Report - www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/&ved=2ahUKEwjlqPXo9caFAxWGElkFHc-_BkUQFnoECBAQAw&usg=AOvVaw1J1DEOg1iQ9FiWb8ypkapB

Report Overview

Submitted URL
www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/&ved=2ahUKEwjlqPXo9caFAxWGElkFHc-_BkUQFnoECBAQAw&usg=AOvVaw1J1DEOg1iQ9FiWb8ypkapB
IP
142.250.74.164
ASN
#15169 GOOGLE
Submitted
2024-04-16 14:18:34
Access
public
Website Title
Operation PhantomBlu: New and Evasive Method Delivers NetSupport RAT - Perception Point
Final URL
perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/
Tags
urlquery detections
No alerts detected

Detections

urlquery
0
Network Intrusion Detection
0
Threat Detection Systems
0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
www.google.com	7	1997-09-15	2015-05-10	2024-03-23	763 B	1.4 kB	142.250.74.164
perception-point.io	469555	2015-08-16	2016-01-19	2024-02-12	10 kB	372 kB	141.193.213.21

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

No alerts detected

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

mnemonic secure dns

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

JavaScript (12)

	URL	Size	First Seen	Last Seen
	perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/	476 B	2023-03-07	2024-05-02
Pretty URL perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ IP 141.193.213.21 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:02:50 Last Seen2024-05-02 08:51:56 Times Seen15738 Hash ce71388c2d441cfb9ef0985bc4e5bb71 1e74c490ed76f671eb45ab0b45c9c9f5b9b89f0f efb5a648656ae8f944fbf74e5644126464160ab50197a288c8b587e74edd575a Loading...

	perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/	10 kB	2024-03-20	2024-05-02
Pretty URL perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ IP 141.193.213.21 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-03-20 20:06:13 Last Seen2024-05-02 08:51:56 Times Seen45 Hash 9ecacb6622e8cbd4771a60ee35e7e478 2045ce3c795148fd53384fcf38617b3ee2d3df72 3357ad493b0b4d8ca2a3d79661ae3be3d79e575bc1bbcc1c46bbe1b96719282e Loading...

	perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/	106 B	2024-04-16	2024-04-16
Pretty URL perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ IP 141.193.213.21 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-16 16:18:35 Last Seen2024-04-16 16:18:35 Times Seen1 Hash dcea6031b20d34c3efd915f5ebe0fce3 7c67a6a551a8370754590cc9d4d5b2e5185cd905 f91efed99ecfdd7002a5723e80cb19a7463b26da266e4d6d83e960bba20b1776 Loading...

	perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/	106 B	2024-04-16	2024-04-16
Pretty URL perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ IP 141.193.213.21 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-16 16:18:35 Last Seen2024-04-16 16:18:35 Times Seen1 Hash d023b7309724879bee48c47dff17a3f8 f5310185bd8112037ce492f2e7f230e5e69c6de3 9f2e48de95cfbe1712dbe66c1392e24b5ca113e856df2c6fe3e78997c6736584 Loading...

	perception-point.io/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/lazyload.min.js	8.9 kB	2023-03-07	2024-05-02
Pretty URL perception-point.io/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/lazyload.min.js IP 141.193.213.21 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML false Observations First Seen2023-03-07 01:19:39 Last Seen2024-05-02 09:39:23 Times Seen21376 Hash fb15a10a641a318f91e7e912e4f9c184 bd41f67233facb96976ed7b8e7207d52c03d340e f40767552e5e94b2d5f9a65d7f640cfa7d225298023dbd682095e040809a3d1a Loading...

	perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/	98 B	2024-04-02	2024-04-16
Pretty URL perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ IP 141.193.213.21 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-02 17:21:18 Last Seen2024-04-16 16:18:35 Times Seen2 Hash 5fda56e94becf7a433b204237aebc590 80074536023697eff39c0aa8c1fb4fc9c3726793 7dda4b958526b0a42d9e033b5e2305239f0d094477e2dcf35ecaf8123e153e5d Loading...

	perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/	580 B	2024-04-16	2024-04-16
Pretty URL perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ IP 141.193.213.21 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-16 16:18:35 Last Seen2024-04-16 16:18:35 Times Seen1 Hash 2644e20bebd331e5bcf4355a6209b699 dcb331213b498a6f758fbdc70d1af69e90554788 3c77a03bc59b86d3f4cc070ef64cd3024d607c708ad9833568208a2b61e2482c Loading...

	perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/	450 B	2024-04-16	2024-04-16
Pretty URL perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ IP 141.193.213.21 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-16 16:18:35 Last Seen2024-04-16 16:18:35 Times Seen1 Hash 34ce11a84224ce2d01e2a4f0677874ab 7f2bde7da21de3f94560746d734328f8869952a5 919006558978d59ca20d8f7ef70a71c4f64aee3dbbf254b3f6d4f216e7df8cba Loading...

	perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/	296 B	2024-04-16	2024-04-16
Pretty URL perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ IP 141.193.213.21 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-16 16:18:35 Last Seen2024-04-16 16:18:35 Times Seen1 Hash 173fcfbfc869e54de22f7155fc59b4f8 bb9c279985ebf5e3d8a5d782c7af59aabf3492e6 595cd9471b0bbf7466d453ebc2013a90182cdc357e0b5184c3dedb757c3999d3 Loading...

	perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/	1.8 kB	2023-03-07	2024-05-02
Pretty URL perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ IP 141.193.213.21 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-03-07 01:07:48 Last Seen2024-05-02 08:51:56 Times Seen15076 Hash d8c8affb8db50a19f545450d49ec3509 c3b2998aff813284ea71334180093b95f53d5d5d 7cf5deb705b1e36e7c8cbdb9e8eacdb50432bc5551e3f068b647992ad7e4e784 Loading...

	perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/	1.6 kB	2024-04-16	2024-04-16
Pretty URL perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ IP 141.193.213.21 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2024-04-16 16:18:35 Last Seen2024-04-16 16:18:35 Times Seen1 Hash 8c7fa60fbbd4f005a14d52e0794220ba 1bf81b516cc39a922f8618c4141e73885dd935b3 07395d00099e901fb8447310b560bd668d6bd53b3e39f562498e8666613836ae Loading...

	perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/	1.7 kB	2023-05-25	2024-04-30
Pretty URL perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ IP 141.193.213.21 ASN #209242 Cloudflare London, LLC Introduced by scriptElement Embedded in HTML true Observations First Seen2023-05-25 18:52:16 Last Seen2024-04-30 20:10:02 Times Seen501 Hash 21df4a21d6ae314f2f12bc07b5ef39d5 4b3dd078ee01a29aa790c05964bfa1050f9dcf64 830c0d8f0d9d0444ec4de7b14cec54bf75b961dd5200c8c1e408e84ce9a2a95e Loading...

HTTP Transactions (15)

	URL	IP	Response	Size
	www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/&ved=2ahUKEwjlqPXo9caFAxWGElkFHc-_BkUQFnoECBAQAw&usg=AOvVaw1J1DEOg1iQ9FiWb8ypkapB	142.250.74.164		417 B
URL www.google.com/url?sa=t&source=web&rct=j&opi=89978449&url=https://perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/&ved=2ahUKEwjlqPXo9caFAxWGElkFHc-_BkUQFnoECBAQAw&usg=AOvVaw1J1DEOg1iQ9FiWb8ypkapB IP 142.250.74.164:0 ASN #15169 GOOGLE File type JavaScript source, ASCII text, with very long lines (636) Size 417 B (417 bytes) Hash c0e5e5935c28878323b24e5da2b28ea8 3ef821aaf24a5cb797bd0ac1e25f1fa7e76f920c 824143a33ecf727d39a1c4403023441369f90007e5a1381f96736c007636897d HTTP Headers GET /url?sa=t&source=web&rct=j&opi=89978449&url=https://perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/&ved=2ahUKEwjlqPXo9caFAxWGElkFHc-_BkUQFnoECBAQAw&usg=AOvVaw1J1DEOg1iQ9FiWb8ypkapB HTTP/1.1 Host: www.google.com User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Cookie: SOCS=CAESHAgBEhJnd3NfMjAyMjA5MjktMF9SQzEaAnJvIAEaBgiAkvOZBg Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Tue, 16 Apr 2024 14:18:08 GMT pragma: no-cache expires: Fri, 01 Jan 1990 00:00:00 GMT cache-control: no-cache, must-revalidate content-type: text/html; charset=UTF-8 strict-transport-security: max-age=31536000 content-security-policy: object-src 'none';base-uri 'self';script-src 'nonce-uA12p_GG_ofnOw0K2BlTDQ' 'strict-dynamic' 'report-sample' 'unsafe-eval' 'unsafe-inline' https: http:;report-uri https://csp.withgoogle.com/csp/gws/other p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info." content-encoding: br server: gws content-length: 417 x-xss-protection: 0 set-cookie: __Secure-ENID=19.SE=YIVwrtaQo9pBipFbZPyVoSbxanrVrjmt2jRFK_A4gkVm6gLo1TDZZTxJ4DzxVQTeSjtzT_rs6YNhYGNJL7WbudU8e7G5d710YiqUB5D4nG7A7xilNEu1SD-kni6_rrIPjRAqRbP_tOpuXUcSeWgc_p3yFpYkycW6Y7kpOXOGnMjoalk; expires=Sat, 17-May-2025 06:36:26 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=lax alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 X-Firefox-Spdy: h2

