URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Submission: On October 14 via api from CH

Summary

This website contacted 45 IPs in 7 countries across 40 domains to perform 106 HTTP transactions.
The main IP is 104.24.117.125, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is www.sentinelone.com.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on February 11th 2019. Valid for: a year.
This is the first time this domain was scanned on urlscan.io!

Verdict: Unknown

Domain & IP information

IP Address AS Autonomous System
1 50 104.24.117.125 13335 (CLOUDFLAR...)
2 13.224.196.120 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:9000:20e... 16509 (AMAZON-02)
1 2600:9000:215... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
5 2a00:1450:400... 15169 (GOOGLE)
2 54.76.21.188 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 2 2a00:1450:400... 15169 (GOOGLE)
1 172.217.22.98 15169 (GOOGLE)
2 2620:1ec:c11:... 8068 (MICROSOFT...)
1 151.101.112.65 54113 (FASTLY)
2 2a03:2880:f01... 32934 (FACEBOOK)
2 104.111.251.133 16625 (AKAMAI-AS)
1 13.224.196.66 16509 (AMAZON-02)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 151.101.113.2 54113 (FASTLY)
1 151.101.12.157 54113 (FASTLY)
1 151.101.113.140 54113 (FASTLY)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2 2a05:f500:10:... 14413 (LINKEDIN)
1 1 2620:119:50e4... 14413 (LINKEDIN)
1 2600:9000:20e... 16509 (AMAZON-02)
1 52.205.225.15 14618 (AMAZON-AES)
6 9 34.243.182.172 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 3.223.137.124 14618 (AMAZON-AES)
1 3.223.182.220 14618 (AMAZON-AES)
1 104.244.42.197 13414 (TWITTER)
1 192.28.144.124 15224 (OMNITURE)
1 2 3.120.46.255 16509 (AMAZON-02)
1 52.56.51.220 16509 (AMAZON-02)
2 2a03:2880:f11... 32934 (FACEBOOK)
2 104.244.42.3 13414 (TWITTER)
1 2a00:1288:110... 34010 (YAHOO-IRD)
1 2 34.95.120.147 15169 (GOOGLE)
1 69.173.144.136 26667 (RUBICONPR...)
1 1 172.217.22.2 15169 (GOOGLE)
1 2 37.252.172.249 29990 (ASN-APPNEXUS)
1 104.16.93.80 13335 (CLOUDFLAR...)
1 151.101.114.110 54113 (FASTLY)
1 162.247.242.18 23467 (NEWRELIC-...)
106 45
Domain
Subdomains
Transfer
50 sentinelone.com
3 MB
9 prfct.co
4 KB
5 gstatic.com
41 KB
4 sharethis.com
29 KB
3 linkedin.com
2 KB
3 doubleclick.net
2 KB
2 adnxs.com
2 KB
2 openx.net
474 B
2 twitter.com
926 B
2 facebook.com
249 B
2 google.de
219 B
2 google.com
309 B
2 quora.com
4 KB
2 marketo.net
6 KB
2 facebook.net
88 KB
2 bing.com
8 KB
2 google-analytics.com
18 KB
2 tvsquared.com
9 KB
2 maxmind.com
3 KB
2 lookbookhq.com
2 KB
1 nr-data.net
261 B
1 newrelic.com
9 KB
1 marketo.com
58 KB
1 rubiconproject.com
239 B
1 yahoo.com
0 B
1 clearbit.com
1 KB
1 mktoresp.com
303 B
1 t.co
448 B
1 reddit.com
316 B
1 consensu.org
0 B
1 redditstatic.com
5 KB
1 ads-twitter.com
2 KB
1 licdn.com
2 KB
1 brightfunnel.com
7 KB
1 marinsm.com
4 KB
1 googleadservices.com
10 KB
1 googletagmanager.com
37 KB
1 fonts.googleapis.com
1 KB
1 d12ee1u74lotna.cloudfront.net
456 B
1 onesignal.com
3 KB
106 40
Domain Requested by
44 www.sentinelone.com 1 redirects www.sentinelone.com
munchkin.brightfunnel.com
9 pixel-geo.prfct.co 6 redirects www.sentinelone.com
6 go.sentinelone.com www.sentinelone.com
go.sentinelone.com
5 fonts.gstatic.com go.sentinelone.com
www.sentinelone.com
2 secure.adnxs.com 1 redirects www.sentinelone.com
2 us-u.openx.net 1 redirects www.sentinelone.com
2 analytics.twitter.com www.sentinelone.com
static.ads-twitter.com
2 www.facebook.com www.sentinelone.com
connect.facebook.net
2 l.sharethis.com 1 redirects www.sentinelone.com
2 px.ads.linkedin.com 1 redirects www.sentinelone.com
2 www.google.de www.sentinelone.com
2 www.google.com 1 redirects www.sentinelone.com
2 munchkin.marketo.net www.sentinelone.com
munchkin.marketo.net
2 connect.facebook.net www.sentinelone.com
connect.facebook.net
2 bat.bing.com www.googletagmanager.com
www.sentinelone.com
2 www.google-analytics.com 1 redirects www.googletagmanager.com
2 collector-5527.tvsquared.com www.sentinelone.com
2 app.cdn.lookbookhq.com www.sentinelone.com
1 bam.nr-data.net js-agent.newrelic.com
1 js-agent.newrelic.com www.sentinelone.com
1 app-ab14.marketo.com go.sentinelone.com
1 cm.g.doubleclick.net 1 redirects
1 pixel.rubiconproject.com www.sentinelone.com
1 ads.yahoo.com www.sentinelone.com
1 ga.clearbit.com www.googletagmanager.com
1 327-mnm-087.mktoresp.com munchkin.marketo.net
1 t.co www.sentinelone.com
1 alb.reddit.com www.sentinelone.com
1 q.quora.com www.sentinelone.com
1 googleads.g.doubleclick.net www.googleadservices.com
1 count-server.sharethis.com platform-api.sharethis.com
1 c.sharethis.mgr.consensu.org platform-api.sharethis.com
1 www.linkedin.com 1 redirects
1 geoip-js.maxmind.com js.maxmind.com
1 stats.g.doubleclick.net 1 redirects
1 www.redditstatic.com www.sentinelone.com
1 static.ads-twitter.com www.sentinelone.com
1 a.quora.com www.sentinelone.com
1 snap.licdn.com www.sentinelone.com
1 munchkin.brightfunnel.com www.sentinelone.com
1 tag.marinsm.com www.sentinelone.com
1 www.googleadservices.com www.googletagmanager.com
1 www.googletagmanager.com www.sentinelone.com
1 fonts.googleapis.com www.sentinelone.com
1 platform-api.sharethis.com www.sentinelone.com
1 d12ee1u74lotna.cloudfront.net www.sentinelone.com
1 cdn.onesignal.com www.sentinelone.com
1 js.maxmind.com www.sentinelone.com
106 48
Subject / Issuer Validity Valid
sentinelone.com
CloudFlare Inc ECC CA-2
2019-02-11 -
2020-02-11
a year
cdn.lookbookhq.com
Amazon
2019-01-03 -
2020-02-03
a year
*.maxmind.com
COMODO RSA Organization Validation Secure Server CA
2018-10-15 -
2020-11-06
2 years
ssl898578.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2
2019-10-11 -
2020-04-18
6 months
*.cloudfront.net
DigiCert Global CA G2
2019-07-17 -
2020-07-05
a year
*.sharethis.com
Go Daddy Secure Certificate Authority - G2
2017-09-26 -
2020-09-29
3 years
*.googleapis.com
GTS CA 1O1
2019-10-03 -
2019-12-26
3 months
*.google.com
GTS CA 1O1
2019-09-17 -
2019-12-10
3 months
*.tvsquared.com
COMODO RSA Domain Validation Secure Server CA
2018-10-23 -
2020-10-22
2 years
*.google-analytics.com
GTS CA 1O1
2019-09-17 -
2019-12-10
3 months
www.googleadservices.com
GTS CA 1O1
2019-10-03 -
2019-12-26
3 months
www.bing.com
Microsoft IT TLS CA 2
2019-04-30 -
2021-04-30
2 years
g.ssl.fastly.net
GlobalSign Organization Validation CA - SHA256 - G2
2019-09-23 -
2020-09-23
a year
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2019-09-22 -
2019-12-20
3 months
*.marketo.net
DigiCert SHA2 Secure Server CA
2018-12-24 -
2020-03-24
a year
*.brightfunnel.com
Amazon
2019-05-11 -
2020-06-11
a year
*.licdn.com
DigiCert SHA2 Secure Server CA
2019-04-01 -
2021-05-07
2 years
quora.com
Let's Encrypt Authority X3
2019-09-27 -
2019-12-26
3 months
ads-twitter.com
DigiCert SHA2 High Assurance Server CA
2019-08-14 -
2020-08-18
a year
*.reddit.com
DigiCert SHA2 Secure Server CA
2018-08-17 -
2020-09-02
2 years
www.google.de
GTS CA 1O1
2019-09-17 -
2019-12-10
3 months
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA
2019-05-29 -
2021-06-29
2 years
*.sharethis.mgr.consensu.org
Go Daddy Secure Certificate Authority - G2
2018-05-21 -
2020-05-21
2 years
*.prfct.co
DigiCert SHA2 Secure Server CA
2019-09-03 -
2021-10-27
2 years
*.g.doubleclick.net
GTS CA 1O1
2019-09-17 -
2019-12-10
3 months
*.quora.com
Let's Encrypt Authority X3
2019-09-30 -
2019-12-29
3 months
alb.reddit.com
Amazon
2019-05-20 -
2020-06-20
a year
t.co
DigiCert SHA2 High Assurance Server CA
2019-04-09 -
2020-04-01
a year
www.google.com
GTS CA 1O1
2019-10-03 -
2019-12-26
3 months
*.mktoresp.com
GeoTrust RSA CA 2018
2018-02-05 -
2020-02-05
2 years
clearbit.com
Amazon
2018-11-21 -
2019-12-21
a year
*.twitter.com
DigiCert SHA2 High Assurance Server CA
2019-04-09 -
2020-04-01
a year
*.ads.yahoo.com
DigiCert SHA2 High Assurance Server CA
2019-06-27 -
2019-12-24
6 months
*.openx.net
GeoTrust RSA CA 2018
2018-01-04 -
2020-07-09
3 years
*.rubiconproject.com
DigiCert SHA2 Secure Server CA
2019-01-10 -
2021-01-14
2 years
*.adnxs.com
DigiCert ECC Secure Server CA
2019-01-23 -
2021-03-08
2 years
app-ab14.marketo.com
CloudFlare Inc ECC CA-2
2019-02-22 -
2020-02-22
a year
f4.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3
2019-04-10 -
2020-03-21
a year
*.nr-data.net
GeoTrust RSA CA 2018
2018-01-11 -
2020-03-17
2 years

