
www.trendmicro.com
Open in
urlscan Pro
23.220.128.204
Public Scan
Effective URL: https://www.trendmicro.com/en_us/research/23/a/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html
Submission: On January 16 via api from DE — Scanned from US
Summary
TLS certificate: Issued by Entrust Certification Authority - L1M on October 19th 2024. Valid for: a year.
This is the only time www.trendmicro.com was scanned on urlscan.io!
urlscan.io Verdict: No classification
Domain & IP information
ASN16625 (AKAMAI-AS, US)
PTR: a23-220-128-204.deploy.static.akamaitechnologies.com
www.trendmicro.com |
ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
trendmicro.scene7.com |
ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
assets.adobedtm.com |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 192.125.201.35.bc.googleusercontent.com
cdn.bc0a.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-18-232-202-41.compute-1.amazonaws.com
dpm.demdex.net |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 12.194.111.34.bc.googleusercontent.com
ixfd2-api.bc0a.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-34-216-201-179.us-west-2.compute.amazonaws.com
cm.everesttech.net |
ASN14618 (AMAZON-AES, US)
PTR: ip-63-140-39-22.data.adobedc.net
tmi.tt.omtrdc.net |
ASN14618 (AMAZON-AES, US)
secure.quantserve.com | |
pixel.quantserve.com |
ASN16625 (AKAMAI-AS, US)
PTR: a23-13-172-203.deploy.static.akamaitechnologies.com
munchkin.marketo.net |
ASN15169 (GOOGLE, US)
PTR: bj-in-f156.1e100.net
www.googleadservices.com |
ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
sjs.bizographics.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-3-232-30-23.compute-1.amazonaws.com
resources.xg4ken.com |
ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-iad3.fbcdn.net
connect.facebook.net |
ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
PTR: a23-212-251-6.deploy.static.akamaitechnologies.com
j.6sc.co | |
c.6sc.co | |
b.6sc.co |
ASN16509 (AMAZON-02, US)
PTR: server-3-171-76-65.iad89.r.cloudfront.net
widget.equally.ai |
ASN16625 (AKAMAI-AS, US)
PTR: a23-13-158-87.deploy.static.akamaitechnologies.com
origin.acuityplatform.com |
ASN60068 (CDN77 Datacamp Limited, GB)
PTR: 37-19-207-34.bunnyinfra.net
load.sumome.com |
ASN14618 (AMAZON-AES, US)
PTR: ec2-52-207-34-249.compute-1.amazonaws.com
tags.srv.stackadapt.com |
ASN15169 (GOOGLE, US)
PTR: bc-in-f97.1e100.net
www.googletagmanager.com |
ASN16509 (AMAZON-02, US)
PTR: server-3-167-72-96.iad61.r.cloudfront.net
js.adsrvr.org |
ASN29990 (ASN-APPNEX, US)
PTR: s.ml-attr.com.pxlsrv.net
s.ml-attr.com |
ASN29990 (ASN-APPNEX, US)
PTR: 676.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
secure.adnxs.com |
ASN16509 (AMAZON-02, US)
rules.quantcount.com |
ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com | |
www.linkedin.com |
ASN20940 (AKAMAI-ASN1 Akamai International B.V., NL)
ipv6.6sc.co |
ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com
ibc-flow.techtarget.com |
ASN15169 (GOOGLE, US)
PTR: ww-in-f156.1e100.net
googleads.g.doubleclick.net |
ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-iad3.facebook.com
www.facebook.com |
ASN15169 (GOOGLE, US)
PTR: bc-in-f149.1e100.net
5427711.fls.doubleclick.net | |
9572106.fls.doubleclick.net |
ASN15169 (GOOGLE, US)
PTR: bc-in-f148.1e100.net
9572106.fls.doubleclick.net |
ASN15169 (GOOGLE, US)
PTR: bk-in-f102.1e100.net
www.google-analytics.com |
ASN16509 (AMAZON-02, US)
PTR: afe865822f884bb48.awsglobalaccelerator.com
epsilon.6sense.com |
ASN16509 (AMAZON-02, US)
PTR: ec2-54-71-184-33.us-west-2.compute.amazonaws.com
sumome.com |
ASN16509 (AMAZON-02, US)
PTR: afe865822f884bb48.awsglobalaccelerator.com
eps.6sc.co |
ASN16509 (AMAZON-02, US)
PTR: server-3-171-76-19.iad89.r.cloudfront.net
v.eps.6sc.co |
ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com
insight.adsrvr.org | |
match.adsrvr.org |
ASN14618 (AMAZON-AES, US)
PTR: ec2-44-215-74-59.compute-1.amazonaws.com
