC5FK8gt635oCRCNrr%2BImEwh7i0HIqFuD2HFN08iQArBN2hoFIEUsfrsSc%2BfKZ7ECvKn4ukwrTFYaEwuSmESt%2F0ZolcCr6GLTiE%3D"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
x-hubspot-correlation-id: 6ef1f686-4acc-4a7c-ba95-8eda3664b350
content-type: application/javascript; charset=utf-8
last-modified: Sun, 22 Sep 2024 08:09:56 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-evy-trace-served-by-pod: iad02/cms-cdn2-td/envoy-proxy-6748d4cfc8-97xfv
x-envoy-upstream-service-time: 159
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 25 Sep 2024 02:14:35 GMT
vary: Accept-Encoding
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cf-ray: 8c8780663b901961-FRA
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD61-P1
x-amz-meta-created-unix-time-millis: 1726992595742

GET
H3 200 blog.min.js Show response
www.threatfabric.com/hs-fs/hub/6701575/hub_generated/template_assets/100565906251/1712566976389/Threatfabric_Hatch/js/ 392 B
2 KB 53ms
51ms Script
application/javascript 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.threatfabric.com/hs-fs/hub/6701575/hub_generated/template_assets/100565906251/1712566976389/Threatfabric_Hatch/js/blog.min.js

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ae37720bad220c27736f9097566e8cec3bce2f45d980f509c193f54d6d4aea59

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

x-request-id: 8a816445-d3d5-46e5-bbd2-a18ab11b7d27
content-encoding: br
cf-cache-status: HIT
etag: W/"192208997eb533dfcb00b8442296edae"
x-amz-version-id: pqFrH_U2a9yz9fm669sD7mXdUI5HLuH9
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZURpvDIi3eD2nzT3gSIj9oavJ%2FDIgSfb5vrPuFYquE%2FEQi5zKvcxdkO7GNBcsanW6nHIQ0MlmbURRNrgRh4JRL0U9GE1sWAn8vZSdqUyJOLKiKBVMalR%2Bg3xDcRBWphMkkgQQd5s0qwr6CbEF6PpLSCq"}],"group":"cf-nel","max_age":604800}
x-cache: Miss from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: KjLVa1MpU20O_SsJnMNCh3B9NE_0iU-8uOYPLRfjnrzl1XEcvcN7uw==
x-hubspot-correlation-id: 8a816445-d3d5-46e5-bbd2-a18ab11b7d27
content-type: application/javascript; charset=utf-8
last-modified: Mon, 08 Apr 2024 09:02:57 GMT
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900,s-maxage=31536000, max-age=31536000
x-evy-trace-served-by-pod: iad02/cms-hubfs-td/envoy-proxy-7849459c5c-677bk
x-envoy-upstream-service-time: 209
x-amz-request-id: N3SR8HW4RVJCVAXA
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-hs-alternate-content-type: text/plain
server: cloudflare
x-evy-trace-virtual-host: all
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 25 Sep 2024 02:14:35 GMT
vary: origin, Accept-Encoding
x-amz-id-2: zaDWLEUk8Mkn74Zd4yI0/UOLrry2d3/5tW5lgEVVAN1WIDF9l6/LtVJIz+eWyJA044e64w21cys=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: www.threatfabric.com
access-control-allow-credentials: false
via: 1.1 71f1cca040033ebffc591cf9392d1528.cloudfront.net (CloudFront)
cf-ray: 8c8780663b3a972b-FRA
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD89-C1
x-amz-meta-created-unix-time-millis: 1712566976534

GET
H3 200 beautify.min.js Show response
cdnjs.cloudflare.com/ajax/libs/js-beautify/1.14.8/ 73 KB
14 KB 18ms
16ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/js-beautify/1.14.8/beautify.min.js

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2d5c291cc9ce12740d42109fbf4384252918103351a98793ffa71f764ea3e4cf

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "659c8b1c-36ef"
age: 472931
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iwSYatELlphF4YjJwvhM0lah2c3prwEVWW1pT1LEiIGyrglkLvjooG%2FWlaBGm9r6X94tH8gtW%2BjVNmlBJN8eronfgB%2FA6qoxn8Wmm7ECGNSMAEPwDP7eVO%2Blo3h%2FVD%2FjIbHGYfbt%2Fm%2Bq7RO6cgrOUXJ5"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Mon, 15 Sep 2025 02:14:35 GMT
date: Wed, 25 Sep 2024 02:14:35 GMT
content-type: application/javascript; charset=utf-8
last-modified: Tue, 09 Jan 2024 00:54:04 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8c8780663817381b-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 14063
server: cloudflare

GET
H3 200 prism.min.js Show response
cdnjs.cloudflare.com/ajax/libs/prism/1.24.1/ 17 KB
6 KB 20ms
18ms Script
application/javascript 2606:4700::6811:180e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/prism/1.24.1/prism.min.js

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6811:180e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc377d0b25d1c78cd2fb2d8c9b3cc8fe12db24bd47084deda1129905ca256099

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

cf-cdnjs-via: cfworker/kv
content-encoding: br
cf-cache-status: HIT
etag: "60e06eb6-175c"
age: 16882215
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8bmMKCvV%2BxrS9Sk9tYjXnZyA%2Blc7UWxP%2FXsUMs5TrF41oxdolynldeSabUyn9wyYXwAvp2vdOP3wbrBVR8PUGZNb9Nsm3juz4kGkMnegE%2FM%2BS%2FD2TCNhPB4Rde3g5v4CkT%2FhDLkl6vbOoNihPcm%2FxfGL"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Mon, 15 Sep 2025 02:14:35 GMT
date: Wed, 25 Sep 2024 02:14:35 GMT
content-type: application/javascript; charset=utf-8
last-modified: Sat, 03 Jul 2021 14:05:42 GMT
vary: Accept-Encoding
strict-transport-security: max-age=15780000
cache-control: public, max-age=30672000
timing-allow-origin: *
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy: cross-origin
cf-ray: 8c8780663818381b-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 5980
server: cloudflare

GET
H3 200 6701575.js Show response
www.threatfabric.com/hs/scriptloader/ 2 KB
1 KB 37ms
35ms Script
application/javascript 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.threatfabric.com/hs/scriptloader/6701575.js

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a8904fbb9523825b6acd03a3e70df5d8f85f2465123a8f61c8505b955c7184e7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

access-control-max-age: 3600
x-request-id: 5ccaa4db-67c6-45a4-a9e5-65372f34b077
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
age: 11
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0xLWeRRR0XnYF7GYuysifQvE5ZOSgFmMfOIsUz6ejyyybxu2A3NTV7rdu188Ga6Ir2DiyA47C5No8eGa8hI%2B7uqz24Dbt7swQf%2BQX7nzpsOnyBipPPy81OZ4q8N9kOCdUsr26z5XL6wCgMseBoaZ7RrT"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
expires: Wed, 25 Sep 2024 02:16:05 GMT
cf-polished: origSize=2529
x-evy-trace-listener: listener_https
date: Wed, 25 Sep 2024 02:14:35 GMT
x-hubspot-correlation-id: 5ccaa4db-67c6-45a4-a9e5-65372f34b077
content-type: application/javascript;charset=utf-8
last-modified: Wed, 25 Sep 2024 02:14:24 GMT
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: upgrade-insecure-requests
cache-control: public, max-age=90
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-route-service-name: envoyset-translator
x-envoy-upstream-service-time: 16
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-8487b595d-r99q4
access-control-allow-credentials: true
cf-ray: 8c8780663b41972b-FRA
access-control-allow-origin: https://www.threatfabric.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 index.js Show response
www.threatfabric.com/hs/hsstatic/HubspotToolsMenu/static-1.354/js/ 12 KB
5 KB 36ms
34ms Script
application/javascript 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.threatfabric.com/hs/hsstatic/HubspotToolsMenu/static-1.354/js/index.js

