Submitted URL: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample.html
Effective URL: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
Submission: On August 10 via api from SI

Summary

This website contacted 36 IPs in 7 countries across 33 domains to perform 71 HTTP transactions. The main IP is 13.56.33.144, located in San Jose, United States and belongs to AMAZON-02, US. The main domain is www.fortinet.com.
TLS certificate: Issued by DigiCert SHA2 High Assurance Server CA on January 22nd 2019. Valid for: 2 years.
This is the only time www.fortinet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 11 13.56.33.144 16509 (AMAZON-02)
9 2a02:26f0:f1:... 20940 (AKAMAI-ASN1)
1 4 52.50.67.81 16509 (AMAZON-02)
5 23.210.248.44 16625 (AKAMAI-AS)
1 23.210.250.213 16625 (AKAMAI-AS)
1 63.32.152.233 16509 (AMAZON-02)
2 15.236.9.100 16509 (AMAZON-02)
1 1 66.117.28.86 15224 (OMNITURE)
1 147.75.100.205 54825 (PACKET)
1 23.111.11.182 33438 (HIGHWINDS2)
1 147.75.84.31 54825 (PACKET)
2 13.226.155.50 16509 (AMAZON-02)
1 147.75.33.131 54825 (PACKET)
1 54.171.1.253 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2a00:1450:400... 15169 (GOOGLE)
1 23.111.11.71 33438 (HIGHWINDS2)
2 2a00:1450:400... 15169 (GOOGLE)
1 96.45.36.159 40934 (FORTINET)
2 2a03:2880:f01... 32934 (FACEBOOK)
1 151.101.112.157 54113 (FASTLY)
1 2a02:26f0:10c... 20940 (AKAMAI-ASN1)
1 6 34.253.133.202 16509 (AMAZON-02)
1 5 23.210.248.216 16625 (AKAMAI-AS)
1 2 2a05:f500:11:... 14413 (LINKEDIN)
1 1 2620:1ec:21::14 8068 (MICROSOFT...)
1 104.244.42.131 13414 (TWITTER)
1 104.244.42.69 13414 (TWITTER)
1 216.58.206.2 15169 (GOOGLE)
1 1 54.154.104.244 16509 (AMAZON-02)
1 34.254.9.125 16509 (AMAZON-02)
2 2a03:2880:f11... 32934 (FACEBOOK)
2 2 35.244.245.222 15169 (GOOGLE)
2 2 13.248.134.222 16509 (AMAZON-02)
2 2 52.49.190.28 16509 (AMAZON-02)
1 2 3.120.214.218 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 3.211.213.230 14618 (AMAZON-AES)
71 36
Apex Domain
Subdomains
Transfer
14 fortinet.com
www.fortinet.com
metrics.fortinet.com
site.fortinet.com
511 KB
9 adobedtm.com
assets.adobedtm.com
77 KB
6 adroll.com
s.adroll.com
d.adroll.com
68 KB
6 ml314.com
ml314.com
15 KB
5 demdex.net
dpm.demdex.net
fortinet.demdex.net
4 KB
4 hotjar.com
static.hotjar.com
script.hotjar.com
vars.hotjar.com
in.hotjar.com
72 KB
4 addthis.com
s7.addthis.com
m.addthis.com
191 KB
3 linkedin.com
px.ads.linkedin.com
www.linkedin.com
3 KB
3 omappapi.com
api.omappapi.com
a.omappapi.com
81 KB
2 eyeota.net
ps.eyeota.net
1 KB
2 crwdcntrl.net
sync.crwdcntrl.net
1001 B
2 adsrvr.org
match.adsrvr.org
926 B
2 rlcdn.com
idsync.rlcdn.com
801 B
2 facebook.com
www.facebook.com
634 B
2 facebook.net
connect.facebook.net
166 KB
2 googletagmanager.com
www.googletagmanager.com
69 KB
1 nextroll.com
nextroll.com
2 KB
1 google.de
www.google.de
539 B
1 google.com
www.google.com
539 B
1 doubleclick.net
googleads.g.doubleclick.net
2 KB
1 consensu.org
d.adroll.mgr.consensu.org
136 B
1 googleadservices.com
www.googleadservices.com
12 KB
1 t.co
t.co
449 B
1 twitter.com
analytics.twitter.com
651 B
1 licdn.com
snap.licdn.com
2 KB
1 ads-twitter.com
static.ads-twitter.com
2 KB
1 google-analytics.com
www.google-analytics.com
18 KB
1 cloudflare.com
cdnjs.cloudflare.com
16 KB
1 googleapis.com
ajax.googleapis.com
7 KB
1 addthisedge.com
v1.addthisedge.com
756 B
1 opmnstr.com
a.opmnstr.com
60 KB
1 everesttech.net
cm.everesttech.net
554 B
1 moatads.com
z.moatads.com
1 KB
71 33
Domain Requested by
11 www.fortinet.com 1 redirects www.fortinet.com
s7.addthis.com
9 assets.adobedtm.com www.fortinet.com
assets.adobedtm.com
6 ml314.com 1 redirects www.fortinet.com
ml314.com
5 s.adroll.com 1 redirects www.fortinet.com
s.adroll.com
4 dpm.demdex.net 1 redirects www.fortinet.com
3 s7.addthis.com assets.adobedtm.com
s7.addthis.com
2 ps.eyeota.net 1 redirects
2 sync.crwdcntrl.net 2 redirects
2 match.adsrvr.org 2 redirects
2 idsync.rlcdn.com 2 redirects
2 www.facebook.com
2 px.ads.linkedin.com 1 redirects
2 connect.facebook.net www.fortinet.com
connect.facebook.net
2 www.googletagmanager.com assets.adobedtm.com
www.googletagmanager.com
2 api.omappapi.com a.opmnstr.com
2 metrics.fortinet.com assets.adobedtm.com
www.fortinet.com
1 nextroll.com
1 www.google.de
1 www.google.com
1 googleads.g.doubleclick.net www.googleadservices.com
1 d.adroll.com
1 d.adroll.mgr.consensu.org 1 redirects
1 www.googleadservices.com www.googletagmanager.com
1 t.co
1 analytics.twitter.com static.ads-twitter.com
1 www.linkedin.com 1 redirects
1 snap.licdn.com www.fortinet.com
1 static.ads-twitter.com www.fortinet.com
1 site.fortinet.com www.fortinet.com
1 a.omappapi.com www.fortinet.com
1 www.google-analytics.com a.opmnstr.com
1 cdnjs.cloudflare.com a.opmnstr.com
1 ajax.googleapis.com a.opmnstr.com
1 in.hotjar.com script.hotjar.com
1 vars.hotjar.com static.hotjar.com
1 script.hotjar.com static.hotjar.com
1 m.addthis.com s7.addthis.com
1 v1.addthisedge.com s7.addthis.com
1 a.opmnstr.com assets.adobedtm.com
1 static.hotjar.com www.fortinet.com
1 cm.everesttech.net 1 redirects
1 fortinet.demdex.net assets.adobedtm.com
1 z.moatads.com s7.addthis.com
71 43
Subject Issuer Validity Valid
*.fortinet.com
DigiCert SHA2 High Assurance Server CA
2019-01-22 -
2021-03-31
2 years crt.sh
assets.adobedtm.com
DigiCert SHA2 High Assurance Server CA
2019-10-22 -
2021-10-01
2 years crt.sh
*.demdex.net
DigiCert SHA2 High Assurance Server CA
2018-01-09 -
2021-02-12
3 years crt.sh
odc-prod-01.oracle.com
DigiCert Secure Site ECC CA-1
2020-07-22 -
2021-10-13
a year crt.sh
moatads.com
DigiCert SHA2 Secure Server CA
2020-01-17 -
2021-03-17
a year crt.sh
metrics.fortinet.com
DigiCert SHA2 High Assurance Server CA
2019-01-29 -
2021-02-02
2 years crt.sh
static.hotjar.com
Let's Encrypt Authority X3
2020-06-17 -
2020-09-15
3 months crt.sh
*.opmnstr.com
Go Daddy Secure Certificate Authority - G2
2019-04-11 -
2021-04-11
2 years crt.sh
script.hotjar.com
Let's Encrypt Authority X3
2020-06-18 -
2020-09-16
3 months crt.sh
api.opmnstr.com
Amazon
2020-04-09 -
2021-05-09
a year crt.sh
vars.hotjar.com
Let's Encrypt Authority X3
2020-06-16 -
2020-09-14
3 months crt.sh
*.hotjar.com
Amazon
2019-09-27 -
2020-10-27
a year crt.sh
upload.video.google.com
GTS CA 1O1
2020-07-15 -
2020-10-07
3 months crt.sh
cloudflare.com
Cloudflare Inc ECC CA-3
2020-07-04 -
2021-07-04
a year crt.sh
*.google-analytics.com
GTS CA 1O1
2020-07-15 -
2020-10-07
3 months crt.sh
*.omappapi.com
Go Daddy Secure Certificate Authority - G2
2020-03-16 -
2022-03-16
2 years crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2020-07-21 -
2020-10-12
3 months crt.sh
ads-twitter.com
DigiCert SHA2 High Assurance Server CA
2019-08-14 -
2020-08-18
a year crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA
2019-04-01 -
2021-05-07
2 years crt.sh
*.ml314.com
Amazon
2020-02-17 -
2021-03-17
a year crt.sh
*.adroll.com
DigiCert SHA2 Secure Server CA
2020-01-29 -
2021-04-29
a year crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA
2020-08-05 -
2021-02-05
6 months crt.sh
*.twitter.com
DigiCert SHA2 High Assurance Server CA
2020-03-05 -
2021-03-02
a year crt.sh
t.co
DigiCert SHA2 High Assurance Server CA
2020-03-05 -
2021-03-02
a year crt.sh
www.googleadservices.com
GTS CA 1O1
2020-07-15 -
2020-10-07
3 months crt.sh
adroll.mgr.consensu.org
Amazon
2019-11-06 -
2020-12-06
a year crt.sh
*.eyeota.net
Let's Encrypt Authority X3
2020-06-09 -
2020-09-07
3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1
2020-07-15 -
2020-10-07
3 months crt.sh
www.google.com
GTS CA 1O1
2020-07-15 -
2020-10-07
3 months crt.sh
www.google.de
GTS CA 1O1
2020-07-15 -
2020-10-07
3 months crt.sh
nextroll.com
Let's Encrypt Authority X3
2020-07-04 -
2020-10-02
3 months crt.sh