lb.prod.equally.ai |
Apex Domain Subdomains |
Transfer | |
---|---|---|
52 |
trendmicro.com
3 redirects
www.trendmicro.com resources.trendmicro.com trendmicro.com |
6 MB |
25 |
tiqcdn.com
tags.tiqcdn.com — Cisco Umbrella Rank: 1287 |
71 KB |
19 |
6sc.co
j.6sc.co — Cisco Umbrella Rank: 5650 c.6sc.co — Cisco Umbrella Rank: 6635 ipv6.6sc.co — Cisco Umbrella Rank: 5817 b.6sc.co — Cisco Umbrella Rank: 3773 eps.6sc.co — Cisco Umbrella Rank: 13280 v.eps.6sc.co — Cisco Umbrella Rank: 13786 |
24 KB |
14 |
sumome.com
1 redirects
load.sumome.com — Cisco Umbrella Rank: 21873 sumome.com — Cisco Umbrella Rank: 20217 |
436 KB |
13 |
doubleclick.net
3 redirects
googleads.g.doubleclick.net — Cisco Umbrella Rank: 45 5427711.fls.doubleclick.net — Cisco Umbrella Rank: 997723 td.doubleclick.net — Cisco Umbrella Rank: 167 ad.doubleclick.net — Cisco Umbrella Rank: 155 9572106.fls.doubleclick.net |
7 KB |
9 |
googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 37 |
889 KB |
9 |
scene7.com
trendmicro.scene7.com |
219 KB |
8 |
google-analytics.com
ssl.google-analytics.com — Cisco Umbrella Rank: 972 www.google-analytics.com — Cisco Umbrella Rank: 38 |
41 KB |
8 |
cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 342 |
203 KB |
7 |
linkedin.com
4 redirects
px.ads.linkedin.com — Cisco Umbrella Rank: 321 www.linkedin.com — Cisco Umbrella Rank: 662 px4.ads.linkedin.com — Cisco Umbrella Rank: 7068 |
4 KB |
6 |
equally.ai
widget.equally.ai — Cisco Umbrella Rank: 133673 lb.prod.equally.ai — Cisco Umbrella Rank: 76472 |
95 KB |
4 |
google.com
www.google.com — Cisco Umbrella Rank: 3 |
192 B |
4 |
stackadapt.com
tags.srv.stackadapt.com — Cisco Umbrella Rank: 2632 |
10 KB |
3 |
adnxs.com
2 redirects
secure.adnxs.com — Cisco Umbrella Rank: 474 |
3 KB |
3 |
adsrvr.org
1 redirects
js.adsrvr.org — Cisco Umbrella Rank: 1305 insight.adsrvr.org — Cisco Umbrella Rank: 947 match.adsrvr.org — Cisco Umbrella Rank: 373 |
7 KB |
3 |
bing.com
bat.bing.com — Cisco Umbrella Rank: 358 |
15 KB |
3 |
addtoany.com
static.addtoany.com — Cisco Umbrella Rank: 4388 |
28 KB |
3 |
techtarget.com
trk.techtarget.com — Cisco Umbrella Rank: 26159 ibc-flow.techtarget.com — Cisco Umbrella Rank: 22652 |
2 KB |
2 |
6sense.com
epsilon.6sense.com — Cisco Umbrella Rank: 9079 |
661 B |
2 |
twitter.com
analytics.twitter.com — Cisco Umbrella Rank: 1030 |
1 KB |
2 |
t.co
t.co — Cisco Umbrella Rank: 943 |
1 KB |
2 |
facebook.com
www.facebook.com — Cisco Umbrella Rank: 120 |
213 B |
2 |
acuityplatform.com
origin.acuityplatform.com — Cisco Umbrella Rank: 21807 e.acuityplatform.com — Cisco Umbrella Rank: 18511 |
3 KB |
2 |
facebook.net
connect.facebook.net — Cisco Umbrella Rank: 180 |
77 KB |
2 |
googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 88 |
24 KB |
2 |
marketo.net
munchkin.marketo.net — Cisco Umbrella Rank: 2912 |
6 KB |
2 |
quantserve.com
secure.quantserve.com — Cisco Umbrella Rank: 1648 pixel.quantserve.com — Cisco Umbrella Rank: 1053 |
10 KB |
2 |
demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 256 trendmicro.demdex.net Failed |
2 KB |
2 |
bc0a.com
cdn.bc0a.com — Cisco Umbrella Rank: 11977 ixfd2-api.bc0a.com — Cisco Umbrella Rank: 14894 |
14 KB |
2 |
youtube.com
www.youtube.com — Cisco Umbrella Rank: 79 |
12 KB |
2 |
cludo.com
customer.cludo.com — Cisco Umbrella Rank: 16448 |
81 KB |
1 |
mktoresp.com
605-sfw-393.mktoresp.com — Cisco Umbrella Rank: 733097 |
318 B |
1 |
quantcount.com
rules.quantcount.com — Cisco Umbrella Rank: 1689 |
447 B |
1 |
ml-api.io
attr.ml-api.io — Cisco Umbrella Rank: 19205 |
279 B |
1 |
ml-attr.com
1 redirects
s.ml-attr.com — Cisco Umbrella Rank: 17331 |
283 B |
1 |
ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 1051 |
16 KB |
1 |
xg4ken.com
resources.xg4ken.com — Cisco Umbrella Rank: 7939 |
4 KB |
1 |
bizographics.com
sjs.bizographics.com — Cisco Umbrella Rank: 49732 |
17 KB |
1 |
omtrdc.net
tmi.tt.omtrdc.net |
10 KB |
1 |
everesttech.net
1 redirects
