www.fortinet.com Open in urlscan Pro
52.9.7.17 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
Submission: On August 19 via api (August 19th 2018, 7:50:21 pm UTC) from CH

Summary HTTP 39 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 21 IPs in 3 countries across 13 domains to perform 39 HTTP transactions. The main IP is 52.9.7.17, located in San Jose, United States and belongs to AMAZON-02 - Amazon.com, Inc., US. The main domain is www.fortinet.com.
TLS certificate: Issued by DigiCert SHA2 High Assurance Server CA on April 27th 2016. Valid for: 3 years.

This is the only time www.fortinet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 11	52.9.7.17 52.9.7.17	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	172.227.102.19 172.227.102.19	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
4	2.18.232.23 2.18.232.23	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	2a00:1450:400... 2a00:1450:4001:821::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
2	34.251.231.74 34.251.231.74	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	52.9.90.207 52.9.90.207	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	151.101.12.134 151.101.12.134	54113 (FASTLY) (FASTLY - Fastly)
1	2.16.186.243 2.16.186.243	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2.18.233.40 2.18.233.40	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	34.248.66.236 34.248.66.236	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	172.82.228.19 172.82.228.19	15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.)
1 1	66.117.28.86 66.117.28.86	15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.)
1	54.217.251.76 54.217.251.76	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1 3	18.194.222.56 18.194.222.56	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	66.117.29.6 66.117.29.6	15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.)
1	52.71.155.233 52.71.155.233	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	13.32.223.54 13.32.223.54	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
4	2400:cb00:204... 2400:cb00:2048:1::6810:4da6	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	151.101.192.134 151.101.192.134	54113 (FASTLY) (FASTLY - Fastly)
1	2a03:2880:f01... 2a03:2880:f01c:800e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	151.101.112.64 151.101.112.64	54113 (FASTLY) (FASTLY - Fastly)
39	21

11 52.9.7.17 (San Jose, United States) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-9-7-17.us-west-1.compute.amazonaws.com

www.fortinet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.227.102.19 (Cambridge, United States)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a172-227-102-19.deploy.static.akamaitechnologies.com

platform-api.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
buttons-config.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2.18.232.23 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-232-23.deploy.static.akamaitechnologies.com

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:821::2008 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.251.231.74 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-251-231-74.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.9.90.207 (San Jose, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-9-90-207.us-west-1.compute.amazonaws.com

www.fortinet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.134 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

fortinetblog-1.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.16.186.243 (European Union)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-243.deploy.static.akamaitechnologies.com

c.sharethis.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.18.233.40 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-233-40.deploy.static.akamaitechnologies.com

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.248.66.236 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-248-66-236.eu-west-1.compute.amazonaws.com

fortinet.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.82.228.19 (Lehi, United States)

ASN15224 (OMNITURE - Adobe Systems Inc., US)
PTR: *.sc.omtrdc.net

fortinetinc.sc.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.117.28.86 (Lehi, United States) 1 redirects

ASN15224 (OMNITURE - Adobe Systems Inc., US)

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.217.251.76 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-217-251-76.eu-west-1.compute.amazonaws.com

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.194.222.56 (Cambridge, United States) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-194-222-56.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.117.29.6 (Lehi, United States)

ASN15224 (OMNITURE - Adobe Systems Inc., US)

fortinet.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.71.155.233 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-71-155-233.compute-1.amazonaws.com

count-server.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.223.54 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-32-223-54.fra56.r.cloudfront.net

vidassets.terminus.services	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2400:cb00:2048:1::6810:4da6 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

c.disquscdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.192.134 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f01c:800e:face:b00c:0:2 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.112.64 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)

links.services.disqus.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	fortinet.com 2 redirects www.fortinet.com	727 KB
6	sharethis.com 1 redirects platform-api.sharethis.com buttons-config.sharethis.com l.sharethis.com count-server.sharethis.com	51 KB
4	disquscdn.com c.disquscdn.com	200 KB
4	disqus.com fortinetblog-1.disqus.com disqus.com links.services.disqus.com	25 KB
4	adobedtm.com assets.adobedtm.com	80 KB
3	omtrdc.net fortinetinc.sc.omtrdc.net fortinet.tt.omtrdc.net	1 KB
3	demdex.net dpm.demdex.net fortinet.demdex.net	2 KB
2	adroll.com s.adroll.com d.adroll.com	10 KB
1	facebook.com graph.facebook.com	837 B
1	terminus.services vidassets.terminus.services
1	everesttech.net 1 redirects cm.everesttech.net	527 B
1	consensu.org c.sharethis.mgr.consensu.org
1	googletagmanager.com www.googletagmanager.com	24 KB
39	13

	Domain	Requested by
12	www.fortinet.com	2 redirects www.fortinet.com
4	c.disquscdn.com	fortinetblog-1.disqus.com
4	assets.adobedtm.com	www.fortinet.com assets.adobedtm.com
3	l.sharethis.com	1 redirects www.fortinet.com
2	disqus.com	fortinetblog-1.disqus.com
2	fortinetinc.sc.omtrdc.net	assets.adobedtm.com www.fortinet.com
2	dpm.demdex.net	assets.adobedtm.com www.fortinet.com
1	links.services.disqus.com	c.disquscdn.com
1	graph.facebook.com	platform-api.sharethis.com
1	vidassets.terminus.services	www.googletagmanager.com
1	count-server.sharethis.com	platform-api.sharethis.com
1	fortinet.tt.omtrdc.net	assets.adobedtm.com
1	d.adroll.com	s.adroll.com
1	cm.everesttech.net	1 redirects
1	fortinet.demdex.net	assets.adobedtm.com
1	s.adroll.com	www.googletagmanager.com
1	c.sharethis.mgr.consensu.org	platform-api.sharethis.com
1	fortinetblog-1.disqus.com	www.fortinet.com
1	www.googletagmanager.com	www.fortinet.com
1	buttons-config.sharethis.com	platform-api.sharethis.com
1	platform-api.sharethis.com	www.fortinet.com
39	21

This site contains links to these domains. Also see Links.

