labs.sentinelone.com Open in urlscan Pro
2620:12a:8000::3 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-hi...
Submission: On January 14 via manual (January 14th 2020, 3:15:23 pm UTC) from ES

Summary HTTP 93 Redirects Links 31 Behaviour Indicators

Summary

This website contacted 11 IPs in 4 countries across 10 domains to perform 93 HTTP transactions. The main IP is 2620:12a:8000::3, located in United States and belongs to FASTLY - Fastly, US. The main domain is labs.sentinelone.com.
TLS certificate: Issued by Let's Encrypt Authority X3 on January 8th 2020. Valid for: 3 months.

This is the only time labs.sentinelone.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
70	2620:12a:8000::3 2620:12a:8000::3	54113 (FASTLY) (FASTLY - Fastly)
3	2a00:1450:400... 2a00:1450:4001:824::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
2	143.204.101.96 143.204.101.96	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	2606:4700::68... 2606:4700::6811:4004	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1 1	23.8.9.30 23.8.9.30	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
7	104.24.116.125 104.24.116.125	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	2a00:1450:400... 2a00:1450:4001:821::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2606:4700::68... 2606:4700::6812:e134	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2a04:fa87:fff... 2a04:fa87:fffe::c000:4902	2635 (AUTOMATTIC) (AUTOMATTIC - Automattic)
3	2a00:1450:400... 2a00:1450:4001:817::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a00:1450:400... 2a00:1450:4001:821::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
93	11

70 2620:12a:8000::3 (United States)

ASN54113 (FASTLY - Fastly, US)

labs.sentinelone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:824::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.101.96 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-101-96.fra50.r.cloudfront.net

app.cdn.lookbookhq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6811:4004 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.8.9.30 (Netherlands) 1 redirects

ASN20940 (AKAMAI-ASN1, US)
PTR: a23-8-9-30.deploy.static.akamaitechnologies.com

cloud.typography.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 104.24.116.125 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.sentinelone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
go.sentinelone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:821::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:e134 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:fa87:fffe::c000:4902 (Ireland)

ASN2635 (AUTOMATTIC - Automattic, Inc, US)

secure.gravatar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:817::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:821::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
77	sentinelone.com labs.sentinelone.com www.sentinelone.com go.sentinelone.com	2 MB
3	gstatic.com fonts.gstatic.com	39 KB
3	googleapis.com fonts.googleapis.com	2 KB
2	google-analytics.com www.google-analytics.com	18 KB
2	googletagmanager.com www.googletagmanager.com	27 KB
2	cloudflare.com cdnjs.cloudflare.com	20 KB
2	lookbookhq.com app.cdn.lookbookhq.com	2 KB
1	gravatar.com secure.gravatar.com	4 KB
1	onesignal.com cdn.onesignal.com	3 KB
1	typography.com 1 redirects cloud.typography.com	453 B
93	10

	Domain	Requested by
70	labs.sentinelone.com	labs.sentinelone.com
6	go.sentinelone.com	labs.sentinelone.com go.sentinelone.com
3	fonts.gstatic.com	go.sentinelone.com labs.sentinelone.com
3	fonts.googleapis.com	labs.sentinelone.com
2	www.google-analytics.com	www.googletagmanager.com labs.sentinelone.com
2	www.googletagmanager.com	labs.sentinelone.com
2	cdnjs.cloudflare.com	labs.sentinelone.com
2	app.cdn.lookbookhq.com	labs.sentinelone.com
1	secure.gravatar.com	labs.sentinelone.com
1	cdn.onesignal.com	labs.sentinelone.com
1	www.sentinelone.com	labs.sentinelone.com
1	cloud.typography.com	1 redirects
93	12

This site contains links to these domains. Also see Links.

Domain
twitter.com
www.linkedin.com
app.slack.com
sentinelone.com
github.com
blog.malwarebytes.com
www.fidelissecurity.com
technical.nttsecurity.com
assets.sentinelone.com
www.facebook.com
reddit.com
www.vkremez.com
t.co

Subject Issuer	Validity	Valid
5675573259010048-fe3.pantheonsite.io Let's Encrypt Authority X3	`2020-01-08` - `2020-04-07`	3 months	crt.sh
*.storage.googleapis.com GTS CA 1O1	`2019-12-10` - `2020-03-03`	3 months	crt.sh
cdn.lookbookhq.com Amazon	`2019-12-06` - `2021-01-06`	a year	crt.sh
cloudflare.com CloudFlare Inc ECC CA-2	`2020-01-07` - `2020-10-09`	9 months	crt.sh
sentinelone.com CloudFlare Inc ECC CA-2	`2020-01-12` - `2020-10-09`	9 months	crt.sh
*.google-analytics.com GTS CA 1O1	`2019-12-10` - `2020-03-03`	3 months	crt.sh
ssl898578.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-10-11` - `2020-04-18`	6 months	crt.sh
*.gravatar.com COMODO RSA Domain Validation Secure Server CA	`2018-09-06` - `2020-09-05`	2 years	crt.sh
*.google.com GTS CA 1O1	`2019-12-10` - `2020-03-03`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
Frame ID: 3BAEE9AECA07FD920965EBEB4C2F2442
Requests: 93 HTTP requests in this frame

Frame: https://go.sentinelone.com/index.php/form/XDFrame
Frame ID: F28698494B90B99834A6D6B183CB7454
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

script /\/wp-(?:content|includes)\//i
headers link /rel="https:\/\/api\.w\.org\/"/i

Nginx (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /nginx(?:\/([\d.]+))?/i

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /varnish(?: $Varnish\/([\d.]+)$)?/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

93
Requests

100 %
HTTPS

73 %
IPv6

10
Domains

12
Subdomains

11
IPs

4
Countries

2447 kB
Transfer

3354 kB
Size

5
Cookies

31 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/LabsSentinel
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/sentinelone
Title:

Search URL Search Domain Scan URL

URL: https://app.slack.com/client/TQW3J2J3C/CR8SHCU0Y
Title:

Search URL Search Domain Scan URL

URL: https://sentinelone.com/
Title: Visit sentinelone.com

Search URL Search Domain Scan URL

URL: https://github.com/SentineLabs/PowerTrick
Title: IOCs on GitHub

Search URL Search Domain Scan URL

URL: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/
Title: https://blog.malwarebytes.com/threat-analysis/2016/10/trick-bot-dyrezas-successor/

Search URL Search Domain Scan URL

URL: https://www.fidelissecurity.com/threatgeek/archive/trickbot-we-missed-you-dyre/
Title: https://www.fidelissecurity.com/threatgeek/archive/trickbot-we-missed-you-dyre/

Search URL Search Domain Scan URL

URL: https://technical.nttsecurity.com/post/102fsp2/trickbot-variant-anchor-dns-communicating-over-dns
Title: https://technical.nttsecurity.com/post/102fsp2/trickbot-variant-anchor-dns-communicating-over-dns

Search URL Search Domain Scan URL

URL: https://assets.sentinelone.com/labs/39-ogc2h
Title: Read the Full Report

Search URL Search Domain Scan URL

URL: http://www.facebook.com/sharer.php?u=https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
Title: Facebook

Search URL Search Domain Scan URL

URL: http://twitter.com/share?url=https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/&text=Top-Tier%20Russian%20Organized%20Cybercrime%20Group%20Unveils%20Fileless%20Stealthy%20%E2%80%9CPowerTrick%E2%80%9D%20Backdoor%20for%20High-Value%20Targets
Title: Twitter

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/&title=Top-Tier%20Russian%20Organized%20Cybercrime%20Group%20Unveils%20Fileless%20Stealthy%20%E2%80%9CPowerTrick%E2%80%9D%20Backdoor%20for%20High-Value%20Targets
Title: Linkedin

Search URL Search Domain Scan URL

URL: http://reddit.com/submit?url=https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/&name=Top-Tier%20Russian%20Organized%20Cybercrime%20Group%20Unveils%20Fileless%20Stealthy%20%E2%80%9CPowerTrick%E2%80%9D%20Backdoor%20for%20High-Value%20Targets
Title: Reddit

Search URL Search Domain Scan URL

URL: https://www.vkremez.com/

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/in/vitali-kremez-021905104/

Search URL Search Domain Scan URL

URL: https://twitter.com/vk_intel

Search URL Search Domain Scan URL

URL: https://t.co/KSVCt3gt1s
Title: https://t.co/KSVCt3gt1s

Search URL Search Domain Scan URL

URL: http://twitter.com/sentinelone/statuses/1216778863721644032
Title: 21 hours ago

Search URL Search Domain Scan URL

URL: https://t.co/XrYAWeUofZ
Title: https://t.co/XrYAWeUofZ

Search URL Search Domain Scan URL

URL: http://twitter.com/sentinelone/statuses/1217086984633622528
Title: about 1 hour ago

Search URL Search Domain Scan URL

URL: https://t.co/KZtIMC2lgV
Title: https://t.co/KZtIMC2lgV

Search URL Search Domain Scan URL

URL: https://t.co/oOpBlGqCih
Title: https://t.co/oOpBlGqCih

Search URL Search Domain Scan URL

URL: http://twitter.com/sentinelone/statuses/1217070873624174592
Title: 2 hours ago

Search URL Search Domain Scan URL

URL: https://t.co/CMZwqXji9n
Title: https://t.co/CMZwqXji9n

Search URL Search Domain Scan URL

URL: https://t.co/Xkavwx0qwU
Title: https://t.co/Xkavwx0qwU

Search URL Search Domain Scan URL

URL: https://t.co/mxtO34u4Dg
Title: https://t.co/mxtO34u4Dg

Search URL Search Domain Scan URL

URL: http://twitter.com/sentinelone/statuses/1216890436087898116
Title: 14 hours ago

Search URL Search Domain Scan URL

URL: http://twitter.com/vk_intel/statuses/1216778863721644032
Title: 21 hours ago

Search URL Search Domain Scan URL

URL: http://twitter.com/vk_intel/statuses/1217086984633622528
Title: about 1 hour ago

Search URL Search Domain Scan URL

URL: http://twitter.com/vk_intel/statuses/1217070873624174592
Title: 2 hours ago

Search URL Search Domain Scan URL

URL: http://twitter.com/vk_intel/statuses/1216890436087898116
Title: 14 hours ago

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 16

https://cloud.typography.com/7197018/6979812/css/fonts.css?ver=c53d158056e87ee64615e0d54debd596 HTTP 302
https://www.sentinelone.com/fonts/757601/326C1D40B8C679105.css

93 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/ 105 KB
25 KB 655ms
622ms Document
text/html 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

8c87292f643bc724da28fecbbe949021a3b23c3ffa202aa5c2aac6c5776db7a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

:method: GET
:authority: labs.sentinelone.com
:scheme: https
:path: /top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
sec-fetch-user: ?1
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: none
sec-fetch-mode: navigate
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Sec-Fetch-User: ?1

Response headers

status: 200
cache-control: public, max-age=600
content-encoding: gzip
content-type: text/html; charset=UTF-8
link: <https://labs.sentinelone.com/wp-json/>; rel="https://api.w.org/" <https://labs.sentinelone.com/?p=25657>; rel=shortlink
server: nginx
set-cookie: pvc_visits[0]=1579101304b25657; expires=Wed, 15-Jan-2020 15:15:04 GMT; Max-Age=86400; path=/; secure; HttpOnly
strict-transport-security: max-age=300
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-q92t2
x-pingback: https://labs.sentinelone.com/xmlrpc.php
x-styx-req-id: a42ecaaa-36e0-11ea-968c-96f42a6af28b
date: Tue, 14 Jan 2020 15:15:04 GMT
x-served-by: cache-mdw17375-MDW, cache-fra19130-FRA
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1579014904.269620,VS0,VE615
vary: Accept-Encoding, Cookie, Cookie
age: 0
accept-ranges: bytes
via: 1.1 varnish

GET
H2 200 style.min.css
labs.sentinelone.com/wp-includes/css/dist/block-library/ 40 KB
8 KB 7ms
5ms Stylesheet
text/css 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.sentinelone.com/wp-includes/css/dist/block-library/style.min.css?ver=c53d158056e87ee64615e0d54debd596

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

d9662b4b9ba6c2c3691ce0acd4572e027366eb97d6070550a13429262bb0037f

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
age: 458506
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:04 GMT
x-cache-hits: 1, 1
content-length: 7582
x-served-by: cache-mdw17344-MDW, cache-fra19130-FRA
last-modified: Thu, 09 Jan 2020 07:40:51 GMT
server: nginx
x-timer: S1579014905.950987,VS0,VE1
etag: W/"5e16d903-a1fb"
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish
expires: Sat, 09 Jan 2021 07:53:18 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 197d878b-32b5-11ea-b587-0674a8ecb5fb
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-fznds

GET
H2 200 styles.css
labs.sentinelone.com/wp-content/plugins/contact-form-7/includes/css/ 2 KB
899 B 9ms
6ms Stylesheet
text/css 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.sentinelone.com/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.1.6

