www.fortinet.com Open in urlscan Pro
13.56.33.144 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample.html
Effective URL:
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
Submission: On August 10 via api (August 10th 2020, 12:05:18 pm UTC) from SI

Summary HTTP 71 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 36 IPs in 7 countries across 33 domains to perform 71 HTTP transactions. The main IP is 13.56.33.144, located in San Jose, United States and belongs to AMAZON-02, US. The main domain is www.fortinet.com.
TLS certificate: Issued by DigiCert SHA2 High Assurance Server CA on January 22nd 2019. Valid for: 2 years.

This is the only time www.fortinet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 11	13.56.33.144 13.56.33.144	16509 (AMAZON-02) (AMAZON-02)
9	2a02:26f0:f1:... 2a02:26f0:f1:285::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 4	52.50.67.81 52.50.67.81	16509 (AMAZON-02) (AMAZON-02)
5	23.210.248.44 23.210.248.44	16625 (AKAMAI-AS) (AKAMAI-AS)
1	23.210.250.213 23.210.250.213	16625 (AKAMAI-AS) (AKAMAI-AS)
1	63.32.152.233 63.32.152.233	16509 (AMAZON-02) (AMAZON-02)
2	15.236.9.100 15.236.9.100	16509 (AMAZON-02) (AMAZON-02)
1 1	66.117.28.86 66.117.28.86	15224 (OMNITURE) (OMNITURE)
1	147.75.100.205 147.75.100.205	54825 (PACKET) (PACKET)
1	23.111.11.182 23.111.11.182	33438 (HIGHWINDS2) (HIGHWINDS2)
1	147.75.84.31 147.75.84.31	54825 (PACKET) (PACKET)
2	13.226.155.50 13.226.155.50	16509 (AMAZON-02) (AMAZON-02)
1	147.75.33.131 147.75.33.131	54825 (PACKET) (PACKET)
1	54.171.1.253 54.171.1.253	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:809::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6810:85e5	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a00:1450:400... 2a00:1450:4001:816::200e	15169 (GOOGLE) (GOOGLE)
1	23.111.11.71 23.111.11.71	33438 (HIGHWINDS2) (HIGHWINDS2)
2	2a00:1450:400... 2a00:1450:4001:815::2008	15169 (GOOGLE) (GOOGLE)
1	96.45.36.159 96.45.36.159	40934 (FORTINET) (FORTINET)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	151.101.112.157 151.101.112.157	54113 (FASTLY) (FASTLY)
1	2a02:26f0:10c... 2a02:26f0:10c:39e::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 6	34.253.133.202 34.253.133.202	16509 (AMAZON-02) (AMAZON-02)
1 5	23.210.248.216 23.210.248.216	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	2a05:f500:11:... 2a05:f500:11:101::b93f:9005	14413 (LINKEDIN) (LINKEDIN)
1 1	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
1	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER)
1	216.58.206.2 216.58.206.2	15169 (GOOGLE) (GOOGLE)
1 1	54.154.104.244 54.154.104.244	16509 (AMAZON-02) (AMAZON-02)
1	34.254.9.125 34.254.9.125	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f11... 2a03:2880:f11c:8183:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
2 2	35.244.245.222 35.244.245.222	15169 (GOOGLE) (GOOGLE)
2 2	13.248.134.222 13.248.134.222	16509 (AMAZON-02) (AMAZON-02)
2 2	52.49.190.28 52.49.190.28	16509 (AMAZON-02) (AMAZON-02)
1 2	3.120.214.218 3.120.214.218	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:4001:817::2002	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:81c::2004	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:821::2003	15169 (GOOGLE) (GOOGLE)
1	3.211.213.230 3.211.213.230	14618 (AMAZON-AES) (AMAZON-AES)
71	36

11 13.56.33.144 (San Jose, United States) 1 redirects

ASN16509 (AMAZON-02, US)

www.fortinet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2a02:26f0:f1:285::1e80 (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.50.67.81 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-50-67-81.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.210.248.44 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-44.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
m.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.210.250.213 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-250-213.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.32.152.233 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-63-32-152-233.eu-west-1.compute.amazonaws.com

fortinet.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 15.236.9.100 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-15-236-9-100.eu-west-3.compute.amazonaws.com

metrics.fortinet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.117.28.86 (United States) 1 redirects

ASN15224 (OMNITURE, US)

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 147.75.100.205 (Central, Hong Kong)

ASN54825 (PACKET, US)
PTR: pkt-ams-k2-shared-ingress5

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.111.11.182 (Phoenix, United States)

ASN33438 (HIGHWINDS2, US)

a.opmnstr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 147.75.84.31 (Parsippany, United States)

ASN54825 (PACKET, US)

script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.226.155.50 (Seattle, United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-226-155-50.dus51.r.cloudfront.net

api.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 147.75.33.131 (Amsterdam, Netherlands)

ASN54825 (PACKET, US)

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.171.1.253 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-1-253.eu-west-1.compute.amazonaws.com

in.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:809::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:85e5 (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:816::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.111.11.71 (Phoenix, United States)

ASN33438 (HIGHWINDS2, US)

a.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:815::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 96.45.36.159 (San Jose, United States)

ASN40934 (FORTINET, US)

site.fortinet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.112.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:10c:39e::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, EU)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.253.133.202 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)

ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 23.210.248.216 (Netherlands) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-216.deploy.static.akamaitechnologies.com

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:f500:11:101::b93f:9005 (Ireland) 1 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:21::14 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.69 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.206.2 (Mountain View, United States)

ASN15169 (GOOGLE, US)
PTR: fra16s20-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.154.104.244 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-154-104-244.eu-west-1.compute.amazonaws.com

d.adroll.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.254.9.125 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.245.222 (Mountain View, United States) 2 redirects

ASN15169 (GOOGLE, US)

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.134.222 (Seattle, United States) 2 redirects

ASN16509 (AMAZON-02, US)

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.49.190.28 (Dublin, Ireland) 2 redirects

ASN16509 (AMAZON-02, US)

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.120.214.218 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:817::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81c::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.211.213.230 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

nextroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	fortinet.com 1 redirects www.fortinet.com metrics.fortinet.com site.fortinet.com	511 KB
9	adobedtm.com assets.adobedtm.com	77 KB
6	adroll.com 1 redirects s.adroll.com d.adroll.com	68 KB
6	ml314.com 1 redirects ml314.com	15 KB
5	demdex.net 1 redirects dpm.demdex.net fortinet.demdex.net	4 KB
4	hotjar.com static.hotjar.com script.hotjar.com vars.hotjar.com in.hotjar.com	72 KB
4	addthis.com s7.addthis.com m.addthis.com	191 KB
3	linkedin.com 2 redirects px.ads.linkedin.com www.linkedin.com	3 KB
3	omappapi.com api.omappapi.com a.omappapi.com	81 KB
2	eyeota.net 1 redirects ps.eyeota.net	1 KB
2	crwdcntrl.net 2 redirects sync.crwdcntrl.net	1001 B
2	adsrvr.org 2 redirects match.adsrvr.org	926 B
2	rlcdn.com 2 redirects idsync.rlcdn.com	801 B
2	facebook.com www.facebook.com	634 B
2	facebook.net connect.facebook.net	166 KB
2	googletagmanager.com www.googletagmanager.com	69 KB
1	nextroll.com nextroll.com	2 KB
1	google.de www.google.de	539 B
1	google.com www.google.com	539 B
1	doubleclick.net googleads.g.doubleclick.net	2 KB
1	consensu.org 1 redirects d.adroll.mgr.consensu.org	136 B
1	googleadservices.com www.googleadservices.com	12 KB
1	t.co t.co	449 B
1	twitter.com analytics.twitter.com	651 B
1	licdn.com snap.licdn.com	2 KB
1	ads-twitter.com static.ads-twitter.com	2 KB
1	google-analytics.com www.google-analytics.com	18 KB
1	cloudflare.com cdnjs.cloudflare.com	16 KB
1	googleapis.com ajax.googleapis.com	7 KB
1	addthisedge.com v1.addthisedge.com	756 B
1	opmnstr.com a.opmnstr.com	60 KB
1	everesttech.net 1 redirects cm.everesttech.net	554 B
1	moatads.com z.moatads.com	1 KB
71	33

	Domain	Requested by
11	www.fortinet.com	1 redirects www.fortinet.com s7.addthis.com
9	assets.adobedtm.com	www.fortinet.com assets.adobedtm.com
6	ml314.com	1 redirects www.fortinet.com ml314.com
5	s.adroll.com	1 redirects www.fortinet.com s.adroll.com
4	dpm.demdex.net	1 redirects www.fortinet.com
3	s7.addthis.com	assets.adobedtm.com s7.addthis.com
2	ps.eyeota.net	1 redirects
2	sync.crwdcntrl.net	2 redirects
2	match.adsrvr.org	2 redirects
2	idsync.rlcdn.com	2 redirects
2	www.facebook.com
2	px.ads.linkedin.com	1 redirects
2	connect.facebook.net	www.fortinet.com connect.facebook.net
2	www.googletagmanager.com	assets.adobedtm.com www.googletagmanager.com
2	api.omappapi.com	a.opmnstr.com
2	metrics.fortinet.com	assets.adobedtm.com www.fortinet.com
1	nextroll.com
1	www.google.de
1	www.google.com
1	googleads.g.doubleclick.net	www.googleadservices.com
1	d.adroll.com
1	d.adroll.mgr.consensu.org	1 redirects
1	www.googleadservices.com	www.googletagmanager.com
1	t.co
1	analytics.twitter.com	static.ads-twitter.com
1	www.linkedin.com	1 redirects
1	snap.licdn.com	www.fortinet.com
1	static.ads-twitter.com	www.fortinet.com
1	site.fortinet.com	www.fortinet.com
1	a.omappapi.com	www.fortinet.com
1	www.google-analytics.com	a.opmnstr.com
1	cdnjs.cloudflare.com	a.opmnstr.com
1	ajax.googleapis.com	a.opmnstr.com
1	in.hotjar.com	script.hotjar.com
1	vars.hotjar.com	static.hotjar.com
1	script.hotjar.com	static.hotjar.com
1	m.addthis.com	s7.addthis.com
1	v1.addthisedge.com	s7.addthis.com
1	a.opmnstr.com	assets.adobedtm.com
1	static.hotjar.com	www.fortinet.com
1	cm.everesttech.net	1 redirects
1	fortinet.demdex.net	assets.adobedtm.com
1	z.moatads.com	s7.addthis.com
71	43

This site contains links to these domains. Also see Links.