Domain
www.bleepingcomputer.com
cr.yp.to
premium.wpmudev.org
twitter.com
go.fortinet.com
www.facebook.com
www.twitter.com
www.youtube.com
www.linkedin.com
www.instagram.com
fortiguard.com
demand.fortinet.com
fusecommunity.fortinet.com
cookie-script.com

Subject Issuer	Validity	Valid
www.fortinet.com DigiCert SHA2 High Assurance Server CA	`2016-04-27` - `2019-05-02`	3 years	crt.sh
*.sharethis.com DigiCert SHA2 Secure Server CA	`2018-02-14` - `2019-02-14`	a year	crt.sh
assets.adobedtm.com DigiCert SHA2 High Assurance Server CA	`2018-04-06` - `2019-04-11`	a year	crt.sh
*.google-analytics.com Google Internet Authority G3	`2018-08-07` - `2018-10-16`	2 months	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh
*.disqus.com DigiCert SHA2 Secure Server CA	`2018-03-28` - `2020-04-27`	2 years	crt.sh
*.sharethis.mgr.consensu.org DigiCert ECC Secure Server CA	`2018-07-31` - `2019-07-31`	a year	crt.sh
*.adroll.com DigiCert SHA2 Secure Server CA	`2018-02-14` - `2019-02-14`	a year	crt.sh
*.sc.omtrdc.net DigiCert SHA2 High Assurance Server CA	`2016-05-04` - `2019-05-23`	3 years	crt.sh
*.tt.omtrdc.net DigiCert SHA2 High Assurance Server CA	`2017-10-19` - `2020-11-25`	3 years	crt.sh
*.terminus.services Amazon	`2018-01-17` - `2019-02-17`	a year	crt.sh
ssl565697.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2018-04-29` - `2018-11-05`	6 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2017-12-15` - `2019-03-22`	a year	crt.sh
f.ssl.fastly.net GlobalSign Organization Validation CA - SHA256 - G2	`2017-10-27` - `2018-09-03`	10 months	crt.sh

This page contains 4 frames:

Primary Page: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
Frame ID: 6D5AD8F36F3838B021AFF6C9C31A8CBE
Requests: 38 HTTP requests in this frame

Frame: https://c.sharethis.mgr.consensu.org/v1.0/cmp/portal.html
Frame ID: 3BC51A54C3CB8D6CDC4CF6384DFD9C1D
Requests: 1 HTTP requests in this frame

Frame: https://fortinet.demdex.net/dest5.html?d_nsid=0
Frame ID: E4A74530FA4457B50A1183DA8F158A19
Requests: 1 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=fortinetblog-1&t_i=%2Fcontent%2Ffortinet-blog%2Fus%2Fen%2Fthreat-research%2Fgandcrab-v4-0-analysis--new-shell--same-old-menace&t_u=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fgandcrab-v4-0-analysis--new-shell--same-old-menace.html&t_d=GandCrab%20V4.0%20Analysis%3A%20New%20Shell%2C%20Same%20Old%20Menace&t_t=GandCrab%20V4.0%20Analysis%3A%20New%20Shell%2C%20Same%20Old%20Menace&s_o=default
Frame ID: 0B4B0E72721FB6415470D9D9AB871934
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /(?:a|s)\.adroll\.com/i
env /^adroll_/i

Disqus (Comment Systems) Expand

Overall confidence: 100%
Detected patterns

env /^DISQUS/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

env /^google_tag_manager$/i

SiteCatalyst (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /\/s[_-]code.*\.js/i
env /^s_(?:account|objectID|code|INST)$/i

VigLink (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

env /^(?:vglnk(?:$|_)|vl_(?:cB|disable)$)/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

Page Statistics

39
Requests

100 %
HTTPS

14 %
IPv6

13
Domains

21
Subdomains

21
IPs

3
Countries

1120 kB
Transfer

2353 kB
Size

11
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://www.bleepingcomputer.com/news/security/gandcrab-v4-released-with-the-new-krab-extension-for-encrypted-files/
Title: BleepingComputer

Search URL Search Domain Scan URL

URL: https://cr.yp.to/salsa20.html
Title: Salsa20 stream cipher

Search URL Search Domain Scan URL

URL: https://premium.wpmudev.org/blog/wordpress-security-exploits/
Title: target of exploitation

Search URL Search Domain Scan URL

URL: https://twitter.com/hashbreaker?lang=en
Title: Daniel J. Bernstein

Search URL Search Domain Scan URL

URL: https://twitter.com/zerophage1337?lang=en
Title: Zerophagel337

Search URL Search Domain Scan URL

URL: http://go.fortinet.com/LP=4658?utm_source=social&utm_medium=blog&utm_campaign=GEN-WP-Q1-2018-Threat-Landscape-Report&elq_src=Social&elq_cid=70134000001StUhAAK&elq_staid=10&elq_eid=10258&elq_sid=11288
Title:

Search URL Search Domain Scan URL

URL: https://www.facebook.com/fortinet
Title:

Search URL Search Domain Scan URL

URL: https://www.twitter.com/fortinet
Title:

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/SecureNetworks
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/fortinet
Title:

Search URL Search Domain Scan URL

URL: https://www.instagram.com/behindthefirewall/
Title:

Search URL Search Domain Scan URL

URL: https://fortiguard.com/
Title: FortiGuard Labs

Search URL Search Domain Scan URL

URL: http://demand.fortinet.com/FortiGuard
Title: Threat Briefs

Search URL Search Domain Scan URL

URL: https://fusecommunity.fortinet.com/
Title: Fuse

Search URL Search Domain Scan URL

URL: https://cookie-script.com/
Title: Free cookie consent by cookie-script.com

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 19

https://cm.everesttech.net/cm/dd?d_uuid=30347591455497431484000761923051120549 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=W3nJ8AAABtqS7Dx0