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

42c7e51d284cd7256caf3bfebf641141876657ea0d6e5588ac7e69dce1e9cf7e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

content-encoding: gzip
cf-cache-status: HIT
etag: W/"3ef0deda0631561665e95645daf500a2"
age: 2876197
x-amz-version-id: O3iI8Pl3bd7LIBbSsE98q3XHW8vfw5hp
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Yuz%2FIAMZmRxv%2FbmQ5L3%2BXcZ9KaVr%2B9UtNItoHLDZv%2FUnK86wGjssRAVViYkZfv0FwXWJcIWI%2BBP5Y5mW53s6jD4DhMHV%2FaqL0nknBF3l46lyR6Tuc%2FbfMaRZB%2BV9vVKFSzklpFfKGtyPNhq%2FhcizDETb"}],"group":"cf-nel","max_age":604800}
expires: Thu, 25 Sep 2025 02:14:35 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: XkjYDcbQn4Wnk7ON60BrRI9ITI9ADYYIjU_nGEphN4iS_-uzV9NnvA==
date: Wed, 25 Sep 2024 02:14:35 GMT
content-type: application/javascript
last-modified: Wed, 21 Aug 2024 20:24:20 GMT
vary: Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-replication-status: COMPLETED
cache-control: public, max-age=31536000
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 b2340053ff948864db4d5e3c0ab3f3ea.cloudfront.net (CloudFront)
cf-ray: 8c8780663b43972b-FRA
x-amz-cf-pop: FRA60-P6
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 6701575.js Show response
js.hs-scripts.com/ 2 KB
1 KB 189ms
22ms Script
application/javascript 2606:4700::6810:8cd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/6701575.js

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8cd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a8904fbb9523825b6acd03a3e70df5d8f85f2465123a8f61c8505b955c7184e7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

access-control-max-age: 3600
x-request-id: 5ccaa4db-67c6-45a4-a9e5-65372f34b077
content-encoding: br
cf-bgj: minify
cf-cache-status: HIT
age: 11
x-content-type-options: nosniff
expires: Wed, 25 Sep 2024 02:16:05 GMT
cf-polished: origSize=2529
x-evy-trace-listener: listener_https
date: Wed, 25 Sep 2024 02:14:35 GMT
x-hubspot-correlation-id: 5ccaa4db-67c6-45a4-a9e5-65372f34b077
content-type: application/javascript;charset=utf-8
vary: origin, Accept-Encoding
last-modified: Wed, 25 Sep 2024 02:14:24 GMT
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/hubapi-td/envoy-proxy-8487b595d-r99q4
cache-control: public, max-age=90
x-envoy-upstream-service-time: 16
access-control-allow-credentials: true
cf-ray: 8c8780674ed35d82-FRA
access-control-allow-origin: https://www.threatfabric.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET in.js
platform.linkedin.com/ 0
0

GET
H3 200 threatfabric-logo-light.svg
www.threatfabric.com/hubfs/Threatfabric/logos/ 3 KB
1 KB 48ms
48ms Other
image/svg+xml 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.threatfabric.com/hubfs/Threatfabric/logos/threatfabric-logo-light.svg

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e082d568fb44df37fa453a514a8e553c889abe144c5c73866c1f020e4ccfbc49

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
x-amz-version-id: YCo1pSCjPp8.6ZHhoecaW6WpJqmNwWPZ
age: 1629292
cache-tag: F-101040308776,FD-101040367016,P-6701575,FLS-ALL
etag: W/"8b008611e237cad1162ac34fa0566106"
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=6rmwS%2F5ytQUmFvGHSAuQp2dRg3vZI0zAnX%2Fm1S2taK3YbzOVRgIpWJD86qfhX1S03fLPMBC1zmyfq5cLtpZ1QN1lGtJ%2FU%2B85gQsdiAkbOGPjQh9kJzLIPuU%2B9Eb0G7pUryOjbEDebl289YYmwbE4l7sK"}],"group":"cf-nel","max_age":604800}
x-cache: RefreshHit from cloudfront
x-amz-cf-id: kMjAzTpu2V5rePGyJnGlpc71Y_AnA8GNgLxYo5Jy0LZ65udw6DiAvg==
last-modified: Fri, 03 Feb 2023 09:08:04 GMT
content-type: image/svg+xml
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-101040308776,FD-101040367016,P-6701575,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 5986RV9PN7W4M0XS
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-101040308776,FD-101040367016,P-6701575,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 25 Sep 2024 02:14:35 GMT
vary: Accept-Encoding
x-amz-id-2: 5xy8nPxfW1+Acn2gvhkyP54KeAh0oehSmDtz/YVMKU5dLg/0YnL2+Ur9+klImtGB/XnydxFfsCz7hSmGT2C3FhMRDXeaxn/P
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 e7901684d85170d527aec3a64956def6.cloudfront.net (CloudFront)
cf-ray: 8c8780664b46972b-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1675415283131

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 125ms
14ms Script
application/javascript 2a02:26f0:3500:10::210:a9a
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:3500:10::210:a9a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

cache-control: max-age=51281
content-encoding: gzip
x-cdn: AKAM
x-content-type-options: nosniff
accept-ranges: bytes
content-length: 14628
date: Wed, 25 Sep 2024 02:14:35 GMT
last-modified: Thu, 22 Aug 2024 10:43:55 GMT
content-type: application/javascript;charset=utf-8
vary: Accept-Encoding
x-amz-server-side-encryption: AES256

GET sdk.js
connect.facebook.net/en_GB/ 0
0

GET widgets.js
platform.twitter.com/ 0
0

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 83 KB
25 KB 135ms
26ms Script
application/javascript 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/hs/scriptloader/6701575.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

059b77025c02623999e7524b737287072bd2dbb42c1652f70a4020338b1e5f21

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.threatfabric.com
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

x-request-id: d0917e95-8079-4ab6-b9d9-4c2228d396fd
content-encoding: gzip
cf-cache-status: HIT
x-amz-version-id: 7DwgQA9YoOwDB6Raj9_RIwKNzf1Sd5R0
etag: W/"edf91c1320ba2916398ed791b63187bc"
age: 535
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xKwOyx7slZqWlOUoVhnyvrA27%2B8IT4mKQU6pHmVmYJRdrOWrjkQZfzCCcUKkucCsfkBu%2B8aBuWePD%2FrYB9OIgDCrHaIU5Uo3Qg4s4J0GkLHxgt6sGneNZNkBH1ezXGmGprQjcU0lk6IZfbbX"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: eg102-cA7dWQlI5BFccd09UTq5QFCdOYUSFQV7bj7lat2ZKk12viwA==
x-hubspot-correlation-id: d0917e95-8079-4ab6-b9d9-4c2228d396fd
content-type: application/javascript; charset=utf-8
last-modified: Wed, 28 Aug 2024 20:01:26 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-6c6dd6864-jvccm
x-envoy-upstream-service-time: 10
x-hs-target-asset: web-interactives-embed/static-2.1426/bundles/project.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
access-control-max-age: 3000
access-control-allow-methods: GET
x-hs-cache-status: MISS
date: Wed, 25 Sep 2024 02:14:35 GMT
vary: Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1426/bundles/project.js&cfRay=8c877358bd10abc6-FRA
via: 1.1 68a3b1d5c75429221abc685a453afb60.cloudfront.net (CloudFront)
cf-ray: 8c8780674f7b3668-FRA
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H2 200 banner.js Show response
js.hs-banner.com/v2/6701575/ 75 KB
28 KB 429ms
320ms Script
text/javascript 2606:4700:4400::6812:28f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/6701575/banner.js
Requested by: Host: www.threatfabric.com
URL: https://www.threatfabric.com/hs/scriptloader/6701575.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:28f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: ca21bb556f4c5d4b3d249e8c26843126facce3d88c00402c0871adeb7799c383

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

x-evy-trace-virtual-host: all
access-control-max-age: 604800
x-request-id: 4418b0c2-5f11-494a-a57a-b5ef86d5efb9
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
content-encoding: gzip
cf-cache-status: REVALIDATED
etag: W/"86d757967f20c9c7e5da7b99c9af0077"
x-amz-version-id: 5zHnbWyEsT4TOfUQMfNFlBNy933D_Z26
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
expires: Wed, 25 Sep 2024 02:19:35 GMT
x-evy-trace-listener: listener_https
date: Wed, 25 Sep 2024 02:14:35 GMT
x-hubspot-correlation-id: 4418b0c2-5f11-494a-a57a-b5ef86d5efb9
content-type: text/javascript; charset=UTF-8
last-modified: Tue, 16 Jul 2024 22:33:24 GMT
vary: origin, Accept-Encoding
x-amz-id-2: Jn5Yx6J3aPQ9Fupdaus4/VHKWwJZj2O0Pk1i3JL/T3GzmiA170qMU2b+WYX2SHPdEEsAaaYgikQ=
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
timing-allow-origin: *
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-6895b58fd6-ll4br
x-envoy-upstream-service-time: 113
access-control-allow-credentials: true
x-amz-request-id: X8YC0V4BQCRJ09SC
cf-ray: 8c87806748ca68ef-FRA
access-control-allow-origin: https://www.threatfabric.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 collectedforms.js Show response
js.hscollectedforms.net/ 69 KB
24 KB 129ms
20ms Script
application/javascript 2606:4700::6810:6bfe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hscollectedforms.net/collectedforms.js

