www.bromium.com Open in urlscan Pro
2a02:fe80:1010::17:8 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
Submission: On July 20 via api (July 20th 2019, 4:09:30 pm UTC) from US

Summary HTTP 192 Redirects Links 17 Behaviour Indicators

Summary

This website contacted 12 IPs in 5 countries across 13 domains to perform 192 HTTP transactions. The main IP is 2a02:fe80:1010::17:8, located in United Kingdom and belongs to SUCURI-SEC - Sucuri, US. The main domain is www.bromium.com.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on March 24th 2018. Valid for: 2 years.

This is the only time www.bromium.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
170	2a02:fe80:101... 2a02:fe80:1010::17:8	30148 (SUCURI-SEC) (SUCURI-SEC - Sucuri)
1	2a00:1450:400... 2a00:1450:4001:815::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
3	184.31.84.223 184.31.84.223	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:819::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
4	93.184.220.178 93.184.220.178	15133 (EDGECAST) (EDGECAST - MCI Communications Services)
1	192.0.77.32 192.0.77.32	2635 (AUTOMATTIC) (AUTOMATTIC - Automattic)
2	192.0.76.3 192.0.76.3	2635 (AUTOMATTIC) (AUTOMATTIC - Automattic)
6	2a00:1450:400... 2a00:1450:4001:81e::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	209.197.3.15 209.197.3.15	20446 (HIGHWINDS3) (HIGHWINDS3 - Highwinds Network Group)
1 2	2a00:1450:400... 2a00:1450:4001:81e::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	2a00:1450:400... 2a00:1450:400c:c0c::9a	15169 (GOOGLE) (GOOGLE - Google LLC)
1 1	2a00:1450:400... 2a00:1450:4001:821::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2a00:1450:400... 2a00:1450:4001:809::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	199.15.213.31 199.15.213.31	53580 (MARKETO) (MARKETO - MARKETO)
192	12

170 2a02:fe80:1010::17:8 (United Kingdom)

ASN30148 (SUCURI-SEC - Sucuri, US)

www.bromium.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:815::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 184.31.84.223 (Netherlands)

ASN20940 (AKAMAI-ASN1, US)
PTR: a184-31-84-223.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:819::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 93.184.220.178 (London, United Kingdom)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)

cdn.bizible.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.0.77.32 (San Francisco, United States)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)
PTR: wordpress.com

s0.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 192.0.76.3 (San Francisco, United States)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)

stats.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixel.wp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2a00:1450:4001:81e::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 209.197.3.15 (Phoenix, United States)

ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US)
PTR: vip0x00f.map2.ssl.hwcdn.net

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81e::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c0c::9a (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 199.15.213.31 (United States)

ASN53580 (MARKETO - MARKETO, Inc., US)

497-itq-712.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
170	bromium.com www.bromium.com	2 MB
6	gstatic.com fonts.gstatic.com	115 KB
4	bizible.com cdn.bizible.com	33 KB
3	wp.com s0.wp.com stats.wp.com pixel.wp.com	6 KB
3	marketo.net munchkin.marketo.net	7 KB
2	google-analytics.com 1 redirects www.google-analytics.com	18 KB
1	mktoresp.com 497-itq-712.mktoresp.com	622 B
1	google.de www.google.de	295 B
1	google.com 1 redirects www.google.com	354 B
1	doubleclick.net 1 redirects stats.g.doubleclick.net	350 B
1	bootstrapcdn.com maxcdn.bootstrapcdn.com	56 KB
1	googletagmanager.com www.googletagmanager.com	26 KB
1	googleapis.com fonts.googleapis.com	942 B
192	13

	Domain	Requested by
170	www.bromium.com	www.bromium.com
6	fonts.gstatic.com	www.bromium.com
4	cdn.bizible.com	www.bromium.com cdn.bizible.com
3	munchkin.marketo.net	www.bromium.com munchkin.marketo.net
2	www.google-analytics.com	1 redirects www.googletagmanager.com
1	pixel.wp.com	www.bromium.com
1	497-itq-712.mktoresp.com	munchkin.marketo.net
1	www.google.de	www.bromium.com
1	www.google.com	1 redirects
1	stats.g.doubleclick.net	1 redirects
1	maxcdn.bootstrapcdn.com	www.bromium.com
1	stats.wp.com	www.bromium.com
1	s0.wp.com	www.bromium.com
1	www.googletagmanager.com	www.bromium.com
1	fonts.googleapis.com	www.bromium.com
192	15

This site contains links to these domains. Also see Links.

Domain
support.bromium.com
twitter.com
www.linkedin.com
www.facebook.com
blog.ensilo.com
github.com
en.wikipedia.org
www.php.net
www.sandboxie.com
www.fireeye.com

Subject Issuer	Validity	Valid
www.bromium.com DigiCert SHA2 Extended Validation Server CA	`2018-03-24` - `2020-03-27`	2 years	crt.sh
*.googleapis.com Google Internet Authority G3	`2019-06-18` - `2019-09-10`	3 months	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2018-12-24` - `2020-03-24`	a year	crt.sh
*.google-analytics.com Google Internet Authority G3	`2019-06-18` - `2019-09-10`	3 months	crt.sh
cdn.bizible.com Go Daddy Secure Certificate Authority - G2	`2019-03-14` - `2021-04-13`	2 years	crt.sh
*.wp.com Go Daddy Secure Certificate Authority - G2	`2018-04-10` - `2020-05-11`	2 years	crt.sh
*.google.com Google Internet Authority G3	`2019-06-18` - `2019-09-10`	3 months	crt.sh
*.bootstrapcdn.com COMODO RSA Domain Validation Secure Server CA	`2018-10-03` - `2019-10-12`	a year	crt.sh
*.mktoresp.com GeoTrust RSA CA 2018	`2018-02-05` - `2020-02-05`	2 years	crt.sh

This page contains 1 frames:

Primary Page: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
Frame ID: 27D00205287ADE8DE68D45FEA68B6EA3
Requests: 192 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
html /<link[^>]+s\d+\.wp\.com/i
headers link /rel="https:\/\/api\.w\.org\/"/i
html /<link[^>]* href=[\'"][^']+revslider[\/\w-]+\.css\?ver=([0-9.]+)[\'"]/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
html /<link[^>]+s\d+\.wp\.com/i
headers link /rel="https:\/\/api\.w\.org\/"/i
html /<link[^>]* href=[\'"][^']+revslider[\/\w-]+\.css\?ver=([0-9.]+)[\'"]/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

html /<link rel=["']stylesheet["'] [^>]+\/wp-(?:content|includes)\//i
html /<link[^>]+s\d+\.wp\.com/i
headers link /rel="https:\/\/api\.w\.org\/"/i
html /<link[^>]* href=[\'"][^']+revslider[\/\w-]+\.css\?ver=([0-9.]+)[\'"]/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Revslider (Miscellaneous) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[\'"][^']+revslider[\/\w-]+\.css\?ver=([0-9.]+)[\'"]/i

Page Statistics

192
Requests

100 %
HTTPS

57 %
IPv6

13
Domains

15
Subdomains

12
IPs

5
Countries

2687 kB
Transfer

5859 kB
Size

9
Cookies

17 Outgoing links

These are links going to different origins than the main page.

URL: https://support.bromium.com/s/
Title: Support

Search URL Search Domain Scan URL

URL: https://twitter.com/share?url=https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?url=https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer.php?u=https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Search URL Search Domain Scan URL

URL: https://blog.ensilo.com/l0rdix-attack-tool
Title: analysed the RAT’s functionality

Search URL Search Domain Scan URL

URL: https://github.com/misterch0c/what_is_this_c2
Title: many other RATs

Search URL Search Domain Scan URL

URL: https://github.com/xmrig/xmrig
Title: XMRig

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
Title: AES

Search URL Search Domain Scan URL

URL: https://www.php.net/manual/en/function.openssl-encrypt.php
Title: openssl_encrypt

Search URL Search Domain Scan URL

URL: https://www.sandboxie.com/
Title: Sandboxie

Search URL Search Domain Scan URL

URL: https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/wp-windows-management-instrumentation.pdf
Title: root\SecurityCenter2

Search URL Search Domain Scan URL

URL: https://twitter.com/bromium

Search URL Search Domain Scan URL

URL: http://www.linkedin.com/company/bromium

Search URL Search Domain Scan URL

URL: https://www.facebook.com/bromium

Search URL Search Domain Scan URL

URL: https://www.facebook.com/share.php?u=https%3A%2F%2Fwww.bromium.com%2Fan-analysis-of-l0rdix-rat-panel-and-builder%2F
Title: Share

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?text=An+Analysis+of+L0rdix+RAT%2C+Panel+and+Builder&url=https%3A%2F%2Fwww.bromium.com%2Fan-analysis-of-l0rdix-rat-panel-and-builder%2F
Title: Tweet

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/cws/share?url=https%3A%2F%2Fwww.bromium.com%2Fan-analysis-of-l0rdix-rat-panel-and-builder%2F
Title: Share

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 181

https://www.google-analytics.com/r/collect?v=1&_v=j77&a=2079661938&t=pageview&_s=1&dl=https%3A%2F%2Fwww.bromium.com%2Fan-analysis-of-l0rdix-rat-panel-and-builder%2F&ul=en-us&de=UTF-8&dt=An%20Analysis%20of%20L0rdix%20RAT%2C%20Panel%20and%20Builder%20-%20Bromium&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=418762099&gjid=73312207&cid=381933232.1563638949&tid=UA-31745238-1&_gid=1419384082.1563638949&_r=1&gtm=2ou7f1&z=1441983953 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-31745238-1&cid=381933232.1563638949&jid=418762099&_gid=1419384082.1563638949&gjid=73312207&_v=j77&z=1441983953 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-31745238-1&cid=381933232.1563638949&jid=418762099&_v=j77&z=1441983953 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-31745238-1&cid=381933232.1563638949&jid=418762099&_v=j77&z=1441983953&slf_rd=1&random=1904446106

192 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/ 886 KB
124 KB 8933ms
13ms Document
text/html 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

82f1f0decda8cc4fc3fd0c4e1f0c13b08ab1ce1a09f45280e29b343ea9002a47

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.bromium.com
:scheme: https
:path: /an-analysis-of-l0rdix-rat-panel-and-builder/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
server: nginx
date: Sat, 20 Jul 2019 16:09:08 GMT
content-type: text/html; charset=UTF-8
x-sucuri-id: 19017
x-xss-protection: 1; mode=block
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
content-security-policy: upgrade-insecure-requests;
x-pingback: https://www.bromium.com/xmlrpc.php
link: <https://www.bromium.com/wp-json/>; rel="https://api.w.org/", <https://wp.me/pa6mpV-57Q>; rel=shortlink
content-encoding: gzip
vary: Accept-Encoding,X-Forwarded-Proto
last-modified: Sat, 20 Jul 2019 13:21:58 GMT
etag: "4dd1bb9746e4aef448e9bb28c6d91a91"
host-header: 192fc2e7e50945beb8231a492d6a8024
referrer-policy: no-referrer-when-downgrade
x-proxy-cache: MISS
alt-svc: quic=":443"; ma=86400; v="43,39"
x-sucuri-cache: HIT

GET
H2 200 blocks.style.build.css
www.bromium.com/wp-content/plugins/social-warfare/assets/js/post-editor/dist/ 2 KB
1 KB 51ms
48ms Stylesheet
text/css 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/social-warfare/assets/js/post-editor/dist/blocks.style.build.css?ver=5.2.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

88a7e4cccc0b6c41c2083d7ab0ee74767320246b2ce97fa78339068b15fbb854

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 726
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:36:42 GMT
server: nginx
etag: "8a0-58b4b4059fa80-gzip"
x-frame-options: SAMEORIGIN
content-type: text/css
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 layerslider.css
www.bromium.com/wp-content/plugins/LayerSlider/static/layerslider/css/ 22 KB
5 KB 53ms
50ms Stylesheet
text/css 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/LayerSlider/static/layerslider/css/layerslider.css?ver=6.8.4

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

39eadd1cbab3247462a6e2c98e375d19e3e6e9b7a52bcf5996f396b83e82fc85

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:44:09 GMT
server: nginx
etag: "5883-58b4b5afea840-gzip"
x-frame-options: SAMEORIGIN
content-type: text/css
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 css
fonts.googleapis.com/ 8 KB
942 B 53ms
51ms Stylesheet
text/css 2a00:1450:4001:815::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Lato:100,300,regular,700,900%7COpen+Sans:300%7CIndie+Flower:regular%7COswald:300,regular,700&subset=latin%2Clatin-ext

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

3005ccd7133f01461d6cacc9e9b8f5c1d523ff24af2b048405ed40d898027663

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Sat, 20 Jul 2019 16:09:08 GMT
server: ESF
access-control-allow-origin: *
date: Sat, 20 Jul 2019 16:09:08 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Sat, 20 Jul 2019 16:09:08 GMT

GET
H2 200 styles.css
www.bromium.com/wp-content/plugins/ditty-news-ticker/legacy/static/libs/fontastic/ 5 KB
1 KB 61ms
59ms Stylesheet
text/css 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/ditty-news-ticker/legacy/static/libs/fontastic/styles.css?ver=2.2.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

578332cd14c1c8f1c9ea7cc966ca50ae73945b7de3055e07f06dc099d4feeee0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 980
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:36:35 GMT
server: nginx
etag: "1421-58b4b3fef2ac0-gzip"
x-frame-options: SAMEORIGIN
content-type: text/css
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.css
www.bromium.com/wp-content/plugins/ditty-news-ticker/legacy/static/css/ 10 KB
3 KB 63ms
61ms Stylesheet
text/css 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/ditty-news-ticker/legacy/static/css/style.css?ver=1560530195

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

f60c29fe691d2e86ac7912268faf0f341a4dbdb28346fa04bc4b0b13568b83c7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 2102
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:36:35 GMT
server: nginx
etag: "28bc-58b4b3fef2ac0-gzip"
x-frame-options: SAMEORIGIN
content-type: text/css
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 settings.css
www.bromium.com/wp-content/plugins/revslider/public/assets/css/ 39 KB
10 KB 64ms
61ms Stylesheet
text/css 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/revslider/public/assets/css/settings.css?ver=5.4.8.3