cm.everesttech.net — Cisco Umbrella Rank: 1590 |
490 B |
1 |
gstatic.com
fonts.gstatic.com |
47 KB |
1 |
onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 514 |
306 B |
1 |
adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 417 |
72 KB |
1 |
googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 30 |
2 KB |
218 | 44 |
Domain | Requested by | |
---|---|---|
50 | www.trendmicro.com |
1 redirects
www.trendmicro.com
|
25 | tags.tiqcdn.com |
www.trendmicro.com
|
11 | b.6sc.co |
www.trendmicro.com
|
9 | www.googletagmanager.com |
tags.tiqcdn.com
www.googletagmanager.com www.google-analytics.com |
9 | trendmicro.scene7.com |
www.trendmicro.com
|
8 | load.sumome.com |
1 redirects
www.trendmicro.com
|
8 | cdn.cookielaw.org |
www.trendmicro.com
cdn.cookielaw.org |
6 | sumome.com |
load.sumome.com
www.trendmicro.com |
6 | www.google-analytics.com |
tags.tiqcdn.com
www.googletagmanager.com www.google-analytics.com www.trendmicro.com |
5 | px.ads.linkedin.com |
3 redirects
www.trendmicro.com
|
4 | lb.prod.equally.ai |
www.trendmicro.com
|
4 | td.doubleclick.net |
www.googletagmanager.com
|
4 | www.google.com |
www.googletagmanager.com
www.trendmicro.com |
4 | tags.srv.stackadapt.com |
tags.tiqcdn.com
www.trendmicro.com tags.srv.stackadapt.com |
3 | v.eps.6sc.co |
www.trendmicro.com
|
3 | googleads.g.doubleclick.net |
1 redirects
www.trendmicro.com
|
3 | secure.adnxs.com |
2 redirects
www.trendmicro.com
|
3 | bat.bing.com |
www.googletagmanager.com
www.trendmicro.com |
3 | static.addtoany.com |
tags.tiqcdn.com
static.addtoany.com www.trendmicro.com |
2 | eps.6sc.co |
j.6sc.co
|
2 | epsilon.6sense.com |
www.trendmicro.com
|
2 | 9572106.fls.doubleclick.net |
1 redirects
www.googletagmanager.com
|
2 | ad.doubleclick.net |
www.trendmicro.com
|
2 | 5427711.fls.doubleclick.net |
1 redirects
www.googletagmanager.com
|
2 | analytics.twitter.com |
www.trendmicro.com
|
2 | t.co |
www.trendmicro.com
|
2 | www.facebook.com |
www.trendmicro.com
|
2 | ibc-flow.techtarget.com |
www.trendmicro.com
|
2 | widget.equally.ai |
tags.tiqcdn.com
widget.equally.ai |
2 | connect.facebook.net |
tags.tiqcdn.com
connect.facebook.net |
2 | ssl.google-analytics.com |
tags.tiqcdn.com
www.trendmicro.com |
2 | www.googleadservices.com |
www.trendmicro.com
|
2 | munchkin.marketo.net |
tags.tiqcdn.com
munchkin.marketo.net |
2 | dpm.demdex.net |
assets.adobedtm.com
www.trendmicro.com |
2 | www.youtube.com |
www.trendmicro.com
www.youtube.com |
2 | customer.cludo.com |
www.trendmicro.com
|
1 | match.adsrvr.org |
www.trendmicro.com
|
1 | insight.adsrvr.org | 1 redirects |
1 | pixel.quantserve.com |
www.trendmicro.com
|
1 | e.acuityplatform.com |
www.trendmicro.com
|
1 | 605-sfw-393.mktoresp.com |
munchkin.marketo.net
|
1 | ipv6.6sc.co |
www.trendmicro.com
|
1 | c.6sc.co |
www.trendmicro.com
|
1 | px4.ads.linkedin.com |
www.trendmicro.com
|
1 | www.linkedin.com | 1 redirects |
1 | rules.quantcount.com |
secure.quantserve.com
|
1 | attr.ml-api.io |
www.trendmicro.com
|
1 | s.ml-attr.com | 1 redirects |
1 | js.adsrvr.org |
www.trendmicro.com
|
1 | trk.techtarget.com |
tags.tiqcdn.com
|
1 | origin.acuityplatform.com |
tags.tiqcdn.com
|
1 | static.ads-twitter.com |
tags.tiqcdn.com
|
1 | j.6sc.co |
tags.tiqcdn.com
|
1 | trendmicro.com | 1 redirects |
1 | resources.trendmicro.com | 1 redirects |
1 | resources.xg4ken.com |
www.trendmicro.com
|
1 | sjs.bizographics.com |
tags.tiqcdn.com
|
1 | secure.quantserve.com |
tags.tiqcdn.com
|
1 | tmi.tt.omtrdc.net |
www.trendmicro.com
|
1 | cm.everesttech.net | 1 redirects |
1 | fonts.gstatic.com |
fonts.googleapis.com
|
1 | ixfd2-api.bc0a.com |
cdn.bc0a.com
|
1 | geolocation.onetrust.com |
cdn.cookielaw.org
|
1 | cdn.bc0a.com |
tags.tiqcdn.com
|
1 | assets.adobedtm.com |
tags.tiqcdn.com
|
1 | fonts.googleapis.com |
www.trendmicro.com
|
0 | trendmicro.demdex.net Failed |
www.trendmicro.com
|
218 | 67 |
This site contains links to these domains. Also see Links.