Domain
www.virustotal.com
www.facebook.com
www.twitter.com
www.youtube.com
www.linkedin.com
www.instagram.com
fortiguard.com
secure.fortinet.com
fusecommunity.fortinet.com
cookie-script.com
www.addthis.com

Subject Issuer	Validity	Valid
*.fortinet.com DigiCert SHA2 High Assurance Server CA	`2019-01-22` - `2021-03-31`	2 years	crt.sh
assets.adobedtm.com DigiCert SHA2 High Assurance Server CA	`2019-10-22` - `2021-10-01`	2 years	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh
odc-prod-01.oracle.com DigiCert Secure Site ECC CA-1	`2020-07-22` - `2021-10-13`	a year	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2020-01-17` - `2021-03-17`	a year	crt.sh
metrics.fortinet.com DigiCert SHA2 High Assurance Server CA	`2019-01-29` - `2021-02-02`	2 years	crt.sh
static.hotjar.com Let's Encrypt Authority X3	`2020-06-17` - `2020-09-15`	3 months	crt.sh
*.opmnstr.com Go Daddy Secure Certificate Authority - G2	`2019-04-11` - `2021-04-11`	2 years	crt.sh
script.hotjar.com Let's Encrypt Authority X3	`2020-06-18` - `2020-09-16`	3 months	crt.sh
api.opmnstr.com Amazon	`2020-04-09` - `2021-05-09`	a year	crt.sh
vars.hotjar.com Let's Encrypt Authority X3	`2020-06-16` - `2020-09-14`	3 months	crt.sh
*.hotjar.com Amazon	`2019-09-27` - `2020-10-27`	a year	crt.sh
upload.video.google.com GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
cloudflare.com Cloudflare Inc ECC CA-3	`2020-07-04` - `2021-07-04`	a year	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
*.omappapi.com Go Daddy Secure Certificate Authority - G2	`2020-03-16` - `2022-03-16`	2 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-07-21` - `2020-10-12`	3 months	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2019-08-14` - `2020-08-18`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
*.ml314.com Amazon	`2020-02-17` - `2021-03-17`	a year	crt.sh
*.adroll.com DigiCert SHA2 Secure Server CA	`2020-01-29` - `2021-04-29`	a year	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2020-08-05` - `2021-02-05`	6 months	crt.sh
*.twitter.com DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
t.co DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
www.googleadservices.com GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
adroll.mgr.consensu.org Amazon	`2019-11-06` - `2020-12-06`	a year	crt.sh
*.eyeota.net Let's Encrypt Authority X3	`2020-06-09` - `2020-09-07`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
www.google.com GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
www.google.de GTS CA 1O1	`2020-07-15` - `2020-10-07`	3 months	crt.sh
nextroll.com Let's Encrypt Authority X3	`2020-07-04` - `2020-10-02`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
Frame ID: 5BCE6CB863D398C97C32A4C671255DE2
Requests: 71 HTTP requests in this frame

Frame: https://fortinet.demdex.net/dest5.html?d_nsid=0
Frame ID: 9550818DF92B79CB5A0B92C520FF6293
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: 1AD146E052987EB444A08F7CBB0E5BA5
Requests: 1 HTTP requests in this frame

Frame: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html
Frame ID: AC5ED282344E3D064BBA85AC86129393
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Frame ID: 3D3C132441D30C814EE62C6443BDB102
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample.html HTTP 301
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample Page URL

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

71
Requests

99 %
HTTPS

32 %
IPv6

33
Domains

43
Subdomains

36
IPs

7
Countries

1375 kB
Transfer

4045 kB
Size

18
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://www.virustotal.com/gui/file/35c0980e99987f4418c8d186b9d5514c340c05ec0470c485182d24868f2a37db/detection
Title: sample

Search URL Search Domain Scan URL

URL: https://www.facebook.com/fortinet
Title:

Search URL Search Domain Scan URL

URL: https://www.twitter.com/fortinet
Title:

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/SecureNetworks
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/fortinet
Title:

Search URL Search Domain Scan URL

URL: https://www.instagram.com/behindthefirewall/
Title:

Search URL Search Domain Scan URL

URL: https://fortiguard.com/
Title: FortiGuard Labs

Search URL Search Domain Scan URL

URL: https://secure.fortinet.com/fortiguard
Title: Threat Briefs

Search URL Search Domain Scan URL

URL: https://fusecommunity.fortinet.com/
Title: Fuse

Search URL Search Domain Scan URL

URL: https://cookie-script.com/
Title: Free cookie consent by cookie-script.com

Search URL Search Domain Scan URL

URL: https://www.addthis.com/website-tools/overview?utm_source=AddThis%20Tools&utm_medium=image
Title: AddThis

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample.html HTTP 301
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 4

https://dpm.demdex.net/id?d_visid_ver=5.0.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1597061100258 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=5.0.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1597061100258

Request Chain 16

https://cm.everesttech.net/cm/dd?d_uuid=07724322315825516461797892677694968864 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XzE37AAABeEiRhTJ

Request Chain 52

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample&time=1597061101517 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7120%26url%3Dhttps%253A%252F%252Fwww.fortinet.com%252Fblog%252Fthreat-research%252Fmalware-analysis-revenge-rat-sample%26time%3D1597061101517%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample&time=1597061101517&liSync=true

Request Chain 57

https://s.adroll.com/j/exp/7OBVBCAQE5FHDPFEAD5T4D/index.js HTTP 302
https://s.adroll.com/j/exp/index.js

Request Chain 59

https://d.adroll.mgr.consensu.org/consent/iabcheck/7OBVBCAQE5FHDPFEAD5T4D?_s=d298bc2142bcd6eef70b5ff516a3949e&_b=2 HTTP 302
https://d.adroll.com/consent/check/7OBVBCAQE5FHDPFEAD5T4D/?_s=d298bc2142bcd6eef70b5ff516a3949e&_b=2

Request Chain 63

https://idsync.rlcdn.com/395886.gif?partner_uid=3612307665423171650 HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CO6UGBIeChoIARCuXxoTMzYxMjMwNzY2NTQyMzE3MTY1MBAAGg0I7e_E-QUSBQjoBxAAQgBKAA HTTP 307
https://ml314.com/csync.ashx?fp=8910838fb742e5b163976f1a53008c88f0e43a5ed29a93a88a5b998e561c18ebf4cb09cee1a4f8eb&person_id=3612307665423171650&eid=50082

Request Chain 64

https://match.adsrvr.org/track/cmf/generic?ttd_pid=d0tro1j&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=d0tro1j&ttd_tpi=1 HTTP 302
https://ml314.com/utsync.ashx?eid=53819&et=0&fp=0a88d483-b71c-4f3d-9a8f-ec124e460f80 HTTP 302
https://ml314.com/csync.ashx?fp=0a88d483-b71c-4f3d-9a8f-ec124e460f80&person_id=3612307665423171650&eid=53819

Request Chain 65

https://sync.crwdcntrl.net/map/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3612307665423171650 HTTP 302
https://sync.crwdcntrl.net/map/ct=y/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3612307665423171650 HTTP 302
https://ml314.com/csync.ashx?fp=aee1e11e4decbbbe83928393aac863d8&eid=50146&person_id=3612307665423171650

Request Chain 66

https://ps.eyeota.net/pixel?pid=r8hrb20&t=gif HTTP 302
https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif

71 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request malware-analysis-revenge-rat-sample Show response
www.fortinet.com/blog/threat-research/
Redirect Chain

https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample.html
https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample

71 KB
19 KB

169ms
169ms

Document
text/html

13.56.33.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

13.56.33.144 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

68b01e8be50d58d56dc4794ded8ca457bde3882c8d77abc5c17ef56e200d3305

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Host: www.fortinet.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Sec-Fetch-Dest: document
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: cookiesession1=11DBD2EDMVKSNL94DFUK89RGA5XB4D8D
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=600, public
Content-Encoding: gzip
Content-Type: text/html;charset=utf-8
Date: Mon, 10 Aug 2020 12:05:00 GMT
ETag: "11b33-5ac53fc608400-gzip"
Last-Modified: Sat, 08 Aug 2020 01:53:20 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding,User-Agent
X-Content-Type-Options: nosniff
X-Dispatcher: dispatcher2uswest1
X-Frame-Options: SAMEORIGIN
X-Vhost: publish
Content-Length: 19331
Connection: keep-alive

Redirect headers

Content-Type: text/html; charset=iso-8859-1
Date: Mon, 10 Aug 2020 12:04:59 GMT
Location: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Dispatcher: dispatcher1uswest1
X-Vhost: publish
Content-Length: 289
Connection: keep-alive
Set-Cookie: cookiesession1=11DBD2EDMVKSNL94DFUK89RGA5XB4D8D;Path=/;HttpOnly

GET
H/1.1 200
OK clientlib-base.min.css
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/ 214 KB
26 KB 316ms
171ms Stylesheet
text/css 13.56.33.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.css

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

13.56.33.144 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

3d42c331e33d0821e56249645fb1b30831537a5227e58c67b0ffe85ceba025e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1
Date: Mon, 10 Aug 2020 12:05:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Vhost: publish
Connection: keep-alive
Vary: Accept-Encoding,User-Agent
Content-Length: 26239
Last-Modified: Wed, 29 Apr 2020 23:27:11 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "357c2-5a4764992b1c0-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css;charset=utf-8
Cache-Control: max-age=684000, public
Accept-Ranges: bytes

GET
H2 200 launch-EN23cb8375449840dc93b13f34d935b8b9.min.js Show response
assets.adobedtm.com/ 238 KB
58 KB 22ms
6ms Script
application/x-javascript 2a02:26f0:f1:285::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f1:285::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 6ff1daac173d3df915242165da52fde2ef9c5d818f9e9b8cf3fe3bd39011eeab

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:05:00 GMT
content-encoding: gzip
last-modified: Wed, 05 Aug 2020 20:45:52 GMT
server: AkamaiNetStorage
status: 200
etag: "c587b9761db974d05db9651f2e646101:1596660352.72951"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 59268
expires: Mon, 10 Aug 2020 13:05:00 GMT

GET
H/1.1 200
OK fortinet-logo-white.svg
www.fortinet.com/content/dam/fortinet-blog/ 32 KB
3 KB 628ms
162ms Image
image/svg+xml 13.56.33.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/fortinet-logo-white.svg

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

13.56.33.144 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1
Date: Mon, 10 Aug 2020 12:05:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Vhost: publish
Content-Disposition: attachment; filename="fortinet-logo-white.svg"
Connection: keep-alive
Vary: Accept-Encoding,User-Agent
Content-Length: 1998
Last-Modified: Thu, 22 Feb 2018 23:16:01 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "7ebb-565d53a1d6e40-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
Cache-Control: max-age=684000, public
Accept-Ranges: bytes