Screenshot


Detected technologies

Web
Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i

Web
Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i

Web
Overall confidence: 100%
Detected patterns
  • headers link /rel="https:\/\/api\.w\.org\/"/i

Web
Overall confidence: 100%
Detected patterns
  • headers via /varnish(?: \(Varnish\/([\d.]+)\))?/i

Web
Overall confidence: 100%
Detected patterns
  • headers server /^cloudflare$/i

Web
Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Web
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i


Stats

0
Requests

0
Ad-blocked

0
Malicious

0 %
HTTPS

0 %
IPv6

0
Domains

0
Subdomains

0
IPs

0
Countries

0 kB
Transfer

0 kB
Size

0
Cookies

106 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
/
/blog/detecting-macos-gmera-malware-through-behavioral-inspection
Redirect Chain
  • https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection
  • https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
73 KB
20 KB
Document
General
Full URL
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d38b213ea2ee809f7fd05a2035947580147718e945658eed470703677513915b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' http://yourcompany.lookbookhq.com https://yourcompany.lookbookhq.com http://yourcompany.pathfactory.com https://yourcompany.pathfactory.com;
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff
X-Frame-Options ALLOW-FROM https://sentinelone.pathfactory.com
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.sentinelone.com
:scheme
https
:path
/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode
navigate
sec-fetch-user
?1
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
none
accept-encoding
gzip, deflate, br
cookie
__cfduid=dfc022ac42550c340f91c7fa609900fa41571071768
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1

Response headers

status
200
date
Mon, 14 Oct 2019 16:49:29 GMT
content-type
text/html; charset=UTF-8
cache-control
public, max-age=600
content-security-policy
frame-ancestors 'self' http://yourcompany.lookbookhq.com https://yourcompany.lookbookhq.com http://yourcompany.pathfactory.com https://yourcompany.pathfactory.com;
expect-ct
enforce; max-age=2592000;
link
<https://www.sentinelone.com/wp-json/>; rel="https://api.w.org/" <https://www.sentinelone.com/?p=22871>; rel=shortlink
referrer-policy
origin-when-cross-origin
strict-transport-security
max-age=300
x-content-type-options
nosniff
x-frame-options
ALLOW-FROM https://sentinelone.pathfactory.com
x-pantheon-styx-hostname
styx-fe4-9b9c45564-jcn77
x-pingback
https://www.sentinelone.com/xmlrpc.php
x-styx-req-id
968b5826-eea2-11e9-a15d-fe922eee6103
x-xss-protection
1; mode=block
x-served-by
cache-mdw17371-MDW, cache-ams21036-AMS
x-cache
MISS, MISS
x-cache-hits
0, 0
x-timer
S1571071769.875193,VS0,VE983
vary
Accept-Encoding, Cookie, Cookie
age
0
via
1.1 varnish
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
525b0bfb78459c69-AMS
content-encoding
br

Redirect headers

status
301
date
Mon, 14 Oct 2019 16:49:28 GMT
content-type
text/html; charset=UTF-8
set-cookie
__cfduid=dfc022ac42550c340f91c7fa609900fa41571071768; expires=Tue, 13-Oct-20 16:49:28 GMT; path=/; domain=.sentinelone.com; HttpOnly; Secure
cache-control
no-cache, must-revalidate, max-age=0
content-security-policy
frame-ancestors 'self' http://yourcompany.lookbookhq.com https://yourcompany.lookbookhq.com http://yourcompany.pathfactory.com https://yourcompany.pathfactory.com;
expect-ct
enforce; max-age=2592000;
expires
Wed, 11 Jan 1984 05:00:00 GMT
location
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
referrer-policy
origin-when-cross-origin
strict-transport-security
max-age=300
x-content-type-options
nosniff
x-frame-options
ALLOW-FROM https://sentinelone.pathfactory.com
x-pantheon-styx-hostname
styx-fe4-a-7589bc57f6-7qzfr
x-pingback
https://www.sentinelone.com/xmlrpc.php
x-redirect-by
WordPress
x-styx-req-id
9644cd01-eea2-11e9-9aa9-3a17cb1d351c
x-xss-protection
1; mode=block
x-served-by
cache-mdw17378-MDW, cache-ams21036-AMS
x-cache
MISS, MISS
x-cache-hits
0, 0
x-timer
S1571071768.413212,VS0,VE437
vary
Cookie, Cookie
age
0
accept-ranges
bytes
via
1.1 varnish
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
525b0bf87bbd9c69-AMS
style.min.css?ver=ca0f6f836087d310c8d70cd2c91f2976
/wp-includes/css/dist/block-library
29 KB
5 KB
Stylesheet
General
Full URL
https://www.sentinelone.com/wp-includes/css/dist/block-library/style.min.css?ver=ca0f6f836087d310c8d70cd2c91f2976
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
4b8fe5c3d0e5ef7a6582185cbf5c535b5d369c8df1da98c03ed69833e55f474d

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:29 GMT
via
1.1 varnish
cf-cache-status
HIT
age
3320437
x-pantheon-styx-hostname
styx-fe4-a-6df8df47df-fh49k
x-cache
HIT, HIT
status
200
content-encoding
br
x-served-by
cache-mdw17330-MDW, cache-ams21034-AMS
last-modified
Fri, 06 Sep 2019 06:19:12 GMT
server
cloudflare
x-timer
S1567751333.976131,VS0,VE0
etag
W/"5d71fa60-726f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
591616ee-d06e-11e9-a03b-da1d2777ff28
expires
Wed, 14 Oct 2020 16:49:29 GMT
cache-control
public, max-age=31622400
cf-ray
525b0c01ead79c69-AMS
x-cache-hits
1, 2
amazonpolly-public.css?ver=1.0.0
/wp-content/plugins/amazon-polly/public/css
874 B
527 B
Stylesheet
General
Full URL
https://www.sentinelone.com/wp-content/plugins/amazon-polly/public/css/amazonpolly-public.css?ver=1.0.0
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d1768f0b8dcf5bf6c90a3f132bcb156c94db72fc7c830b2d63e03d6268aa12b9

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:29 GMT
via
1.1 varnish, 1.1 varnish
cf-cache-status
HIT
age
17825193
cf-polished
origSize=1047
x-pantheon-styx-hostname
styx-fe4-a-7f98dc4984-rj2dz
x-cache
HIT, HIT
status
200
cf-bgj
minify
content-encoding
br
x-served-by
cache-mdw17350-MDW, cache-ams21024-AMS
last-modified
Fri, 22 Mar 2019 09:03:07 GMT
server
cloudflare
x-timer
S1553246577.807924,VS0,VE1
etag
W/"5c94a4cb-417"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
styx-8ec0bd2da2305bdcf66fcf8ef3230b2a
expires
Wed, 14 Oct 2020 16:49:29 GMT
cache-control
public, max-age=31622400
cf-ray
525b0c01eada9c69-AMS
x-cache-hits
1, 1
frontend.min.css?ver=0.1.6
/wp-content/plugins/markdown-editor/assets/styles
5 KB
2 KB
Stylesheet
General
Full URL
https://www.sentinelone.com/wp-content/plugins/markdown-editor/assets/styles/frontend.min.css?ver=0.1.6
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2b4535d12e0813ab5903b8bc89e6c3f79f1afc82d5facdb30fa97f9f3f566d69

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:29 GMT
via
1.1 varnish
cf-cache-status
HIT
age
1587716
x-pantheon-styx-hostname
styx-fe4-5bb679569f-5sb2x
x-cache
HIT, HIT
status
200
content-encoding
br
x-served-by
cache-mdw17335-MDW, cache-ams21026-AMS
last-modified
Wed, 25 Sep 2019 04:49:34 GMT
server
cloudflare
x-timer
S1569484054.759222,VS0,VE1
etag
W/"5d8af1de-1428"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
e8f90ec1-df55-11e9-a4cb-425448b24ebd
expires
Wed, 14 Oct 2020 16:49:29 GMT
cache-control
public, max-age=31622400
cf-ray
525b0c01eadb9c69-AMS
x-cache-hits
3, 1
settings.css?ver=5.4.8.3
/wp-content/plugins/revslider/public/assets/css
30 KB
7 KB
Stylesheet
General
Full URL
https://www.sentinelone.com/wp-content/plugins/revslider/public/assets/css/settings.css?ver=5.4.8.3
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ff10a5404ba67b3b8cd958eb725c9863832d58acfe9fa7240cf1a278ec5832c1

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:29 GMT
via
1.1 varnish
cf-cache-status
HIT
age
1765037
cf-polished
origSize=39820
x-pantheon-styx-hostname
styx-fe4-a-7ffd645fbf-9wq72
x-cache
HIT, HIT
status
200
cf-bgj
minify
content-encoding
br
x-served-by
cache-mdw17343-MDW, cache-ams21038-AMS
last-modified
Sat, 21 Sep 2019 23:11:30 GMT
server
cloudflare
x-timer
S1569306732.463976,VS0,VE1
etag
W/"5d86ae22-9b8c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
64f19078-dcc7-11e9-a153-d26dddf5cc82
expires
Wed, 14 Oct 2020 16:49:29 GMT
cache-control
public, max-age=31622400
cf-ray
525b0c01eadd9c69-AMS
x-cache-hits
1, 1
overlay.css?ver=ca0f6f836087d310c8d70cd2c91f2976
app.cdn.lookbookhq.com/libraries/overlay
596 B
960 B
Stylesheet
General
Full URL
https://app.cdn.lookbookhq.com/libraries/overlay/overlay.css?ver=ca0f6f836087d310c8d70cd2c91f2976
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.224.196.120 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-224-196-120.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
07161bc89c289b1bc71c214f79cc91cc7e1637c66c4cbbe6f92d3b2971c7965c

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
SUqjeJartVa7GV7uwJ4iPvhMKYz5gDYe
via
1.1 8002c303d4f2295f77566a349deba122.cloudfront.net (CloudFront)
last-modified
Thu, 01 Jun 2017 14:24:55 GMT
server
AmazonS3
age
36616
etag
"d7a5747bc2a73f08ffd987439546b9ef"
x-cache
Hit from cloudfront
content-type
text/css
status
200
date
Mon, 14 Oct 2019 06:39:14 GMT
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
content-length
596
x-amz-cf-id
PFtIJ7naiaa605tj8zNsjU6xQzGIiBoJIWjlJmca-atfAqBkCxvsRA==
bootstrap.css?ver=ca0f6f836087d310c8d70cd2c91f2976
/wp-content/themes/sentinelone/assets/css
138 KB
19 KB
Stylesheet
General
Full URL
https://www.sentinelone.com/wp-content/themes/sentinelone/assets/css/bootstrap.css?ver=ca0f6f836087d310c8d70cd2c91f2976
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2da9ee550ed280289e127eab04a9f96873bf6454eea1374d165f8971f7608d01