	perception-point.io/wp-content/uploads/2020/03/lineto-circular-bold.woff2	141.193.213.21	200 OK	35 kB
URL GET HTTP/3 perception-point.io/wp-content/uploads/2020/03/lineto-circular-bold.woff2 IP 141.193.213.21:443 ASN #209242 Cloudflare London, LLC Requested by https://perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ Certificate IssuerCloudflare, Inc. Subjectperception-point.io Fingerprint8D:6C:C5:DD:B0:57:A1:90:FE:AC:E1:7F:D1:08:5E:D6:A5:A2:08:C5 ValidityWed, 30 Aug 2023 00:00:00 GMT - Wed, 28 Aug 2024 23:59:59 GMT File type Web Open Font Format (Version 2), TrueType, length 34960, version 0.0 Size 35 kB (34960 bytes) Hash da46404a5ff7625aca912f9292d31a6a 4bf839a6ec7bd3fa3cfb0496a84bf21eae1909a0 23e71bdfef13622d0d52b2b4b7ed3c1edb9e81f210692130dee9a521e97d062f HTTP Headers GET /wp-content/uploads/2020/03/lineto-circular-bold.woff2 HTTP/1.1 Host: perception-point.io User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ DNT: 1 Connection: keep-alive Cookie: __cf_bm=3w6eJK6JQDGl3UJh1j1cCaAFRAXGMfsZG7mhffbeSyc-1713277091-1.0.1.1-Bp6QZAW1pjir6rfDa01FUyDzgf0MykguptdYkqMflnXcNpgV8qAgSdxQ7exkCXlSPdz23tvqkM4tRbAavrTSPA Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 200 OK date: Tue, 16 Apr 2024 14:18:12 GMT content-type: font/woff2 content-length: 34960 last-modified: Tue, 25 Apr 2023 14:13:12 GMT etag: "6447dff8-8890" cache-control: public, max-age=31536000 vary: Accept-Encoding access-control-allow-origin: * permissions-policy: geolocation=self strict-transport-security: max-age=31536000; includeSubDomains; preload x-content-type-options: nosniff x-frame-options: SAMEORIGIN cf-cache-status: HIT age: 1708758 accept-ranges: bytes server: cloudflare cf-ray: 8754cda10d3d56b9-OSL alt-svc: h3=":443"; ma=86400

	perception-point.io/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2	141.193.213.21	200 OK	78 kB
URL GET HTTP/3 perception-point.io/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2 IP 141.193.213.21:443 ASN #209242 Cloudflare London, LLC Requested by https://perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ Certificate IssuerCloudflare, Inc. Subjectperception-point.io Fingerprint8D:6C:C5:DD:B0:57:A1:90:FE:AC:E1:7F:D1:08:5E:D6:A5:A2:08:C5 ValidityWed, 30 Aug 2023 00:00:00 GMT - Wed, 28 Aug 2024 23:59:59 GMT File type Web Open Font Format (Version 2), TrueType, length 78196, version 331.-31261 Size 78 kB (78196 bytes) Hash e8a427e15cc502bef99cfd722b37ea98 a9922842a120a7f1eaced667480c5e185a106d69 d0b4256abed72481585662971262eabee345c19f837af00d7ce24239d3b40eef HTTP Headers GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-solid-900.woff2 HTTP/1.1 Host: perception-point.io User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ DNT: 1 Connection: keep-alive Cookie: __cf_bm=3w6eJK6JQDGl3UJh1j1cCaAFRAXGMfsZG7mhffbeSyc-1713277091-1.0.1.1-Bp6QZAW1pjir6rfDa01FUyDzgf0MykguptdYkqMflnXcNpgV8qAgSdxQ7exkCXlSPdz23tvqkM4tRbAavrTSPA Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 200 OK date: Tue, 16 Apr 2024 14:18:12 GMT content-type: font/woff2 content-length: 78196 last-modified: Mon, 08 Apr 2024 07:51:18 GMT etag: "6613a1f6-13174" cache-control: public, max-age=31536000 vary: Accept-Encoding access-control-allow-origin: * permissions-policy: geolocation=self strict-transport-security: max-age=31536000; includeSubDomains; preload x-content-type-options: nosniff x-frame-options: SAMEORIGIN cf-cache-status: HIT accept-ranges: bytes server: cloudflare cf-ray: 8754cda10d3c56b9-OSL alt-svc: h3=":443"; ma=86400

	perception-point.io/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-regular-400.woff2	141.193.213.21	200 OK	13 kB
URL GET HTTP/3 perception-point.io/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-regular-400.woff2 IP 141.193.213.21:443 ASN #209242 Cloudflare London, LLC Requested by https://perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ Certificate IssuerCloudflare, Inc. Subjectperception-point.io Fingerprint8D:6C:C5:DD:B0:57:A1:90:FE:AC:E1:7F:D1:08:5E:D6:A5:A2:08:C5 ValidityWed, 30 Aug 2023 00:00:00 GMT - Wed, 28 Aug 2024 23:59:59 GMT File type Web Open Font Format (Version 2), TrueType, length 13276, version 331.-31261 Size 13 kB (13276 bytes) Hash f0f8230116992e521526097a28f54066 0447c6b10bbf73f97b23dcfd6e6a48510822cb6e 8afc6e5e842baab16010c2ce6fcf48ec4ded8e1579a37c1f1bc027e120d04951 HTTP Headers GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-regular-400.woff2 HTTP/1.1 Host: perception-point.io User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ DNT: 1 Connection: keep-alive Cookie: __cf_bm=3w6eJK6JQDGl3UJh1j1cCaAFRAXGMfsZG7mhffbeSyc-1713277091-1.0.1.1-Bp6QZAW1pjir6rfDa01FUyDzgf0MykguptdYkqMflnXcNpgV8qAgSdxQ7exkCXlSPdz23tvqkM4tRbAavrTSPA Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 200 OK date: Tue, 16 Apr 2024 14:18:12 GMT content-type: font/woff2 content-length: 13276 last-modified: Mon, 08 Apr 2024 07:51:18 GMT etag: "6613a1f6-33dc" cache-control: public, max-age=31536000 vary: Accept-Encoding access-control-allow-origin: * permissions-policy: geolocation=self strict-transport-security: max-age=31536000; includeSubDomains; preload x-content-type-options: nosniff x-frame-options: SAMEORIGIN cf-cache-status: HIT accept-ranges: bytes server: cloudflare cf-ray: 8754cda10d3856b9-OSL alt-svc: h3=":443"; ma=86400

