urlscan.io logo urlscan.io
SecurityTrails logo

www.secureworks.com Open in urlscan Pro
40.71.249.187  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://www.secureworks.com/research/shadowpad-malware-analysis.
Effective URL: https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Submission: On February 19 via api from IN — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 3 countries across 7 domains to perform 44 HTTP transactions. The main IP is 40.71.249.187, located in Tappahannock, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is www.secureworks.com. The Cisco Umbrella rank of the primary domain is 483239.
TLS certificate: Issued by Thawte RSA CA 2018 on August 16th 2021. Valid for: a year.
This is the only time www.secureworks.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 4 40.71.249.187 8075 (MICROSOFT...)
30 2a02:26f0:64:... 20940 (AKAMAI-ASN1)
2 2620:12a:8001::2 54113 (FASTLY)
3 104.111.234.67 16625 (AKAMAI-AS)
1 2a00:1450:400... 15169 (GOOGLE)
1 192.28.144.124 15224 (OMNITURE)
3 2606:4700::68... 13335 (CLOUDFLAR...)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
44 8
4    40.71.249.187 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.secureworks.com
30    2a02:26f0:64::210:6bc1 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
content.secureworks.com
2    2620:12a:8001::2 (United States)

ASN54113 (FASTLY, US)
scwx.annuitas.io
3    104.111.234.67 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a104-111-234-67.deploy.static.akamaitechnologies.com
munchkin.marketo.net
1    2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    192.28.144.124 (United States)

ASN15224 (OMNITURE, US)
725-smc-563.mktoresp.com
3    2606:4700::6810:9540 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
1    2001:4de0:ac18::1:a:3a (Netherlands)

ASN20446 (HIGHWINDS3, US)
code.jquery.com
Apex Domain
Subdomains		 Transfer
34 secureworks.com
www.secureworks.com — Cisco Umbrella Rank: 483239
content.secureworks.com
680 KB
3 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 443
24 KB
3 marketo.net
munchkin.marketo.net — Cisco Umbrella Rank: 2821
7 KB
2 annuitas.io
scwx.annuitas.io
15 KB
1 jquery.com
code.jquery.com — Cisco Umbrella Rank: 546
30 KB
1 mktoresp.com
725-smc-563.mktoresp.com
311 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 50
80 KB
44 7
Domain Requested by
30 content.secureworks.com www.secureworks.com
content.secureworks.com
4 www.secureworks.com 1 redirects www.secureworks.com
3 cdn.cookielaw.org www.googletagmanager.com
cdn.cookielaw.org
3 munchkin.marketo.net www.secureworks.com
munchkin.marketo.net
2 scwx.annuitas.io www.secureworks.com
content.secureworks.com
1 code.jquery.com cdn.cookielaw.org
1 725-smc-563.mktoresp.com munchkin.marketo.net
1 www.googletagmanager.com www.secureworks.com
44 8
Subject Issuer Validity Valid
www.secureworks.com
Thawte RSA CA 2018		 2021-08-16 -
2022-09-16		 a year crt.sh
cert00029-azurecdn.akamaized.net
R3		 2022-01-20 -
2022-04-20		 3 months crt.sh
scwx.annuitas.io
R3		 2022-01-26 -
2022-04-26		 3 months crt.sh
*.marketo.net
DigiCert SHA2 Secure Server CA		 2021-03-29 -
2022-04-06		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-02-07 -
2022-05-02		 3 months crt.sh
*.mktoresp.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-11-30 -
2022-11-30		 a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3		 2021-06-01 -
2022-05-31		 a year crt.sh
*.jquery.com
Sectigo RSA Domain Validation Secure Server CA		 2021-07-14 -
2022-08-14		 a year crt.sh

This page contains 1 frames:

Primary Page: https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Frame ID: EBC520ADA5E4E52DDDED148D87D23D76
Requests: 44 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

404 | Secureworks

Page URL History Show full URLs

  1. https://www.secureworks.com/research/shadowpad-malware-analysis. HTTP 302
    https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis. Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
Overall confidence: 100%
Detected patterns
  • munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js
Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
Overall confidence: 100%
Detected patterns
  • jquery[.-]([\d.]*\d)[^/]*\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

44
Requests

100 %
HTTPS

63 %
IPv6

7
Domains

8
Subdomains

8
IPs

3
Countries

836 kB
Transfer

2004 kB
Size

6
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.secureworks.com/research/shadowpad-malware-analysis. HTTP 302
    https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis. Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

44 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 404
www.secureworks.com/
Redirect Chain
  • https://www.secureworks.com/research/shadowpad-malware-analysis.
  • https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
109 KB
113 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
40.71.249.187 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
4b90f89c612240646597233559a6c0668a84ad39d3efe5d3198dd1e0d69a1e10
Security Headers
Name Value
Content-Security-Policy object-src 'none'; script-src 'self' 'nonce-Zjc0NjI5ZjgwNTNjNDhkMTliOGFiZjRiNGY5OGEzMjY=' 'sha256-wY8ZJu7Uu8c5AFYGRuoE7SNBraw8IAkl5Yz+glnnte8=' 'sha256-UGfgrQ+GKJogDAQthuGt5lpepOeF3ypbYTr2PPxcBdU=' 'sha256-hUiPqjPAx0BTYk+HP/Ohq7cZFW+CFLUDreW74sIBUJk=' 'sha256-MWnKpq2mO4B+C/F7fLTeifs05WkVCc8Hkl+SzXGUmtI=' 'sha256-QiHtJSgKkeO/qh+2A9GCUt3xk8ONLQAa6uua+j+nHLg=' 'sha256-7+1sMW/o6RcIncEOmuvZbRThB6NRZLwQjvsqQAGehKA=' 'sha256-tYinntSHdpRdg0LwZuBycjWqxaMdCzBdOnOGsSZH2Ho=' 'sha256-DP0AJIADL+tS8s/bg6t7xbMHunrd17JCuOgpyNjxt/M=' 'sha256-sqwbnK0D7p9u3WG0lgAYLYmp/byKS9zlT2eFORz1SDY=' 'sha256-L436NBsgbW4nnr2zz6geY9aouLDwQiH+458+ny7TeJ8=' 'sha256-t21JzuoP0AGVdHYfaGtWzFviQ1hj34OuECR3Ur2P1Dk=' 'sha256-kmGPVWtzfwq6b9fEOy1NmWxrKyxreHZU5tKvRxQpDMA=' 'sha256-SAqGhA/G1eraYlnHKoGwPlIvGfOo45eq5hoyKq2LnUY=' 'sha256-+08d4MzO/if2DlZslM+0a0gvpYaPHK7ilzV9yUXHxRo=' 'sha256-5RKybv4IYG3Rt1CcIXoS1OAD7D0vjWLop/a6KVpWxM0=' 'sha256-N/Mk5WIdXnJRlsc5rmMcLJsovC5ozGJ5BmVdRxKOeNc=' 'sha256-XJEfHQ97N7xwKM6MQXMpabeUHxVT647JYAYwrOX6sQQ=' 'sha256-sdKFLBOaDq01ySztbW/n0JnIwsMIlCr7AaMAznJOqA0=' 'sha256-7pyFNQ34QDbIyjfqF4dboUBH/FqtGtJgw7KPgC+aKY8=' 'sha256-yYGe3YxZ1stILsg6s+TKQ7ACovlrQ/V7H5hpGiko1EI=' 'sha256-JcTUCZru8bIzmyUfGjmyP1Nwn0ccUuwLyJA5/jgV2jI=' 'sha256-zEF/ALwwDYV2nZ+rdYGh2XpjU1lbO3oZ2osZayOlmpw=' 'sha256-ErdS+5vyua60ApoR4T4MK5hMhAxO8I75iqTuR4st0lk=' 'sha256-dgOinhXczUSm4ADnOKjecy4HqoIpihiWY1xMUGi3KiE=' 'sha256-bAZaADjFxXYURQUP9Z4p4eiIim+gCGst1ZWemjLGJxo=' 'sha256-x3E2vOOOHY24kNAmZOQxorAyW5o6cX3R7J5Jg+RTqZY=' 'sha256-WJHVKi7ReHnWJF4AUmd9vWDpqeX8GVtEsyAJP01M130=' 'sha256-mvYU2m+aQi6xWWVpxauZ/UaXg+HkwxCv4r/qVBDAm3A=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-Ov0LRI92VqZTYbOhyIvK8iFCm9rBs/HXaYLwlDMrra0=' 'sha256-HjgaVwCCuGQHih00gvN/PUGZuGwVIWd/6sThgUEi83E=' 'sha256-7oEVqsTDSU0XTGoiH3B7bXM3sMDjv58JCTndWi8pUKw=' https://code.jquery.com https://js-agent.newrelic.com https://bam.nr-data.net https://content.secureworks.com https://pcdnscwx001.azureedge.net https://live-scwx-pe.pantheonsite.io https://marketo-scwx-pe.pantheonsite.io https://munchkin.marketo.net https://app-ab44.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://tagmanager.google.com https://translate.google.com https://bat.bing.com https://connect.facebook.net https://ad.atdmt.com https://static.ads-twitter.com https://analytics.twitter.com https://www.linkedin.com https://px.ads.linkedin.com https://snap.licdn.com https://sjs.bizographics.com https://*.vimeo.com https://*.vimeocdn.com https://j.6sc.co https://b.6sc.co https://*.6sc.co https://epsilon.6sense.com https://*.rlcdn.com https://gateway.zscaler.net https://scwx.annuitas.io https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://widgets.ziftsolutions.com https://hammock.hotprofile.biz https://transfertool.hotprofile.biz/production/ https://m-store-hammock.hot-profile.com/hot-profile/ https://wa2.hot-profile.com https://*.on24.com https://*.ceros.com https://*.js.ubembed.com https://assets.ubembed.com https://*.redditstatic.com; img-src 'self' https://*.vimeo.com https://*.vimeocdn.com content.secureworks.com pcdnscwx001.azureedge.net id.rlcdn.com www.googletagmanager.com cdn.cookielaw.org fonts.gstatic.com optanon.blob.core.windows.net web.secureworks.com attr.ml-api.io bat.bing.com www.google-analytics.com j.6sc.co b.6sc.co c.6sc.co epsilon.6sense.com www.google.com attr.ml-api.io attr.ml-api.io s.ml-attr.com www.google.com.ua secure.adnxs.com apt.techtarget.com id.rlcdn.com px.ads.linkedin.com p.adsymptotic.com www.linkedin.com static.ziftsolutions.com *.crazyegg.com *.ubembed.com *.redditstatic.com alb.reddit.com; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
de-DE,de;q=0.9