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/hs/scriptloader/6701575.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6bfe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

77080938572095bddc311784e1c284e7cd12268f46946aff94d04a43a53dffc9

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.threatfabric.com
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

x-request-id: 2297d499-e4dc-4f74-87a4-eff9072810b6
content-encoding: gzip
cf-cache-status: HIT
etag: W/"48bb5c8a01043eceaf45e65d5c98950b"
x-amz-version-id: lfSnPi6du9uQQl9EfUkg_44QCbCVLa2H
age: 535
cache-tag: staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: EZSgDI4zXVKrzzOKDIexFIpWAZESBlL9mNuYxaTAVcl2b8nrWE9rJQ==
x-hubspot-correlation-id: 2297d499-e4dc-4f74-87a4-eff9072810b6
content-type: application/javascript; charset=utf-8
last-modified: Thu, 12 Sep 2024 08:47:39 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=600, max-age=300
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-6c6dd6864-bpdxs
x-envoy-upstream-service-time: 3
x-hs-target-asset: collected-forms-embed-js/static-1.772/bundles/project.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
x-hs-cache-status: HIT
date: Wed, 25 Sep 2024 02:14:35 GMT
vary: Accept-Encoding
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.772/bundles/project.js&cfRay=8c877358ed4d1d1e-FRA
via: 1.1 c3d335addde48969fafe25d4064cee80.cloudfront.net (CloudFront)
cf-ray: 8c8780674924bb80-FRA
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H2 200 fb.js Show response
js.hsadspixel.net/ 6 KB
4 KB 124ms
15ms Script
application/javascript 2606:4700::6811:80ac
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsadspixel.net/fb.js

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/hs/scriptloader/6701575.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:80ac , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

22138da3b4d85ca7e2b14c1d8d7e630bfb743281130599ddbe4764f13c890018

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

x-evy-trace-virtual-host: all
x-request-id: 3fd31c68-b4d7-4556-902b-24ab8b132130
content-encoding: gzip
cf-cache-status: HIT
etag: W/"ae44e2078e9bf20ae243aa627a1ecc86"
x-amz-version-id: UlK8UnvpfOou8qcgH7kaQRD.px6yj756
age: 43
cache-tag: staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-hs-cache-status: HIT
x-amz-cf-id: p1mOoKN1NY8wDZWdZxTKGocsiSK2kbcdt95saBQ4mBfxg_n3Jo_-fQ==
date: Wed, 25 Sep 2024 02:14:35 GMT
x-hubspot-correlation-id: 3fd31c68-b4d7-4556-902b-24ab8b132130
content-type: application/javascript; charset=utf-8
last-modified: Tue, 24 Sep 2024 14:22:33 UTC
vary: Accept-Encoding
x-evy-trace-listener: listener_https
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-6c6dd6864-jvccm
x-envoy-upstream-service-time: 1
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.597/bundles/pixels-release.js&cfRay=8c877f57fe2e35f3-FRA
via: 1.1 36b04143ac1626bb30bb225fb2cccb1e.cloudfront.net (CloudFront)
cf-ray: 8c8780674f949a1b-FRA
x-evy-trace-route-configuration: listener_https/all
x-hs-target-asset: adsscriptloaderstatic/static-1.597/bundles/pixels-release.js
x-amz-cf-pop: IAD12-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 6701575.js Show response
js.hs-analytics.net/analytics/1727230200000/ 69 KB
25 KB 355ms
246ms Script
text/javascript 2606:4700::6811:afc9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1727230200000/6701575.js
Requested by: Host: www.threatfabric.com
URL: https://www.threatfabric.com/hs/scriptloader/6701575.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6811:afc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b536c1fa11ad6d83e7c2af12ecddd6e16d79a6e2e1eda092c26944af3ba7e3fc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

x-amz-server-side-encryption: AES256
x-request-id: 4633e4fe-c7c2-43fb-b1d0-0a21eb3577f5
content-encoding: gzip
cf-cache-status: MISS
etag: W/"5ee172b24ac12c7a3ebac61e96ace48b"
x-amz-version-id: null
expires: Wed, 25 Sep 2024 02:19:35 GMT
x-evy-trace-listener: listener_https
date: Wed, 25 Sep 2024 02:14:35 GMT
x-hubspot-correlation-id: 4633e4fe-c7c2-43fb-b1d0-0a21eb3577f5
content-type: text/javascript
last-modified: Tue, 24 Sep 2024 15:23:12 GMT
vary: origin, Accept-Encoding
x-amz-id-2: K8FqvQhDEeNtFkYdbq2QfMzV3uJ6uqNw/Jg/aF6rvkmhsOqVYZ9LbvA0AxPtyrFIkgcYG/D6S6o=
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-75d7846cb8-ss9sf
x-envoy-upstream-service-time: 25
access-control-allow-credentials: false
x-amz-request-id: 6X2AYXKZ3NYQAM54
cf-ray: 8c8780674a1ed35e-FRA
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 tf-blogpost-banner-divider-01.svg
www.threatfabric.com/hubfs/Threatfabric/images/ 576 B
2 KB 32ms
31ms Image
image/svg+xml 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.threatfabric.com/hubfs/Threatfabric/images/tf-blogpost-banner-divider-01.svg

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d92c25b1d90bdf3fb25373c5e3de35b1256f47a96575d58b4e6ae10be499d76d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"af4732c5d3ba47ba314c39750f2c2e6f"
age: 361096
cache-tag: F-102446427186,FD-101619062546,P-6701575,FLS-ALL
x-amz-version-id: LvbdpHvwKMpHzOWR2c2lhGUzlD608lQ_
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QJG1794lJr3HNmSjRjXgpaanlFMu5czsdH3jXAUeBgJ3x75KFurXTt2h5NNCYTmQJ52zrch6MnGEvhQEKd%2F1DLJ7cD%2BeCwP2RLMzk77bQETaDGNx%2BHjPQrvn7AAFrBHxviSwMbYVbvtRzzjq2WvF2HFP"}],"group":"cf-nel","max_age":604800}
x-cache: Miss from cloudfront
x-amz-cf-id: yFhNQgzjOY_Kzmz7mVK0s3QkUetiuh9XWYvoPzQOg9ePdqPBBOUI9Q==
content-type: image/svg+xml
last-modified: Tue, 14 Feb 2023 13:00:17 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-102446427186,FD-101619062546,P-6701575,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: TD67JGD73F6SGMY3
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-102446427186,FD-101619062546,P-6701575,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 25 Sep 2024 02:14:35 GMT
vary: Accept-Encoding
x-amz-id-2: C2TGCavauupSt3NNGY+IExpVRvq1cZ3u58Zrr2WaBx9/Lwi8GUzo1JlKGV9Wi18qZj7nIiyP/6OPoKk7ML4K5YMThPsd7c0e
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 a1498dff3937a5cd56baf5f0f59e01c2.cloudfront.net (CloudFront)
cf-ray: 8c878066eb9f972b-FRA
access-control-allow-origin: *
x-amz-cf-pop: MRS52-P5
x-amz-meta-created-unix-time-millis: 1676379615960

GET
H3 200 tf-offer-bg-divider-01.svg
www.threatfabric.com/hubfs/Threatfabric/images/ 556 B
2 KB 34ms
31ms Image
image/svg+xml 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.threatfabric.com/hubfs/Threatfabric/images/tf-offer-bg-divider-01.svg