	perception-point.io/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2	141.193.213.21	200 OK	82 kB
URL GET HTTP/3 perception-point.io/wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2 IP 141.193.213.21:443 ASN #209242 Cloudflare London, LLC Requested by https://perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ Certificate IssuerCloudflare, Inc. Subjectperception-point.io Fingerprint8D:6C:C5:DD:B0:57:A1:90:FE:AC:E1:7F:D1:08:5E:D6:A5:A2:08:C5 ValidityWed, 30 Aug 2023 00:00:00 GMT - Wed, 28 Aug 2024 23:59:59 GMT File type Web Open Font Format (Version 2), TrueType, length 81612, version 1.0 Size 82 kB (81612 bytes) Hash b4d6b90f14c0441aac364e194978408e 142696d43851c8eba0f54c7b94c5f6ebd09703e6 6b2680fab784d245cbb23d3b51e8d18740e8fc1c7c1c8eadcf0b2b7612125ff8 HTTP Headers GET /wp-content/plugins/elementor/assets/lib/font-awesome/webfonts/fa-brands-400.woff2 HTTP/1.1 Host: perception-point.io User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ DNT: 1 Connection: keep-alive Cookie: __cf_bm=3w6eJK6JQDGl3UJh1j1cCaAFRAXGMfsZG7mhffbeSyc-1713277091-1.0.1.1-Bp6QZAW1pjir6rfDa01FUyDzgf0MykguptdYkqMflnXcNpgV8qAgSdxQ7exkCXlSPdz23tvqkM4tRbAavrTSPA Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 200 OK date: Tue, 16 Apr 2024 14:18:12 GMT content-type: font/woff2 content-length: 81612 last-modified: Mon, 08 Apr 2024 07:51:18 GMT etag: "6613a1f6-13ecc" cache-control: public, max-age=31536000 vary: Accept-Encoding access-control-allow-origin: * permissions-policy: geolocation=self strict-transport-security: max-age=31536000; includeSubDomains; preload x-content-type-options: nosniff x-frame-options: SAMEORIGIN cf-cache-status: HIT accept-ranges: bytes server: cloudflare cf-ray: 8754cda10d3056b9-OSL alt-svc: h3=":443"; ma=86400

	perception-point.io/wp-content/plugins/rate-my-post/public/css/fonts/ratemypost.ttf	141.193.213.21	200 OK	4.8 kB
URL GET HTTP/3 perception-point.io/wp-content/plugins/rate-my-post/public/css/fonts/ratemypost.ttf IP 141.193.213.21:443 ASN #209242 Cloudflare London, LLC Requested by https://perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ Certificate IssuerCloudflare, Inc. Subjectperception-point.io Fingerprint8D:6C:C5:DD:B0:57:A1:90:FE:AC:E1:7F:D1:08:5E:D6:A5:A2:08:C5 ValidityWed, 30 Aug 2023 00:00:00 GMT - Wed, 28 Aug 2024 23:59:59 GMT File type TrueType Font data, 11 tables, 1st "OS/2", 14 names, Macintosh, type 1 string, ratemypost Size 4.8 kB (4824 bytes) Hash 5772d7b0d9851e23e062eafadaf7729f c774ae6a5da5dd14342db3281735dc2812da1d3d 40d4cb30d26c1301383bc7445dd80bf4e3279374d2ff74c771aa4c3db182358f HTTP Headers GET /wp-content/plugins/rate-my-post/public/css/fonts/ratemypost.ttf HTTP/1.1 Host: perception-point.io User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ DNT: 1 Connection: keep-alive Cookie: __cf_bm=3w6eJK6JQDGl3UJh1j1cCaAFRAXGMfsZG7mhffbeSyc-1713277091-1.0.1.1-Bp6QZAW1pjir6rfDa01FUyDzgf0MykguptdYkqMflnXcNpgV8qAgSdxQ7exkCXlSPdz23tvqkM4tRbAavrTSPA Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 200 OK date: Tue, 16 Apr 2024 14:18:12 GMT content-type: application/octet-stream content-length: 4824 last-modified: Sun, 24 Mar 2024 07:41:38 GMT etag: "65ffd932-12d8" cache-control: public, max-age=31536000 vary: Accept-Encoding access-control-allow-origin: * permissions-policy: geolocation=self strict-transport-security: max-age=31536000; includeSubDomains; preload x-content-type-options: nosniff x-frame-options: SAMEORIGIN cf-cache-status: HIT accept-ranges: bytes server: cloudflare cf-ray: 8754cda10d2d56b9-OSL alt-svc: h3=":443"; ma=86400