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

f774ddac3ffce309e5ff2659a59e8e7291da314d213f24c1aa04b9ea2bc46586

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
age: 458506
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:04 GMT
x-cache-hits: 1, 1
content-length: 699
x-served-by: cache-mdw17352-MDW, cache-fra19130-FRA
last-modified: Thu, 09 Jan 2020 07:40:50 GMT
server: nginx
x-timer: S1579014905.953392,VS0,VE1
etag: W/"5e16d902-66d"
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish
expires: Sat, 09 Jan 2021 07:53:18 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 197dd4f1-32b5-11ea-968c-96f42a6af28b
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-q92t2

GET
H2 200 style.css
labs.sentinelone.com/wp-content/plugins/invitations-for-slack/invitations-for-slack/assets/ 4 KB
1 KB 9ms
6ms Stylesheet
text/css 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.sentinelone.com/wp-content/plugins/invitations-for-slack/invitations-for-slack/assets/style.css?ver=c53d158056e87ee64615e0d54debd596

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

61fd30b9ee3933d916d6a53b10d7100e3ece7d6760ccbaa6ed41499c1daf0a07

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
age: 458506
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:04 GMT
x-cache-hits: 1, 1
content-length: 1255
x-served-by: cache-mdw17328-MDW, cache-fra19130-FRA
last-modified: Thu, 09 Jan 2020 07:40:50 GMT
server: nginx
x-timer: S1579014905.953366,VS0,VE1
etag: W/"5e16d902-11a3"
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish
expires: Sat, 09 Jan 2021 07:53:18 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 197dd45a-32b5-11ea-afc5-eec98c31dec4
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-cqbw6

GET
H2 200 font-awesome.min.css
labs.sentinelone.com/wp-content/plugins/meks-flexible-shortcodes/css/font-awesome/css/ 28 KB
8 KB 10ms
7ms Stylesheet
text/css 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.sentinelone.com/wp-content/plugins/meks-flexible-shortcodes/css/font-awesome/css/font-awesome.min.css?ver=1.3.1

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

6f005368978df37b680de2dc8a22007a600378ba5568a573432a3fdeb8bdb674

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
age: 458506
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:04 GMT
x-cache-hits: 1, 1
content-length: 7496
x-served-by: cache-mdw17381-MDW, cache-fra19130-FRA
last-modified: Thu, 09 Jan 2020 07:40:51 GMT
server: nginx
x-timer: S1579014905.953782,VS0,VE1
etag: W/"5e16d903-7189"
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish
expires: Sat, 09 Jan 2021 07:53:18 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 197e1b53-32b5-11ea-9d2e-7e85201e91c1
x-pantheon-styx-hostname: styx-fe3-a-6578c47759-5gfgb

GET
H2 200 simple-line-icons.css
labs.sentinelone.com/wp-content/plugins/meks-flexible-shortcodes/css/simple-line/ 11 KB
3 KB 10ms
7ms Stylesheet
text/css 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.sentinelone.com/wp-content/plugins/meks-flexible-shortcodes/css/simple-line/simple-line-icons.css?ver=1.3.1

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

f293486948d4cba26c6b835bdd574b4085e62da749b86019f5f6fab3535b0e39

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
age: 458506
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:04 GMT
x-cache-hits: 1, 1
content-length: 2502
x-served-by: cache-mdw17342-MDW, cache-fra19130-FRA
last-modified: Thu, 09 Jan 2020 07:40:51 GMT
server: nginx
x-timer: S1579014905.953773,VS0,VE1
etag: W/"5e16d903-2d25"
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish
expires: Sat, 09 Jan 2021 07:53:18 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 197e2c7a-32b5-11ea-9b11-72bc9b86ffd4
x-pantheon-styx-hostname: styx-fe3-a-6578c47759-s89pk

GET
H2 200 style.css
labs.sentinelone.com/wp-content/plugins/meks-flexible-shortcodes/css/ 15 KB
3 KB 12ms
9ms Stylesheet
text/css 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.sentinelone.com/wp-content/plugins/meks-flexible-shortcodes/css/style.css?ver=1.3.1

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

4bc4b508bb0ccc41052f6a18eb23441543da2d209c152f62577e954367b4d62d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
age: 458506
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:04 GMT
x-cache-hits: 1, 1
content-length: 3306
x-served-by: cache-mdw17356-MDW, cache-fra19130-FRA
last-modified: Thu, 09 Jan 2020 07:40:51 GMT
server: nginx
x-timer: S1579014905.953775,VS0,VE1
etag: W/"5e16d903-3c15"
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish
expires: Sat, 09 Jan 2021 07:53:18 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 197e9f41-32b5-11ea-9b11-72bc9b86ffd4
x-pantheon-styx-hostname: styx-fe3-a-6578c47759-s89pk

GET
H2 200 dashicons.min.css
labs.sentinelone.com/wp-includes/css/ 46 KB
29 KB 11ms
8ms Stylesheet
text/css 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.sentinelone.com/wp-includes/css/dashicons.min.css?ver=c53d158056e87ee64615e0d54debd596

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

18aa66c192cbef43a61b1398c292ae5c6c1d40d679428ee998b1c6bfaf61d75a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
age: 458506
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:04 GMT
x-cache-hits: 1, 1
content-length: 29797
x-served-by: cache-mdw17355-MDW, cache-fra19130-FRA
last-modified: Thu, 09 Jan 2020 07:40:51 GMT
server: nginx
x-timer: S1579014905.953759,VS0,VE1
etag: W/"5e16d903-b9c6"
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish
expires: Sat, 09 Jan 2021 07:53:18 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 197f86a6-32b5-11ea-b587-0674a8ecb5fb
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-fznds

GET
H2 200 frontend.css
labs.sentinelone.com/wp-content/plugins/post-views-counter/css/ 289 B
401 B 10ms
8ms Stylesheet
text/css 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.sentinelone.com/wp-content/plugins/post-views-counter/css/frontend.css?ver=1.3.1

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

f46d96d805c7e9e467422dfe516c43edb4632c0273cea26722fee7ba885f869e

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
age: 458506
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:04 GMT
x-cache-hits: 1, 1
content-length: 201
x-served-by: cache-mdw17337-MDW, cache-fra19130-FRA
last-modified: Thu, 09 Jan 2020 07:40:51 GMT
server: nginx
x-timer: S1579014905.953752,VS0,VE1
etag: W/"5e16d903-121"
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish
expires: Sat, 09 Jan 2021 07:53:18 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 197f964a-32b5-11ea-968c-96f42a6af28b
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-q92t2

GET
H2 200 tp_twitter_plugin.css
labs.sentinelone.com/wp-content/plugins/recent-tweets-widget/ 529 B
438 B 9ms
7ms Stylesheet
text/css 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.sentinelone.com/wp-content/plugins/recent-tweets-widget/tp_twitter_plugin.css?ver=1.0

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

3109fef8b2a9ab71fca698483d2bae36d8fed772517c259dacce872e739bb690

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
age: 458506
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:04 GMT
x-cache-hits: 1, 1
content-length: 286
x-served-by: cache-mdw17336-MDW, cache-fra19130-FRA
last-modified: Thu, 09 Jan 2020 07:40:51 GMT
server: nginx
x-timer: S1579014905.953727,VS0,VE1
etag: W/"5e16d903-211"
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish
expires: Sat, 09 Jan 2021 07:53:18 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 197f99c3-32b5-11ea-b587-0674a8ecb5fb
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-fznds

GET
H2 200 asiana.plugins.css
labs.sentinelone.com/wp-content/themes/asiana/assets/css/ 114 KB
26 KB 17ms
14ms Stylesheet
text/css 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.sentinelone.com/wp-content/themes/asiana/assets/css/asiana.plugins.css?ver=1.2

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

a470dd851d641f475025281f279294e780b628d7ce461dc1d136c4fc9982eeab

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
age: 458506
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:04 GMT
x-cache-hits: 1, 1
content-length: 26859
x-served-by: cache-mdw17352-MDW, cache-fra19130-FRA
last-modified: Thu, 09 Jan 2020 07:40:51 GMT
server: nginx
x-timer: S1579014905.953716,VS0,VE1
etag: W/"5e16d903-1c669"
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish
expires: Sat, 09 Jan 2021 07:53:18 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 197ff516-32b5-11ea-9b11-72bc9b86ffd4
x-pantheon-styx-hostname: styx-fe3-a-6578c47759-s89pk

GET
H2 200 style.css
labs.sentinelone.com/wp-content/themes/asiana-child/ 200 B
319 B 11ms
8ms Stylesheet
text/css 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.sentinelone.com/wp-content/themes/asiana-child/style.css?ver=1.2

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

a499f48ecde7f3facc8bca422454fdd01015a0dc66ec7a6b9cbe0892aae09dbc

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
age: 458506
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:04 GMT
x-cache-hits: 2, 1
content-length: 163
x-served-by: cache-mdw17365-MDW, cache-fra19130-FRA
last-modified: Thu, 09 Jan 2020 07:40:51 GMT
server: nginx
x-timer: S1579014905.953693,VS0,VE1
etag: W/"5e16d903-c8"
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish
expires: Sat, 09 Jan 2021 07:53:18 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 197fe819-32b5-11ea-968c-96f42a6af28b
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-q92t2

GET
H2 200 css
fonts.googleapis.com/ 2 KB
544 B 21ms
19ms Stylesheet
text/css 2a00:1450:4001:824::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=IBM+Plex+Sans:500

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

bda8e776b23a6138e8ed44876c17b5fde2b4653bd24aec06d3acf676dca7026a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 14 Jan 2020 15:15:04 GMT
server: ESF
access-control-allow-origin: *
date: Tue, 14 Jan 2020 15:15:04 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Tue, 14 Jan 2020 15:15:04 GMT

GET
H2 200 css
fonts.googleapis.com/ 811 B
448 B 20ms
18ms Stylesheet
text/css 2a00:1450:4001:824::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Raleway:600

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

14628e30e822087d9e8607e160805e8a06832db4469f2db858f87583fe5a21cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 14 Jan 2020 15:15:04 GMT
server: ESF
access-control-allow-origin: *
date: Tue, 14 Jan 2020 15:15:04 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Tue, 14 Jan 2020 15:15:04 GMT

GET
H2 200 style.css
labs.sentinelone.com/wp-content/themes/asiana-child/ 200 B
321 B 16ms
14ms Stylesheet
text/css 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.sentinelone.com/wp-content/themes/asiana-child/style.css

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

a499f48ecde7f3facc8bca422454fdd01015a0dc66ec7a6b9cbe0892aae09dbc

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
age: 458506
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:04 GMT
x-cache-hits: 1, 1
content-length: 163
x-served-by: cache-mdw17345-MDW, cache-fra19130-FRA
last-modified: Thu, 09 Jan 2020 07:40:51 GMT
server: nginx
x-timer: S1579014905.954152,VS0,VE1
etag: W/"5e16d903-c8"
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish
expires: Sat, 09 Jan 2021 07:53:18 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 197fef19-32b5-11ea-968c-96f42a6af28b
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-q92t2

GET
H2 200 overlay.css
app.cdn.lookbookhq.com/libraries/overlay/ 596 B
963 B 108ms
30ms Stylesheet
text/css 143.204.101.96
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://app.cdn.lookbookhq.com/libraries/overlay/overlay.css?ver=c53d158056e87ee64615e0d54debd596
Requested by: Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.101.96 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-101-96.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 07161bc89c289b1bc71c214f79cc91cc7e1637c66c4cbbe6f92d3b2971c7965c

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

x-amz-version-id: SUqjeJartVa7GV7uwJ4iPvhMKYz5gDYe
via: 1.1 a09186728c1bcdf0a561aedd92656804.cloudfront.net (CloudFront)
last-modified: Thu, 01 Jun 2017 14:24:55 GMT
server: AmazonS3
age: 54016
etag: "d7a5747bc2a73f08ffd987439546b9ef"
x-cache: Hit from cloudfront
content-type: text/css
status: 200
date: Tue, 14 Jan 2020 00:14:50 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 596
x-amz-cf-id: 8SIAObbikPlnAWPEkhqAWJIHGfxhaSLBC27Xc2YA7fwHlHEfXpMuGg==

GET
H2 200 tomorrow-night-blue.min.css
cdnjs.cloudflare.com/ajax/libs/highlight.js/9.15.10/styles/ 630 B
422 B 14ms
12ms Stylesheet
text/css 2606:4700::6811:4004
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.15.10/styles/tomorrow-night-blue.min.css?ver=c53d158056e87ee64615e0d54debd596

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4004 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e4aafb4988825fef255b33b8a5f04fc98f7c77151704e6dc74ec3cb5cb85fd06

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Tue, 14 Jan 2020 15:15:04 GMT
content-encoding: br
cf-cache-status: HIT
age: 619661
cf-ray: 55509033f8bcd6f5-FRA
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
alt-svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified: Tue, 20 Aug 2019 04:15:55 GMT
server: cloudflare
etag: W/"5d5b73fb-276"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
expires: Sun, 03 Jan 2021 15:15:04 GMT
cache-control: public, max-age=30672000
timing-allow-origin: *
served-in-seconds: 0.000

GET
H2

200

326C1D40B8C679105.css
www.sentinelone.com/fonts/757601/
Redirect Chain

https://cloud.typography.com/7197018/6979812/css/fonts.css?ver=c53d158056e87ee64615e0d54debd596
https://www.sentinelone.com/fonts/757601/326C1D40B8C679105.css