Response headers

Cache-Control
no-cache, no-store
Pragma
no-cache
Content-Type
text/html; charset=utf-8
Expires
-1
Server
Microsoft-IIS/10.0
Content-Security-Policy
object-src 'none'; script-src 'self' 'nonce-Zjc0NjI5ZjgwNTNjNDhkMTliOGFiZjRiNGY5OGEzMjY=' 'sha256-wY8ZJu7Uu8c5AFYGRuoE7SNBraw8IAkl5Yz+glnnte8=' 'sha256-UGfgrQ+GKJogDAQthuGt5lpepOeF3ypbYTr2PPxcBdU=' 'sha256-hUiPqjPAx0BTYk+HP/Ohq7cZFW+CFLUDreW74sIBUJk=' 'sha256-MWnKpq2mO4B+C/F7fLTeifs05WkVCc8Hkl+SzXGUmtI=' 'sha256-QiHtJSgKkeO/qh+2A9GCUt3xk8ONLQAa6uua+j+nHLg=' 'sha256-7+1sMW/o6RcIncEOmuvZbRThB6NRZLwQjvsqQAGehKA=' 'sha256-tYinntSHdpRdg0LwZuBycjWqxaMdCzBdOnOGsSZH2Ho=' 'sha256-DP0AJIADL+tS8s/bg6t7xbMHunrd17JCuOgpyNjxt/M=' 'sha256-sqwbnK0D7p9u3WG0lgAYLYmp/byKS9zlT2eFORz1SDY=' 'sha256-L436NBsgbW4nnr2zz6geY9aouLDwQiH+458+ny7TeJ8=' 'sha256-t21JzuoP0AGVdHYfaGtWzFviQ1hj34OuECR3Ur2P1Dk=' 'sha256-kmGPVWtzfwq6b9fEOy1NmWxrKyxreHZU5tKvRxQpDMA=' 'sha256-SAqGhA/G1eraYlnHKoGwPlIvGfOo45eq5hoyKq2LnUY=' 'sha256-+08d4MzO/if2DlZslM+0a0gvpYaPHK7ilzV9yUXHxRo=' 'sha256-5RKybv4IYG3Rt1CcIXoS1OAD7D0vjWLop/a6KVpWxM0=' 'sha256-N/Mk5WIdXnJRlsc5rmMcLJsovC5ozGJ5BmVdRxKOeNc=' 'sha256-XJEfHQ97N7xwKM6MQXMpabeUHxVT647JYAYwrOX6sQQ=' 'sha256-sdKFLBOaDq01ySztbW/n0JnIwsMIlCr7AaMAznJOqA0=' 'sha256-7pyFNQ34QDbIyjfqF4dboUBH/FqtGtJgw7KPgC+aKY8=' 'sha256-yYGe3YxZ1stILsg6s+TKQ7ACovlrQ/V7H5hpGiko1EI=' 'sha256-JcTUCZru8bIzmyUfGjmyP1Nwn0ccUuwLyJA5/jgV2jI=' 'sha256-zEF/ALwwDYV2nZ+rdYGh2XpjU1lbO3oZ2osZayOlmpw=' 'sha256-ErdS+5vyua60ApoR4T4MK5hMhAxO8I75iqTuR4st0lk=' 'sha256-dgOinhXczUSm4ADnOKjecy4HqoIpihiWY1xMUGi3KiE=' 'sha256-bAZaADjFxXYURQUP9Z4p4eiIim+gCGst1ZWemjLGJxo=' 'sha256-x3E2vOOOHY24kNAmZOQxorAyW5o6cX3R7J5Jg+RTqZY=' 'sha256-WJHVKi7ReHnWJF4AUmd9vWDpqeX8GVtEsyAJP01M130=' 'sha256-mvYU2m+aQi6xWWVpxauZ/UaXg+HkwxCv4r/qVBDAm3A=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-Ov0LRI92VqZTYbOhyIvK8iFCm9rBs/HXaYLwlDMrra0=' 'sha256-HjgaVwCCuGQHih00gvN/PUGZuGwVIWd/6sThgUEi83E=' 'sha256-7oEVqsTDSU0XTGoiH3B7bXM3sMDjv58JCTndWi8pUKw=' https://code.jquery.com https://js-agent.newrelic.com https://bam.nr-data.net https://content.secureworks.com https://pcdnscwx001.azureedge.net https://live-scwx-pe.pantheonsite.io https://marketo-scwx-pe.pantheonsite.io https://munchkin.marketo.net https://app-ab44.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://tagmanager.google.com https://translate.google.com https://bat.bing.com https://connect.facebook.net https://ad.atdmt.com https://static.ads-twitter.com https://analytics.twitter.com https://www.linkedin.com https://px.ads.linkedin.com https://snap.licdn.com https://sjs.bizographics.com https://*.vimeo.com https://*.vimeocdn.com https://j.6sc.co https://b.6sc.co https://*.6sc.co https://epsilon.6sense.com https://*.rlcdn.com https://gateway.zscaler.net https://scwx.annuitas.io https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://widgets.ziftsolutions.com https://hammock.hotprofile.biz https://transfertool.hotprofile.biz/production/ https://m-store-hammock.hot-profile.com/hot-profile/ https://wa2.hot-profile.com https://*.on24.com https://*.ceros.com https://*.js.ubembed.com https://assets.ubembed.com https://*.redditstatic.com; img-src 'self' https://*.vimeo.com https://*.vimeocdn.com content.secureworks.com pcdnscwx001.azureedge.net id.rlcdn.com www.googletagmanager.com cdn.cookielaw.org fonts.gstatic.com optanon.blob.core.windows.net web.secureworks.com attr.ml-api.io bat.bing.com www.google-analytics.com j.6sc.co b.6sc.co c.6sc.co epsilon.6sense.com www.google.com attr.ml-api.io attr.ml-api.io s.ml-attr.com www.google.com.ua secure.adnxs.com apt.techtarget.com id.rlcdn.com px.ads.linkedin.com p.adsymptotic.com www.linkedin.com static.ziftsolutions.com *.crazyegg.com *.ubembed.com *.redditstatic.com alb.reddit.com; frame-ancestors 'none';
X-Frame-Options
DENY
X-XSS-Protection
1; mode=block
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Referrer-Policy
no-referrer-when-downgrade
Date
Sat, 19 Feb 2022 18:51:10 GMT
Content-Length
111192