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

7668ad2d758ed874c4111801a36f17f643cbbf8f65e238656e629a177daea5d5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:44:49 GMT
server: nginx
etag: "9b8c-58b4b5d610240-gzip"
x-frame-options: SAMEORIGIN
content-type: text/css
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 svgs-attachment.css
www.bromium.com/wp-content/plugins/svg-support/css/ 222 B
610 B 64ms
62ms Stylesheet
text/css 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/svg-support/css/svgs-attachment.css?ver=5.2.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

756df835cdc3e6d51abfaa6f2cd0d48a3430e2bcc2c12566e06dc79f3ba4ff74

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 111
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 17 Dec 2018 17:45:45 GMT
server: nginx
etag: "de-57d3b59b30440-gzip"
x-frame-options: SAMEORIGIN
content-type: text/css
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.css
www.bromium.com/wp-content/plugins/thumbs-rating/css/ 994 B
809 B 65ms
62ms Stylesheet
text/css 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/thumbs-rating/css/style.css?ver=1.0.0

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

dbabf1b2b74046794682055598b1989a3e72e80f711bd6b1762c5688f3385a4f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 308
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:36:44 GMT
server: nginx
etag: "3e2-58b4b40787f00-gzip"
x-frame-options: SAMEORIGIN
content-type: text/css
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 ult_marketo_forms-public.css
www.bromium.com/wp-content/plugins/ultimate-marketo-forms/public/css/ 35 B
500 B 65ms
62ms Stylesheet
text/css 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/ultimate-marketo-forms/public/css/ult_marketo_forms-public.css?ver=1.0.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

7a109bbaf31b60ea0c1182758f73e7e2050aeabc9d37913ebc0c72030a48cf23

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:08 GMT
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 35
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 17 Dec 2018 17:45:47 GMT
server: nginx
etag: "23-57d3b59d188c0"
x-frame-options: SAMEORIGIN
content-type: text/css
vary: X-Forwarded-Proto
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wonderplugin3dcarousel.css
www.bromium.com/wp-content/plugins/wonderplugin-3dcarousel/engine/ 24 KB
2 KB 65ms
63ms Stylesheet
text/css 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/wonderplugin-3dcarousel/engine/wonderplugin3dcarousel.css?ver=5.2.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

186bc13230ab3dfcd0a92e5d5ed3e1f102925efe26c72b4a5c9189897f70dcdb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:37:10 GMT
server: nginx
etag: "61bd-58b4b42053980-gzip"
x-frame-options: SAMEORIGIN
content-type: text/css
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wonderpluginsliderengine.css
www.bromium.com/wp-content/plugins/wonderplugin-slider/engine/ 16 KB
1 KB 65ms
63ms Stylesheet
text/css 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/wonderplugin-slider/engine/wonderpluginsliderengine.css?ver=5.2.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

c3ef28a4f156c353239b74328046126175c702be2d89b9a24c8527a8b53ee0e4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 1025
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:37:12 GMT
server: nginx
etag: "4039-58b4b4223be00-gzip"
x-frame-options: SAMEORIGIN
content-type: text/css
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.min.css
www.bromium.com/wp-content/plugins/social-warfare/assets/css/ 48 KB
7 KB 66ms
63ms Stylesheet
text/css 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/social-warfare/assets/css/style.min.css?ver=3.6.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

0035720fc5883c540c438849f0cd10659229c9d41f0a4ea6dc8fd369aa1e644b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 6670
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:36:42 GMT
server: nginx
etag: "bf38-58b4b4059fa80-gzip"
x-frame-options: SAMEORIGIN
content-type: text/css
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.css
www.bromium.com/wp-content/themes/Avada/ 412 B
779 B 66ms
64ms Stylesheet
text/css 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/style.css?ver=5.2.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

fc4ae22497e71cd073d7ec2fda7ec358b49335dcccfd3366713691ee15e0c668

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 279
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:30 GMT
server: nginx
etag: "19c-58b4b4a5d7480-gzip"
x-frame-options: SAMEORIGIN
content-type: text/css
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.min.css
www.bromium.com/wp-content/themes/Avada/assets/css/ 166 KB
26 KB 66ms
64ms Stylesheet
text/css 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/assets/css/style.min.css?ver=5.9.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

d3ffecf2ed616279e592a8e639561fe10535300ef615f9dde126f126af5644b1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 26059
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "2965f-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: text/css
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 mediaelementplayer-legacy.min.css
www.bromium.com/wp-includes/js/mediaelement/ 11 KB
3 KB 67ms
65ms Stylesheet
text/css 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-includes/js/mediaelement/mediaelementplayer-legacy.min.css?ver=4.2.6-78496d1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

ffa31f5802b20d64a10c71ad93394c1e2b4b16f33e2f479d8274fd02ce0a594f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 2585
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 17 Dec 2018 17:45:39 GMT
server: nginx
etag: "2be0-57d3b595776c0-gzip"
x-frame-options: SAMEORIGIN
content-type: text/css
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wp-mediaelement.min.css
www.bromium.com/wp-includes/js/mediaelement/ 4 KB
2 KB 68ms
66ms Stylesheet
text/css 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-includes/js/mediaelement/wp-mediaelement.min.css?ver=5.2.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

245dba3be6a1b10208f628f21377fc998b5384dc303bdef6954df3910e4f36b5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 1142
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 06 Feb 2019 17:49:08 GMT
server: nginx
etag: "1043-5813d57b4ad00-gzip"
x-frame-options: SAMEORIGIN
content-type: text/css
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wpv-pagination.css
www.bromium.com/wp-content/plugins/wp-views/embedded/res/css/ 4 KB
2 KB 68ms
66ms Stylesheet
text/css 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/wp-views/embedded/res/css/wpv-pagination.css?ver=2.8.2

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

44700f24a0c621e885242bd58561d7b87e6dff47ec06aecdfa87ece83baf7be3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 1297
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:37:05 GMT
server: nginx
etag: "11fc-58b4b41b8ee40-gzip"
x-frame-options: SAMEORIGIN
content-type: text/css
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jetpack.css
www.bromium.com/wp-content/plugins/jetpack/css/ 71 KB
13 KB 68ms
66ms Stylesheet
text/css 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/jetpack/css/jetpack.css?ver=7.0

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

a025c1b727608e9b86f461260e7a65c4266001b99a575c62225e52bc7093906f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 12638
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 06 Feb 2019 21:46:48 GMT
server: nginx
etag: "11d43-58140a9ab0200-gzip"
x-frame-options: SAMEORIGIN
content-type: text/css
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 greensock.js Show response
www.bromium.com/wp-content/plugins/LayerSlider/static/layerslider/js/ 115 KB
39 KB 70ms
68ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/LayerSlider/static/layerslider/js/greensock.js?ver=1.19.0

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

dfc519eb2d0e5ac0e8cdbe86fef355135280c643df14fa9a8e6abd5820d01159

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 39570
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:44:09 GMT
server: nginx
etag: "1cb35-58b4b5afea840-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.js Show response
www.bromium.com/wp-includes/js/jquery/ 95 KB
34 KB 69ms
67ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 33776
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:38:18 GMT
server: nginx
etag: "17a69-58b4b4612d280-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery-migrate.min.js Show response
www.bromium.com/wp-includes/js/jquery/ 10 KB
4 KB 71ms
70ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 4014
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 17 Dec 2018 17:45:39 GMT
server: nginx
etag: "2748-57d3b595776c0-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 layerslider.kreaturamedia.jquery.js Show response
www.bromium.com/wp-content/plugins/LayerSlider/static/layerslider/js/ 123 KB
46 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/LayerSlider/static/layerslider/js/layerslider.kreaturamedia.jquery.js?ver=6.8.4

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

29310ca80dc4c9a10702e08b5d69eab57e2532009d0d42e34e92745f313d45eb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 46374
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:44:09 GMT
server: nginx
etag: "1ed1b-58b4b5afea840-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 layerslider.transitions.js Show response
www.bromium.com/wp-content/plugins/LayerSlider/static/layerslider/js/ 23 KB
4 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/LayerSlider/static/layerslider/js/layerslider.transitions.js?ver=6.8.4

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

e60fbf0bdc14cbc9e44557e622bdd1864f5556b72b7d9f46e0f039aed2f4840a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 3396
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:44:09 GMT
server: nginx
etag: "5d17-58b4b5afea840-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.themepunch.tools.min.js Show response
www.bromium.com/wp-content/plugins/revslider/public/assets/js/ 108 KB
38 KB 71ms
70ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.tools.min.js?ver=5.4.8.3

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

a1dff8b0c66227748951c4ff891f146f49c5a382ac8e3d6e3c2e9cf8aa560dc8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 38337
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:44:48 GMT
server: nginx
etag: "1afe4-58b4b5d51c000-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.themepunch.revolution.min.js Show response
www.bromium.com/wp-content/plugins/revslider/public/assets/js/ 63 KB
18 KB 72ms
71ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.revolution.min.js?ver=5.4.8.3

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

27ead7f47a3fb4d1e7cbef0c68e28bde7ea18923cf41d8ca82ba13584eebc710

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 18090
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:44:48 GMT
server: nginx
etag: "fdb5-58b4b5d51c000-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 general.js Show response
www.bromium.com/wp-content/plugins/thumbs-rating/js/ 2 KB
1 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/thumbs-rating/js/general.js?ver=4.0.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

386642ab1368fac97c760cf61e9d4f8009e9d439edd08f1c68d67a2823ec6739

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 674
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:36:44 GMT
server: nginx
etag: "643-58b4b40787f00-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 forms2.min.js Show response
www.bromium.com/wp-content/plugins/ultimate-marketo-forms/public/js/ 164 KB
56 KB 73ms
72ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/ultimate-marketo-forms/public/js/forms2.min.js?ver=1.0.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

de5ba330570616401d1840de0075059a65e62280b8d2524334be84290f43a4d7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 17 Dec 2018 17:45:47 GMT
server: nginx
etag: "29076-57d3b59d188c0-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 ult_marketo_forms-public.js Show response
www.bromium.com/wp-content/plugins/ultimate-marketo-forms/public/js/ 2 KB
1 KB 73ms
72ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/ultimate-marketo-forms/public/js/ult_marketo_forms-public.js?ver=1.0.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

4463996b808a043a2091ce400b56adcdb7407264272e6d2e389075e143e1c901

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 785
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 17 Dec 2018 17:45:47 GMT
server: nginx
etag: "6fb-57d3b59d188c0-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 3087ms
22ms Script
application/x-javascript 184.31.84.223
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js?ver=1.0.1
Requested by: Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.84.223 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a184-31-84-223.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 66f7eaa7a45f696c332cd450771f4be48e110f6afbe1fe7b39c7a95518aeef76

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 20 Jul 2019 16:09:11 GMT
Content-Encoding: gzip
Last-Modified: Fri, 05 Apr 2019 02:53:44 GMT
Server: Apache
ETag: "54520320df20b526337717d6d28181fc:1554432824"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 752

GET
H2 200 wp3dcarousellightbox.js Show response
www.bromium.com/wp-content/plugins/wonderplugin-3dcarousel/engine/ 106 KB
23 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/wonderplugin-3dcarousel/engine/wp3dcarousellightbox.js?ver=2.7C

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

a8e578a5cd18eeecc3159219e9314c2c58ae24241be082a8b71d6b8994ddef7d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 23022
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:37:10 GMT
server: nginx
etag: "1a883-58b4b42053980-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wonderplugin3dcarousel.js Show response
www.bromium.com/wp-content/plugins/wonderplugin-3dcarousel/engine/ 57 KB
12 KB 16ms
11ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/wonderplugin-3dcarousel/engine/wonderplugin3dcarousel.js?ver=2.7C

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

bb9e3c0384f39870134bfa5cf03ef51de50b9a99522ca725b6e6719610817174

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 11429
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:37:10 GMT
server: nginx
etag: "e3a8-58b4b42053980-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wonderpluginsliderskins.js Show response
www.bromium.com/wp-content/plugins/wonderplugin-slider/engine/ 174 KB
10 KB 73ms
72ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/wonderplugin-slider/engine/wonderpluginsliderskins.js?ver=11.5C

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

d14332dbfda395a1a0b849313089e74bb68cd16cce76aead3e0b70d1f99a573d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 9546
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:37:12 GMT
server: nginx
etag: "2b992-58b4b4223be00-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wonderpluginslider.js Show response
www.bromium.com/wp-content/plugins/wonderplugin-slider/engine/ 305 KB
53 KB 73ms
72ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/wonderplugin-slider/engine/wonderpluginslider.js?ver=11.5C

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

6d8b488d1ca8344bd157ff6969ddf4e26bd9f5cb93b26496b3293fcc8141e792

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 53738
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:37:12 GMT
server: nginx
etag: "4c41c-58b4b4223be00-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 mediaelement-and-player.min.js Show response
www.bromium.com/wp-includes/js/mediaelement/ 153 KB
38 KB 17ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-includes/js/mediaelement/mediaelement-and-player.min.js?ver=4.2.6-78496d1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

69aff18e54732eae1bb02c82d045c33f45675b017ba6dfdade80ab63a8e26bc5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 38128
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 17 Dec 2018 17:45:39 GMT
server: nginx
etag: "2638f-57d3b595776c0-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 mediaelement-migrate.min.js Show response
www.bromium.com/wp-includes/js/mediaelement/ 1 KB
1 KB 18ms
13ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-includes/js/mediaelement/mediaelement-migrate.min.js?ver=5.2.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

d6a8bf1f2a5d494feca74153daf9a45952a3258b43a93d94f059fc6134650d84

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 551
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 17 Dec 2018 17:45:39 GMT
server: nginx
etag: "4a9-57d3b595776c0-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 67 KB
26 KB 106ms
82ms Script
application/javascript 2a00:1450:4001:819::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-31745238-1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