	perception-point.io/wp-content/uploads/2020/03/lineto-circular-black.woff2	141.193.213.21	200 OK	36 kB
URL GET HTTP/3 perception-point.io/wp-content/uploads/2020/03/lineto-circular-black.woff2 IP 141.193.213.21:443 ASN #209242 Cloudflare London, LLC Requested by https://perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ Certificate IssuerCloudflare, Inc. Subjectperception-point.io Fingerprint8D:6C:C5:DD:B0:57:A1:90:FE:AC:E1:7F:D1:08:5E:D6:A5:A2:08:C5 ValidityWed, 30 Aug 2023 00:00:00 GMT - Wed, 28 Aug 2024 23:59:59 GMT File type Web Open Font Format (Version 2), TrueType, length 35512, version 0.0 Size 36 kB (35512 bytes) Hash 44e65ad5464db028c282f3e79cd6441e db6d310c4c7e5538bc7e628e0f1232c7b2663945 a8002849ea799a4dcf1be0b1abe0f010991cbae508f24f62e9ee0262590197eb HTTP Headers GET /wp-content/uploads/2020/03/lineto-circular-black.woff2 HTTP/1.1 Host: perception-point.io User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ DNT: 1 Connection: keep-alive Cookie: __cf_bm=3w6eJK6JQDGl3UJh1j1cCaAFRAXGMfsZG7mhffbeSyc-1713277091-1.0.1.1-Bp6QZAW1pjir6rfDa01FUyDzgf0MykguptdYkqMflnXcNpgV8qAgSdxQ7exkCXlSPdz23tvqkM4tRbAavrTSPA Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 200 OK date: Tue, 16 Apr 2024 14:18:12 GMT content-type: font/woff2 content-length: 35512 last-modified: Tue, 25 Apr 2023 14:13:13 GMT etag: "6447dff9-8ab8" cache-control: public, max-age=31536000 vary: Accept-Encoding access-control-allow-origin: * permissions-policy: geolocation=self strict-transport-security: max-age=31536000; includeSubDomains; preload x-content-type-options: nosniff x-frame-options: SAMEORIGIN cf-cache-status: HIT accept-ranges: bytes server: cloudflare cf-ray: 8754cda10d3f56b9-OSL alt-svc: h3=":443"; ma=86400

	perception-point.io/wp-content/axe-web-blocks/perception-point/header-pp/templates/images/search-icon.png	141.193.213.21	200 OK	374 B
URL GET HTTP/3 perception-point.io/wp-content/axe-web-blocks/perception-point/header-pp/templates/images/search-icon.png IP 141.193.213.21:443 ASN #209242 Cloudflare London, LLC Requested by https://perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ Certificate IssuerCloudflare, Inc. Subjectperception-point.io Fingerprint8D:6C:C5:DD:B0:57:A1:90:FE:AC:E1:7F:D1:08:5E:D6:A5:A2:08:C5 ValidityWed, 30 Aug 2023 00:00:00 GMT - Wed, 28 Aug 2024 23:59:59 GMT File type RIFF (little-endian) data, Web/P image Size 374 B (374 bytes) Hash 1982cf6b80f00df06900f775623c27b7 949b172cae7f5659399dc166c89cdf1b76083011 daff235c7c86d88d8ab32e0a6664b796d9d3c730519ed7470dd3d9d21e07f922 HTTP Headers GET /wp-content/axe-web-blocks/perception-point/header-pp/templates/images/search-icon.png HTTP/1.1 Host: perception-point.io User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ DNT: 1 Connection: keep-alive Cookie: __cf_bm=3w6eJK6JQDGl3UJh1j1cCaAFRAXGMfsZG7mhffbeSyc-1713277091-1.0.1.1-Bp6QZAW1pjir6rfDa01FUyDzgf0MykguptdYkqMflnXcNpgV8qAgSdxQ7exkCXlSPdz23tvqkM4tRbAavrTSPA Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 200 OK date: Tue, 16 Apr 2024 14:18:12 GMT content-type: image/webp content-length: 374 last-modified: Sun, 31 Dec 2023 11:47:22 GMT etag: "659154ca-176" expires: Thu, 27 Feb 2025 10:20:38 GMT cache-control: max-age=31536000 vary: Accept, Accept-Encoding permissions-policy: geolocation=self strict-transport-security: max-age=31536000; includeSubDomains; preload x-content-type-options: nosniff x-frame-options: SAMEORIGIN cf-cache-status: HIT age: 1192006 accept-ranges: bytes server: cloudflare cf-ray: 8754cda1ae2556b9-OSL alt-svc: h3=":443"; ma=86400