This page contains 5 frames:

Primary Page: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
Frame ID: 5BCE6CB863D398C97C32A4C671255DE2
Requests: 71 HTTP requests in this frame

Frame: https://fortinet.demdex.net/dest5.html?d_nsid=0
Frame ID: 9550818DF92B79CB5A0B92C520FF6293
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 1AD146E052987EB444A08F7CBB0E5BA5
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: AC5ED282344E3D064BBA85AC86129393
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Frame ID: 3D3C132441D30C814EE62C6443BDB102
Requests: 1 HTTP requests in this frame

Screenshot


Page URL History Show full URLs

  1. https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample.html HTTP 301
    https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

71
Requests

99 %
HTTPS

32 %
IPv6

33
Domains

43
Subdomains

36
IPs

7
Countries

1375 kB
Transfer

4045 kB
Size

18
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample.html HTTP 301
    https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4
  • https://dpm.demdex.net/id?d_visid_ver=5.0.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1597061100258 HTTP 302
  • https://dpm.demdex.net/id/rd?d_visid_ver=5.0.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1597061100258
Request Chain 16
  • https://cm.everesttech.net/cm/dd?d_uuid=07724322315825516461797892677694968864 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=XzE37AAABeEiRhTJ
Request Chain 52
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample&time=1597061101517 HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7120%26url%3Dhttps%253A%252F%252Fwww.fortinet.com%252Fblog%252Fthreat-research%252Fmalware-analysis-revenge-rat-sample%26time%3D1597061101517%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample&time=1597061101517&liSync=true
Request Chain 57
  • https://s.adroll.com/j/exp/7OBVBCAQE5FHDPFEAD5T4D/index.js HTTP 302
  • https://s.adroll.com/j/exp/index.js
Request Chain 59
  • https://d.adroll.mgr.consensu.org/consent/iabcheck/7OBVBCAQE5FHDPFEAD5T4D?_s=d298bc2142bcd6eef70b5ff516a3949e&_b=2 HTTP 302
  • https://d.adroll.com/consent/check/7OBVBCAQE5FHDPFEAD5T4D/?_s=d298bc2142bcd6eef70b5ff516a3949e&_b=2
Request Chain 63
  • https://idsync.rlcdn.com/395886.gif?partner_uid=3612307665423171650 HTTP 307
  • https://idsync.rlcdn.com/1000.gif?memo=CO6UGBIeChoIARCuXxoTMzYxMjMwNzY2NTQyMzE3MTY1MBAAGg0I7e_E-QUSBQjoBxAAQgBKAA HTTP 307
  • https://ml314.com/csync.ashx?fp=8910838fb742e5b163976f1a53008c88f0e43a5ed29a93a88a5b998e561c18ebf4cb09cee1a4f8eb&person_id=3612307665423171650&eid=50082
Request Chain 64
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=d0tro1j&ttd_tpi=1 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=d0tro1j&ttd_tpi=1 HTTP 302
  • https://ml314.com/utsync.ashx?eid=53819&et=0&fp=0a88d483-b71c-4f3d-9a8f-ec124e460f80 HTTP 302
  • https://ml314.com/csync.ashx?fp=0a88d483-b71c-4f3d-9a8f-ec124e460f80&person_id=3612307665423171650&eid=53819
Request Chain 65
  • https://sync.crwdcntrl.net/map/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3612307665423171650 HTTP 302
  • https://sync.crwdcntrl.net/map/ct=y/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3612307665423171650 HTTP 302
  • https://ml314.com/csync.ashx?fp=aee1e11e4decbbbe83928393aac863d8&eid=50146&person_id=3612307665423171650
Request Chain 66
  • https://ps.eyeota.net/pixel?pid=r8hrb20&t=gif HTTP 302
  • https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif

71 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request malware-analysis-revenge-rat-sample
www.fortinet.com/blog/threat-research/
Redirect Chain
  • https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample.html
  • https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
71 KB
19 KB
Document
General
Full URL
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
13.56.33.144 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
68b01e8be50d58d56dc4794ded8ca457bde3882c8d77abc5c17ef56e200d3305
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Host
www.fortinet.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
cookiesession1=11DBD2EDMVKSNL94DFUK89RGA5XB4D8D
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=600, public
Content-Encoding
gzip
Content-Type
text/html;charset=utf-8
Date
Mon, 10 Aug 2020 12:05:00 GMT
ETag
"11b33-5ac53fc608400-gzip"
Last-Modified
Sat, 08 Aug 2020 01:53:20 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding,User-Agent
X-Content-Type-Options
nosniff
X-Dispatcher
dispatcher2uswest1
X-Frame-Options
SAMEORIGIN
X-Vhost
publish
Content-Length
19331
Connection
keep-alive

Redirect headers

Content-Type
text/html; charset=iso-8859-1
Date
Mon, 10 Aug 2020 12:04:59 GMT
Location
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Dispatcher
dispatcher1uswest1
X-Vhost
publish
Content-Length
289
Connection
keep-alive
Set-Cookie
cookiesession1=11DBD2EDMVKSNL94DFUK89RGA5XB4D8D;Path=/;HttpOnly
clientlib-base.min.css
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/
214 KB
26 KB
Stylesheet
General
Full URL
https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.css
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
13.56.33.144 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
3d42c331e33d0821e56249645fb1b30831537a5227e58c67b0ffe85ceba025e7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Dispatcher
dispatcher1uswest1
Date
Mon, 10 Aug 2020 12:05:00 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Vhost
publish
Connection
keep-alive
Vary
Accept-Encoding,User-Agent
Content-Length
26239
Last-Modified
Wed, 29 Apr 2020 23:27:11 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
ETag
"357c2-5a4764992b1c0-gzip"
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
text/css;charset=utf-8
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
assets.adobedtm.com/
238 KB
58 KB
Script
General
Full URL
https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:f1:285::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
6ff1daac173d3df915242165da52fde2ef9c5d818f9e9b8cf3fe3bd39011eeab

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 10 Aug 2020 12:05:00 GMT
content-encoding
gzip
last-modified
Wed, 05 Aug 2020 20:45:52 GMT
server
AkamaiNetStorage
status
200
etag
"c587b9761db974d05db9651f2e646101:1596660352.72951"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
59268
expires
Mon, 10 Aug 2020 13:05:00 GMT
fortinet-logo-white.svg
www.fortinet.com/content/dam/fortinet-blog/
32 KB
3 KB
Image
General
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/fortinet-logo-white.svg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
13.56.33.144 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Dispatcher
dispatcher1uswest1
Date
Mon, 10 Aug 2020 12:05:00 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Vhost
publish
Content-Disposition
attachment; filename="fortinet-logo-white.svg"
Connection
keep-alive
Vary
Accept-Encoding,User-Agent
Content-Length
1998
Last-Modified
Thu, 22 Feb 2018 23:16:01 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
ETag
"7ebb-565d53a1d6e40-gzip"
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/svg+xml
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
truncated
/
71 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
rd
dpm.demdex.net/id/
Redirect Chain
  • https://dpm.demdex.net/id?d_visid_ver=5.0.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1597061100258
  • https://dpm.demdex.net/id/rd?d_visid_ver=5.0.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1597061100258
367 B
1 KB
XHR
General
Full URL
https://dpm.demdex.net/id/rd?d_visid_ver=5.0.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1597061100258
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.50.67.81 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-50-67-81.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
3bafe3dc1d315eeacd00431312f15c26d8ce6725ecf2dce6b3892c6432039900
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

DCS
dcs-prod-irl1-v078-06615a8e8.edge-irl1.demdex.com 5.76.0.20200805085924 2ms (+1ms)
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-TID
JcEwC8orTi0=
Vary
Origin, Accept-Encoding, User-Agent
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://www.fortinet.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
304
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Access-Control-Allow-Origin
https://www.fortinet.com
X-TID
BF9rH46qRRw=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://dpm.demdex.net/id/rd?d_visid_ver=5.0.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1597061100258
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
AppMeasurement.min.js
assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/
33 KB
12 KB
Script
General
Full URL
https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:f1:285::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
9cc56307a599f98aca4e3fedeba9b46a424244e8257a64f0e9700f7d90cf2834

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 10 Aug 2020 12:05:00 GMT
content-encoding
gzip
last-modified
Tue, 02 Jun 2020 21:30:12 GMT
server
AkamaiNetStorage
status
200
etag
"41f1b46329a6056c0f2c993498eda989:1591133412.019903"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
no-cache
accept-ranges
bytes
timing-allow-origin
*
content-length
12161
expires
Mon, 10 Aug 2020 13:05:00 GMT
AppMeasurement_Module_ActivityMap.min.js
assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/
3 KB
2 KB
Script
General
Full URL
https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement_Module_ActivityMap.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:f1:285::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
c92295bd1bd22a2460a97272741c3ef8753884a1a370ad862753cc16e6d94e85