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:29 GMT
via
1.1 varnish
cf-cache-status
HIT
age
1678117
x-pantheon-styx-hostname
styx-fe4-a-6fdbf67967-txqdd
x-cache
HIT, HIT
status
200
cf-bgj
minify
content-encoding
br
x-served-by
cache-mdw17331-MDW, cache-ams21029-AMS
last-modified
Wed, 25 Sep 2019 04:49:36 GMT
server
cloudflare
x-timer
S1569393653.505123,VS0,VE1
etag
W/"5d8af1e0-22682"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
x-styx-req-id
505f2c17-df50-11e9-88a9-da16bdb94407
expires
Wed, 14 Oct 2020 16:49:29 GMT
cache-control
public, max-age=31622400
cf-ray
525b0c01eadf9c69-AMS
x-cache-hits
1, 1
style.min.css?ver=1571069159
/wp-content/themes/sentinelone/assets/css
204 KB
39 KB
Stylesheet
General
Full URL
https://www.sentinelone.com/wp-content/themes/sentinelone/assets/css/style.min.css?ver=1571069159
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
17a146ace265e90803dcf36559a6ca6e0a965fe4cb1f0381b0a9022cf8b68e64
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:29 GMT
via
1.1 varnish
vary
Accept-Encoding
cf-cache-status
HIT
age
1857
x-pantheon-styx-hostname
styx-fe4-a-7589bc57f6-7qzfr
x-cache
HIT, HIT
status
200
content-encoding
br
x-served-by
cache-mdw17340-MDW, cache-ams21039-AMS
last-modified
Mon, 14 Oct 2019 16:05:59 GMT
server
cloudflare
x-timer
S1571069912.292382,VS0,VE0
etag
W/"5da49ce7-33173"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=300
content-type
text/css
x-styx-req-id
85d3f1f7-ee9c-11e9-9aa9-3a17cb1d351c
expires
Wed, 14 Oct 2020 16:49:29 GMT
cache-control
public, max-age=31622400
cf-ray
525b0c01eae19c69-AMS
x-cache-hits
1, 2
jquery.js?ver=1.12.4-wp
/wp-includes/js/jquery
95 KB
32 KB
Script
General
Full URL
https://www.sentinelone.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8c7ee0238fa5cd80a02ef9870a7fff498ef52097181cb73edb9219dc022fd919

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:29 GMT
via
1.1 varnish, 1.1 varnish
cf-cache-status
HIT
age
11980352
cf-polished
origSize=96873
x-pantheon-styx-hostname
styx-fe4-a-684bbb557d-56wmw
x-cache
HIT, HIT
status
200
cf-bgj
minify
content-encoding
br
x-served-by
cache-mdw17353-MDW, cache-ams21020-AMS
last-modified
Tue, 28 May 2019 23:08:07 GMT
server
cloudflare
x-timer
S1559091417.149777,VS0,VE1
etag
W/"5cedbf57-17a69"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
styx-565359640eacc9cfd8a7fdd75d324bfa
expires
Wed, 14 Oct 2020 16:49:29 GMT
cache-control
public, max-age=31622400
cf-ray
525b0c01eae39c69-AMS
x-cache-hits
1, 1
jquery-migrate.min.js?ver=1.4.1
/wp-includes/js/jquery
10 KB
4 KB
Script
General
Full URL
https://www.sentinelone.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:29 GMT
via
1.1 varnish
cf-cache-status
HIT
age
1352883
x-pantheon-styx-hostname
styx-fe4-a-7589bc57f6-s4qwg
x-cache
HIT, HIT
status
200
content-encoding
br
x-served-by
cache-mdw17356-MDW, cache-ams21047-AMS
last-modified
Sat, 28 Sep 2019 05:42:38 GMT
server
cloudflare
x-timer
S1569718887.986980,VS0,VE1
etag
W/"5d8ef2ce-2748"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
9fb56d08-e1d1-11e9-86cb-5260be86fc0a
expires
Wed, 14 Oct 2020 16:49:29 GMT
cache-control
public, max-age=31622400
cf-ray
525b0c01eae59c69-AMS
x-cache-hits
1, 1
amazonpolly-public.js?ver=1.0.0
/wp-content/plugins/amazon-polly/public/js
69 B
281 B
Script
General
Full URL
https://www.sentinelone.com/wp-content/plugins/amazon-polly/public/js/amazonpolly-public.js?ver=1.0.0
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
907dcba194c3ec09f867fb15a38a83d98052ab5e5f1b68016c28f3e111413c98

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:29 GMT
via
1.1 varnish
cf-cache-status
HIT
age
1589992
cf-polished
origSize=210
x-pantheon-styx-hostname
styx-fe4-5bb679569f-pr8zh
x-cache
HIT, HIT
status
200
cf-bgj
minify
content-encoding
br
x-served-by
cache-mdw17326-MDW, cache-ams21025-AMS
last-modified
Wed, 25 Sep 2019 04:49:34 GMT
server
cloudflare
x-timer
S1569481778.589061,VS0,VE0
etag
W/"5d8af1de-d2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e8f9a29e-df55-11e9-bd9c-de1a8881deff
expires
Wed, 14 Oct 2020 16:49:29 GMT
cache-control
public, max-age=31622400
cf-ray
525b0c01eae69c69-AMS
x-cache-hits
1, 2
jquery.themepunch.tools.min.js?ver=5.4.8.3
/wp-content/plugins/revslider/public/assets/js
108 KB
37 KB
Script
General
Full URL
https://www.sentinelone.com/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.tools.min.js?ver=5.4.8.3
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a1dff8b0c66227748951c4ff891f146f49c5a382ac8e3d6e3c2e9cf8aa560dc8

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:29 GMT
via
1.1 varnish
cf-cache-status
HIT
age
1678117
x-pantheon-styx-hostname
styx-fe4-a-6fdbf67967-ccpmb
x-cache
HIT, HIT
status
200
content-encoding
br
x-served-by
cache-mdw17365-MDW, cache-ams21021-AMS
last-modified
Wed, 25 Sep 2019 04:49:35 GMT
server
cloudflare
x-timer
S1569393653.533120,VS0,VE1
etag
W/"5d8af1df-1afe4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
e8fac77b-df55-11e9-99c3-36ddb7e19663
expires
Wed, 14 Oct 2020 16:49:29 GMT
cache-control
public, max-age=31622400
cf-ray
525b0c01eae89c69-AMS
x-cache-hits
1, 1
jquery.themepunch.revolution.min.js?ver=5.4.8.3
/wp-content/plugins/revslider/public/assets/js
63 KB
17 KB
Script
General
Full URL
https://www.sentinelone.com/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.revolution.min.js?ver=5.4.8.3
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
27ead7f47a3fb4d1e7cbef0c68e28bde7ea18923cf41d8ca82ba13584eebc710

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:29 GMT
via
1.1 varnish, 1.1 varnish
cf-cache-status
HIT
age
9011529
x-pantheon-styx-hostname
styx-fe4-a-74bc8f859b-pgkrm
x-cache
HIT, HIT
status
200
content-encoding
br
x-served-by
cache-mdw17340-MDW, cache-ams21027-AMS
last-modified
Tue, 02 Jul 2019 09:33:00 GMT
server
cloudflare
x-timer
S1562060240.494058,VS0,VE1
etag
W/"5d1b24cc-fdb5"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
0c5903ba-5b97-4479-9e18-10711b9a6793
expires
Wed, 14 Oct 2020 16:49:29 GMT
cache-control
public, max-age=31622400
cf-ray
525b0c01fb0e9c69-AMS
x-cache-hits
1, 1
geoip2.js?ver=ca0f6f836087d310c8d70cd2c91f2976
js.maxmind.com/js/apis/geoip2/v2.1
4 KB
2 KB
Script
General
Full URL
https://js.maxmind.com/js/apis/geoip2/v2.1/geoip2.js?ver=ca0f6f836087d310c8d70cd2c91f2976
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:262f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
69666124ea4313cf5b2da94871c86acd68bcbc4d50b360fdebc4dc3b977dde21

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:29 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Thu, 10 Oct 2019 18:19:15 GMT
server
cloudflare
age
9
etag
W/"5d9f7623-f39"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=43200
cf-ray
525b0c021fa4595e-VIE
expires
Tue, 15 Oct 2019 04:49:29 GMT
forms2.min.js?ver=ca0f6f836087d310c8d70cd2c91f2976
go.sentinelone.com/js/forms2/js
169 KB
55 KB
Script
General
Full URL
https://go.sentinelone.com/js/forms2/js/forms2.min.js?ver=ca0f6f836087d310c8d70cd2c91f2976
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
321bbcc4cc57483b7e329186e5159498b668ddde87cb64696ddcdc95176cce82
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:29 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
last-modified
Wed, 25 Sep 2019 18:55:06 GMT
server
cloudflare
age
1199
etag
W/"19c06bd-2a536-5936530f69680"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
public, max-age=14400
cf-ray
525b0c01fb129c69-AMS
expires
Mon, 14 Oct 2019 20:49:29 GMT
overlay.js?ver=ca0f6f836087d310c8d70cd2c91f2976
app.cdn.lookbookhq.com/libraries/overlay
3 KB
1 KB
Script
General
Full URL
https://app.cdn.lookbookhq.com/libraries/overlay/overlay.js?ver=ca0f6f836087d310c8d70cd2c91f2976
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.224.196.120 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-224-196-120.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
22e99c10c854ffe87ce08eb21da77a11a8916ca6ee60188d9464e2fda4339942

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
LT4hxsSI0qCVR_LPs.1CSwsPcFoD2yTO
content-encoding
gzip
last-modified
Thu, 22 Jun 2017 15:42:46 GMT
server
AmazonS3
age
37185
date
Mon, 14 Oct 2019 06:29:45 GMT
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
status
200
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
96JSUucKn_wQbgoyUDm2T2_3Lnczb2IQ8MKUC6a81IkVR0SVvXW_Vw==
via
1.1 8002c303d4f2295f77566a349deba122.cloudfront.net (CloudFront)
header.js?ver=1571069159
/wp-content/themes/sentinelone/assets/js
19 KB
6 KB
Script
General
Full URL
https://www.sentinelone.com/wp-content/themes/sentinelone/assets/js/header.js?ver=1571069159
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ba6b848f8d173a2e19b98d15001bbad2d847e5b8d0601f09c2571789e2fde145
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:29 GMT
via
1.1 varnish
vary
Accept-Encoding
cf-cache-status
HIT
age
1857
cf-polished
origSize=33579
x-pantheon-styx-hostname
styx-fe4-a-7589bc57f6-7qzfr
x-cache
HIT, HIT
status
200
cf-bgj
minify
content-encoding
br
x-served-by
cache-mdw17348-MDW, cache-ams21041-AMS
last-modified
Mon, 14 Oct 2019 16:05:59 GMT
server
cloudflare
x-timer
S1571069912.298081,VS0,VE1
etag
W/"5da49ce7-832b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=300
content-type
application/x-javascript
x-styx-req-id
85d4b1da-ee9c-11e9-9aa9-3a17cb1d351c
expires
Wed, 14 Oct 2020 16:49:29 GMT
cache-control
public, max-age=31622400
cf-ray
525b0c01fb109c69-AMS
x-cache-hits
1, 1
OneSignalSDK.js
cdn.onesignal.com/sdks
8 KB
3 KB
Script
General
Full URL
https://cdn.onesignal.com/sdks/OneSignalSDK.js
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6812:e234 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f740ae311866f8c7831b5d995f1d7699a9a98355c0ebc714d951bf0160dc6434