Subject Issuer | Validity | Valid | |
---|---|---|---|
www.trendmicro.com Entrust Certification Authority - L1M |
2024-10-19 - 2025-11-18 |
a year | crt.sh |
cookielaw.org WE1 |
2024-12-09 - 2025-03-09 |
3 months | crt.sh |
upload.video.google.com WR2 |
2024-12-09 - 2025-03-03 |
3 months | crt.sh |
customer.cludo.com WE1 |
2024-12-22 - 2025-03-22 |
3 months | crt.sh |
tags.tiqcdn.com Amazon RSA 2048 M02 |
2024-03-19 - 2025-04-17 |
a year | crt.sh |
*.scene7.com DigiCert TLS RSA SHA256 2020 CA1 |
2024-10-09 - 2025-10-11 |
a year | crt.sh |
*.google.com WR2 |
2024-12-09 - 2025-03-03 |
3 months | crt.sh |
assets.adobedtm.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2024-07-09 - 2025-08-09 |
a year | crt.sh |
cdn.bc0a.com WR3 |
2024-12-28 - 2025-03-29 |
3 months | crt.sh |
geolocation.onetrust.com WE1 |
2024-12-09 - 2025-03-09 |
3 months | crt.sh |
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2024-09-25 - 2025-10-26 |
a year | crt.sh |
ixfd-api.bc0a.com WR3 |
2024-12-05 - 2025-03-05 |
3 months | crt.sh |
*.gstatic.com WR2 |
2024-12-09 - 2025-03-03 |
3 months | crt.sh |
*.tt.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1 |
2024-02-26 - 2025-03-28 |
a year | crt.sh |
*.google-analytics.com WR2 |
2024-12-09 - 2025-03-03 |
3 months | crt.sh |
quantserve.com R11 |
2024-12-21 - 2025-03-21 |
3 months | crt.sh |
*.marketo.net DigiCert TLS RSA SHA256 2020 CA1 |
2024-10-22 - 2025-10-24 |
a year | crt.sh |
*.googleadservices.com WR2 |
2024-12-09 - 2025-03-03 |
3 months | crt.sh |
js.bizographics.com DigiCert SHA2 Secure Server CA |
2024-07-12 - 2025-07-11 |
a year | crt.sh |
*.xg4ken.com Go Daddy Secure Certificate Authority - G2 |
2024-10-29 - 2025-11-30 |
a year | crt.sh |
*.facebook.com DigiCert SHA2 High Assurance Server CA |
2024-10-25 - 2025-01-23 |
3 months | crt.sh |
6sc.co R11 |
2024-12-20 - 2025-03-20 |
3 months | crt.sh |
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2024-06-25 - 2025-06-24 |
a year | crt.sh |
equally.ai Amazon RSA 2048 M03 |
2024-04-05 - 2025-05-03 |
a year | crt.sh |
*.acuityplatform.com DigiCert TLS RSA SHA256 2020 CA1 |
2024-12-05 - 2025-12-05 |
a year | crt.sh |
trk.techtarget.com WE1 |
2025-01-16 - 2025-04-16 |
3 months | crt.sh |
*.srv.stackadapt.com Amazon RSA 2048 M03 |
2024-08-09 - 2025-09-06 |
a year | crt.sh |
static.addtoany.com WE1 |
2025-01-02 - 2025-04-02 |
3 months | crt.sh |
www.bing.com Microsoft Azure RSA TLS Issuing CA 08 |
2024-12-15 - 2025-06-13 |
6 months | crt.sh |
*.adsrvr.org GlobalSign GCC R3 DV TLS CA 2020 |
2024-04-23 - 2025-05-25 |
a year | crt.sh |
www.linkedin.com DigiCert SHA2 Secure Server CA |
2024-10-14 - 2025-04-14 |
6 months | crt.sh |
*.adnxs.com GeoTrust ECC CA 2018 |
2024-02-14 - 2025-03-16 |
a year | crt.sh |
ibc-flow.techtarget.com WR3 |
2024-12-20 - 2025-03-20 |
3 months | crt.sh |
t.co E6 |
2024-11-26 - 2025-02-24 |
3 months | crt.sh |
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2024-10-07 - 2025-10-06 |
a year | crt.sh |
*.mktoresp.com DigiCert Global G2 TLS RSA SHA256 2020 CA1 |
2024-08-15 - 2025-09-15 |
a year | crt.sh |
*.doubleclick.net WR2 |
2024-12-09 - 2025-03-03 |
3 months | crt.sh |
*.g.doubleclick.net WR2 |
2024-12-09 - 2025-03-03 |
3 months | crt.sh |
epsilon.6sense.com Amazon RSA 2048 M02 |
2024-10-02 - 2025-11-01 |
a year | crt.sh |
load.sumome.com R10 |
2024-12-09 - 2025-03-09 |
3 months | crt.sh |
*.sumome.com Amazon RSA 2048 M03 |
2024-12-18 - 2026-01-17 |
a year | crt.sh |
eps.6sc.co Amazon RSA 2048 M03 |
2024-08-27 - 2025-09-25 |
a year | crt.sh |
v.eps.6sc.co Amazon RSA 2048 M03 |
2024-09-06 - 2025-10-05 |
a year | crt.sh |
*.prod.equally.ai Sectigo RSA Domain Validation Secure Server CA |
2024-11-21 - 2025-12-22 |
a year | crt.sh |
This page contains 11 frames:
Primary Page:
https://www.trendmicro.com/en_us/research/23/a/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html
Frame ID: 736FBAA4C10575574175565E6C00E7F0
Requests: 199 HTTP requests in this frame
Frame:
https://trendmicro.demdex.net/dest5.html?d_nsid=0
Frame ID: A063F23512EBDDFECFA31E0962E83030
Requests: 1 HTTP requests in this frame
Frame:
https://www.googletagmanager.com/static/service_worker/51f0/sw_iframe.html?origin=https%3A%2F%2Fwww.trendmicro.com
Frame ID: ABA542101BC419843316DEFDEB7B9451
Requests: 1 HTTP requests in this frame
Frame:
https://static.addtoany.com/menu/sm.25.html
Frame ID: A0AB03FEC69CBA86EE7A817E443F9FCE
Requests: 1 HTTP requests in this frame
Frame:
https://5427711.fls.doubleclick.net/activityi;dc_pre=CKPx7tXt-YoDFfcJiAkdisMkCQ;src=5427711;type=remar0;cat=allsi0;ord=1;num=8981824894662;npa=0;auiddc=1221565945.1737017293;u1=%2Fen_us%2Fresearch%2F23%2Fa%2Fbatloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html;ps=1;pcor=208799845;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe51d0v9188098692z872003116za201zb72003116;gcd=13l3l3l3l1l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102123608~102198178;epver=2;~oref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fa%2Fbatloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html