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 10 Aug 2020 12:05:00 GMT
content-encoding
gzip
last-modified
Tue, 02 Jun 2020 21:30:12 GMT
server
AkamaiNetStorage
status
200
etag
"e9aa55ef8b40a205f86b54789b37de5c:1591133412.323749"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
no-cache
accept-ranges
bytes
timing-allow-origin
*
content-length
1607
expires
Mon, 10 Aug 2020 13:05:00 GMT
addthis_widget.js
s7.addthis.com/js/300/
353 KB
114 KB
Script
General
Full URL
https://s7.addthis.com/js/300/addthis_widget.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
eb12a261a24e54883613710a4c12f4d9205f634ca1a29d1df07f90105a93e746
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
etag
W/"5ed917ff-5834c"
x-check-cacheable
YES
x-akamai-pragma-client-ip
23.220.148.109, 4.79.170.54
x-distribution
99
status
200
x-host
s7.addthis.com
content-length
116324
last-modified
Thu, 04 Jun 2020 15:49:19 GMT
server
nginx/1.15.8
date
Mon, 10 Aug 2020 12:05:00 GMT
x-serial
3615
vary
Accept-Encoding
content-type
application/javascript
cache-control
public, max-age=600
clientlib-base.min.js
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/
166 KB
76 KB
Script
General
Full URL
https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
13.56.33.144 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
6ec95cf3501a05606c0117144486ccb9aa6824e65d1ff056fa49ba44ac5b0cb9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Mon, 10 Aug 2020 12:05:00 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Vhost
publish
Connection
keep-alive
Vary
Accept-Encoding,User-Agent
content-length
77109
Last-Modified
Tue, 30 Jun 2020 16:56:40 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
ETag
"29999-5a9500f234200-gzip"
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
application/javascript;charset=utf-8
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
revengerat-one.png
www.fortinet.com/content/dam/fortinet-blog/article-images/revenge-rat/
54 KB
55 KB
Image
General
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-images/revenge-rat/revengerat-one.png
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
13.56.33.144 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
c7c2a637412317b9e13fd52b5ecff08eb1b5da60b3d66a2a5b8eff7eec182a84
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Mon, 10 Aug 2020 12:05:00 GMT
X-Content-Type-Options
nosniff
Last-Modified
Tue, 12 Nov 2019 23:44:45 GMT
Server
Apache
ETag
"d92b-5972ed5371540"
X-Vhost
publish
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
image/png
Cache-Control
max-age=684000, public
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
55595
microsoft-vuln-three.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/bluekeep-vulnerability/
20 KB
21 KB
Image
General
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-images/bluekeep-vulnerability/microsoft-vuln-three.png.thumb.319.319.png
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
13.56.33.144 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
b2a69f81002746fb20a34679b10c764c2d5f664de10944230824289d55c38348
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Mon, 10 Aug 2020 12:05:00 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 10 Jun 2019 22:25:37 GMT
Server
Apache
ETag
"51ca-58affa8cf3a40"
X-Vhost
publish
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
image/png
Cache-Control
max-age=684000, public
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
20938
tlr-quarter-one.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/threat-landscape-report-q1/
130 KB
130 KB
Image
General
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-images/threat-landscape-report-q1/tlr-quarter-one.png.thumb.319.319.png
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
13.56.33.144 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
5d7fda52442588c5ae334e48512e3bab1c0a34ed25a9c8ec0c8afe15df3f51d0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Mon, 10 Aug 2020 12:05:00 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 17 May 2019 22:40:41 GMT
Server
Apache
ETag
"206f7-5891d12802c40"
X-Vhost
publish
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
image/png
Cache-Control
max-age=684000, public
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
132855
woocommerce-one.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/woo-commerce-blog/
38 KB
38 KB
Image
General
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-images/woo-commerce-blog/woocommerce-one.png.thumb.319.319.png
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
13.56.33.144 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
87b784071fc3dd6fbe9f0ed8362565d37f3d3eadc97acfda6ec9b9f628ff076f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Dispatcher
dispatcher1uswest1
Date
Mon, 10 Aug 2020 12:05:00 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 01 Mar 2019 23:10:40 GMT
Server
Apache
ETag
"9731-5831083f2dc00"
X-Vhost
publish
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
image/png
Cache-Control
max-age=684000, public
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
38705
moatframe.js
z.moatads.com/addthismoatframe568911941483/
2 KB
1 KB
Script
General
Full URL
https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 10 Aug 2020 12:05:00 GMT
content-encoding
gzip
last-modified
Fri, 08 Nov 2019 20:13:52 GMT
server
AmazonS3
x-amz-request-id
D5503D14AA2F06AA
etag
"f14b4e1f799b14f798a195f43cf58376"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=27881
accept-ranges
bytes
content-length
948
x-amz-id-2
JgalEtxvSAtZmM7+naGfrhsdf0JFS0gJW8lypWF8Tp90EkcPp4c3eAnpK+RDOIL1ltWgpx8wc3s=
Cookie set dest5.html
fortinet.demdex.net/ Frame 9550
0
0
Document
General
Full URL
https://fortinet.demdex.net/dest5.html?d_nsid=0
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
63.32.152.233 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-63-32-152-233.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Host
fortinet.demdex.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Sec-Fetch-Dest
iframe
Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
demdex=07724322315825516461797892677694968864
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=21600
Content-Encoding
gzip
Content-Type
text/html
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified
Wed, 05 Aug 2020 12:34:40 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Set-Cookie
demdex=07724322315825516461797892677694968864;Path=/;Domain=.demdex.net;Expires=Sat, 06-Feb-2021 12:05:00 GMT;Max-Age=15552000;Secure;SameSite=None
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding, User-Agent
X-TID
TX6+0P6zRKk=
Content-Length
2785
Connection
keep-alive
id
metrics.fortinet.com/
48 B
483 B
XHR
General
Full URL
https://metrics.fortinet.com/id?d_visid_ver=5.0.0&d_fieldgroup=A&mcorgid=ED8739F75677FE917F000101%40AdobeOrg&mid=07380550018321899101762393744212686248&ts=1597061100468
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.236.9.100 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-236-9-100.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
96a79625665927c8779ddfddf78dd3418da031897f8f92800a9e9fe6cf998921
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

status
200
date
Mon, 10 Aug 2020 12:05:00 GMT
x-content-type-options
nosniff
server
jag
xserver
anedge-7447d85976-pkvf9
vary
Origin
x-c
master-1315.Ia06625.M0-426
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://www.fortinet.com
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
content-type
application/x-javascript;charset=utf-8
content-length
48
x-xss-protection
1; mode=block
ibs:dpid=411&dpuuid=XzE37AAABeEiRhTJ
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=07724322315825516461797892677694968864
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=XzE37AAABeEiRhTJ
42 B
915 B
Image
General
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XzE37AAABeEiRhTJ
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.50.67.81 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-50-67-81.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

DCS
dcs-prod-irl1-v078-0b95a3886.edge-irl1.demdex.com 5.76.0.20200805085924 1ms (+0ms)
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
X-TID
kV8/NhEsTco=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
42
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date
Mon, 10 Aug 2020 12:05:00 GMT
Server
AMO-cookiemap/1.1
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XzE37AAABeEiRhTJ
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=15,max=100
Content-Length
0
s68424247694404
metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.20.0-LAUN/
43 B
621 B
Image
General
Full URL
https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.20.0-LAUN/s68424247694404?AQB=1&ndh=1&pf=1&t=10%2F7%2F2020%2014%3A5%3A0%201%20-120&mid=07380550018321899101762393744212686248&aamlh=6&ce=UTF-8&pageName=en%3Ablog%3Athreat-research%3Amalware-analysis-revenge-rat-sample&g=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample&cc=USD&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&v1=www.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample&c7=Entire%20Site&c8=New&v27=BLOG&v33=en%3Ablog%3Athreat-research%3Amalware-analysis-revenge-rat-sample&v35=Enabled&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=ED8739F75677FE917F000101%40AdobeOrg&AQE=1
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
15.236.9.100 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-15-236-9-100.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 10 Aug 2020 12:05:00 GMT
x-content-type-options
nosniff
x-c
master-1315.Ia06625.M0-426
p3p
CP="This is not a P3P policy"
status
200
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Tue, 11 Aug 2020 12:05:00 GMT
server
jag
xserver
anedge-7447d85976-5rh94
etag
3429662597192187904-4614161308200644232
vary
*
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Sun, 09 Aug 2020 12:05:00 GMT
sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 1AD1
0
0

hotjar-1178304.js
static.hotjar.com/c/
5 KB
2 KB
Script
General
Full URL
https://static.hotjar.com/c/hotjar-1178304.js?sv=6
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
147.75.100.205 Central, Hong Kong, ASN54825 (PACKET, US),
Reverse DNS
pkt-ams-k2-shared-ingress5
Software
/
Resource Hash
5b78ce591c371161c8a2de82384afbc0d8ce3f934bb3f25ee52be321341beaa3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 10 Aug 2020 12:05:00 GMT
content-encoding
br
x-content-type-options
nosniff
section-io-tag
hotjarjs
age
79
status
200
section-io-cache
Hit
vary
Accept-Encoding
content-length
1865
cache-control
max-age=60
etag
W/03eabe4fbea71725033c3c0d85a78764
access-control-max-age
600
section-io-origin-status
200
access-control-allow-origin
*
x-cache-hit
1
section-io-origin-time-seconds
0.019
section-io-id
cfd1f41e0f443149ecb1960ef3e0532b
accept-ranges
bytes
content-type
application/javascript
section-origin-responded
true
api.min.js
a.opmnstr.com/app/js/
199 KB
60 KB
Script
General
Full URL
https://a.opmnstr.com/app/js/api.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.111.11.182 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
288ee3a19514d8dd3d85fc9387e853c3f942ce28307dab68f4b50ecbb812b231

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 10 Aug 2020 12:05:00 GMT
content-encoding
gzip
last-modified
Fri, 07 Aug 2020 15:32:32 GMT
server
NetDNA-cache/2.2
x-amz-request-id
719280F5EE911380
etag
W/"56caac4041dee3bf75fea8016c85abe4"
x-cache
HIT
content-type
application/javascript
status
200
cache-control
max-age=31104000
access-control-allow-origin
*
x-amz-id-2
jzWXru5tC3o1XV4xVJ14HtcZImf91D8MgnlEbMOrMjMDvlv1WmYeIkluWR0GB01KGJwySCT0InU=
expires
Thu, 05 Aug 2021 12:05:00 GMT
RCb652faf409a54c3db318899e2cbcc95c-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/dd6ae0471a9f/
881 B
719 B
Script
General
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/dd6ae0471a9f/RCb652faf409a54c3db318899e2cbcc95c-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:f1:285::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
a9791c207ed611d76a10eb3146c217fdc55a6f13e4000521188b98835687db7b

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 10 Aug 2020 12:05:00 GMT
content-encoding
gzip
last-modified
Wed, 05 Aug 2020 20:45:53 GMT
server
AkamaiNetStorage
status
200
etag
"703f81c90a6443352d11d3232049268f:1596660353.752349"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
452
expires
Mon, 10 Aug 2020 13:05:00 GMT
_ate.track.config_resp
v1.addthisedge.com/live/boost/ra-5d48adfc650f1a9e/
2 KB
756 B
Script
General
Full URL
https://v1.addthisedge.com/live/boost/ra-5d48adfc650f1a9e/_ate.track.config_resp
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
133debcec0026d79ced8d9d9504d6f95804410b4806b4b0b5f973f6ca529f5fb