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:29 GMT
content-encoding
gzip
cf-cache-status
HIT
server
cloudflare
age
406
etag
W/"73b5b3cb28db170b055f798366552f28"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=43200
cf-ray
525b0c01ee5d8c68-VIE
expires
Tue, 15 Oct 2019 04:49:29 GMT
sentinelone-white.svg
/wp-content/uploads/2017/06
5 KB
2 KB
Image
General
Full URL
https://www.sentinelone.com/wp-content/uploads/2017/06/sentinelone-white.svg
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa85daedd2f22ba89e30f96b513f3aee7d144b84face7769ea9bd5009a035671

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:29 GMT
via
1.1 varnish
cf-cache-status
HIT
age
1506830
x-pantheon-styx-hostname
styx-fe4-a-5d7b76fc47-ptwss
x-cache
HIT, MISS
status
200
content-encoding
br
x-served-by
cache-mdw17347-MDW, cache-ams21051-AMS
last-modified
Thu, 18 Oct 2018 21:20:02 GMT
server
cloudflare
x-timer
S1569564939.038037,VS0,VE101
etag
W/"5bc8f902-14e8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
expires
Wed, 14 Oct 2020 16:49:29 GMT
cache-control
public, max-age=31622400
cf-ray
525b0c01fb119c69-AMS
x-styx-req-id
4ec454fb-e059-11e9-88ff-ce9069db7e4c
x-cache-hits
1, 0
sentinelone_newlogo_onwhite_narrow.svg
/wp-content/uploads/2017/06
12 KB
5 KB
Image
General
Full URL
https://www.sentinelone.com/wp-content/uploads/2017/06/sentinelone_newlogo_onwhite_narrow.svg
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf6a84e9f6a326cc354344904bf7694d887b8b9803d5640253c387c1934aeb1a

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:30 GMT
via
1.1 varnish
cf-cache-status
HIT
age
1589992
x-pantheon-styx-hostname
styx-fe4-58cf88dbb7-xdz7m
x-cache
MISS, HIT
status
200
content-encoding
br
x-served-by
cache-mdw17347-MDW, cache-ams21045-AMS
last-modified
Thu, 18 Oct 2018 21:19:58 GMT
server
cloudflare
x-timer
S1569481778.365002,VS0,VE1
etag
W/"5bc8f8fe-3104"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/svg+xml
access-control-allow-origin
*
expires
Wed, 14 Oct 2020 16:49:30 GMT
cache-control
public, max-age=31622400
cf-ray
525b0c02ec8b9c69-AMS
x-styx-req-id
5a58b837-e027-11e9-a9b6-5ab11b9e5366
x-cache-hits
0, 1
player_line.png
d12ee1u74lotna.cloudfront.net/images
133 B
456 B
Image
General
Full URL
https://d12ee1u74lotna.cloudfront.net/images/player_line.png
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:20eb:5000:9:9d18:4580:21 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
129d6ad3aaa317f80d0c676aeed9ca250d2fe25e23c2f00c1f7cae9af6363eeb

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:26:29 GMT
via
1.1 b6d1611761652d7a383651f2bf480596.cloudfront.net (CloudFront)
last-modified
Sun, 04 Aug 2019 13:23:25 GMT
server
AmazonS3
age
1382
etag
"853b010be92eeda4be2c999024d4e054"
x-cache
Hit from cloudfront
content-type
image/png
status
200
x-amz-cf-pop
FRA2-C1
accept-ranges
bytes
content-length
133
x-amz-cf-id
78Tn9APjNuTgZn2nbQK5oWwaogu05Gi_VKBERdxuVLTgdwcFjOhgIA==
Detecting-macOS.GMERA-Malware-Through-Behavioral-Inspection.jpg
/wp-content/uploads/2019/09
88 KB
88 KB
Image
General
Full URL
https://www.sentinelone.com/wp-content/uploads/2019/09/Detecting-macOS.GMERA-Malware-Through-Behavioral-Inspection.jpg
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
bce4fe5494e95686cead8d939eccd4aee14439912743736cc290b323ec875646
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:30 GMT
via
1.1 varnish
cf-cache-status
HIT
age
24813
x-pantheon-styx-hostname
styx-fe4-a-7589bc57f6-7qzfr
x-cache
HIT, MISS
status
200
strict-transport-security
max-age=300
content-length
90062
x-served-by
cache-mdw17333-MDW, cache-ams21033-AMS
last-modified
Wed, 25 Sep 2019 16:45:25 GMT
server
cloudflare
x-timer
S1571046957.409557,VS0,VE587
etag
"5d8b99a5-15fce"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
x-styx-req-id
37c8b730-ec98-11e9-9aa9-3a17cb1d351c
expires
Wed, 14 Oct 2020 16:49:30 GMT
cache-control
public, max-age=31622400
accept-ranges
bytes
cf-ray
525b0c02fc979c69-AMS
x-cache-hits
1, 0
1-undetected-vt.jpg
/wp-content/uploads/2019/09
76 KB
76 KB
Image
General
Full URL
https://www.sentinelone.com/wp-content/uploads/2019/09/1-undetected-vt.jpg
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
2a428d57497a58120d3826bef296a2dba1d6b835357a64b510b5835d1b2c6b0a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:30 GMT
via
1.1 varnish
cf-cache-status
HIT
age
24813
x-pantheon-styx-hostname
styx-fe4-a-7589bc57f6-htpk8
x-cache
HIT, MISS
status
200
strict-transport-security
max-age=300
content-length
77627
x-served-by
cache-mdw17338-MDW, cache-ams21040-AMS
last-modified
Wed, 25 Sep 2019 14:02:42 GMT
server
cloudflare
x-timer
S1571046957.431602,VS0,VE109
etag
"5d8b7382-12f3b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
x-styx-req-id
37c9ced5-ec98-11e9-81e5-faa2a6e3125e
expires
Wed, 14 Oct 2020 16:49:30 GMT
cache-control
public, max-age=31622400
accept-ranges
bytes
cf-ray
525b0c02fc989c69-AMS
x-cache-hits
1, 0
2-terminal-resources-dir.jpg
/wp-content/uploads/2019/09
59 KB
59 KB
Image
General
Full URL
https://www.sentinelone.com/wp-content/uploads/2019/09/2-terminal-resources-dir.jpg
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
1581144cb5e588af4057bb8ef87f924d18f3079bafd36204806d28cb572c9f3e
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:30 GMT
via
1.1 varnish
cf-cache-status
HIT
age
24813
x-pantheon-styx-hostname
styx-fe4-9b9c45564-l5p5q
x-cache
HIT, MISS
status
200
strict-transport-security
max-age=300
content-length
60216
x-served-by
cache-mdw17368-MDW, cache-ams21029-AMS
last-modified
Wed, 25 Sep 2019 14:02:47 GMT
server
cloudflare
x-timer
S1571046957.412866,VS0,VE100
etag
"5d8b7387-eb38"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
x-styx-req-id
380c0672-ec98-11e9-9a1a-965fbb56d065
expires
Wed, 14 Oct 2020 16:49:30 GMT
cache-control
public, max-age=31622400
accept-ranges
bytes
cf-ray
525b0c02fc999c69-AMS
x-cache-hits
1, 0
3-run-shell-script.jpg
/wp-content/uploads/2019/09
294 KB
295 KB
Image
General
Full URL
https://www.sentinelone.com/wp-content/uploads/2019/09/3-run-shell-script.jpg
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a6b570d96216eb0acf1285e98d32b2ad677f24e4cb31f767f2e0a57e123650df
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:30 GMT
via
1.1 varnish
cf-cache-status
HIT
age
24813
x-pantheon-styx-hostname
styx-fe4-9b9c45564-l5p5q
x-cache
HIT, MISS
status
200
strict-transport-security
max-age=300
content-length
301043
x-served-by
cache-mdw17338-MDW, cache-ams21025-AMS
last-modified
Wed, 25 Sep 2019 14:02:51 GMT
server
cloudflare
x-timer
S1571046957.411092,VS0,VE206
etag
"5d8b738b-497f3"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
x-styx-req-id
380bb547-ec98-11e9-9a1a-965fbb56d065
expires
Wed, 14 Oct 2020 16:49:30 GMT
cache-control
public, max-age=31622400
accept-ranges
bytes
cf-ray
525b0c02fc9a9c69-AMS
x-cache-hits
1, 0
4-launchagent-decoded.jpg
/wp-content/uploads/2019/09
400 KB
400 KB
Image
General
Full URL
https://www.sentinelone.com/wp-content/uploads/2019/09/4-launchagent-decoded.jpg
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
87d4788d68dd152cd812912f67092b91aac84183c185b1aadbb9a18adaa3b59c
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:30 GMT
via
1.1 varnish
cf-cache-status
HIT
age
24813
x-pantheon-styx-hostname
styx-fe4-9b9c45564-l5p5q
x-cache
HIT, MISS
status
200
strict-transport-security
max-age=300
content-length
409420
x-served-by
cache-mdw17338-MDW, cache-ams21026-AMS
last-modified
Wed, 25 Sep 2019 14:02:57 GMT
server
cloudflare
x-timer
S1571046957.412974,VS0,VE213
etag
"5d8b7391-63f4c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
x-styx-req-id
381b5ca9-ec98-11e9-9a1a-965fbb56d065
expires
Wed, 14 Oct 2020 16:49:30 GMT
cache-control
public, max-age=31622400
accept-ranges
bytes
cf-ray
525b0c02fc9b9c69-AMS
x-cache-hits
1, 0
5-hopper-and-ports.jpg
/wp-content/uploads/2019/09
188 KB
189 KB
Image
General
Full URL
https://www.sentinelone.com/wp-content/uploads/2019/09/5-hopper-and-ports.jpg
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
516133c5c56de224f7bb75c4e763da3dda81ca30e232adc737fc25a97a82373d
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:30 GMT
via
1.1 varnish
cf-cache-status
HIT
age
24813
x-pantheon-styx-hostname
styx-fe4-9b9c45564-jcn77
x-cache
HIT, MISS
status
200
strict-transport-security
max-age=300
content-length
192710
x-served-by
cache-mdw17373-MDW, cache-ams21039-AMS
last-modified
Wed, 25 Sep 2019 14:03:04 GMT
server
cloudflare
x-timer
S1571046957.409162,VS0,VE198
etag
"5d8b7398-2f0c6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
x-styx-req-id
381b3680-ec98-11e9-a15d-fe922eee6103
expires
Wed, 14 Oct 2020 16:49:30 GMT
cache-control
public, max-age=31622400
accept-ranges
bytes
cf-ray
525b0c02fc9c9c69-AMS
x-cache-hits
1, 0
6-cert-revoked.jpg
/wp-content/uploads/2019/09
22 KB
23 KB
Image
General
Full URL
https://www.sentinelone.com/wp-content/uploads/2019/09/6-cert-revoked.jpg
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
de0c89aa6913f277233a134a6bcf17ba4bc9a605320e40b9025f969ca895cac6
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:30 GMT
via
1.1 varnish
cf-cache-status
HIT
age
24813
x-pantheon-styx-hostname
styx-fe4-a-7589bc57f6-htpk8
x-cache
HIT, MISS
status
200
strict-transport-security
max-age=300
content-length
22814
x-served-by
cache-mdw17369-MDW, cache-ams21048-AMS
last-modified
Wed, 25 Sep 2019 14:03:09 GMT
server
cloudflare
x-timer
S1571046957.408897,VS0,VE96
etag
"5d8b739d-591e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
x-styx-req-id
381b4bdd-ec98-11e9-81e5-faa2a6e3125e
expires
Wed, 14 Oct 2020 16:49:30 GMT
cache-control
public, max-age=31622400
accept-ranges
bytes
cf-ray
525b0c02fca09c69-AMS
x-cache-hits
1, 0
wp-emoji-release.min.js?ver=ca0f6f836087d310c8d70cd2c91f2976
/wp-includes/js
14 KB
4 KB
Script
General
Full URL
https://www.sentinelone.com/wp-includes/js/wp-emoji-release.min.js?ver=ca0f6f836087d310c8d70cd2c91f2976
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
f4799ef2939b8377cf33f07b07b6d90a4a245adbf1c6eaf47ee3b0fcefcc07fe