Redirect headers

Content-Type
text/html; charset=utf-8
Location
/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Server
Microsoft-IIS/10.0
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Referrer-Policy
no-referrer-when-downgrade
Date
Sat, 19 Feb 2022 18:51:10 GMT
Content-Length
173
html5reset-1.6.1.css
content.secureworks.com/content/app/css/ 		1 KB
844 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://content.secureworks.com/content/app/css/html5reset-1.6.1.css?v=02-09-2022
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
db61679243f9f3b5a03de90b1ad228130ad3e87b79b9d153ce1ca6afbdf9a2b0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Origin
https://www.secureworks.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 07 Feb 2022 18:03:44 GMT
server
Microsoft-IIS/10.0
etag
"0098b4d1cd81:0"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=1696607
date
Sat, 19 Feb 2022 18:51:11 GMT
accept-ranges
bytes
content-length
573
x-content-type-options
nosniff
western-typographies.css
content.secureworks.com/content/app/css/ 		2 KB
636 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://content.secureworks.com/content/app/css/western-typographies.css?v=02-09-2022
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
fa85f97108080f24b26ca0450d471edf522d233337c1b73e41ab4a27d19ac94f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Origin
https://www.secureworks.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 07 Feb 2022 18:03:44 GMT
server
Microsoft-IIS/10.0
etag
"0098b4d1cd81:0"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=1696635
date
Sat, 19 Feb 2022 18:51:11 GMT
accept-ranges
bytes
content-length
365
x-content-type-options
nosniff
main.css
content.secureworks.com/content/app/css/ 		574 KB
81 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://content.secureworks.com/content/app/css/main.css?v=02-09-2022
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
0901a21f5e064e1345bfb0517cf00b2a0b7ba6719ed4e27c51dd7e8442c29f62
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Origin
https://www.secureworks.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 07 Feb 2022 18:03:44 GMT
server
Microsoft-IIS/10.0
etag
"0098b4d1cd81:0"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=1696600
date
Sat, 19 Feb 2022 18:51:11 GMT
accept-ranges
bytes
content-length
82853
x-content-type-options
nosniff
jquery-3.6.0.min.js
content.secureworks.com/content/app/js/ 		87 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://content.secureworks.com/content/app/js/jquery-3.6.0.min.js?v=02-09-2022
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
ce9d07500ad91ec2b524c270764ec4c9a33e78320d8d374ec400ede488f6251b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Origin
https://www.secureworks.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 07 Feb 2022 18:03:44 GMT
server
Microsoft-IIS/10.0
etag
"0098b4d1cd81:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=1696604
date
Sat, 19 Feb 2022 18:51:11 GMT
accept-ranges
bytes
content-length
30954
x-content-type-options
nosniff
scripts.js
scwx.annuitas.io/wp-json/pdg/v1/ 		40 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://scwx.annuitas.io/wp-json/pdg/v1/scripts.js
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
fd0fe4e495939fdf1eeb633dc45c30ceada009346ba0147c143ae29cc8c7b4b3
Security Headers
Name Value
Strict-Transport-Security max-age=300