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 10 Aug 2020 12:05:01 GMT
content-encoding
gzip
etag
1861047380--gzip
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
status
200
cache-control
public, max-age=40, s-maxage=86400
content-disposition
attachment; filename=1.txt
content-length
580
300lo.json
m.addthis.com/live/red_lojson/
89 B
249 B
Script
General
Full URL
https://m.addthis.com/live/red_lojson/300lo.json?si=5f3137ec70cc49dd&bkl=0&bl=1&pdt=1047&sid=5f3137ec70cc49dd&pub=ra-5d48adfc650f1a9e&rev=v8.28.7-wp&ln=en&pc=men&cb=0&ab=-&dp=www.fortinet.com&fp=blog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&mk=threat%20research%2CThreat%20Research%2Cmalware%20analysis%2CCybersecurity%20Architect&colc=1597061100885&jsl=1&uvs=5f3137ec8d0b1522000&skipb=1&callback=addthis.cbs.jsonp__76089119542338520
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
9562668d12a4b72d5dfe7ca589d9f8b5ae986c86c2194fef117d6e7b93004384

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
pragma
no-cache
date
Mon, 10 Aug 2020 12:05:01 GMT
cache-control
max-age=0, no-cache, no-store, no-transform
content-disposition
attachment; filename=1.txt
content-length
89
content-type
application/javascript;charset=utf-8
sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame AC5E
0
0
Document
General
Full URL
https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

:method
GET
:authority
s7.addthis.com
:scheme
https
:path
/static/sh.f48a1a04fe8dbf021b4cda1d.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample

Response headers

status
200
server
nginx/1.15.8
content-type
text/html
last-modified
Mon, 09 Sep 2019 15:34:57 GMT
etag
W/"5d767121-1115f"
timing-allow-origin
*
cache-control
public, max-age=86313600
p3p
CP="NON ADM OUR DEV IND COM STA"
strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
content-length
25412
date
Mon, 10 Aug 2020 12:05:00 GMT
vary
Accept-Encoding
x-host
s7.addthis.com
revengerat-two.png
www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample/_jcr_content/root/responsivegrid/image_1779882811.img.png/1573604391748/
48 KB
49 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample/_jcr_content/root/responsivegrid/image_1779882811.img.png/1573604391748/revengerat-two.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
13.56.33.144 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
d223439f0a00d264eadf96d43a5245e291ff1504db055176eb8a3da4ef532cb4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Dispatcher
dispatcher1uswest1
Date
Mon, 10 Aug 2020 12:05:00 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 13 Nov 2019 00:19:51 GMT
Server
Apache
ETag
"c12b-5972f52be17c0"
X-Vhost
publish
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
image/png
Cache-Control
max-age=684000, public
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
49451
revengerat-three.png
www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample/_jcr_content/root/responsivegrid/image_1095175056.img.png/1573604417171/
91 KB
92 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample/_jcr_content/root/responsivegrid/image_1095175056.img.png/1573604417171/revengerat-three.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
13.56.33.144 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
d6df1bca3f52fafa22d16bb86bc71723212b30401ea887f94635bb855b2e4ca4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Mon, 10 Aug 2020 12:05:00 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 13 Nov 2019 00:20:17 GMT
Server
Apache
ETag
"16dc2-5972f544ad240"
X-Vhost
publish
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
image/png
Cache-Control
max-age=684000, public
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
93634
truncated
/
42 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/gif
modules.bac8137a5997286a68dc.js
script.hotjar.com/
356 KB
70 KB
Script
General
Full URL
https://script.hotjar.com/modules.bac8137a5997286a68dc.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1178304.js?sv=6
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
147.75.84.31 Parsippany, United States, ASN54825 (PACKET, US),
Reverse DNS
Software
/
Resource Hash
afccc754e772ea78141269cc51ab6fd8b52479dbf0b291fd23724ae4922dcc9f

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 10 Aug 2020 12:05:00 GMT
content-encoding
br
age
2962
status
200
section-io-cache
Hit
content-length
70827
last-modified
Mon, 10 Aug 2020 11:15:39 GMT
etag
"2f14bdbb4c9561eaff5ff7e179a993a4"
vary
Accept-Encoding
section-io-origin-status
200
access-control-allow-origin
*
cache-control
max-age=31536000
section-io-origin-time-seconds
0.025
section-io-id
f7daf5a3bf12e75aa113c1b07a16f92b
accept-ranges
bytes
content-type
application/javascript
section-origin-responded
true
39852
api.omappapi.com/v2/embed/
236 KB
20 KB
XHR
General
Full URL
https://api.omappapi.com/v2/embed/39852
Requested by
Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.226.155.50 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-50.dus51.r.cloudfront.net
Software
Pagely Gateway/1.5.1 /
Resource Hash
d63fb2d1ee7f3aa0511d7dfa759fa0701ba25046fe7410e02fe977d326b30e01

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 10 Aug 2020 12:05:01 GMT
content-encoding
gzip
x-cache-config
0 0
x-amz-cf-pop
DUS51-C1
x-cache-status
HIT
x-cache
Miss from cloudfront
status
200
access-control-allow-headers
X-CSRF-Token
x-optinmonster-account
45602
x-user-agent
standard--
last-modified
Mon, 29 Jun 2020 18:48:41 GMT
server
Pagely Gateway/1.5.1
etag
W/"4d058542bd138ab107b1ba11c1bd8db5"
vary
Accept-Encoding, User-Agent
content-type
application/json
via
1.1 e8640ab30463560abfb6a2665bafb393.cloudfront.net (CloudFront)
access-control-expose-headers
X-OptinMonster-Account
cache-control
public, max-age=30, stale-while-revalidate=1800
access-control-allow-origin
*
x-amz-cf-id
z6dDsd5npbVS4ELrOngRXBtcP8Md6oWYObuYcpEE07rwM8WRAV68pA==
expires
Mon, 10 Aug 2020 11:36:10 GMT
box-469cf41adb11dc78be68c1ae7f9457a4.html
vars.hotjar.com/ Frame 3D3C
0
0
Document
General
Full URL
https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1178304.js?sv=6
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
147.75.33.131 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software
/
Resource Hash

Request headers

:method
GET
:authority
vars.hotjar.com
:scheme
https
:path
/box-469cf41adb11dc78be68c1ae7f9457a4.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site
cross-site
sec-fetch-mode
navigate
sec-fetch-dest
iframe
referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
accept-encoding
gzip, deflate, br
accept-language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample

Response headers

status
200
date
Mon, 10 Aug 2020 12:05:01 GMT
content-type
text/html
content-length
851
last-modified
Mon, 27 Jul 2020 17:12:24 GMT
etag
"d594f1d4c3e5dbd6b556c60d34e0daea"
cache-control
max-age=31536000
content-encoding
br
section-io-origin-status
200
section-io-origin-time-seconds
0.094
section-origin-responded
true
age
1162369
vary
Accept-Encoding
section-io-cache
Hit
accept-ranges
bytes
section-io-id
268704ae2f8ad31ece62d3557738ed4f
visit-data
in.hotjar.com/api/v2/client/sites/1178304/
178 B
320 B
XHR
General
Full URL
https://in.hotjar.com/api/v2/client/sites/1178304/visit-data?sv=6
Requested by
Host: script.hotjar.com
URL: https://script.hotjar.com/modules.bac8137a5997286a68dc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.171.1.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-171-1-253.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6154d5f7f6961e042d013bab33fd02b691970d873f44f3c32d8fcc6e79ef5bcd

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type
text/plain; charset=UTF-8

Response headers

date
Mon, 10 Aug 2020 12:05:01 GMT
content-encoding
br
status
200
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
access-control-max-age
86400
access-control-allow-credentials
true
layers.33f5b85045a5f2308467.js
s7.addthis.com/static/
263 KB
76 KB
Script
General
Full URL
https://s7.addthis.com/static/layers.33f5b85045a5f2308467.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
137e41c449677deb7c8da3afde63fc781b095bb028f78b789be44192e8e3f4be
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Thu, 04 Jun 2020 15:49:19 GMT
server
nginx/1.15.8
etag
W/"5ed917ff-41b9f"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=86313600
date
Mon, 10 Aug 2020 12:05:01 GMT
x-host
s7.addthis.com
timing-allow-origin
*
content-length
77540
truncated
/
443 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/png
json
api.omappapi.com/v3/geolocate/
571 B
979 B
XHR
General
Full URL
https://api.omappapi.com/v3/geolocate/json
Requested by
Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.226.155.50 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-226-155-50.dus51.r.cloudfront.net
Software
Pagely Gateway/1.5.1 /
Resource Hash
ac407073e4da81a2b4e6aa2d30d3452c1fcdb48e3e880af5f80dabff2c6dfd6c

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 10 Aug 2020 12:05:01 GMT
via
1.1 e8640ab30463560abfb6a2665bafb393.cloudfront.net (CloudFront)
x-cache-config
0 0
x-amz-cf-pop
DUS51-C1
x-cache-status
BYPASS
x-cache
Miss from cloudfront
status
200
content-length
571
x-user-agent
standard--
server
Pagely Gateway/1.5.1
x-ratelimit-remaining
999
content-type
application/json
access-control-allow-origin
*
x-ratelimit-reset
1597061161
x-ratelimit-limit
1000
x-pagely-debug
mainblock
x-amz-cf-id
LCTJjfoKEhtwkrTNYfRgjyumUP1VFOgS_AhRq1eqvXEu55vlLsLByw==
webfont.js
ajax.googleapis.com/ajax/libs/webfont/1.5.18/
16 KB
7 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/webfont/1.5.18/webfont.js
Requested by
Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Wed, 22 Jul 2020 20:54:41 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
1609820
status
200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
6490
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 19:15:00 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Thu, 22 Jul 2021 20:54:41 GMT
mobile-detect.min.js
cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.4.3/
38 KB
16 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.4.3/mobile-detect.min.js
Requested by
Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
363a80d367e6658e72d918cd33f9481ce7929199a9858122b0dcc61dffa62fde
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 10 Aug 2020 12:05:01 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
age
15997625
status
200
alt-svc
h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id
0479db8eba0000c295b4a1a200000001
served-in-seconds
0.002
timing-allow-origin
*
last-modified
Sat, 08 Sep 2018 10:00:50 GMT
server
cloudflare
etag
W/"5b939dd2-9624"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000; includeSubDomains
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=30672000
cf-ray
5c09952ac8dec295-FRA
expires
Sat, 31 Jul 2021 12:05:01 GMT
analytics.js
www.google-analytics.com/
45 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 04 Jun 2020 23:38:14 GMT
server
Golfe2
age
6562
date
Mon, 10 Aug 2020 10:15:39 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
18469
expires
Mon, 10 Aug 2020 12:15:39 GMT
654a727ff5051585246332-skillsgap-banner.jpg
a.omappapi.com/users/df0603609574/images/
59 KB
60 KB
Image
General
Full URL
https://a.omappapi.com/users/df0603609574/images/654a727ff5051585246332-skillsgap-banner.jpg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.111.11.71 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
7bdd214b2de9a8cd6bf360eb472588aaee1ef2691956648577222f7e9f97307a