45bf3cfd4435f42a6726e2849c4ec2faae10fc680d4cc9b5a24110359f648aa7

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:08 GMT
content-encoding: br
last-modified: Sat, 20 Jul 2019 15:00:00 GMT
server: Google Tag Manager
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 26335
x-xss-protection: 0
expires: Sat, 20 Jul 2019 16:09:08 GMT

GET
H2 200 bizible.js Show response
cdn.bizible.com/scripts/ 85 KB
32 KB 4022ms
30ms Script
application/x-javascript 93.184.220.178
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/scripts/bizible.js
Requested by: Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.220.178 London, United Kingdom, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (ams/D1E9) / ASP.NET
Resource Hash: 8502155a9392b75296cfc1579baa7fe58a1be6c7483dd234bebde095723b0ebe

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:12 GMT
content-encoding: gzip
last-modified: Fri, 19 Jul 2019 00:40:11 GMT
server: ECS (ams/D1E9)
x-powered-by: ASP.NET
etag: "229b985ca3dd51:0"
vary: Accept-Encoding
x-cache: HIT
content-type: application/x-javascript
status: 200
accept-ranges: bytes
content-length: 33060

GET
H2 200 logo-bromium-white-web.svg
www.bromium.com/wp-content/uploads/2018/07/ 5 KB
2 KB 18ms
13ms Image
image/svg+xml 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bromium.com/wp-content/uploads/2018/07/logo-bromium-white-web.svg

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

6116ae66bf197d1ddf9de2dbf754de1ff86b2874f383a574b35ffa21b2a1f714

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 2042
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: nginx
etag: "14fc-57d3b5b11f800-gzip"
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 cracked_l0rdix.png
www.bromium.com/wp-content/uploads/2019/07/ 75 KB
75 KB 19ms
13ms Image
image/png 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bromium.com/wp-content/uploads/2019/07/cracked_l0rdix.png

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

ef37623210ea8ca79baa93b41ce01f51cf508707e66072a8bf99ae32e1580be0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 76566
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 19 Jul 2019 15:32:58 GMT
server: nginx
etag: "12b16-58e0a70e9f2aa"
x-frame-options: SAMEORIGIN
content-type: image/png
vary: X-Forwarded-Proto
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 login_small.png
www.bromium.com/wp-content/uploads/2019/07/ 6 KB
7 KB 19ms
14ms Image
image/png 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bromium.com/wp-content/uploads/2019/07/login_small.png

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

de6a3515113a3905836421478a16e8b1c7368a0fbf07081b6c5efd9965a8a2f8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 6310
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 19 Jul 2019 20:27:53 GMT
server: nginx
etag: "18a6-58e0e8f9bfe6a"
x-frame-options: SAMEORIGIN
content-type: image/png
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: MISS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 panel.png
www.bromium.com/wp-content/uploads/2019/07/ 89 KB
90 KB 544ms
541ms Image
image/png 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bromium.com/wp-content/uploads/2019/07/panel.png

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

27775c21f0dc6d43877b4d8fb5050f68900b853636cc5046c6a526b8dbac8938

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
x-content-type-options: nosniff
status: 200
x-sucuri-cache: MISS
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 91437
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 19 Jul 2019 16:49:54 GMT
server: nginx
etag: "1652d-58e0b8402e1f9"
x-frame-options: SAMEORIGIN
content-type: image/png
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: MISS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 l0rdix_tables.png
www.bromium.com/wp-content/uploads/2019/07/ 14 KB
15 KB 14ms
12ms Image
image/png 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bromium.com/wp-content/uploads/2019/07/l0rdix_tables.png

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

25fca7453a6eac87e06b993665a52091a21860ba74466a218517bd3afa0efac0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 14738
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 19 Jul 2019 15:35:18 GMT
server: nginx
etag: "3992-58e0a793958ca"
x-frame-options: SAMEORIGIN
content-type: image/png
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: MISS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 default_config.png
www.bromium.com/wp-content/uploads/2019/07/ 18 KB
18 KB 14ms
13ms Image
image/png 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bromium.com/wp-content/uploads/2019/07/default_config.png

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

d527e25b2c083994f43c432869c02cfe1b459f97ae474e4a08a142c56733d64d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 18428
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 19 Jul 2019 15:39:48 GMT
server: nginx
etag: "47fc-58e0a8959d666"
x-frame-options: SAMEORIGIN
content-type: image/png
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: MISS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 decrypt-1-768x262.png
www.bromium.com/wp-content/uploads/2019/07/ 138 KB
139 KB 14ms
14ms Image
image/png 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bromium.com/wp-content/uploads/2019/07/decrypt-1-768x262.png

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

5bc8474bdc04566bc76501404ac0ad7bb6e8c2d67f95f986c3c4db3ef30bb68b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 141704
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 19 Jul 2019 23:14:57 GMT
server: nginx
etag: "22988-58e10e51002b1"
x-frame-options: SAMEORIGIN
content-type: image/png
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 encrypt-768x245.png
www.bromium.com/wp-content/uploads/2019/07/ 184 KB
185 KB 15ms
15ms Image
image/png 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bromium.com/wp-content/uploads/2019/07/encrypt-768x245.png

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

f33a524439a4a326448d6615cf7ec8eb908cd57660d7ddb03204500512763cc5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 188896
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 19 Jul 2019 22:18:20 GMT
server: nginx
etag: "2e1e0-58e101a9790eb"
x-frame-options: SAMEORIGIN
content-type: image/png
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 builder.png
www.bromium.com/wp-content/uploads/2019/07/ 5 KB
5 KB 12ms
12ms Image
image/png 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bromium.com/wp-content/uploads/2019/07/builder.png

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

d2b31a9bd16455c7a0e1309fc7d7a9d0deaac2e82521f25e4754e062b1d8d68c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 4981
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 19 Jul 2019 19:18:32 GMT
server: nginx
etag: "1375-58e0d979d27cf"
x-frame-options: SAMEORIGIN
content-type: image/png
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: MISS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 processes.png
www.bromium.com/wp-content/uploads/2019/07/ 19 KB
20 KB 14ms
14ms Image
image/png 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bromium.com/wp-content/uploads/2019/07/processes.png

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

93475d6e27a8b1d0766dbc938836687832fc679e580cf4c35decc6ff431130a6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 19553
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 19 Jul 2019 17:32:52 GMT
server: nginx
etag: "4c61-58e0c1db206cd"
x-frame-options: SAMEORIGIN
content-type: image/png
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: MISS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 antivirus_detection.png
www.bromium.com/wp-content/uploads/2019/07/ 11 KB
11 KB 443ms
443ms Image
image/png 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bromium.com/wp-content/uploads/2019/07/antivirus_detection.png

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

b82fd75d432197d07de7ccdf7e0e5db59a52fc55492a2968e5179812bd8e976d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
x-content-type-options: nosniff
status: 200
x-sucuri-cache: MISS
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 10930
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 19 Jul 2019 19:13:49 GMT
server: nginx
etag: "2ab2-58e0d86b8dcf5"
x-frame-options: SAMEORIGIN
content-type: image/png
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: MISS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Alex-Holland-150x150.jpg
www.bromium.com/wp-content/uploads/2019/03/ 7 KB
8 KB 14ms
14ms Image
image/jpeg 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bromium.com/wp-content/uploads/2019/03/Alex-Holland-150x150.jpg

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

0d280fc6bff441a98556872620d095ffadfffab91240475fc7392f394ba7f494

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 7614
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 06 Mar 2019 17:39:42 GMT
server: nginx
etag: "1dbe-583707986b380"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: MISS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Bromium-FlawedAmmyy-Blog.jpg
www.bromium.com/wp-content/uploads/2019/07/ 61 KB
61 KB 12ms
12ms Image
image/jpeg 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bromium.com/wp-content/uploads/2019/07/Bromium-FlawedAmmyy-Blog.jpg

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

6dada17a4d95ab46b26703d45cb1fcda115f49401a8c6a8aa3daeee4ee49856f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 62294
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 02 Jul 2019 20:29:47 GMT
server: nginx
etag: "f356-58cb89b10e4c0"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: MISS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Bromium-Cryptojacking-Blog.jpg
www.bromium.com/wp-content/uploads/2019/06/ 78 KB
79 KB 49ms
48ms Image
image/jpeg 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bromium.com/wp-content/uploads/2019/06/Bromium-Cryptojacking-Blog.jpg

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

1496fd15b2010ef8a3256725ca46c1ecda7e815737f78034545861d2210931b4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 80227
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 17 Jun 2019 20:26:02 GMT
server: nginx
etag: "13963-58b8ace090a80"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: MISS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Bromium-Emotet-Webinar-QnA.jpg
www.bromium.com/wp-content/uploads/2019/06/ 63 KB
64 KB 64ms
64ms Image
image/jpeg 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bromium.com/wp-content/uploads/2019/06/Bromium-Emotet-Webinar-QnA.jpg

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

bd281df7bd77b894a68df8ad573725c2ed0981cbe9525290448bdc11a3c8809f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 64841
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 13 Jun 2019 21:14:01 GMT
server: nginx
etag: "fd49-58b3b02459840"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: MISS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Malware-Misuses-OS-Commands-Blog.jpg
www.bromium.com/wp-content/uploads/2019/06/ 48 KB
49 KB 86ms
11ms Image
image/jpeg 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bromium.com/wp-content/uploads/2019/06/Malware-Misuses-OS-Commands-Blog.jpg

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

878461518abc710963a9cb87f541c54f94db9af08a3f2a891f24f4a6311dd49c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 49649
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 12 Jun 2019 16:45:07 GMT
server: nginx
etag: "c1f1-58b2322c4eac0"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: MISS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Bromium-Threat-Intel-June19-Blog.jpg
www.bromium.com/wp-content/uploads/2019/06/ 80 KB
80 KB 554ms
543ms Image
image/jpeg 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bromium.com/wp-content/uploads/2019/06/Bromium-Threat-Intel-June19-Blog.jpg

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

8eb6416c0280463cf8caa7dc24aae669a6a7d643ce5de2d448bbf31278202104

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
x-content-type-options: nosniff
status: 200
x-sucuri-cache: MISS
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 81500
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 06 Jun 2019 01:26:33 GMT
server: nginx
etag: "13e5c-58a9d9aabc440"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: MISS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Alex-Holland.jpg
www.bromium.com/wp-content/uploads/2019/03/ 23 KB
23 KB 18ms
11ms Image
image/jpeg 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bromium.com/wp-content/uploads/2019/03/Alex-Holland.jpg

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

dc0a3ea392c6449dedbcd9c3dd7514c317a4c3c3198f7bf16671cf8c242df29c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 23198
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 06 Mar 2019 17:39:41 GMT
server: nginx
etag: "5a9e-5837079777140"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: MISS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 style.css
www.bromium.com/wp-content/plugins/eu-cookie-law/css/ 4 KB
2 KB 19ms
18ms Stylesheet
text/css 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/eu-cookie-law/css/style.css?ver=5.2.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

e4d95c8c18f88a5e9fb28ebabb034f88f48a439bf512d0bdff78161efd302811

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 1034
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:36:37 GMT
server: nginx
etag: "e73-58b4b400daf40-gzip"
x-frame-options: SAMEORIGIN
content-type: text/css
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.touchSwipe.min.js Show response
www.bromium.com/wp-content/plugins/ditty-news-ticker/legacy/static/js/ 11 KB
4 KB 18ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/ditty-news-ticker/legacy/static/js/jquery.touchSwipe.min.js?ver=2.2.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

f65f3aeed46b79940849fa2022f2cbdf368288de9046f2b3da075c42f9dde8f6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 3904
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:36:34 GMT
server: nginx
etag: "2d38-58b4b3fdfe880-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.easing.js Show response
www.bromium.com/wp-content/plugins/ditty-news-ticker/legacy/static/js/ 4 KB
2 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/ditty-news-ticker/legacy/static/js/jquery.easing.js?ver=1.4.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

95577ab82ae6298380cdbd69ecc41d5b6895cbc107b7b996e03a96673e3470ae

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 1203
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:36:34 GMT
server: nginx
etag: "ffa-58b4b3fdfe880-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 imagesloaded.pkgd.min.js Show response
www.bromium.com/wp-content/plugins/ditty-news-ticker/legacy/static/js/ 5 KB
2 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/ditty-news-ticker/legacy/static/js/imagesloaded.pkgd.min.js?ver=4.1.0

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

23bd7e5fac741d9a4b7cd4572ab0df7556b4dd610c67e3dfaa852d28812b4250

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 1747
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:36:34 GMT
server: nginx
etag: "151f-58b4b3fdfe880-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 ditty-news-ticker.min.js Show response
www.bromium.com/wp-content/plugins/ditty-news-ticker/legacy/static/js/ 19 KB
5 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/ditty-news-ticker/legacy/static/js/ditty-news-ticker.min.js?ver=1560530194

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

cc5b7e9d50341b678822a5768ded2b87098a89ca6e96a453ddec9d51ca87bbe8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 4277
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:36:34 GMT
server: nginx
etag: "4ddd-58b4b3fdfe880-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 devicepx-jetpack.js Show response
s0.wp.com/wp-content/js/ 10 KB
3 KB 4001ms
30ms Script
application/x-javascript 192.0.77.32
Automattic

General

Check archive.org

Show headers Download Go to

Full URL: https://s0.wp.com/wp-content/js/devicepx-jetpack.js?ver=201929
Requested by: Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.77.32 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS: wordpress.com
Software: nginx /
Resource Hash: f32d41f2099a0be20e6b57c5e0d1b71c079d3e1345827b0f5c5b97c6e5e3f78d

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-nc: HIT ams 1
date: Sat, 20 Jul 2019 16:09:12 GMT
content-encoding: gzip
server: nginx
etag: W/"58674312-52b6"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=31536000
x-ac: 3.ams _dfw
expires: Sat, 11 Jul 2020 21:25:49 GMT

GET
H2 200 script.min.js Show response
www.bromium.com/wp-content/plugins/social-warfare/assets/js/ 12 KB
4 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/social-warfare/assets/js/script.min.js?ver=3.6.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