Request Chain 21

https://l.sharethis.com/pview?event=pview&version=st_sop.js&lang=en&fpc=4e8ce6e-16553bcd23e-23b5e30e-1&sessionID=1534708208191.71255&hostname=www.fortinet.com&location=%2Fblog%2Fthreat-research%2Fgandcrab-v4-0-analysis--new-shell--same-old-menace.html&product=sticky-share-buttons&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fgandcrab-v4-0-analysis--new-shell--same-old-menace.html&sharURL=&buttonType=&destination=&source=&st_optout=false&title=GandCrab%20V4.0%20Analysis%3A%20New%20Shell%2C%20Same%20Old%20Menace&publisher=5977d47080bb1d0011ab6d8f&ts1534708208191=&sop=true HTTP 301
https://l.sharethis.com/sc?cm=ZGAMJ1t5yfAAAAATWhJMAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fgandcrab-v4-0-analysis--new-shell--same-old-menace.html

Request Chain 27

https://www.fortinet.com/content/fortinet-blog/us/en/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace/_jcr_content/root/responsivegrid/image.img.png HTTP 301
https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace/_jcr_content/root/responsivegrid/image.img.png

Request Chain 28

https://www.fortinet.com/content/fortinet-blog/us/en/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace/_jcr_content/root/responsivegrid/image_1133015980.img.png HTTP 301
https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace/_jcr_content/root/responsivegrid/image_1133015980.img.png

39 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set gandcrab-v4-0-analysis--new-shell--same-old-menace.html Show response
www.fortinet.com/blog/threat-research/ 42 KB
11 KB 502ms
167ms Document
text/html 52.9.7.17
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.9.7.17 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-52-9-7-17.us-west-1.compute.amazonaws.com

Software

Apache /

Resource Hash

eb447c1428f829ebfa32dcfdf6c6fafe474b77fa190ed680ee33ca4369c58965

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

Host: www.fortinet.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 6D5AD8F36F3838B021AFF6C9C31A8CBE

Response headers

Accept-Ranges: bytes
Cache-control: no-cache="set-cookie"
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Sun, 19 Aug 2018 19:50:08 GMT
ETag: "a6dd-573cae2c2c72c-gzip"
Last-Modified: Sun, 19 Aug 2018 14:48:28 GMT
Server: Apache
Set-Cookie: AWSELB=ADCDE3710804DABF75CED0801727222EF3B4A37C02AB82F6B4B34B65D91DB92F926500FCE4053BBF2263FFE136272BE68C6476E6DD96F8DEFF40FD294F0D109CB7D0FEDBA6;PATH=/;MAX-AGE=900
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Vary: Accept-Encoding,User-Agent
X-Frame-Options: SAMEORIGIN
Content-Length: 11118
Connection: keep-alive

GET
H/1.1 200
OK clientlib-base.min.css
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/ 211 KB
17 KB 171ms
171ms Stylesheet
text/css 52.9.7.17
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.css

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.9.7.17 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-52-9-7-17.us-west-1.compute.amazonaws.com

Software

Apache /

Resource Hash

31ad41eb429a056fb28e89d8c140e7c439ab1f4e72b79a6df23f73d8db433919

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.fortinet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/css,*/*;q=0.1
Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
Cookie: AWSELB=ADCDE3710804DABF75CED0801727222EF3B4A37C02AB82F6B4B34B65D91DB92F926500FCE4053BBF2263FFE136272BE68C6476E6DD96F8DEFF40FD294F0D109CB7D0FEDBA6
Connection: keep-alive
Cache-Control: no-cache
Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sun, 19 Aug 2018 19:50:08 GMT
Content-Encoding: gzip
Last-Modified: Wed, 15 Aug 2018 17:12:57 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "34a57-5737c701ad23f-gzip"
Vary: Accept-Encoding,User-Agent
Connection: keep-alive
Content-Type: text/css
Cache-Control: max-age=604800, public
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Accept-Ranges: bytes
Content-Length: 16743

GET
H/1.1 200
OK sharethis.js Show response
platform-api.sharethis.com/js/ 134 KB
49 KB 7ms
7ms Script
text/javascript 172.227.102.19
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://platform-api.sharethis.com/js/sharethis.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 172.227.102.19 Cambridge, United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a172-227-102-19.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 9b371a8db8abe7f7f71cec6aa5aa013ceabe949d8ef311ae255debb4297a9c99

Request headers

Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sun, 19 Aug 2018 19:50:08 GMT
Content-Encoding: gzip
ETag: W/"217a3-h/YdvKciMy3vd/BkUGfREQ"
Vary: Accept-Encoding
Access-Control-Allow-Methods: DELETE, GET, HEAD, OPTIONS, POST, PUT
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Length: 49616

GET
H/1.1 200
OK satelliteLib-32b0117a6a1b1e07ce775d6f834af5718192ddf1.js Show response
assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/ 135 KB
40 KB 13ms
13ms Script
application/x-javascript 2.18.232.23
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/satelliteLib-32b0117a6a1b1e07ce775d6f834af5718192ddf1.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.23 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: d6722d70ee2eeecc81a1424a4a1a6ef145369162a6cf5285ecfc122f79e1af97

Request headers

Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sun, 19 Aug 2018 19:50:08 GMT
Content-Encoding: gzip
Last-Modified: Thu, 16 Aug 2018 21:17:40 GMT
Server: Apache
ETag: "44535ad2e5d8393acc9c64001139dde3:1534454260"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *, *
Content-Length: 40080
Expires: Sun, 19 Aug 2018 20:50:08 GMT

GET
H/1.1 200
OK fortinet-logo-white.svg
www.fortinet.com/content/dam/fortinet-blog/ 32 KB
2 KB 264ms
166ms Image
image/svg+xml 52.9.7.17
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/fortinet-logo-white.svg