103 KB
77 KB

44ms
26ms

Stylesheet
text/css

104.24.116.125
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sentinelone.com/fonts/757601/326C1D40B8C679105.css

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.116.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

751ff3fe1cf446444392733d0649fe6f9c1d6702d8c0ed3f57692aaf1dcde3da

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Tue, 14 Jan 2020 15:15:05 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 4674936
cf-polished: origSize=106796
x-cache: HIT, HIT
status: 200
last-modified: Wed, 20 Nov 2019 19:38:40 GMT
x-cache-hits: 1, 1
strict-transport-security: max-age=300
content-encoding: br
x-served-by: cache-mdw17380-MDW, cache-lcy19236-LCY
cf-bgj: minify
server: cloudflare
x-timer: S1574339969.254079,VS0,VE2
etag: W/"5dd59640-1a12c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: 65446c5f-0bcd-11ea-b831-c61795793a30
expires: Fri, 20 Nov 2020 19:38:58 GMT
cache-control: max-age=31622400
cf-ray: 55509034eae7dc4b-LHR
x-pantheon-styx-hostname: styx-fe4-a-b955b494b-n88wv

Redirect headers

Date: Tue, 14 Jan 2020 15:15:05 GMT
Last-Modified: Wed, 20 Nov 2019 19:39:08 GMT
Server: Apache
ETag: "3ed053d9cd8e320b79cb356171e40852:1574278748"
Vary: Accept-Encoding
Content-Type: text/html
Location: https://www.sentinelone.com/fonts/757601/326C1D40B8C679105.css
Cache-Control: must-revalidate, private
Connection: keep-alive
X-HCo-pid: 14
Content-Length: 154
Expires: Tue, 14 January 2020 15:15:05 GMT

GET
H2 200 style.min.css
labs.sentinelone.com/wp-content/themes/asiana-child/assets/css/ 107 KB
21 KB 10ms
9ms Stylesheet
text/css 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.sentinelone.com/wp-content/themes/asiana-child/assets/css/style.min.css?ver=1578962243

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

6b919f177684b2ed2346618a1a6c3a4d2c1eb7b681571202b657bf3bb154a482

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
age: 52538
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:04 GMT
x-cache-hits: 1, 1
content-length: 21648
x-served-by: cache-mdw17373-MDW, cache-fra19130-FRA
last-modified: Tue, 14 Jan 2020 00:37:23 GMT
server: nginx
x-timer: S1579014905.954145,VS0,VE1
etag: W/"5e1d0d43-1aa3a"
vary: Accept-Encoding
content-type: text/css
via: 1.1 varnish
expires: Thu, 14 Jan 2021 00:39:26 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 5163a1a4-3666-11ea-9e30-86e319e7906e
x-pantheon-styx-hostname: styx-fe3-a-6578c47759-ndwpf

GET
H2 200 jquery.js Show response
labs.sentinelone.com/wp-includes/js/jquery/ 95 KB
39 KB 19ms
17ms Script
application/x-javascript 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.sentinelone.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
age: 458506
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:04 GMT
x-cache-hits: 1, 1
content-length: 39399
x-served-by: cache-mdw17341-MDW, cache-fra19130-FRA
last-modified: Thu, 09 Jan 2020 07:40:51 GMT
server: nginx
x-timer: S1579014905.954103,VS0,VE2
etag: W/"5e16d903-17a69"
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish
expires: Sat, 09 Jan 2021 07:53:18 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 198039bc-32b5-11ea-afc5-eec98c31dec4
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-cqbw6

GET
H2 200 jquery-migrate.min.js Show response
labs.sentinelone.com/wp-includes/js/jquery/ 10 KB
4 KB 11ms
9ms Script
application/x-javascript 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.sentinelone.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
age: 458506
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:04 GMT
x-cache-hits: 1, 1
content-length: 4306
x-served-by: cache-mdw17363-MDW, cache-fra19130-FRA
last-modified: Thu, 09 Jan 2020 07:40:51 GMT
server: nginx
x-timer: S1579014905.954081,VS0,VE1
etag: W/"5e16d903-2748"
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish
expires: Sat, 09 Jan 2021 07:53:18 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 197ff08a-32b5-11ea-afc5-eec98c31dec4
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-cqbw6

GET
H2 200 script.js Show response
labs.sentinelone.com/wp-content/plugins/invitations-for-slack/invitations-for-slack/scripts/ 6 KB
2 KB 15ms
14ms Script
application/x-javascript 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.sentinelone.com/wp-content/plugins/invitations-for-slack/invitations-for-slack/scripts/script.js?ver=1.0.2

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

ce901532c3b54288f4bbbaf16b5e8e78ea9e99942526fc3cb59035d6590972fa

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
age: 458506
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:04 GMT
x-cache-hits: 1, 1
content-length: 2180
x-served-by: cache-mdw17362-MDW, cache-fra19130-FRA
last-modified: Thu, 09 Jan 2020 07:40:50 GMT
server: nginx
x-timer: S1579014905.954120,VS0,VE1
etag: W/"5e16d902-19f1"
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish
expires: Sat, 09 Jan 2021 07:53:18 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 197fe38a-32b5-11ea-9b11-72bc9b86ffd4
x-pantheon-styx-hostname: styx-fe3-a-6578c47759-s89pk

GET
H2 200 forms2.min.js Show response
go.sentinelone.com/js/forms2/js/ 169 KB
56 KB 94ms
37ms Script
application/x-javascript 104.24.116.125
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://go.sentinelone.com/js/forms2/js/forms2.min.js?ver=c53d158056e87ee64615e0d54debd596

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.116.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

321bbcc4cc57483b7e329186e5159498b668ddde87cb64696ddcdc95176cce82

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Tue, 14 Jan 2020 15:15:05 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Wed, 25 Sep 2019 18:55:06 GMT
server: cloudflare
age: 2624
etag: W/"8a0ba3-2a536-5936530f69680"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=14400
cf-ray: 555090345979dc4b-LHR

GET
H2 200 overlay.js Show response
app.cdn.lookbookhq.com/libraries/overlay/ 3 KB
1 KB 108ms
31ms Script
application/javascript 143.204.101.96
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://app.cdn.lookbookhq.com/libraries/overlay/overlay.js?ver=c53d158056e87ee64615e0d54debd596
Requested by: Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.101.96 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-101-96.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 1aa735fda9574e1475456e6da309329235dd2dc3155aabf30fd97434e46575b7

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

x-amz-version-id: null
content-encoding: gzip
last-modified: Tue, 29 Oct 2019 12:41:20 GMT
server: AmazonS3
age: 6994
date: Tue, 14 Jan 2020 13:18:32 GMT
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: 2XnIP4S0QtNGqA6tLK15YNxOn2L6dz4TdCiCMABkRAFpylLh48U_OQ==
via: 1.1 a09186728c1bcdf0a561aedd92656804.cloudfront.net (CloudFront)

GET
H2 200 highlight.min.js Show response
cdnjs.cloudflare.com/ajax/libs/highlight.js/9.15.10/ 49 KB
19 KB 17ms
16ms Script
application/javascript 2606:4700::6811:4004
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.15.10/highlight.min.js?ver=c53d158056e87ee64615e0d54debd596

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4004 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d73bbedc19cb615f4b76263ce6e5ccce28b76ddae47a5ca9dfb7b46724c0421d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Tue, 14 Jan 2020 15:15:04 GMT
content-encoding: br
cf-cache-status: HIT
age: 6509089
cf-ray: 55509033f8bed6f5-FRA
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
alt-svc: h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified: Tue, 20 Aug 2019 04:15:55 GMT
server: cloudflare
etag: W/"5d5b73fb-c343"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Sun, 03 Jan 2021 15:15:04 GMT
cache-control: public, max-age=30672000
timing-allow-origin: *
served-in-seconds: 0.001

GET
H2 200 header.js Show response
labs.sentinelone.com/wp-content/themes/asiana-child/assets/js/ 0
318 B 114ms
113ms Script
application/x-javascript 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.sentinelone.com/wp-content/themes/asiana-child/assets/js/header.js?ver=1578962243

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 52165
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-jp5mj
x-cache: HIT, MISS
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
content-length: 0
x-served-by: cache-mdw17352-MDW, cache-fra19130-FRA
last-modified: Tue, 14 Jan 2020 00:37:23 GMT
server: nginx
x-timer: S1579014905.954046,VS0,VE107
etag: "5e1d0d43-0"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: e05a555f-3666-11ea-a1e5-f2cc0323dd98
expires: Thu, 14 Jan 2021 00:43:26 GMT
cache-control: public, max-age=120
accept-ranges: bytes
x-cache-hits: 1, 0

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 73 KB
27 KB 27ms
26ms Script
application/javascript 2a00:1450:4001:821::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-38175129-3

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d83e2899646d1756fc2edbc51efd441dcd9969f636ebaabc29d40bdf6a147379

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Tue, 14 Jan 2020 15:15:04 GMT
content-encoding: br
last-modified: Tue, 14 Jan 2020 15:00:00 GMT
server: Google Tag Manager
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 27911
x-xss-protection: 0
expires: Tue, 14 Jan 2020 15:15:04 GMT

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 8 KB
3 KB 28ms
12ms Script
application/javascript 2606:4700::6812:e134
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js
Requested by: Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 500a7d7437cdd7815a4634727c8412440f3cb865998488e35439d58cbbc437b4

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Tue, 14 Jan 2020 15:15:04 GMT
content-encoding: gzip
cf-cache-status: HIT
server: cloudflare
age: 700
etag: W/"c6231dd157bb07e610c12c3670af2f26"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=43200
cf-ray: 555090341a11c28b-FRA
expires: Wed, 15 Jan 2020 03:15:04 GMT

GET
H2 200 SentinelLabs_Logo_RGB_WhitePurp.png
labs.sentinelone.com/wp-content/uploads/2019/10/ 5 KB
6 KB 7ms
7ms Image
image/png 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2019/10/SentinelLabs_Logo_RGB_WhitePurp.png

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

72fc1a57801612f9e297e1c1954410ff840c40e713a6b4b40b2596e80338c2ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 458500
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 5631
x-served-by: cache-mdw17360-MDW, cache-fra19130-FRA
last-modified: Mon, 30 Dec 2019 18:58:28 GMT
server: nginx
x-timer: S1579014905.032747,VS0,VE1
etag: "5e0a48d4-15ff"
content-type: image/png
x-styx-req-id: 1d027a8b-32b5-11ea-9d2e-7e85201e91c1
expires: Sat, 09 Jan 2021 07:53:24 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-a-6578c47759-5gfgb

GET
H2 200 sLABS_Blog_TrickbotTrick.jpg
labs.sentinelone.com/wp-content/uploads/2020/01/ 173 KB
173 KB 8ms
7ms Image
image/jpeg 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2020/01/sLABS_Blog_TrickbotTrick.jpg

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

28dcf64f09748ef76c2f9acc44d3550112a3732a63c4b633c6d0cf9f16214256

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 458404
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 176790
x-served-by: cache-mdw17374-MDW, cache-fra19130-FRA
last-modified: Wed, 08 Jan 2020 22:01:15 GMT
server: nginx
x-timer: S1579014905.039706,VS0,VE1
etag: "5e16512b-2b296"
content-type: image/jpeg
x-styx-req-id: 565e64a8-32b5-11ea-b587-0674a8ecb5fb
expires: Sat, 09 Jan 2021 07:55:00 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-fznds

GET
H2 200 SentinelLabs_publication_A1-1.png
labs.sentinelone.com/wp-content/uploads/2020/01/ 80 KB
80 KB 21ms
21ms Image
image/png 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2020/01/SentinelLabs_publication_A1-1.png

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

0cee31039a0a109d2bfd9351500382de96e31d826900c1e4b00815e70c8e7d5c

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 458404
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 81435
x-served-by: cache-mdw17350-MDW, cache-fra19130-FRA
last-modified: Wed, 08 Jan 2020 22:02:03 GMT
server: nginx
x-timer: S1579014905.040080,VS0,VE2
etag: "5e16515b-13e1b"
content-type: image/png
x-styx-req-id: 565d8540-32b5-11ea-9b11-72bc9b86ffd4
expires: Sat, 09 Jan 2021 07:55:00 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-a-6578c47759-s89pk

GET
H2 200 SentinelLabs_publication_C2.png
labs.sentinelone.com/wp-content/uploads/2020/01/ 141 KB
142 KB 8ms
8ms Image
image/png 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2020/01/SentinelLabs_publication_C2.png

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

914074eaea3b9f0c31d303f71e2bb04a9e91e9f7969df5829789ca30a849342e

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 458404
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 144603
x-served-by: cache-mdw17343-MDW, cache-fra19130-FRA
last-modified: Wed, 08 Jan 2020 22:02:57 GMT
server: nginx
x-timer: S1579014905.061857,VS0,VE2
etag: "5e165191-234db"
content-type: image/png
x-styx-req-id: 565fe791-32b5-11ea-968c-96f42a6af28b
expires: Sat, 09 Jan 2021 07:55:00 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-q92t2

GET
H2 200 PowerTrick-22.png
labs.sentinelone.com/wp-content/uploads/2020/01/ 85 KB
85 KB 13ms
13ms Image
image/png 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2020/01/PowerTrick-22.png