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=300
content-encoding
gzip
etag
W/"61fee140-9ed2"
age
1043949
x-pantheon-styx-hostname
styx-fe2-b-d8dd6bb59-hq6h2
x-cache
HIT, HIT
x-cloud-trace-context
5b10fcffccb048bbbb09a089c9d861e6/4413733860768993174;o=0
content-length
14091
x-served-by
cache-mdw17383-MDW, cache-hhn4022-HHN
last-modified
Sat, 05 Feb 2022 20:42:40 GMT
server
nginx
traceparent
00-5b10fcffccb048bbbb09a089c9d861e6-3d40bb8fb83fcf96-00
x-timer
S1645296671.182463,VS0,VE2
date
Sat, 19 Feb 2022 18:51:11 GMT
vary
Accept-Encoding
content-type
application/x-javascript
via
1.1 varnish, 1.1 varnish
expires
Wed, 08 Feb 2023 16:52:02 GMT
cache-control
max-age=31622400
accept-ranges
bytes
x-styx-req-id
46096d6d-8836-11ec-867e-aa876aa2fc93
x-cache-hits
1, 1
marketo-from-custom.js
content.secureworks.com/content/app/js/ 		14 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://content.secureworks.com/content/app/js/marketo-from-custom.js?v=02-09-2022
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
91bfe05478e9aa562a5b0f3fe991e6b7201d4282312c48d0fc71b3f5ae7f03ca
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Origin
https://www.secureworks.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 07 Feb 2022 18:03:44 GMT
server
Microsoft-IIS/10.0
etag
"0098b4d1cd81:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=1696672
date
Sat, 19 Feb 2022 18:51:11 GMT
accept-ranges
bytes
content-length
2849
x-content-type-options
nosniff
VisitorIdentification.js
www.secureworks.com/layouts/system/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.secureworks.com/layouts/system/VisitorIdentification.js
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
40.71.249.187 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
7941c043b215ecc58d18e696d42abbd225eb0baa075cb5e31027725cc5312fce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Mon, 04 Jun 2018 10:06:48 GMT
Server
Microsoft-IIS/10.0
ETag
"0ecf0bfebfbd31:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Date
Sat, 19 Feb 2022 18:51:10 GMT
Accept-Ranges
bytes
Content-Length
910
X-Content-Type-Options
nosniff
emergency-icon-02.ashx
content.secureworks.com/-/media/Images/Icons/ 		882 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://content.secureworks.com/-/media/Images/Icons/emergency-icon-02.ashx?modified=20200713133031
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
d64e3512a14d94fc0807a70eccafd1ad6010aab4d91d552f8e3c4d310bff64ce
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 13 Jul 2020 13:30:31 GMT
server
Microsoft-IIS/10.0
etag
3c8ba49ec7994d569f5a624ba34bd1db
content-type
image/png
cache-control
public, max-age=1184872
date
Sat, 19 Feb 2022 18:51:11 GMT
content-disposition
inline; filename="emergency-icon-02.png"
accept-ranges
bytes
content-length
882
x-content-type-options
nosniff
expires
Sat, 05 Mar 2022 11:59:03 GMT
sw_logo_black.ashx
content.secureworks.com/-/media/Images/logos/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://content.secureworks.com/-/media/Images/logos/sw_logo_black.ashx?modified=20200805202625&la=en&hash=1D65C59935DD4F7FBE248940505D051A
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
b5ecd7807e3023d657d18fbe832848e8e65843843ebd748f7225e314b17d5221
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 05 Aug 2020 20:26:25 GMT
server
Microsoft-IIS/10.0
etag
33b882a931e84894a7c864998125bcce
content-type
image/svg+xml
cache-control
public, max-age=1185302
date
Sat, 19 Feb 2022 18:51:11 GMT
content-disposition
inline; filename="sw_logo_black.svg"
accept-ranges
bytes
content-length
4728
x-content-type-options
nosniff
expires
Sat, 05 Mar 2022 12:06:13 GMT
btn-arrow.svg
content.secureworks.com/content/rc/images/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://content.secureworks.com/content/rc/images/btn-arrow.svg
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
11d5ce34f206afb82ddf5e90ac14a2572bf9ee7177623d3a22d961d14bbd71ae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 12 Mar 2021 20:09:08 GMT
server
Microsoft-IIS/10.0
etag
"04a1a8f7b17d71:0"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=1687427
date
Sat, 19 Feb 2022 18:51:11 GMT
accept-ranges
bytes
content-length
2096
x-content-type-options
nosniff
arrow-back.svg
content.secureworks.com/content/rc/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://content.secureworks.com/content/rc/images/arrow-back.svg
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
0a8b1ef45e2622985d8d86e6317525253a50b84b7a37e92b14f2af14f430e10e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 12 Mar 2021 20:09:08 GMT
server
Microsoft-IIS/10.0
etag
"04a1a8f7b17d71:0"
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
public, max-age=1483897
date
Sat, 19 Feb 2022 18:51:11 GMT
accept-ranges
bytes
content-length
1025
x-content-type-options
nosniff
logo-blue-taegis.ashx
content.secureworks.com/-/media/Images/logos/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://content.secureworks.com/-/media/Images/logos/logo-blue-taegis.ashx?modified=20211110212248
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
24849b91ee6d5f169a67d0f0f316ec3d3e7b62454b4a87a3138eb5b87465676c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 10 Nov 2021 21:22:48 GMT
server
Microsoft-IIS/10.0
etag
886eba971f804121baa2dcc7e75813bf
content-type
image/png
cache-control
public, max-age=876745
date
Sat, 19 Feb 2022 18:51:11 GMT
content-disposition
inline; filename="logo-blue-taegis.png"
accept-ranges
bytes
content-length
3947
x-content-type-options
nosniff
expires
Tue, 01 Mar 2022 22:23:36 GMT
emergency-response-red_360x190.ashx
content.secureworks.com/-/media/Images/Contact/Emergency%20Response/ 		41 KB
41 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://content.secureworks.com/-/media/Images/Contact/Emergency%20Response/emergency-response-red_360x190.ashx?modified=20211201205934
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
b777ccbe9576f16bf6f9bc222c6c98fbff019365b13a1beee3571da3458657fb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 01 Dec 2021 20:59:34 GMT
server
Microsoft-IIS/10.0
etag
93a5fb29056b48fab5b7be65e1cf3eb7
content-type
image/png
cache-control
public, max-age=416022
date
Sat, 19 Feb 2022 18:51:11 GMT
content-disposition
inline; filename="emergency-response-red_360x190.png"
accept-ranges
bytes
content-length
41708
x-content-type-options
nosniff
expires
Thu, 24 Feb 2022 14:24:53 GMT
munchkin.js
munchkin.marketo.net/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.234.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-234-67.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Sat, 19 Feb 2022 18:51:11 GMT
Content-Encoding
gzip
Last-Modified
Fri, 29 Oct 2021 01:24:07 GMT
Server
AkamaiNetStorage
ETag
"461ce1cffaadfebf2e7659745618ba8e:1635470647.434977"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
753
gtm.js
www.googletagmanager.com/ 		245 KB
80 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
7a364f1bbc3636e5082cea757606781f376273f8d828498cda680554fc32798a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sat, 19 Feb 2022 18:51:11 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
81453
x-xss-protection
0
last-modified
Sat, 19 Feb 2022 18:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sat, 19 Feb 2022 18:51:11 GMT
why-secureworks-nav-promo_360x190.ashx
content.secureworks.com/-/media/Images/About/Why%20Secureworks/ 		42 KB
43 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://content.secureworks.com/-/media/Images/About/Why%20Secureworks/why-secureworks-nav-promo_360x190.ashx?modified=20211012194821
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
652693cf351da926038bb19decb41b5b58f439e786b26a1a32e9498b2390b9bc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
referrer-policy
no-referrer-when-downgrade
last-modified
Tue, 12 Oct 2021 19:48:21 GMT
server
Microsoft-IIS/10.0
etag
a6811fe9bdce4469b7f75a2dad09f6a8
content-type
image/png
cache-control
public, max-age=755951
date
Sat, 19 Feb 2022 18:51:11 GMT
content-disposition
inline; filename="why-secureworks-nav-promo_360x190.png"
accept-ranges
bytes
content-length
43252
x-content-type-options
nosniff
expires
Mon, 28 Feb 2022 12:50:22 GMT
gpp_overview_image_partner-nav_360x190.ashx
content.secureworks.com/-/media/Images/About/Partners/2021/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://content.secureworks.com/-/media/Images/About/Partners/2021/gpp_overview_image_partner-nav_360x190.ashx?modified=20210204141446
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
aa974801b32114fee16b18ee57d0c14b8e23a8a690830f425c4054ca2b629ace
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 04 Feb 2021 14:14:46 GMT
server
Microsoft-IIS/10.0
etag
3bd4f02a48f64e39bdc89ac66e50b33f
content-type
image/jpeg
cache-control
public, max-age=1816923
date
Sat, 19 Feb 2022 18:51:11 GMT
content-disposition
inline; filename="gpp_overview_image_partner-nav_360x190.jpg"
accept-ranges
bytes
content-length
15086
x-content-type-options
nosniff
expires
Sat, 12 Mar 2022 19:33:14 GMT
adversary-software-coverage_360x190.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Tools/Screens/ 		24 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://content.secureworks.com/-/media/Images/Insights/Resources/Tools/Screens/adversary-software-coverage_360x190.ashx?modified=20210521135420
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
690ffa4f3709f9f45b28bdab7637e0da04880aee1d2d4e9caf4af0a99782a2ac
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 21 May 2021 13:54:20 GMT
server
Microsoft-IIS/10.0
etag
7f320742388f4e31a683ff362b1425f6
content-type
image/jpeg
cache-control
public, max-age=1185406
date
Sat, 19 Feb 2022 18:51:11 GMT
content-disposition
inline; filename="adversary-software-coverage_360x190.jpg"
accept-ranges
bytes
content-length
24997
x-content-type-options
nosniff
expires
Sat, 05 Mar 2022 12:07:57 GMT
SEC03190_Forrester-Wave_Web-Banners_360x190_R1.ashx
content.secureworks.com/-/media/Images/Badges/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://content.secureworks.com/-/media/Images/Badges/SEC03190_Forrester-Wave_Web-Banners_360x190_R1.ashx?modified=20210326185832
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
98eeaeae353fe37b4b82cafa82ebd450fb7aebcd9f8e98f776c75bdb895ac94a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 26 Mar 2021 18:58:32 GMT
server
Microsoft-IIS/10.0
etag
b2a16c99f331437db9655b67d9e9455e
content-type
image/jpeg
cache-control
public, max-age=1186954
date
Sat, 19 Feb 2022 18:51:11 GMT
content-disposition
inline; filename="SEC03190_Forrester-Wave_Web-Banners_360x190_R1.jpg"
accept-ranges
bytes
content-length
10238
x-content-type-options
nosniff
expires
Sat, 05 Mar 2022 12:33:45 GMT
linkedin.ashx
content.secureworks.com/-/media/Images/SharedElements/Footer/ 		966 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://content.secureworks.com/-/media/Images/SharedElements/Footer/linkedin.ashx?modified=20151001162233
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
5a9e4352db3a1f75caf77c79146fd0f059ba043d692bae117b2d291d0c4ac7ad
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 01 Oct 2015 16:22:33 GMT
server
Microsoft-IIS/10.0
etag
0381e34e4c5a42c49da29271c74c47a6
content-type
image/svg+xml
cache-control
public, max-age=1186505
date
Sat, 19 Feb 2022 18:51:11 GMT
content-disposition
inline; filename="linkedin.svg"
accept-ranges
bytes
content-length
966
x-content-type-options
nosniff
expires
Sat, 05 Mar 2022 12:26:16 GMT
twitter.ashx
content.secureworks.com/-/media/Images/SharedElements/Footer/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://content.secureworks.com/-/media/Images/SharedElements/Footer/twitter.ashx?modified=20151001162249
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
e15a809168d9a16a22e0c2428da1fb9541e4288724ad734efd66ef6bafee52d9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
referrer-policy
no-referrer-when-downgrade
last-modified
Thu, 01 Oct 2015 16:22:49 GMT
server
Microsoft-IIS/10.0
etag
ec6990570ccd41139b7ce0f297010c73
content-type
image/svg+xml
cache-control
public, max-age=1185367
date
Sat, 19 Feb 2022 18:51:11 GMT
content-disposition
inline; filename="twitter.svg"
accept-ranges
bytes
content-length
1339
x-content-type-options
nosniff
expires
Sat, 05 Mar 2022 12:07:18 GMT
facebook2.ashx
content.secureworks.com/-/media/Images/SharedElements/Footer/ 		587 B
901 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://content.secureworks.com/-/media/Images/SharedElements/Footer/facebook2.ashx?modified=20190116141121
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