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

200
OK

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=5.0.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1597061100258
https://dpm.demdex.net/id/rd?d_visid_ver=5.0.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1597061100258

367 B
1 KB

36ms
36ms

XHR
application/json

52.50.67.81
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=5.0.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1597061100258

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.50.67.81 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-50-67-81.eu-west-1.compute.amazonaws.com

Software

Resource Hash

3bafe3dc1d315eeacd00431312f15c26d8ce6725ecf2dce6b3892c6432039900

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v078-06615a8e8.edge-irl1.demdex.com 5.76.0.20200805085924 2ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-TID: JcEwC8orTi0=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.fortinet.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 304
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: https://www.fortinet.com
X-TID: BF9rH46qRRw=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/id/rd?d_visid_ver=5.0.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1597061100258
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/ 33 KB
12 KB 7ms
6ms Script
application/x-javascript 2a02:26f0:f1:285::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f1:285::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 9cc56307a599f98aca4e3fedeba9b46a424244e8257a64f0e9700f7d90cf2834

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:05:00 GMT
content-encoding: gzip
last-modified: Tue, 02 Jun 2020 21:30:12 GMT
server: AkamaiNetStorage
status: 200
etag: "41f1b46329a6056c0f2c993498eda989:1591133412.019903"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12161
expires: Mon, 10 Aug 2020 13:05:00 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/ 3 KB
2 KB 7ms
7ms Script
application/x-javascript 2a02:26f0:f1:285::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP7b1fa4581fb94dd0961a981af9997765/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f1:285::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: c92295bd1bd22a2460a97272741c3ef8753884a1a370ad862753cc16e6d94e85

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:05:00 GMT
content-encoding: gzip
last-modified: Tue, 02 Jun 2020 21:30:12 GMT
server: AkamaiNetStorage
status: 200
etag: "e9aa55ef8b40a205f86b54789b37de5c:1591133412.323749"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1607
expires: Mon, 10 Aug 2020 13:05:00 GMT

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 353 KB
114 KB 67ms
22ms Script
application/javascript 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-248-44.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

eb12a261a24e54883613710a4c12f4d9205f634ca1a29d1df07f90105a93e746

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
etag: W/"5ed917ff-5834c"
x-check-cacheable: YES
x-akamai-pragma-client-ip: 23.220.148.109, 4.79.170.54
x-distribution: 99
status: 200
x-host: s7.addthis.com
content-length: 116324
last-modified: Thu, 04 Jun 2020 15:49:19 GMT
server: nginx/1.15.8
date: Mon, 10 Aug 2020 12:05:00 GMT
x-serial: 3615
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, max-age=600

GET
H/1.1 200
OK clientlib-base.min.js Show response
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/ 166 KB
76 KB 356ms
179ms Script
application/javascript 13.56.33.144
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

13.56.33.144 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

6ec95cf3501a05606c0117144486ccb9aa6824e65d1ff056fa49ba44ac5b0cb9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1
Date: Mon, 10 Aug 2020 12:05:00 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Vhost: publish
Connection: keep-alive
Vary: Accept-Encoding,User-Agent
content-length: 77109
Last-Modified: Tue, 30 Jun 2020 16:56:40 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "29999-5a9500f234200-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/javascript;charset=utf-8
Cache-Control: max-age=684000, public
Accept-Ranges: bytes

GET
H/1.1 200
OK revengerat-one.png
www.fortinet.com/content/dam/fortinet-blog/article-images/revenge-rat/ 54 KB
55 KB 443ms
163ms Image
image/png 13.56.33.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/article-images/revenge-rat/revengerat-one.png

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

13.56.33.144 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

c7c2a637412317b9e13fd52b5ecff08eb1b5da60b3d66a2a5b8eff7eec182a84

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1
Date: Mon, 10 Aug 2020 12:05:00 GMT
X-Content-Type-Options: nosniff
Last-Modified: Tue, 12 Nov 2019 23:44:45 GMT
Server: Apache
ETag: "d92b-5972ed5371540"
X-Vhost: publish
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
Content-Type: image/png
Cache-Control: max-age=684000, public
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 55595

GET
H/1.1 200
OK microsoft-vuln-three.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/bluekeep-vulnerability/ 20 KB
21 KB 597ms
159ms Image
image/png 13.56.33.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/article-images/bluekeep-vulnerability/microsoft-vuln-three.png.thumb.319.319.png

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

13.56.33.144 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

b2a69f81002746fb20a34679b10c764c2d5f664de10944230824289d55c38348

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1
Date: Mon, 10 Aug 2020 12:05:00 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 10 Jun 2019 22:25:37 GMT
Server: Apache
ETag: "51ca-58affa8cf3a40"
X-Vhost: publish
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
Content-Type: image/png
Cache-Control: max-age=684000, public
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 20938

GET
H/1.1 200
OK tlr-quarter-one.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/threat-landscape-report-q1/ 130 KB
130 KB 605ms
166ms Image
image/png 13.56.33.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/article-images/threat-landscape-report-q1/tlr-quarter-one.png.thumb.319.319.png

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

13.56.33.144 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

5d7fda52442588c5ae334e48512e3bab1c0a34ed25a9c8ec0c8afe15df3f51d0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1
Date: Mon, 10 Aug 2020 12:05:00 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 17 May 2019 22:40:41 GMT
Server: Apache
ETag: "206f7-5891d12802c40"
X-Vhost: publish
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
Content-Type: image/png
Cache-Control: max-age=684000, public
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 132855

GET
H/1.1 200
OK woocommerce-one.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/woo-commerce-blog/ 38 KB
38 KB 499ms
166ms Image
image/png 13.56.33.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/article-images/woo-commerce-blog/woocommerce-one.png.thumb.319.319.png

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

13.56.33.144 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

87b784071fc3dd6fbe9f0ed8362565d37f3d3eadc97acfda6ec9b9f628ff076f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1
Date: Mon, 10 Aug 2020 12:05:00 GMT
X-Content-Type-Options: nosniff
Last-Modified: Fri, 01 Mar 2019 23:10:40 GMT
Server: Apache
ETag: "9731-5831083f2dc00"
X-Vhost: publish
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
Content-Type: image/png
Cache-Control: max-age=684000, public
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 38705

GET
H2 200 moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 60ms
19ms Script
application/x-javascript 23.210.250.213
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-250-213.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:05:00 GMT
content-encoding: gzip
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
server: AmazonS3
x-amz-request-id: D5503D14AA2F06AA
etag: "f14b4e1f799b14f798a195f43cf58376"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=27881
accept-ranges: bytes
content-length: 948
x-amz-id-2: JgalEtxvSAtZmM7+naGfrhsdf0JFS0gJW8lypWF8Tp90EkcPp4c3eAnpK+RDOIL1ltWgpx8wc3s=

GET
H/1.1 200
OK Cookie set dest5.html
fortinet.demdex.net/ Frame 9550 0
0 176ms
44ms Document
text/html 63.32.152.233
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://fortinet.demdex.net/dest5.html?d_nsid=0

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

63.32.152.233 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-63-32-152-233.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Host: fortinet.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: iframe
Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: demdex=07724322315825516461797892677694968864
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=21600
Content-Encoding: gzip
Content-Type: text/html
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Wed, 05 Aug 2020 12:34:40 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Set-Cookie: demdex=07724322315825516461797892677694968864;Path=/;Domain=.demdex.net;Expires=Sat, 06-Feb-2021 12:05:00 GMT;Max-Age=15552000;Secure;SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding, User-Agent
X-TID: TX6+0P6zRKk=
Content-Length: 2785
Connection: keep-alive

GET
H2 200 id Show response
metrics.fortinet.com/ 48 B
483 B 113ms
30ms XHR
application/x-javascript 15.236.9.100
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.fortinet.com/id?d_visid_ver=5.0.0&d_fieldgroup=A&mcorgid=ED8739F75677FE917F000101%40AdobeOrg&mid=07380550018321899101762393744212686248&ts=1597061100468

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.9.100 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-9-100.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

96a79625665927c8779ddfddf78dd3418da031897f8f92800a9e9fe6cf998921

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

status: 200
date: Mon, 10 Aug 2020 12:05:00 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-7447d85976-pkvf9
vary: Origin
x-c: master-1315.Ia06625.M0-426
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-type: application/x-javascript;charset=utf-8
content-length: 48
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=XzE37AAABeEiRhTJ
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=07724322315825516461797892677694968864
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XzE37AAABeEiRhTJ

42 B
915 B

34ms
34ms

Image
image/gif

52.50.67.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=XzE37AAABeEiRhTJ

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.50.67.81 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-50-67-81.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v078-0b95a3886.edge-irl1.demdex.com 5.76.0.20200805085924 1ms (+0ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: kV8/NhEsTco=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Mon, 10 Aug 2020 12:05:00 GMT
Server: AMO-cookiemap/1.1
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=XzE37AAABeEiRhTJ
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=15,max=100
Content-Length: 0

GET
H2 200 s68424247694404
metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.20.0-LAUN/ 43 B
621 B 31ms
30ms Image
image/gif 15.236.9.100
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.20.0-LAUN/s68424247694404?AQB=1&ndh=1&pf=1&t=10%2F7%2F2020%2014%3A5%3A0%201%20-120&mid=07380550018321899101762393744212686248&aamlh=6&ce=UTF-8&pageName=en%3Ablog%3Athreat-research%3Amalware-analysis-revenge-rat-sample&g=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample&cc=USD&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&v1=www.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample&c7=Entire%20Site&c8=New&v27=BLOG&v33=en%3Ablog%3Athreat-research%3Amalware-analysis-revenge-rat-sample&v35=Enabled&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=ED8739F75677FE917F000101%40AdobeOrg&AQE=1

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

15.236.9.100 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-15-236-9-100.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:05:00 GMT
x-content-type-options: nosniff
x-c: master-1315.Ia06625.M0-426
p3p: CP="This is not a P3P policy"
status: 200
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Tue, 11 Aug 2020 12:05:00 GMT
server: jag
xserver: anedge-7447d85976-5rh94
etag: 3429662597192187904-4614161308200644232
vary: *
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Sun, 09 Aug 2020 12:05:00 GMT

GET sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame 1AD1 0
0

GET
H2 200 hotjar-1178304.js Show response
static.hotjar.com/c/ 5 KB
2 KB 45ms
14ms Script
application/javascript 147.75.100.205
PACKET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1178304.js?sv=6