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

639127081177ea5058409066f97e84fb8ffdad426754956248f4ed77b45bd606

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"3c05186b36e65acf42dc5ace50a34360"
age: 897470
cache-tag: F-102241528447,FD-101619062546,P-6701575,FLS-ALL
x-amz-version-id: .HXvxpbfuTohzDbnYKcJooLLN3h3f42c
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0IzjaySKJEhINmKYumB2zHEoVBfSlS9x6AmhbFwgPqlV%2BA4W%2FbE299vsfXTGoAlEpVq%2BSR0hDVLWe2MsdiK76l52LTO6SyWqB07A5gaDHisz5ITaB8L1l%2B0n%2BKYLzUvKrN1dz5d%2Bw9EgXw838XGhuDrs"}],"group":"cf-nel","max_age":604800}
x-cache: RefreshHit from cloudfront
x-amz-cf-id: HDIKSoSu_rUIIfsX8zlkBanSOsOHll3LIFtEzmp9fbmgPmFWeFy0zw==
content-type: image/svg+xml
last-modified: Mon, 13 Feb 2023 08:24:16 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-102241528447,FD-101619062546,P-6701575,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: AME5TANRASYP90TH
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-102241528447,FD-101619062546,P-6701575,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 25 Sep 2024 02:14:35 GMT
vary: Accept-Encoding
x-amz-id-2: i7bd1vYcvGyWykRxDDxsoEVyrqynXfd8q7CByCg7w1/lqFrPi6c2J8V6m1ZpOsvlWcHytKYTnfi5gytoED4+WjUFA5x4jhtU9RsZkLGW6Sw=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 69114e4ea0aa4e532a5be63a75c51e2c.cloudfront.net (CloudFront)
cf-ray: 8c878066fba4972b-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1676276654996

GET
H3 200 Kanit-Light.ttf
www.threatfabric.com/hubfs/Threatfabric/fonts/kanit/ 163 KB
64 KB 34ms
29ms Font
font/ttf 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.threatfabric.com/hubfs/Threatfabric/fonts/kanit/Kanit-Light.ttf

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/hs-fs/hub/6701575/hub_generated/template_assets/101040140217/1725349581426/Threatfabric_Hatch/child.min.css

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b7b87f1b48aa75784afb205b3d567664641bc056af2e20b5873da2c90605b7d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.threatfabric.com
Referer: https://www.threatfabric.com/hs-fs/hub/6701575/hub_generated/template_assets/101040140217/1725349581426/Threatfabric_Hatch/child.min.css

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"0c443ef22ca3ce98e0b670310f5ebb36"
age: 900331
cache-tag: F-112819245065,FD-112819245060,P-6701575,FLS-ALL
x-amz-version-id: Tqpimg7QV74KE9DspBbqQUupRuYfGKOs
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ep973sSOSxASlm3TEeIdSwcr8cZtryGT9zDa8UCptPED0rOjWAvXtrxDZk92hzlGbDglloIc%2BegNAeqMZsFgEEQkTbzzX9DobVXnFAGYUzOBlRPXE2D8HQeYCqHdZ2ypaNbVpPxARMEeBIr5u9Bj6fHq"}],"group":"cf-nel","max_age":604800}
x-cache: RefreshHit from cloudfront
x-amz-cf-id: RzGSSTj1xqAqfPUDjvySKdZFD5iFisc6pMNhUXwZh-7Ks8MCXfT2RQ==
content-type: font/ttf
last-modified: Wed, 26 Apr 2023 06:10:34 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-112819245065,FD-112819245060,P-6701575,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: WZ91C0QYMD4RK5Z4
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-112819245065,FD-112819245060,P-6701575,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 25 Sep 2024 02:14:35 GMT
vary: Accept-Encoding
x-amz-id-2: hVior1Zc1/Nz11loe7sa1eP3pHYCBY2kizGdB5PGjuMx1DpszyaIhIv3TQZ+/hzu9jhfEtc2RjY=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 d8006f736d3dc32a20a91813f2f50fa2.cloudfront.net (CloudFront)
cf-ray: 8c8780671bc0972b-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1682489433648

GET
H3 200 TF_Octo2.jpg
www.threatfabric.com/hubfs/ 2 MB
2 MB 35ms
31ms Image
image/webp 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.threatfabric.com/hubfs/TF_Octo2.jpg

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

340280661a009f2b141cec61490d3ceee6e9f7f0a787847d6f0fb5bc8536db33

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

x-robots-tag: all
cf-cache-status: HIT
etag: "5df1df536eab34d078c6ea34a409fc78"
age: 138479
cache-tag: F-179193237398,P-6701575,FLS-ALL
x-amz-version-id: p.E0EeMqxpSDufwZ0EomOV7E2FGMysep
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XA6pqzIySsgsQHOvHA3mYX8RwItNXHw8AlwDBE1CRXbJtPwjpKTK4O44m3%2FPSWPm343anYFLXTMwCvZt%2B9YQ2xw384MZzutuUah7vobsqULmayKd4aQnDOb4Xa%2By3F9WVl3JDaXSkTtQg0Gjpvc%2FULmF"}],"group":"cf-nel","max_age":604800}
alt-svc: h3=":443"; ma=86400
x-cache: Miss from cloudfront
x-amz-cf-id: BkSne2Urik8q2xtrFsxZpGYuY45EOp8BuN9mkvaoWe7IfbLDuplCeA==
content-type: image/webp
content-disposition: inline; filename="TF_Octo2.webp"
last-modified: Mon, 23 Sep 2024 11:46:36 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: PENDING
edge-cache-tag: F-179193237398,P-6701575,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: 1MKWXZN31JNZC0P1
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
accept-ranges: bytes
x-amz-meta-cache-tag: F-179193237398,P-6701575,FLS-ALL
content-length: 1765742
x-hs-alternate-content-type: text/plain
server: cloudflare
x-amz-server-side-encryption: AES256
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
cf-bgj: imgq:85,h2pri
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
cf-polished: qual=85, origFmt=jpeg, origSize=3630083
date: Wed, 25 Sep 2024 02:14:35 GMT
vary: Accept, Accept-Encoding
x-amz-id-2: F6l+c9W2ZJwVqcEVOj/HC4xGuNpfITp0KZoubbeUS6NpGxeFcpqib0d6N+Wv5lKu0SlI079f6AU0RqKdWEpde/9JlS2gD/Jk
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-amz-meta-access-tag: public-indexable
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 697e9166a29142e018dae0e083c25f18.cloudfront.net (CloudFront)
cf-ray: 8c8780671bbb972b-FRA
access-control-allow-origin: *
x-amz-cf-pop: ZRH50-C1
x-amz-meta-created-unix-time-millis: 1727091995236

GET
H3 200 Slide1-Sep-20-2024-10-16-01-2033-AM.png
www.threatfabric.com/hs-fs/hubfs/ 71 KB
71 KB 87ms
83ms Image
image/webp 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.threatfabric.com/hs-fs/hubfs/Slide1-Sep-20-2024-10-16-01-2033-AM.png?width=1920&height=1080&name=Slide1-Sep-20-2024-10-16-01-2033-AM.png

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d661e86a5b58eedfa167d60d789f4e8cc045992d4ef67ef9a0b57ecd26cc618d

Security Headers

Name	Value
Content-Security-Policy	default-src 'none'; navigate-to 'none'; form-action 'none'
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

cf-cache-status: HIT
etag: "cfBO4oR3W7I9fSKRbS5KEHgBEzIKc0wKeDGijcIDPWDQ:5fa57d5c52010a9456e7f2d73fc300c5"
cache-tag: F-178982253056,P-6701575,FLS-ALL
cf-resized: internal=ok/m q=0 n=1046+479 c=51+428 v=2024.9.4 l=72320 f=false
cf-bgj: imgq:86,h2pri
x-content-type-options: nosniff
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PK25oc8eM%2Bc26AOMvv7qjTcVdvBQdPGbtH6FhQIneR2fXSS5RA1PLuoZ9V4mYkhIpHSfjCzkTOQRBZmS7GvraHG8mG9DWW%2BFFdawp2KGUi42EwcvIPXlvvD1zzlbuXn0xtNgVKL%2B4p5Ceex2hWhhxwvP"}],"group":"cf-nel","max_age":604800}
date: Wed, 25 Sep 2024 02:14:35 GMT
content-type: image/webp
last-modified: Fri, 20 Sep 2024 10:16:03 GMT
vary: Accept, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-security-policy: default-src 'none'; navigate-to 'none'; form-action 'none'
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
via: 1.1 b09c8a20b29053a362f3c1085a0f8990.cloudfront.net (CloudFront)
cf-ray: 8c8780671bbf972b-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 72320
server: cloudflare