42166c909b8db5b9d362bfc1c28a3f7e06f109aa449a70b3bd293a6e6bf62ac2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 16 Jan 2019 14:11:21 GMT
server
Microsoft-IIS/10.0
etag
83a284c3f8dc4e0695cacbc73ba98d2f
content-type
image/svg+xml
cache-control
public, max-age=1183634
date
Sat, 19 Feb 2022 18:51:11 GMT
content-disposition
inline; filename="facebook2.svg"
accept-ranges
bytes
content-length
587
x-content-type-options
nosniff
expires
Sat, 05 Mar 2022 11:38:25 GMT
github.ashx
content.secureworks.com/-/media/Images/SharedElements/Footer/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://content.secureworks.com/-/media/Images/SharedElements/Footer/github.ashx?modified=20190116135435
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
1a914a4b01d30dc7a83ccf4407787ab02647c601e2e9b174f49cbd190de57313
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
referrer-policy
no-referrer-when-downgrade
last-modified
Wed, 16 Jan 2019 13:54:35 GMT
server
Microsoft-IIS/10.0
etag
1b7369e537844d1a9514570987ea7777
content-type
image/svg+xml
cache-control
public, max-age=1185374
date
Sat, 19 Feb 2022 18:51:11 GMT
content-disposition
inline; filename="github.svg"
accept-ranges
bytes
content-length
1129
x-content-type-options
nosniff
expires
Sat, 05 Mar 2022 12:07:25 GMT
dell-technologies.png
content.secureworks.com/content/app/img/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://content.secureworks.com/content/app/img/dell-technologies.png
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
fe8d0e6533b5e64fe2af6c2740160c4776b6942e1a94cad2ef14afab2566447f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 12 Mar 2021 20:09:08 GMT
server
Microsoft-IIS/10.0
etag
"04a1a8f7b17d71:0"
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=1700021
date
Sat, 19 Feb 2022 18:51:11 GMT
accept-ranges
bytes
content-length
2543
x-content-type-options
nosniff
close.svg
www.secureworks.com/content/rc/images/ 		850 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.secureworks.com/content/rc/images/close.svg
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
40.71.249.187 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
0049c42b57e92164c558905bff7c17441afe55dc569f0062162e77a532964b80
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Referrer-Policy
no-referrer-when-downgrade
Last-Modified
Mon, 15 Jun 2020 08:15:26 GMT
Server
Microsoft-IIS/10.0
ETag
"023ab1fed42d61:0"
Content-Type
image/svg+xml
Access-Control-Allow-Origin
*
Cache-Control
public,max-age=2592000
Date
Sat, 19 Feb 2022 18:51:10 GMT
Accept-Ranges
bytes
Content-Length
850
X-Content-Type-Options
nosniff
libs.min.js
content.secureworks.com/content/app/js/ 		249 KB
66 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://content.secureworks.com/content/app/js/libs.min.js?v=02-09-2022
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
245afe5ee915709f5a6faef0469c2750a4879d364255f9a6a3132a2ce031793d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Origin
https://www.secureworks.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 07 Feb 2022 18:03:44 GMT
server
Microsoft-IIS/10.0
etag
"0098b4d1cd81:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=1696583
date
Sat, 19 Feb 2022 18:51:11 GMT
accept-ranges
bytes
content-length
67582
x-content-type-options
nosniff
main.js
content.secureworks.com/content/app/js/ 		72 KB
19 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://content.secureworks.com/content/app/js/main.js?v=02-09-2022
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
3711dfac94d1e75e2b9e73275888a140598048dcaacfbf92f9d2036452f2bb08
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Origin
https://www.secureworks.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 07 Feb 2022 18:03:44 GMT
server
Microsoft-IIS/10.0
etag
"0098b4d1cd81:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=1696647
date
Sat, 19 Feb 2022 18:51:11 GMT
accept-ranges
bytes
content-length
19122
x-content-type-options
nosniff
products.js
content.secureworks.com/content/rc/js/ 		44 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://content.secureworks.com/content/rc/js/products.js?v=02-09-2022
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
9eb064a8d93265a1b1bb725f0db9c1d209a4efdae9eca7ddc67a094755c64b4f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Origin
https://www.secureworks.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 07 Feb 2022 18:03:44 GMT
server
Microsoft-IIS/10.0
etag
"0098b4d1cd81:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=1696550
date
Sat, 19 Feb 2022 18:51:11 GMT
accept-ranges
bytes
content-length
13755
x-content-type-options
nosniff
default.css
content.secureworks.com/content/app/css/highlighter/ 		1 KB
851 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://content.secureworks.com/content/app/css/highlighter/default.css?v=02-09-2022
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
22494645cd5c6508829ef760cfafdf7292ddfbb824f23a323b6d3f3bd10a2538
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Origin
https://www.secureworks.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 07 Feb 2022 18:03:44 GMT
server
Microsoft-IIS/10.0
etag
"0098b4d1cd81:0"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=1696598
date
Sat, 19 Feb 2022 18:51:11 GMT
accept-ranges
bytes
content-length
580
x-content-type-options
nosniff
highlight.pack.js
content.secureworks.com/content/app/js/libs/ 		50 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://content.secureworks.com/content/app/js/libs/highlight.pack.js?v=02-09-2022
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
154248124c7d6ba28a3d741311104b4d4a503dad23095470f663f2613532c733
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Origin
https://www.secureworks.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
referrer-policy
no-referrer-when-downgrade
last-modified
Mon, 07 Feb 2022 18:03:44 GMT
server
Microsoft-IIS/10.0
etag
"0098b4d1cd81:0"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=1696621
date
Sat, 19 Feb 2022 18:51:11 GMT
accept-ranges
bytes
content-length
20267
x-content-type-options
nosniff
visuelt-light.woff
content.secureworks.com/content/app/fonts/visuelt/ 		63 KB
64 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://content.secureworks.com/content/app/fonts/visuelt/visuelt-light.woff
Requested by
Host: content.secureworks.com
URL: https://content.secureworks.com/content/app/css/main.css?v=02-09-2022
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
bb0a60a6f91d085789101283e6cab2782ab60f6182229a962695d408a3cd7ca3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://content.secureworks.com/content/app/css/main.css?v=02-09-2022
Origin
https://www.secureworks.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 12 Mar 2021 20:09:08 GMT
server
Microsoft-IIS/10.0
etag
"04a1a8f7b17d71:0"
content-type
application/font-woff
access-control-allow-origin
*
cache-control
public, max-age=1425524
date
Sat, 19 Feb 2022 18:51:11 GMT
accept-ranges
bytes
content-length
64920
x-content-type-options
nosniff
visuelt-medium.woff
content.secureworks.com/content/app/fonts/visuelt/ 		36 KB
36 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://content.secureworks.com/content/app/fonts/visuelt/visuelt-medium.woff
Requested by
Host: content.secureworks.com
URL: https://content.secureworks.com/content/app/css/main.css?v=02-09-2022
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
30a584b184cc0bffda4f65106a5440dd18027f5d832d74b56ee5d219b3b48cd6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://content.secureworks.com/content/app/css/main.css?v=02-09-2022
Origin
https://www.secureworks.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 12 Mar 2021 20:09:08 GMT
server
Microsoft-IIS/10.0
etag
"04a1a8f7b17d71:0"
content-type
application/font-woff
access-control-allow-origin
*
cache-control
public, max-age=1333551
date
Sat, 19 Feb 2022 18:51:11 GMT
accept-ranges
bytes
content-length
36448
x-content-type-options
nosniff
icomoon.ttf
content.secureworks.com/content/app/fonts/icomoon/ 		3 KB
3 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://content.secureworks.com/content/app/fonts/icomoon/icomoon.ttf?3dz4z
Requested by
Host: content.secureworks.com
URL: https://content.secureworks.com/content/app/css/main.css?v=02-09-2022
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
50f6d5d4c63ae14f65d7a8a91f989edd305a348fdd279c1dd69b94403d64ac46
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://content.secureworks.com/content/app/css/main.css?v=02-09-2022
Origin
https://www.secureworks.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 12 Mar 2021 20:09:08 GMT
server
Microsoft-IIS/10.0
etag
"04a1a8f7b17d71:0"
content-type
application/font-ttf
access-control-allow-origin
*
cache-control
public, max-age=1342016
date
Sat, 19 Feb 2022 18:51:11 GMT
accept-ranges
bytes
content-length
2736
x-content-type-options
nosniff
visuelt-black.woff
content.secureworks.com/content/app/fonts/visuelt/ 		34 KB
35 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://content.secureworks.com/content/app/fonts/visuelt/visuelt-black.woff
Requested by
Host: content.secureworks.com
URL: https://content.secureworks.com/content/app/css/main.css?v=02-09-2022
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
baacf8d144dbd8a579bde4d8221f515052f5eeb8a3a81cb6415cea17b4e30f9f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://content.secureworks.com/content/app/css/main.css?v=02-09-2022
Origin
https://www.secureworks.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 12 Mar 2021 20:09:08 GMT
server
Microsoft-IIS/10.0
etag
"04a1a8f7b17d71:0"
content-type
application/font-woff
access-control-allow-origin
*
cache-control
public, max-age=1316552
date
Sat, 19 Feb 2022 18:51:11 GMT
accept-ranges
bytes
content-length
35128
x-content-type-options
nosniff
visuelt-regular.woff
content.secureworks.com/content/app/fonts/visuelt/ 		34 KB
34 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://content.secureworks.com/content/app/fonts/visuelt/visuelt-regular.woff
Requested by
Host: content.secureworks.com
URL: https://content.secureworks.com/content/app/css/main.css?v=02-09-2022
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:64::210:6bc1 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Microsoft-IIS/10.0 /
Resource Hash
01922d641b94002b4861c92b1462f8e9008baaa53707603d64a5b97fee783b03
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://content.secureworks.com/content/app/css/main.css?v=02-09-2022
Origin
https://www.secureworks.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
referrer-policy
no-referrer-when-downgrade
last-modified
Fri, 12 Mar 2021 20:09:08 GMT
server
Microsoft-IIS/10.0
etag
"04a1a8f7b17d71:0"
content-type
application/font-woff
access-control-allow-origin
*
cache-control
public, max-age=1326006
date
Sat, 19 Feb 2022 18:51:11 GMT
accept-ranges
bytes
content-length
34560
x-content-type-options
nosniff
track_event
scwx.annuitas.io/wp-json/pdg/v1/ 		2 B
667 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://scwx.annuitas.io/wp-json/pdg/v1/track_event?url=https%3A%2F%2Fwww.secureworks.com%2F404
Requested by
Host: content.secureworks.com
URL: https://content.secureworks.com/content/app/js/jquery-3.6.0.min.js?v=02-09-2022
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
nginx /
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=300
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sat, 19 Feb 2022 18:51:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
x-styx-req-id
e81e0a5c-91b4-11ec-867e-aa876aa2fc93
age
0
access-control-expose-headers
X-WP-Total, X-WP-TotalPages, Link
x-cache
MISS, MISS
x-cache-hits
0, 0
strict-transport-security
max-age=300
content-length
22
via
1.1 varnish, 1.1 varnish
x-served-by
cache-mdw17330-MDW, cache-hhn4055-HHN
access-control-allow-headers
Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
server
nginx
traceparent
00-b03f188dc8fb424499b29d042fb67656-2c52e9cf32934235-00
x-timer
S1645296672.548787,VS0,VE224
vary
Accept-Encoding
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
x-cloud-trace-context
b03f188dc8fb424499b29d042fb67656/3193872161875116597;o=0
accept-ranges
bytes
x-robots-tag
noindex
link
<https://scwx.annuitas.io/wp-json/>; rel="https://api.w.org/"
x-pantheon-styx-hostname
styx-fe2-b-d8dd6bb59-hq6h2
munchkin.js
munchkin.marketo.net/161/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://munchkin.marketo.net/161/munchkin.js
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.234.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-234-67.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
c2aee78040b4ed46c2377e6825db12a9691a2eb584adf338e77312c8978d8537