318c82030733c1cff75b713ed1efd26385fdfe3ee7704fd1322cb21b03a7773d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 3705
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:36:42 GMT
server: nginx
etag: "30da-58b4b4059fa80-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 comment-reply.min.js Show response
www.bromium.com/wp-includes/js/ 2 KB
2 KB 34ms
32ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-includes/js/comment-reply.min.js?ver=5.2.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

31cb76c05cbf5d71466f93078e8ba0f6e39cd92d0acc86d385b8cf2899963695

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 1093
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:38:18 GMT
server: nginx
etag: "8ba-58b4b4612d280-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 new-tab.min.js Show response
www.bromium.com/wp-content/plugins/page-links-to/js/ 4 KB
3 KB 33ms
33ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/page-links-to/js/new-tab.min.js?ver=3.1.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

582278063c6f97f70b739bc1530060e16e176bb7b792ec5bd542d2083ed6b21c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 2285
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:36:40 GMT
server: nginx
etag: "f3f-58b4b403b7600-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 core.min.js Show response
www.bromium.com/wp-includes/js/jquery/ui/ 4 KB
2 KB 29ms
29ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-includes/js/jquery/ui/core.min.js?ver=1.11.4

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

936567bc744e199e02bfc3c33fe2bc9c862999e0d479e2a694aa7485460a3960

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 1821
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 17 Dec 2018 17:45:39 GMT
server: nginx
etag: "fa0-57d3b595776c0-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 datepicker.min.js Show response
www.bromium.com/wp-includes/js/jquery/ui/ 36 KB
11 KB 14ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-includes/js/jquery/ui/datepicker.min.js?ver=1.11.4

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

fe5d09013cdf89dd17c511c908bee2628e4c0f9b4550f802fdb1fd5086999c8d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 11002
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 17 Dec 2018 17:45:39 GMT
server: nginx
etag: "8e9c-57d3b595776c0-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wp-mediaelement.min.js Show response
www.bromium.com/wp-includes/js/mediaelement/ 914 B
992 B 14ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-includes/js/mediaelement/wp-mediaelement.min.js?ver=5.2.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

632af363989d420500a3fc1546178648f5aaa4f9aabb98666e62c3035fa423d1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 481
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 17 Dec 2018 17:45:39 GMT
server: nginx
etag: "392-57d3b595776c0-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 underscore.min.js Show response
www.bromium.com/wp-includes/js/ 16 KB
6 KB 15ms
13ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-includes/js/underscore.min.js?ver=1.8.3

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

ede1815b17e451c16258034bcf89a7957256c67884aefffefbb97020770fdc06

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 5711
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:38:18 GMT
server: nginx
etag: "3f38-58b4b4612d280-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wp-util.min.js Show response
www.bromium.com/wp-includes/js/ 1 KB
1 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-includes/js/wp-util.min.js?ver=5.2.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

080cf3de5031b9caac353875e8969fd80a548c9f39fdf4627a8c65abddad8b04

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 575
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 17 Dec 2018 17:45:39 GMT
server: nginx
etag: "416-57d3b595776c0-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 backbone.min.js Show response
www.bromium.com/wp-includes/js/ 22 KB
8 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-includes/js/backbone.min.js?ver=1.2.3

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

d1b4ad20017b52fa7d71856374122c44dc54e4a6aadc2a63f2f45f62cf244adc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 7551
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:38:18 GMT
server: nginx
etag: "57c2-58b4b4612d280-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wp-playlist.min.js Show response
www.bromium.com/wp-includes/js/mediaelement/ 3 KB
2 KB 13ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-includes/js/mediaelement/wp-playlist.min.js?ver=5.2.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

0e387e0ca6eaab114d9b652a31f63a509449fe999f0bf1acd4f3b9a8c9de654c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 1144
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 17 Dec 2018 17:45:39 GMT
server: nginx
etag: "d6b-57d3b595776c0-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wpv-pagination-embedded.js Show response
www.bromium.com/wp-content/plugins/wp-views/embedded/res/js/ 148 KB
25 KB 14ms
14ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/wp-views/embedded/res/js/wpv-pagination-embedded.js?ver=2.8.2

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

49970d4535c697920b947c94b837cd31f7be91270e93eaf9422001cb2e0ab6f2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 24684
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:37:05 GMT
server: nginx
etag: "24e9d-58b4b41b8ee40-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 modernizr.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 13 KB
6 KB 14ms
13ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/modernizr.js?ver=3.3.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

dd1fad41f2891919876ec7b3fc3057b7b89fad8e8ff8b5d03815838bb8e7e497

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 5164
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "3322-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.fitvids.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 2 KB
1 KB 14ms
14ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.fitvids.js?ver=1.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

3c0bfb5a3db6967755accf4f7d045f8529e546a3b713281cac8a3088b51f6bda

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 793
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "6eb-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-video-general.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 6 KB
2 KB 15ms
15ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/fusion-video-general.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

e9425739f3cc0942a4134f458ef7937892e7f7accb277513e156c5e95c08f483

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 1842
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "173f-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.ilightbox.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 81 KB
25 KB 16ms
15ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.ilightbox.js?ver=2.2.3

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

68669b7822342c06c4fb23bb60327cbb27675bb87b2fd7f819953bdb22c54550

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 25331
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "142cf-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.mousewheel.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 1006 B
999 B 16ms
16ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.mousewheel.js?ver=3.0.6

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

dd5ceb190d2852ad363c91ce58749aff3a6dd46e0c9fa299cdf9a8ecfcfaca7a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 488
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "3ee-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-lightbox.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 6 KB
2 KB 12ms
11ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-lightbox.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

5471f69a1a17057a61a1fcba85099b9c95b848088d1c819e90e885adbffb9909

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 1855
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "193d-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 imagesLoaded.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 7 KB
3 KB 13ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/imagesLoaded.js?ver=3.1.8

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

447f8762021b0e2726cea6977b09f5448684bf078d66cf5718f681bd2e1cec4f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 2255
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "1a98-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 isotope.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 34 KB
10 KB 13ms
13ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/isotope.js?ver=3.0.4

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

57f3316599c6cb279ffb4fb239393035f0bb68fb16302f9bfb2b122acc282e4a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 9749
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "887f-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 packery.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 13 KB
5 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/packery.js?ver=2.0.0

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

0f158ed2f9a3b0126d41b4013a4f746eea09663c6214b79877e19016129aa4e6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 4169
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "35cc-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avada-portfolio.js Show response
www.bromium.com/wp-content/plugins/fusion-core/js/min/ 13 KB
3 KB 25ms
25ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/fusion-core/js/min/avada-portfolio.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

ed0cbc4e422674de667380b6a10ce12f3ef766d062f94145346daf3800ad2cb7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 2907
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:42:49 GMT
server: nginx
etag: "3217-58b4b5639f440-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.infinitescroll.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 21 KB
12 KB 26ms
26ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.infinitescroll.js?ver=2.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

b7be203f69d78fc9333697062bac50e776a77e549c326aeeb2f619f799f054d4

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 11990
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "524c-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avada-faqs.js Show response
www.bromium.com/wp-content/plugins/fusion-core/js/min/ 979 B
884 B 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/fusion-core/js/min/avada-faqs.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

b1a7be6cf478f7d4228fc455a370f1be8ac6e37acade5fd382c1e1992b51433f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 373
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:42:49 GMT
server: nginx
etag: "3d3-58b4b5639f440-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 cssua.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 3 KB
2 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/cssua.js?ver=2.1.28

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

4025727c5cdf69ebebb78196e38a76144968ff27b9dfe789968f23f69d51e2cd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 1481
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "d0d-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.waypoints.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 7 KB
3 KB 13ms
13ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.waypoints.js?ver=2.0.3

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

173a42f3468eebc25191bc4aaa1e86fb422b56337682ce4b38bd2ca4229b8543

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 2416
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "1d57-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-waypoints.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 447 B
778 B 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-waypoints.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

051295687c256d4bf401a70a2fd455ee85f8b7272e2cd133c00a40ba282dab4c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 267
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "1bf-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-animations.js Show response
www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 1 KB
988 B 13ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-animations.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

576f08290e6492215c31e059a5b8dbc6b9d9c801886d44ecab93624f070acb07

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 477
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:43:29 GMT
server: nginx
etag: "430-58b4b589c4e40-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.fade.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 1 KB
956 B 13ms
13ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.fade.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

0b6b1cd454ac76a80fe115f90ee1950f48e6c2a143e4a96176adbb520c40c80b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 445
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "48e-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.requestAnimationFrame.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 695 B
852 B 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.requestAnimationFrame.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

346467f0ba1b9a43b33c78f0663942aa96d5cc8c8064e470665d9308c45a3d91

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 341
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "2b7-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-parallax.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 10 KB
3 KB 13ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/fusion-parallax.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

f95f6ea72c3bb8f2dc65ec8a86cc3e3e19c854ee7b55a37fe3f1a9e2dac63fd1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 2458
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "27ef-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-video-bg.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 5 KB
2 KB 13ms
13ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/fusion-video-bg.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

57376344235f987c935c8fedbf63597857d4c2357ffd48a0d4a7dfa4b7eb4794

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 1969
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "14ce-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-container.js Show response
www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 9 KB
2 KB 13ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-container.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

4e935df82f460a420d80cde9d91b1b145e1bee3bcc1bb7d31a074d9d7f37b5b7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 1919
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:43:29 GMT
server: nginx
etag: "25b5-58b4b589c4e40-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-recent-posts.js Show response
www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 4 KB
2 KB 13ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-recent-posts.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

6e746a03bc3330d32fb71d7fd89fc6aa4de6214664ca21bf6b643bd444cc1415

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 1253
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:43:29 GMT
server: nginx
etag: "10a7-58b4b589c4e40-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.event.move.js Show response
www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/library/ 5 KB
2 KB 13ms
13ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/library/jquery.event.move.js?ver=2.0

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

22a97ea694a9a50a016ac94cb94fb9ae7459a32c905cfecbf668c94fc19a95ba

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 1957
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:43:29 GMT
server: nginx
etag: "1591-58b4b589c4e40-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-image-before-after.js Show response
www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 2 KB
1 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-image-before-after.js?ver=1.0

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

fc87af35bd04c4706ddd46a375c17da9f22a662b057c58ce3ae449afc423b189

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 936
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:43:29 GMT
server: nginx
etag: "9fb-58b4b589c4e40-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.countTo.js Show response
www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/library/ 945 B
941 B 13ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/library/jquery.countTo.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

0c2d6aa51d3d04b3e548b51fec1d00d7e7ae1d2cced71ba4e2bb154a6871d6c7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 430
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:43:29 GMT
server: nginx
etag: "3b1-58b4b589c4e40-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.easyPieChart.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 4 KB
2 KB 13ms
13ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.easyPieChart.js?ver=2.1.7

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

5338acdbe16862e5d826ff614549d8463ae7e26ef1fc27b5d7fee45193ac05b5

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 1541
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "e93-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.appear.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 3 KB
2 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.appear.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

08370201daee47824e2271d06f0300abe6dffa78df2a5913eae613bc9f375bcd

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 1331
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "bbc-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-counters-circle.js Show response
www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 3 KB
1 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-counters-circle.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

5c7438ec740fa9bea75de44a0fbbbc78c14351010ab6ff42ed13b96c7c777d37

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 921
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:43:29 GMT
server: nginx
etag: "d20-58b4b589c4e40-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-flip-boxes.js Show response
www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 1 KB
924 B 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-flip-boxes.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

4175bb2269918cbb80fe0d58474e9fe63e1f583de6e87f6f8d31d591aef12992

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 413
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:43:29 GMT
server: nginx
etag: "5b8-58b4b589c4e40-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.countdown.js Show response
www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/library/ 3 KB
2 KB 13ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/library/jquery.countdown.js?ver=1.0

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

adb4dc173de9c49530f9d50131c359628af6011197caebdeea767de0a9aae7c3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 1054
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:43:29 GMT
server: nginx
etag: "b41-58b4b589c4e40-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-countdown.js Show response
www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 459 B
811 B 13ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-countdown.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

4303c58fd1ed8315421c091d6bf0c651916e752a08ac1eb65af7fcde0a5d81de

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 300
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:43:29 GMT
server: nginx
etag: "1cb-58b4b589c4e40-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 bootstrap.modal.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 4 KB
2 KB 20ms
20ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/bootstrap.modal.js?ver=3.1.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

74f49a4a14494563c06ff8da97a0bdb4fb7be6396fc222a5473cef3234549cee

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 1309
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "f86-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-modal.js Show response
www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 4 KB
2 KB 21ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-modal.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

856b22809016c600799f284b500c4db1fa0551394145b655e4c04874b351f8ec

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 1227
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:43:29 GMT
server: nginx
etag: "113a-58b4b589c4e40-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 Chart.js Show response
www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/library/ 153 KB
45 KB 13ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/library/Chart.js?ver=2.7.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

d60aebd69a890fab3f45348f06573a6bf3790d90be07d0cc9dfd4d1eb1571728

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 46030
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:43:29 GMT
server: nginx
etag: "264de-58b4b589c4e40-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-chart.js Show response
www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 5 KB
2 KB 13ms
13ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-chart.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

3deb29b8fdfdd69f4a7d19c8ac166fa0b70bd6a82315d384f654d313637caebe

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 1673
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:43:29 GMT
server: nginx
etag: "148e-58b4b589c4e40-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 bootstrap.collapse.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 3 KB
2 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/bootstrap.collapse.js?ver=3.1.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

5e52f996d47eb5f321896cfc9a10153c1a47415b3e3b4c1b31a6ec736adadb5e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 1157
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "d60-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-equal-heights.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 1 KB
989 B 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-equal-heights.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

88f84b30a75fbc634441417a902ccd6e542868610c9ec8a6fcb5c1fd91131dba

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 478
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "512-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-toggles.js Show response
www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 3 KB
1 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-toggles.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

343eba0ea5843c81cea3c31e299a6a0f682db22fcd418ef1697acf5cedd4599f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 883
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:43:29 GMT
server: nginx
etag: "b46-58b4b589c4e40-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-column-bg-image.js Show response
www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 1 KB
1 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-column-bg-image.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