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

3d16368af5c4fd9ee2daeb8f75ed870008e64ff4f66ba1562f0d017f622d08a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 446518
x-cache: MISS, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 0, 1
content-length: 86762
x-served-by: cache-mdw17333-MDW, cache-fra19130-FRA
last-modified: Thu, 09 Jan 2020 07:04:15 GMT
server: nginx
x-timer: S1579014905.066405,VS0,VE2
etag: "5e16d06f-152ea"
content-type: image/png
x-styx-req-id: 0315c8ec-32d1-11ea-8c5d-1e2bd2440c8e
expires: Sat, 09 Jan 2021 11:13:06 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-a-6578c47759-nn97k

GET
H2 200 PowerTrick-20.png
labs.sentinelone.com/wp-content/uploads/2020/01/ 45 KB
46 KB 8ms
8ms Image
image/png 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2020/01/PowerTrick-20.png

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

ad28475ca2fb4023dd7f9af92787353a4aa4b6a66c4b8782dceefbfc485eec39

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 453030
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 46552
x-served-by: cache-mdw17351-MDW, cache-fra19130-FRA
last-modified: Thu, 09 Jan 2020 07:07:06 GMT
server: nginx
x-timer: S1579014905.078475,VS0,VE2
etag: "5e16d11a-b5d8"
content-type: image/png
x-styx-req-id: d98f1b75-32c1-11ea-9b11-72bc9b86ffd4
expires: Sat, 09 Jan 2021 09:24:34 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-a-6578c47759-s89pk

GET
H2 200 PowerTrick-6.png
labs.sentinelone.com/wp-content/uploads/2020/01/ 51 KB
51 KB 8ms
8ms Image
image/png 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2020/01/PowerTrick-6.png

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

0a40b610825908e14274286a2da94210b4cf54c724a14dca90f8ba3f962e5570

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 458029
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 52393
x-served-by: cache-mdw17378-MDW, cache-fra19130-FRA
last-modified: Thu, 09 Jan 2020 07:09:49 GMT
server: nginx
x-timer: S1579014905.085206,VS0,VE2
etag: "5e16d1bd-cca9"
content-type: image/png
x-styx-req-id: 35e0d177-32b6-11ea-9b11-72bc9b86ffd4
expires: Sat, 09 Jan 2021 08:01:15 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-a-6578c47759-s89pk

GET
H2 200 PowerTrick-12.png
labs.sentinelone.com/wp-content/uploads/2020/01/ 230 KB
230 KB 9ms
9ms Image
image/png 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2020/01/PowerTrick-12.png

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

8808ae9db20284c73cb88796aa7a7052d54b6de9d620dc42d9f952ba9f35cf47

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 458029
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 235580
x-served-by: cache-mdw17376-MDW, cache-fra19130-FRA
last-modified: Thu, 09 Jan 2020 07:11:04 GMT
server: nginx
x-timer: S1579014905.087841,VS0,VE2
etag: "5e16d208-3983c"
content-type: image/png
x-styx-req-id: 35e16577-32b6-11ea-b587-0674a8ecb5fb
expires: Sat, 09 Jan 2021 08:01:15 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-fznds

GET
H2 200 PowerTrick-13.png
labs.sentinelone.com/wp-content/uploads/2020/01/ 53 KB
53 KB 14ms
14ms Image
image/png 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2020/01/PowerTrick-13.png

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

f6e1edbfc61ac45b5e81d54a0b8b82a269c72235faa9dbad4310aaceb713ddac

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 458029
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 124
content-length: 54219
x-served-by: cache-mdw17324-MDW, cache-fra19130-FRA
last-modified: Thu, 09 Jan 2020 07:14:16 GMT
server: nginx
x-timer: S1579014905.095338,VS0,VE1
etag: "5e16d2c8-d3cb"
content-type: image/png
x-styx-req-id: 35e1d481-32b6-11ea-b587-0674a8ecb5fb
expires: Sat, 09 Jan 2021 08:01:15 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-fznds

GET
H2 200 PowerTrick-24.png
labs.sentinelone.com/wp-content/uploads/2020/01/ 27 KB
27 KB 7ms
7ms Image
image/png 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2020/01/PowerTrick-24.png

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

61c4934867dbc17f485e3eefe951c05d6df5899f4615e76ec6f37304d8383e54

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 458404
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 27686
x-served-by: cache-mdw17334-MDW, cache-fra19130-FRA
last-modified: Thu, 09 Jan 2020 07:12:41 GMT
server: nginx
x-timer: S1579014905.109098,VS0,VE1
etag: "5e16d269-6c26"
content-type: image/png
x-styx-req-id: 5665b7b7-32b5-11ea-9d2e-7e85201e91c1
expires: Sat, 09 Jan 2021 07:55:00 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-a-6578c47759-5gfgb

GET
H2 200 PowerTrick-23-1.png
labs.sentinelone.com/wp-content/uploads/2020/01/ 121 KB
121 KB 11ms
11ms Image
image/png 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2020/01/PowerTrick-23-1.png

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

1aba4fa23ac65b483872b62dcf9962e2b7560bcf30cbb0ed6acf1f92d1f69fb9

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 458405
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 3, 1
content-length: 123900
x-served-by: cache-mdw17321-MDW, cache-fra19130-FRA
last-modified: Thu, 09 Jan 2020 07:16:33 GMT
server: nginx
x-timer: S1579014905.115054,VS0,VE5
etag: "5e16d351-1e3fc"
content-type: image/png
x-styx-req-id: 5665d4e0-32b5-11ea-b587-0674a8ecb5fb
expires: Sat, 09 Jan 2021 07:55:00 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-fznds

GET
H2 200 SentinelLabs_publication_B1.png
labs.sentinelone.com/wp-content/uploads/2020/01/ 75 KB
75 KB 13ms
13ms Image
image/png 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2020/01/SentinelLabs_publication_B1.png

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

d979fc6f76817575bb643bdbca9582e5cfcbfd58cfdba51ca01e5d848c3b426d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 458404
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 76746
x-served-by: cache-mdw17340-MDW, cache-fra19130-FRA
last-modified: Wed, 08 Jan 2020 22:03:35 GMT
server: nginx
x-timer: S1579014905.118968,VS0,VE2
etag: "5e1651b7-12bca"
content-type: image/png
x-styx-req-id: 5665e72b-32b5-11ea-9b11-72bc9b86ffd4
expires: Sat, 09 Jan 2021 07:55:00 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-a-6578c47759-s89pk

GET
H2 200 Figure-7-decoded-script.jpg
labs.sentinelone.com/wp-content/uploads/2020/01/ 32 KB
32 KB 9ms
8ms Image
image/jpeg 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2020/01/Figure-7-decoded-script.jpg

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

848581d7e518909a138e66540606d26ce65c2d986e19a1f10c85c263fa0407b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 447795
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 32986
x-served-by: cache-mdw17333-MDW, cache-fra19130-FRA
last-modified: Wed, 08 Jan 2020 18:36:20 GMT
server: nginx
x-timer: S1579014905.133251,VS0,VE1
etag: "5e162124-80da"
content-type: image/jpeg
x-styx-req-id: 0a3309a8-32ce-11ea-8c5d-1e2bd2440c8e
expires: Sat, 09 Jan 2021 10:51:50 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-a-6578c47759-nn97k

GET
H2 200 PowerTrick-7.png
labs.sentinelone.com/wp-content/uploads/2020/01/ 75 KB
75 KB 8ms
8ms Image
image/png 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2020/01/PowerTrick-7.png

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

77293e371434adb132727ae06bce7cbc58f58cbce1e8c62dda978f47e89d2b6d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 458405
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 2, 1
content-length: 76611
x-served-by: cache-mdw17382-MDW, cache-fra19130-FRA
last-modified: Thu, 09 Jan 2020 07:23:29 GMT
server: nginx
x-timer: S1579014905.134746,VS0,VE2
etag: "5e16d4f1-12b43"
content-type: image/png
x-styx-req-id: 5661bdb8-32b5-11ea-968c-96f42a6af28b
expires: Sat, 09 Jan 2021 07:55:00 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-q92t2

GET
H2 200 12-launch-as-powershell.jpg
labs.sentinelone.com/wp-content/uploads/2020/01/ 58 KB
59 KB 8ms
6ms Image
image/jpeg 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2020/01/12-launch-as-powershell.jpg

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

2257bcf087d3c8264ff2e3893766dd4ece80a58af48176319ef2e77d1a06bccf

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 458405
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 59861
x-served-by: cache-mdw17339-MDW, cache-fra19130-FRA
last-modified: Wed, 08 Jan 2020 18:00:57 GMT
server: nginx
x-timer: S1579014905.197265,VS0,VE2
etag: "5e1618d9-e9d5"
content-type: image/jpeg
x-styx-req-id: 5665d661-32b5-11ea-9b11-72bc9b86ffd4
expires: Sat, 09 Jan 2021 07:55:00 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-a-6578c47759-s89pk

GET
H2 200 13-check-filesytem.jpg
labs.sentinelone.com/wp-content/uploads/2020/01/ 36 KB
37 KB 11ms
7ms Image
image/jpeg 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2020/01/13-check-filesytem.jpg

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

292ad3950dc82baae5497f5b171fa7bfc23400f0dc54e224c6b68b3abc2a2140

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 458405
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 37300
x-served-by: cache-mdw17342-MDW, cache-fra19130-FRA
last-modified: Wed, 08 Jan 2020 18:01:00 GMT
server: nginx
x-timer: S1579014905.200480,VS0,VE1
etag: "5e1618dc-91b4"
content-type: image/jpeg
x-styx-req-id: 5665dd53-32b5-11ea-afc5-eec98c31dec4
expires: Sat, 09 Jan 2021 07:55:00 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-cqbw6

GET
H2 200 15-script-to-download-DNS.jpg
labs.sentinelone.com/wp-content/uploads/2020/01/ 40 KB
40 KB 12ms
9ms Image
image/jpeg 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2020/01/15-script-to-download-DNS.jpg

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

01e443bb83f4f557c61c090445692c824c562cab21340224e7e2c45c16362093

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 458405
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 40980
x-served-by: cache-mdw17355-MDW, cache-fra19130-FRA
last-modified: Wed, 08 Jan 2020 18:01:03 GMT
server: nginx
x-timer: S1579014905.200459,VS0,VE1
etag: "5e1618df-a014"
content-type: image/jpeg
x-styx-req-id: 5665f842-32b5-11ea-afc5-eec98c31dec4
expires: Sat, 09 Jan 2021 07:55:00 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-cqbw6

GET
H2 200 14-verify-download.jpg
labs.sentinelone.com/wp-content/uploads/2020/01/ 44 KB
44 KB 19ms
16ms Image
image/jpeg 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2020/01/14-verify-download.jpg

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

67f3087b7441cade77ae57bac886f0e9cccfb70db7629e66f3709bc914047abe

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 446517
x-cache: MISS, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 0, 1
content-length: 44999
x-served-by: cache-mdw17329-MDW, cache-fra19130-FRA
last-modified: Wed, 08 Jan 2020 18:01:02 GMT
server: nginx
x-timer: S1579014905.201435,VS0,VE1
etag: "5e1618de-afc7"
content-type: image/jpeg
x-styx-req-id: 03844b50-32d1-11ea-9b11-72bc9b86ffd4
expires: Sat, 09 Jan 2021 11:13:07 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-a-6578c47759-s89pk

GET
H2 200 16-execute-and-schedule.jpg
labs.sentinelone.com/wp-content/uploads/2020/01/ 4 KB
4 KB 15ms
12ms Image
image/jpeg 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2020/01/16-execute-and-schedule.jpg

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

a9fbfbe98836a58d8a46d1b324dbf10423952ef2051ee300d6200483821ebd92

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 457841
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 4271
x-served-by: cache-mdw17375-MDW, cache-fra19130-FRA
last-modified: Wed, 08 Jan 2020 18:01:06 GMT
server: nginx
x-timer: S1579014905.201421,VS0,VE1
etag: "5e1618e2-10af"
content-type: image/jpeg
x-styx-req-id: a6097212-32b6-11ea-9d2e-7e85201e91c1
expires: Sat, 09 Jan 2021 08:04:23 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-a-6578c47759-5gfgb

GET
H2 200 17-recheck.jpg
labs.sentinelone.com/wp-content/uploads/2020/01/ 36 KB
37 KB 19ms
15ms Image
image/jpeg 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2020/01/17-recheck.jpg

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

292ad3950dc82baae5497f5b171fa7bfc23400f0dc54e224c6b68b3abc2a2140

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 457841
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 2, 1
content-length: 37300
x-served-by: cache-mdw17359-MDW, cache-fra19130-FRA
last-modified: Wed, 08 Jan 2020 18:01:07 GMT
server: nginx
x-timer: S1579014905.201403,VS0,VE2
etag: "5e1618e3-91b4"
content-type: image/jpeg
x-styx-req-id: a6097ec3-32b6-11ea-afc5-eec98c31dec4
expires: Sat, 09 Jan 2021 08:04:23 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-cqbw6