Frame ID: 92394268A4E09C99BDBE8A6B8CC83EEC
Requests: 1 HTTP requests in this frame
Frame:
https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=5427711;type=remar0;cat=allsi0;ord=1;num=8981824894662;npa=0;auiddc=1221565945.1737017293;u1=%2Fen_us%2Fresearch%2F23%2Fa%2Fbatloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html;ps=1;pcor=208799845;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe51d0v9188098692z872003116za201zb72003116;gcd=13l3l3l3l1l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102123608~102198178;epver=2;~oref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fa%2Fbatloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html
Frame ID: 8978338E67FA1017FA04C75983CFB765
Requests: 1 HTTP requests in this frame
Frame:
https://9572106.fls.doubleclick.net/activityi;dc_pre=CLLw8tXt-YoDFfUkiAkdVQksNg;src=9572106;type=trend002;cat=globa0;ord=7424441011449;npa=0;auiddc=1221565945.1737017293;u1=%2Fen_us%2Fresearch%2F23%2Fa%2Fbatloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html;ps=1;pcor=1278588223;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe51d0v9190653197z872003116za201zb72003116;gcd=13l3l3l3l1l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102123607~102198178;epver=2;~oref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fa%2Fbatloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html
Frame ID: 0B511054736F6723EDCD1EA7E06DBF7D
Requests: 1 HTTP requests in this frame
Frame:
https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=9572106;type=trend002;cat=globa0;ord=7424441011449;npa=0;auiddc=1221565945.1737017293;u1=%2Fen_us%2Fresearch%2F23%2Fa%2Fbatloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html;ps=1;pcor=1278588223;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe51d0v9190653197z872003116za201zb72003116;gcd=13l3l3l3l1l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102123607~102198178;epver=2;~oref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fa%2Fbatloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html
Frame ID: AA95FCAABB33700EAE56C11AB6A55151
Requests: 1 HTTP requests in this frame
Frame:
https://td.doubleclick.net/td/rul/929919117?random=1737017293201&cv=11&fst=1737017293201&fmt=3&bg=ffffff&guid=ON&async=1>m=45be51d0v886840403z872003116za201zb72003116&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102123607~102198178&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fa%2Fbatloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html&hn=www.googleadservices.com&frm=0&tiba=Batloader%20Malware%20Abuses%20Legitimate%20Tools%20Uses%20Obfuscated%20JavaScript%20Files%20in%20Q4%202022%20Attacks%20%7C%20Trend%20Micro%20(US)&npa=0&pscdl=noapi&auid=1221565945.1737017293&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1
Frame ID: 123B011869BFFD310D388FF6268C9045
Requests: 1 HTTP requests in this frame
Frame:
https://td.doubleclick.net/td/rul/929919117?random=1737017293233&cv=11&fst=1737017293233&fmt=3&bg=ffffff&guid=ON&async=1>m=45be51d0v886840403z872003116za201zb72003116&gcd=13l3l3l3l1l1&dma=0&tag_exp=101925629~102067555~102067808~102081485~102123607~102198178&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fa%2Fbatloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html&hn=www.googleadservices.com&frm=0&tiba=Batloader%20Malware%20Abuses%20Legitimate%20Tools%20Uses%20Obfuscated%20JavaScript%20Files%20in%20Q4%202022%20Attacks%20%7C%20Trend%20Micro%20(US)&npa=0&pscdl=noapi&auid=1221565945.1737017293&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1
Frame ID: 8999C69E578E256BE23CC49BFF70D77F
Requests: 1 HTTP requests in this frame
Frame:
https://match.adsrvr.org/track/upb/?adv=g2lzvow&ref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fa%2Fbatloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html&upid=803df29&upv=1.1.0&paapi=1
Frame ID: 963D6F479483CC7423CB97189C4060F2
Requests: 1 HTTP requests in this frame
Screenshot

Page Title
Batloader Malware Abuses Legitimate Tools Uses Obfuscated JavaScript Files in Q4 2022 Attacks | Trend Micro (US)Page URL History Show full URLs
-
http://www.trendmicro.com/en_us/research/23/a/batloader-malware-abuses-legitimate-tools-uses-obfuscate...
HTTP 307
https://www.trendmicro.com/en_us/research/23/a/batloader-malware-abuses-legitimate-tools-uses-obfuscate... Page URL
Detected technologies
Detected patterns
- /etc\.clientlibs/

Detected patterns
- addtoany\.com/menu/page\.js
Detected patterns
- adnxs\.(?:net|com)
Detected patterns
- //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Detected patterns
- google-analytics\.com/(?:ga|urchin|analytics)\.js

Detected patterns
- <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Detected patterns
- googletagmanager\.com/gtm\.js
- googletagmanager\.com/gtag/js

Detected patterns
- munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Detected patterns
- cdn\.cookielaw\.org
- otSDKStub\.js

Detected patterns
- \.quantserve\.com/quant\.js

Detected patterns
- load\.sumome\.com
Detected patterns
- jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?