86479049f420d20704a4eb2e780f9d965f4591cef87192932a54df637cc5d242

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 535
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:43:29 GMT
server: nginx
etag: "582-58b4b589c4e40-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-column.js Show response
www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 2 KB
935 B 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-column.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

8277993a92ecefa77f1048638efab7a2d0e4bab7696bcf97af30a501c62b58fc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 424
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:43:29 GMT
server: nginx
etag: "90d-58b4b589c4e40-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.fusion_maps.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 6 KB
2 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.fusion_maps.js?ver=2.2.2

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

7f59b2bbb3baed3bf39149286d0b759502377dfd2798f8176426b0bfb60b7924

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 1946
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "164b-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-google-map.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 325 B
732 B 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-google-map.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

4a768695e2001c056e6f8f20f4904e49bbd0471d060b47bbd3cf026ac74e8d5d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 221
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "145-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-events.js Show response
www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 3 KB
2 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-events.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

cbb2318baf1608526817f2467f1a3d37accf3306eacca787a52ed62f6c41664c

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 1137
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:43:29 GMT
server: nginx
etag: "d41-58b4b589c4e40-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-title.js Show response
www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 655 B
844 B 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-title.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

ae0f1b690df343a956c0c38f10cdfba1b9caa9f5850ee066caa5e6aa4ea1fe04

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 333
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:43:29 GMT
server: nginx
etag: "28f-58b4b589c4e40-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-syntax-highlighter.js Show response
www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 2 KB
1 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-syntax-highlighter.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

fc0a1d2d0e1ecfd3d3cca66f12cbd60469ae6a57eaead304db220331b8f6629f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 706
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:43:29 GMT
server: nginx
etag: "76a-58b4b589c4e40-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 bootstrap.transition.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 752 B
889 B 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/bootstrap.transition.js?ver=3.3.6

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

f6524d3bc9f7ad5378a1957b540a60fe820e502ce1474bbb053d6b56e89a9102

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 378
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "2f0-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 bootstrap.tab.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 1 KB
1 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/bootstrap.tab.js?ver=3.1.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

5ead963d94c060ee77069d99d883e33ae92872b2271dc3846248756971c7b48a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 719
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "5e6-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-tabs.js Show response
www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 5 KB
2 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-tabs.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

830049250ea8d6393b03ef23d83c3fadec795d5d4a02394b326c77210c0ba086

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 1190
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:43:29 GMT
server: nginx
etag: "1300-58b4b589c4e40-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-progress.js Show response
www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 786 B
867 B 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-progress.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

b6443f12a07a199cced0c9d1506093b41835cd831937332df384a781eca8977f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 356
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:43:29 GMT
server: nginx
etag: "312-58b4b589c4e40-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-counters-box.js Show response
www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 926 B
952 B 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-counters-box.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

67e0d4919ff70c1c3eabd2801c690bcfce99ef1926119f86d812c7a6b951ce28

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 441
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:43:29 GMT
server: nginx
etag: "39e-58b4b589c4e40-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-gallery.js Show response
www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 1 KB
1010 B 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-gallery.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

d9ae8b314f45d9835f8738dd75713d6c267768b18a3fb072dd6b7a195ea045ee

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 499
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:43:29 GMT
server: nginx
etag: "4ad-58b4b589c4e40-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-content-boxes.js Show response
www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 4 KB
1 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-content-boxes.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

fa0aa801b4f145613e631853cf697527783bd5af01eead6494563d0521de99a6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 848
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:43:29 GMT
server: nginx
etag: "1045-58b4b589c4e40-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.cycle.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 26 KB
8 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.cycle.js?ver=3.0.3

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

ef01f6c9d515df0151de5d55bf3a60ea0f5b0b5387af0f602f1310851828f114

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 7523
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "6661-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-testimonials.js Show response
www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 1 KB
943 B 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-testimonials.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

445ea6c21f8315829dc221101d38913120bd14090456441789562763763dc7b1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 432
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:43:29 GMT
server: nginx
etag: "42e-58b4b589c4e40-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 vimeoPlayer.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 16 KB
6 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/vimeoPlayer.js?ver=2.2.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

8fcca243e0633537ab5a60897b92deba38f13bc927de72f88ba65dee9fddb62e

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 5389
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "4059-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-video.js Show response
www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/ 1 KB
955 B 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/fusion-builder/assets/js/min/general/fusion-video.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

8dc2823c4500c5f0889b6b60d5f5300360d47c314d2be63a5917b1a0623f4fe3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 444
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:43:29 GMT
server: nginx
etag: "419-58b4b589c4e40-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.hoverintent.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 1 KB
974 B 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.hoverintent.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

59d3b42550f13ce9588c415cd29d0d0624ff82f0069d4bb8e673b2dafcc987d9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 463
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "454-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avada-vertical-menu-widget.js Show response
www.bromium.com/wp-content/themes/Avada/assets/min/js/general/ 2 KB
970 B 12ms
11ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/assets/min/js/general/avada-vertical-menu-widget.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

4a7b353345f28b2f6473cf4b09bd8630b109184e31e8d999ccea5d7e741e4351

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 459
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "75a-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 lazysizes.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 7 KB
4 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/lazysizes.js?ver=4.1.5

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

49098b6ae69d756b65ddd27fdc01ffd12eadd8423b93b90c8cb33dfb245e9bc0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 3185
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "1b9f-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 bootstrap.tooltip.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 11 KB
4 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/bootstrap.tooltip.js?ver=3.3.5

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

3b1a54590dff1f0e65b139b223464ec84a594890a1899731bd1521a30b1bddd8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 3883
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "2a5c-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 bootstrap.popover.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 2 KB
1 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/bootstrap.popover.js?ver=3.3.5

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

f3fb4bc97b931ff03afea163a5edbefeca7f945788dbb99e6fe6cdf0561a461d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 740
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "6d7-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.carouFredSel.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 53 KB
14 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.carouFredSel.js?ver=6.2.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

0a7ad0894de0ad3e1e3f60bb7f1acff8f0111e16898ef194de60504147c21656

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 13537
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "d555-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.flexslider.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 23 KB
7 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.flexslider.js?ver=2.2.2

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

ec3ed61fbb4652b652e0cc88ff4759d434f42b301dbd56c0db5bbb034c020284

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 6534
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "5a09-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.hoverflow.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 647 B
847 B 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.hoverflow.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

7d505ba222682e357b9df002b34795df17ebda41a74b5d2aa0143b13ffbceb11

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 336
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "287-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.placeholder.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 2 KB
1 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.placeholder.js?ver=2.0.7

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

673cda4390e4c64c2ec3431e9b948b885e7306f68ef9b8c9fbb9bd83bba88641

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 874
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "898-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.touchSwipe.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/ 10 KB
4 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/library/jquery.touchSwipe.js?ver=1.6.6

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

54857896bdcf37a944f4bd573b0cf874eaa0aa62ee8e2e222cce3a7788bcd395

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 3644
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "2787-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-alert.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 138 B
641 B 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-alert.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

9c1eedb49dbbf57672cbf97d7d70edf6918f89e58c57d49e71496dbda2a56df3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 131
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "8a-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-carousel.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 4 KB
2 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-carousel.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

aa887bd82816b046c131856daa00a57eaa9172e78a62870bf2e65175ca6dbeb1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 1144
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "e0c-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-flexslider.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 9 KB
2 KB 13ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-flexslider.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

3a0bcc9b217ace1869047924abdbbfafb9d134060c0a4ce1d4486b896cd9c301

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 1078
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "2403-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-popover.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 275 B
703 B 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-popover.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

ab439586de1e097863ea040904bdd2bfa31014e9294e975142a70699074d0841

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 192
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "113-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-tooltip.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 1 KB
953 B 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-tooltip.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

3ee59c26685cfc75c1273997337fae950ec6ba6bd7a7c09567fc67d56ec7ce47

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 442
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "5cb-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-sharing-box.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 610 B
734 B 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-sharing-box.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

0eb948d2111a3a8f5e1f1ad8f8ece80d0a10f8f1fc5e1c0c2e214d461a49a952

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 223
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "262-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-blog.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 9 KB
3 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-blog.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

4dd4ba9773ddb1007653ca0abb0a4b8606035794823000db1e932ef79d79ad16

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 2275
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "240e-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-button.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 231 B
680 B 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-button.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

f1560fb223e37341fa8b435f6c114628cadeb4ab4057f25a729fa717ad240987

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 170
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "e7-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-general-global.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 569 B
797 B 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-general-global.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

fbc02a59b50dd8863fa2621ac9081e28fdd627f5476aec06784858858f05f442

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 286
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "239-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avada-header.js Show response
www.bromium.com/wp-content/themes/Avada/assets/min/js/general/ 31 KB
4 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/assets/min/js/general/avada-header.js?ver=5.9.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

495a2597329e07df6310ee63e2acfb92a6f837b2f8b955c333c7a692c2231588

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 3816
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "7c68-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avada-menu.js Show response
www.bromium.com/wp-content/themes/Avada/assets/min/js/general/ 35 KB
7 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/assets/min/js/general/avada-menu.js?ver=5.9.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

d4a7dbefb6fc2a947768735798a4cafce1bc0e839b110c53c1feea8bca54da69

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 6177
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "8ce7-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-scroll-to-anchor.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 4 KB
2 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-scroll-to-anchor.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

fa2e8ed25b98183e4a8126c1fa69a8628362676c522ca8a9bbeb3adabea034d9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 1424
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "1195-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fusion-responsive-typography.js Show response
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/ 2 KB
1 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/min/js/general/fusion-responsive-typography.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

4292411ee65a4e869bc86efa503f19fa259af547e45e744586bd9d2d86fdff3b

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 661
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "928-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 bootstrap.scrollspy.js Show response
www.bromium.com/wp-content/themes/Avada/assets/min/js/library/ 3 KB
2 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/assets/min/js/library/bootstrap.scrollspy.js?ver=3.3.2

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

b6ce2750a5429b968ac4c675acacfbd7da06ddf4638fb1e73ffb0a4553b346cb

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 1060
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "a77-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avada-comments.js Show response
www.bromium.com/wp-content/themes/Avada/assets/min/js/general/ 1 KB
981 B 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/assets/min/js/general/avada-comments.js?ver=5.9.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

3aeb5d27ba1347463afdea3f0a9e7332c7db1adb45377264fba3b37c0da01178

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 470
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "492-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avada-general-footer.js Show response
www.bromium.com/wp-content/themes/Avada/assets/min/js/general/ 952 B
863 B 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/assets/min/js/general/avada-general-footer.js?ver=5.9.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

4f56a354ed72e68c9165a6b5ea38351046a0af0d713df4a090b8d4be722367cc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 352
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "3b8-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avada-quantity.js Show response
www.bromium.com/wp-content/themes/Avada/assets/min/js/general/ 2 KB
1 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/assets/min/js/general/avada-quantity.js?ver=5.9.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

b9128f64e8ee1a5291b26d56ef422453cd675c63ce623073df99b27add6a81c2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 663
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "628-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avada-scrollspy.js Show response
www.bromium.com/wp-content/themes/Avada/assets/min/js/general/ 485 B
728 B 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/assets/min/js/general/avada-scrollspy.js?ver=5.9.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

942a9699ac05525845428cd884337fdbca777394095b270c287a01699262ceef

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 217
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "1e5-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avada-select.js Show response
www.bromium.com/wp-content/themes/Avada/assets/min/js/general/ 501 B
742 B 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/assets/min/js/general/avada-select.js?ver=5.9.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

d8c237ac23e562540132de6ced5d5a5619a6ee895b0da0298bfdb6e7bbceb7b2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 231
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "1f5-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avada-sidebars.js Show response
www.bromium.com/wp-content/themes/Avada/assets/min/js/general/ 3 KB
1 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/assets/min/js/general/avada-sidebars.js?ver=5.9.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

71b0e09967cc50608eb2fae38160e0b069629601d68ee3ee19261af695190a7f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 682
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "a05-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.sticky-kit.js Show response
www.bromium.com/wp-content/themes/Avada/assets/min/js/library/ 3 KB
2 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/assets/min/js/library/jquery.sticky-kit.js?ver=5.9.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

1b4944b5f8a439d1e7f531888ed6eb66781561f56f84336e75b218cb31bb9af9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 1208
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "aba-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avada-tabs-widget.js Show response
www.bromium.com/wp-content/themes/Avada/assets/min/js/general/ 453 B
744 B 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/assets/min/js/general/avada-tabs-widget.js?ver=5.9.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

f1ebf95b8c5770caa6358f4448ef42c18e17fd368a6efeff424fb801941c4da1

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 233
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "1c5-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.toTop.js Show response
www.bromium.com/wp-content/themes/Avada/assets/min/js/library/ 1 KB
1 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/assets/min/js/library/jquery.toTop.js?ver=1.2

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

211c0a338801bcc09e6378ad85542a9d65402051fdcf1b05227df8c65351f3e2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 582
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "49e-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avada-to-top.js Show response
www.bromium.com/wp-content/themes/Avada/assets/min/js/general/ 467 B
764 B 12ms
11ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/assets/min/js/general/avada-to-top.js?ver=5.9.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

664c2c1d41773a307b8c6e37e83091cd3549ae93322f3f2b2ccc7356ec30f1cf

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 253
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "1d3-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avada-drop-down.js Show response
www.bromium.com/wp-content/themes/Avada/assets/min/js/general/ 5 KB
1 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/assets/min/js/general/avada-drop-down.js?ver=5.9.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

71820128a97287bb15ebc412d274baf55e81e86fe16fe61e60a91ba2698c8643

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 896
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "13b6-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avada-rev-styles.js Show response
www.bromium.com/wp-content/themes/Avada/assets/min/js/general/ 2 KB
1 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/assets/min/js/general/avada-rev-styles.js?ver=5.9.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