GET
H2 200 18-more-eggs-backdoor.jpg
labs.sentinelone.com/wp-content/uploads/2020/01/ 37 KB
37 KB 20ms
17ms Image
image/jpeg 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2020/01/18-more-eggs-backdoor.jpg

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

8103ad0ac90663f36b1eaced8b8c00e9506f02a288f7d6c3866488ee226f7bb1

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 457841
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 38111
x-served-by: cache-mdw17342-MDW, cache-fra19130-FRA
last-modified: Wed, 08 Jan 2020 18:01:10 GMT
server: nginx
x-timer: S1579014905.201387,VS0,VE2
etag: "5e1618e6-94df"
content-type: image/jpeg
x-styx-req-id: a60ab7ab-32b6-11ea-b587-0674a8ecb5fb
expires: Sat, 09 Jan 2021 08:04:23 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-fznds

GET
H2 200 19-more-directory-checking.jpg
labs.sentinelone.com/wp-content/uploads/2020/01/ 44 KB
44 KB 20ms
16ms Image
image/jpeg 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2020/01/19-more-directory-checking.jpg

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

3024bf21ad54170381261fbf63ab2c251f1af109b192705c9d330cd0e2122deb

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 457841
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 45009
x-served-by: cache-mdw17343-MDW, cache-fra19130-FRA
last-modified: Wed, 08 Jan 2020 18:01:13 GMT
server: nginx
x-timer: S1579014905.201373,VS0,VE1
etag: "5e1618e9-afd1"
content-type: image/jpeg
x-styx-req-id: a60b4169-32b6-11ea-968c-96f42a6af28b
expires: Sat, 09 Jan 2021 08:04:23 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-q92t2

GET
H2 200 20-executing-the-file.jpg
labs.sentinelone.com/wp-content/uploads/2020/01/ 4 KB
5 KB 16ms
12ms Image
image/jpeg 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2020/01/20-executing-the-file.jpg

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

b75616aa3dc69d9ea6cdf8f821de10a0047eec087ee2df1b8bc2c1124b73e116

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 457841
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 4432
x-served-by: cache-mdw17327-MDW, cache-fra19130-FRA
last-modified: Wed, 08 Jan 2020 18:01:15 GMT
server: nginx
x-timer: S1579014905.201344,VS0,VE1
etag: "5e1618eb-1150"
content-type: image/jpeg
x-styx-req-id: a60c87ce-32b6-11ea-9b11-72bc9b86ffd4
expires: Sat, 09 Jan 2021 08:04:23 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-a-6578c47759-s89pk

GET
H2 200 21-AV-check.jpg
labs.sentinelone.com/wp-content/uploads/2020/01/ 10 KB
10 KB 15ms
11ms Image
image/jpeg 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2020/01/21-AV-check.jpg

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

3be6996bbe5b731a0192eab1fc481d07618eaa7e44f4e499e977965fa3129176

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 457841
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 10465
x-served-by: cache-mdw17345-MDW, cache-fra19130-FRA
last-modified: Wed, 08 Jan 2020 18:01:17 GMT
server: nginx
x-timer: S1579014905.201331,VS0,VE1
etag: "5e1618ed-28e1"
content-type: image/jpeg
x-styx-req-id: a60ce990-32b6-11ea-8c5d-1e2bd2440c8e
expires: Sat, 09 Jan 2021 08:04:23 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-a-6578c47759-nn97k

GET
H2 200 22-process-checked.jpg
labs.sentinelone.com/wp-content/uploads/2020/01/ 2 KB
2 KB 15ms
12ms Image
image/jpeg 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2020/01/22-process-checked.jpg

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

8697a3a58da420197733108c7a09f183e2c72645f9c09d656d9f7ed73d53f3f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 457840
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 3, 1
content-length: 2239
x-served-by: cache-mdw17335-MDW, cache-fra19130-FRA
last-modified: Wed, 08 Jan 2020 18:01:18 GMT
server: nginx
x-timer: S1579014905.201304,VS0,VE1
etag: "5e1618ee-8bf"
content-type: image/jpeg
x-styx-req-id: a6290e73-32b6-11ea-afc5-eec98c31dec4
expires: Sat, 09 Jan 2021 08:04:24 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-cqbw6

GET
H2 200 23-task-killed.jpg
labs.sentinelone.com/wp-content/uploads/2020/01/ 3 KB
4 KB 14ms
11ms Image
image/jpeg 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2020/01/23-task-killed.jpg

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

f33abc38a1189281e32475456d8c41e21d2111600513d3cd87f054b360b5f0a9

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 457841
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 3373
x-served-by: cache-mdw17356-MDW, cache-fra19130-FRA
last-modified: Wed, 08 Jan 2020 18:01:19 GMT
server: nginx
x-timer: S1579014905.201292,VS0,VE1
etag: "5e1618ef-d2d"
content-type: image/jpeg
x-styx-req-id: a61218e5-32b6-11ea-968c-96f42a6af28b
expires: Sat, 09 Jan 2021 08:04:23 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-q92t2

GET
H2 200 PowerTrick-5.png
labs.sentinelone.com/wp-content/uploads/2020/01/ 29 KB
29 KB 14ms
11ms Image
image/png 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2020/01/PowerTrick-5.png

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

3a4d01f480d33bb7840c41abda97a5737269250633406a15542a80f2515a5554

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 456379
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 2, 1
content-length: 29612
x-served-by: cache-mdw17354-MDW, cache-fra19130-FRA
last-modified: Thu, 09 Jan 2020 08:28:35 GMT
server: nginx
x-timer: S1579014905.201327,VS0,VE1
etag: "5e16e433-73ac"
content-type: image/png
x-styx-req-id: 0dee988e-32ba-11ea-968c-96f42a6af28b
expires: Sat, 09 Jan 2021 08:28:46 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-q92t2

GET
H2 200 wp-emoji-release.min.js Show response
labs.sentinelone.com/wp-includes/js/ 14 KB
5 KB 11ms
8ms Script
application/x-javascript 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.sentinelone.com/wp-includes/js/wp-emoji-release.min.js?ver=c53d158056e87ee64615e0d54debd596

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

1a351abc3f3b435497ddb8a55f09268d3e641dc22455deac06cf0181a4de52ee

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
age: 458499
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 5221
x-served-by: cache-mdw17350-MDW, cache-fra19130-FRA
last-modified: Thu, 09 Jan 2020 07:40:51 GMT
server: nginx
x-timer: S1579014905.201250,VS0,VE1
etag: W/"5e16d903-362a"
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish
expires: Sat, 09 Jan 2021 07:53:25 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 1db602d0-32b5-11ea-8c5d-1e2bd2440c8e
x-pantheon-styx-hostname: styx-fe3-a-6578c47759-nn97k

GET
H2 200 074d3b2d8f577534abedaaa3a267263a
secure.gravatar.com/avatar/ 3 KB
4 KB 27ms
6ms Image
image/jpeg 2a04:fa87:fffe::c000:4902
Automattic

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://secure.gravatar.com/avatar/074d3b2d8f577534abedaaa3a267263a?s=120&d=mm&r=g
Requested by: Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:fa87:fffe::c000:4902 , Ireland, ASN2635 (AUTOMATTIC - Automattic, Inc, US),
Reverse DNS
Software: nginx /
Resource Hash: 4eae92c950cd91c1932acc28ad6e82e45887738fbfb1e25fb1f3f92aa9b05d9c

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

x-nc: HIT fra 2
date: Tue, 14 Jan 2020 15:15:05 GMT
last-modified: Thu, 07 Nov 2019 09:04:02 GMT
server: nginx
access-control-allow-origin: *
source-age: 1235577
content-type: image/jpeg
status: 200
cache-control: max-age=300
content-disposition: inline; filename="074d3b2d8f577534abedaaa3a267263a.jpeg"
accept-ranges: bytes
link: <https://www.gravatar.com/avatar/074d3b2d8f577534abedaaa3a267263a?s=120&d=mm&r=g>; rel="canonical"
content-length: 3484
expires: Tue, 14 Jan 2020 15:20:05 GMT

GET
H2 200 Maze-Ransomware-Update_-Extorting-and-Exposing-Victims-2.jpg
labs.sentinelone.com/wp-content/uploads/2019/12/ 73 KB
73 KB 17ms
15ms Image
image/jpeg 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2019/12/Maze-Ransomware-Update_-Extorting-and-Exposing-Victims-2.jpg

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

62c0a55062f57490110765f2b50221e45b05dfbc2438bb5d24cea266e2569092

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 458500
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 74878
x-served-by: cache-mdw17375-MDW, cache-fra19130-FRA
last-modified: Mon, 30 Dec 2019 18:58:28 GMT
server: nginx
x-timer: S1579014905.201238,VS0,VE2
etag: "5e0a48d4-1247e"
content-type: image/jpeg
x-styx-req-id: 1d0272a1-32b5-11ea-968c-96f42a6af28b
expires: Sat, 09 Jan 2021 07:53:24 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-q92t2

GET
H2 200 Trickbot-Update_-Brief-Analysis-of-a-Recent-Trickbot-Payload-1-750x480.jpg
labs.sentinelone.com/wp-content/uploads/2019/09/ 27 KB
27 KB 14ms
12ms Image
image/jpeg 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2019/09/Trickbot-Update_-Brief-Analysis-of-a-Recent-Trickbot-Payload-1-750x480.jpg

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

000f2b805c66e04d9f9e5b912425f29582ca8988b3548655513292b20295b078

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 458499
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 27441
x-served-by: cache-mdw17345-MDW, cache-fra19130-FRA
last-modified: Mon, 30 Dec 2019 18:58:28 GMT
server: nginx
x-timer: S1579014905.201233,VS0,VE1
etag: "5e0a48d4-6b31"
content-type: image/jpeg
x-styx-req-id: 1e3816a4-32b5-11ea-b587-0674a8ecb5fb
expires: Sat, 09 Jan 2021 07:53:26 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-fznds

GET
H2 200 INFO-STEALERS-_-HOW-MALWARE-HACKS-PRIVATE-USER-DATA-1-750x480.jpg
labs.sentinelone.com/wp-content/uploads/2019/09/ 44 KB
44 KB 18ms
15ms Image
image/jpeg 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2019/09/INFO-STEALERS-_-HOW-MALWARE-HACKS-PRIVATE-USER-DATA-1-750x480.jpg

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

9c92bf78aa825e62accc2e4d438bfe474ea1f43480cf6cce9230a694e9713670

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 458499
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 45225
x-served-by: cache-mdw17353-MDW, cache-fra19130-FRA
last-modified: Mon, 30 Dec 2019 18:58:28 GMT
server: nginx
x-timer: S1579014905.201197,VS0,VE2
etag: "5e0a48d4-b0a9"
content-type: image/jpeg
x-styx-req-id: 1db6109a-32b5-11ea-968c-96f42a6af28b
expires: Sat, 09 Jan 2021 07:53:25 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-q92t2

GET
H2 200 Detecting-macOS.GMERA-Malware-Through-Behavioral-Inspection-1-96x50.jpg
labs.sentinelone.com/wp-content/uploads/2019/09/ 5 KB
5 KB 10ms
8ms Image
image/jpeg 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2019/09/Detecting-macOS.GMERA-Malware-Through-Behavioral-Inspection-1-96x50.jpg

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

c9626e50b48c7eac583e1d08119dc8f9e2f050239af0a86e01ce45ce9bb13215

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 458499
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 5257
x-served-by: cache-mdw17372-MDW, cache-fra19130-FRA
last-modified: Mon, 30 Dec 2019 18:58:28 GMT
server: nginx
x-timer: S1579014905.201207,VS0,VE1
etag: "5e0a48d4-1489"
content-type: image/jpeg
x-styx-req-id: 1e48a3af-32b5-11ea-afc5-eec98c31dec4
expires: Sat, 09 Jan 2021 07:53:26 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-cqbw6

GET
H2 200 Cybercrime_-_Banload_-Banking-Malware-Implements-New-Techniques-for-Fraud-1-96x50.jpg
labs.sentinelone.com/wp-content/uploads/2019/05/ 5 KB
5 KB 19ms
17ms Image
image/jpeg 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2019/05/Cybercrime_-_Banload_-Banking-Malware-Implements-New-Techniques-for-Fraud-1-96x50.jpg

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

c76efd7801d5912d1d05862a3c3d093b13302dfafc600dc2f83acc7c2283efac

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 458499
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 5070
x-served-by: cache-mdw17382-MDW, cache-fra19130-FRA
last-modified: Mon, 30 Dec 2019 18:58:28 GMT
server: nginx
x-timer: S1579014905.202114,VS0,VE1
etag: "5e0a48d4-13ce"
content-type: image/jpeg
x-styx-req-id: 1e56511a-32b5-11ea-968c-96f42a6af28b
expires: Sat, 09 Jan 2021 07:53:26 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-q92t2

GET
H2 200 Trickbot-Update_-Brief-Analysis-of-a-Recent-Trickbot-Payload-1-96x50.jpg
labs.sentinelone.com/wp-content/uploads/2019/09/ 5 KB
5 KB 18ms
16ms Image
image/jpeg 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2019/09/Trickbot-Update_-Brief-Analysis-of-a-Recent-Trickbot-Payload-1-96x50.jpg