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Sat, 19 Feb 2022 18:51:11 GMT
Content-Encoding
gzip
Last-Modified
Wed, 08 Sep 2021 00:38:21 GMT
Server
AkamaiNetStorage
ETag
"0e0eefac8daf874e8b1aa34aeb160c52:1631061501.737429"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control
max-age=8640000
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
4681
Expires
Mon, 30 May 2022 18:51:11 GMT
visitWebPage
725-smc-563.mktoresp.com/webevents/ 		2 B
311 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://725-smc-563.mktoresp.com/webevents/visitWebPage?_mchNc=1645296671554&_mchCn=&_mchId=725-SMC-563&_mchTk=_mch-secureworks.com-1645296671553-63445&_mchHo=www.secureworks.com&_mchPo=&_mchRu=%2F404&_mchPc=https%3A&_mchVr=161&_mchEcid=&_mchHa=&_mchRe=&_mchQp=aspxerrorpath%3D%2Fresearch%2Fshadowpad-malware-analysis.
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/161/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software
nginx /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Sat, 19 Feb 2022 18:51:12 GMT
Content-Encoding
gzip
Server
nginx
Transfer-Encoding
chunked
Content-Type
text/plain; charset=UTF-8
Access-Control-Allow-Origin
*
Connection
keep-alive
X-Request-Id
eb4669ad-bbd3-4b03-92cd-f0750db0783d
112cf759-b07b-4df7-b9c1-b87dc63309fb.js
cdn.cookielaw.org/langswitch/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/langswitch/112cf759-b07b-4df7-b9c1-b87dc63309fb.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c5ca0ad73064122932dddb8b1a95ce78abd25cb76569bbb0c7381356bee1dd0e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 19 Feb 2022 18:51:11 GMT
content-encoding
GZIP
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
F0Pi2/A0fvAQwKAiuhBzzA==
age
3652
vary
Accept-Encoding
content-length
669
x-ms-lease-status
unlocked
last-modified
Tue, 25 May 2021 19:11:12 GMT
server
cloudflare
etag
0x8D91FB0DC99F2D0
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
88e3ce2a-601e-012f-6cc9-1f1f89000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6e01af661b72924a-FRA
munchkin.js
munchkin.marketo.net/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: www.secureworks.com
URL: https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.111.234.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-234-67.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Sat, 19 Feb 2022 18:51:11 GMT
Content-Encoding
gzip
Last-Modified
Fri, 29 Oct 2021 01:24:07 GMT
Server
AkamaiNetStorage
ETag
"461ce1cffaadfebf2e7659745618ba8e:1635470647.434977"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
753
6d956ad9-8bc3-46c7-ab7b-880cb9ceb5a8.js
cdn.cookielaw.org/consent/ 		70 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/6d956ad9-8bc3-46c7-ab7b-880cb9ceb5a8.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/langswitch/112cf759-b07b-4df7-b9c1-b87dc63309fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
931763386856012b8fe9f66d734a85f0baa25b4aa987fbad058686853d2dee5e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 19 Feb 2022 18:51:11 GMT
content-encoding
GZIP
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
29Jm71d8iKa0kRVlk+woHg==
age
3651
vary
Accept-Encoding
content-length
17499
x-ms-lease-status
unlocked
last-modified
Tue, 25 May 2021 19:11:22 GMT
server
cloudflare
etag
0x8D91FB0E2536BA0
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
5170b081-001e-0019-02db-11f48e000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6e01af667cc1924a-FRA
expires
Sat, 19 Feb 2022 22:51:11 GMT
optanon.css
cdn.cookielaw.org/skins/6.18.0/default_flat_top_two_button_black/v2/css/ 		23 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/skins/6.18.0/default_flat_top_two_button_black/v2/css/optanon.css
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/6d956ad9-8bc3-46c7-ab7b-880cb9ceb5a8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3ff5e46e97edbe794ecf0c917de78c1ebded3ffd180442254b8dcd670e7a43a5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
de-DE,de;q=0.9
Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 19 Feb 2022 18:51:11 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
kW5shvTE3AECENDpRuU76g==
age
8089
vary
Accept-Encoding
content-length
5551
x-ms-lease-status
unlocked
last-modified
Mon, 24 May 2021 01:24:45 GMT
server
cloudflare
etag
0x8D91E52B6EC4390
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
text/css
access-control-allow-origin
*
x-ms-request-id
3fd9af68-b01e-006d-1ad1-1172c8000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6e01af66edff924a-FRA
jquery-3.3.1.min.js
code.jquery.com/ 		85 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://code.jquery.com/jquery-3.3.1.min.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/consent/6d956ad9-8bc3-46c7-ab7b-880cb9ceb5a8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4de0:ac18::1:a:3a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
nginx /
Resource Hash
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef

Request headers

Referer
https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Origin
https://www.secureworks.com
Accept-Language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Sat, 19 Feb 2022 18:51:11 GMT
content-encoding
gzip
last-modified
Fri, 20 Aug 2021 17:47:53 GMT
server
nginx
etag
W/"611feac9-1538f"
vary
Accept-Encoding
x-hw
1645296671.dop142.am5.t,1645296671.cds224.am5.hn,1645296671.cds006.am5.c
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=315360000, public
accept-ranges
bytes
content-length
30288

Verdicts & Comments Add Verdict or Comment

84 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 function| structuredClone function| $ function| jQuery function| SimpleDTO function| set_elq_quiz_codes object| PDGData object| PDG object| EloquaData object| Eloqua object| Fulfillment object| MarketoCleanup object| MarketoErrors object| MarketoData object| Marketo object| MarketoForm object| MarketoOversight object| MIT object| MITMap object| MITData function| Cookies object| dataLayer function| subscribeEvent function| unsubscribeEvent function| startActivityHandler function| placeCheckerRequest function| placeCssAspxRequest function| timeoutSleep function| getMetatagContent function| Carousel object| core object| __core-js_shared__ function| setImmediate function| clearImmediate object| regeneratorRuntime boolean| _babelPolyfill function| IScroll function| lity function| Url function| $clamp function| initScrollMore function| initLoadMore function| initHeaderPanel function| initCarousel function| initSameHeight function| initRetinaCover function| openExpandedFooterSitemap function| closeExpandedFooterSitemap function| share object| DSW function| SearchResultType boolean| nav_hover number| scrollTop function| preloadImages number| cofset number| win function| countUp object| Vimeo boolean| VimeoPlayerResizeEmbeds_ object| AOS object| hljs function| mktoMunchkinFunction object| Munchkin function| mktoMunchkin object| MunchkinTracker function| postscribe object| google_tag_manager_external object| google_tag_manager object| OneTrust string| containerName string| languageSwitcherFileName string| useDocumentLanguage string| languageSwitcherFilePathPart string| languageSwitcherURL function| getLanguageSwitcherScriptPath function| isLanguageSwitcherFile function| OptanonWrapper undefined| a undefined| c function| jsonFeed object| Optanon string| OnetrustActiveGroups string| OptanonActiveGroups

6 Cookies

Domain/Path Name / Value
.www.secureworks.com/ Name: ApplicationGatewayAffinity
Value: 8f1063a2553f6d7463c035539ccd47851acb1486e1af68c23c004060312a9a93
.www.secureworks.com/ Name: ApplicationGatewayAffinityCORS
Value: 8f1063a2553f6d7463c035539ccd47851acb1486e1af68c23c004060312a9a93
www.secureworks.com/ Name: ASP.NET_SessionId
Value: 3xuwuqdyvngy25k1ejunbdqn
www.secureworks.com/ Name: SC_ANALYTICS_GLOBAL_COOKIE
Value: e20ba415b220401a8e0238f558a9c4e6|False
.secureworks.com/ Name: _mkto_trk
Value: id:725-SMC-563&token:_mch-secureworks.com-1645296671553-63445
.secureworks.com/ Name: OptanonConsent
Value: isIABGlobal=false&datestamp=Sat+Feb+19+2022+18%3A51%3A11+GMT%2B0000+(GMT)&version=6.18.0&landingPath=https%3A%2F%2Fwww.secureworks.com%2F404%3Faspxerrorpath%3D%2Fresearch%2Fshadowpad-malware-analysis.