3cedf966c9e025378ad7eb2aff570d1088fdb76eb279f7a9823a001d33a3d782

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 535
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "920-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 jquery.elasticslider.js Show response
www.bromium.com/wp-content/themes/Avada/assets/min/js/library/ 4 KB
2 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/assets/min/js/library/jquery.elasticslider.js?ver=5.9.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

efd7b1811cef4b7c13b8ae58028f93fd15f154177f1a65df59c0f2139649b9ee

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 1622
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "11da-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avada-elastic-slider.js Show response
www.bromium.com/wp-content/themes/Avada/assets/min/js/general/ 521 B
730 B 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/assets/min/js/general/avada-elastic-slider.js?ver=5.9.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

11a03c12927fe2110cf77b28a5d8441c0cbf639fe01f96b969aa9a0ee8350892

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 219
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:39:29 GMT
server: nginx
etag: "209-58b4b4a4e3240-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 avada-fusion-slider.js Show response
www.bromium.com/wp-content/plugins/fusion-core/js/min/ 26 KB
4 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/fusion-core/js/min/avada-fusion-slider.js?ver=1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

5733d4e205ea28887e56a39851b592959b514b6b2d57a5f5db9cfcc518a9d23a

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 3835
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:42:49 GMT
server: nginx
etag: "690f-58b4b5639f440-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 wp-embed.min.js Show response
www.bromium.com/wp-includes/js/ 1 KB
1 KB 12ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-includes/js/wp-embed.min.js?ver=5.2.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

2152557cac69e2bd7d6debef5037a9f554f9209cc305b8141b3329acb10c42b7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 753
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 06 Feb 2019 17:49:09 GMT
server: nginx
etag: "57b-5813d57c3ef40-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 scripts.js Show response
www.bromium.com/wp-content/plugins/eu-cookie-law/js/ 3 KB
2 KB 13ms
12ms Script
application/x-javascript 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/eu-cookie-law/js/scripts.js?ver=3.0.6

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

b2777b2136591370735374104618934a186d85121cf3fc7dd8cabeaa9d19ecd8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 1055
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 14 Jun 2019 16:36:37 GMT
server: nginx
etag: "b90-58b4b400daf40-gzip"
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: HIT
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 e-201929.js Show response
stats.wp.com/ 9 KB
3 KB 4005ms
30ms Script
application/x-javascript 192.0.76.3
Automattic

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.wp.com/e-201929.js
Requested by: Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: 0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:12 GMT
content-encoding: gzip
server: nginx
etag: W/"5c6340e3-350a"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=31536000
expires: Mon, 13 Jul 2020 12:07:56 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 2962ms
22ms Script
application/x-javascript 184.31.84.223
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.84.223 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a184-31-84-223.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 66f7eaa7a45f696c332cd450771f4be48e110f6afbe1fe7b39c7a95518aeef76

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 20 Jul 2019 16:09:11 GMT
Content-Encoding: gzip
Last-Modified: Fri, 05 Apr 2019 02:53:44 GMT
Server: Apache
ETag: "54520320df20b526337717d6d28181fc:1554432824"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 752

GET
H2 200 banner_tech_blog.jpg
www.bromium.com/wp-content/uploads/2019/06/ 12 KB
12 KB 14ms
13ms Image
image/jpeg 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bromium.com/wp-content/uploads/2019/06/banner_tech_blog.jpg

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

d83e92d49662954787e7e2375c1e88dcf99e6e8b77d00a81a8686a72795ae26f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 12190
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 11 Jun 2019 16:28:38 GMT
server: nginx
etag: "2f9e-58b0ec9fa9980"
x-frame-options: SAMEORIGIN
content-type: image/jpeg
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: MISS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7g.ttf
fonts.gstatic.com/s/sourcesanspro/v12/ 39 KB
20 KB 8ms
6ms Font
font/ttf 2a00:1450:4001:81e::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v12/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7g.ttf

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

ed891295d5d4f70182e68bb3fa450a2b0bf22cfc89286c420632639fb6fd3510

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
Origin: https://www.bromium.com

Response headers

date: Tue, 09 Jul 2019 02:12:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1000607
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 20810
x-xss-protection: 0
last-modified: Mon, 25 Mar 2019 20:10:49 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jul 2020 02:12:21 GMT

GET
H2 200 Qw3FZQNVED7rKGKxtqIqX5Ec0lhte10k.ttf
fonts.gstatic.com/s/josefinsans/v13/ 36 KB
21 KB 12ms
9ms Font
font/ttf 2a00:1450:4001:81e::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/josefinsans/v13/Qw3FZQNVED7rKGKxtqIqX5Ec0lhte10k.ttf

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

ad146bc68ee1de51975ba964dc4142a17bdc78621a009f814523ba9000b37811

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
Origin: https://www.bromium.com

Response headers

date: Fri, 31 May 2019 19:56:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 4306352
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 21323
x-xss-protection: 0
last-modified: Tue, 19 Feb 2019 22:27:13 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 30 May 2020 19:56:36 GMT

GET
H2 200 icomoon.woff
www.bromium.com/wp-content/themes/Avada/includes/lib/assets/fonts/icomoon/ 17 KB
11 KB 14ms
12ms Font
application/font-woff 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/themes/Avada/includes/lib/assets/fonts/icomoon/icomoon.woff

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

6af107cfcc3720e22e6821a417995ae8ff5b3b745f23d2239cbf639516e11e20

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
Origin: https://www.bromium.com

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 10774
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: nginx
etag: "4588-58b4b4a5d7480-gzip"
x-frame-options: SAMEORIGIN
content-type: application/font-woff
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: MISS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdr.ttf
fonts.gstatic.com/s/sourcesanspro/v12/ 39 KB
20 KB 11ms
8ms Font
font/ttf 2a00:1450:4001:81e::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v12/6xKydSBYKcSV-LCoeQqfX1RYOo3ig4vwlxdr.ttf

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

e44186395f92ca92a743b7bfce319e95f8a16705b772ae61fc46e8c00f6842c4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
Origin: https://www.bromium.com

Response headers

date: Thu, 13 Jun 2019 21:50:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3176312
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 20519
x-xss-protection: 0
last-modified: Mon, 25 Mar 2019 20:12:01 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 12 Jun 2020 21:50:36 GMT

GET
H2 200 6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDc.ttf
fonts.gstatic.com/s/sourcesanspro/v12/ 37 KB
20 KB 9ms
7ms Font
font/ttf 2a00:1450:4001:81e::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sourcesanspro/v12/6xK1dSBYKcSV-LCoeQqfX1RYOo3qPZ7nsDc.ttf

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

4dedabcac682b665e87347797ba4ecb42575d62f3b4fd6b8b20cdcec20fc92bc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
Origin: https://www.bromium.com

Response headers

date: Fri, 14 Jun 2019 00:16:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 3167540
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 19893
x-xss-protection: 0
last-modified: Mon, 25 Mar 2019 20:09:23 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 13 Jun 2020 00:16:48 GMT

GET
H2 200 Qw3FZQNVED7rKGKxtqIqX5Ectllte10k.ttf
fonts.gstatic.com/s/josefinsans/v13/ 35 KB
20 KB 12ms
10ms Font
font/ttf 2a00:1450:4001:81e::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/josefinsans/v13/Qw3FZQNVED7rKGKxtqIqX5Ectllte10k.ttf

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

9809680fde3cd05513652e724c9a317abdd3efe07147d6dd375d928dd7f8e801

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
Origin: https://www.bromium.com

Response headers

date: Tue, 09 Jul 2019 00:31:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1006679
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 20523
x-xss-protection: 0
last-modified: Tue, 19 Feb 2019 22:26:16 GMT
server: sffe
vary: Accept-Encoding
content-type: font/ttf
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 08 Jul 2020 00:31:09 GMT

GET
H2 200 keyline-dark-blue-dark-orange.png
www.bromium.com/wp-content/uploads/2018/07/ 6 KB
7 KB 13ms
13ms Image
image/png 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bromium.com/wp-content/uploads/2018/07/keyline-dark-blue-dark-orange.png

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

0cafbfa562597402a3a7b739aabd5aa02fad3630b6d93d85b50cd812d57f81d9

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:09 GMT
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 6470
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 17 Dec 2018 17:46:09 GMT
server: nginx
etag: "1946-57d3b5b213a40"
x-frame-options: SAMEORIGIN
content-type: image/png
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: MISS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 fontawesome-webfont.woff2
maxcdn.bootstrapcdn.com/font-awesome/4.3.0/fonts/ 55 KB
56 KB 2886ms
23ms Font
font/woff2 209.197.3.15
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://maxcdn.bootstrapcdn.com/font-awesome/4.3.0/fonts/fontawesome-webfont.woff2?v=4.3.0
Requested by: Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 209.197.3.15 Phoenix, United States, ASN20446 (HIGHWINDS3 - Highwinds Network Group, Inc., US),
Reverse DNS: vip0x00f.map2.ssl.hwcdn.net
Software: /
Resource Hash: aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
Origin: https://www.bromium.com

Response headers

date: Sat, 20 Jul 2019 16:09:11 GMT
content-encoding: gzip
last-modified: Wed, 12 Dec 2018 18:36:18 GMT
access-control-allow-origin: *
etag: "1544639778"
vary: Accept-Encoding
x-cache: HIT
content-type: font/woff2
status: 200
cache-control: public, max-age=31536000
x-hello-human: Say hello back! @getBootstrapCDN on Twitter
accept-ranges: bytes
timing-allow-origin: *
content-length: 56792

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 6ms
5ms Script
text/javascript 2a00:1450:4001:81e::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-31745238-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a4883cce814b6793c5bd6dd3639d6048ecab39a93a90b560d39a9fd0aff6e263

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 20 Jun 2019 21:35:04 GMT
server: Golfe2
age: 4921
date: Sat, 20 Jul 2019 14:47:08 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 17707
expires: Sat, 20 Jul 2019 16:47:08 GMT

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j77&a=2079661938&t=pageview&_s=1&dl=https%3A%2F%2Fwww.bromium.com%2Fan-analysis-of-l0rdix-rat-panel-and-builder%2F&ul=en-us&de=UTF-8&dt=An%20Analys...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-31745238-1&cid=381933232.1563638949&jid=418762099&_gid=1419384082.1563638949&gjid=73312207&_v=j77&z=1441983953
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-31745238-1&cid=381933232.1563638949&jid=418762099&_v=j77&z=1441983953
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-31745238-1&cid=381933232.1563638949&jid=418762099&_v=j77&z=1441983953&slf_rd=1&random=1904446106

42 B
295 B

22ms
21ms

Image
image/gif

2a00:1450:4001:809::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-31745238-1&cid=381933232.1563638949&jid=418762099&_v=j77&z=1441983953&slf_rd=1&random=1904446106

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Jul 2019 16:09:09 GMT
x-content-type-options: nosniff
content-type: image/gif
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Sat, 20 Jul 2019 16:09:09 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-31745238-1&cid=381933232.1563638949&jid=418762099&_v=j77&z=1441983953&slf_rd=1&random=1904446106
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
cache-control: no-cache, no-store, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/155/ 9 KB
4 KB 23ms
23ms Script
application/x-javascript 184.31.84.223
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/155/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js?ver=1.0.1
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 184.31.84.223 , Netherlands, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a184-31-84-223.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: efb6b9732bf508ee305363b10cf2a67ace474e06eb42642f2c3696b2442a5775

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Sat, 20 Jul 2019 16:09:11 GMT
Content-Encoding: gzip
Last-Modified: Fri, 30 Nov 2018 03:18:20 GMT
Server: Apache
ETag: "c67dad42946949112916578f78706df8:1543547900"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 3923
Expires: Mon, 28 Oct 2019 16:09:11 GMT

GET
H/1.1 200
OK visitWebPage Show response
497-itq-712.mktoresp.com/webevents/ 43 B
622 B 3596ms
104ms XHR
image/gif 199.15.213.31
MARKETO

General

Check archive.org

Show headers Download Go to

Full URL

https://497-itq-712.mktoresp.com/webevents/visitWebPage?_mchNc=1563638951815&_mchCn=&_mchId=497-ITQ-712&_mchTk=_mch-bromium.com-1563638951815-71487&_mchHo=www.bromium.com&_mchPo=&_mchRu=%2Fan-analysis-of-l0rdix-rat-panel-and-builder%2F&_mchPc=https%3A&_mchVr=155&_mchHa=&_mchRe=&_mchQp=

Requested by

Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/155/munchkin.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

199.15.213.31 , United States, ASN53580 (MARKETO - MARKETO, Inc., US),

Reverse DNS

Software

Apache /

Resource Hash

cbbd42bb1d88693e6805bd9d676840424af5ecf3e13d874fd06e6b57d53d8d40

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
Origin: https://www.bromium.com

Response headers

Pragma: no-cache
Date: Sat, 20 Jul 2019 16:09:15 GMT
X-Content-Type-Options: nosniff
Last-Modified: Sat, 20 Jul 2019 11:09:15 -0500
Server: Apache
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: Keep-Alive
Content-Type: image/gif
Keep-Alive: timeout=5, max=100
Content-Length: 43
Expires: -1

GET
H2 200 sw-icon-font.woff
www.bromium.com/wp-content/plugins/social-warfare/assets/fonts/ 5 KB
5 KB 12ms
12ms Font
application/font-woff 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bromium.com/wp-content/plugins/social-warfare/assets/fonts/sw-icon-font.woff?ver=3.6.1

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

e35e7086118397db7576d4558becf44ba2749b14619e0bc716386123f0c254b8

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
Origin: https://www.bromium.com

Response headers

date: Sat, 20 Jul 2019 16:09:13 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 4893
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
server: nginx
etag: "1324-58b4b4059fa80-gzip"
x-frame-options: SAMEORIGIN
content-type: application/font-woff
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: MISS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 S6uyw4BMUTPHjx4wXiWtFCc.woff2
fonts.gstatic.com/s/lato/v15/ 14 KB
14 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:81e::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/lato/v15/S6uyw4BMUTPHjx4wXiWtFCc.woff2

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81e::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=Lato:100,300,regular,700,900%7COpen+Sans:300%7CIndie+Flower:regular%7COswald:300,regular,700&subset=latin%2Clatin-ext
Origin: https://www.bromium.com