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

3caf2b5e54f582c661fbaccd69ce7987fe09acdd91ff88d3cc1798a2af0e04d4

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 458499
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 4732
x-served-by: cache-mdw17341-MDW, cache-fra19130-FRA
last-modified: Mon, 30 Dec 2019 18:58:28 GMT
server: nginx
x-timer: S1579014905.202098,VS0,VE1
etag: "5e0a48d4-127c"
content-type: image/jpeg
x-styx-req-id: 1e5d0a4f-32b5-11ea-afc5-eec98c31dec4
expires: Sat, 09 Jan 2021 07:53:26 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-cqbw6

GET
H2 200 Gootkit-Banking-Trojan-_-Part-3_-Retrieving-the-Final-Payload-1-96x50.jpg
labs.sentinelone.com/wp-content/uploads/2019/08/ 5 KB
5 KB 18ms
16ms Image
image/jpeg 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2019/08/Gootkit-Banking-Trojan-_-Part-3_-Retrieving-the-Final-Payload-1-96x50.jpg

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

394ffdb54bf2167a706991ef924133ba9fec4aeb05e15596c7d1a234a785f4fb

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 458498
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 2, 90
content-length: 5242
x-served-by: cache-mdw17331-MDW, cache-fra19130-FRA
last-modified: Mon, 30 Dec 2019 18:58:28 GMT
server: nginx
x-timer: S1579014905.202096,VS0,VE1
etag: "5e0a48d4-147a"
content-type: image/jpeg
x-styx-req-id: 1e5d00a6-32b5-11ea-9d2e-7e85201e91c1
expires: Sat, 09 Jan 2021 07:53:26 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-a-6578c47759-5gfgb

GET
H2 200 sLABS_Blog_TrickbotTrick-96x50.jpg
labs.sentinelone.com/wp-content/uploads/2020/01/ 3 KB
3 KB 18ms
16ms Image
image/jpeg 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2020/01/sLABS_Blog_TrickbotTrick-96x50.jpg

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

2f01115014dd443a057d6ed769ed2646d1d6bfa14395589b8cee7a5d202c0b54

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 447908
x-cache: MISS, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 0, 1
content-length: 2967
x-served-by: cache-mdw17329-MDW, cache-fra19130-FRA
last-modified: Wed, 08 Jan 2020 22:01:17 GMT
server: nginx
x-timer: S1579014905.202048,VS0,VE1
etag: "5e16512d-b97"
content-type: image/jpeg
x-styx-req-id: c696868e-32cd-11ea-b587-0674a8ecb5fb
expires: Sat, 09 Jan 2021 10:49:56 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-fznds

GET
H2 200 Maze-Ransomware-Update_-Extorting-and-Exposing-Victims-2-96x50.jpg
labs.sentinelone.com/wp-content/uploads/2019/12/ 5 KB
5 KB 16ms
14ms Image
image/jpeg 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2019/12/Maze-Ransomware-Update_-Extorting-and-Exposing-Victims-2-96x50.jpg

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

cb8787f231702f86051bb3e0467dd2c5227ed0a6ca0d1d3b8d8c6a27c544e3a8

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 458499
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 5034
x-served-by: cache-mdw17352-MDW, cache-fra19130-FRA
last-modified: Mon, 30 Dec 2019 18:58:28 GMT
server: nginx
x-timer: S1579014905.202045,VS0,VE1
etag: "5e0a48d4-13aa"
content-type: image/jpeg
x-styx-req-id: 1e5d21eb-32b5-11ea-9d2e-7e85201e91c1
expires: Sat, 09 Jan 2021 07:53:26 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-a-6578c47759-5gfgb

GET
H2 200 Planeswalker-3-96x50.jpg
labs.sentinelone.com/wp-content/uploads/2019/12/ 6 KB
6 KB 19ms
17ms Image
image/jpeg 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2019/12/Planeswalker-3-96x50.jpg

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

990ceb7910550faf641c1b31b57154f3f1991eeb8efc229689d7031acbef2fe9

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 458499
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 5795
x-served-by: cache-mdw17369-MDW, cache-fra19130-FRA
last-modified: Mon, 30 Dec 2019 18:58:28 GMT
server: nginx
x-timer: S1579014905.202083,VS0,VE1
etag: "5e0a48d4-16a3"
content-type: image/jpeg
x-styx-req-id: 1e6fcaa0-32b5-11ea-afc5-eec98c31dec4
expires: Sat, 09 Jan 2021 07:53:26 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-cqbw6

GET
H2 200 Privilege-Escalation-_-macOS-Malware-The-Path-to-Root-Part-1-1-96x50.jpg
labs.sentinelone.com/wp-content/uploads/2019/11/ 5 KB
5 KB 19ms
17ms Image
image/jpeg 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2019/11/Privilege-Escalation-_-macOS-Malware-The-Path-to-Root-Part-1-1-96x50.jpg

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

c4cdc87b582594a8758dc66d5290030dbb6493779840ae7dae02f8e765532e81

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 458499
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 4973
x-served-by: cache-mdw17342-MDW, cache-fra19130-FRA
last-modified: Mon, 30 Dec 2019 18:58:28 GMT
server: nginx
x-timer: S1579014905.202070,VS0,VE1
etag: "5e0a48d4-136d"
content-type: image/jpeg
x-styx-req-id: 1e795f0f-32b5-11ea-9d2e-7e85201e91c1
expires: Sat, 09 Jan 2021 07:53:26 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-a-6578c47759-5gfgb

GET
H2 200 scripts.js Show response
labs.sentinelone.com/wp-content/plugins/contact-form-7/includes/js/ 14 KB
5 KB 7ms
6ms Script
application/x-javascript 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.sentinelone.com/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=5.1.6

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

b7e17926b30342edecee8b3a93029ac51462e2b479277d8e077ba57173eb1900

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
age: 458501
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:04 GMT
x-cache-hits: 1, 1
content-length: 4724
x-served-by: cache-mdw17347-MDW, cache-fra19130-FRA
last-modified: Thu, 09 Jan 2020 07:40:50 GMT
server: nginx
x-timer: S1579014905.995722,VS0,VE1
etag: W/"5e16d902-3868"
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish
expires: Sat, 09 Jan 2021 07:53:24 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 1cefc185-32b5-11ea-968c-96f42a6af28b
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-q92t2

GET
H2 200 main.js Show response
labs.sentinelone.com/wp-content/plugins/meks-flexible-shortcodes/js/ 7 KB
2 KB 7ms
7ms Script
application/x-javascript 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.sentinelone.com/wp-content/plugins/meks-flexible-shortcodes/js/main.js?ver=1

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

02007cb9ea5401983a0a4a34d08c1a57c75484d0852194291e124c94b848d474

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
age: 458500
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:04 GMT
x-cache-hits: 2, 1
content-length: 1804
x-served-by: cache-mdw17340-MDW, cache-fra19130-FRA
last-modified: Thu, 09 Jan 2020 07:40:51 GMT
server: nginx
x-timer: S1579014905.995758,VS0,VE1
etag: W/"5e16d903-1d0b"
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish
expires: Sat, 09 Jan 2021 07:53:25 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 1d49a990-32b5-11ea-b587-0674a8ecb5fb
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-fznds

GET
H2 200 imagesloaded.min.js Show response
labs.sentinelone.com/wp-includes/js/ 8 KB
3 KB 8ms
8ms Script
application/x-javascript 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.sentinelone.com/wp-includes/js/imagesloaded.min.js?ver=3.2.0

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

11e15f1d64a63cb498d0d42720a688ed15bf78393d8c460d695a110244c066e3

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
age: 458500
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 2861
x-served-by: cache-mdw17372-MDW, cache-fra19130-FRA
last-modified: Thu, 09 Jan 2020 07:40:51 GMT
server: nginx
x-timer: S1579014905.003407,VS0,VE1
etag: W/"5e16d903-1fb1"
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish
expires: Sat, 09 Jan 2021 07:53:24 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 1cfbcfe6-32b5-11ea-968c-96f42a6af28b
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-q92t2

GET
H2 200 masonry.min.js Show response
labs.sentinelone.com/wp-includes/js/ 28 KB
10 KB 7ms
7ms Script
application/x-javascript 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.sentinelone.com/wp-includes/js/masonry.min.js?ver=3.3.2

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

733d7c26a5fb7240e83e8af2c822218b321b5143e28c2dd65ab2492297ac6bd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
age: 458500
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 9983
x-served-by: cache-mdw17364-MDW, cache-fra19130-FRA
last-modified: Thu, 09 Jan 2020 07:40:51 GMT
server: nginx
x-timer: S1579014905.003368,VS0,VE1
etag: W/"5e16d903-7119"
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish
expires: Sat, 09 Jan 2021 07:53:24 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 1cfbc997-32b5-11ea-b587-0674a8ecb5fb
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-fznds

GET
H2 200 asiana.plugins.js Show response
labs.sentinelone.com/wp-content/themes/asiana/assets/js/ 87 KB
29 KB 7ms
7ms Script
application/x-javascript 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.sentinelone.com/wp-content/themes/asiana/assets/js/asiana.plugins.js?ver=1.2

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

cbebe3409c4b01d23203045bc734370a192e3aa978c4ca2670bcd39ae0b2f45b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
age: 458500
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 29227
x-served-by: cache-mdw17325-MDW, cache-fra19130-FRA
last-modified: Thu, 09 Jan 2020 07:40:51 GMT
server: nginx
x-timer: S1579014905.011987,VS0,VE1
etag: W/"5e16d903-15d86"
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish
expires: Sat, 09 Jan 2021 07:53:24 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 1cfbcd75-32b5-11ea-9b11-72bc9b86ffd4
x-pantheon-styx-hostname: styx-fe3-a-6578c47759-s89pk

GET
H2 200 asiana.main.min.js Show response
labs.sentinelone.com/wp-content/themes/asiana/assets/js/ 4 KB
2 KB 9ms
8ms Script
application/x-javascript 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.sentinelone.com/wp-content/themes/asiana/assets/js/asiana.main.min.js?ver=1.2

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

b69fc240082ae0bcb2a8b08627a084fbbdd50d56ebd72a6125d0d4730c0ee0e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
age: 458500
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 1514
x-served-by: cache-mdw17331-MDW, cache-fra19130-FRA
last-modified: Thu, 09 Jan 2020 07:40:51 GMT
server: nginx
x-timer: S1579014905.012224,VS0,VE1
etag: W/"5e16d903-f1b"
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish
expires: Sat, 09 Jan 2021 07:53:24 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 1cfc4452-32b5-11ea-afc5-eec98c31dec4
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-cqbw6

GET
H2 200 footer.js Show response
labs.sentinelone.com/wp-content/themes/asiana-child/assets/js/ 16 KB
5 KB 7ms
6ms Script
application/x-javascript 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.sentinelone.com/wp-content/themes/asiana-child/assets/js/footer.js?ver=1578962243

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

3644cc00fefff450034ddc24ca6a488c7f6490ac09fec699426724ca41c5a0aa

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
age: 52538
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 4654
x-served-by: cache-mdw17352-MDW, cache-fra19130-FRA
last-modified: Tue, 14 Jan 2020 00:37:23 GMT
server: nginx
x-timer: S1579014905.024636,VS0,VE1
etag: W/"5e1d0d43-3fed"
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish
expires: Thu, 14 Jan 2021 00:39:27 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 51a65a4e-3666-11ea-a1e5-f2cc0323dd98
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-jp5mj

GET
H2 200 wp-embed.min.js Show response
labs.sentinelone.com/wp-includes/js/ 1 KB
981 B 8ms
8ms Script
application/x-javascript 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.sentinelone.com/wp-includes/js/wp-embed.min.js?ver=c53d158056e87ee64615e0d54debd596

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

0284cbccebf1682452d62d06efa3665c874d642d4e03f5f5f9bb0f555da9251b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
age: 458500
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 12, 1
content-length: 754
x-served-by: cache-mdw17380-MDW, cache-fra19130-FRA
last-modified: Thu, 09 Jan 2020 07:40:51 GMT
server: nginx
x-timer: S1579014905.029794,VS0,VE1
etag: W/"5e16d903-577"
vary: Accept-Encoding
content-type: application/x-javascript
via: 1.1 varnish
expires: Sat, 09 Jan 2021 07:53:24 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 1cfc6a91-32b5-11ea-b587-0674a8ecb5fb
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-fznds

GET
H2 200 css
fonts.googleapis.com/ 9 KB
771 B 17ms
17ms Stylesheet
text/css 2a00:1450:4001:824::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=IBM+Plex+Sans:400,400i,700,700i

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:824::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

8adaaccb6a37d06a85f18e9626eb1ceccd7cf85e039b2e7d391341b2e361b64d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Tue, 14 Jan 2020 15:15:04 GMT
server: ESF
access-control-allow-origin: *
date: Tue, 14 Jan 2020 15:15:04 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection: 0
expires: Tue, 14 Jan 2020 15:15:04 GMT

GET
H2 200 zYXgKVElMYYaJe8bpLHnCwDKhdHeFaxOedc.woff2
fonts.gstatic.com/s/ibmplexsans/v7/ 13 KB
13 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:817::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsans/v7/zYXgKVElMYYaJe8bpLHnCwDKhdHeFaxOedc.woff2