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.9.7.17 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-52-9-7-17.us-west-1.compute.amazonaws.com

Software

Apache /

Resource Hash

d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.fortinet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
Cookie: AWSELB=ADCDE3710804DABF75CED0801727222EF3B4A37C02AB82F6B4B34B65D91DB92F926500FCE4053BBF2263FFE136272BE68C6476E6DD96F8DEFF40FD294F0D109CB7D0FEDBA6; __unam=4e8ce6e-16553bcd23e-23b5e30e-1; AMCV_ED8739F75677FE917F000101%40AdobeOrg=-330454231%7CMCIDTS%7C17763%7CvVersion%7C3.1.2; check=true; mbox=session#af877a20090e410f8be98e54fe7ba8b7#1534710069
Connection: keep-alive
Cache-Control: no-cache
Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sun, 19 Aug 2018 19:50:08 GMT
Content-Encoding: gzip
Last-Modified: Wed, 15 Aug 2018 17:12:57 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "7ebb-5737c701aa748-gzip"
Vary: Accept-Encoding,User-Agent
Connection: keep-alive
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Accept-Ranges: bytes
Content-Length: 1998

GET
H/1.1 200
OK clientlib-base.min.js Show response
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/ 164 KB
53 KB 328ms
174ms Script
application/javascript 52.9.7.17
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.9.7.17 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-52-9-7-17.us-west-1.compute.amazonaws.com

Software

Apache /

Resource Hash

0b6043877e5dd01857f2e94cb94b6c4b7157a088277d0f59a15a9ed9917c9c87

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.fortinet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: */*
Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
Cookie: AWSELB=ADCDE3710804DABF75CED0801727222EF3B4A37C02AB82F6B4B34B65D91DB92F926500FCE4053BBF2263FFE136272BE68C6476E6DD96F8DEFF40FD294F0D109CB7D0FEDBA6
Connection: keep-alive
Cache-Control: no-cache
Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sun, 19 Aug 2018 19:50:08 GMT
Content-Encoding: gzip
Last-Modified: Wed, 15 Aug 2018 17:14:48 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "28ff0-5737c76be106f-gzip"
Vary: Accept-Encoding,User-Agent
Connection: keep-alive
Content-Type: application/javascript
Cache-Control: max-age=604800, public
transfer-encoding: chunked
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Accept-Ranges: bytes

GET
H/1.1 200
OK 5977d47080bb1d0011ab6d8f.js Show response
buttons-config.sharethis.com/js/ 444 B
865 B 17ms
17ms Script
text/javascript 172.227.102.19
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://buttons-config.sharethis.com/js/5977d47080bb1d0011ab6d8f.js
Requested by: Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 172.227.102.19 Cambridge, United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a172-227-102-19.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 7f0daa7591ef2b42b26dd9d39102440c242e7fd798e7898a620e5489d67ec73e

Request headers

Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sun, 19 Aug 2018 19:50:08 GMT
Last-Modified: Tue, 16 Jan 2018 20:14:52 GMT
Server: AmazonS3
x-amz-request-id: C54E6789E0114D15
ETag: "6167cc13570c31ffc1713616a6fb087d"
Content-Type: text/javascript
Cache-Control: public, max-age=60
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 444
x-amz-id-2: nO1CuBWCcHNXchPi7hGmM+s8lQEdpjuzNCN35UBmG9EJZRaG5QZiY8rq/clMPvRvPiCcddEIy1A=

GET
S 200 gtm.js Show response
www.googletagmanager.com/ 67 KB
24 KB 32ms
21ms Script
application/javascript 2a00:1450:4001:821::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NBSLLPJ

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html

Protocol

SPDY

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2a00:1450:4001:821::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

4ce9ed609fccf877301edf2571eb3b7125706ed8f39e5f61ab8a794cd4a975de

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sun, 19 Aug 2018 19:50:08 GMT
content-encoding: gzip
server: Google Tag Manager (scaffolding)
access-control-allow-headers: Cache-Control
status: 200
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
alt-svc: quic=":443"; ma=2592000; v="44,43,39,35"
content-length: 24151
x-xss-protection: 1; mode=block
expires: Sun, 19 Aug 2018 19:50:08 GMT

GET
H/1.1 200
OK id Show response
dpm.demdex.net/ 367 B
1 KB 117ms
35ms XHR
application/json 34.251.231.74
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1534708208358
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/satelliteLib-32b0117a6a1b1e07ce775d6f834af5718192ddf1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.231.74 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-34-251-231-74.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 42068879df2ff7e8617b86e15f2796075ed3f050b5752102f2220036cc6b68dd

Request headers

Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
Origin: https://www.fortinet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: irl1-prod-dcs-efb97a2f.edge-irl1.demdex.com 5.36.2.20180809152735 5ms
Pragma: no-cache
Content-Encoding: gzip
X-TID: 0F1T+JZ0SFs=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.fortinet.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 301
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK mbox-contents-081c7224345c702ebcf6ef22d3b7449ec11ce42d.js Show response
assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/ 72 KB
26 KB 44ms
43ms Script
application/x-javascript 2.18.232.23
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/mbox-contents-081c7224345c702ebcf6ef22d3b7449ec11ce42d.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/satelliteLib-32b0117a6a1b1e07ce775d6f834af5718192ddf1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.23 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 13f9871faf609461bb6206bfa6d9f987e80805137f54655e19177cb52fb3d016

Request headers

Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date: Sun, 19 Aug 2018 19:50:08 GMT
Content-Encoding: gzip
Last-Modified: Thu, 16 Aug 2018 21:17:40 GMT
Server: Apache
ETag: "12042a5e77e5e1f1023020ffebee8b4b:1534454260"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *, *
Content-Length: 26562
Expires: Sun, 19 Aug 2018 20:50:08 GMT

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/png

GET
H/1.1 200
OK gandc301.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/g_and_crab_v_03/ 155 KB
155 KB 422ms
172ms Image
image/png 52.9.7.17
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/article-images/g_and_crab_v_03/gandc301.png.thumb.319.319.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.9.7.17 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-52-9-7-17.us-west-1.compute.amazonaws.com