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 10 Aug 2020 12:05:01 GMT
x-amz-request-id
1F4A9381D7326831
x-cache
HIT
status
200
x-amz-meta-userid
39852
x-amz-meta-date
1585246332
content-length
60887
x-amz-id-2
qMks9hjsWuXfWmw6+Tk3T5zfPKUbdL+/oAgW4PAK1n2jLc0UuoMIRSc4mdh0jCRyKwnQm/dA/mA=
x-amz-meta-level
pro
x-amz-meta-dimensions
1024 x 160
last-modified
Thu, 26 Mar 2020 18:12:13 GMT
server
NetDNA-cache/2.2
x-amz-meta-accountid
45602
etag
"39850fd6d4d21392dbe120175981102f"
content-type
image/jpeg
access-control-allow-origin
*
x-amz-meta-title
654a727ff5051585246332-skillsgap-banner.jpg
cache-control
max-age=31104000
accept-ranges
bytes
expires
Thu, 05 Aug 2021 12:05:01 GMT
RC4da2046cb6a74ff89eee84fdeadc51af-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/dd6ae0471a9f/
1012 B
858 B
Script
General
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/dd6ae0471a9f/RC4da2046cb6a74ff89eee84fdeadc51af-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:f1:285::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
5ad26f7cf51222feace795cbdb672bc5c50c41ba5bd591afc71fadc176aea20a

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 10 Aug 2020 12:05:01 GMT
content-encoding
gzip
last-modified
Wed, 05 Aug 2020 20:45:53 GMT
server
AkamaiNetStorage
status
200
etag
"703f81c90a6443352d11d3232049268f:1596660353.752349"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
591
expires
Mon, 10 Aug 2020 13:05:01 GMT
RC4a2e638109b443d5b84d8f2e2216b80e-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/dd6ae0471a9f/
819 B
767 B
Script
General
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/dd6ae0471a9f/RC4a2e638109b443d5b84d8f2e2216b80e-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:f1:285::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
76a6c0f104b16e928abebfff3b22120eabfa3c758d6f2364f249c25705556abd

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 10 Aug 2020 12:05:01 GMT
content-encoding
gzip
last-modified
Wed, 05 Aug 2020 20:45:53 GMT
server
AkamaiNetStorage
status
200
etag
"703f81c90a6443352d11d3232049268f:1596660353.752349"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
501
expires
Mon, 10 Aug 2020 13:05:01 GMT
js
www.googletagmanager.com/gtag/
87 KB
34 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-10050195&l=dataLayer
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
7adf4eeaee78b850ca0d968bfb7ebce034aa89feef442feccb2d07a085204b1c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 10 Aug 2020 12:05:01 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
status
200
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34824
x-xss-protection
0
expires
Mon, 10 Aug 2020 12:05:01 GMT
RC0a0605f4b42e425fa678ffc6c2d94fb3-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/dd6ae0471a9f/
849 B
744 B
Script
General
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/dd6ae0471a9f/RC0a0605f4b42e425fa678ffc6c2d94fb3-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:f1:285::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
daa4a95e56f58d92626ce20d9cfd00c8408245553b0a4717128c2a2ee652a7df

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 10 Aug 2020 12:05:01 GMT
content-encoding
gzip
last-modified
Wed, 05 Aug 2020 20:45:53 GMT
server
AkamaiNetStorage
status
200
etag
"703f81c90a6443352d11d3232049268f:1596660353.752349"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
477
expires
Mon, 10 Aug 2020 13:05:01 GMT
RC7aad8f7422fa440982b5442a32fa8e4e-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/dd6ae0471a9f/
664 B
666 B
Script
General
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/dd6ae0471a9f/RC7aad8f7422fa440982b5442a32fa8e4e-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:f1:285::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
c71b31cf866fb4f9c9869af1f3010f64679ba435aca8cc1c075359f417bda0f6

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 10 Aug 2020 12:05:01 GMT
content-encoding
gzip
last-modified
Wed, 05 Aug 2020 20:45:53 GMT
server
AkamaiNetStorage
status
200
etag
"703f81c90a6443352d11d3232049268f:1596660353.752349"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
399
expires
Mon, 10 Aug 2020 13:05:01 GMT
RCb9ef7172f28847fba509ba48fb5d87f4-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/dd6ae0471a9f/
853 B
750 B
Script
General
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/dd6ae0471a9f/RCb9ef7172f28847fba509ba48fb5d87f4-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:f1:285::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
376617b38c5f98f0916bdfaa28afb3bdaca05ef487aefa5950b1b3758e40aee2

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 10 Aug 2020 12:05:01 GMT
content-encoding
gzip
last-modified
Wed, 05 Aug 2020 20:45:53 GMT
server
AkamaiNetStorage
status
200
etag
"703f81c90a6443352d11d3232049268f:1596660353.752349"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
483
expires
Mon, 10 Aug 2020 13:05:01 GMT
ipinfo
site.fortinet.com/utilservice/
217 B
749 B
Script
General
Full URL
https://site.fortinet.com/utilservice/ipinfo?site=fortinet.com&callback=jQuery22009514471308920558_1597061100871&_=1597061100872
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
96.45.36.159 San Jose, United States, ASN40934 (FORTINET, US),
Reverse DNS
Software
nginx/1.14.0 /
Resource Hash
c9cb0fe190227f1cfc4239e81b5038b9a2e350bd85ce9fb8a9945674b4a7f414
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.fortinet.com *.myfortinet.com fortinet.my.salesforce.com;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'self' *.fortinet.com *.myfortinet.com fortinet.my.salesforce.com;
Server
nginx/1.14.0
Date
Mon, 10 Aug 2020 12:05:02 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
application/json;charset=UTF-8
Connection
keep-alive
Content-Length
217
Front-End-Https
on
fbevents.js
connect.facebook.net/en_US/
134 KB
34 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
893df2b9ceb653f94333139d561d363bf4c365e651a0a3ade839d96200942e37
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
34269
x-xss-protection
0
pragma
public
x-fb-debug
axXU05GrRU8m6NjqhoTgbUOmARarQno1xL3yOertscKFPxneu0jYNogAoitxs3UT1jn/3pnFrjPWlvkBVEIpRQ==
x-fb-trip-id
664085054
x-frame-options
DENY
date
Mon, 10 Aug 2020 12:05:01 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires
Sat, 01 Jan 2000 00:00:00 GMT
uwt.js
static.ads-twitter.com/
5 KB
2 KB
Script
General
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
1a2684adb4b431902ef03f7959757f5163ed2ddc548e216654fa7858b1f4fd9b

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 10 Aug 2020 12:05:01 GMT
content-encoding
gzip
age
52378
x-cache
HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200
content-length
1942
x-served-by
cache-hhn4023-HHN
last-modified
Thu, 06 Aug 2020 23:59:10 GMT
x-timer
S1597061102.519887,VS0,VE0
etag
"1d9536984a3ff7a629eda3f70ceadd20+gzip"
vary
Accept-Encoding,Host
content-type
application/javascript; charset=utf-8
via
1.1 varnish
cache-control
no-cache
accept-ranges
bytes
insight.min.js
snap.licdn.com/li.lms-analytics/
3 KB
2 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:10c:39e::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software
/
Resource Hash
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 10 Aug 2020 12:05:01 GMT
Content-Encoding
gzip
Last-Modified
Mon, 07 Oct 2019 16:41:31 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=15048
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1576
tag.aspx
ml314.com/
26 KB
12 KB
Script
General
Full URL
https://ml314.com/tag.aspx?107
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.253.133.202 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
9c6af299685617864c257472040f437ef951afec994720a24781931cc3527017

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 10 Aug 2020 12:05:01 GMT
Content-Encoding
gzip
Last-Modified
Mon, 10 Aug 2020 06:47:19 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript; charset=utf-8
Cache-Control
public, max-age=67337
Connection
keep-alive
Content-Length
11933
Expires
Tue, 11 Aug 2020 06:47:19 GMT
559328277756725
connect.facebook.net/signals/config/
524 KB
132 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/559328277756725?v=2.9.23&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
5a41b3238b06189c420ee8392a015f7214b1e21fd01c28a9e9e573b78acc4a4a
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
sJfF/CSqkU+ogC2lZ2O3OAnLcH3wn1XN/dybdB8yYFjAjnCINB7WIcgMvmkOqsodfqrsRgNGEJn7nHKoQ29rMQ==
x-fb-trip-id
664085054
x-frame-options
DENY
date
Mon, 10 Aug 2020 12:05:01 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
roundtrip.js
s.adroll.com/j/
37 KB
12 KB
Script
General
Full URL
https://s.adroll.com/j/roundtrip.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-216.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
002c48ea2d8240fdaa8aff6669d375b9669154eb4de24941b6d5b7bf5a0ef97c