Page Statistics
28 Outgoing links
These are links going to different origins than the main page.
Title: Automotive
Search URL Search Domain Scan URL
Title: Zero Day Initiatives (ZDI)
Search URL Search Domain Scan URL
Title: Partner Portal Login
Search URL Search Domain Scan URL
Title: Become a Partner
Search URL Search Domain Scan URL
Title: Find Partners
Search URL Search Domain Scan URL
Title: Connect With Us
Search URL Search Domain Scan URL
Title: Under Attack?
Search URL Search Domain Scan URL
Title: Business Support Portal
Search URL Search Domain Scan URL
Title: Contact Support
Search URL Search Domain Scan URL
Title: Cyber Risk Assessments
Search URL Search Domain Scan URL
Title: Vision One
Search URL Search Domain Scan URL
Title: Cloud One
Search URL Search Domain Scan URL
Title: Product Activation and Management
Search URL Search Domain Scan URL
Title: Referral Affiliate
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: search engine optimization (SEO) poisoning techniques
Search URL Search Domain Scan URL
Title: Rig and Fallout
Search URL Search Domain Scan URL
Title: porn websites
Search URL Search Domain Scan URL
Title: Keitaro Traffic Direction System (TDS)
Search URL Search Domain Scan URL
Title: PyArmor
Search URL Search Domain Scan URL
Title: PyArmor Unpacker
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Search URL Search Domain Scan URL
Title: Česká Republika
Search URL Search Domain Scan URL
Title: AddToAny
Search URL Search Domain Scan URL
Page URL History
This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.
-
http://www.trendmicro.com/en_us/research/23/a/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html
HTTP 307
https://www.trendmicro.com/en_us/research/23/a/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html Page URL
Redirected requests
There were HTTP redirect chains for the following requests:
Request Chain 72- https://cm.everesttech.net/cm/dd?d_uuid=52486951462180816312419557478410751298 HTTP 302
- https://dpm.demdex.net/ibs:dpid=411&dpuuid=Z4jHzAAAAEo2DAN2
- https://resources.trendmicro.com/rs/945-CXD-062/images/revenuepulse-lib-v3.js HTTP 302
- https://trendmicro.com/ HTTP 301
- https://www.trendmicro.com/ HTTP 301
- https://www.trendmicro.com/en_us/business.html
- https://load.sumome.com/ HTTP 301
- https://load.sumome.com/sumome.js
- https://s.ml-attr.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.trendmicro.com%26pId%3d%24UID HTTP 302
- https://secure.adnxs.com/getuid?https%3a%2f%2fattr.ml-api.io%2f%3fdomain%3dwww.trendmicro.com%26pId%3d%24UID HTTP 307
- https://secure.adnxs.com/bounce?%2Fgetuid%3Fhttps%253a%252f%252fattr.ml-api.io%252f%253fdomain%253dwww.trendmicro.com%2526pId%253d%2524UID HTTP 302
- https://attr.ml-api.io/?domain=www.trendmicro.com&pId=5513357092752062663
- https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=8866&time=1737017292999&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fa%2Fbatloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html HTTP 302
- https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=8866&time=1737017292999&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fa%2Fbatloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html&cookiesTest=true HTTP 302
- https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D8866%26time%3D1737017292999%26url%3Dhttps%253A%252F%252Fwww.trendmicro.com%252Fen_us%252Fresearch%252F23%252Fa%252Fbatloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
- https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=8866&time=1737017292999&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fa%2Fbatloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html&cookiesTest=true&liSync=true HTTP 302
- https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=8866&time=1737017292999&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fa%2Fbatloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html&cookiesTest=true&liSync=true&e_ipv6=AQIs8sYlaBzN4AAAAZRuTHsExd2fFzIEZYqCRUc6Kf7izc8g1y4mPhbbVgXjwpoyXAtWIA
- https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1015287688/?random=416525533&cv=9&fst=1737017292826&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=-600&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fa%2Fbatloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html&tiba=Batloader%20Malware%20Abuses%20Legitimate%20Tools%20Uses%20Obfuscated%20JavaScript%20Files%20in%20Q4%202022%20Attacks%20%7C%20Trend%20Micro%20(US)&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgjrxrECCKPFsQIIkcmxAgjTxbECCOzMsQJKJ2V2ZW50LXNvdXJjZTtuYXZpZ2F0aW9uLXNvdXJjZSwgdHJpZ2dlcloDCgEBYgQKAgID&pscrd=IhMI9-zW1e35igMVaQ1oCB3lOisOMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhtodHRwczovL3d3dy50cmVuZG1pY3JvLmNvbS8 HTTP 302
- https://www.google.com/pagead/1p-conversion/1015287688/?random=416525533&cv=9&fst=1737017292826&num=1&value=0&label=0w45CIDC7AYQiJ-Q5AM&bg=ffffff&hl=en&guid=ON&resp=GooglemKTybQhCsO&eid=466465926&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=-600&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fa%2Fbatloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html&tiba=Batloader%20Malware%20Abuses%20Legitimate%20Tools%20Uses%20Obfuscated%20JavaScript%20Files%20in%20Q4%202022%20Attacks%20%7C%20Trend%20Micro%20(US)&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgixw7ECCIrFsQIIwsmxAgjrxrECCKPFsQIIkcmxAgjTxbECCOzMsQJKJ2V2ZW50LXNvdXJjZTtuYXZpZ2F0aW9uLXNvdXJjZSwgdHJpZ2dlcloDCgEBYgQKAgID&pscrd=IhMI9-zW1e35igMVaQ1oCB3lOisOMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhtodHRwczovL3d3dy50cmVuZG1pY3JvLmNvbS8&is_vtc=1&cid=CAQSGwCa7L7dfrh-Xlwdi3HdjkyZ-LtAEVx6ulL44g&random=3908358278&resp=GooglemKTybQhCsO