	perception-point.io/wp-content/uploads/2020/03/lineto-circular-book.woff2	141.193.213.21	200 OK	31 kB
URL GET HTTP/3 perception-point.io/wp-content/uploads/2020/03/lineto-circular-book.woff2 IP 141.193.213.21:443 ASN #209242 Cloudflare London, LLC Requested by https://perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ Certificate IssuerCloudflare, Inc. Subjectperception-point.io Fingerprint8D:6C:C5:DD:B0:57:A1:90:FE:AC:E1:7F:D1:08:5E:D6:A5:A2:08:C5 ValidityWed, 30 Aug 2023 00:00:00 GMT - Wed, 28 Aug 2024 23:59:59 GMT File type Web Open Font Format (Version 2), TrueType, length 31348, version 0.0 Size 31 kB (31348 bytes) Hash 31ecf4807ac55a882fc8fd7c6e07d6f9 229d886e2db50b5092b3aeff0b37d43930b53743 2482d39f8d8a1045efc613b32102fdb5cb9a1b6ff291397b62d852a0b0ee648f HTTP Headers GET /wp-content/uploads/2020/03/lineto-circular-book.woff2 HTTP/1.1 Host: perception-point.io User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: application/font-woff2;q=1.0,application/font-woff;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ DNT: 1 Connection: keep-alive Cookie: __cf_bm=3w6eJK6JQDGl3UJh1j1cCaAFRAXGMfsZG7mhffbeSyc-1713277091-1.0.1.1-Bp6QZAW1pjir6rfDa01FUyDzgf0MykguptdYkqMflnXcNpgV8qAgSdxQ7exkCXlSPdz23tvqkM4tRbAavrTSPA Sec-Fetch-Dest: font Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 200 OK date: Tue, 16 Apr 2024 14:18:12 GMT content-type: font/woff2 content-length: 31348 last-modified: Tue, 25 Apr 2023 14:13:13 GMT etag: "6447dff9-7a74" cache-control: public, max-age=31536000 vary: Accept-Encoding access-control-allow-origin: * permissions-policy: geolocation=self strict-transport-security: max-age=31536000; includeSubDomains; preload x-content-type-options: nosniff x-frame-options: SAMEORIGIN cf-cache-status: MISS accept-ranges: bytes server: cloudflare cf-ray: 8754cda11d4356b9-OSL alt-svc: h3=":443"; ma=86400

	perception-point.io/wp-content/axe-web-blocks/perception-point/footer/templates/images/footer-lines.svg	141.193.213.21	200 OK	1.5 kB
URL GET HTTP/3 perception-point.io/wp-content/axe-web-blocks/perception-point/footer/templates/images/footer-lines.svg IP 141.193.213.21:443 ASN #209242 Cloudflare London, LLC Requested by https://perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ Certificate IssuerCloudflare, Inc. Subjectperception-point.io Fingerprint8D:6C:C5:DD:B0:57:A1:90:FE:AC:E1:7F:D1:08:5E:D6:A5:A2:08:C5 ValidityWed, 30 Aug 2023 00:00:00 GMT - Wed, 28 Aug 2024 23:59:59 GMT File type SVG Scalable Vector Graphics image Size 1.5 kB (1540 bytes) Hash 2490a427afd155c0e301369a369eeb4b f409e20e77b7828e685f7b8c75b3617f801a7dc2 c97032e475783c4af9f0ebf51d48825015afa765609d65e43c3a4572414ff0b4 HTTP Headers GET /wp-content/axe-web-blocks/perception-point/footer/templates/images/footer-lines.svg HTTP/1.1 Host: perception-point.io User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ DNT: 1 Connection: keep-alive Cookie: __cf_bm=3w6eJK6JQDGl3UJh1j1cCaAFRAXGMfsZG7mhffbeSyc-1713277091-1.0.1.1-Bp6QZAW1pjir6rfDa01FUyDzgf0MykguptdYkqMflnXcNpgV8qAgSdxQ7exkCXlSPdz23tvqkM4tRbAavrTSPA Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/3 200 OK date: Tue, 16 Apr 2024 14:18:12 GMT content-type: image/svg+xml vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding last-modified: Mon, 08 May 2023 14:02:58 GMT etag: W/"64590112-6df" cache-control: public, max-age=31536000 access-control-allow-origin: * permissions-policy: geolocation=self strict-transport-security: max-age=31536000; includeSubDomains; preload x-content-type-options: nosniff x-frame-options: SAMEORIGIN cf-cache-status: HIT age: 4160922 server: cloudflare cf-ray: 8754cda1ae3c56b9-OSL content-encoding: br alt-svc: h3=":443"; ma=86400

	perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/	141.193.213.21	200 OK	66 kB
URL User Request GET HTTP/2 perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ IP 141.193.213.21:443 ASN #209242 Cloudflare London, LLC Certificate IssuerCloudflare, Inc. Subjectperception-point.io Fingerprint8D:6C:C5:DD:B0:57:A1:90:FE:AC:E1:7F:D1:08:5E:D6:A5:A2:08:C5 ValidityWed, 30 Aug 2023 00:00:00 GMT - Wed, 28 Aug 2024 23:59:59 GMT File type HTML document, ASCII text, with very long lines (53889) Size 66 kB (66248 bytes) Hash 1428f47cbe36b305c1e15704d2dd308f 0e3b01a1db7580f9b413180e0d92191f027b81f8 7462e2d2982a9c1f17361663d18c09489d21c9773b4570400ab109cac8575bf4 HTTP Headers GET /blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ HTTP/1.1 Host: perception-point.io User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://www.google.com/ DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Tue, 16 Apr 2024 14:18:11 GMT content-type: text/html; charset=UTF-8 vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding,Cookie x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block content-security-policy: frame-ancestors 'self'; object-src 'none'; referrer-policy: no-referrer-when-downgrade permissions-policy: geolocation=self strict-transport-security: max-age=31536000; includeSubDomains; preload link: <https://perception-point.io/wp-json/>; rel="https://api.w.org/", <https://perception-point.io/wp-json/wp/v2/posts/34935>; rel="alternate"; type="application/json" x-cacheable: SHORT cache-control: max-age=600, must-revalidate x-cache: MISS x-cache-group: normal cf-cache-status: DYNAMIC set-cookie: __cf_bm=3w6eJK6JQDGl3UJh1j1cCaAFRAXGMfsZG7mhffbeSyc-1713277091-1.0.1.1-Bp6QZAW1pjir6rfDa01FUyDzgf0MykguptdYkqMflnXcNpgV8qAgSdxQ7exkCXlSPdz23tvqkM4tRbAavrTSPA; path=/; expires=Tue, 16-Apr-24 14:48:11 GMT; domain=.perception-point.io; HttpOnly; Secure; SameSite=None server: cloudflare cf-ray: 8754cd8e1d6256a2-OSL content-encoding: br alt-svc: h3=":443"; ma=86400 X-Firefox-Spdy: h2