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
Zb6C4fSMrvxnY3zYZSxoxcYrLo4HNwNz
Content-Encoding
gzip
ETag
"1230cec869423cb838d86fce7119e0d5"
x-amz-request-id
CA99B680DCADAAAB
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
11756
x-amz-id-2
KVORhYNlg0ar+zshGf93T7yt6AH33cyhhJvHakW0RKIixWK7ExtVijtNpJDxxa6DP+zw5wLlyJw=
Last-Modified
Thu, 06 Aug 2020 19:42:37 GMT
Server
AmazonS3
Date
Mon, 10 Aug 2020 12:05:01 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
collect
px.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample&time=1597061101517
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7120%26url%3Dhttps%253A%252F%252Fwww.fortinet.com%252Fblog%252Fthreat-research%25...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample&time=1597061101517&liSync=true
0
218 B
Image
General
Full URL
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample&time=1597061101517&liSync=true
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 10 Aug 2020 12:05:02 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-lor1
status
200
x-li-proto
http/2
x-li-pop
prod-tln1
content-type
application/javascript
content-length
0
x-li-uuid
iVu/UZzmKRaw603KlisAAA==

Redirect headers

content-security-policy
default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-content-type-options
nosniff
linkedin-action
1
status
302
content-length
0
x-li-uuid
1bKhSpzmKRZQ2MlN2ioAAA==
pragma
no-cache
x-li-pop
afd-prod-esv5
x-msedge-ref
Ref A: ADAA9A31C2D1446A8F3992DAFC691A25 Ref B: FRAEDGE0914 Ref C: 2020-08-10T12:05:01Z
x-frame-options
sameorigin
date
Mon, 10 Aug 2020 12:05:01 GMT
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security
max-age=2592000
x-li-fabric
prod-lor1
location
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample&time=1597061101517&liSync=true
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
x-li-proto
http/2
expires
Thu, 01 Jan 1970 00:00:00 GMT
js
www.googletagmanager.com/gtag/
87 KB
34 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-662878185&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-10050195&l=dataLayer
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:815::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
37f2a35148d303eb465200ddf0cecac8f8b94f6ddfa7b9a56967fad1b16ca5ec
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 10 Aug 2020 12:05:01 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
status
200
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
34826
x-xss-protection
0
expires
Mon, 10 Aug 2020 12:05:01 GMT
adsct
analytics.twitter.com/i/
31 B
651 B
Script
General
Full URL
https://analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nxlzj&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample
Requested by
Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.131 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 10 Aug 2020 12:05:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
strict-transport-security
max-age=631138519
content-length
57
x-xss-protection
0
x-response-time
108
pragma
no-cache
last-modified
Mon, 10 Aug 2020 12:05:01 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
content-type
application/javascript;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
426694546e154bf5be5e71ca54993029
x-transaction
0047523a008353b2
expires
Tue, 31 Mar 1981 05:00:00 GMT
adsct
t.co/i/
43 B
449 B
Image
General
Full URL
https://t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nxlzj&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.69 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 10 Aug 2020 12:05:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
content-length
65
x-xss-protection
0
x-response-time
121
pragma
no-cache
last-modified
Mon, 10 Aug 2020 12:05:01 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=0
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
cea5cbe79477955463eb1e5870b7ff63
x-transaction
00e6b9f300c39a8f
expires
Tue, 31 Mar 1981 05:00:00 GMT
conversion_async.js
www.googleadservices.com/pagead/
29 KB
12 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-662878185&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s20-in-f2.1e100.net
Software
cafe /
Resource Hash
92f410985c0233c9abcba33b98f05b3e24d5ea3e80f5083466d545e94d49ec43
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 10 Aug 2020 12:05:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
11332
x-xss-protection
0
server
cafe
etag
5272426352805486351
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Mon, 10 Aug 2020 12:05:01 GMT
index.js
s.adroll.com/j/exp/
Redirect Chain
  • https://s.adroll.com/j/exp/7OBVBCAQE5FHDPFEAD5T4D/index.js
  • https://s.adroll.com/j/exp/index.js
28 B
747 B
Script
General
Full URL
https://s.adroll.com/j/exp/index.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-216.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
2U8XMvdFINXJNFsilaXONuSvqmREKV3.
Content-Encoding
gzip
ETag
"5816cced8568d223aa09d889f300692b"
x-amz-request-id
0A9DFB41B15EF3A2
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
48
x-amz-id-2
9wtYzl8isf76a+KTcCc0hWCh/ZKrxXSL0KsmsoDDvS1VGgWl/GxdSe7DtPnOmbh4BH+84jF1nEY=
Last-Modified
Fri, 31 Jul 2020 16:11:15 GMT
Server
AmazonS3
Date
Mon, 10 Aug 2020 12:05:01 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*

Redirect headers

Date
Mon, 10 Aug 2020 12:05:01 GMT
Server
AkamaiGHost
Location
https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
0
index.js
s.adroll.com/j/pre/7OBVBCAQE5FHDPFEAD5T4D/GIVUJ77KRNF4LOPGYJ6RS5/
1 KB
1 KB
Script
General
Full URL
https://s.adroll.com/j/pre/7OBVBCAQE5FHDPFEAD5T4D/GIVUJ77KRNF4LOPGYJ6RS5/index.js
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-216.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
cbce85e96b7752208ce15a09ea4d5a58b792edc9e77f1c5ccf46c01935970f9d

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
zSmvtdTk5_SulQZ1i3eJYPwZGNf60t1k
Content-Encoding
gzip
ETag
"3996d65282dd996ee0d7d4c90c139158"
x-amz-request-id
3H4TDJFT8MBH4PEM
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
635
x-amz-id-2
YoFKFRm3xSIIXge0d4sKbwoSdvjgyywoN18aTZpCv4kPa5BAiUqhGr8BlIVKYwxFq5Yecxds6OY=
Last-Modified
Mon, 10 Aug 2020 00:55:04 GMT
Server
AmazonS3
Date
Mon, 10 Aug 2020 12:05:01 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
/
d.adroll.com/consent/check/7OBVBCAQE5FHDPFEAD5T4D/
Redirect Chain
  • https://d.adroll.mgr.consensu.org/consent/iabcheck/7OBVBCAQE5FHDPFEAD5T4D?_s=d298bc2142bcd6eef70b5ff516a3949e&_b=2
  • https://d.adroll.com/consent/check/7OBVBCAQE5FHDPFEAD5T4D/?_s=d298bc2142bcd6eef70b5ff516a3949e&_b=2
385 B
477 B
Script
General
Full URL
https://d.adroll.com/consent/check/7OBVBCAQE5FHDPFEAD5T4D/?_s=d298bc2142bcd6eef70b5ff516a3949e&_b=2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.254.9.125 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
nginx/1.16.1 /
Resource Hash
5d7a8223c890d6162d79d81229a8d9660b6ab884b7a3e738cec26fe524ec254d

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status
200
date
Mon, 10 Aug 2020 12:05:01 GMT
server
nginx/1.16.1
content-length
385
content-type
application/javascript

Redirect headers

status
302
date
Mon, 10 Aug 2020 12:05:01 GMT
server
nginx/1.16.1
content-length
105
location
https://d.adroll.com/consent/check/7OBVBCAQE5FHDPFEAD5T4D/?_s=d298bc2142bcd6eef70b5ff516a3949e&_b=2
utsync.ashx
ml314.com/
644 B
1 KB
Script
General
Full URL
https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=54820&ct=js&pi=&fp=&clid=&if=0&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample&pv=1597061101597_gphkudjlt&bl=en-us&cb=4325794&return=&ht=&d=&dc=&si=1597061101597_gphkudjlt&cid=&s=1600x1200&rp=
Requested by
Host: ml314.com
URL: https://ml314.com/tag.aspx?107
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.253.133.202 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b77fdd465e4ceb244688025c2a373ed0b6a0f6b88b4a8504398ba820dbaa7847

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma
no-cache
Date
Mon, 10 Aug 2020 12:05:00 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Vary
Accept-Encoding
p3P
CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
Cache-Control
private
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Content-Length
468
Expires
0
/
www.facebook.com/tr/
44 B
376 B
Image
General
Full URL
https://www.facebook.com/tr/?id=559328277756725&ev=PageView&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample&rl=&if=false&ts=1597061101614&sw=1600&sh=1200&v=2.9.23&r=stable&ec=0&o=30&fbp=fb.1.1597061101614.2126841158&it=1597061101504&coo=false&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 10 Aug 2020 12:05:01 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Mon, 10 Aug 2020 12:05:01 GMT
ibs:dpid=22052&dpuuid=3612307665423171650&redir=
dpm.demdex.net/
42 B
915 B
Image
General
Full URL
https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3612307665423171650&redir=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.50.67.81 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-50-67-81.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

DCS
dcs-prod-irl1-v078-068c294db.edge-irl1.demdex.com 5.76.0.20200805085924 1ms (+1ms)
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
X-TID
RZz+6zlYS8Y=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
42
Expires
Thu, 01 Jan 1970 00:00:00 GMT
csync.ashx
ml314.com/
Redirect Chain
  • https://idsync.rlcdn.com/395886.gif?partner_uid=3612307665423171650
  • https://idsync.rlcdn.com/1000.gif?memo=CO6UGBIeChoIARCuXxoTMzYxMjMwNzY2NTQyMzE3MTY1MBAAGg0I7e_E-QUSBQjoBxAAQgBKAA
  • https://ml314.com/csync.ashx?fp=8910838fb742e5b163976f1a53008c88f0e43a5ed29a93a88a5b998e561c18ebf4cb09cee1a4f8eb&person_id=3612307665423171650&eid=50082
43 B
312 B
Image
General
Full URL
https://ml314.com/csync.ashx?fp=8910838fb742e5b163976f1a53008c88f0e43a5ed29a93a88a5b998e561c18ebf4cb09cee1a4f8eb&person_id=3612307665423171650&eid=50082
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.253.133.202 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 10 Aug 2020 12:05:01 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Content-Type
image/gif
Cache-Control
private
Connection
keep-alive
Content-Length
43
Expires
Tue, 11 Aug 2020 08:05:01 GMT