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:30 GMT
via
1.1 varnish
cf-cache-status
HIT
age
3320437
x-pantheon-styx-hostname
styx-fe4-a-6df8df47df-fh49k
x-cache
HIT, HIT
status
200
content-encoding
br
x-served-by
cache-mdw17354-MDW, cache-ams21023-AMS
last-modified
Fri, 06 Sep 2019 06:19:12 GMT
server
cloudflare
x-timer
S1567751333.147117,VS0,VE1
etag
W/"5d71fa60-3610"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
592e9080-d06e-11e9-a03b-da1d2777ff28
expires
Wed, 14 Oct 2020 16:49:30 GMT
cache-control
public, max-age=31622400
cf-ray
525b0c02fca29c69-AMS
x-cache-hits
2, 1
7-xprotect-yara-rule.jpg
/wp-content/uploads/2019/09
171 KB
171 KB
Image
General
Full URL
https://www.sentinelone.com/wp-content/uploads/2019/09/7-xprotect-yara-rule.jpg
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8747ac8d279d1ac93bd3881a4a4b4346aff5975990e16e5bb29843223ca7474c
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:30 GMT
via
1.1 varnish
cf-cache-status
HIT
age
24813
x-pantheon-styx-hostname
styx-fe4-9b9c45564-l5p5q
x-cache
HIT, MISS
status
200
strict-transport-security
max-age=300
content-length
174800
x-served-by
cache-mdw17357-MDW, cache-ams21021-AMS
last-modified
Wed, 25 Sep 2019 14:03:13 GMT
server
cloudflare
x-timer
S1571046957.412519,VS0,VE216
etag
"5d8b73a1-2aad0"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
x-styx-req-id
383055fa-ec98-11e9-9a1a-965fbb56d065
expires
Wed, 14 Oct 2020 16:49:30 GMT
cache-control
public, max-age=31622400
accept-ranges
bytes
cf-ray
525b0c02fca49c69-AMS
x-cache-hits
1, 0
8-yara-2.jpg
/wp-content/uploads/2019/09
138 KB
138 KB
Image
General
Full URL
https://www.sentinelone.com/wp-content/uploads/2019/09/8-yara-2.jpg
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a1be269a2e26a94494574950891fc8d221940eafebd459a2d9f65062b99376b6
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:30 GMT
via
1.1 varnish
cf-cache-status
HIT
age
24813
x-pantheon-styx-hostname
styx-fe4-a-7589bc57f6-mcvts
x-cache
HIT, MISS
status
200
strict-transport-security
max-age=300
content-length
141190
x-served-by
cache-mdw17379-MDW, cache-ams21023-AMS
last-modified
Wed, 25 Sep 2019 14:03:18 GMT
server
cloudflare
x-timer
S1571046957.411865,VS0,VE216
etag
"5d8b73a6-22786"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
x-styx-req-id
6bc690df-ec8a-11e9-9960-da4aa7bab478
expires
Wed, 14 Oct 2020 16:49:30 GMT
cache-control
public, max-age=31622400
accept-ranges
bytes
cf-ray
525b0c02fca69c69-AMS
x-cache-hits
1, 0
9-hidden-launch-agent.jpg
/wp-content/uploads/2019/09
125 KB
126 KB
Image
General
Full URL
https://www.sentinelone.com/wp-content/uploads/2019/09/9-hidden-launch-agent.jpg
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b11ccddf88f593d3aa698bb8214c67f55133935fcd75fc7e25b25824f5c0949a
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:30 GMT
via
1.1 varnish
cf-cache-status
HIT
age
24813
x-pantheon-styx-hostname
styx-fe4-9b9c45564-l5p5q
x-cache
MISS, MISS
status
200
strict-transport-security
max-age=300
content-length
128164
x-served-by
cache-mdw17321-MDW, cache-ams21029-AMS
last-modified
Wed, 25 Sep 2019 14:03:23 GMT
server
cloudflare
x-timer
S1571046957.418126,VS0,VE156
etag
"5d8b73ab-1f4a4"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
x-styx-req-id
d1c2a55c-ee68-11e9-9a1a-965fbb56d065
expires
Wed, 14 Oct 2020 16:49:30 GMT
cache-control
public, max-age=31622400
accept-ranges
bytes
cf-ray
525b0c02fca99c69-AMS
x-cache-hits
0, 0
10-apple-I.jpg
/wp-content/uploads/2019/09
10 KB
10 KB
Image
General
Full URL
https://www.sentinelone.com/wp-content/uploads/2019/09/10-apple-I.jpg
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
27d1236d4d0734ed2562f2133d912b8232b1f074dee072a3f8997944fe51546b
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:30 GMT
via
1.1 varnish
cf-cache-status
HIT
age
24813
x-pantheon-styx-hostname
styx-fe4-9b9c45564-jcn77
x-cache
HIT, MISS
status
200
strict-transport-security
max-age=300
content-length
10525
x-served-by
cache-mdw17330-MDW, cache-ams21033-AMS
last-modified
Wed, 25 Sep 2019 14:03:28 GMT
server
cloudflare
x-timer
S1571046957.411501,VS0,VE104
etag
"5d8b73b0-291d"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
x-styx-req-id
38404c75-ec98-11e9-a15d-fe922eee6103
expires
Wed, 14 Oct 2020 16:49:30 GMT
cache-control
public, max-age=31622400
accept-ranges
bytes
cf-ray
525b0c02fcac9c69-AMS
x-cache-hits
1, 0
11-agent-detection.jpg
/wp-content/uploads/2019/09
49 KB
50 KB
Image
General
Full URL
https://www.sentinelone.com/wp-content/uploads/2019/09/11-agent-detection.jpg
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
002efb822e8def29aa25426f8ea9442eeca5270893e218bb57abea8eafde43c0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:30 GMT
via
1.1 varnish
cf-cache-status
HIT
age
24813
x-pantheon-styx-hostname
styx-fe4-9b9c45564-mtjgs
x-cache
HIT, MISS
status
200
strict-transport-security
max-age=300
content-length
50552
x-served-by
cache-mdw17378-MDW, cache-ams21025-AMS
last-modified
Wed, 25 Sep 2019 14:03:31 GMT
server
cloudflare
x-timer
S1571046957.414460,VS0,VE100
etag
"5d8b73b3-c578"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
x-styx-req-id
ca934509-ede2-11e9-aa3f-6ac4c6779cab
expires
Wed, 14 Oct 2020 16:49:30 GMT
cache-control
public, max-age=31622400
accept-ranges
bytes
cf-ray
525b0c02fcad9c69-AMS
x-cache-hits
1, 0
12-management-console.jpg
/wp-content/uploads/2019/09
138 KB
138 KB
Image
General
Full URL
https://www.sentinelone.com/wp-content/uploads/2019/09/12-management-console.jpg
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
ed8550163f5591773d7f83f2361083f8b701bdaadb3e85c911c98ee1b7e7c8b0
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:30 GMT
via
1.1 varnish
cf-cache-status
HIT
age
24813
x-pantheon-styx-hostname
styx-fe4-9b9c45564-mtjgs
x-cache
HIT, MISS
status
200
strict-transport-security
max-age=300
content-length
141399
x-served-by
cache-mdw17372-MDW, cache-ams21042-AMS
last-modified
Wed, 25 Sep 2019 14:03:35 GMT
server
cloudflare
x-timer
S1571046957.428766,VS0,VE191
etag
"5d8b73b7-22857"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
x-styx-req-id
388cb47b-ec98-11e9-aa3f-6ac4c6779cab
expires
Wed, 14 Oct 2020 16:49:30 GMT
cache-control
public, max-age=31622400
accept-ranges
bytes
cf-ray
525b0c02fcb09c69-AMS
x-cache-hits
1, 0
13-attack-story-line.jpg
/wp-content/uploads/2019/09
87 KB
87 KB
Image
General
Full URL
https://www.sentinelone.com/wp-content/uploads/2019/09/13-attack-story-line.jpg
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
84b78a7942c95f4a0f35d6c27ed05c7b37b7edd7dae8b2614be8a7dac2c6646c
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:30 GMT
via
1.1 varnish
cf-cache-status
HIT
age
24813
x-pantheon-styx-hostname
styx-fe4-9b9c45564-mtjgs
x-cache
MISS, MISS
status
200
strict-transport-security
max-age=300
content-length
88775
x-served-by
cache-mdw17342-MDW, cache-ams21046-AMS
last-modified
Wed, 25 Sep 2019 14:03:39 GMT
server
cloudflare
x-timer
S1571046957.417750,VS0,VE249
etag
"5d8b73bb-15ac7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
x-styx-req-id
d1c305bd-ee68-11e9-aa3f-6ac4c6779cab
expires
Wed, 14 Oct 2020 16:49:30 GMT
cache-control
public, max-age=31622400
accept-ranges
bytes
cf-ray
525b0c02fcb19c69-AMS
x-cache-hits
0, 0
300x250.jpg
/wp-content/uploads/2017/06
57 KB
58 KB
Image
General
Full URL
https://www.sentinelone.com/wp-content/uploads/2017/06/300x250.jpg
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7e76b70f51266b69f619ca2b24a1207e44f15c714cbe6150274ffbcc49b39d65