Software

Apache /

Resource Hash

f13cb66d38a0f76c3e2ebb26b0ff6d7a36509a0054a657514ca19e3992feee96

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.fortinet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
Cookie: AWSELB=ADCDE3710804DABF75CED0801727222EF3B4A37C02AB82F6B4B34B65D91DB92F926500FCE4053BBF2263FFE136272BE68C6476E6DD96F8DEFF40FD294F0D109CB7D0FEDBA6; __unam=4e8ce6e-16553bcd23e-23b5e30e-1; AMCV_ED8739F75677FE917F000101%40AdobeOrg=-330454231%7CMCIDTS%7C17763%7CvVersion%7C3.1.2; check=true; mbox=session#af877a20090e410f8be98e54fe7ba8b7#1534710069
Connection: keep-alive
Cache-Control: no-cache
Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sun, 19 Aug 2018 19:50:08 GMT
Last-Modified: Wed, 15 Aug 2018 17:25:13 GMT
Server: Apache
ETag: "26a56-5737c9bfe5697"
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
Content-Type: image/png
Cache-Control: max-age=604800, public
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Accept-Ranges: bytes
Content-Length: 158294

GET
H/1.1 200
OK gandcrab_thumb.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/gandcrab_ransomware_and_the_speculated_smb_exploit_spreader-/ 28 KB
28 KB 590ms
328ms Image
image/png 52.9.7.17
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/article-images/gandcrab_ransomware_and_the_speculated_smb_exploit_spreader-/gandcrab_thumb.png.thumb.319.319.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.9.7.17 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-52-9-7-17.us-west-1.compute.amazonaws.com

Software

Apache /

Resource Hash

0885e959c99611e2301fc0891e286bc7a1eac54fa4e2c7635e195be8963aa1eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.fortinet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
Cookie: AWSELB=ADCDE3710804DABF75CED0801727222EF3B4A37C02AB82F6B4B34B65D91DB92F926500FCE4053BBF2263FFE136272BE68C6476E6DD96F8DEFF40FD294F0D109CB7D0FEDBA6; __unam=4e8ce6e-16553bcd23e-23b5e30e-1; AMCV_ED8739F75677FE917F000101%40AdobeOrg=-330454231%7CMCIDTS%7C17763%7CvVersion%7C3.1.2; check=true; mbox=session#af877a20090e410f8be98e54fe7ba8b7#1534710069
Connection: keep-alive
Cache-Control: no-cache
Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sun, 19 Aug 2018 19:50:08 GMT
Last-Modified: Wed, 15 Aug 2018 17:33:56 GMT
Server: Apache
ETag: "6e5e-5737cbb226bf1"
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
Content-Type: image/png
Cache-Control: max-age=604800, public
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Accept-Ranges: bytes
Content-Length: 28254

GET
H/1.1 200
OK gandc_ransomware_thumbnail.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/g_and_crab_ransomware_two/ 132 KB
133 KB 665ms
331ms Image
image/png 52.9.7.17
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/article-images/g_and_crab_ransomware_two/gandc_ransomware_thumbnail.png.thumb.319.319.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.9.7.17 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-52-9-7-17.us-west-1.compute.amazonaws.com

Software

Apache /

Resource Hash

73e9038a52e8087fce8ac2f15051c54e23fedbe6e4d5537a08632b50ec9ffe4d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.fortinet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
Cookie: AWSELB=ADCDE3710804DABF75CED0801727222EF3B4A37C02AB82F6B4B34B65D91DB92F926500FCE4053BBF2263FFE136272BE68C6476E6DD96F8DEFF40FD294F0D109CB7D0FEDBA6; __unam=4e8ce6e-16553bcd23e-23b5e30e-1; AMCV_ED8739F75677FE917F000101%40AdobeOrg=-330454231%7CMCIDTS%7C17763%7CvVersion%7C3.1.2; check=true; mbox=session#af877a20090e410f8be98e54fe7ba8b7#1534710069
Connection: keep-alive
Cache-Control: no-cache
Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sun, 19 Aug 2018 19:50:08 GMT
Last-Modified: Wed, 15 Aug 2018 17:25:13 GMT
Server: Apache
ETag: "2118a-5737c9bfe75d7"
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
Content-Type: image/png
Cache-Control: max-age=604800, public
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Accept-Ranges: bytes
Content-Length: 135562

GET
H/1.1 200
OK gandcrab_09.png
www.fortinet.com/content/dam/fortinet-blog/article-images/gandcrab_v4/ 118 KB
118 KB 829ms
335ms Image
image/png 52.9.90.207
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/article-images/gandcrab_v4/gandcrab_09.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.9.90.207 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-52-9-90-207.us-west-1.compute.amazonaws.com

Software

Apache /

Resource Hash

a862642fb3ce1d45b9a0730018cedc1b5ee4eff7347dff7ed8a8d63bff246888

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.fortinet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
Cookie: AWSELB=ADCDE3710804DABF75CED0801727222EF3B4A37C02AB82F6B4B34B65D91DB92F926500FCE4053BBF2263FFE136272BE68C6476E6DD96F8DEFF40FD294F0D109CB7D0FEDBA6; __unam=4e8ce6e-16553bcd23e-23b5e30e-1; AMCV_ED8739F75677FE917F000101%40AdobeOrg=-330454231%7CMCIDTS%7C17763%7CvVersion%7C3.1.2; check=true; mbox=session#af877a20090e410f8be98e54fe7ba8b7#1534710069
Connection: keep-alive
Cache-Control: no-cache
Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sun, 19 Aug 2018 19:50:08 GMT
Last-Modified: Wed, 15 Aug 2018 17:33:56 GMT
Server: Apache
ETag: "1d7b1-5737cbb2580f9"
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
Content-Type: image/png
Cache-Control: max-age=604800, public
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Accept-Ranges: bytes
Content-Length: 120753