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

147.75.100.205 Central, Hong Kong, ASN54825 (PACKET, US),

Reverse DNS

pkt-ams-k2-shared-ingress5

Software

Resource Hash

5b78ce591c371161c8a2de82384afbc0d8ce3f934bb3f25ee52be321341beaa3

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:05:00 GMT
content-encoding: br
x-content-type-options: nosniff
section-io-tag: hotjarjs
age: 79
status: 200
section-io-cache: Hit
vary: Accept-Encoding
content-length: 1865
cache-control: max-age=60
etag: W/03eabe4fbea71725033c3c0d85a78764
access-control-max-age: 600
section-io-origin-status: 200
access-control-allow-origin: *
x-cache-hit: 1
section-io-origin-time-seconds: 0.019
section-io-id: cfd1f41e0f443149ecb1960ef3e0532b
accept-ranges: bytes
content-type: application/javascript
section-origin-responded: true

GET
H2 200 api.min.js Show response
a.opmnstr.com/app/js/ 199 KB
60 KB 47ms
17ms Script
application/javascript 23.111.11.182
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://a.opmnstr.com/app/js/api.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.111.11.182 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: 288ee3a19514d8dd3d85fc9387e853c3f942ce28307dab68f4b50ecbb812b231

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:05:00 GMT
content-encoding: gzip
last-modified: Fri, 07 Aug 2020 15:32:32 GMT
server: NetDNA-cache/2.2
x-amz-request-id: 719280F5EE911380
etag: W/"56caac4041dee3bf75fea8016c85abe4"
x-cache: HIT
content-type: application/javascript
status: 200
cache-control: max-age=31104000
access-control-allow-origin: *
x-amz-id-2: jzWXru5tC3o1XV4xVJ14HtcZImf91D8MgnlEbMOrMjMDvlv1WmYeIkluWR0GB01KGJwySCT0InU=
expires: Thu, 05 Aug 2021 12:05:00 GMT

GET
H2 200 RCb652faf409a54c3db318899e2cbcc95c-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/dd6ae0471a9f/ 881 B
719 B 6ms
6ms Script
application/x-javascript 2a02:26f0:f1:285::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/dd6ae0471a9f/RCb652faf409a54c3db318899e2cbcc95c-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f1:285::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a9791c207ed611d76a10eb3146c217fdc55a6f13e4000521188b98835687db7b

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:05:00 GMT
content-encoding: gzip
last-modified: Wed, 05 Aug 2020 20:45:53 GMT
server: AkamaiNetStorage
status: 200
etag: "703f81c90a6443352d11d3232049268f:1596660353.752349"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 452
expires: Mon, 10 Aug 2020 13:05:00 GMT

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/ra-5d48adfc650f1a9e/ 2 KB
756 B 180ms
178ms Script
application/javascript 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/ra-5d48adfc650f1a9e/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-44.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 133debcec0026d79ced8d9d9504d6f95804410b4806b4b0b5f973f6ca529f5fb

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:05:01 GMT
content-encoding: gzip
etag: 1861047380--gzip
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
status: 200
cache-control: public, max-age=40, s-maxage=86400
content-disposition: attachment; filename=1.txt
content-length: 580

GET
H2 200 300lo.json Show response
m.addthis.com/live/red_lojson/ 89 B
249 B 223ms
221ms Script
application/javascript 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://m.addthis.com/live/red_lojson/300lo.json?si=5f3137ec70cc49dd&bkl=0&bl=1&pdt=1047&sid=5f3137ec70cc49dd&pub=ra-5d48adfc650f1a9e&rev=v8.28.7-wp&ln=en&pc=men&cb=0&ab=-&dp=www.fortinet.com&fp=blog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample&fr=&of=0&pd=0&irt=0&vcl=0&md=0&ct=1&tct=0&abt=0&cdn=0&pi=1&rb=0&gen=100&chr=UTF-8&mk=threat%20research%2CThreat%20Research%2Cmalware%20analysis%2CCybersecurity%20Architect&colc=1597061100885&jsl=1&uvs=5f3137ec8d0b1522000&skipb=1&callback=addthis.cbs.jsonp__76089119542338520
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-44.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 9562668d12a4b72d5dfe7ca589d9f8b5ae986c86c2194fef117d6e7b93004384

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
pragma: no-cache
date: Mon, 10 Aug 2020 12:05:01 GMT
cache-control: max-age=0, no-cache, no-store, no-transform
content-disposition: attachment; filename=1.txt
content-length: 89
content-type: application/javascript;charset=utf-8

GET
H2 200 sh.f48a1a04fe8dbf021b4cda1d.html
s7.addthis.com/static/ Frame AC5E 0
0 68ms
68ms Document
text/html 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-248-44.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

:method: GET
:authority: s7.addthis.com
:scheme: https
:path: /static/sh.f48a1a04fe8dbf021b4cda1d.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample

Response headers

status: 200
server: nginx/1.15.8
content-type: text/html
last-modified: Mon, 09 Sep 2019 15:34:57 GMT
etag: W/"5d767121-1115f"
timing-allow-origin: *
cache-control: public, max-age=86313600
p3p: CP="NON ADM OUR DEV IND COM STA"
strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
content-length: 25412
date: Mon, 10 Aug 2020 12:05:00 GMT
vary: Accept-Encoding
x-host: s7.addthis.com

GET
H/1.1 200
OK revengerat-two.png
www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample/_jcr_content/root/responsivegrid/image_1779882811.img.png/1573604391748/ 48 KB
49 KB 171ms
171ms Image
image/png 13.56.33.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample/_jcr_content/root/responsivegrid/image_1779882811.img.png/1573604391748/revengerat-two.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

13.56.33.144 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

d223439f0a00d264eadf96d43a5245e291ff1504db055176eb8a3da4ef532cb4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1
Date: Mon, 10 Aug 2020 12:05:00 GMT
X-Content-Type-Options: nosniff
Last-Modified: Wed, 13 Nov 2019 00:19:51 GMT
Server: Apache
ETag: "c12b-5972f52be17c0"
X-Vhost: publish
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
Content-Type: image/png
Cache-Control: max-age=684000, public
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 49451

GET
H/1.1 200
OK revengerat-three.png
www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample/_jcr_content/root/responsivegrid/image_1095175056.img.png/1573604417171/ 91 KB
92 KB 168ms
168ms Image
image/png 13.56.33.144
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample/_jcr_content/root/responsivegrid/image_1095175056.img.png/1573604417171/revengerat-three.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

13.56.33.144 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Apache /

Resource Hash

d6df1bca3f52fafa22d16bb86bc71723212b30401ea887f94635bb855b2e4ca4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1
Date: Mon, 10 Aug 2020 12:05:00 GMT
X-Content-Type-Options: nosniff
Last-Modified: Wed, 13 Nov 2019 00:20:17 GMT
Server: Apache
ETag: "16dc2-5972f544ad240"
X-Vhost: publish
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
Content-Type: image/png
Cache-Control: max-age=684000, public
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 93634

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 modules.bac8137a5997286a68dc.js Show response
script.hotjar.com/ 356 KB
70 KB 48ms
15ms Script
application/javascript 147.75.84.31
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.hotjar.com/modules.bac8137a5997286a68dc.js
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1178304.js?sv=6
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.84.31 Parsippany, United States, ASN54825 (PACKET, US),
Reverse DNS
Software: /
Resource Hash: afccc754e772ea78141269cc51ab6fd8b52479dbf0b291fd23724ae4922dcc9f

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:05:00 GMT
content-encoding: br
age: 2962
status: 200
section-io-cache: Hit
content-length: 70827
last-modified: Mon, 10 Aug 2020 11:15:39 GMT
etag: "2f14bdbb4c9561eaff5ff7e179a993a4"
vary: Accept-Encoding
section-io-origin-status: 200
access-control-allow-origin: *
cache-control: max-age=31536000
section-io-origin-time-seconds: 0.025
section-io-id: f7daf5a3bf12e75aa113c1b07a16f92b
accept-ranges: bytes
content-type: application/javascript
section-origin-responded: true

GET
H2 200 39852 Show response
api.omappapi.com/v2/embed/ 236 KB
20 KB 162ms
119ms XHR
application/json 13.226.155.50
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v2/embed/39852
Requested by: Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.50 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-50.dus51.r.cloudfront.net
Software: Pagely Gateway/1.5.1 /
Resource Hash: d63fb2d1ee7f3aa0511d7dfa759fa0701ba25046fe7410e02fe977d326b30e01

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:05:01 GMT
content-encoding: gzip
x-cache-config: 0 0
x-amz-cf-pop: DUS51-C1
x-cache-status: HIT
x-cache: Miss from cloudfront
status: 200
access-control-allow-headers: X-CSRF-Token
x-optinmonster-account: 45602
x-user-agent: standard--
last-modified: Mon, 29 Jun 2020 18:48:41 GMT
server: Pagely Gateway/1.5.1
etag: W/"4d058542bd138ab107b1ba11c1bd8db5"
vary: Accept-Encoding, User-Agent
content-type: application/json
via: 1.1 e8640ab30463560abfb6a2665bafb393.cloudfront.net (CloudFront)
access-control-expose-headers: X-OptinMonster-Account
cache-control: public, max-age=30, stale-while-revalidate=1800
access-control-allow-origin: *
x-amz-cf-id: z6dDsd5npbVS4ELrOngRXBtcP8Md6oWYObuYcpEE07rwM8WRAV68pA==
expires: Mon, 10 Aug 2020 11:36:10 GMT

GET
H2 200 box-469cf41adb11dc78be68c1ae7f9457a4.html
vars.hotjar.com/ Frame 3D3C 0
0 46ms
16ms Document
text/html 147.75.33.131
PACKET

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-469cf41adb11dc78be68c1ae7f9457a4.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1178304.js?sv=6
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 147.75.33.131 Amsterdam, Netherlands, ASN54825 (PACKET, US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: vars.hotjar.com
:scheme: https
:path: /box-469cf41adb11dc78be68c1ae7f9457a4.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
sec-fetch-site: cross-site
sec-fetch-mode: navigate
sec-fetch-dest: iframe
referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
accept-encoding: gzip, deflate, br
accept-language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample

Response headers

status: 200
date: Mon, 10 Aug 2020 12:05:01 GMT
content-type: text/html
content-length: 851
last-modified: Mon, 27 Jul 2020 17:12:24 GMT
etag: "d594f1d4c3e5dbd6b556c60d34e0daea"
cache-control: max-age=31536000
content-encoding: br
section-io-origin-status: 200
section-io-origin-time-seconds: 0.094
section-origin-responded: true
age: 1162369
vary: Accept-Encoding
section-io-cache: Hit
accept-ranges: bytes
section-io-id: 268704ae2f8ad31ece62d3557738ed4f