GET
H2 204 has-permission-json Show response
app.hubspot.com/content-tools-menu/api/v1/tools-menu/ 0
1 KB 209ms
174ms XHR
text/plain 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.hubspot.com/content-tools-menu/api/v1/tools-menu/has-permission-json?portalId=6701575

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/hs/hsstatic/HubspotToolsMenu/static-1.354/js/index.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	no-sniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

x-request-id: 2a3f6b30-9058-48b2-8c0f-244eaa41e3d7
cf-cache-status: DYNAMIC
x-hs-worker-debug-mode: false
report-to: {"group":"default","max_age":86400,"endpoints":[{"url":"https://send.hsbrowserreports.com/csp/reports"}]}
access-control-allow-methods: GET
x-content-type-options: no-sniff
x-evy-trace-listener: listener_https
date: Wed, 25 Sep 2024 02:14:35 GMT
x-hubspot-correlation-id: 2a3f6b30-9058-48b2-8c0f-244eaa41e3d7
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
reporting-endpoints: default="https://send.hsbrowserreports.com/csp/reports?cfRay=8c878067aa903603&resource=unknown"
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-6c6dd6864-n58dl
x-envoy-upstream-service-time: 2
access-control-allow-credentials: true
cf-ray: 8c878067aa903603-FRA
access-control-allow-origin: https://www.threatfabric.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET attribution_trigger
px.ads.linkedin.com/ 0
0

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=3969834&time=1727230475459&url=https%3A%2F%2Fwww.threatfabric.com%2Fblogs%2Focto2-european-banks-already-under-attack-by-new-malware-variant
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3969834&time=1727230475459&url=https%3A%2F%2Fwww.threatfabric.com%2Fblogs%2Focto2-european-banks-already-under-attack-by-new-malware-variant&e_ip...

0
266 B

200ms
157ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3969834&time=1727230475459&url=https%3A%2F%2Fwww.threatfabric.com%2Fblogs%2Focto2-european-banks-already-under-attack-by-new-malware-variant&e_ipv6=AQLdkJa6yPfSLwAAAZIm9X2l0PgXS05PY0mwc2F1d4CfM31RzT9ZMPoy-iHy2kXPVWbh77NPjYdtKatrcfOcN6Kd25LTrg
Requested by: Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

linkedin-action: 1
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 81F7A4CF4531464DAF64F45594AB4918 Ref B: DUS30EDGE0715 Ref C: 2024-09-25T02:14:35Z
x-li-fabric: prod-ltx1
x-li-uuid: AAYi6C71vdsTngy4WE4zAg==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Wed, 25 Sep 2024 02:14:35 GMT
content-type: application/javascript

Redirect headers

linkedin-action: 1
x-li-pop: afd-prod-ltx1-x
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=3969834&time=1727230475459&url=https%3A%2F%2Fwww.threatfabric.com%2Fblogs%2Focto2-european-banks-already-under-attack-by-new-malware-variant&e_ipv6=AQLdkJa6yPfSLwAAAZIm9X2l0PgXS05PY0mwc2F1d4CfM31RzT9ZMPoy-iHy2kXPVWbh77NPjYdtKatrcfOcN6Kd25LTrg
x-msedge-ref: Ref A: 8620086E970746FD87D914BB751355D7 Ref B: FRAEDGE1911 Ref C: 2024-09-25T02:14:35Z
x-li-fabric: prod-ltx1
x-li-uuid: AAYi6C7ysrRJHUpd+r1Ztg==
x-li-proto: http/2
x-cache: CONFIG_NOCACHE
content-length: 0
date: Wed, 25 Sep 2024 02:14:34 GMT

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 1 KB
2 KB 134ms
133ms Fetch
application/json 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=6701575&currentUrl=https%3A%2F%2Fwww.threatfabric.com%2Fblogs%2Focto2-european-banks-already-under-attack-by-new-malware-variant&contentId=178980931888

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

192de7ac2e91ea45ee3cff9668585af9a847b42a5c5b9c1101626f6ac0814092

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

x-robots-tag: noindex, follow
access-control-max-age: 180
x-request-id: f61ced4b-b9de-4ede-9195-d747c411f4cf
content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BtlpyBJSztzxzdctYv4md28v4CxUYrRcdqUFgP6md8hMAKBTV%2Byrfavgc0MrahEDX2XjJcLVrGutTfvXPBGIbFm49NUkbew4M2eiOAHjrjc6Gjg31eeDFecLgYCq2C%2FfCYWLds6EJvjBrZfO%2BWs1FRVnzd67YCLvSw4%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: OPTIONS, GET
x-evy-trace-listener: listener_https
date: Wed, 25 Sep 2024 02:14:35 GMT
x-hubspot-correlation-id: f61ced4b-b9de-4ede-9195-d747c411f4cf
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-5485db5487-vtz7f
x-envoy-upstream-service-time: 17
access-control-allow-credentials: true
cf-ray: 8c878067dfc53668-FRA
access-control-allow-origin: https://www.threatfabric.com
x-evy-trace-route-configuration: listener_https/all
content-length: 681
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 attribution_trigger
px.ads.linkedin.com/ 2 B
747 B 625ms
511ms Image
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=3969834&time=1727230475459&url=https%3A%2F%2Fwww.threatfabric.com%2Fblogs%2Focto2-european-banks-already-under-attack-by-new-malware-variant
Requested by: Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

x-li-pop: afd-prod-lor1-x
content-encoding: gzip
x-fs-uuid: 000622e82ef7f16e9443f138a456253a
x-msedge-ref: Ref A: 0DAA4C7FCD624CD698548B771FDCAF16 Ref B: FRAEDGE1911 Ref C: 2024-09-25T02:14:35Z
x-li-fabric: prod-lor1
x-restli-protocol-version: 1.0.0
access-control-allow-methods: GET, OPTIONS
x-li-uuid: AAYi6C738W6UQ/E4pFYlOg==
x-li-proto: http/2
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
date: Wed, 25 Sep 2024 02:14:35 GMT
content-type: application/json
access-control-allow-headers: *

GET
H2 200 json Show response
forms.hscollectedforms.net/collected-forms/v1/config/ 135 B
465 B 116ms
115ms XHR
application/json 2606:4700::6810:6bfe
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=6701575&utk=

Requested by

Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:6bfe , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3d4e95bd54c3e6a43268f14f3488db18f087c70f4ba9ee351d31780db8573b76

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept: application/json, text/plain, */*
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: 0063caf7-d8d6-4cf0-90cd-e5f81708cb88
content-encoding: br
cf-cache-status: DYNAMIC
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Wed, 25 Sep 2024 02:14:35 GMT
x-hubspot-correlation-id: 0063caf7-d8d6-4cf0-90cd-e5f81708cb88
content-type: application/json;charset=utf-8
vary: Accept-Encoding
access-control-allow-headers: *
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-6c6dd6864-lc6mc
x-envoy-upstream-service-time: 8
cf-ray: 8c878067e968bb80-FRA
access-control-allow-origin: https://www.threatfabric.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
909 B 167ms
151ms Image
image/gif 2606:4700::6812:50cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Host: www.threatfabric.com
URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:50cc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

x-robots-tag: none
x-request-id: dc1b4dac-f5f8-4be1-90f2-e153640d1d88
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Wed, 25 Sep 2024 02:14:35 GMT
x-hubspot-correlation-id: dc1b4dac-f5f8-4be1-90f2-e153640d1d88
content-type: image/gif
vary: origin, Accept-Encoding
last-modified: Wed, 25 Sep 2024 02:14:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-5485db5487-5vk5l
x-envoy-upstream-service-time: 3
access-control-allow-credentials: false
cf-ray: 8c878068ccf48fe0-FRA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 hs-web-interactive-6701575-139494617102
threatfabric-6701575.hs-sites.com/ Frame CD0F 0
0 400ms
380ms Document
text/html 2606:4700::6812:e072
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://threatfabric-6701575.hs-sites.com/hs-web-interactive-6701575-139494617102