	perception-point.io/wp-content/uploads/2023/02/perception-point-logo-min-300x113.png.webp	141.193.213.21	200 OK	5.3 kB
URL GET HTTP/3 perception-point.io/wp-content/uploads/2023/02/perception-point-logo-min-300x113.png.webp IP 141.193.213.21:443 ASN #209242 Cloudflare London, LLC Requested by https://perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ Certificate IssuerCloudflare, Inc. Subjectperception-point.io Fingerprint8D:6C:C5:DD:B0:57:A1:90:FE:AC:E1:7F:D1:08:5E:D6:A5:A2:08:C5 ValidityWed, 30 Aug 2023 00:00:00 GMT - Wed, 28 Aug 2024 23:59:59 GMT File type RIFF (little-endian) data, Web/P image Size 5.3 kB (5306 bytes) Hash 13a8d1bed28a93ef32e0d8605fbacf8e 922479b14002596a5741ad693aa0293aa7fd3ca6 c40318e0191d62523827f1c453723e0865461d6de426a1d48ca16a6e80fed824 HTTP Headers GET /wp-content/uploads/2023/02/perception-point-logo-min-300x113.png.webp HTTP/1.1 Host: perception-point.io User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ DNT: 1 Connection: keep-alive Cookie: __cf_bm=3w6eJK6JQDGl3UJh1j1cCaAFRAXGMfsZG7mhffbeSyc-1713277091-1.0.1.1-Bp6QZAW1pjir6rfDa01FUyDzgf0MykguptdYkqMflnXcNpgV8qAgSdxQ7exkCXlSPdz23tvqkM4tRbAavrTSPA Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache TE: trailers `HTTP/3 200 OK date: Tue, 16 Apr 2024 14:18:12 GMT content-type: image/webp content-length: 5306 last-modified: Tue, 25 Apr 2023 14:13:13 GMT etag: "6447dff9-14ba" permissions-policy: geolocation=self strict-transport-security: max-age=31536000; includeSubDomains; preload x-content-type-options: nosniff x-frame-options: SAMEORIGIN cf-cache-status: HIT accept-ranges: bytes vary: Accept-Encoding server: cloudflare cf-ray: 8754cda3084256b9-OSL alt-svc: h3=":443"; ma=86400`

	perception-point.io/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/lazyload.min.js	141.193.213.21	200 OK	8.9 kB
URL GET HTTP/3 perception-point.io/wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/lazyload.min.js IP 141.193.213.21:443 ASN #209242 Cloudflare London, LLC Requested by https://perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ Certificate IssuerCloudflare, Inc. Subjectperception-point.io Fingerprint8D:6C:C5:DD:B0:57:A1:90:FE:AC:E1:7F:D1:08:5E:D6:A5:A2:08:C5 ValidityWed, 30 Aug 2023 00:00:00 GMT - Wed, 28 Aug 2024 23:59:59 GMT File type JavaScript source, ASCII text, with very long lines (9056), with no line terminators Size 8.9 kB (8892 bytes) Hash 797c2156a7211100e9aceff7365be7a4 b70b89caf8cc05c7cbef1077e06994085331c5cc 812cdb2da5fee86d2f5a423fb5010af68f20c594f081b40f3b7f0050736e9ea8 HTTP Headers GET /wp-content/plugins/wp-rocket/assets/js/lazyload/17.8.3/lazyload.min.js HTTP/1.1 Host: perception-point.io User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ DNT: 1 Connection: keep-alive Cookie: __cf_bm=3w6eJK6JQDGl3UJh1j1cCaAFRAXGMfsZG7mhffbeSyc-1713277091-1.0.1.1-Bp6QZAW1pjir6rfDa01FUyDzgf0MykguptdYkqMflnXcNpgV8qAgSdxQ7exkCXlSPdz23tvqkM4tRbAavrTSPA Sec-Fetch-Dest: script Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/3 200 OK date: Tue, 16 Apr 2024 14:18:12 GMT content-type: application/javascript vary: Accept-Encoding, Accept-Encoding, Accept-Encoding, Accept-Encoding last-modified: Tue, 06 Feb 2024 10:42:43 GMT etag: W/"65c20d23-22bc" cache-control: public, max-age=31536000 access-control-allow-origin: * permissions-policy: geolocation=self strict-transport-security: max-age=31536000; includeSubDomains; preload x-content-type-options: nosniff x-frame-options: SAMEORIGIN cf-cache-status: HIT age: 1233430 server: cloudflare cf-ray: 8754cda11d4856b9-OSL content-encoding: br alt-svc: h3=":443"; ma=86400