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:30 GMT
via
1.1 varnish
cf-cache-status
HIT
age
1579300
x-pantheon-styx-hostname
styx-fe4-5bb679569f-5sb2x
x-cache
HIT, HIT
status
200
content-length
58714
x-served-by
cache-mdw17362-MDW, cache-ams21024-AMS
last-modified
Mon, 12 Aug 2019 07:55:29 GMT
server
cloudflare
x-timer
S1569492471.869977,VS0,VE1
etag
"5d511b71-e55a"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
x-styx-req-id
ad49ee7e-df65-11e9-a4cb-425448b24ebd
expires
Wed, 14 Oct 2020 16:49:30 GMT
cache-control
public, max-age=31622400
accept-ranges
bytes
cf-ray
525b0c02fcb29c69-AMS
x-cache-hits
1, 1
192379_Archer_06_Target_0040.jpg
/wp-content/uploads/2017/06
55 KB
56 KB
Image
General
Full URL
https://www.sentinelone.com/wp-content/uploads/2017/06/192379_Archer_06_Target_0040.jpg
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
60fce9050c9cae25545bbc0ad0cac6b2801051254b593a335670aa7dcc587686

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:30 GMT
via
1.1 varnish
cf-cache-status
HIT
age
5339047
x-pantheon-styx-hostname
styx-fe4-a-5d4bcdb8f5-lhh4p
x-cache
HIT, HIT
status
200
content-length
56462
x-served-by
cache-mdw17363-MDW, cache-ams21020-AMS
last-modified
Fri, 12 Apr 2019 14:49:03 GMT
server
cloudflare
x-timer
S1565732724.842373,VS0,VE3
etag
"5cb0a55f-dc8e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/jpeg
x-styx-req-id
bb4db892-b3e6-11e9-b8e8-0a580abc1493
expires
Wed, 14 Oct 2020 16:49:30 GMT
cache-control
public, max-age=31622400
accept-ranges
bytes
cf-ray
525b0c02fcb39c69-AMS
x-cache-hits
1, 1
pre-featured.png
/wp-content/uploads/2017/06
27 KB
28 KB
Image
General
Full URL
https://www.sentinelone.com/wp-content/uploads/2017/06/pre-featured.png
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9dc46ec88c0ea2b460e666af0594929240032360e1dddf54b0cda12769ba47aa

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:30 GMT
via
1.1 varnish
cf-cache-status
HIT
age
1800212
x-pantheon-styx-hostname
styx-fe4-548fd49669-8mz4l
x-cache
HIT, HIT
status
200
content-length
28087
x-served-by
cache-mdw17327-MDW, cache-ams21050-AMS
last-modified
Thu, 18 Oct 2018 21:19:42 GMT
server
cloudflare
x-timer
S1569271559.615922,VS0,VE47
etag
"5bc8f8ee-6db7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
x-styx-req-id
055b1463-da8c-11e9-92f8-ca157f9d3151
expires
Wed, 14 Oct 2020 16:49:30 GMT
cache-control
public, max-age=31622400
accept-ranges
bytes
cf-ray
525b0c02fcb49c69-AMS
x-cache-hits
1, 1
Locations-w-Stockholm.png
/wp-content/uploads/2017/06
58 KB
59 KB
Image
General
Full URL
https://www.sentinelone.com/wp-content/uploads/2017/06/Locations-w-Stockholm.png
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
c6f5b82a3821df76441e1ef71dc4932bfbc26c549e0cd8fd6d02bed2b3db0166

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:30 GMT
via
1.1 varnish
cf-cache-status
HIT
age
1796781
x-pantheon-styx-hostname
styx-fe4-548fd49669-8mz4l
x-cache
HIT, MISS
status
200
content-length
59767
x-served-by
cache-mdw17347-MDW, cache-ams21021-AMS
last-modified
Thu, 18 Oct 2018 21:15:45 GMT
server
cloudflare
x-timer
S1569274989.053721,VS0,VE102
etag
"5bc8f801-e977"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
image/png
x-styx-req-id
c46b0d74-da8d-11e9-92f8-ca157f9d3151
expires
Wed, 14 Oct 2020 16:49:30 GMT
cache-control
public, max-age=31622400
accept-ranges
bytes
cf-ray
525b0c02fcb59c69-AMS
x-cache-hits
1, 0
highlight.pack.js?ver=9.12.0
/wp-content/plugins/markdown-editor/assets/scripts
45 KB
18 KB
Script
General
Full URL
https://www.sentinelone.com/wp-content/plugins/markdown-editor/assets/scripts/highlight.pack.js?ver=9.12.0
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
06c6b725b44640d99123f7f0cbcb63edab75af6ebf6d373a198d068ab5e00563

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:29 GMT
via
1.1 varnish
cf-cache-status
HIT
age
5314529
cf-polished
origSize=46071
x-pantheon-styx-hostname
styx-fe4-a-6f4ddbc8cb-74c4v
x-cache
HIT, HIT
status
200
cf-bgj
minify
content-encoding
br
x-served-by
cache-mdw17354-MDW, cache-ams21041-AMS
last-modified
Sat, 10 Aug 2019 19:07:31 GMT
server
cloudflare
x-timer
S1565757240.343979,VS0,VE2
etag
W/"5d4f15f3-b3f7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
f325e1c7-bbcc-11e9-8ab0-1ab5236c9ea5
expires
Wed, 14 Oct 2020 16:49:29 GMT
cache-control
public, max-age=31622400
cf-ray
525b0c020b1e9c69-AMS
x-cache-hits
1, 1
line-numbers.min.js?ver=2.3.0
/wp-content/plugins/markdown-editor/assets/scripts
2 KB
1021 B
Script
General
Full URL
https://www.sentinelone.com/wp-content/plugins/markdown-editor/assets/scripts/line-numbers.min.js?ver=2.3.0
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9f38f42d69ba3fbbf264d0d20b65c6472d7ceed9be4eeef33748abd772556cd4

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:29 GMT
via
1.1 varnish
cf-cache-status
HIT
age
5831190
x-pantheon-styx-hostname
styx-fe4-7b47fdd589-5wmrq
x-cache
HIT, HIT
status
200
content-encoding
br
x-served-by
cache-mdw17363-MDW, cache-ams21023-AMS
last-modified
Wed, 31 Jul 2019 22:05:40 GMT
server
cloudflare
x-timer
S1565240579.303305,VS0,VE1
etag
W/"5d4210b4-6c9"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
bb054d23-b3e6-11e9-84d1-0a580a2c0590
expires
Wed, 14 Oct 2020 16:49:29 GMT
cache-control
public, max-age=31622400
cf-ray
525b0c025b9b9c69-AMS
x-cache-hits
1, 1
clipboard.min.js?ver=ca0f6f836087d310c8d70cd2c91f2976
/wp-includes/js
11 KB
3 KB
Script
General
Full URL
https://www.sentinelone.com/wp-includes/js/clipboard.min.js?ver=ca0f6f836087d310c8d70cd2c91f2976
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
32537e7938c4da728fd6db27da867e525b6cd8bf04cf8c9f222536887312c41a

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:29 GMT
via
1.1 varnish
cf-cache-status
HIT
age
3320194
x-pantheon-styx-hostname
styx-fe4-a-6df8df47df-fh49k
x-cache
HIT, HIT
status
200
content-encoding
br
x-served-by
cache-mdw17374-MDW, cache-ams21032-AMS
last-modified
Fri, 06 Sep 2019 06:19:12 GMT
server
cloudflare
x-timer
S1567751576.934018,VS0,VE1
etag
W/"5d71fa60-2a26"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
591e20aa-d06e-11e9-a03b-da1d2777ff28
expires
Wed, 14 Oct 2020 16:49:29 GMT
cache-control
public, max-age=31622400
cf-ray
525b0c025ba99c69-AMS
x-cache-hits
1, 1
frontend.min.js?ver=0.1.6
/wp-content/plugins/markdown-editor/assets/scripts
2 KB
844 B
Script
General
Full URL
https://www.sentinelone.com/wp-content/plugins/markdown-editor/assets/scripts/frontend.min.js?ver=0.1.6
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
eca7f32a8c752a64d7e45b588740ccfcb1524035a952e9b3a567ab59cded2c9f

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:30 GMT
via
1.1 varnish
cf-cache-status
HIT
age
1764035
x-pantheon-styx-hostname
styx-fe4-a-7ffd645fbf-5vpzb
x-cache
HIT, HIT
status
200
content-encoding
br
x-served-by
cache-mdw17322-MDW, cache-ams21031-AMS
last-modified
Wed, 18 Sep 2019 19:32:23 GMT
server
cloudflare
x-timer
S1569307736.789073,VS0,VE1
etag
W/"5d828647-64e"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
f42525bb-da89-11e9-ab02-ce95f6a349c9
expires
Wed, 14 Oct 2020 16:49:30 GMT
cache-control
public, max-age=31622400
cf-ray
525b0c027be49c69-AMS
x-cache-hits
1, 1
sharethis.js?ver=ca0f6f836087d310c8d70cd2c91f2976
platform-api.sharethis.com/js
87 KB
27 KB
Script
General
Full URL
https://platform-api.sharethis.com/js/sharethis.js?ver=ca0f6f836087d310c8d70cd2c91f2976
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2600:9000:2156:c000:1c:8a07:5e80:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software
/
Resource Hash
fc9ad4a349c92da22eb6998451f9c97d505bbc884595e0a694d4a9e4ef0c734d

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 14:49:32 GMT
content-encoding
gzip
age
433
etag
W/"15d36-iy7p4sU52s+j0OWGFp+NouOChvM"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript; charset=utf-8
status
200
edge-control
cache-maxage=60m,downstream-ttl=60m
cache-control
max-age=600, public
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
eYmPpKyDzpHho-5ulpBNScxND0vPa5fKXh-qc6dLuOWrHOWC0gpRLQ==
via
1.1 baaf38f0a0d54e4834bf934fa5189ceb.cloudfront.net (CloudFront)
footer.js?ver=1571069159
/wp-content/themes/sentinelone/assets/js
37 KB
11 KB
Script
General
Full URL
https://www.sentinelone.com/wp-content/themes/sentinelone/assets/js/footer.js?ver=1571069159
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
51ad538f85c2de9b2db831da78b01c53ee5da02f284cdb0f4fe1ac4fd8e87f58
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:30 GMT
via
1.1 varnish
vary
Accept-Encoding
cf-cache-status
HIT
age
1858
cf-polished
origSize=53631
x-pantheon-styx-hostname
styx-fe4-a-7589bc57f6-7qzfr
x-cache
HIT, HIT
status
200
cf-bgj
minify
content-encoding
br
x-served-by
cache-mdw17324-MDW, cache-ams21034-AMS
last-modified
Mon, 14 Oct 2019 16:05:59 GMT
server
cloudflare
x-timer
S1571069912.301694,VS0,VE1
etag
W/"5da49ce7-d17f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=300
content-type
application/x-javascript
x-styx-req-id
8606a0f0-ee9c-11e9-9aa9-3a17cb1d351c
expires
Wed, 14 Oct 2020 16:49:30 GMT
cache-control
public, max-age=31622400
cf-ray
525b0c02ac1a9c69-AMS
x-cache-hits
1, 1
main.js?ver=ca0f6f836087d310c8d70cd2c91f2976
/wp-content/themes/sentinelone/assets/js
130 KB
35 KB
Script
General
Full URL
https://www.sentinelone.com/wp-content/themes/sentinelone/assets/js/main.js?ver=ca0f6f836087d310c8d70cd2c91f2976
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
4079db0499412e8533729e95b4e9d6893a93a10c7d1fa8ae548e46e8f70c94bf