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:e072 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
cache-control: s-maxage=10,max-age=5
cache-tag: CT-139494617102,P-6701575,PGS-ALL,SW-2
cf-cache-status: EXPIRED
cf-ray: 8c878068dbeb925c-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests
content-type: text/html;charset=utf-8
date: Wed, 25 Sep 2024 02:14:36 GMT
edge-cache-tag: CT-139494617102,P-6701575,PGS-ALL,SW-2
last-modified: Wed, 25 Sep 2024 02:14:35 GMT
server: cloudflare
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-envoy-upstream-service-time: 82
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/cms-hs-sites-td/envoy-proxy-7cfd74f5fd-p79zd
x-evy-trace-virtual-host: all
x-hs-cache-config: BrowserCache-5s-EdgeCache-10s
x-hs-content-campaign-id: 7436f6e2-b46a-4ea1-9c6e-4aa7d59b7348
x-hs-content-id: 139494617102
x-hs-hub-id: 6701575
x-hubspot-correlation-id: 590a421f-7f88-4074-9fa8-4eea7522eea5
x-request-id: 590a421f-7f88-4074-9fa8-4eea7522eea5
x-robots-tag: none

OPTIONS
H2 200 view
js.hs-banner.com/v2/activity/ Frame 0
0 306ms
293ms Preflight
application/octet-stream 2606:4700:4400::6812:28f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/activity/view
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:28f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.threatfabric.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.threatfabric.com
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
access-control-max-age: 604800
cf-cache-status: DYNAMIC
cf-ray: 8c8780699d0518ed-FRA
content-length: 0
content-type: application/octet-stream
date: Wed, 25 Sep 2024 02:14:36 GMT
server: cloudflare
timing-allow-origin: *
vary: origin
x-envoy-upstream-service-time: 0
x-evy-trace-listener: listener_https
x-evy-trace-route-configuration: listener_https/all
x-evy-trace-route-service-name: envoyset-translator
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-75d7846cb8-vm8bg
x-evy-trace-virtual-host: all
x-hubspot-correlation-id: 3f0b36a4-4f4e-48b1-a435-f22f286f35e6
x-request-id: 3f0b36a4-4f4e-48b1-a435-f22f286f35e6

GET
H2 200 cf-location Show response
js.hs-banner.com/v2/ 5 B
148 B 31ms
15ms Fetch
text/plain 2606:4700:4400::6812:28f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/v2/cf-location
Requested by: Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/6701575/banner.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:28f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b28ae40ac9ef82a5f8426c454cf12d9186a8e6813f6244bb9dddbef59af95071

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

cache-control: private, max-age=1500
cf-ray: 8c8780699d0418ed-FRA
access-control-allow-origin: *
content-length: 5
date: Wed, 25 Sep 2024 02:14:35 GMT
content-type: text/plain;charset=UTF-8
vary: Accept-Encoding
server: cloudflare

GET
H2 200 css2
fonts.googleapis.com/ 2 KB
865 B 39ms
18ms Stylesheet
text/css 2a00:1450:4001:80b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,400;0,700;1,400&display=swap

Requested by

Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/6701575/banner.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

fba31c2cd9699431dba47604216525f9bcc0cb1d5980fbae9b19c8b86454d2fc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

content-encoding: gzip
x-content-type-options: nosniff
expires: Wed, 25 Sep 2024 02:14:35 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Wed, 25 Sep 2024 02:14:35 GMT
content-type: text/css; charset=utf-8
last-modified: Wed, 25 Sep 2024 00:59:55 GMT
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31536000
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-resource-policy: cross-origin
access-control-allow-origin: *
x-xss-protection: 0
server: ESF

POST
H2 204 view
js.hs-banner.com/v2/activity/ 0
0 131ms
130ms Fetch 2606:4700:4400::6812:28f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-banner.com/v2/activity/view

Requested by

Host: js.hs-banner.com
URL: https://js.hs-banner.com/v2/6701575/banner.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:28f0 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

access-control-max-age: 604800
x-request-id: ed854202-6f70-4a5c-b36c-007dfb956d21
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
cf-cache-status: DYNAMIC
x-content-type-options: nosniff
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-evy-trace-listener: listener_http, listener_https
date: Wed, 25 Sep 2024 02:14:36 GMT
x-hubspot-correlation-id: ed854202-6f70-4a5c-b36c-007dfb956d21
vary: origin
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
x-evy-trace-route-service-name: envoyset-translator, envoyset-translator
x-evy-trace-served-by-pod: iad02/private-hubapi-td/envoy-proxy-68c6bb8dbb-p5h6m, iad02/analytics-js-proxy-td/envoy-proxy-75d7846cb8-b7pvv
timing-allow-origin: *
x-envoy-upstream-service-time: 23
access-control-allow-credentials: true
cf-ray: 8c87806b7eb418ed-FRA
access-control-allow-origin: https://www.threatfabric.com
x-evy-trace-route-configuration: listener_http/all, listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all, all

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 34ms
13ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-SZHLN4DST6&gtm=45je49n0v896951265za200&_p=1727230475227&gcs=G100&gcd=13q3qPq2q5l1&npa=1&dma_cps=-&dma=1&tag_exp=0&gdid=dZTQ1Zm&cid=136904025.1727230476&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=denied&_s=1&sid=1727230475&sct=1&seg=0&dl=https%3A%2F%2Fwww.threatfabric.com%2Fblogs%2Focto2-european-banks-already-under-attack-by-new-malware-variant&dt=Octo2%3A%20European%20Banks%20Already%20Under%20Attack%20by%20New%20Malware%20Variant&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1194
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-SZHLN4DST6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.threatfabric.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Wed, 25 Sep 2024 02:14:35 GMT
content-type: text/plain
server: Golfe2

GET
H3 200 S6uyw4BMUTPHjx4wXg.woff2
fonts.gstatic.com/s/lato/v24/ 23 KB
23 KB 25ms
9ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,400;0,700;1,400&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.threatfabric.com
Referer: https://fonts.googleapis.com/

Response headers

age: 64808
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Wed, 24 Sep 2025 08:14:27 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Tue, 24 Sep 2024 08:14:27 GMT
last-modified: Tue, 02 May 2023 15:17:22 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 23580
x-xss-protection: 0
server: sffe

GET
H3 200 S6u9w4BMUTPHh6UVSwiPGQ.woff2
fonts.gstatic.com/s/lato/v24/ 23 KB
23 KB 22ms
7ms Font
font/woff2 2a00:1450:4001:82b::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Lato:ital,wght@0,400;0,700;1,400&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin: https://www.threatfabric.com
Referer: https://fonts.googleapis.com/

Response headers

age: 100152
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
x-content-type-options: nosniff
expires: Tue, 23 Sep 2025 22:25:23 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 23 Sep 2024 22:25:23 GMT
last-modified: Tue, 02 May 2023 15:07:25 GMT
content-type: font/woff2
cache-control: public, max-age=31536000
timing-allow-origin: *
cross-origin-opener-policy: same-origin; report-to="apps-themes"
cross-origin-resource-policy: cross-origin
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
accept-ranges: bytes
access-control-allow-origin: *
content-length: 23040
x-xss-protection: 0
server: sffe

POST /
px.ads.linkedin.com/wa/ 0
0

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
921 B 122ms
122ms Image
image/gif 2606:4700::6810:7574
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=90950173&v=1.1&a=6701575&pi=178980931888&ct=blog-post&ccu=https%3A%2F%2Fwww.threatfabric.com%2Fblogs%2Focto2-european-banks-already-under-attack-by-new-malware-variant&cpi=178980931888&cgi=101307487134&lpi=178980931888&lvi=178980931888&lvc=en&pu=https%3A%2F%2Fwww.threatfabric.com%2Fblogs%2Focto2-european-banks-already-under-attack-by-new-malware-variant&t=Octo2%3A+European+Banks+Already+Under+Attack+by+New+Malware+Variant&cts=1727230476962&rv=1&vi=1984bd67f760bc597d188ea6f96779d7&nc=true&ce=false&cc=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

x-robots-tag: none
x-request-id: 04ef8a50-599c-43c0-8be3-08491fb3b2dd
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zFhNvRtEgDFia%2Bn8xe0Gwchi9dIqEJyMP0lI7DTlj2Qj3yfc9NcaE4vRWOboOO9CpF6jVrPA1ngfIYMisp5Ct3UaWrXW8IRpUEDvfh7owWjmUlOl8uPHY%2FSNqAcrHXZlbk6YK4JXBigcUaBoFsST"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Wed, 25 Sep 2024 02:14:37 GMT
x-hubspot-correlation-id: 04ef8a50-599c-43c0-8be3-08491fb3b2dd
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-689db97f95-dmsvv
x-envoy-upstream-service-time: 5
access-control-allow-credentials: false
cf-ray: 8c87807118923603-FRA
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
564 B 114ms
114ms Image
image/gif 2606:4700::6812:50cc
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=interactive-shown&value=1