POST
H2 200 visit-data Show response
in.hotjar.com/api/v2/client/sites/1178304/ 178 B
320 B 102ms
40ms XHR
application/json 54.171.1.253
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://in.hotjar.com/api/v2/client/sites/1178304/visit-data?sv=6
Requested by: Host: script.hotjar.com
URL: https://script.hotjar.com/modules.bac8137a5997286a68dc.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.171.1.253 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-171-1-253.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 6154d5f7f6961e042d013bab33fd02b691970d873f44f3c32d8fcc6e79ef5bcd

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36
Content-Type: text/plain; charset=UTF-8

Response headers

date: Mon, 10 Aug 2020 12:05:01 GMT
content-encoding: br
status: 200
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-max-age: 86400
access-control-allow-credentials: true

GET
H2 200 layers.33f5b85045a5f2308467.js Show response
s7.addthis.com/static/ 263 KB
76 KB 21ms
21ms Script
application/javascript 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/layers.33f5b85045a5f2308467.js

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-248-44.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

137e41c449677deb7c8da3afde63fc781b095bb028f78b789be44192e8e3f4be

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Thu, 04 Jun 2020 15:49:19 GMT
server: nginx/1.15.8
etag: W/"5ed917ff-41b9f"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=86313600
date: Mon, 10 Aug 2020 12:05:01 GMT
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 77540

GET
DATA 200
OK truncated
/ 443 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 json Show response
api.omappapi.com/v3/geolocate/ 571 B
979 B 109ms
108ms XHR
application/json 13.226.155.50
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v3/geolocate/json
Requested by: Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.226.155.50 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-226-155-50.dus51.r.cloudfront.net
Software: Pagely Gateway/1.5.1 /
Resource Hash: ac407073e4da81a2b4e6aa2d30d3452c1fcdb48e3e880af5f80dabff2c6dfd6c

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:05:01 GMT
via: 1.1 e8640ab30463560abfb6a2665bafb393.cloudfront.net (CloudFront)
x-cache-config: 0 0
x-amz-cf-pop: DUS51-C1
x-cache-status: BYPASS
x-cache: Miss from cloudfront
status: 200
content-length: 571
x-user-agent: standard--
server: Pagely Gateway/1.5.1
x-ratelimit-remaining: 999
content-type: application/json
access-control-allow-origin: *
x-ratelimit-reset: 1597061161
x-ratelimit-limit: 1000
x-pagely-debug: mainblock
x-amz-cf-id: LCTJjfoKEhtwkrTNYfRgjyumUP1VFOgS_AhRq1eqvXEu55vlLsLByw==

GET
H2 200 webfont.js Show response
ajax.googleapis.com/ajax/libs/webfont/1.5.18/ 16 KB
7 KB 27ms
6ms Script
text/javascript 2a00:1450:4001:809::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/webfont/1.5.18/webfont.js

Requested by

Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:809::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Wed, 22 Jul 2020 20:54:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 1609820
status: 200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 6490
x-xss-protection: 0
last-modified: Tue, 03 Mar 2020 19:15:00 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 22 Jul 2021 20:54:41 GMT

GET
H2 200 mobile-detect.min.js Show response
cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.4.3/ 38 KB
16 KB 43ms
23ms Script
application/javascript 2606:4700::6810:85e5
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.4.3/mobile-detect.min.js

Requested by

Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:85e5 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

363a80d367e6658e72d918cd33f9481ce7929199a9858122b0dcc61dffa62fde

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:05:01 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 15997625
status: 200
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
cf-request-id: 0479db8eba0000c295b4a1a200000001
served-in-seconds: 0.002
timing-allow-origin: *
last-modified: Sat, 08 Sep 2018 10:00:50 GMT
server: cloudflare
etag: W/"5b939dd2-9624"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=15780000; includeSubDomains
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=30672000
cf-ray: 5c09952ac8dec295-FRA
expires: Sat, 31 Jul 2021 12:05:01 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 45 KB
18 KB 25ms
6ms Script
text/javascript 2a00:1450:4001:816::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 04 Jun 2020 23:38:14 GMT
server: Golfe2
age: 6562
date: Mon, 10 Aug 2020 10:15:39 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 18469
expires: Mon, 10 Aug 2020 12:15:39 GMT

GET
H2 200 654a727ff5051585246332-skillsgap-banner.jpg
a.omappapi.com/users/df0603609574/images/ 59 KB
60 KB 43ms
13ms Image
image/jpeg 23.111.11.71
HIGHWINDS2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://a.omappapi.com/users/df0603609574/images/654a727ff5051585246332-skillsgap-banner.jpg
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.111.11.71 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: 7bdd214b2de9a8cd6bf360eb472588aaee1ef2691956648577222f7e9f97307a

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:05:01 GMT
x-amz-request-id: 1F4A9381D7326831
x-cache: HIT
status: 200
x-amz-meta-userid: 39852
x-amz-meta-date: 1585246332
content-length: 60887
x-amz-id-2: qMks9hjsWuXfWmw6+Tk3T5zfPKUbdL+/oAgW4PAK1n2jLc0UuoMIRSc4mdh0jCRyKwnQm/dA/mA=
x-amz-meta-level: pro
x-amz-meta-dimensions: 1024 x 160
last-modified: Thu, 26 Mar 2020 18:12:13 GMT
server: NetDNA-cache/2.2
x-amz-meta-accountid: 45602
etag: "39850fd6d4d21392dbe120175981102f"
content-type: image/jpeg
access-control-allow-origin: *
x-amz-meta-title: 654a727ff5051585246332-skillsgap-banner.jpg
cache-control: max-age=31104000
accept-ranges: bytes
expires: Thu, 05 Aug 2021 12:05:01 GMT

GET
H2 200 RC4da2046cb6a74ff89eee84fdeadc51af-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/dd6ae0471a9f/ 1012 B
858 B 7ms
7ms Script
application/x-javascript 2a02:26f0:f1:285::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/dd6ae0471a9f/RC4da2046cb6a74ff89eee84fdeadc51af-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f1:285::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 5ad26f7cf51222feace795cbdb672bc5c50c41ba5bd591afc71fadc176aea20a

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:05:01 GMT
content-encoding: gzip
last-modified: Wed, 05 Aug 2020 20:45:53 GMT
server: AkamaiNetStorage
status: 200
etag: "703f81c90a6443352d11d3232049268f:1596660353.752349"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 591
expires: Mon, 10 Aug 2020 13:05:01 GMT

GET
H2 200 RC4a2e638109b443d5b84d8f2e2216b80e-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/dd6ae0471a9f/ 819 B
767 B 7ms
6ms Script
application/x-javascript 2a02:26f0:f1:285::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/dd6ae0471a9f/RC4a2e638109b443d5b84d8f2e2216b80e-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f1:285::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 76a6c0f104b16e928abebfff3b22120eabfa3c758d6f2364f249c25705556abd

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:05:01 GMT
content-encoding: gzip
last-modified: Wed, 05 Aug 2020 20:45:53 GMT
server: AkamaiNetStorage
status: 200
etag: "703f81c90a6443352d11d3232049268f:1596660353.752349"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 501
expires: Mon, 10 Aug 2020 13:05:01 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 87 KB
34 KB 42ms
22ms Script
application/javascript 2a00:1450:4001:815::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-10050195&l=dataLayer

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7adf4eeaee78b850ca0d968bfb7ebce034aa89feef442feccb2d07a085204b1c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:05:01 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
status: 200
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34824
x-xss-protection: 0
expires: Mon, 10 Aug 2020 12:05:01 GMT

GET
H2 200 RC0a0605f4b42e425fa678ffc6c2d94fb3-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/dd6ae0471a9f/ 849 B
744 B 6ms
6ms Script
application/x-javascript 2a02:26f0:f1:285::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/dd6ae0471a9f/RC0a0605f4b42e425fa678ffc6c2d94fb3-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f1:285::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: daa4a95e56f58d92626ce20d9cfd00c8408245553b0a4717128c2a2ee652a7df

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:05:01 GMT
content-encoding: gzip
last-modified: Wed, 05 Aug 2020 20:45:53 GMT
server: AkamaiNetStorage
status: 200
etag: "703f81c90a6443352d11d3232049268f:1596660353.752349"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 477
expires: Mon, 10 Aug 2020 13:05:01 GMT

GET
H2 200 RC7aad8f7422fa440982b5442a32fa8e4e-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/dd6ae0471a9f/ 664 B
666 B 8ms
7ms Script
application/x-javascript 2a02:26f0:f1:285::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/dd6ae0471a9f/RC7aad8f7422fa440982b5442a32fa8e4e-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f1:285::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: c71b31cf866fb4f9c9869af1f3010f64679ba435aca8cc1c075359f417bda0f6

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:05:01 GMT
content-encoding: gzip
last-modified: Wed, 05 Aug 2020 20:45:53 GMT
server: AkamaiNetStorage
status: 200
etag: "703f81c90a6443352d11d3232049268f:1596660353.752349"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 399
expires: Mon, 10 Aug 2020 13:05:01 GMT

GET
H2 200 RCb9ef7172f28847fba509ba48fb5d87f4-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/dd6ae0471a9f/ 853 B
750 B 8ms
8ms Script
application/x-javascript 2a02:26f0:f1:285::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/dd6ae0471a9f/RCb9ef7172f28847fba509ba48fb5d87f4-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:f1:285::1e80 , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 376617b38c5f98f0916bdfaa28afb3bdaca05ef487aefa5950b1b3758e40aee2

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:05:01 GMT
content-encoding: gzip
last-modified: Wed, 05 Aug 2020 20:45:53 GMT
server: AkamaiNetStorage
status: 200
etag: "703f81c90a6443352d11d3232049268f:1596660353.752349"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 483
expires: Mon, 10 Aug 2020 13:05:01 GMT

GET
H/1.1 200 ipinfo Show response
site.fortinet.com/utilservice/ 217 B
749 B 887ms
170ms Script
application/json 96.45.36.159
FORTINET

General

Check archive.org

Show headers Download Go to

Full URL

https://site.fortinet.com/utilservice/ipinfo?site=fortinet.com&callback=jQuery22009514471308920558_1597061100871&_=1597061100872

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

96.45.36.159 San Jose, United States, ASN40934 (FORTINET, US),

Reverse DNS

Software

nginx/1.14.0 /

Resource Hash

c9cb0fe190227f1cfc4239e81b5038b9a2e350bd85ce9fb8a9945674b4a7f414

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' .fortinet.com .myfortinet.com fortinet.my.salesforce.com;
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Security-Policy: frame-ancestors 'self' *.fortinet.com *.myfortinet.com fortinet.my.salesforce.com;
Server: nginx/1.14.0
Date: Mon, 10 Aug 2020 12:05:02 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/json;charset=UTF-8
Connection: keep-alive
Content-Length: 217
Front-End-Https: on