Response headers

date: Fri, 14 Jun 2019 03:57:57 GMT
x-content-type-options: nosniff
last-modified: Mon, 25 Mar 2019 20:13:00 GMT
server: sffe
age: 3154275
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43,39"
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 14044
x-xss-protection: 0
expires: Sat, 13 Jun 2020 03:57:57 GMT

GET
H2 200 demo_background2019.png
www.bromium.com/wp-content/uploads/2019/03/ 523 KB
524 KB 12ms
12ms Image
image/png 2a02:fe80:1010::17:8
Sucuri

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.bromium.com/wp-content/uploads/2019/03/demo_background2019.png

Requested by

Host: www.bromium.com
URL: https://www.bromium.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:fe80:1010::17:8 , United Kingdom, ASN30148 (SUCURI-SEC - Sucuri, US),

Reverse DNS

Software

nginx /

Resource Hash

23c56768f6e73fc6cc283e1a7c7378335046b20fcfc4c6d51427021cee0cc870

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:13 GMT
x-content-type-options: nosniff
status: 200
x-sucuri-cache: HIT
host-header: 192fc2e7e50945beb8231a492d6a8024
alt-svc: quic=":443"; ma=86400; v="43,39"
content-length: 535427
x-xss-protection: 1; mode=block
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 22 Mar 2019 19:00:27 GMT
server: nginx
etag: "82b83-584b377c588c0"
x-frame-options: SAMEORIGIN
content-type: image/png
vary: X-Forwarded-Proto,Accept-Encoding
cache-control: max-age=315360000
x-sucuri-id: 19017
content-security-policy: upgrade-insecure-requests;
accept-ranges: bytes
x-proxy-cache: MISS
expires: Thu, 31 Dec 2037 23:55:55 GMT

GET
H2 200 g.gif
pixel.wp.com/ 50 B
115 B 53ms
52ms Image
image/gif 192.0.76.3
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.wp.com/g.gif?v=ext&j=1%3A7.0&blog=149279503&post=19706&tz=-7&srv=www.bromium.com&host=www.bromium.com&ref=&fcp=9235&rand=0.3926153314551337
Requested by: Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 192.0.76.3 San Francisco, United States, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Sat, 20 Jul 2019 16:09:13 GMT
cache-control: no-cache
server: nginx
content-length: 50
content-type: image/gif

GET
H2 200 ipv
cdn.bizible.com/m/ 43 B
345 B 44ms
43ms Image
image/gif 93.184.220.178
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=fa17dbb3f4d54a1fc5e968c1aa32c3be&_biz_s=4e6b65&_biz_l=https%3A%2F%2Fwww.bromium.com%2Fan-analysis-of-l0rdix-rat-panel-and-builder%2F&_biz_t=1563638952979&_biz_i=An%20Analysis%20of%20L0rdix%20RAT%2C%20Panel%20and%20Builder%20-%20Bromium&_biz_n=0&rnd=100433&cdn_o=a&_biz_z=1563638952980
Requested by: Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.220.178 London, United Kingdom, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (ams/D048) / ASP.NET
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Jul 2019 16:09:13 GMT
x-aspnetmvc-version: 4.0
last-modified: Sat, 13 Jul 2019 17:45:29 GMT
server: ECS (ams/D048)
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-type: Image/GIF
content-length: 43
expires: -1

GET
H2 200 BizibleAcct.js Show response
cdn.bizible.com/ 376 B
517 B 2072ms
2072ms Script
text/javascript 93.184.220.178
MCI Communication...

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.bizible.com/BizibleAcct.js?_biz_u=fa17dbb3f4d54a1fc5e968c1aa32c3be&_biz_h=-1906410348&cdn_o=a&jsVer=4.19.07.18
Requested by: Host: cdn.bizible.com
URL: https://cdn.bizible.com/scripts/bizible.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.220.178 London, United Kingdom, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: dcf16283bde8f80b8131268308adba01a60889f562104534c62a507636d0a17d

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Sat, 20 Jul 2019 16:09:12 GMT
content-encoding: gzip
x-aspnetmvc-version: 4.0
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
etag: 135A37B0
vary: Accept-Encoding
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 200
cache-control: private, must-revalidate, max-age=21600
content-type: text/javascript; charset=utf-8
content-length: 321

GET
H2 200 u
cdn.bizible.com/m/ 43 B
139 B 2029ms
2028ms Image
image/gif 93.184.220.178
MCI Communication...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cdn.bizible.com/m/u?mapType=mkto&mapValue=id%3A497-ITQ-712%26token%3A_mch-bromium.com-1563638951815-71487&_biz_u=fa17dbb3f4d54a1fc5e968c1aa32c3be&_biz_s=4e6b65&_biz_l=https%3A%2F%2Fwww.bromium.com%2Fan-analysis-of-l0rdix-rat-panel-and-builder%2F&_biz_t=1563638952982&_biz_i=An%20Analysis%20of%20L0rdix%20RAT%2C%20Panel%20and%20Builder%20-%20Bromium&_biz_n=1&rnd=497059&cdn_o=a&_biz_z=1563638953084
Requested by: Host: www.bromium.com
URL: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 93.184.220.178 London, United Kingdom, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software: ECS (ams/D026) / ASP.NET
Resource Hash: afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277

Request headers

Referer: https://www.bromium.com/an-analysis-of-l0rdix-rat-panel-and-builder/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Sat, 20 Jul 2019 16:09:15 GMT
x-aspnetmvc-version: 4.0
last-modified: Fri, 19 Jul 2019 04:08:45 GMT
server: ECS (ams/D026)
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
x-cache: HIT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
status: 200
cache-control: no-cache, no-store
accept-ranges: bytes
content-type: Image/GIF
content-length: 43
expires: -1

Verdicts & Comments Add Verdict or Comment

266 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

9 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.bromium.com/	1970-01-19 11:06:14	Name: _biz_pendingA Value: %5B%5D
.bromium.com/	1970-01-19 11:06:14	Name: _biz_flagsA Value: %7B%22Version%22%3A1%2C%22Mkto%22%3A%221%22%2C%22XDomain%22%3A%221%22%7D
.bromium.com/	1970-01-19 11:06:14	Name: _biz_nA Value: 2
.bromium.com/	1970-01-19 02:20:40	Name: _biz_sid Value: 4e6b65
.bromium.com/	1970-01-19 02:22:05	Name: _gid Value: GA1.2.1419384082.1563638949
.bromium.com/	1970-01-19 11:06:14	Name: _biz_uid Value: fa17dbb3f4d54a1fc5e968c1aa32c3be
.bromium.com/	1970-01-19 19:51:50	Name: _mkto_trk Value: id:497-ITQ-712&token:_mch-bromium.com-1563638951815-71487
.bromium.com/	1970-01-19 02:20:39	Name: _gat_gtag_UA_31745238_1 Value: 1
.bromium.com/	1970-01-19 19:51:50	Name: _ga Value: GA1.2.381933232.1563638949

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://www.bromium.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1(Line 2) Message: JQMIGRATE: Migrate is installed, version 1.4.1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests;
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