GET
H/1.1 200
OK embed.js Show response
fortinetblog-1.disqus.com/ 63 KB
21 KB 314ms
313ms Script
application/javascript 151.101.12.134
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://fortinetblog-1.disqus.com/embed.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.12.134 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

openresty /

Resource Hash

e81c5a16f377c2cfa0b23c2a98d35eac836b3a07d58cfb855f641b374ec3953d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains

Request headers

Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sun, 19 Aug 2018 19:50:08 GMT
Content-Encoding: gzip
Server: openresty
Age: 0
Vary: Accept-Encoding
Connection: keep-alive
Content-Type: application/javascript; charset=utf-8
Cache-Control: private, max-age=60
X-Service: router
Strict-Transport-Security: max-age=300; includeSubdomains
Link: <https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length: 21328

GET
H/1.1 200
OK portal.html
c.sharethis.mgr.consensu.org/v1.0/cmp/ Frame 3BC5 0
0 24ms
24ms Document
text/html 2.16.186.243
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.sharethis.mgr.consensu.org/v1.0/cmp/portal.html
Requested by: Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.16.186.243 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-16-186-243.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Host: c.sharethis.mgr.consensu.org
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 6D5AD8F36F3838B021AFF6C9C31A8CBE
Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Methods: DELETE, GET, HEAD, OPTIONS, POST, PUT
Access-Control-Allow-Origin: *
Content-Type: text/html; charset=UTF-8
ETag: W/"26b-4977387000"
Last-Modified: Tue, 01 Jan 1980 00:00:00 GMT
Vary: Accept-Encoding
Content-Length: 619
Cache-Control: public, max-age=600
Date: Sun, 19 Aug 2018 19:50:08 GMT
Connection: keep-alive

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 29 KB
10 KB 9ms
9ms Script
text/javascript 2.18.233.40
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NBSLLPJ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-233-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: e65cf5108c80dca04640eb55670754edbda09df69d96b1c5308dd7aae16e5ae8

Request headers

Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id: 3983yvQiUeJIC76cHdWZACuajrAAM2fQ
Content-Encoding: gzip
ETag: "3771366c85ecd7d661479d8467c1d272"
x-amz-request-id: 19E007E4E2EAE795
x-amz-server-side-encryption: AES256
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 9469
x-amz-id-2: 8nVI1PpwzJeec8aJgN+RINN9UirB6U966QNMZO8fbQGvW6lWTwpH4RcgC6kJG3BZbIeM+6KWFmo=
Last-Modified: Thu, 02 Aug 2018 22:24:55 GMT
Server: AmazonS3
Date: Sun, 19 Aug 2018 19:50:08 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK Cookie set dest5.html
fortinet.demdex.net/ Frame E4A7 0
0 115ms
27ms Document
text/html 34.248.66.236
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://fortinet.demdex.net/dest5.html?d_nsid=0
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/satelliteLib-32b0117a6a1b1e07ce775d6f834af5718192ddf1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.248.66.236 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-34-248-66-236.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Host: fortinet.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
Accept-Encoding: gzip, deflate
Cookie: demdex=30347591455497431484000761923051120549
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 6D5AD8F36F3838B021AFF6C9C31A8CBE
Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=21600
Content-Encoding: gzip
Content-Type: text/html
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Sun, 19 Aug 2018 19:11:14 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Set-Cookie: demdex=30347591455497431484000761923051120549;Path=/;Domain=.demdex.net;Expires=Fri, 15-Feb-2019 19:50:08 GMT;Max-Age=15552000
Vary: Accept-Encoding, User-Agent
X-TID: O8CaGQYNROY=
Content-Length: 2766
Connection: keep-alive

GET
H/1.1 200
OK id Show response
fortinetinc.sc.omtrdc.net/ 3 B
529 B 75ms
18ms XHR
application/x-javascript 172.82.228.19
Adobe Systems Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://fortinetinc.sc.omtrdc.net/id?d_visid_ver=3.1.2&d_fieldgroup=A&mcorgid=ED8739F75677FE917F000101%40AdobeOrg&mid=30701919064669812843964203262491280941&ts=1534708208480

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/satelliteLib-32b0117a6a1b1e07ce775d6f834af5718192ddf1.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

172.82.228.19 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),

Reverse DNS

*.sc.omtrdc.net

Software

Omniture DC/2.0.0 /

Resource Hash

ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
Origin: https://www.fortinet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Date: Sun, 19 Aug 2018 19:50:08 GMT
X-Content-Type-Options: nosniff
Server: Omniture DC/2.0.0
xserver: www50
Vary: Origin
Access-Control-Allow-Methods: GET, POST, DELETE
P3P: CP="This is not a P3P policy"
Access-Control-Allow-Origin: https://www.fortinet.com
Cache-Control: no-cache, no-store, max-age=0, no-transform, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/x-javascript
Content-Length: 3
X-XSS-Protection: 1; mode=block
X-C: ms-6.4.0

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=W3nJ8AAABtqS7Dx0
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=30347591455497431484000761923051120549
https://dpm.demdex.net/ibs:dpid=411&dpuuid=W3nJ8AAABtqS7Dx0

42 B
764 B

33ms
32ms

Image
image/gif

34.251.231.74
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dpm.demdex.net/ibs:dpid=411&dpuuid=W3nJ8AAABtqS7Dx0
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.251.231.74 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-34-251-231-74.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

DCS: irl1-prod-dcs-0bd7a4445.edge-irl1.demdex.com 5.36.2.20180809152735 6ms
Pragma: no-cache
X-TID: J1sdu+khSDk=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Sun, 19 Aug 2018 19:50:07 GMT
Server: AMO-cookiemap/1.1
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=W3nJ8AAABtqS7Dx0
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=15,max=100
Content-Length: 0