Requested by

Host: go.sentinelone.com
URL: https://go.sentinelone.com/js/forms2/js/forms2.min.js?ver=c53d158056e87ee64615e0d54debd596

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

d32b2c653c571d5ebe401463197bd449b52f013c0da42995f8fc8b67524abccc

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=IBM+Plex+Sans:400,400i,700,700i
Origin: https://labs.sentinelone.com

Response headers

date: Thu, 21 Nov 2019 15:31:30 GMT
x-content-type-options: nosniff
last-modified: Tue, 16 Jul 2019 23:47:55 GMT
server: sffe
age: 4664615
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 12872
x-xss-protection: 0
expires: Fri, 20 Nov 2020 15:31:30 GMT

GET
H2 404 gtm.js
www.googletagmanager.com/ 0
0 19ms
18ms Script
text/html 2a00:1450:4001:821::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL: https://www.googletagmanager.com/gtm.js?id=GTM-M5BKP2C
Requested by: Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:4001:821::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

GET
H2 200 BackgroundLines-Copy-4.png
labs.sentinelone.com/wp-content/uploads/2019/10/ 75 KB
76 KB 21ms
20ms Image
image/png 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/uploads/2019/10/BackgroundLines-Copy-4.png

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

9bcdb94ad74931ea092ec31ed6aa7b1d7addd5cf819e8d374cd57883db25204a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 458501
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 2, 1
content-length: 77240
x-served-by: cache-mdw17383-MDW, cache-fra19130-FRA
last-modified: Mon, 30 Dec 2019 18:58:28 GMT
server: nginx
x-timer: S1579014905.210058,VS0,VE1
etag: "5e0a48d4-12db8"
content-type: image/png
x-styx-req-id: 1d028f60-32b5-11ea-8c5d-1e2bd2440c8e
expires: Sat, 09 Jan 2021 07:53:24 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-a-6578c47759-nn97k

GET
H2 200 fontawesome-webfont.woff2
labs.sentinelone.com/wp-content/themes/asiana/assets/fonts/ 75 KB
76 KB 22ms
21ms Font
font/woff2 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.sentinelone.com/wp-content/themes/asiana/assets/fonts/fontawesome-webfont.woff2?v=4.7.0

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://labs.sentinelone.com/wp-content/themes/asiana/assets/css/asiana.plugins.css?ver=1.2
Origin: https://labs.sentinelone.com

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 458498
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 77160
x-served-by: cache-mdw17327-MDW, cache-fra19130-FRA
last-modified: Thu, 09 Jan 2020 07:40:51 GMT
server: nginx
x-timer: S1579014905.214528,VS0,VE2
etag: "5e16d903-12d68"
content-type: font/woff2
access-control-allow-origin: *
expires: Sat, 09 Jan 2021 07:53:27 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 1ea0fd7b-32b5-11ea-8c5d-1e2bd2440c8e
x-pantheon-styx-hostname: styx-fe3-a-6578c47759-nn97k

GET
DATA 200
OK truncated
/ 11 KB
11 KB Font
application/x-font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: d0d937b32b0a1fa6bbdcc5389f695a36147c1b3ba869ecc507b765adf0300393

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Origin: https://labs.sentinelone.com

Response headers

Content-Type: application/x-font-woff2

GET
H2 200 zYX-KVElMYYaJe8bpLHnCwDKhdTuF6ZJW9XjDg.woff2
fonts.gstatic.com/s/ibmplexsans/v7/ 14 KB
14 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:817::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsans/v7/zYX-KVElMYYaJe8bpLHnCwDKhdTuF6ZJW9XjDg.woff2

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

14cecbc2b736ba917dbcd4d545f2f834bb4caf1b53abec2e3c893bfb829c81ec

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=IBM+Plex+Sans:400,400i,700,700i
Origin: https://labs.sentinelone.com

Response headers

date: Fri, 22 Nov 2019 01:41:38 GMT
x-content-type-options: nosniff
last-modified: Tue, 16 Jul 2019 23:48:10 GMT
server: sffe
age: 4628007
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 14152
x-xss-protection: 0
expires: Sat, 21 Nov 2020 01:41:38 GMT

GET
H2 200 getForm Show response
go.sentinelone.com/index.php/form/ 6 KB
2 KB 805ms
805ms Script
application/javascript 104.24.116.125
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://go.sentinelone.com/index.php/form/getForm?munchkinId=327-MNM-087&form=2673&url=https%3A%2F%2Flabs.sentinelone.com%2Ftop-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets%2F&callback=jQuery11240013325424343029857_1579014905162&_=1579014905163

Requested by

Host: go.sentinelone.com
URL: https://go.sentinelone.com/js/forms2/js/forms2.min.js?ver=c53d158056e87ee64615e0d54debd596

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.116.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

7f842c97dc2c647af9ac369bd39000f21019ba25c558df4929f523dbed90d6f5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Tue, 14 Jan 2020 15:15:06 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: application/javascript; charset=utf-8
status: 200
cf-ray: 555090362e3cdc4b-LHR

GET
H2 200 zYX9KVElMYYaJe8bpLHnCwDKjWr7AIFsdP3pBms.woff2
fonts.gstatic.com/s/ibmplexsans/v7/ 13 KB
13 KB 6ms
6ms Font
font/woff2 2a00:1450:4001:817::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/ibmplexsans/v7/zYX9KVElMYYaJe8bpLHnCwDKjWr7AIFsdP3pBms.woff2

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

099787b39809b3ce2372aee29b8dae6a8447434df9fa734916709a64ac1eb061

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://fonts.googleapis.com/css?family=IBM+Plex+Sans:400,400i,700,700i
Origin: https://labs.sentinelone.com

Response headers

date: Tue, 19 Nov 2019 01:25:05 GMT
x-content-type-options: nosniff
last-modified: Tue, 16 Jul 2019 23:48:37 GMT
server: sffe
age: 4888200
content-type: font/woff2
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
access-control-allow-origin: *
content-length: 13020
x-xss-protection: 0
expires: Wed, 18 Nov 2020 01:25:05 GMT

GET
DATA 200
OK truncated
/ 4 KB
4 KB Font
application/x-font-woff2

General

Check archive.org

Show headers Download Go to

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b66e62306d1b6f738c7095c9577957ff21f80d62ed611768eee45d1cf833512c

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Origin: https://labs.sentinelone.com

Response headers

Content-Type: application/x-font-woff2

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:821::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-38175129-3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 5811
date: Tue, 14 Jan 2020 13:38:14 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Tue, 14 Jan 2020 15:38:14 GMT

GET
H2 200 icon.svg
labs.sentinelone.com/wp-content/plugins/invitations-for-slack/invitations-for-slack/assets/ 2 KB
1 KB 7ms
7ms Image
image/svg+xml 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/plugins/invitations-for-slack/invitations-for-slack/assets/icon.svg

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

69170775a33ffd93addb6aa04c4272f3f7468992aa817693214225f5a03979a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/wp-content/plugins/invitations-for-slack/invitations-for-slack/assets/style.css?ver=c53d158056e87ee64615e0d54debd596
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
content-encoding: gzip
age: 458341
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 908
via: 1.1 varnish
x-served-by: cache-mdw17370-MDW, cache-fra19130-FRA
last-modified: Thu, 09 Jan 2020 07:54:58 GMT
server: nginx
x-timer: S1579014905.356959,VS0,VE1
etag: W/"5e16dc52-741"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
expires: Sat, 09 Jan 2021 07:56:04 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-styx-req-id: 7c243750-32b5-11ea-b587-0674a8ecb5fb
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-fznds

GET
H2 200 team.stats Show response
labs.sentinelone.com/wp-json/invitations-for-slack/v1/ 23 B
488 B 113ms
113ms XHR
application/json 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://labs.sentinelone.com/wp-json/invitations-for-slack/v1/team.stats

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/wp-content/plugins/invitations-for-slack/invitations-for-slack/scripts/script.js?ver=1.0.2

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

75cf452cbb45c31535c33942cb92062f5a0d4b68b71e612d3947c4e68e073426

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Tue, 14 Jan 2020 15:15:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-styx-req-id: 5c714886-36e0-11ea-a1e5-f2cc0323dd98
age: 121
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-jp5mj
x-cache: HIT, MISS
status: 200
vary: Accept-Encoding, Origin
content-length: 43
x-served-by: cache-mdw17361-MDW, cache-fra19130-FRA
access-control-allow-headers: Authorization, Content-Type
allow: GET
server: nginx
x-timer: S1579014905.359249,VS0,VE107
strict-transport-security: max-age=300
content-type: application/json; charset=UTF-8
via: 1.1 varnish
access-control-expose-headers: X-WP-Total, X-WP-TotalPages
cache-control: public, max-age=600
accept-ranges: bytes
x-robots-tag: noindex
link: <https://labs.sentinelone.com/wp-json/>; rel="https://api.w.org/"
x-cache-hits: 1, 0

GET
H2 200 ajax-loader.gif
labs.sentinelone.com/wp-content/themes/asiana/assets/css/ 4 KB
4 KB 8ms
8ms Image
image/gif 2620:12a:8000::3
Fastly

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://labs.sentinelone.com/wp-content/themes/asiana/assets/css/ajax-loader.gif

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2620:12a:8000::3 , United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

e7b44c86b050fca766a96ddac2d0932af0126da6f2305280342d909168dcce6b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Referer: https://labs.sentinelone.com/wp-content/themes/asiana/assets/css/asiana.plugins.css?ver=1.2
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security: max-age=300
via: 1.1 varnish
age: 458500
x-cache: HIT, HIT
status: 200
date: Tue, 14 Jan 2020 15:15:05 GMT
x-cache-hits: 1, 1
content-length: 4178
x-served-by: cache-mdw17363-MDW, cache-fra19130-FRA
last-modified: Thu, 09 Jan 2020 07:40:51 GMT
server: nginx
x-timer: S1579014905.371803,VS0,VE1
etag: "5e16d903-1052"
content-type: image/gif
x-styx-req-id: 1dbcd381-32b5-11ea-afc5-eec98c31dec4
expires: Sat, 09 Jan 2021 07:53:25 GMT
cache-control: max-age=31622400
accept-ranges: bytes
x-pantheon-styx-hostname: styx-fe3-b-c8f8fbbbb-cqbw6

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
101 B 13ms
13ms Image
image/gif 2a00:1450:4001:821::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=170493309&t=pageview&_s=1&dl=https%3A%2F%2Flabs.sentinelone.com%2Ftop-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets%2F&ul=en-us&de=UTF-8&dt=Top-Tier%20Russian%20Organized%20Cybercrime%20Group%20Unveils%20Fileless%20Stealthy%20%E2%80%9CPowerTrick%E2%80%9D%20Backdoor%20for%20High-Value%20Targets%20-%20SentinelLabs&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=IEBAAUAB~&jid=1662089476&gjid=776248975&cid=1403807060.1579014905&tid=UA-38175129-3&_gid=1731734162.1579014905&_r=1&gtm=2ou121&z=614257418

Requested by

Host: labs.sentinelone.com
URL: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma: no-cache
date: Tue, 14 Jan 2020 15:15:05 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 forms2.css
go.sentinelone.com/js/forms2/css/ 11 KB
2 KB 34ms
33ms Stylesheet
text/css 104.24.116.125
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://go.sentinelone.com/js/forms2/css/forms2.css

Requested by

Host: go.sentinelone.com
URL: https://go.sentinelone.com/js/forms2/js/forms2.min.js?ver=c53d158056e87ee64615e0d54debd596

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.116.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca37defba3e7908b75ff5acc26ef0010d590b5fe04b9bc1ca48e81dbc59223df

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Tue, 14 Jan 2020 15:15:06 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5226
cf-polished: origSize=13304
status: 200
last-modified: Wed, 25 Sep 2019 18:55:06 GMT
server: cloudflare
etag: W/"8a0b9a-33f8-5936530f69680"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=14400
cf-ray: 5550903b5c56dc4b-LHR
cf-bgj: minify

GET
H2 200 forms2-theme-plain.css
go.sentinelone.com/js/forms2/css/ 745 B
255 B 23ms
22ms Stylesheet
text/css 104.24.116.125
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://go.sentinelone.com/js/forms2/css/forms2-theme-plain.css

Requested by

Host: go.sentinelone.com
URL: https://go.sentinelone.com/js/forms2/js/forms2.min.js?ver=c53d158056e87ee64615e0d54debd596

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.116.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d85715179f69128f2d7295d52f7a305264366d6f8e59ce0c6c45918c26646ab1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Tue, 14 Jan 2020 15:15:06 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 5226
cf-polished: origSize=828
status: 200
last-modified: Wed, 25 Sep 2019 18:55:06 GMT
server: cloudflare
etag: W/"19c06b6-33c-5936530f69680"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: max-age=14400
cf-ray: 5550903b7cc6dc4b-LHR
cf-bgj: minify

GET
H2 200 XDFrame Show response
go.sentinelone.com/index.php/form/ Frame F286 2 KB
637 B 100ms
99ms Document
text/html 104.24.116.125
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://go.sentinelone.com/index.php/form/XDFrame