	perception-point.io/wp-content/uploads/2020/03/cropped-favicon-1-192x192.png	141.193.213.21	200 OK	1.1 kB
URL GET HTTP/3 perception-point.io/wp-content/uploads/2020/03/cropped-favicon-1-192x192.png IP 141.193.213.21:443 ASN #209242 Cloudflare London, LLC Requested by https://perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ Certificate IssuerCloudflare, Inc. Subjectperception-point.io Fingerprint8D:6C:C5:DD:B0:57:A1:90:FE:AC:E1:7F:D1:08:5E:D6:A5:A2:08:C5 ValidityWed, 30 Aug 2023 00:00:00 GMT - Wed, 28 Aug 2024 23:59:59 GMT File type RIFF (little-endian) data, Web/P image Size 1.1 kB (1054 bytes) Hash 5fd9228213ebfef552c22e8576d17a7a 289dfbff43019ef73031b90fa54adb006a5a1147 30f210a3736467a891048d6f92e8c411e699ca1222e314d7f2387567bca8e704 HTTP Headers GET /wp-content/uploads/2020/03/cropped-favicon-1-192x192.png HTTP/1.1 Host: perception-point.io User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ DNT: 1 Connection: keep-alive Cookie: __cf_bm=3w6eJK6JQDGl3UJh1j1cCaAFRAXGMfsZG7mhffbeSyc-1713277091-1.0.1.1-Bp6QZAW1pjir6rfDa01FUyDzgf0MykguptdYkqMflnXcNpgV8qAgSdxQ7exkCXlSPdz23tvqkM4tRbAavrTSPA Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/3 200 OK date: Tue, 16 Apr 2024 14:18:12 GMT content-type: image/webp content-length: 1054 last-modified: Tue, 25 Apr 2023 14:13:13 GMT etag: "6447dff9-41e" expires: Fri, 04 Apr 2025 08:18:59 GMT cache-control: max-age=31536000 vary: Accept, Accept-Encoding permissions-policy: geolocation=self strict-transport-security: max-age=31536000; includeSubDomains; preload x-content-type-options: nosniff x-frame-options: SAMEORIGIN cf-cache-status: HIT age: 347400 accept-ranges: bytes server: cloudflare cf-ray: 8754cda2af9b56b9-OSL alt-svc: h3=":443"; ma=86400

	perception-point.io/wp-content/uploads/2020/03/cropped-favicon-1-32x32.png	141.193.213.21	200 OK	244 B
URL GET HTTP/3 perception-point.io/wp-content/uploads/2020/03/cropped-favicon-1-32x32.png IP 141.193.213.21:443 ASN #209242 Cloudflare London, LLC Requested by https://perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ Certificate IssuerCloudflare, Inc. Subjectperception-point.io Fingerprint8D:6C:C5:DD:B0:57:A1:90:FE:AC:E1:7F:D1:08:5E:D6:A5:A2:08:C5 ValidityWed, 30 Aug 2023 00:00:00 GMT - Wed, 28 Aug 2024 23:59:59 GMT File type RIFF (little-endian) data, Web/P image Size 244 B (244 bytes) Hash 742a3637bf5f5c81ebea6633abe9c9e9 7e1be8d82dafc39d4962a788641e873d9ab74124 a9e2c483ed520c3c2713d2bce0bfbd8cc360258de4fdc40cb3679cbc9cd969a7 HTTP Headers GET /wp-content/uploads/2020/03/cropped-favicon-1-32x32.png HTTP/1.1 Host: perception-point.io User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0 Accept: image/avif,image/webp,/ Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br Referer: https://perception-point.io/blog/operation-phantomblu-new-and-evasive-method-delivers-netsupport-rat/ DNT: 1 Connection: keep-alive Cookie: __cf_bm=3w6eJK6JQDGl3UJh1j1cCaAFRAXGMfsZG7mhffbeSyc-1713277091-1.0.1.1-Bp6QZAW1pjir6rfDa01FUyDzgf0MykguptdYkqMflnXcNpgV8qAgSdxQ7exkCXlSPdz23tvqkM4tRbAavrTSPA Sec-Fetch-Dest: image Sec-Fetch-Mode: no-cors Sec-Fetch-Site: same-origin Pragma: no-cache Cache-Control: no-cache HTTP/3 200 OK date: Tue, 16 Apr 2024 14:18:12 GMT content-type: image/webp content-length: 244 last-modified: Tue, 25 Apr 2023 14:13:13 GMT etag: "6447dff9-f4" expires: Tue, 01 Apr 2025 14:37:19 GMT cache-control: max-age=31536000 vary: Accept, Accept-Encoding permissions-policy: geolocation=self strict-transport-security: max-age=31536000; includeSubDomains; preload x-content-type-options: nosniff x-frame-options: SAMEORIGIN cf-cache-status: HIT age: 1233428 accept-ranges: bytes server: cloudflare cf-ray: 8754cda2af9d56b9-OSL alt-svc: h3=":443"; ma=86400

Report Overview

Submitted URL

IP

ASN

Submitted

Access

Website Title

Final URL

Tags

urlquery detections

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Domain Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

mnemonic secure dns

Quad9 DNS

ThreatFox

JavaScript (12)

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML

Observations

Hash

URL

IP

ASN

Introduced by

Embedded in HTML