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 134 KB
34 KB 20ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

893df2b9ceb653f94333139d561d363bf4c365e651a0a3ade839d96200942e37

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 34269
x-xss-protection: 0
pragma: public
x-fb-debug: axXU05GrRU8m6NjqhoTgbUOmARarQno1xL3yOertscKFPxneu0jYNogAoitxs3UT1jn/3pnFrjPWlvkBVEIpRQ==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Mon, 10 Aug 2020 12:05:01 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 62ms
22ms Script
application/javascript 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 1a2684adb4b431902ef03f7959757f5163ed2ddc548e216654fa7858b1f4fd9b

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:05:01 GMT
content-encoding: gzip
age: 52378
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1942
x-served-by: cache-hhn4023-HHN
last-modified: Thu, 06 Aug 2020 23:59:10 GMT
x-timer: S1597061102.519887,VS0,VE0
etag: "1d9536984a3ff7a629eda3f70ceadd20+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 3 KB
2 KB 43ms
14ms Script
application/x-javascript 2a02:26f0:10c:39e::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:39e::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, EU),
Reverse DNS
Software: /
Resource Hash: 41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 10 Aug 2020 12:05:01 GMT
Content-Encoding: gzip
Last-Modified: Mon, 07 Oct 2019 16:41:31 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=15048
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1576

GET
H/1.1 200
OK tag.aspx Show response
ml314.com/ 26 KB
12 KB 122ms
32ms Script
application/javascript 34.253.133.202
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/tag.aspx?107
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.133.202 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 9c6af299685617864c257472040f437ef951afec994720a24781931cc3527017

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 10 Aug 2020 12:05:01 GMT
Content-Encoding: gzip
Last-Modified: Mon, 10 Aug 2020 06:47:19 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Type: application/javascript; charset=utf-8
Cache-Control: public, max-age=67337
Connection: keep-alive
Content-Length: 11933
Expires: Tue, 11 Aug 2020 06:47:19 GMT

GET
H2 200 559328277756725 Show response
connect.facebook.net/signals/config/ 524 KB
132 KB 77ms
77ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/559328277756725?v=2.9.23&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5a41b3238b06189c420ee8392a015f7214b1e21fd01c28a9e9e573b78acc4a4a

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
x-xss-protection: 0
pragma: public
x-fb-debug: sJfF/CSqkU+ogC2lZ2O3OAnLcH3wn1XN/dybdB8yYFjAjnCINB7WIcgMvmkOqsodfqrsRgNGEJn7nHKoQ29rMQ==
x-fb-trip-id: 664085054
x-frame-options: DENY
date: Mon, 10 Aug 2020 12:05:01 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 37 KB
12 KB 64ms
22ms Script
text/javascript 23.210.248.216
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-216.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 002c48ea2d8240fdaa8aff6669d375b9669154eb4de24941b6d5b7bf5a0ef97c

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: Zb6C4fSMrvxnY3zYZSxoxcYrLo4HNwNz
Content-Encoding: gzip
ETag: "1230cec869423cb838d86fce7119e0d5"
x-amz-request-id: CA99B680DCADAAAB
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 11756
x-amz-id-2: KVORhYNlg0ar+zshGf93T7yt6AH33cyhhJvHakW0RKIixWK7ExtVijtNpJDxxa6DP+zw5wLlyJw=
Last-Modified: Thu, 06 Aug 2020 19:42:37 GMT
Server: AmazonS3
Date: Mon, 10 Aug 2020 12:05:01 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample&time=1597061101517
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7120%26url%3Dhttps%253A%252F%252Fwww.fortinet.com%252Fblog%252Fthreat-research%25...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample&time=1597061101517&liSync=true

0
218 B

167ms
166ms

Image
application/javascript

2a05:f500:11:101::b93f:9005
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample&time=1597061101517&liSync=true
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:05:02 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
status: 200
x-li-proto: http/2
x-li-pop: prod-tln1
content-type: application/javascript
content-length: 0
x-li-uuid: iVu/UZzmKRaw603KlisAAA==

Redirect headers

content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: https://accounts.google.com/gsi/status https://linkedin.sc.omtrdc.net/b/ss/ www.google-analytics.com static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-content-type-options: nosniff
linkedin-action: 1
status: 302
content-length: 0
x-li-uuid: 1bKhSpzmKRZQ2MlN2ioAAA==
pragma: no-cache
x-li-pop: afd-prod-esv5
x-msedge-ref: Ref A: ADAA9A31C2D1446A8F3992DAFC691A25 Ref B: FRAEDGE0914 Ref C: 2020-08-10T12:05:01Z
x-frame-options: sameorigin
date: Mon, 10 Aug 2020 12:05:01 GMT
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security: max-age=2592000
x-li-fabric: prod-lor1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample&time=1597061101517&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 87 KB
34 KB 20ms
19ms Script
application/javascript 2a00:1450:4001:815::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-662878185&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-10050195&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:815::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

37f2a35148d303eb465200ddf0cecac8f8b94f6ddfa7b9a56967fad1b16ca5ec

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:05:01 GMT
content-encoding: br
server: Google Tag Manager
access-control-allow-headers: Cache-Control
status: 200
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 34826
x-xss-protection: 0
expires: Mon, 10 Aug 2020 12:05:01 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
651 B 179ms
135ms Script
application/javascript 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nxlzj&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:05:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 57
x-xss-protection: 0
x-response-time: 108
pragma: no-cache
last-modified: Mon, 10 Aug 2020 12:05:01 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 426694546e154bf5be5e71ca54993029
x-transaction: 0047523a008353b2
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
449 B 189ms
146ms Image
image/gif 104.244.42.69
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nxlzj&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:05:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 121
pragma: no-cache
last-modified: Mon, 10 Aug 2020 12:05:01 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: cea5cbe79477955463eb1e5870b7ff63
x-transaction: 00e6b9f300c39a8f
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 29 KB
12 KB 79ms
31ms Script
text/javascript 216.58.206.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-662878185&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

cafe /

Resource Hash

92f410985c0233c9abcba33b98f05b3e24d5ea3e80f5083466d545e94d49ec43

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:05:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 11332
x-xss-protection: 0
server: cafe
etag: 5272426352805486351
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 10 Aug 2020 12:05:01 GMT

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/exp/
Redirect Chain

https://s.adroll.com/j/exp/7OBVBCAQE5FHDPFEAD5T4D/index.js
https://s.adroll.com/j/exp/index.js

28 B
747 B

19ms
19ms

Script
application/javascript

23.210.248.216
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/index.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-216.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: 2U8XMvdFINXJNFsilaXONuSvqmREKV3.
Content-Encoding: gzip
ETag: "5816cced8568d223aa09d889f300692b"
x-amz-request-id: 0A9DFB41B15EF3A2
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 48
x-amz-id-2: 9wtYzl8isf76a+KTcCc0hWCh/ZKrxXSL0KsmsoDDvS1VGgWl/GxdSe7DtPnOmbh4BH+84jF1nEY=
Last-Modified: Fri, 31 Jul 2020 16:11:15 GMT
Server: AmazonS3
Date: Mon, 10 Aug 2020 12:05:01 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Mon, 10 Aug 2020 12:05:01 GMT
Server: AkamaiGHost
Location: https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 0

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/7OBVBCAQE5FHDPFEAD5T4D/GIVUJ77KRNF4LOPGYJ6RS5/ 1 KB
1 KB 58ms
21ms Script
text/javascript 23.210.248.216
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/7OBVBCAQE5FHDPFEAD5T4D/GIVUJ77KRNF4LOPGYJ6RS5/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-216.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: cbce85e96b7752208ce15a09ea4d5a58b792edc9e77f1c5ccf46c01935970f9d

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: zSmvtdTk5_SulQZ1i3eJYPwZGNf60t1k
Content-Encoding: gzip
ETag: "3996d65282dd996ee0d7d4c90c139158"
x-amz-request-id: 3H4TDJFT8MBH4PEM
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 635
x-amz-id-2: YoFKFRm3xSIIXge0d4sKbwoSdvjgyywoN18aTZpCv4kPa5BAiUqhGr8BlIVKYwxFq5Yecxds6OY=
Last-Modified: Mon, 10 Aug 2020 00:55:04 GMT
Server: AmazonS3
Date: Mon, 10 Aug 2020 12:05:01 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2

200

/ Show response
d.adroll.com/consent/check/7OBVBCAQE5FHDPFEAD5T4D/
Redirect Chain

https://d.adroll.mgr.consensu.org/consent/iabcheck/7OBVBCAQE5FHDPFEAD5T4D?_s=d298bc2142bcd6eef70b5ff516a3949e&_b=2
https://d.adroll.com/consent/check/7OBVBCAQE5FHDPFEAD5T4D/?_s=d298bc2142bcd6eef70b5ff516a3949e&_b=2

385 B
477 B

113ms
38ms

Script
application/javascript

34.254.9.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/7OBVBCAQE5FHDPFEAD5T4D/?_s=d298bc2142bcd6eef70b5ff516a3949e&_b=2
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.254.9.125 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: nginx/1.16.1 /
Resource Hash: 5d7a8223c890d6162d79d81229a8d9660b6ab884b7a3e738cec26fe524ec254d

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

status: 200
date: Mon, 10 Aug 2020 12:05:01 GMT
server: nginx/1.16.1
content-length: 385
content-type: application/javascript

Redirect headers

status: 302
date: Mon, 10 Aug 2020 12:05:01 GMT
server: nginx/1.16.1
content-length: 105
location: https://d.adroll.com/consent/check/7OBVBCAQE5FHDPFEAD5T4D/?_s=d298bc2142bcd6eef70b5ff516a3949e&_b=2

GET
H/1.1 200
OK utsync.ashx Show response
ml314.com/ 644 B
1 KB 31ms
31ms Script
application/javascript 34.253.133.202
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=54820&ct=js&pi=&fp=&clid=&if=0&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample&pv=1597061101597_gphkudjlt&bl=en-us&cb=4325794&return=&ht=&d=&dc=&si=1597061101597_gphkudjlt&cid=&s=1600x1200&rp=
Requested by: Host: ml314.com
URL: https://ml314.com/tag.aspx?107
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.133.202 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b77fdd465e4ceb244688025c2a373ed0b6a0f6b88b4a8504398ba820dbaa7847

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 10 Aug 2020 12:05:00 GMT
Content-Encoding: gzip
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Vary: Accept-Encoding
p3P: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
Cache-Control: private
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Content-Length: 468
Expires: 0