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:30 GMT
via
1.1 varnish
cf-cache-status
HIT
age
3320437
cf-polished
origSize=154987
x-pantheon-styx-hostname
styx-fe4-556fb79d49-jtnpw
x-cache
HIT, HIT
status
200
cf-bgj
minify
content-encoding
br
x-served-by
cache-mdw17350-MDW, cache-ams21030-AMS
last-modified
Fri, 06 Sep 2019 06:19:11 GMT
server
cloudflare
x-timer
S1567751333.093708,VS0,VE0
etag
W/"5d71fa5f-25d6b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/x-javascript
x-styx-req-id
59204a6d-d06e-11e9-a601-de0369eda0de
expires
Wed, 14 Oct 2020 16:49:30 GMT
cache-control
public, max-age=31622400
cf-ray
525b0c02cc4c9c69-AMS
x-cache-hits
1, 1
css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
fonts.googleapis.com
21 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
333229d8fc6cdddbe8698b444238abd9c509032d074b334aadf3df2ef0ea768c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Mon, 14 Oct 2019 16:49:29 GMT
server
ESF
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
status
200
date
Mon, 14 Oct 2019 16:49:29 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection
0
expires
Mon, 14 Oct 2019 16:49:29 GMT
pxiEyp8kv8JHgFVrJJfecnFHGPc.woff2
fonts.gstatic.com/s/poppins/v8
8 KB
8 KB
Font
General
Full URL
https://fonts.gstatic.com/s/poppins/v8/pxiEyp8kv8JHgFVrJJfecnFHGPc.woff2
Requested by
Host: go.sentinelone.com
URL: https://go.sentinelone.com/js/forms2/js/forms2.min.js?ver=ca0f6f836087d310c8d70cd2c91f2976
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
fab32ccef85408b763c899ad7c0b910c96c76dc9ed7158ce304fdcd3c0bf8388
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
cors
Referer
https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
Origin
https://www.sentinelone.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 10 Oct 2019 17:15:51 GMT
x-content-type-options
nosniff
last-modified
Mon, 22 Jul 2019 19:24:29 GMT
server
sffe
age
344019
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
7968
x-xss-protection
0
expires
Fri, 09 Oct 2020 17:15:51 GMT
tv2track.js
collector-5527.tvsquared.com
20 KB
9 KB
Script
General
Full URL
https://collector-5527.tvsquared.com/tv2track.js
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.76.21.188 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-76-21-188.eu-west-1.compute.amazonaws.com
Software
nginx /
Resource Hash
b556b631fa500e2a930169fee2b7268e9c547ed90c8c2d8b2ac6617f1a0553f8

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 16:49:30 GMT
Content-Encoding
gzip
Last-Modified
Mon, 30 Sep 2019 09:43:07 GMT
Server
nginx
ETag
"5d91ce2b-210c"
Content-Type
application/javascript
Cache-Control
max-age=600
Connection
keep-alive
X-Robots-Tag
noindex
Content-Length
8460
Expires
Mon, 14 Oct 2019 16:59:30 GMT
gtm.js?id=GTM-KGGXSJ
www.googletagmanager.com
187 KB
37 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:814::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1ce90a671170e905094f16ebd6f3c8be2c45d4833a10557da515f60fee4c2f9d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:30 GMT
content-encoding
br
last-modified
Mon, 14 Oct 2019 15:00:00 GMT
server
Google Tag Manager
access-control-allow-headers
Cache-Control
status
200
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
private, max-age=900
access-control-allow-credentials
true
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
37354
x-xss-protection
0
expires
Mon, 14 Oct 2019 16:49:30 GMT
getForm?munchkinId=327-MNM-087&form=1985&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdetecting-macos-gmera-malware-through-behavioral-inspection%2F&callback=jQuery112404769453926174956_157107177...
go.sentinelone.com/index.php/form
6 KB
2 KB
Script
General
Full URL
https://go.sentinelone.com/index.php/form/getForm?munchkinId=327-MNM-087&form=1985&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdetecting-macos-gmera-malware-through-behavioral-inspection%2F&callback=jQuery112404769453926174956_1571071770046&_=1571071770047
Requested by
Host: go.sentinelone.com
URL: https://go.sentinelone.com/js/forms2/js/forms2.min.js?ver=ca0f6f836087d310c8d70cd2c91f2976
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
9e29aaf4d724f87939b1a01ea3148485100d25f061b55324c4203b03245ad022
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:30 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
application/javascript; charset=utf-8
status
200
cf-ray
525b0c02fcb79c69-AMS
data:truncated
data:truncated
177 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
6fead81d343f693107904c5577dfd9642bb6ec751e305860c940fdcb5e6c4ae8

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml
data:truncated
data:truncated
242 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
91eb7001a90f9178135eede72f1c8a5300cababa4a078cb59debaa50de4b1788

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml
data:truncated
data:truncated
364 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
223dbeaf95c21e29aad42c8656d9ad41dbe9497df36c95118158609625d95c53

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml
pxiByp8kv8JHgFVrLGT9Z1xlFd2JQEk.woff2
fonts.gstatic.com/s/poppins/v8
8 KB
8 KB
Font
General
Full URL
https://fonts.gstatic.com/s/poppins/v8/pxiByp8kv8JHgFVrLGT9Z1xlFd2JQEk.woff2
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
5e07f937be00bbef113152fa46b2b2d5df97f405b152881c96e1c5069d8f405d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
cors
Referer
https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
Origin
https://www.sentinelone.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Thu, 10 Oct 2019 17:31:21 GMT
x-content-type-options
nosniff
last-modified
Mon, 22 Jul 2019 19:23:41 GMT
server
sffe
age
343089
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
7960
x-xss-protection
0
expires
Fri, 09 Oct 2020 17:31:21 GMT
pxiByp8kv8JHgFVrLDz8Z1xlFd2JQEk.woff2
fonts.gstatic.com/s/poppins/v8
8 KB
8 KB
Font
General
Full URL
https://fonts.gstatic.com/s/poppins/v8/pxiByp8kv8JHgFVrLDz8Z1xlFd2JQEk.woff2
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
0fe2aa289162af5650c4a5ad04948ed0872b83982060632f75b9dbd8520d2c8b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
cors
Referer
https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
Origin
https://www.sentinelone.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 11 Oct 2019 21:58:14 GMT
x-content-type-options
nosniff
last-modified
Mon, 22 Jul 2019 19:17:57 GMT
server
sffe
age
240676
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
7988
x-xss-protection
0
expires
Sat, 10 Oct 2020 21:58:14 GMT
pxiByp8kv8JHgFVrLCz7Z1xlFd2JQEk.woff2
fonts.gstatic.com/s/poppins/v8
8 KB
8 KB
Font
General
Full URL
https://fonts.gstatic.com/s/poppins/v8/pxiByp8kv8JHgFVrLCz7Z1xlFd2JQEk.woff2
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
56a522e79770e488da6015ed10f8c2bdafbcd87a7c6d443f7a293579bd0ef58d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
cors
Referer
https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
Origin
https://www.sentinelone.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 11 Oct 2019 19:34:39 GMT
x-content-type-options
nosniff
last-modified
Mon, 22 Jul 2019 19:18:02 GMT
server
sffe
age
249291
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
7924
x-xss-protection
0
expires
Sat, 10 Oct 2020 19:34:39 GMT
fa-solid-900.woff2
/wp-content/themes/sentinelone/assets/webfonts
74 KB
74 KB
Font
General
Full URL
https://www.sentinelone.com/wp-content/themes/sentinelone/assets/webfonts/fa-solid-900.woff2
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
8d86fae5265d97fb99e40108128776ef137a0f05e4147895820add73c26c05b1

Request headers

Sec-Fetch-Mode
cors
Referer
https://www.sentinelone.com/wp-content/themes/sentinelone/assets/css/style.min.css?ver=1571069159
Origin
https://www.sentinelone.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:30 GMT
via
1.1 varnish
cf-cache-status
HIT
age
5226833
x-pantheon-styx-hostname
styx-fe4-a-57ddb78b9c-5q5dr
x-cache
HIT, MISS
status
200
content-length
75356
x-served-by
cache-mdw17369-MDW, cache-ams21034-AMS
last-modified
Thu, 15 Aug 2019 03:06:00 GMT
server
cloudflare
x-timer
S1565844937.955841,VS0,VE99
etag
"5d54cc18-1265c"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
expires
Wed, 14 Oct 2020 16:49:30 GMT
cache-control
public, max-age=31622400
accept-ranges
bytes
cf-ray
525b0c030ccd9c69-AMS
x-styx-req-id
d5946537-bf09-11e9-95a2-42addebe397d
x-cache-hits
1, 0
fa-brands-400.woff2
/wp-content/themes/sentinelone/assets/webfonts
73 KB
73 KB
Font
General
Full URL
https://www.sentinelone.com/wp-content/themes/sentinelone/assets/webfonts/fa-brands-400.woff2
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
bb84784890d0dfbd6f09c0db2bf11725e4c7052e41f7c50940ac887f84747b83