- https://5427711.fls.doubleclick.net/activityi;src=5427711;type=remar0;cat=allsi0;ord=1;num=8981824894662;npa=0;auiddc=1221565945.1737017293;u1=%2Fen_us%2Fresearch%2F23%2Fa%2Fbatloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html;ps=1;pcor=208799845;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe51d0v9188098692z872003116za201zb72003116;gcd=13l3l3l3l1l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102123608~102198178;epver=2;~oref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fa%2Fbatloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html HTTP 302
- https://5427711.fls.doubleclick.net/activityi;dc_pre=CKPx7tXt-YoDFfcJiAkdisMkCQ;src=5427711;type=remar0;cat=allsi0;ord=1;num=8981824894662;npa=0;auiddc=1221565945.1737017293;u1=%2Fen_us%2Fresearch%2F23%2Fa%2Fbatloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html;ps=1;pcor=208799845;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe51d0v9188098692z872003116za201zb72003116;gcd=13l3l3l3l1l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102123608~102198178;epver=2;~oref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fa%2Fbatloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html
- https://9572106.fls.doubleclick.net/activityi;src=9572106;type=trend002;cat=globa0;ord=7424441011449;npa=0;auiddc=1221565945.1737017293;u1=%2Fen_us%2Fresearch%2F23%2Fa%2Fbatloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html;ps=1;pcor=1278588223;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe51d0v9190653197z872003116za201zb72003116;gcd=13l3l3l3l1l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102123607~102198178;epver=2;~oref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fa%2Fbatloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html HTTP 302
- https://9572106.fls.doubleclick.net/activityi;dc_pre=CLLw8tXt-YoDFfUkiAkdVQksNg;src=9572106;type=trend002;cat=globa0;ord=7424441011449;npa=0;auiddc=1221565945.1737017293;u1=%2Fen_us%2Fresearch%2F23%2Fa%2Fbatloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html;ps=1;pcor=1278588223;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe51d0v9190653197z872003116za201zb72003116;gcd=13l3l3l3l1l1;dma=0;tag_exp=101925629~102067555~102067808~102081485~102123607~102198178;epver=2;~oref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fa%2Fbatloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html
- https://insight.adsrvr.org/track/up?adv=g2lzvow&ref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fa%2Fbatloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html&upid=803df29&upv=1.1.0&paapi=1 HTTP 302
- https://match.adsrvr.org/track/upb/?adv=g2lzvow&ref=https%3A%2F%2Fwww.trendmicro.com%2Fen_us%2Fresearch%2F23%2Fa%2Fbatloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html&upid=803df29&upv=1.1.0&paapi=1
218 HTTP transactions
Method Protocol |
Resource Path |
Size x-fer |
Type MIME-Type |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
GET H2 |
Primary Request
batloader-malware-abuses-legitimate-tools-uses-obfuscated-javasc.html
www.trendmicro.com/en_us/research/23/a/ Redirect Chain
|
164 KB 27 KB |
Document
text/html |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
Redirect headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
OtAutoBlock.js
cdn.cookielaw.org/consent/821060e3-3f9c-4a2f-8613-8e0db4841f79/ |
339 KB 49 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ |
22 KB 8 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jquery.min.js
www.trendmicro.com/etc.clientlibs/clientlibs/granite/ |
111 KB 33 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utils.min.js
www.trendmicro.com/etc.clientlibs/clientlibs/granite/ |
10 KB 3 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
css
fonts.googleapis.com/ |
28 KB 2 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
cludo-search.min.css
customer.cludo.com/css/296/1798/ |
16 KB 3 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clientlib-trendresearch.min.css
www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/ |
445 KB 41 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
header-footer.min.css
www.trendmicro.com/etc.clientlibs/trendmicro/clientlibs/trendmicro-core-2/clientlibs/ |
80 KB 7 KB |
Stylesheet
text/css |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
utag.sync.js
tags.tiqcdn.com/utag/trendmicro/nabucms/prod/ |
2 KB 1 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
tm-logo-red-white-t.svg
www.trendmicro.com/content/dam/trendmicro/global/en/core/images/logos/ |
5 KB 3 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
trend-vision-one-laptop-console-nav.svg
www.trendmicro.com/content/dam/trendmicro/global/en/core/images/console-images/navigation/ |
529 KB 381 KB |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
asrm-console-shot
trendmicro.scene7.com/is/image/trendmicro/ |
14 KB 14 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
xdr-product-console-shot
trendmicro.scene7.com/is/image/trendmicro/ |
18 KB 18 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cloud-one-workload-security-console-shot
trendmicro.scene7.com/is/image/trendmicro/ |
20 KB 21 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cloud-one-container-console-shot
trendmicro.scene7.com/is/image/trendmicro/ |
22 KB 23 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
cloud-one-file-storage-console-shot
trendmicro.scene7.com/is/image/trendmicro/ |
10 KB 10 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sps-mobile-security-enterprise-console-shot
trendmicro.scene7.com/is/image/trendmicro/ |
20 KB 20 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
zero-trust-access-console-shot
trendmicro.scene7.com/is/image/trendmicro/ |
24 KB 24 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
email-security-console-shot
trendmicro.scene7.com/is/image/trendmicro/ |
24 KB 25 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
all-products-console-shot
trendmicro.scene7.com/is/image/trendmicro/ |
64 KB 64 KB |
Image
image/webp |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H3 |
search-script.js
customer.cludo.com/scripts/bundles/ |
434 KB 77 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
share-more.svg
www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/img/ |