GET
H/1.1 200
OK 7OBVBCAQE5FHDPFEAD5T4D Show response
d.adroll.com/consent/check/ 35 B
195 B 116ms
28ms Script
application/javascript 54.217.251.76
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/7OBVBCAQE5FHDPFEAD5T4D?_s=5dbfcbc28820259ca3ba45d1134a79e2
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.217.251.76 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-54-217-251-76.eu-west-1.compute.amazonaws.com
Software: nginx/1.12.1 /
Resource Hash: 8e1e0966b4257e4b292f4a3f03bcb0e235daae15964a0ab22d1176fee2da1e73

Request headers

Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sun, 19 Aug 2018 19:50:08 GMT
Server: nginx/1.12.1
Connection: keep-alive
Content-Length: 35
Content-Type: application/javascript

GET
H/1.1

301
Moved Permanently

sc Show response
l.sharethis.com/
Redirect Chain

https://l.sharethis.com/pview?event=pview&version=st_sop.js&lang=en&fpc=4e8ce6e-16553bcd23e-23b5e30e-1&sessionID=1534708208191.71255&hostname=www.fortinet.com&location=%2Fblog%2Fthreat-research%2Fg...
https://l.sharethis.com/sc?cm=ZGAMJ1t5yfAAAAATWhJMAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fgandcrab-v4-0-analysis--new-shell--same-old-menace.html

0
-1 B

30ms
7ms

XHR
text/html

18.194.222.56
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://l.sharethis.com/sc?cm=ZGAMJ1t5yfAAAAATWhJMAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fgandcrab-v4-0-analysis--new-shell--same-old-menace.html
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.222.56 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-194-222-56.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sun, 19 Aug 2018 19:50:08 GMT
Access-Control-Allow-Origin: https://www.fortinet.com
Access-Control-Max-Age: 1728000
P3p: policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Location: /sc?cm=ZGAMJ1t5yfAAAAATWhJMAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fgandcrab-v4-0-analysis--new-shell--same-old-menace.html
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Headers: *
Content-Length: 205
Stid: ZGAMJ1t5yfAAAAATWhJMAw==

Redirect headers

Date: Sun, 19 Aug 2018 19:50:08 GMT
Access-Control-Allow-Origin: https://www.fortinet.com
Access-Control-Max-Age: 1728000
P3p: policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Location: /sc?cm=ZGAMJ1t5yfAAAAATWhJMAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fgandcrab-v4-0-analysis--new-shell--same-old-menace.html
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Headers: *
Content-Length: 205
Stid: ZGAMJ1t5yfAAAAATWhJMAw==

GET
H/1.1 200
OK sc Show response
l.sharethis.com/ 51 B
474 B 8ms
8ms XHR
text/plain 18.194.222.56
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://l.sharethis.com/sc?cm=ZGAMJ1t5yfAAAAATWhJMAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fgandcrab-v4-0-analysis--new-shell--same-old-menace.html
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.194.222.56 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-194-222-56.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: d63d617d211aaabb73660debe6d713095b271ee70821adb411c1292935012bd2

Request headers

X-DevTools-Emulate-Network-Conditions-Client-Id: 6D5AD8F36F3838B021AFF6C9C31A8CBE
Origin: https://www.fortinet.com
Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sun, 19 Aug 2018 19:50:08 GMT
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://www.fortinet.com
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Stid: ZGAMJ1t5yfAAAAATWhJMAw==
Access-Control-Allow-Headers: *
Content-Length: 51

GET
S 200 json Show response
fortinet.tt.omtrdc.net/m2/fortinet/mbox/ 97 B
331 B 77ms
34ms XHR
application/json 66.117.29.6
Adobe Systems Inc.

General

Check archive.org

Show headers Download Go to

Full URL: https://fortinet.tt.omtrdc.net/m2/fortinet/mbox/json?mbox=target-global-mbox&mboxSession=af877a20090e410f8be98e54fe7ba8b7&mboxPC=&mboxPage=84d6c53656ba49628e600568c939f9e3&mboxRid=fe8a537e66784d02b6d209a9fc3f2403&mboxVersion=1.3.0&mboxCount=1&mboxTime=1534708208422&mboxHost=www.fortinet.com&mboxURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fgandcrab-v4-0-analysis--new-shell--same-old-menace.html&mboxReferrer=&browserHeight=1200&browserWidth=1600&browserTimeOffset=0&screenHeight=1200&screenWidth=1600&colorDepth=24&mboxMCSDID=70B437B440280CD9-1CC37AEF700D4915&vst.trk=fortinetinc.sc.omtrdc.net&vst.trks=fortinetinc.sc.omtrdc.net&mboxMCGVID=30701919064669812843964203262491280941&mboxAAMB=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/mbox-contents-081c7224345c702ebcf6ef22d3b7449ec11ce42d.js
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 66.117.29.6 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
Software: /
Resource Hash: 4018c716b7b2fc00807268cb8d517cf94d9560b3238f6ffdecd3e8ac865e9c8f

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
Origin: https://www.fortinet.com

Response headers

pragma: no-cache
date: Sun, 19 Aug 2018 19:50:07 GMT
status: 200
vary: Origin
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 97
x-application-context: edge:prod,prod-prod26,prod-prod26-app,prod26:11180

GET
H/1.1 200
OK s-code-contents-678d604999b9203058dbe982c7a7ddbf795bb1f4.js Show response
assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/ 34 KB
13 KB 8ms
7ms Script
application/x-javascript 2.18.232.23
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/s-code-contents-678d604999b9203058dbe982c7a7ddbf795bb1f4.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/satelliteLib-32b0117a6a1b1e07ce775d6f834af5718192ddf1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.23 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: e6f6d66459cdaf4ccd8b6a49546f78a77215acef509b0c771738e5c93ddfc2e9

Request headers

Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sun, 19 Aug 2018 19:50:08 GMT
Content-Encoding: gzip
Last-Modified: Thu, 16 Aug 2018 21:17:40 GMT
Server: Apache
ETag: "ac82a81e88b9df1be1b1053ef751f92e:1534454260"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *, *, *
Content-Length: 13207
Expires: Sun, 19 Aug 2018 20:50:08 GMT