Redirect headers

date
Mon, 10 Aug 2020 12:05:01 GMT
via
1.1 google
status
307
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location
https://ml314.com/csync.ashx?fp=8910838fb742e5b163976f1a53008c88f0e43a5ed29a93a88a5b998e561c18ebf4cb09cee1a4f8eb&person_id=3612307665423171650&eid=50082
cache-control
no-cache, no-store
timing-allow-origin
*
alt-svc
clear
content-length
0
csync.ashx
ml314.com/
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=d0tro1j&ttd_tpi=1
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=d0tro1j&ttd_tpi=1
  • https://ml314.com/utsync.ashx?eid=53819&et=0&fp=0a88d483-b71c-4f3d-9a8f-ec124e460f80
  • https://ml314.com/csync.ashx?fp=0a88d483-b71c-4f3d-9a8f-ec124e460f80&person_id=3612307665423171650&eid=53819
43 B
312 B
Image
General
Full URL
https://ml314.com/csync.ashx?fp=0a88d483-b71c-4f3d-9a8f-ec124e460f80&person_id=3612307665423171650&eid=53819
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.253.133.202 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 10 Aug 2020 12:05:01 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Content-Type
image/gif
Cache-Control
private
Connection
keep-alive
Content-Length
43
Expires
Tue, 11 Aug 2020 08:05:01 GMT

Redirect headers

Pragma
no-cache
Date
Mon, 10 Aug 2020 12:05:01 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
p3P
CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
Location
https://ml314.com/csync.ashx?fp=0a88d483-b71c-4f3d-9a8f-ec124e460f80&person_id=3612307665423171650&eid=53819
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
0,Tue, 11 Aug 2020 08:05:01 GMT
csync.ashx
ml314.com/
Redirect Chain
  • https://sync.crwdcntrl.net/map/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3612307665423171650
  • https://sync.crwdcntrl.net/map/ct=y/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3612307665423171650
  • https://ml314.com/csync.ashx?fp=aee1e11e4decbbbe83928393aac863d8&eid=50146&person_id=3612307665423171650
43 B
312 B
Image
General
Full URL
https://ml314.com/csync.ashx?fp=aee1e11e4decbbbe83928393aac863d8&eid=50146&person_id=3612307665423171650
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.253.133.202 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 10 Aug 2020 12:05:01 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Content-Type
image/gif
Cache-Control
private
Connection
keep-alive
Content-Length
43
Expires
Tue, 11 Aug 2020 08:05:01 GMT

Redirect headers

pragma
no-cache
date
Mon, 10 Aug 2020 12:05:01 GMT
status
302
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://ml314.com/csync.ashx?fp=aee1e11e4decbbbe83928393aac863d8&eid=50146&person_id=3612307665423171650
cache-control
no-cache
x-server
10.45.4.44
content-length
0
expires
0
/
ps.eyeota.net/pixel/bounce/
Redirect Chain
  • https://ps.eyeota.net/pixel?pid=r8hrb20&t=gif
  • https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif
0
344 B
Image
General
Full URL
https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
3.120.214.218 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 10 Aug 2020 12:05:01 GMT
Content-Length
0
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

Location
/pixel/bounce/?pid=r8hrb20&t=gif
Date
Mon, 10 Aug 2020 12:05:01 GMT
Content-Length
0
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/662878185/
2 KB
2 KB
Script
General
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/662878185/?random=1597061101653&cv=9&fst=1597061101653&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample&tiba=Double%20Trouble%3A%20RevengeRAT%20and%20WSHRAT&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
d0e142b02196f538f5cc5c0912f292ce26b515e0a11c79b244d43ceef9803da7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 10 Aug 2020 12:05:01 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length
1075
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/662878185/
42 B
539 B
Image
General
Full URL
https://www.google.com/pagead/1p-user-list/662878185/?random=1597061101653&cv=9&fst=1597060800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample&tiba=Double%20Trouble%3A%20RevengeRAT%20and%20WSHRAT&async=1&fmt=3&is_vtc=1&random=3015575462&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 10 Aug 2020 12:05:01 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/662878185/
42 B
539 B
Image
General
Full URL
https://www.google.de/pagead/1p-user-list/662878185/?random=1597061101653&cv=9&fst=1597060800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample&tiba=Double%20Trouble%3A%20RevengeRAT%20and%20WSHRAT&async=1&fmt=3&is_vtc=1&random=3015575462&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 10 Aug 2020 12:05:01 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
consent_tcfv2.js
s.adroll.com/j/
388 KB
53 KB
Script
General
Full URL
https://s.adroll.com/j/consent_tcfv2.js
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-216.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
0a7a0c8fbd2cb2bbefe2e27f968895ef75575a339f828fe828eefecc9aba8f4e

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id
rLgMqKDY3Z8iy3h1vHVy6NTi8Ycho.KG
Content-Encoding
gzip
ETag
"d630366051d2b8500304c98540ad5f78"
x-amz-request-id
DFBF1C01462CD46E
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
53109
x-amz-id-2
HdIuQs+jBwMFQq2MWSSuEV33aWmEuV7qU+Ntb8t8yoa/LcTlL738Rx0dzht21/xnUR8rCqHa5wE=
Last-Modified
Thu, 09 Jul 2020 13:42:18 GMT
Server
AmazonS3
Date
Mon, 10 Aug 2020 12:05:01 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=300, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
truncated
/
287 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
669658266deaa76165265ae6486c6e9d5caf2e5692ad872cf3a465373e839419

Request headers

Referer
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type
image/gif
favicon-32x32.png
nextroll.com/
2 KB
2 KB
Image
General
Full URL
https://nextroll.com/favicon-32x32.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.211.213.230 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Apache /
Resource Hash
bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date
Mon, 10 Aug 2020 12:05:02 GMT
Via
1.1 vegur
Last-Modified
Thu, 30 Jul 2020 23:07:28 GMT
Server
Apache
Etag
"64f-5abb0bc760c00"
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1615
/
www.facebook.com/tr/
44 B
258 B
Image
General
Full URL
https://www.facebook.com/tr/?id=559328277756725&ev=Microdata&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample&rl=&if=false&ts=1597061102118&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Double%20Trouble%3A%20%20RevengeRAT%20and%20WSHRAT%22%2C%22meta%3Akeywords%22%3A%22threat%20research%2CThreat%20Research%2Cmalware%20analysis%2CCybersecurity%20Architect%22%2C%22meta%3Adescription%22%3A%22Learn%20more%20about%20a%20new%20Revenge%20RAT%20sample%20recently%20captured%20in%20the%20wild%20by%20our%20FortiGuard%20Labs%20team.%20%22%7D&cd[OpenGraph]=%7B%22og%3Asite_name%22%3A%22Fortinet%20Blog%22%2C%22og%3Atitle%22%3A%22Double%20Trouble%3A%20%20RevengeRAT%20and%20WSHRAT%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample.html%22%2C%22og%3Atype%22%3A%22article%22%2C%22og%3Adescription%22%3A%22Learn%20more%20about%20a%20new%20Revenge%20RAT%20sample%20recently%20captured%20in%20the%20wild%20by%20our%20FortiGuard%20Labs%20team.%20%E2%80%A6%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fwww.fortinet.com%2Fcontent%2Fdam%2Ffortinet-blog%2Farticle-images%2Frevenge-rat%2Frevengerat-one.png%22%2C%22twitter%3Acard%22%3A%22summary%22%2C%22twitter%3Asite%22%3A%22%40Fortinet%22%2C%22article%3Aauthor%22%3A%22Chris%20Navarrete%20and%20Xiaopeng%20Zhang%22%2C%22article%3Asection%22%3A%22Threat%20Research%22%2C%22article%3Apublished_time%22%3A%222019-11-13T00%3A00%3A00.000-08%3A00%22%2C%22article%3Atag%22%3A%22Cybersecurity%20Architect%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.23&r=stable&ec=1&o=30&fbp=fb.1.1597061102117.1386467932&it=1597061101504&coo=false&es=automatic&tm=3&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date
Mon, 10 Aug 2020 12:05:02 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length
44
expires
Mon, 10 Aug 2020 12:05:02 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
s7.addthis.com
URL
https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Verdicts & Comments Add Verdict or Comment

171 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq function| atwpjp string| _atd function| _euc function| _duc object| _atc string| _atr object| addthis string| addthis_pub function| emdot object| _ate object| _adr object| addthis_conf function| addthis_open function| addthis_close function| addthis_sendto boolean| __@@##MUH object| s_i_fortinetincproduction object| fortinet_blog object| EasyAutocomplete object| search_config object| keywords object| siteId object| lang object| options boolean| searchFired boolean| blogFilter string| documentsQuery string| blogCategories string| authorsList string| yearsList object| lastQuery number| totalReturn number| lastRow object| lastWordsForCounting function| htmlEncode function| hideAutoComplete function| sitesearch_init function| sitesearch_search_callback function| sitesearch_countall_callback function| sitesearch_do_search function| sitesearch_do_force_search function| sitesearch_spellcheck_callback function| sitesearch_do_spellcheck function| sitesearch_do_suggest_search function| sitesearch_query_searchresult_callback function| sitesearch_do_query_searchresult function| sitesearch_click_page_callback function| sitesearch_click_page function| search_action function| sitesearch_search_fortiguard function| count_facets_type function| shuffle_facets function| csCookies object| cookieScriptWindow object| cookieScripts string| cookieScriptSrc function| cookieQuery string| cookieScriptPosition string| cookieScriptSource string| cookieScriptDomain string| cookieScriptReadMore string| cookieId number| cookieScriptDebug boolean| cookieScriptShowBadge string| cookieScriptCurrentUrl string| pagePath string| cookieScriptTitle string| cookieScriptDesc string| cookieScriptAccept string| cookieScriptMore string| cookieScriptCopyrights string| cookieBackground function| setImmediate function| clearImmediate function| $ function| jQuery undefined| Cookies string| cookieScriptReject function| cookieScriptLoadJavaScript function| InjectCookieScript string| cookieScriptStatsDomain function| cookieScriptCreateCookie function| cookieScriptReadCookie function| hj object| _hjSettings object| addthis_config object| addthis_share function| cookieScriptAddBox object| cookieScriptCurrentValue object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled function| OptinMonsterApp boolean| om_loaded object| om45602_39852 boolean| _omvisitsadded string| adroll_adv_id string| adroll_pix_id object| _atw string| addthis_exclude boolean| addthis_use_personalization string| addthis_options_default string| addthis_options_rank string| addthis_options object| __callbacks number| len object| _omapp object| omqxgboj2xm7i4uirert5m object| omqbkzwxxbiv83f0ol5a2d object| omtd4yyupw30z3kaz7uhys object| omxpwpvp06n9shcggft6kf object| ombs6hw8oho0l8z5lmhzmv object| omqxx1b0gslklfu2kjckea object| omtaoi2gud8wo2ip9kbnpv object| WebFont object| google_tag_data function| ga object| gaplugins function| MobileDetect function| fbAsyncInit object| _omns object| dataLayer function| gtag object| t boolean| __adroll_loaded function| fbq function| _fbq function| twq string| _linkedin_data_partner_id object| _ml string| piAId string| piCId string| piHostname object| google_tag_manager function| lintrk boolean| _already_called_lintrk object| twttr string| adroll_sid object| __adroll boolean| adroll_optout object| adroll_ext_network object| adroll_callbacks function| adroll_tpc_callback function| __cmp function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO object| adroll_exp_list object| __adroll_consent boolean| __adroll_consent_is_gdpr object| __adroll_consent_data string| __adroll_consent_user_country string| __adroll_consent_adv_country object| $jscomp string| BANNER_VERSION string| TCF_VERSION string| IABWRITE_NO_COOKIE object| __adroll_consent_banner boolean| __adroll_consent_prev_lastchild