648 B 733 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
printer.svg
www.trendmicro.com/etc.clientlibs/trendresearch/clientlibs/clientlib-trendresearch/resources/img/ |
409 B 650 B |
Image
image/svg+xml |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure1-batloader-q4-abuse-legitimate-tools-javascript-files.jpg
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javascript-files-in-q4-2022-attacks/ |
231 KB 231 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure2-batloader-q4-abuse-legitimate-tools-javascript-files.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javascript-files-in-q4-2022-attacks/ |
70 KB 70 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure3-batloader-q4-abuse-legitimate-tools-javascript-files.jpg
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javascript-files-in-q4-2022-attacks/ |
439 KB 440 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure4-batloader-q4-abuse-legitimate-tools-javascript-files.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javascript-files-in-q4-2022-attacks/ |
91 KB 91 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure5-batloader-q4-abuse-legitimate-tools-javascript-files.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javascript-files-in-q4-2022-attacks/ |
71 KB 71 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure6-batloader-q4-abuse-legitimate-tools-javascript-files.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javascript-files-in-q4-2022-attacks/ |
51 KB 51 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure7-batloader-q4-abuse-legitimate-tools-javascript-files.jpg
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javascript-files-in-q4-2022-attacks/ |
202 KB 202 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure8-batloader-q4-abuse-legitimate-tools-javascript-files.jpg
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javascript-files-in-q4-2022-attacks/ |
115 KB 115 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure9-batloader-q4-abuse-legitimate-tools-javascript-files.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javascript-files-in-q4-2022-attacks/ |
108 KB 108 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure10-batloader-q4-abuse-legitimate-tools-javascript-files.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javascript-files-in-q4-2022-attacks/ |
557 KB 558 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure11rev-batloader-q4-abuse-legitimate-tools-javascript-files.jpg.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javascript-files-in-q4-2022-attacks/ |
190 KB 190 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure11-batloader-q4-abuse-legitimate-tools-javascript-files.jpg
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javascript-files-in-q4-2022-attacks/ |
107 KB 107 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure12-batloader-q4-abuse-legitimate-tools-javascript-files.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javascript-files-in-q4-2022-attacks/ |
60 KB 61 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure13-batloader-q4-abuse-legitimate-tools-javascript-files.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javascript-files-in-q4-2022-attacks/ |
89 KB 90 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure14-batloader-q4-abuse-legitimate-tools-javascript-files.jpg
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javascript-files-in-q4-2022-attacks/ |
249 KB 250 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure15-batloader-q4-abuse-legitimate-tools-javascript-files.jpg
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javascript-files-in-q4-2022-attacks/ |
110 KB 110 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure16-batloader-q4-abuse-legitimate-tools-javascript-files.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javascript-files-in-q4-2022-attacks/ |
97 KB 98 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure17-batloader-q4-abuse-legitimate-tools-javascript-files.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javascript-files-in-q4-2022-attacks/ |
80 KB 80 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure18-batloader-q4-abuse-legitimate-tools-javascript-files.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javascript-files-in-q4-2022-attacks/ |
1 MB 1 MB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure19-batloader-q4-abuse-legitimate-tools-javascript-files.png
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javascript-files-in-q4-2022-attacks/ |
499 KB 500 KB |
Image
image/png |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure20-batloader-q4-abuse-legitimate-tools-javascript-files.jpg
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javascript-files-in-q4-2022-attacks/ |
440 KB 440 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
figure21-batloader-q4-abuse-legitimate-tools-javascript-files.jpg
www.trendmicro.com/content/dam/trendmicro/global/en/research/23/batloader-malware-abuses-legitimate-tools-uses-obfuscated-javascript-files-in-q4-2022-attacks/ |
276 KB 277 KB |
Image
image/jpeg |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
granite.min.js
www.trendmicro.com/etc.clientlibs/clientlibs/granite/jquery/ |
4 KB 2 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
clientLibs.min.js
www.trendmicro.com/etc.clientlibs/trendmicro/editableTemplateComponents/content/footer/v1/footer/ |
840 B 592 B |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
sly.min.js
www.trendmicro.com/content/dam/trendmicro/global/core-library/ |
18 KB 7 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
jwplayer.js
www.trendmicro.com/content/dam/trendmicro/global/core-library/ |
81 KB 23 KB |
Script
application/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
Request headers
Response headers
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
GET H2 |
iframe_api
www.youtube.com/ |
993 B 2 KB |
Script
text/javascript |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
General
|