GET
H2 200 /
www.facebook.com/tr/ 44 B
376 B 19ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=559328277756725&ev=PageView&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample&rl=&if=false&ts=1597061101614&sw=1600&sh=1200&v=2.9.23&r=stable&ec=0&o=30&fbp=fb.1.1597061101614.2126841158&it=1597061101504&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:05:01 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Mon, 10 Aug 2020 12:05:01 GMT

GET
H/1.1 200
OK ibs:dpid=22052&dpuuid=3612307665423171650&redir=
dpm.demdex.net/ 42 B
915 B 37ms
35ms Image
image/gif 52.50.67.81
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3612307665423171650&redir=

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.50.67.81 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-50-67-81.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v078-068c294db.edge-irl1.demdex.com 5.76.0.20200805085924 1ms (+1ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: RZz+6zlYS8Y=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

csync.ashx
ml314.com/
Redirect Chain

https://idsync.rlcdn.com/395886.gif?partner_uid=3612307665423171650
https://idsync.rlcdn.com/1000.gif?memo=CO6UGBIeChoIARCuXxoTMzYxMjMwNzY2NTQyMzE3MTY1MBAAGg0I7e_E-QUSBQjoBxAAQgBKAA
https://ml314.com/csync.ashx?fp=8910838fb742e5b163976f1a53008c88f0e43a5ed29a93a88a5b998e561c18ebf4cb09cee1a4f8eb&person_id=3612307665423171650&eid=50082

43 B
312 B

31ms
31ms

Image
image/gif

34.253.133.202
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/csync.ashx?fp=8910838fb742e5b163976f1a53008c88f0e43a5ed29a93a88a5b998e561c18ebf4cb09cee1a4f8eb&person_id=3612307665423171650&eid=50082
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.133.202 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 10 Aug 2020 12:05:01 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Type: image/gif
Cache-Control: private
Connection: keep-alive
Content-Length: 43
Expires: Tue, 11 Aug 2020 08:05:01 GMT

Redirect headers

date: Mon, 10 Aug 2020 12:05:01 GMT
via: 1.1 google
status: 307
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://ml314.com/csync.ashx?fp=8910838fb742e5b163976f1a53008c88f0e43a5ed29a93a88a5b998e561c18ebf4cb09cee1a4f8eb&person_id=3612307665423171650&eid=50082
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: clear
content-length: 0

GET
H/1.1

200
OK

csync.ashx
ml314.com/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=d0tro1j&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=d0tro1j&ttd_tpi=1
https://ml314.com/utsync.ashx?eid=53819&et=0&fp=0a88d483-b71c-4f3d-9a8f-ec124e460f80
https://ml314.com/csync.ashx?fp=0a88d483-b71c-4f3d-9a8f-ec124e460f80&person_id=3612307665423171650&eid=53819

43 B
312 B

61ms
29ms

Image
image/gif

34.253.133.202
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/csync.ashx?fp=0a88d483-b71c-4f3d-9a8f-ec124e460f80&person_id=3612307665423171650&eid=53819
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.133.202 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 10 Aug 2020 12:05:01 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Type: image/gif
Cache-Control: private
Connection: keep-alive
Content-Length: 43
Expires: Tue, 11 Aug 2020 08:05:01 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 10 Aug 2020 12:05:01 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
p3P: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
Location: https://ml314.com/csync.ashx?fp=0a88d483-b71c-4f3d-9a8f-ec124e460f80&person_id=3612307665423171650&eid=53819
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: 0,Tue, 11 Aug 2020 08:05:01 GMT

GET
H/1.1

200
OK

csync.ashx
ml314.com/
Redirect Chain

https://sync.crwdcntrl.net/map/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3612307665423171650
https://sync.crwdcntrl.net/map/ct=y/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3612307665423171650
https://ml314.com/csync.ashx?fp=aee1e11e4decbbbe83928393aac863d8&eid=50146&person_id=3612307665423171650

43 B
312 B

55ms
30ms

Image
image/gif

34.253.133.202
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/csync.ashx?fp=aee1e11e4decbbbe83928393aac863d8&eid=50146&person_id=3612307665423171650
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.133.202 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 10 Aug 2020 12:05:01 GMT
Server: Microsoft-IIS/10.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Type: image/gif
Cache-Control: private
Connection: keep-alive
Content-Length: 43
Expires: Tue, 11 Aug 2020 08:05:01 GMT

Redirect headers

pragma: no-cache
date: Mon, 10 Aug 2020 12:05:01 GMT
status: 302
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://ml314.com/csync.ashx?fp=aee1e11e4decbbbe83928393aac863d8&eid=50146&person_id=3612307665423171650
cache-control: no-cache
x-server: 10.45.4.44
content-length: 0
expires: 0

GET
H/1.1

200
OK

/
ps.eyeota.net/pixel/bounce/
Redirect Chain

https://ps.eyeota.net/pixel?pid=r8hrb20&t=gif
https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif

0
344 B

21ms
21ms

Image
text/plain

3.120.214.218
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 3.120.214.218 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 10 Aug 2020 12:05:01 GMT
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

Location: /pixel/bounce/?pid=r8hrb20&t=gif
Date: Mon, 10 Aug 2020 12:05:01 GMT
Content-Length: 0
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/662878185/ 2 KB
2 KB 38ms
18ms Script
text/javascript 2a00:1450:4001:817::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/662878185/?random=1597061101653&cv=9&fst=1597061101653&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample&tiba=Double%20Trouble%3A%20RevengeRAT%20and%20WSHRAT&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:817::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

d0e142b02196f538f5cc5c0912f292ce26b515e0a11c79b244d43ceef9803da7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Aug 2020 12:05:01 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-27="googleads.g.doubleclick.net:443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050="googleads.g.doubleclick.net:443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
content-length: 1075
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/662878185/ 42 B
539 B 47ms
22ms Image
image/gif 2a00:1450:4001:81c::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/662878185/?random=1597061101653&cv=9&fst=1597060800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample&tiba=Double%20Trouble%3A%20RevengeRAT%20and%20WSHRAT&async=1&fmt=3&is_vtc=1&random=3015575462&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81c::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Aug 2020 12:05:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/662878185/ 42 B
539 B 42ms
19ms Image
image/gif 2a00:1450:4001:821::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/662878185/?random=1597061101653&cv=9&fst=1597060800000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2oa7v1&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample&tiba=Double%20Trouble%3A%20RevengeRAT%20and%20WSHRAT&async=1&fmt=3&is_vtc=1&random=3015575462&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:821::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 10 Aug 2020 12:05:01 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3-29=":443"; ma=2592000,h3-27=":443"; ma=2592000,h3-T050=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK consent_tcfv2.js Show response
s.adroll.com/j/ 388 KB
53 KB 24ms
24ms Script
application/javascript 23.210.248.216
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/consent_tcfv2.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.210.248.216 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-216.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 0a7a0c8fbd2cb2bbefe2e27f968895ef75575a339f828fe828eefecc9aba8f4e

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

x-amz-version-id: rLgMqKDY3Z8iy3h1vHVy6NTi8Ycho.KG
Content-Encoding: gzip
ETag: "d630366051d2b8500304c98540ad5f78"
x-amz-request-id: DFBF1C01462CD46E
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 53109
x-amz-id-2: HdIuQs+jBwMFQq2MWSSuEV33aWmEuV7qU+Ntb8t8yoa/LcTlL738Rx0dzht21/xnUR8rCqHa5wE=
Last-Modified: Thu, 09 Jul 2020 13:42:18 GMT
Server: AmazonS3
Date: Mon, 10 Aug 2020 12:05:01 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
DATA 200
OK truncated
/ 287 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 669658266deaa76165265ae6486c6e9d5caf2e5692ad872cf3a465373e839419

Request headers

Referer
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK favicon-32x32.png
nextroll.com/ 2 KB
2 KB 359ms
117ms Image
image/png 3.211.213.230
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://nextroll.com/favicon-32x32.png
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.211.213.230 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software: Apache /
Resource Hash: bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

Date: Mon, 10 Aug 2020 12:05:02 GMT
Via: 1.1 vegur
Last-Modified: Thu, 30 Jul 2020 23:07:28 GMT
Server: Apache
Etag: "64f-5abb0bc760c00"
Content-Type: image/png
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1615

GET
H2 200 /
www.facebook.com/tr/ 44 B
258 B 6ms
6ms Image
image/gif 2a03:2880:f11c:8183:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=559328277756725&ev=Microdata&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample&rl=&if=false&ts=1597061102118&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Double%20Trouble%3A%20%20RevengeRAT%20and%20WSHRAT%22%2C%22meta%3Akeywords%22%3A%22threat%20research%2CThreat%20Research%2Cmalware%20analysis%2CCybersecurity%20Architect%22%2C%22meta%3Adescription%22%3A%22Learn%20more%20about%20a%20new%20Revenge%20RAT%20sample%20recently%20captured%20in%20the%20wild%20by%20our%20FortiGuard%20Labs%20team.%20%22%7D&cd[OpenGraph]=%7B%22og%3Asite_name%22%3A%22Fortinet%20Blog%22%2C%22og%3Atitle%22%3A%22Double%20Trouble%3A%20%20RevengeRAT%20and%20WSHRAT%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample.html%22%2C%22og%3Atype%22%3A%22article%22%2C%22og%3Adescription%22%3A%22Learn%20more%20about%20a%20new%20Revenge%20RAT%20sample%20recently%20captured%20in%20the%20wild%20by%20our%20FortiGuard%20Labs%20team.%20%E2%80%A6%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fwww.fortinet.com%2Fcontent%2Fdam%2Ffortinet-blog%2Farticle-images%2Frevenge-rat%2Frevengerat-one.png%22%2C%22twitter%3Acard%22%3A%22summary%22%2C%22twitter%3Asite%22%3A%22%40Fortinet%22%2C%22article%3Aauthor%22%3A%22Chris%20Navarrete%20and%20Xiaopeng%20Zhang%22%2C%22article%3Asection%22%3A%22Threat%20Research%22%2C%22article%3Apublished_time%22%3A%222019-11-13T00%3A00%3A00.000-08%3A00%22%2C%22article%3Atag%22%3A%22Cybersecurity%20Architect%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.23&r=stable&ec=1&o=30&fbp=fb.1.1597061102117.1386467932&it=1597061101504&coo=false&es=automatic&tm=3&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.fortinet.com/blog/threat-research/malware-analysis-revenge-rat-sample
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36

Response headers

date: Mon, 10 Aug 2020 12:05:02 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600
content-length: 44
expires: Mon, 10 Aug 2020 12:05:02 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: s7.addthis.com
URL: https://s7.addthis.com/static/sh.f48a1a04fe8dbf021b4cda1d.html