Requested by

Host: go.sentinelone.com
URL: https://go.sentinelone.com/js/forms2/js/forms2.min.js?ver=c53d158056e87ee64615e0d54debd596

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.116.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

73a75898d6d686086707be6fe76b13144d9c07ea526eeb134ca117132cb84387

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: go.sentinelone.com
:scheme: https
:path: /index.php/form/XDFrame
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: same-site
sec-fetch-mode: nested-navigate
referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
accept-encoding: gzip, deflate, br
cookie: __cfduid=d70e9644d3613984a7b30a274aed39b971579014905; _ga=GA1.2.1403807060.1579014905; _gid=GA1.2.1731734162.1579014905; _gat_gtag_UA_38175129_3=1; BIGipServerab14web-nginx-app_https=!a3wdPtSecIUejjNybf/nLIVwOTHiDm1OlBBxLPlG2MNnQUwuWy9cnuQvS7ARyzXBaJt+AGIGrrEvEJ8=
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer: https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/

Response headers

status: 200
date: Tue, 14 Jan 2020 15:15:06 GMT
content-type: text/html; charset=utf-8
cache-control: max-age=3600
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 5550903c0e7cdc4b-LHR
content-encoding: br

GET
H2 200 forms2.min.js Show response
go.sentinelone.com/js/forms2/js/ Frame F286 169 KB
55 KB 28ms
28ms Script
application/x-javascript 104.24.116.125
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://go.sentinelone.com/js/forms2/js/forms2.min.js

Requested by

Host: go.sentinelone.com
URL: https://go.sentinelone.com/index.php/form/XDFrame

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.116.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

321bbcc4cc57483b7e329186e5159498b668ddde87cb64696ddcdc95176cce82

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://go.sentinelone.com/index.php/form/XDFrame
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date: Tue, 14 Jan 2020 15:15:06 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Wed, 25 Sep 2019 18:55:06 GMT
server: cloudflare
age: 1878
etag: W/"19c06bd-2a536-5936530f69680"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=14400
cf-ray: 5550903ca8d4dc4b-LHR

Verdicts & Comments Add Verdict or Comment

36 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.sentinelone.com/	1970-01-19 06:36:54	Name: _gat_gtag_UA_38175129_3 Value: 1
.sentinelone.com/	1970-01-19 06:38:21	Name: _gid Value: GA1.2.1731734162.1579014905
.sentinelone.com/	1970-01-20 00:08:06	Name: _ga Value: GA1.2.1403807060.1579014905
.sentinelone.com/	1970-01-19 07:20:06	Name: __cfduid Value: d70e9644d3613984a7b30a274aed39b971579014905
labs.sentinelone.com/	1970-01-19 06:38:21	Name: pvc_visits[0] Value: 1579101304b25657

2 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://labs.sentinelone.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1(Line 2) Message: JQMIGRATE: Migrate is installed, version 1.4.1
console-api	log	URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js(Line 1) Message: OneSignal: Using fallback ES5 Stub for backwards compatibility.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=300

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.cdn.lookbookhq.com
cdn.onesignal.com
cdnjs.cloudflare.com
cloud.typography.com
fonts.googleapis.com
fonts.gstatic.com
go.sentinelone.com
labs.sentinelone.com
secure.gravatar.com
www.google-analytics.com
www.googletagmanager.com
www.sentinelone.com
104.24.116.125
143.204.101.96
23.8.9.30
2606:4700::6811:4004
2606:4700::6812:e134
2620:12a:8000::3
2a00:1450:4001:817::2003
2a00:1450:4001:821::2008
2a00:1450:4001:821::200e
2a00:1450:4001:824::200a
2a04:fa87:fffe::c000:4902
000f2b805c66e04d9f9e5b912425f29582ca8988b3548655513292b20295b078
01e443bb83f4f557c61c090445692c824c562cab21340224e7e2c45c16362093
02007cb9ea5401983a0a4a34d08c1a57c75484d0852194291e124c94b848d474
0284cbccebf1682452d62d06efa3665c874d642d4e03f5f5f9bb0f555da9251b
07161bc89c289b1bc71c214f79cc91cc7e1637c66c4cbbe6f92d3b2971c7965c
099787b39809b3ce2372aee29b8dae6a8447434df9fa734916709a64ac1eb061
0a40b610825908e14274286a2da94210b4cf54c724a14dca90f8ba3f962e5570
0cee31039a0a109d2bfd9351500382de96e31d826900c1e4b00815e70c8e7d5c
11e15f1d64a63cb498d0d42720a688ed15bf78393d8c460d695a110244c066e3
14628e30e822087d9e8607e160805e8a06832db4469f2db858f87583fe5a21cc
14cecbc2b736ba917dbcd4d545f2f834bb4caf1b53abec2e3c893bfb829c81ec
18aa66c192cbef43a61b1398c292ae5c6c1d40d679428ee998b1c6bfaf61d75a
1a351abc3f3b435497ddb8a55f09268d3e641dc22455deac06cf0181a4de52ee
1aa735fda9574e1475456e6da309329235dd2dc3155aabf30fd97434e46575b7
1aba4fa23ac65b483872b62dcf9962e2b7560bcf30cbb0ed6acf1f92d1f69fb9
1db21d816296e6939ba1f42962496e4134ae2b0081e26970864c40c6d02bb1df
2257bcf087d3c8264ff2e3893766dd4ece80a58af48176319ef2e77d1a06bccf
28dcf64f09748ef76c2f9acc44d3550112a3732a63c4b633c6d0cf9f16214256
292ad3950dc82baae5497f5b171fa7bfc23400f0dc54e224c6b68b3abc2a2140
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe
2f01115014dd443a057d6ed769ed2646d1d6bfa14395589b8cee7a5d202c0b54
3024bf21ad54170381261fbf63ab2c251f1af109b192705c9d330cd0e2122deb
3109fef8b2a9ab71fca698483d2bae36d8fed772517c259dacce872e739bb690
321bbcc4cc57483b7e329186e5159498b668ddde87cb64696ddcdc95176cce82
3644cc00fefff450034ddc24ca6a488c7f6490ac09fec699426724ca41c5a0aa
394ffdb54bf2167a706991ef924133ba9fec4aeb05e15596c7d1a234a785f4fb
3a4d01f480d33bb7840c41abda97a5737269250633406a15542a80f2515a5554
3be6996bbe5b731a0192eab1fc481d07618eaa7e44f4e499e977965fa3129176
3caf2b5e54f582c661fbaccd69ce7987fe09acdd91ff88d3cc1798a2af0e04d4
3d16368af5c4fd9ee2daeb8f75ed870008e64ff4f66ba1562f0d017f622d08a8
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
4bc4b508bb0ccc41052f6a18eb23441543da2d209c152f62577e954367b4d62d
4eae92c950cd91c1932acc28ad6e82e45887738fbfb1e25fb1f3f92aa9b05d9c
500a7d7437cdd7815a4634727c8412440f3cb865998488e35439d58cbbc437b4
61c4934867dbc17f485e3eefe951c05d6df5899f4615e76ec6f37304d8383e54
61fd30b9ee3933d916d6a53b10d7100e3ece7d6760ccbaa6ed41499c1daf0a07
62c0a55062f57490110765f2b50221e45b05dfbc2438bb5d24cea266e2569092
67f3087b7441cade77ae57bac886f0e9cccfb70db7629e66f3709bc914047abe
69170775a33ffd93addb6aa04c4272f3f7468992aa817693214225f5a03979a6
6b919f177684b2ed2346618a1a6c3a4d2c1eb7b681571202b657bf3bb154a482
6f005368978df37b680de2dc8a22007a600378ba5568a573432a3fdeb8bdb674
72fc1a57801612f9e297e1c1954410ff840c40e713a6b4b40b2596e80338c2ee
733d7c26a5fb7240e83e8af2c822218b321b5143e28c2dd65ab2492297ac6bd7
73a75898d6d686086707be6fe76b13144d9c07ea526eeb134ca117132cb84387
751ff3fe1cf446444392733d0649fe6f9c1d6702d8c0ed3f57692aaf1dcde3da
75cf452cbb45c31535c33942cb92062f5a0d4b68b71e612d3947c4e68e073426
77293e371434adb132727ae06bce7cbc58f58cbce1e8c62dda978f47e89d2b6d
7f842c97dc2c647af9ac369bd39000f21019ba25c558df4929f523dbed90d6f5
8103ad0ac90663f36b1eaced8b8c00e9506f02a288f7d6c3866488ee226f7bb1
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
848581d7e518909a138e66540606d26ce65c2d986e19a1f10c85c263fa0407b1
8697a3a58da420197733108c7a09f183e2c72645f9c09d656d9f7ed73d53f3f7
8808ae9db20284c73cb88796aa7a7052d54b6de9d620dc42d9f952ba9f35cf47
8adaaccb6a37d06a85f18e9626eb1ceccd7cf85e039b2e7d391341b2e361b64d
8c87292f643bc724da28fecbbe949021a3b23c3ffa202aa5c2aac6c5776db7a6
914074eaea3b9f0c31d303f71e2bb04a9e91e9f7969df5829789ca30a849342e
990ceb7910550faf641c1b31b57154f3f1991eeb8efc229689d7031acbef2fe9
9bcdb94ad74931ea092ec31ed6aa7b1d7addd5cf819e8d374cd57883db25204a
9c92bf78aa825e62accc2e4d438bfe474ea1f43480cf6cce9230a694e9713670
a470dd851d641f475025281f279294e780b628d7ce461dc1d136c4fc9982eeab
a499f48ecde7f3facc8bca422454fdd01015a0dc66ec7a6b9cbe0892aae09dbc
a9fbfbe98836a58d8a46d1b324dbf10423952ef2051ee300d6200483821ebd92
ad28475ca2fb4023dd7f9af92787353a4aa4b6a66c4b8782dceefbfc485eec39
b66e62306d1b6f738c7095c9577957ff21f80d62ed611768eee45d1cf833512c
b69fc240082ae0bcb2a8b08627a084fbbdd50d56ebd72a6125d0d4730c0ee0e1
b75616aa3dc69d9ea6cdf8f821de10a0047eec087ee2df1b8bc2c1124b73e116
b7e17926b30342edecee8b3a93029ac51462e2b479277d8e077ba57173eb1900
bda8e776b23a6138e8ed44876c17b5fde2b4653bd24aec06d3acf676dca7026a
c4cdc87b582594a8758dc66d5290030dbb6493779840ae7dae02f8e765532e81
c76efd7801d5912d1d05862a3c3d093b13302dfafc600dc2f83acc7c2283efac
c9626e50b48c7eac583e1d08119dc8f9e2f050239af0a86e01ce45ce9bb13215
ca37defba3e7908b75ff5acc26ef0010d590b5fe04b9bc1ca48e81dbc59223df
cb8787f231702f86051bb3e0467dd2c5227ed0a6ca0d1d3b8d8c6a27c544e3a8
cbebe3409c4b01d23203045bc734370a192e3aa978c4ca2670bcd39ae0b2f45b
ce901532c3b54288f4bbbaf16b5e8e78ea9e99942526fc3cb59035d6590972fa
d0d937b32b0a1fa6bbdcc5389f695a36147c1b3ba869ecc507b765adf0300393
d32b2c653c571d5ebe401463197bd449b52f013c0da42995f8fc8b67524abccc
d73bbedc19cb615f4b76263ce6e5ccce28b76ddae47a5ca9dfb7b46724c0421d
d83e2899646d1756fc2edbc51efd441dcd9969f636ebaabc29d40bdf6a147379
d85715179f69128f2d7295d52f7a305264366d6f8e59ce0c6c45918c26646ab1
d9662b4b9ba6c2c3691ce0acd4572e027366eb97d6070550a13429262bb0037f
d979fc6f76817575bb643bdbca9582e5cfcbfd58cfdba51ca01e5d848c3b426d
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4aafb4988825fef255b33b8a5f04fc98f7c77151704e6dc74ec3cb5cb85fd06
e7b44c86b050fca766a96ddac2d0932af0126da6f2305280342d909168dcce6b
f293486948d4cba26c6b835bdd574b4085e62da749b86019f5f6fab3535b0e39
f33abc38a1189281e32475456d8c41e21d2111600513d3cd87f054b360b5f0a9
f46d96d805c7e9e467422dfe516c43edb4632c0273cea26722fee7ba885f869e
f6e1edbfc61ac45b5e81d54a0b8b82a269c72235faa9dbad4310aaceb713ddac
f774ddac3ffce309e5ff2659a59e8e7291da314d213f24c1aa04b9ea2bc46586

labs.sentinelone.com Open in urlscan Pro 2620:12a:8000::3 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

93 Requests

100 %HTTPS

73 %IPv6

10 Domains

12 Subdomains

11 IPs

4 Countries

2447 kBTransfer

3354 kBSize

5 Cookies

31 Outgoing links

Redirected requests

93 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

labs.sentinelone.com Open in urlscan Pro
2620:12a:8000::3 Public Scan

Screenshot
Live screenshot

Full Image

93
Requests

100 %
HTTPS

73 %
IPv6

10
Domains

12
Subdomains

11
IPs

4
Countries

2447 kB
Transfer

3354 kB
Size

5
Cookies

93 HTTP transactions
2 data transactions