Request headers

Sec-Fetch-Mode
cors
Referer
https://www.sentinelone.com/wp-content/themes/sentinelone/assets/css/style.min.css?ver=1571069159
Origin
https://www.sentinelone.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:30 GMT
via
1.1 varnish
cf-cache-status
HIT
age
1764836
x-pantheon-styx-hostname
styx-fe4-548fd49669-v8pwv
x-cache
HIT, HIT
status
200
content-length
74680
x-served-by
cache-mdw17322-MDW, cache-ams21030-AMS
last-modified
Wed, 18 Sep 2019 19:32:24 GMT
server
cloudflare
x-timer
S1569306935.991825,VS0,VE1
etag
"5d828648-123b8"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
font/woff2
access-control-allow-origin
*
expires
Wed, 14 Oct 2020 16:49:30 GMT
cache-control
public, max-age=31622400
accept-ranges
bytes
cf-ray
525b0c030ccf9c69-AMS
x-styx-req-id
8810dcfd-da86-11e9-91cd-1e025e98a09f
x-cache-hits
1, 1
pxiGyp8kv8JHgFVrJJLucHtAOvWDSA.woff2
fonts.gstatic.com/s/poppins/v8
9 KB
9 KB
Font
General
Full URL
https://fonts.gstatic.com/s/poppins/v8/pxiGyp8kv8JHgFVrJJLucHtAOvWDSA.woff2
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
7930f49c4da455b5c7dd46dd4aaa7260afedf32a341da9fa5f6867cdcf4acee4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
cors
Referer
https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
Origin
https://www.sentinelone.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 11 Oct 2019 19:37:28 GMT
x-content-type-options
nosniff
last-modified
Mon, 22 Jul 2019 19:24:11 GMT
server
sffe
age
249122
status
200
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
9120
x-xss-protection
0
expires
Sat, 10 Oct 2020 19:37:28 GMT
getForm?munchkinId=327-MNM-087&form=2426&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdetecting-macos-gmera-malware-through-behavioral-inspection%2F&callback=jQuery112404769453926174956_157107177...
go.sentinelone.com/index.php/form
6 KB
1 KB
Script
General
Full URL
https://go.sentinelone.com/index.php/form/getForm?munchkinId=327-MNM-087&form=2426&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdetecting-macos-gmera-malware-through-behavioral-inspection%2F&callback=jQuery112404769453926174956_1571071770048&_=1571071770049
Requested by
Host: go.sentinelone.com
URL: https://go.sentinelone.com/js/forms2/js/forms2.min.js?ver=ca0f6f836087d310c8d70cd2c91f2976
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
22b9c6a3dc85e4d4d8f6a8c5710c8edeb63a7366c6a5c3c865544a20ce03b313
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:30 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
application/javascript; charset=utf-8
status
200
cf-ray
525b0c032d0c9c69-AMS
data:truncated
data:truncated
351 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4c131a74d2f424e29ffb16d2b03fec20e3f0cae46c4f0aff594cdc8ade80c3ca

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/svg+xml
analytics.js
www.google-analytics.com
43 KB
17 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 19 Aug 2019 17:22:41 GMT
server
Golfe2
age
1091
date
Mon, 14 Oct 2019 16:31:19 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
17803
expires
Mon, 14 Oct 2019 18:31:19 GMT
conversion_async.js
www.googleadservices.com/pagead
24 KB
10 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
172.217.22.98 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s18-in-f98.1e100.net
Software
cafe /
Resource Hash
911339ce9c98835908454fb9fac51e1ff76c57f7845c325ef5affcd34d9f2a3f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:30 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
9186
x-xss-protection
0
server
cafe
etag
14983513458223702742
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 14 Oct 2019 16:49:30 GMT
bat.js
bat.bing.com
23 KB
7 KB
Script
General
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
/
Resource Hash
b139982ce002c53ddfb65aec1e90704c0a3704fc5aa35247f9323b74a1d3f721

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:29 GMT
content-encoding
gzip
last-modified
Tue, 10 Sep 2019 18:57:28 GMT
x-msedge-ref
Ref A: 5E6519488D9F428C8A12391B181C1E21 Ref B: VIEEDGE0811 Ref C: 2019-10-14T16:49:30Z
status
200
etag
"09c5197968d51:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
7148
56a667965d8d21035d00000d.js
tag.marinsm.com/serve
10 KB
4 KB
Script
General
Full URL
https://tag.marinsm.com/serve/56a667965d8d21035d00000d.js
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.65 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
Cowboy /
Resource Hash
c689e898f375f195f008ef22c48f7fe5da6751c1fd50620630ba52019ce43df0
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 16:49:30 GMT
Via
1.1 vegur, 1.1 varnish
X-Content-Type-Options
nosniff
Age
551
X-Cache
HIT
Connection
keep-alive
Content-Encoding
gzip
Content-Length
3466
X-Served-By
cache-hhn4026-HHN
Server
Cowboy
X-Timer
S1571071770.264445,VS0,VE0
Vary
Accept-Encoding
Content-Type
text/javascript
Cache-Control
max-age=1800
Accept-Ranges
bytes
X-Cache-Hits
1
fbevents.js
connect.facebook.net/en_US
103 KB
23 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
d625b329f3b590a05eb2a69e15cb251f15c3cab37e4ea4bedb4d291c12cad661
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
content-length
22382
x-xss-protection
0
pragma
public
x-fb-debug
/wd3+uKRLkLhHa3FFuAgoFWdrbSDxgW7s6/nW9NkVwAxIp/hwqGUC8hv4LL/xKOXqaGQW1TTsLffyM2NeFBUgQ==
x-fb-trip-id
1850256238
x-frame-options
DENY
date
Mon, 14 Oct 2019 16:49:30 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
munchkin.js
munchkin.marketo.net
1 KB
1 KB
Script
General
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.251.133 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-251-133.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
66f7eaa7a45f696c332cd450771f4be48e110f6afbe1fe7b39c7a95518aeef76

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 16:49:30 GMT
Content-Encoding
gzip
Last-Modified
Fri, 05 Apr 2019 02:53:44 GMT
Server
Apache
ETag
"54520320df20b526337717d6d28181fc:1554432824"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
752
bf-munchkin.min.js
munchkin.brightfunnel.com/js/build
20 KB
7 KB
Script
General
Full URL
https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.224.196.66 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-224-196-66.fra2.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e71e9eb057dbce45fc842c86a300d5410f757f7e0aa9084cb849631528e031f0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
null
Content-Encoding
gzip
Connection
keep-alive
Last-Modified
Wed, 06 Jun 2018 17:39:04 GMT
Server
AmazonS3
Age
184
Date
Mon, 14 Oct 2019 16:46:27 GMT
Vary
Accept-Encoding
X-Cache
Hit from cloudfront
Content-Type
application/javascript
Via
1.1 9e62923882d737ac8cd27f0d1b1c24cf.cloudfront.net (CloudFront)
Cache-Control
max-age=300
Transfer-Encoding
chunked
X-Amz-Cf-Pop
FRA2-C1
X-Amz-Cf-Id
wPgGG4gNjhe0tvY8nKPvjDbCObW7IZTM_6tmrkQ3PYTesmgE3Q_cAQ==
insight.min.js
snap.licdn.com/li.lms-analytics
3 KB
2 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2a02:26f0:6c00:28c::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date
Mon, 14 Oct 2019 16:49:30 GMT
Content-Encoding
gzip
Last-Modified
Mon, 07 Oct 2019 16:41:31 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=25625
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1576
qevents.js
a.quora.com
11 KB
4 KB
Script
General
Full URL
https://a.quora.com/qevents.js
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.113.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
49052dedc29d55935c2e8ee6304810244bc8ee8543e83b784aed5ead572c0555

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
o5oQBtRTJ98RtL.utc0fd2mRCQnxCwoJ
content-encoding
gzip
etag
"e4edfba72ae7d549b78192eb73bd6456"
age
4622
x-cache
HIT
status
200
content-length
3429
x-amz-id-2
ZlsUpBXbITFH0xqNgB+Gr/EI1i8CQ/3qyOMylrViagBYdknbumbucq1YbIIDMgW6AEOY8hR+Fb0=
x-served-by
cache-hhn4064-HHN
x-amz-expiration
expiry-date="Mon, 21 Oct 2019 00:00:00 GMT", rule-id="previous version deletion"
last-modified
Wed, 21 Aug 2019 14:52:15 GMT
server
AmazonS3
x-amz-meta-s3cmd-attrs
atime:1566399132/ctime:1566399131/gid:1000000/gname:employee/md5:e4edfba72ae7d549b78192eb73bd6456/mode:33188/mtime:1149709104/uid:1000230/uname:xiao
x-timer
S1571071770.278888,VS0,VE0
date
Mon, 14 Oct 2019 16:49:30 GMT
vary
Accept-Encoding
x-amz-request-id
B40481412BF74D76
via
1.1 varnish
cache-control
max-age=7200
accept-ranges
bytes
content-type
binary/octet-stream
x-cache-hits
1561
uwt.js
static.ads-twitter.com
5 KB
2 KB
Script
General
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.12.157 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:30 GMT
content-encoding
gzip
age
30968
x-cache
HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200
content-length
1954
x-served-by
cache-fra19128-FRA
last-modified
Tue, 23 Jan 2018 20:09:00 GMT
x-timer
S1571071770.288185,VS0,VE0
etag
"b7b33882a4f3ffd5cbf07434f3137166+gzip"
vary
Accept-Encoding,Host
content-type
application/javascript; charset=utf-8
via
1.1 varnish
cache-control
no-cache
accept-ranges
bytes
pixel.js
www.redditstatic.com/ads
16 KB
5 KB
Script
General
Full URL
https://www.redditstatic.com/ads/pixel.js
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.113.140 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
snooserv /
Resource Hash
3d15b6c83aceefb58ef1dd147c1a7ed7a76254c039387416abaf9f7c66beb032

Request headers

Sec-Fetch-Mode
no-cors
Referer
https://www.sentinelone.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Mon, 14 Oct 2019 16:49:30 GMT
content-encoding
gzip
age
5
x-cache
HIT, HIT
status
200
content-length
5325
x-served-by
cache-iad2140-IAD, cache-hhn4074-HHN
last-modified
Thu, 29 Aug 2019 19:06:18 GMT
server
snooserv
x-timer
S1571071770.286538,VS0,VE0
etag
"364dd685e7a12d491363ff4e900fd6fa"
vary
Accept-Encoding,Origin
content-type
application/javascript
via
1.1 varnish, 1.1 varnish
cache-control
public, max-age=60
accept-ranges
bytes
x-cache-hits
1, 3
ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-38175129-1&cid=979392542.1571071770&jid=603399030&_v=j79&z=347447024&slf_rd=1&random=597987794
www.google.de/ads
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j79&a=434576222&t=pageview&_s=1&dl=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdetecting-macos-gmera-malware-through-behavioral-inspection%2F&ul=en-...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-38175129-1&cid=979392542.1571071770&jid=603399030&_gid=224575893.1571071770&gjid=565631543&_v=j79&z=347447024
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-38175129-1&cid=979392542.1571071770&jid=603399030&_v=j79&z=347447024
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-38175129-1&cid=979392542.1571071770&jid=603399030&_v=j79&z=347447024&slf_rd=1&random=597987794
42 B
109 B
Image
General
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-38175129-1&cid=979392542.1571071770&jid=603399030&_v=j79&z=347447024&slf_rd=1&random=597987794
Requested by
Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.sentinelone.com/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 14 Oct 2019 16:49:30 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 14 Oct 2019 16:49:30 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
content-type
text/html; charset=UTF-8
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-38175129-1&cid=979392542.1571071770&jid=603399030&_v=j79&z=347447024&slf_rd=1&random=597987794
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
300800713594069?v=2.9.5&r=stable
connect.facebook.net/signals/config
281 KB
65 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/300800713594069?v=2.9.5&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server