497-itq-712.mktoresp.com
cdn.bizible.com
fonts.googleapis.com
fonts.gstatic.com
maxcdn.bootstrapcdn.com
munchkin.marketo.net
pixel.wp.com
s0.wp.com
stats.g.doubleclick.net
stats.wp.com
www.bromium.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
184.31.84.223
192.0.76.3
192.0.77.32
199.15.213.31
209.197.3.15
2a00:1450:4001:809::2003
2a00:1450:4001:815::200a
2a00:1450:4001:819::2008
2a00:1450:4001:81e::2003
2a00:1450:4001:81e::200e
2a00:1450:4001:821::2004
2a00:1450:400c:c0c::9a
2a02:fe80:1010::17:8
93.184.220.178
0035720fc5883c540c438849f0cd10659229c9d41f0a4ea6dc8fd369aa1e644b
036d841b132c14046e26d8f2da1bc634c6ad34885ed1295660694a91c98933a6
051295687c256d4bf401a70a2fd455ee85f8b7272e2cd133c00a40ba282dab4c
080cf3de5031b9caac353875e8969fd80a548c9f39fdf4627a8c65abddad8b04
08370201daee47824e2271d06f0300abe6dffa78df2a5913eae613bc9f375bcd
0a7ad0894de0ad3e1e3f60bb7f1acff8f0111e16898ef194de60504147c21656
0b6b1cd454ac76a80fe115f90ee1950f48e6c2a143e4a96176adbb520c40c80b
0c2d6aa51d3d04b3e548b51fec1d00d7e7ae1d2cced71ba4e2bb154a6871d6c7
0cafbfa562597402a3a7b739aabd5aa02fad3630b6d93d85b50cd812d57f81d9
0d280fc6bff441a98556872620d095ffadfffab91240475fc7392f394ba7f494
0e387e0ca6eaab114d9b652a31f63a509449fe999f0bf1acd4f3b9a8c9de654c
0eb948d2111a3a8f5e1f1ad8f8ece80d0a10f8f1fc5e1c0c2e214d461a49a952
0ebbc7fba9a50d36ef5422345f624431710db4528f25749d1d438c2c10bb69f2
0f158ed2f9a3b0126d41b4013a4f746eea09663c6214b79877e19016129aa4e6
11a03c12927fe2110cf77b28a5d8441c0cbf639fe01f96b969aa9a0ee8350892
1496fd15b2010ef8a3256725ca46c1ecda7e815737f78034545861d2210931b4
173a42f3468eebc25191bc4aaa1e86fb422b56337682ce4b38bd2ca4229b8543
186bc13230ab3dfcd0a92e5d5ed3e1f102925efe26c72b4a5c9189897f70dcdb
1b4944b5f8a439d1e7f531888ed6eb66781561f56f84336e75b218cb31bb9af9
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
211c0a338801bcc09e6378ad85542a9d65402051fdcf1b05227df8c65351f3e2
2152557cac69e2bd7d6debef5037a9f554f9209cc305b8141b3329acb10c42b7
22a97ea694a9a50a016ac94cb94fb9ae7459a32c905cfecbf668c94fc19a95ba
23bd7e5fac741d9a4b7cd4572ab0df7556b4dd610c67e3dfaa852d28812b4250
23c56768f6e73fc6cc283e1a7c7378335046b20fcfc4c6d51427021cee0cc870
245dba3be6a1b10208f628f21377fc998b5384dc303bdef6954df3910e4f36b5
25fca7453a6eac87e06b993665a52091a21860ba74466a218517bd3afa0efac0
27775c21f0dc6d43877b4d8fb5050f68900b853636cc5046c6a526b8dbac8938
27ead7f47a3fb4d1e7cbef0c68e28bde7ea18923cf41d8ca82ba13584eebc710
29310ca80dc4c9a10702e08b5d69eab57e2532009d0d42e34e92745f313d45eb
3005ccd7133f01461d6cacc9e9b8f5c1d523ff24af2b048405ed40d898027663
318c82030733c1cff75b713ed1efd26385fdfe3ee7704fd1322cb21b03a7773d
31cb76c05cbf5d71466f93078e8ba0f6e39cd92d0acc86d385b8cf2899963695
343eba0ea5843c81cea3c31e299a6a0f682db22fcd418ef1697acf5cedd4599f
346467f0ba1b9a43b33c78f0663942aa96d5cc8c8064e470665d9308c45a3d91
386642ab1368fac97c760cf61e9d4f8009e9d439edd08f1c68d67a2823ec6739
39eadd1cbab3247462a6e2c98e375d19e3e6e9b7a52bcf5996f396b83e82fc85
3a0bcc9b217ace1869047924abdbbfafb9d134060c0a4ce1d4486b896cd9c301
3aeb5d27ba1347463afdea3f0a9e7332c7db1adb45377264fba3b37c0da01178
3b1a54590dff1f0e65b139b223464ec84a594890a1899731bd1521a30b1bddd8
3c0bfb5a3db6967755accf4f7d045f8529e546a3b713281cac8a3088b51f6bda
3cedf966c9e025378ad7eb2aff570d1088fdb76eb279f7a9823a001d33a3d782
3deb29b8fdfdd69f4a7d19c8ac166fa0b70bd6a82315d384f654d313637caebe
3ee59c26685cfc75c1273997337fae950ec6ba6bd7a7c09567fc67d56ec7ce47
4025727c5cdf69ebebb78196e38a76144968ff27b9dfe789968f23f69d51e2cd
4175bb2269918cbb80fe0d58474e9fe63e1f583de6e87f6f8d31d591aef12992
4292411ee65a4e869bc86efa503f19fa259af547e45e744586bd9d2d86fdff3b
4303c58fd1ed8315421c091d6bf0c651916e752a08ac1eb65af7fcde0a5d81de
445ea6c21f8315829dc221101d38913120bd14090456441789562763763dc7b1
4463996b808a043a2091ce400b56adcdb7407264272e6d2e389075e143e1c901
44700f24a0c621e885242bd58561d7b87e6dff47ec06aecdfa87ece83baf7be3
447f8762021b0e2726cea6977b09f5448684bf078d66cf5718f681bd2e1cec4f
45bf3cfd4435f42a6726e2849c4ec2faae10fc680d4cc9b5a24110359f648aa7
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
49098b6ae69d756b65ddd27fdc01ffd12eadd8423b93b90c8cb33dfb245e9bc0
495a2597329e07df6310ee63e2acfb92a6f837b2f8b955c333c7a692c2231588
49970d4535c697920b947c94b837cd31f7be91270e93eaf9422001cb2e0ab6f2
4a768695e2001c056e6f8f20f4904e49bbd0471d060b47bbd3cf026ac74e8d5d
4a7b353345f28b2f6473cf4b09bd8630b109184e31e8d999ccea5d7e741e4351
4dd4ba9773ddb1007653ca0abb0a4b8606035794823000db1e932ef79d79ad16
4dedabcac682b665e87347797ba4ecb42575d62f3b4fd6b8b20cdcec20fc92bc
4e935df82f460a420d80cde9d91b1b145e1bee3bcc1bb7d31a074d9d7f37b5b7
4f56a354ed72e68c9165a6b5ea38351046a0af0d713df4a090b8d4be722367cc
5338acdbe16862e5d826ff614549d8463ae7e26ef1fc27b5d7fee45193ac05b5
5471f69a1a17057a61a1fcba85099b9c95b848088d1c819e90e885adbffb9909
54857896bdcf37a944f4bd573b0cf874eaa0aa62ee8e2e222cce3a7788bcd395
5733d4e205ea28887e56a39851b592959b514b6b2d57a5f5db9cfcc518a9d23a
57376344235f987c935c8fedbf63597857d4c2357ffd48a0d4a7dfa4b7eb4794
576f08290e6492215c31e059a5b8dbc6b9d9c801886d44ecab93624f070acb07
578332cd14c1c8f1c9ea7cc966ca50ae73945b7de3055e07f06dc099d4feeee0
57f3316599c6cb279ffb4fb239393035f0bb68fb16302f9bfb2b122acc282e4a
582278063c6f97f70b739bc1530060e16e176bb7b792ec5bd542d2083ed6b21c
59d3b42550f13ce9588c415cd29d0d0624ff82f0069d4bb8e673b2dafcc987d9
5bc8474bdc04566bc76501404ac0ad7bb6e8c2d67f95f986c3c4db3ef30bb68b
5c7438ec740fa9bea75de44a0fbbbc78c14351010ab6ff42ed13b96c7c777d37
5e52f996d47eb5f321896cfc9a10153c1a47415b3e3b4c1b31a6ec736adadb5e
5ead963d94c060ee77069d99d883e33ae92872b2271dc3846248756971c7b48a
6116ae66bf197d1ddf9de2dbf754de1ff86b2874f383a574b35ffa21b2a1f714
632af363989d420500a3fc1546178648f5aaa4f9aabb98666e62c3035fa423d1
664c2c1d41773a307b8c6e37e83091cd3549ae93322f3f2b2ccc7356ec30f1cf
66f7eaa7a45f696c332cd450771f4be48e110f6afbe1fe7b39c7a95518aeef76
673cda4390e4c64c2ec3431e9b948b885e7306f68ef9b8c9fbb9bd83bba88641
67e0d4919ff70c1c3eabd2801c690bcfce99ef1926119f86d812c7a6b951ce28
68669b7822342c06c4fb23bb60327cbb27675bb87b2fd7f819953bdb22c54550
69aff18e54732eae1bb02c82d045c33f45675b017ba6dfdade80ab63a8e26bc5
6af107cfcc3720e22e6821a417995ae8ff5b3b745f23d2239cbf639516e11e20
6d8b488d1ca8344bd157ff6969ddf4e26bd9f5cb93b26496b3293fcc8141e792
6dada17a4d95ab46b26703d45cb1fcda115f49401a8c6a8aa3daeee4ee49856f
6e746a03bc3330d32fb71d7fd89fc6aa4de6214664ca21bf6b643bd444cc1415
71820128a97287bb15ebc412d274baf55e81e86fe16fe61e60a91ba2698c8643
71b0e09967cc50608eb2fae38160e0b069629601d68ee3ee19261af695190a7f
74f49a4a14494563c06ff8da97a0bdb4fb7be6396fc222a5473cef3234549cee
756df835cdc3e6d51abfaa6f2cd0d48a3430e2bcc2c12566e06dc79f3ba4ff74
7668ad2d758ed874c4111801a36f17f643cbbf8f65e238656e629a177daea5d5
7a109bbaf31b60ea0c1182758f73e7e2050aeabc9d37913ebc0c72030a48cf23
7d505ba222682e357b9df002b34795df17ebda41a74b5d2aa0143b13ffbceb11
7f59b2bbb3baed3bf39149286d0b759502377dfd2798f8176426b0bfb60b7924
8277993a92ecefa77f1048638efab7a2d0e4bab7696bcf97af30a501c62b58fc
82f1f0decda8cc4fc3fd0c4e1f0c13b08ab1ce1a09f45280e29b343ea9002a47
830049250ea8d6393b03ef23d83c3fadec795d5d4a02394b326c77210c0ba086
8502155a9392b75296cfc1579baa7fe58a1be6c7483dd234bebde095723b0ebe
856b22809016c600799f284b500c4db1fa0551394145b655e4c04874b351f8ec
86479049f420d20704a4eb2e780f9d965f4591cef87192932a54df637cc5d242
878461518abc710963a9cb87f541c54f94db9af08a3f2a891f24f4a6311dd49c
88a7e4cccc0b6c41c2083d7ab0ee74767320246b2ce97fa78339068b15fbb854
88f84b30a75fbc634441417a902ccd6e542868610c9ec8a6fcb5c1fd91131dba
8dc2823c4500c5f0889b6b60d5f5300360d47c314d2be63a5917b1a0623f4fe3
8eb6416c0280463cf8caa7dc24aae669a6a7d643ce5de2d448bbf31278202104
8fcca243e0633537ab5a60897b92deba38f13bc927de72f88ba65dee9fddb62e
93475d6e27a8b1d0766dbc938836687832fc679e580cf4c35decc6ff431130a6
936567bc744e199e02bfc3c33fe2bc9c862999e0d479e2a694aa7485460a3960
942a9699ac05525845428cd884337fdbca777394095b270c287a01699262ceef
95577ab82ae6298380cdbd69ecc41d5b6895cbc107b7b996e03a96673e3470ae
9809680fde3cd05513652e724c9a317abdd3efe07147d6dd375d928dd7f8e801
9c1eedb49dbbf57672cbf97d7d70edf6918f89e58c57d49e71496dbda2a56df3
a025c1b727608e9b86f461260e7a65c4266001b99a575c62225e52bc7093906f
a1dff8b0c66227748951c4ff891f146f49c5a382ac8e3d6e3c2e9cf8aa560dc8
a4883cce814b6793c5bd6dd3639d6048ecab39a93a90b560d39a9fd0aff6e263
a8e578a5cd18eeecc3159219e9314c2c58ae24241be082a8b71d6b8994ddef7d
aa887bd82816b046c131856daa00a57eaa9172e78a62870bf2e65175ca6dbeb1
aadc3580d2b64ff5a7e6f1425587db4e8b033efcbf8f5c332ca52a5ed580c87c
ab439586de1e097863ea040904bdd2bfa31014e9294e975142a70699074d0841
ad146bc68ee1de51975ba964dc4142a17bdc78621a009f814523ba9000b37811
adb4dc173de9c49530f9d50131c359628af6011197caebdeea767de0a9aae7c3
ae0f1b690df343a956c0c38f10cdfba1b9caa9f5850ee066caa5e6aa4ea1fe04
afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277
b1a7be6cf478f7d4228fc455a370f1be8ac6e37acade5fd382c1e1992b51433f
b2777b2136591370735374104618934a186d85121cf3fc7dd8cabeaa9d19ecd8
b6443f12a07a199cced0c9d1506093b41835cd831937332df384a781eca8977f
b6ce2750a5429b968ac4c675acacfbd7da06ddf4638fb1e73ffb0a4553b346cb
b7be203f69d78fc9333697062bac50e776a77e549c326aeeb2f619f799f054d4
b82fd75d432197d07de7ccdf7e0e5db59a52fc55492a2968e5179812bd8e976d
b9128f64e8ee1a5291b26d56ef422453cd675c63ce623073df99b27add6a81c2
bb9e3c0384f39870134bfa5cf03ef51de50b9a99522ca725b6e6719610817174
bd281df7bd77b894a68df8ad573725c2ed0981cbe9525290448bdc11a3c8809f
c3ef28a4f156c353239b74328046126175c702be2d89b9a24c8527a8b53ee0e4
cbb2318baf1608526817f2467f1a3d37accf3306eacca787a52ed62f6c41664c
cbbd42bb1d88693e6805bd9d676840424af5ecf3e13d874fd06e6b57d53d8d40
cc5b7e9d50341b678822a5768ded2b87098a89ca6e96a453ddec9d51ca87bbe8
d14332dbfda395a1a0b849313089e74bb68cd16cce76aead3e0b70d1f99a573d
d1b4ad20017b52fa7d71856374122c44dc54e4a6aadc2a63f2f45f62cf244adc
d2b31a9bd16455c7a0e1309fc7d7a9d0deaac2e82521f25e4754e062b1d8d68c
d3ffecf2ed616279e592a8e639561fe10535300ef615f9dde126f126af5644b1
d4a7dbefb6fc2a947768735798a4cafce1bc0e839b110c53c1feea8bca54da69
d527e25b2c083994f43c432869c02cfe1b459f97ae474e4a08a142c56733d64d
d60aebd69a890fab3f45348f06573a6bf3790d90be07d0cc9dfd4d1eb1571728
d6a8bf1f2a5d494feca74153daf9a45952a3258b43a93d94f059fc6134650d84
d83e92d49662954787e7e2375c1e88dcf99e6e8b77d00a81a8686a72795ae26f
d8c237ac23e562540132de6ced5d5a5619a6ee895b0da0298bfdb6e7bbceb7b2
d9ae8b314f45d9835f8738dd75713d6c267768b18a3fb072dd6b7a195ea045ee
dbabf1b2b74046794682055598b1989a3e72e80f711bd6b1762c5688f3385a4f
dc0a3ea392c6449dedbcd9c3dd7514c317a4c3c3198f7bf16671cf8c242df29c
dcf16283bde8f80b8131268308adba01a60889f562104534c62a507636d0a17d
dd1fad41f2891919876ec7b3fc3057b7b89fad8e8ff8b5d03815838bb8e7e497
dd5ceb190d2852ad363c91ce58749aff3a6dd46e0c9fa299cdf9a8ecfcfaca7a
de5ba330570616401d1840de0075059a65e62280b8d2524334be84290f43a4d7
de6a3515113a3905836421478a16e8b1c7368a0fbf07081b6c5efd9965a8a2f8
dfc519eb2d0e5ac0e8cdbe86fef355135280c643df14fa9a8e6abd5820d01159
e35e7086118397db7576d4558becf44ba2749b14619e0bc716386123f0c254b8
e44186395f92ca92a743b7bfce319e95f8a16705b772ae61fc46e8c00f6842c4
e4d95c8c18f88a5e9fb28ebabb034f88f48a439bf512d0bdff78161efd302811
e60fbf0bdc14cbc9e44557e622bdd1864f5556b72b7d9f46e0f039aed2f4840a
e9425739f3cc0942a4134f458ef7937892e7f7accb277513e156c5e95c08f483
ec3ed61fbb4652b652e0cc88ff4759d434f42b301dbd56c0db5bbb034c020284
ed0cbc4e422674de667380b6a10ce12f3ef766d062f94145346daf3800ad2cb7
ed891295d5d4f70182e68bb3fa450a2b0bf22cfc89286c420632639fb6fd3510
ede1815b17e451c16258034bcf89a7957256c67884aefffefbb97020770fdc06
ef01f6c9d515df0151de5d55bf3a60ea0f5b0b5387af0f602f1310851828f114
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef37623210ea8ca79baa93b41ce01f51cf508707e66072a8bf99ae32e1580be0
efb6b9732bf508ee305363b10cf2a67ace474e06eb42642f2c3696b2442a5775
efd7b1811cef4b7c13b8ae58028f93fd15f154177f1a65df59c0f2139649b9ee
f1560fb223e37341fa8b435f6c114628cadeb4ab4057f25a729fa717ad240987
f1ebf95b8c5770caa6358f4448ef42c18e17fd368a6efeff424fb801941c4da1
f32d41f2099a0be20e6b57c5e0d1b71c079d3e1345827b0f5c5b97c6e5e3f78d
f33a524439a4a326448d6615cf7ec8eb908cd57660d7ddb03204500512763cc5
f3a8992acb9ab911e0fa4ae12f4b85ef8e61008619f13ee51c7a121ff87f63b1
f3fb4bc97b931ff03afea163a5edbefeca7f945788dbb99e6fe6cdf0561a461d
f60c29fe691d2e86ac7912268faf0f341a4dbdb28346fa04bc4b0b13568b83c7
f6524d3bc9f7ad5378a1957b540a60fe820e502ce1474bbb053d6b56e89a9102
f65f3aeed46b79940849fa2022f2cbdf368288de9046f2b3da075c42f9dde8f6
f95f6ea72c3bb8f2dc65ec8a86cc3e3e19c854ee7b55a37fe3f1a9e2dac63fd1
fa0aa801b4f145613e631853cf697527783bd5af01eead6494563d0521de99a6
fa2e8ed25b98183e4a8126c1fa69a8628362676c522ca8a9bbeb3adabea034d9
fbc02a59b50dd8863fa2621ac9081e28fdd627f5476aec06784858858f05f442
fc0a1d2d0e1ecfd3d3cca66f12cbd60469ae6a57eaead304db220331b8f6629f
fc4ae22497e71cd073d7ec2fda7ec358b49335dcccfd3366713691ee15e0c668
fc87af35bd04c4706ddd46a375c17da9f22a662b057c58ce3ae449afc423b189
fe5d09013cdf89dd17c511c908bee2628e4c0f9b4550f802fdb1fd5086999c8d
ffa31f5802b20d64a10c71ad93394c1e2b4b16f33e2f479d8274fd02ce0a594f

www.bromium.com Open in urlscan Pro 2a02:fe80:1010::17:8 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

192 Requests

100 %HTTPS

57 %IPv6

13 Domains

15 Subdomains

12 IPs

5 Countries

2687 kBTransfer

5859 kBSize

9 Cookies

17 Outgoing links

Redirected requests

192 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.bromium.com Open in urlscan Pro
2a02:fe80:1010::17:8 Public Scan

Screenshot
Live screenshot

Full Image

192
Requests

100 %
HTTPS

57 %
IPv6

13
Domains

15
Subdomains

12
IPs

5
Countries

2687 kB
Transfer

5859 kB
Size

9
Cookies

192 HTTP transactions
0 data transactions