18 Cookies

Domain/Path Name / Value
.demdex.net/ Name: demdex
Value: 07724322315825516461797892677694968864
www.fortinet.com/ Name: _hjIncludedInCCSample
Value: 1
www.fortinet.com/ Name: _hjIncludedInSample
Value: 1
www.fortinet.com/ Name: cookiesession1
Value: 11DBD2EDMVKSNL94DFUK89RGA5XB4D8D
www.fortinet.com/ Name: _omappvs
Value: 1597061100966
.addthis.com/ Name: uvc
Value: 1%7C33
www.fortinet.com/ Name: __atuvc
Value: 1%7C33
www.fortinet.com/ Name: omSeen-qxx1b0gslklfu2kjckea
Value: 1597061101308
.fortinet.com/ Name: AMCV_ED8739F75677FE917F000101%40AdobeOrg
Value: 870038026%7CMCIDTS%7C18485%7CMCMID%7C07380550018321899101762393744212686248%7CMCAAMLH-1597665900%7C6%7CMCAAMB-1597665900%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1597068300s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.0.0
.fortinet.com/ Name: gpv_pn
Value: www.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample
.fortinet.com/ Name: s_ecid
Value: MCMID%7C07380550018321899101762393744212686248
.fortinet.com/ Name: s_getNewRepeat
Value: 1597061100667-New
.addthis.com/ Name: loc
Value: MDAwMDBFVU5MTkgyMzI3MTg1MTAwMDAwMDBDSA==
.fortinet.com/ Name: s_cc
Value: true
www.fortinet.com/ Name: __atuvs
Value: 5f3137ec8d0b1522000
.fortinet.com/ Name: AMCVS_ED8739F75677FE917F000101%40AdobeOrg
Value: 1
.fortinet.com/ Name: _hjid
Value: 6026865c-038d-4299-89f4-6eb12a7bb144
www.fortinet.com/ Name: _omappvp
Value: 5NggYmPGE8ugkmsqmA1KGx5L7iMQLqaw8MYgmyUtPYqBnmIQvIrScMgaZLLNg1YVsAC9FyaR0lAiS8DO4o9Nao4p6RF0ZoCP

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.omappapi.com
a.opmnstr.com
ajax.googleapis.com
analytics.twitter.com
api.omappapi.com
assets.adobedtm.com
cdnjs.cloudflare.com
cm.everesttech.net
connect.facebook.net
d.adroll.com
d.adroll.mgr.consensu.org
dpm.demdex.net
fortinet.demdex.net
googleads.g.doubleclick.net
idsync.rlcdn.com
in.hotjar.com
m.addthis.com
match.adsrvr.org
metrics.fortinet.com
ml314.com
nextroll.com
ps.eyeota.net
px.ads.linkedin.com
s.adroll.com
s7.addthis.com
script.hotjar.com
site.fortinet.com
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
sync.crwdcntrl.net
t.co
v1.addthisedge.com
vars.hotjar.com
www.facebook.com
www.fortinet.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
z.moatads.com
s7.addthis.com
104.244.42.131
104.244.42.69
13.226.155.50
13.248.134.222
13.56.33.144
147.75.100.205
147.75.33.131
147.75.84.31
15.236.9.100
151.101.112.157
216.58.206.2
23.111.11.182
23.111.11.71
23.210.248.216
23.210.248.44
23.210.250.213
2606:4700::6810:85e5
2620:1ec:21::14
2a00:1450:4001:809::200a
2a00:1450:4001:815::2008
2a00:1450:4001:816::200e
2a00:1450:4001:817::2002
2a00:1450:4001:81c::2004
2a00:1450:4001:821::2003
2a02:26f0:10c:39e::25ea
2a02:26f0:f1:285::1e80
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a05:f500:11:101::b93f:9005
3.120.214.218
3.211.213.230
34.253.133.202
34.254.9.125
35.244.245.222
52.49.190.28
52.50.67.81
54.154.104.244
54.171.1.253
63.32.152.233
66.117.28.86
96.45.36.159
002c48ea2d8240fdaa8aff6669d375b9669154eb4de24941b6d5b7bf5a0ef97c
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
0a7a0c8fbd2cb2bbefe2e27f968895ef75575a339f828fe828eefecc9aba8f4e
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
133debcec0026d79ced8d9d9504d6f95804410b4806b4b0b5f973f6ca529f5fb
137e41c449677deb7c8da3afde63fc781b095bb028f78b789be44192e8e3f4be
1a2684adb4b431902ef03f7959757f5163ed2ddc548e216654fa7858b1f4fd9b
288ee3a19514d8dd3d85fc9387e853c3f942ce28307dab68f4b50ecbb812b231
363a80d367e6658e72d918cd33f9481ce7929199a9858122b0dcc61dffa62fde
376617b38c5f98f0916bdfaa28afb3bdaca05ef487aefa5950b1b3758e40aee2
37f2a35148d303eb465200ddf0cecac8f8b94f6ddfa7b9a56967fad1b16ca5ec
3bafe3dc1d315eeacd00431312f15c26d8ce6725ecf2dce6b3892c6432039900
3d42c331e33d0821e56249645fb1b30831537a5227e58c67b0ffe85ceba025e7
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba
5a41b3238b06189c420ee8392a015f7214b1e21fd01c28a9e9e573b78acc4a4a
5ad26f7cf51222feace795cbdb672bc5c50c41ba5bd591afc71fadc176aea20a
5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d
5b78ce591c371161c8a2de82384afbc0d8ce3f934bb3f25ee52be321341beaa3
5d7a8223c890d6162d79d81229a8d9660b6ab884b7a3e738cec26fe524ec254d
5d7fda52442588c5ae334e48512e3bab1c0a34ed25a9c8ec0c8afe15df3f51d0
6154d5f7f6961e042d013bab33fd02b691970d873f44f3c32d8fcc6e79ef5bcd
669658266deaa76165265ae6486c6e9d5caf2e5692ad872cf3a465373e839419
68b01e8be50d58d56dc4794ded8ca457bde3882c8d77abc5c17ef56e200d3305
6ec95cf3501a05606c0117144486ccb9aa6824e65d1ff056fa49ba44ac5b0cb9
6ff1daac173d3df915242165da52fde2ef9c5d818f9e9b8cf3fe3bd39011eeab
76a6c0f104b16e928abebfff3b22120eabfa3c758d6f2364f249c25705556abd
7adf4eeaee78b850ca0d968bfb7ebce034aa89feef442feccb2d07a085204b1c
7bdd214b2de9a8cd6bf360eb472588aaee1ef2691956648577222f7e9f97307a
87b784071fc3dd6fbe9f0ed8362565d37f3d3eadc97acfda6ec9b9f628ff076f
893df2b9ceb653f94333139d561d363bf4c365e651a0a3ade839d96200942e37
92f410985c0233c9abcba33b98f05b3e24d5ea3e80f5083466d545e94d49ec43
9562668d12a4b72d5dfe7ca589d9f8b5ae986c86c2194fef117d6e7b93004384
96a79625665927c8779ddfddf78dd3418da031897f8f92800a9e9fe6cf998921
9c6af299685617864c257472040f437ef951afec994720a24781931cc3527017
9cc56307a599f98aca4e3fedeba9b46a424244e8257a64f0e9700f7d90cf2834
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a9791c207ed611d76a10eb3146c217fdc55a6f13e4000521188b98835687db7b
ac407073e4da81a2b4e6aa2d30d3452c1fcdb48e3e880af5f80dabff2c6dfd6c
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
afccc754e772ea78141269cc51ab6fd8b52479dbf0b291fd23724ae4922dcc9f
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2a69f81002746fb20a34679b10c764c2d5f664de10944230824289d55c38348
b77fdd465e4ceb244688025c2a373ed0b6a0f6b88b4a8504398ba820dbaa7847
bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355
c71b31cf866fb4f9c9869af1f3010f64679ba435aca8cc1c075359f417bda0f6
c7c2a637412317b9e13fd52b5ecff08eb1b5da60b3d66a2a5b8eff7eec182a84
c92295bd1bd22a2460a97272741c3ef8753884a1a370ad862753cc16e6d94e85
c9cb0fe190227f1cfc4239e81b5038b9a2e350bd85ce9fb8a9945674b4a7f414
cbce85e96b7752208ce15a09ea4d5a58b792edc9e77f1c5ccf46c01935970f9d
ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4
d0e142b02196f538f5cc5c0912f292ce26b515e0a11c79b244d43ceef9803da7
d223439f0a00d264eadf96d43a5245e291ff1504db055176eb8a3da4ef532cb4
d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17
d63fb2d1ee7f3aa0511d7dfa759fa0701ba25046fe7410e02fe977d326b30e01
d6df1bca3f52fafa22d16bb86bc71723212b30401ea887f94635bb855b2e4ca4
daa4a95e56f58d92626ce20d9cfd00c8408245553b0a4717128c2a2ee652a7df
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb12a261a24e54883613710a4c12f4d9205f634ca1a29d1df07f90105a93e746
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955