Verdicts & Comments Add Verdict or Comment

171 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

18 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.demdex.net/	1970-01-19 15:56:53	Name: demdex Value: 07724322315825516461797892677694968864
www.fortinet.com/	1970-01-19 11:37:42	Name: _hjIncludedInCCSample Value: 1
www.fortinet.com/	1969-12-31 23:59:59	Name: _hjIncludedInSample Value: 1
www.fortinet.com/	1969-12-31 23:59:59	Name: cookiesession1 Value: 11DBD2EDMVKSNL94DFUK89RGA5XB4D8D
www.fortinet.com/	1970-01-19 11:37:41	Name: _omappvs Value: 1597061100966
.addthis.com/	1970-01-19 21:07:55	Name: uvc Value: 1%7C33
www.fortinet.com/	1970-01-19 21:07:55	Name: __atuvc Value: 1%7C33
www.fortinet.com/	1970-01-19 12:20:53	Name: omSeen-qxx1b0gslklfu2kjckea Value: 1597061101308
.fortinet.com/	1970-01-20 05:08:53	Name: AMCV_ED8739F75677FE917F000101%40AdobeOrg Value: 870038026%7CMCIDTS%7C18485%7CMCMID%7C07380550018321899101762393744212686248%7CMCAAMLH-1597665900%7C6%7CMCAAMB-1597665900%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1597068300s%7CNONE%7CMCAID%7CNONE%7CvVersion%7C5.0.0
.fortinet.com/	1970-01-19 11:37:42	Name: gpv_pn Value: www.fortinet.com%2Fblog%2Fthreat-research%2Fmalware-analysis-revenge-rat-sample
.fortinet.com/	1970-01-20 05:08:53	Name: s_ecid Value: MCMID%7C07380550018321899101762393744212686248
.fortinet.com/	1970-01-19 13:47:17	Name: s_getNewRepeat Value: 1597061100667-New
.addthis.com/	1970-01-19 21:07:55	Name: loc Value: MDAwMDBFVU5MTkgyMzI3MTg1MTAwMDAwMDBDSA==
.fortinet.com/	1969-12-31 23:59:59	Name: s_cc Value: true
www.fortinet.com/	1970-01-19 11:37:42	Name: __atuvs Value: 5f3137ec8d0b1522000
.fortinet.com/	1969-12-31 23:59:59	Name: AMCVS_ED8739F75677FE917F000101%40AdobeOrg Value: 1
.fortinet.com/	1969-12-31 23:59:59	Name: _hjid Value: 6026865c-038d-4299-89f4-6eb12a7bb144
www.fortinet.com/	1970-01-23 11:36:14	Name: _omappvp Value: 5NggYmPGE8ugkmsqmA1KGx5L7iMQLqaw8MYgmyUtPYqBnmIQvIrScMgaZLLNg1YVsAC9FyaR0lAiS8DO4o9Nao4p6RF0ZoCP

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.omappapi.com
a.opmnstr.com
ajax.googleapis.com
analytics.twitter.com
api.omappapi.com
assets.adobedtm.com
cdnjs.cloudflare.com
cm.everesttech.net
connect.facebook.net
d.adroll.com
d.adroll.mgr.consensu.org
dpm.demdex.net
fortinet.demdex.net
googleads.g.doubleclick.net
idsync.rlcdn.com
in.hotjar.com
m.addthis.com
match.adsrvr.org
metrics.fortinet.com
ml314.com
nextroll.com
ps.eyeota.net
px.ads.linkedin.com
s.adroll.com
s7.addthis.com
script.hotjar.com
site.fortinet.com
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
sync.crwdcntrl.net
t.co
v1.addthisedge.com
vars.hotjar.com
www.facebook.com
www.fortinet.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
z.moatads.com
s7.addthis.com
104.244.42.131
104.244.42.69
13.226.155.50
13.248.134.222
13.56.33.144
147.75.100.205
147.75.33.131
147.75.84.31
15.236.9.100
151.101.112.157
216.58.206.2
23.111.11.182
23.111.11.71
23.210.248.216
23.210.248.44
23.210.250.213
2606:4700::6810:85e5
2620:1ec:21::14
2a00:1450:4001:809::200a
2a00:1450:4001:815::2008
2a00:1450:4001:816::200e
2a00:1450:4001:817::2002
2a00:1450:4001:81c::2004
2a00:1450:4001:821::2003
2a02:26f0:10c:39e::25ea
2a02:26f0:f1:285::1e80
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a05:f500:11:101::b93f:9005
3.120.214.218
3.211.213.230
34.253.133.202
34.254.9.125
35.244.245.222
52.49.190.28
52.50.67.81
54.154.104.244
54.171.1.253
63.32.152.233
66.117.28.86
96.45.36.159
002c48ea2d8240fdaa8aff6669d375b9669154eb4de24941b6d5b7bf5a0ef97c
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
0a7a0c8fbd2cb2bbefe2e27f968895ef75575a339f828fe828eefecc9aba8f4e
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
133debcec0026d79ced8d9d9504d6f95804410b4806b4b0b5f973f6ca529f5fb
137e41c449677deb7c8da3afde63fc781b095bb028f78b789be44192e8e3f4be
1a2684adb4b431902ef03f7959757f5163ed2ddc548e216654fa7858b1f4fd9b
288ee3a19514d8dd3d85fc9387e853c3f942ce28307dab68f4b50ecbb812b231
363a80d367e6658e72d918cd33f9481ce7929199a9858122b0dcc61dffa62fde
376617b38c5f98f0916bdfaa28afb3bdaca05ef487aefa5950b1b3758e40aee2
37f2a35148d303eb465200ddf0cecac8f8b94f6ddfa7b9a56967fad1b16ca5ec
3bafe3dc1d315eeacd00431312f15c26d8ce6725ecf2dce6b3892c6432039900
3d42c331e33d0821e56249645fb1b30831537a5227e58c67b0ffe85ceba025e7
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba
5a41b3238b06189c420ee8392a015f7214b1e21fd01c28a9e9e573b78acc4a4a
5ad26f7cf51222feace795cbdb672bc5c50c41ba5bd591afc71fadc176aea20a
5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d
5b78ce591c371161c8a2de82384afbc0d8ce3f934bb3f25ee52be321341beaa3
5d7a8223c890d6162d79d81229a8d9660b6ab884b7a3e738cec26fe524ec254d
5d7fda52442588c5ae334e48512e3bab1c0a34ed25a9c8ec0c8afe15df3f51d0
6154d5f7f6961e042d013bab33fd02b691970d873f44f3c32d8fcc6e79ef5bcd
669658266deaa76165265ae6486c6e9d5caf2e5692ad872cf3a465373e839419
68b01e8be50d58d56dc4794ded8ca457bde3882c8d77abc5c17ef56e200d3305
6ec95cf3501a05606c0117144486ccb9aa6824e65d1ff056fa49ba44ac5b0cb9
6ff1daac173d3df915242165da52fde2ef9c5d818f9e9b8cf3fe3bd39011eeab
76a6c0f104b16e928abebfff3b22120eabfa3c758d6f2364f249c25705556abd
7adf4eeaee78b850ca0d968bfb7ebce034aa89feef442feccb2d07a085204b1c
7bdd214b2de9a8cd6bf360eb472588aaee1ef2691956648577222f7e9f97307a
87b784071fc3dd6fbe9f0ed8362565d37f3d3eadc97acfda6ec9b9f628ff076f
893df2b9ceb653f94333139d561d363bf4c365e651a0a3ade839d96200942e37
92f410985c0233c9abcba33b98f05b3e24d5ea3e80f5083466d545e94d49ec43
9562668d12a4b72d5dfe7ca589d9f8b5ae986c86c2194fef117d6e7b93004384
96a79625665927c8779ddfddf78dd3418da031897f8f92800a9e9fe6cf998921
9c6af299685617864c257472040f437ef951afec994720a24781931cc3527017
9cc56307a599f98aca4e3fedeba9b46a424244e8257a64f0e9700f7d90cf2834
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a9791c207ed611d76a10eb3146c217fdc55a6f13e4000521188b98835687db7b
ac407073e4da81a2b4e6aa2d30d3452c1fcdb48e3e880af5f80dabff2c6dfd6c
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
afccc754e772ea78141269cc51ab6fd8b52479dbf0b291fd23724ae4922dcc9f
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b2a69f81002746fb20a34679b10c764c2d5f664de10944230824289d55c38348
b77fdd465e4ceb244688025c2a373ed0b6a0f6b88b4a8504398ba820dbaa7847
bcaf0e3f087296133e0a996ee3d289a8d1a690147c93e0ab62019b505e6f9355
c71b31cf866fb4f9c9869af1f3010f64679ba435aca8cc1c075359f417bda0f6
c7c2a637412317b9e13fd52b5ecff08eb1b5da60b3d66a2a5b8eff7eec182a84
c92295bd1bd22a2460a97272741c3ef8753884a1a370ad862753cc16e6d94e85
c9cb0fe190227f1cfc4239e81b5038b9a2e350bd85ce9fb8a9945674b4a7f414
cbce85e96b7752208ce15a09ea4d5a58b792edc9e77f1c5ccf46c01935970f9d
ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4
d0e142b02196f538f5cc5c0912f292ce26b515e0a11c79b244d43ceef9803da7
d223439f0a00d264eadf96d43a5245e291ff1504db055176eb8a3da4ef532cb4
d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17
d63fb2d1ee7f3aa0511d7dfa759fa0701ba25046fe7410e02fe977d326b30e01
d6df1bca3f52fafa22d16bb86bc71723212b30401ea887f94635bb855b2e4ca4
daa4a95e56f58d92626ce20d9cfd00c8408245553b0a4717128c2a2ee652a7df
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eb12a261a24e54883613710a4c12f4d9205f634ca1a29d1df07f90105a93e746
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
fd361b57998c76f86335afa28b8a62527d88a8200fb5c428d6f0fff73383e955

www.fortinet.com Open in urlscan Pro 13.56.33.144 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

71 Requests

99 %HTTPS

32 %IPv6

33 Domains

43 Subdomains

36 IPs

7 Countries

1375 kBTransfer

4045 kBSize

18 Cookies

11 Outgoing links

Page URL History

Redirected requests

71 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.fortinet.com Open in urlscan Pro
13.56.33.144 Public Scan

Screenshot
Live screenshot

Full Image

71
Requests

99 %
HTTPS

32 %
IPv6

33
Domains

43
Subdomains

36
IPs

7
Countries

1375 kB
Transfer

4045 kB
Size

18
Cookies

71 HTTP transactions
4 data transactions