1 Console Messages

Source Level URL
Text
network error URL: https://www.secureworks.com/404?aspxerrorpath=/research/shadowpad-malware-analysis.
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy object-src 'none'; script-src 'self' 'nonce-Zjc0NjI5ZjgwNTNjNDhkMTliOGFiZjRiNGY5OGEzMjY=' 'sha256-wY8ZJu7Uu8c5AFYGRuoE7SNBraw8IAkl5Yz+glnnte8=' 'sha256-UGfgrQ+GKJogDAQthuGt5lpepOeF3ypbYTr2PPxcBdU=' 'sha256-hUiPqjPAx0BTYk+HP/Ohq7cZFW+CFLUDreW74sIBUJk=' 'sha256-MWnKpq2mO4B+C/F7fLTeifs05WkVCc8Hkl+SzXGUmtI=' 'sha256-QiHtJSgKkeO/qh+2A9GCUt3xk8ONLQAa6uua+j+nHLg=' 'sha256-7+1sMW/o6RcIncEOmuvZbRThB6NRZLwQjvsqQAGehKA=' 'sha256-tYinntSHdpRdg0LwZuBycjWqxaMdCzBdOnOGsSZH2Ho=' 'sha256-DP0AJIADL+tS8s/bg6t7xbMHunrd17JCuOgpyNjxt/M=' 'sha256-sqwbnK0D7p9u3WG0lgAYLYmp/byKS9zlT2eFORz1SDY=' 'sha256-L436NBsgbW4nnr2zz6geY9aouLDwQiH+458+ny7TeJ8=' 'sha256-t21JzuoP0AGVdHYfaGtWzFviQ1hj34OuECR3Ur2P1Dk=' 'sha256-kmGPVWtzfwq6b9fEOy1NmWxrKyxreHZU5tKvRxQpDMA=' 'sha256-SAqGhA/G1eraYlnHKoGwPlIvGfOo45eq5hoyKq2LnUY=' 'sha256-+08d4MzO/if2DlZslM+0a0gvpYaPHK7ilzV9yUXHxRo=' 'sha256-5RKybv4IYG3Rt1CcIXoS1OAD7D0vjWLop/a6KVpWxM0=' 'sha256-N/Mk5WIdXnJRlsc5rmMcLJsovC5ozGJ5BmVdRxKOeNc=' 'sha256-XJEfHQ97N7xwKM6MQXMpabeUHxVT647JYAYwrOX6sQQ=' 'sha256-sdKFLBOaDq01ySztbW/n0JnIwsMIlCr7AaMAznJOqA0=' 'sha256-7pyFNQ34QDbIyjfqF4dboUBH/FqtGtJgw7KPgC+aKY8=' 'sha256-yYGe3YxZ1stILsg6s+TKQ7ACovlrQ/V7H5hpGiko1EI=' 'sha256-JcTUCZru8bIzmyUfGjmyP1Nwn0ccUuwLyJA5/jgV2jI=' 'sha256-zEF/ALwwDYV2nZ+rdYGh2XpjU1lbO3oZ2osZayOlmpw=' 'sha256-ErdS+5vyua60ApoR4T4MK5hMhAxO8I75iqTuR4st0lk=' 'sha256-dgOinhXczUSm4ADnOKjecy4HqoIpihiWY1xMUGi3KiE=' 'sha256-bAZaADjFxXYURQUP9Z4p4eiIim+gCGst1ZWemjLGJxo=' 'sha256-x3E2vOOOHY24kNAmZOQxorAyW5o6cX3R7J5Jg+RTqZY=' 'sha256-WJHVKi7ReHnWJF4AUmd9vWDpqeX8GVtEsyAJP01M130=' 'sha256-mvYU2m+aQi6xWWVpxauZ/UaXg+HkwxCv4r/qVBDAm3A=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-Ov0LRI92VqZTYbOhyIvK8iFCm9rBs/HXaYLwlDMrra0=' 'sha256-HjgaVwCCuGQHih00gvN/PUGZuGwVIWd/6sThgUEi83E=' 'sha256-7oEVqsTDSU0XTGoiH3B7bXM3sMDjv58JCTndWi8pUKw=' https://code.jquery.com https://js-agent.newrelic.com https://bam.nr-data.net https://content.secureworks.com https://pcdnscwx001.azureedge.net https://live-scwx-pe.pantheonsite.io https://marketo-scwx-pe.pantheonsite.io https://munchkin.marketo.net https://app-ab44.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://tagmanager.google.com https://translate.google.com https://bat.bing.com https://connect.facebook.net https://ad.atdmt.com https://static.ads-twitter.com https://analytics.twitter.com https://www.linkedin.com https://px.ads.linkedin.com https://snap.licdn.com https://sjs.bizographics.com https://*.vimeo.com https://*.vimeocdn.com https://j.6sc.co https://b.6sc.co https://*.6sc.co https://epsilon.6sense.com https://*.rlcdn.com https://gateway.zscaler.net https://scwx.annuitas.io https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://widgets.ziftsolutions.com https://hammock.hotprofile.biz https://transfertool.hotprofile.biz/production/ https://m-store-hammock.hot-profile.com/hot-profile/ https://wa2.hot-profile.com https://*.on24.com https://*.ceros.com https://*.js.ubembed.com https://assets.ubembed.com https://*.redditstatic.com; img-src 'self' https://*.vimeo.com https://*.vimeocdn.com content.secureworks.com pcdnscwx001.azureedge.net id.rlcdn.com www.googletagmanager.com cdn.cookielaw.org fonts.gstatic.com optanon.blob.core.windows.net web.secureworks.com attr.ml-api.io bat.bing.com www.google-analytics.com j.6sc.co b.6sc.co c.6sc.co epsilon.6sense.com www.google.com attr.ml-api.io attr.ml-api.io s.ml-attr.com www.google.com.ua secure.adnxs.com apt.techtarget.com id.rlcdn.com px.ads.linkedin.com p.adsymptotic.com www.linkedin.com static.ziftsolutions.com *.crazyegg.com *.ubembed.com *.redditstatic.com alb.reddit.com; frame-ancestors 'none';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

725-smc-563.mktoresp.com
cdn.cookielaw.org
code.jquery.com
content.secureworks.com
munchkin.marketo.net
scwx.annuitas.io
www.googletagmanager.com
www.secureworks.com
104.111.234.67
192.28.144.124
2001:4de0:ac18::1:a:3a
2606:4700::6810:9540
2620:12a:8001::2
2a00:1450:4001:828::2008
2a02:26f0:64::210:6bc1
40.71.249.187
0049c42b57e92164c558905bff7c17441afe55dc569f0062162e77a532964b80
01922d641b94002b4861c92b1462f8e9008baaa53707603d64a5b97fee783b03
0901a21f5e064e1345bfb0517cf00b2a0b7ba6719ed4e27c51dd7e8442c29f62
0a8b1ef45e2622985d8d86e6317525253a50b84b7a37e92b14f2af14f430e10e
11d5ce34f206afb82ddf5e90ac14a2572bf9ee7177623d3a22d961d14bbd71ae
154248124c7d6ba28a3d741311104b4d4a503dad23095470f663f2613532c733
160a426ff2894252cd7cebbdd6d6b7da8fcd319c65b70468f10b6690c45d02ef
1a914a4b01d30dc7a83ccf4407787ab02647c601e2e9b174f49cbd190de57313
22494645cd5c6508829ef760cfafdf7292ddfbb824f23a323b6d3f3bd10a2538
245afe5ee915709f5a6faef0469c2750a4879d364255f9a6a3132a2ce031793d
24849b91ee6d5f169a67d0f0f316ec3d3e7b62454b4a87a3138eb5b87465676c
30a584b184cc0bffda4f65106a5440dd18027f5d832d74b56ee5d219b3b48cd6
3711dfac94d1e75e2b9e73275888a140598048dcaacfbf92f9d2036452f2bb08
3ff5e46e97edbe794ecf0c917de78c1ebded3ffd180442254b8dcd670e7a43a5
42166c909b8db5b9d362bfc1c28a3f7e06f109aa449a70b3bd293a6e6bf62ac2
4b90f89c612240646597233559a6c0668a84ad39d3efe5d3198dd1e0d69a1e10
4bf3aca933aa233702f890083af601fb16149ec8a17f8c1b90d30450562bde08
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
50f6d5d4c63ae14f65d7a8a91f989edd305a348fdd279c1dd69b94403d64ac46
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5a9e4352db3a1f75caf77c79146fd0f059ba043d692bae117b2d291d0c4ac7ad
652693cf351da926038bb19decb41b5b58f439e786b26a1a32e9498b2390b9bc
690ffa4f3709f9f45b28bdab7637e0da04880aee1d2d4e9caf4af0a99782a2ac
7941c043b215ecc58d18e696d42abbd225eb0baa075cb5e31027725cc5312fce
7a364f1bbc3636e5082cea757606781f376273f8d828498cda680554fc32798a
91bfe05478e9aa562a5b0f3fe991e6b7201d4282312c48d0fc71b3f5ae7f03ca
931763386856012b8fe9f66d734a85f0baa25b4aa987fbad058686853d2dee5e
98eeaeae353fe37b4b82cafa82ebd450fb7aebcd9f8e98f776c75bdb895ac94a
9eb064a8d93265a1b1bb725f0db9c1d209a4efdae9eca7ddc67a094755c64b4f
aa974801b32114fee16b18ee57d0c14b8e23a8a690830f425c4054ca2b629ace
b5ecd7807e3023d657d18fbe832848e8e65843843ebd748f7225e314b17d5221
b777ccbe9576f16bf6f9bc222c6c98fbff019365b13a1beee3571da3458657fb
baacf8d144dbd8a579bde4d8221f515052f5eeb8a3a81cb6415cea17b4e30f9f
bb0a60a6f91d085789101283e6cab2782ab60f6182229a962695d408a3cd7ca3
c2aee78040b4ed46c2377e6825db12a9691a2eb584adf338e77312c8978d8537
c5ca0ad73064122932dddb8b1a95ce78abd25cb76569bbb0c7381356bee1dd0e
ce9d07500ad91ec2b524c270764ec4c9a33e78320d8d374ec400ede488f6251b
d64e3512a14d94fc0807a70eccafd1ad6010aab4d91d552f8e3c4d310bff64ce
db61679243f9f3b5a03de90b1ad228130ad3e87b79b9d153ce1ca6afbdf9a2b0
e15a809168d9a16a22e0c2428da1fb9541e4288724ad734efd66ef6bafee52d9
fa85f97108080f24b26ca0450d471edf522d233337c1b73e41ab4a27d19ac94f
fd0fe4e495939fdf1eeb633dc45c30ceada009346ba0147c143ae29cc8c7b4b3
fe8d0e6533b5e64fe2af6c2740160c4776b6942e1a94cad2ef14afab2566447f