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:4700::6812:50cc , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

x-robots-tag: none
x-request-id: 9b37c319-1e65-4776-bb9b-ed3b5644c689
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
date: Wed, 25 Sep 2024 02:14:37 GMT
x-hubspot-correlation-id: 9b37c319-1e65-4776-bb9b-ed3b5644c689
content-type: image/gif
vary: origin, Accept-Encoding
last-modified: Wed, 25 Sep 2024 02:14:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-5485db5487-rp6k4
x-envoy-upstream-service-time: 1
access-control-allow-credentials: false
cf-ray: 8c8780711f2e8fe0-FRA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 threatfabric-icon-dark.svg
www.threatfabric.com/hubfs/Threatfabric/favicon/ 467 B
2 KB 30ms
30ms Other
image/svg+xml 2606:2c40::c73c:6702
CLOUDFLARESPECTRU...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.threatfabric.com/hubfs/Threatfabric/favicon/threatfabric-icon-dark.svg

Protocol

Security

QUIC, , AES_128_GCM

Server

2606:2c40::c73c:6702 , United States, ASN209242 (CLOUDFLARESPECTRUM Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

57a5da7ac787966a0343f72308a274a6efbe29b054c45a39006d357f9a7dd4db

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant

Response headers

x-robots-tag: all
content-encoding: br
cf-cache-status: HIT
etag: W/"fce2ca26ec3fee39e3f2c79385fef303"
age: 2463920
cache-tag: F-113881471036,FD-113881358172,P-6701575,FLS-ALL
x-amz-version-id: QPlhIhds5bQd9SFyVnWczTf6KRniE2eW
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FP%2F6pJ5LY%2B6WUcaom8J6l%2FlFsACEX6d1Py%2F5Bjii18fKvvP9FgUCExgtVmVJKZjI%2FPH%2Bs76hQ%2FdKcnO87vpcs3BMbykqsrCnbIct0qVG3QxB2o%2FrmbMsdHzPcyIFqRj3V4KR3WXCaK7fhZmW%2Fdgp8Zr%2F"}],"group":"cf-nel","max_age":604800}
x-cache: Miss from cloudfront
x-amz-cf-id: HinKljTciWKviX8iSBYoz79985fQcYpBgKEzbv02v9ue8TcvqhfVxg==
content-type: image/svg+xml
last-modified: Tue, 02 May 2023 11:36:10 GMT
x-amz-meta-index-tag: all
x-amz-replication-status: COMPLETED
edge-cache-tag: F-113881471036,FD-113881358172,P-6701575,FLS-ALL
cache-control: s-maxage=2592000, max-age=1209600, stale-while-revalidate=900
x-amz-request-id: KTPPYK0GEADPNFHE
x-hs-cf-lambda-enforce: us-east-1.EnforceAclForReads 3
x-amz-meta-cache-tag: F-113881471036,FD-113881358172,P-6701575,FLS-ALL
x-hs-alternate-content-type: text/plain
server: cloudflare
x-hs-cf-lambda: us-east-1.EnforceAclForReads 3
x-amz-server-side-encryption: AES256
access-control-allow-methods: GET
x-amz-storage-class: INTELLIGENT_TIERING
date: Wed, 25 Sep 2024 02:14:36 GMT
vary: Accept-Encoding
x-amz-id-2: e7DPeZdSlDVZ99awtrA4XjXz/Mw1p3ijcxZ6ED8ZdSbvTly6Jzbql8JCnovL4DqfziZvRUT6Y2c=
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
timing-allow-origin: d8fk70yj6xfhx.cloudfront.net
via: 1.1 96f7375d4633bdc30f727db82897e3b4.cloudfront.net (CloudFront)
cf-ray: 8c8780711a49972b-FRA
access-control-allow-origin: *
x-amz-cf-pop: FRA60-P7
x-amz-meta-created-unix-time-millis: 1683027369208

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: platform.linkedin.com
URL: https://platform.linkedin.com/in.js

Domain: connect.facebook.net
URL: https://connect.facebook.net/en_GB/sdk.js

Domain: platform.twitter.com
URL: https://platform.twitter.com/widgets.js

Domain: px.ads.linkedin.com
URL: https://px.ads.linkedin.com/attribution_trigger?pid=3969834&time=1727230475459&url=https%3A%2F%2Fwww.threatfabric.com%2Fblogs%2Focto2-european-banks-already-under-attack-by-new-malware-variant

Domain: px.ads.linkedin.com
URL: https://px.ads.linkedin.com/wa/

Verdicts & Comments Add Verdict or Comment

61 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.hsforms.com/	1970-01-20 23:47:12	Name: __cf_bm Value: 0.KYO07uOIxTKsFsY.f2_XgfbIWwQaku2Ko6KG06l1w-1727230475-1.0.1.1-0HPrJcPpA1xjIolj.LCzhangZQNx6DBtAH2oy2MSlTx4UDoCKpNEyQUykg7UINAILjTWGZnrDsVWlippr5o3eA
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: MhMvCu9D19cQryo8rXl4Ud4ZjLMUu4rbhrloW_LI8Ck-1727230475791-0.0.1.1-604800000
.linkedin.com/	1970-01-21 08:32:46	Name: bcookie Value: "v=2&c5ce53b6-e516-48f5-8aed-e511fe0b30a9"
.linkedin.com/	1970-01-21 04:06:22	Name: li_gc Value: MTswOzE3MjcyMzA0NzY7MjswMjHwhE4Q8SPPVY7ZKGNb3b37IMTmgmBLQsDf0B/y2Zxsng==
.linkedin.com/	1970-01-20 23:48:36	Name: lidc Value: "b=OGST06:s=O:r=O:a=O:p=O:g=3083:u=1:x=1:i=1727230476:t=1727316876:v=2:sig=AQFf1_Qsplh0bJUr2U9jXN0lrr3l2Q-K"
.hs-sites.com/	1969-12-31 23:59:59	Name: __cfruid Value: eb64560fb033474860efe844fd24269fc8b4d095-1727230476
.www.threatfabric.com/	1970-01-20 23:47:12	Name: __cf_bm Value: uvvH0ke9rtIRCVe00.lrWnxPk7OAE26xYgVclQX2mQ8-1727230476-1.0.1.1-NIeUMGfKvMFESssnJGMszHKwAExo3pUesR7fMjPzRuUDvJk.PMyIDeG_bZp1iFBjTxm5Ch3raLLQNMqbJOZk8w
.www.threatfabric.com/	1969-12-31 23:59:59	Name: __cfruid Value: 5a78751425c31ff04a2356e930e24dc8c073a806-1727230476
.hubspot.com/	1970-01-20 23:47:12	Name: __cf_bm Value: mApuAfSQH.RYjmt8Yl2Em_rK2nPY18YTJ_c2FDVmtyE-1727230477-1.0.1.1-zS0mZXGl0xxQV2WDSsW8AwrjXOrlQzhApqo.2fbVSc_YVDwP73ThK5tvPQMau8dE4uVOWQDv5USgBCuTfqE_TQ
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: 1ki7Cd5cbepkZpbtR2gXWkMUYErKcCu43XvVZMV5DCk-1727230477088-0.0.1.1-604800000

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant Message: Refused to load the script 'https://platform.linkedin.com/in.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' .hubspot.com cdnjs.cloudflare.com .hubspot.net .hs-scripts.com .hubspotfeedback.com www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com static.hsappstatic.net .hs-banner.com .hs-analytics.net .hsadspixel.net js.hscta.net .hscollectedforms.net .hsleadflows.net .hsforms.com .hsforms.net feedback.hubapi.com .usemessages.com snap.licdn.com *.doubleclick.net". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant(Line 42830) Message: Refused to load the script 'https://connect.facebook.net/en_GB/sdk.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' .hubspot.com cdnjs.cloudflare.com .hubspot.net .hs-scripts.com .hubspotfeedback.com www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com static.hsappstatic.net .hs-banner.com .hs-analytics.net .hsadspixel.net js.hscta.net .hscollectedforms.net .hsleadflows.net .hsforms.com .hsforms.net feedback.hubapi.com .usemessages.com snap.licdn.com *.doubleclick.net". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://www.threatfabric.com/blogs/octo2-european-banks-already-under-attack-by-new-malware-variant(Line 42831) Message: Refused to load the script 'https://platform.twitter.com/widgets.js' because it violates the following Content Security Policy directive: "script-src 'self' 'unsafe-inline' .hubspot.com cdnjs.cloudflare.com .hubspot.net .hs-scripts.com .hubspotfeedback.com www.googletagmanager.com www.google.com/recaptcha/ www.gstatic.com/recaptcha/ maps.googleapis.com static.hsappstatic.net .hs-banner.com .hs-analytics.net .hsadspixel.net js.hscta.net .hscollectedforms.net .hsleadflows.net .hsforms.com .hsforms.net feedback.hubapi.com .usemessages.com snap.licdn.com *.doubleclick.net". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Message: Refused to connect to 'https://px.ads.linkedin.com/attribution_trigger?pid=3969834&time=1727230475459&url=https%3A%2F%2Fwww.threatfabric.com%2Fblogs%2Focto2-european-banks-already-under-attack-by-new-malware-variant' because it violates the following Content Security Policy directive: "connect-src 'self' .hubspot.com .hubapi.com .hs-banner.com .hscollectedforms.net .hsforms.com js.hscta.net .google-analytics.com www.google.com maps.googleapis.com *.doubleclick.net".
security	error	URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Message: Refused to connect to 'https://px.ads.linkedin.com/wa/' because it violates the following Content Security Policy directive: "connect-src 'self' .hubspot.com .hubapi.com .hs-banner.com .hscollectedforms.net .hsforms.com js.hscta.net .google-analytics.com www.google.com maps.googleapis.com *.doubleclick.net".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31536000; includeSubDomains; preload

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.hubspot.com
cdn2.hubspot.net
cdnjs.cloudflare.com
connect.facebook.net
cta-service-cms2.hubspot.com
fonts.googleapis.com
fonts.gstatic.com
forms.hscollectedforms.net
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
js.hscollectedforms.net
js.hubspot.com
perf-na1.hsforms.com
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
px4.ads.linkedin.com
region1.google-analytics.com
snap.licdn.com
static.hsappstatic.net
threatfabric-6701575.hs-sites.com
track.hubspot.com
www.googletagmanager.com
www.threatfabric.com
connect.facebook.net
platform.linkedin.com
platform.twitter.com
px.ads.linkedin.com
13.107.42.14
2001:4860:4802:32::36
2606:2c40::c73c:6702
2606:4700:4400::6812:28f0
2606:4700::6810:6bfe
2606:4700::6810:7574
2606:4700::6810:7674
2606:4700::6810:8cd1
2606:4700::6811:180e
2606:4700::6811:80ac
2606:4700::6811:af5b
2606:4700::6811:afc9
2606:4700::6812:50cc
2606:4700::6812:5b3e
2606:4700::6812:e072
2620:1ec:21::14
2a00:1450:4001:80b::200a
2a00:1450:4001:82b::2003
2a00:1450:4001:831::2008
2a02:26f0:3500:10::210:a9a
03dda228d170d183aa55f86b217ed588625441ade833d571a95252eff3bb4cad
059b77025c02623999e7524b737287072bd2dbb42c1652f70a4020338b1e5f21
0adb227efa2074c6ae2b5e686cf4d1949a6edfc05bd56fa81e34c9a2c69fb50a
0d65652e4a1175891a46374d16ec569329b2e667eedb5770ce7ce193fd8fd41a
192de7ac2e91ea45ee3cff9668585af9a847b42a5c5b9c1101626f6ac0814092
22138da3b4d85ca7e2b14c1d8d7e630bfb743281130599ddbe4764f13c890018
2d5c291cc9ce12740d42109fbf4384252918103351a98793ffa71f764ea3e4cf
340280661a009f2b141cec61490d3ceee6e9f7f0a787847d6f0fb5bc8536db33
3d4e95bd54c3e6a43268f14f3488db18f087c70f4ba9ee351d31780db8573b76
401925a1114f7003121630392768d35516be54a4028f01024528aeae99a45a56
42c7e51d284cd7256caf3bfebf641141876657ea0d6e5588ac7e69dce1e9cf7e
42db2b6421ba0667a52a6f929b6f61decd0a6efd16ac1bde0701bcc0e132d4ea
5172f440714da51e243a13e0f93911405618326b2013313b682caa428c47e6ef
57a5da7ac787966a0343f72308a274a6efbe29b054c45a39006d357f9a7dd4db
639127081177ea5058409066f97e84fb8ffdad426754956248f4ed77b45bd606
6685b4f71edb4ae81b8a710e36f8c794c3e731feeb17614e476daf056b06a824
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
74c17452683150ad0f623fdd9a849ba85d73fb9d221cebe9aa11db52969dbe23
77080938572095bddc311784e1c284e7cd12268f46946aff94d04a43a53dffc9
863886e2347be57cf71d7ed3fc614593e94bbce61858cd8c0761ba7a78d2ace4
89bf8cdea73ce776d6b81d03837bc7f04af5e3946b839a3c0bfbf3094ad3f7be
8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed
8da927b6b1240ffca4323fbb2a12c8e5abb541040965c2bc5b7d09a2eb963b02
918b7dc3e2e2d015c16ce08b57bcb64d2253bafc1707658f361e72865498e537
928e23e6b9fcef82c5f1d1f05b6f7fc5a6e187c60195e59fbf16fc9d071ee057
98dfeb1d061e8788b320a130a84723813efed0b2518921f30b40cc8a09bf8ecf
9a99582509ef12cb1bce9fd579678e502e8a3c064e193b977cecc1b2c46cf48b
a8904fbb9523825b6acd03a3e70df5d8f85f2465123a8f61c8505b955c7184e7
a924c55af6e42515871fdd850703bea91aedd280d30febc3ddc9f674df234785
ae37720bad220c27736f9097566e8cec3bce2f45d980f509c193f54d6d4aea59
af1e6edc875a382b338bb25bd7c5c3f474a7f1b36212002a5896dd06f2186325
b023c3b26ca69356ad0aa6b6296d5e6a337ec10ca1f8275483437202a03c381c
b28ae40ac9ef82a5f8426c454cf12d9186a8e6813f6244bb9dddbef59af95071
b536c1fa11ad6d83e7c2af12ecddd6e16d79a6e2e1eda092c26944af3ba7e3fc
b754a50214c3af13ad5b80267b36a52a379030f4cdf28ea62bdc23121fb63963
b7b87f1b48aa75784afb205b3d567664641bc056af2e20b5873da2c90605b7d2
c16d59010b5c7bc246cc28fa0b991da4aaf6ed332f99940a4d5bd29de1ad43de
c447dd7677b419db7b21dbdfc6277c7816a913ffda76fd2e52702df538de0e49
c72453555e07b39f889a9a676fca1a86a18213ffb7cb2667de5f0f277c4014d3
c917923119f99ca28c29eca25a2a4a9606edd23f26633bab2e212ce053dd5f1c
ca21bb556f4c5d4b3d249e8c26843126facce3d88c00402c0871adeb7799c383
d661e86a5b58eedfa167d60d789f4e8cc045992d4ef67ef9a0b57ecd26cc618d
d92c25b1d90bdf3fb25373c5e3de35b1256f47a96575d58b4e6ae10be499d76d
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
dc377d0b25d1c78cd2fb2d8c9b3cc8fe12db24bd47084deda1129905ca256099
e082d568fb44df37fa453a514a8e553c889abe144c5c73866c1f020e4ccfbc49
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
fa7fe4fd0aef1b94a3910f43b99060d1fcf2b12302726c4f52146ca1f613e516
fba31c2cd9699431dba47604216525f9bcc0cb1d5980fbae9b19c8b86454d2fc

www.threatfabric.com Open in urlscan Pro 2606:2c40::c73c:6702 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

64 Requests

91 %HTTPS

95 %IPv6

20 Domains

26 Subdomains

21 IPs

2 Countries

2474 kBTransfer

3924 kBSize

10 Cookies

2 Outgoing links

Redirected requests

64 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.threatfabric.com Open in urlscan Pro
2606:2c40::c73c:6702 Public Scan

Screenshot
Live screenshot

Full Image

64
Requests

91 %
HTTPS

95 %
IPv6

20
Domains

26
Subdomains

21
IPs

2
Countries

2474 kB
Transfer

3924 kB
Size

10
Cookies

64 HTTP transactions
0 data transactions