GET
H/1.1 200
OK satellite-59ceae2064746d21fe0037dd.js Show response
assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/scripts/ 1 KB
901 B 12ms
5ms Script
application/x-javascript 2.18.232.23
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/scripts/satellite-59ceae2064746d21fe0037dd.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/satelliteLib-32b0117a6a1b1e07ce775d6f834af5718192ddf1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.23 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 24038492cb3d19fef34ce0a9bc55033f3030c04eeea97a93c22b2ec8914c1316

Request headers

Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sun, 19 Aug 2018 19:50:08 GMT
Content-Encoding: gzip
Last-Modified: Thu, 16 Aug 2018 21:17:40 GMT
Server: Apache
ETag: "d8619d86a5e27900726ec96a76ead3cc:1534454260"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=3600
Connection: keep-alive
Accept-Ranges: bytes
Timing-Allow-Origin: *, *
Content-Length: 459
Expires: Sun, 19 Aug 2018 20:50:08 GMT

GET
H/1.1 200
OK get_counts Show response
count-server.sharethis.com/v2.0/ 331 B
406 B 435ms
108ms Script
application/json 52.71.155.233
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://count-server.sharethis.com/v2.0/get_counts?cb=window.__sharethis__.cb3&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fgandcrab-v4-0-analysis--new-shell--same-old-menace.html&refDomain=www.fortinet.com&sop=true
Requested by: Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.71.155.233 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-52-71-155-233.compute-1.amazonaws.com
Software: /
Resource Hash: cfe3c9db0e1ed41b388acac04e493b060c890ea29390262f780751ee681acebb

Request headers

Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sun, 19 Aug 2018 19:50:09 GMT
Content-Encoding: gzip
Connection: keep-alive
Content-Length: 249
Content-Type: application/json

GET
H/1.1

200
OK

image.img.png
www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace/_jcr_content/root/responsivegrid/
Redirect Chain

https://www.fortinet.com/content/fortinet-blog/us/en/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace/_jcr_content/root/responsivegrid/image.img.png
https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace/_jcr_content/root/responsivegrid/image.img.png

92 KB
93 KB

333ms
333ms

Image
image/png

52.9.7.17
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace/_jcr_content/root/responsivegrid/image.img.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.9.7.17 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-52-9-7-17.us-west-1.compute.amazonaws.com

Software

Apache /

Resource Hash

d481efc9433ac72d5fc440adc76a006c52a3e3e45ab09936c533586e45a19af5

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.fortinet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
Cookie: __sharethis_cookie_test__=1; AWSELB=ADCDE3710804DABF75CED0801727222EF3B4A37C02AB82F6B4B34B65D91DB92F926500FCE4053BBF2263FFE136272BE68C6476E6DD96F8DEFF40FD294F0D109CB7D0FEDBA6; __unam=4e8ce6e-16553bcd23e-23b5e30e-1; check=true; AMCVS_ED8739F75677FE917F000101%40AdobeOrg=1; AMCV_ED8739F75677FE917F000101%40AdobeOrg=-330454231%7CMCIDTS%7C17763%7CMCMID%7C30701919064669812843964203262491280941%7CMCAAMLH-1535313008%7C6%7CMCAAMB-1535313008%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1534715408s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-17770%7CvVersion%7C3.1.2; mbox=session#af877a20090e410f8be98e54fe7ba8b7#1534710069|PC#af877a20090e410f8be98e54fe7ba8b7.26_30#1597953009; gpv_pn=www.fortinet.com%2Fblog%2Fthreat-research%2Fgandcrab-v4-0-analysis--new-shell--same-old-menace.html; s_cc=true
Connection: keep-alive
Cache-Control: no-cache
Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sun, 19 Aug 2018 19:50:08 GMT
Last-Modified: Wed, 15 Aug 2018 17:34:01 GMT
Server: Apache
ETag: "170cf-5737cbb7040f1"
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
Content-Type: image/png
Cache-Control: max-age=604800, public
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Accept-Ranges: bytes
Content-Length: 94415

Redirect headers

Location: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace/_jcr_content/root/responsivegrid/image.img.png
Date: Sun, 19 Aug 2018 19:50:08 GMT
Server: Apache
Connection: keep-alive
Content-Length: 351
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1

200
OK

image_1133015980.img.png
www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace/_jcr_content/root/responsivegrid/
Redirect Chain

https://www.fortinet.com/content/fortinet-blog/us/en/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace/_jcr_content/root/responsivegrid/image_1133015980.img.png
https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace/_jcr_content/root/responsivegrid/image_1133015980.img.png

117 KB
117 KB

344ms
343ms

Image
image/png

52.9.7.17
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace/_jcr_content/root/responsivegrid/image_1133015980.img.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.9.7.17 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-52-9-7-17.us-west-1.compute.amazonaws.com

Software

Apache /

Resource Hash

41eaf6511ba0bd3c49b4d6047e3d307a910236248102a0ae57dd766967568da1

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Request headers

Pragma: no-cache
Accept-Encoding: gzip, deflate
Host: www.fortinet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: image/webp,image/apng,image/*,*/*;q=0.8
Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
Cookie: __sharethis_cookie_test__=1; AWSELB=ADCDE3710804DABF75CED0801727222EF3B4A37C02AB82F6B4B34B65D91DB92F926500FCE4053BBF2263FFE136272BE68C6476E6DD96F8DEFF40FD294F0D109CB7D0FEDBA6; __unam=4e8ce6e-16553bcd23e-23b5e30e-1; check=true; AMCVS_ED8739F75677FE917F000101%40AdobeOrg=1; AMCV_ED8739F75677FE917F000101%40AdobeOrg=-330454231%7CMCIDTS%7C17763%7CMCMID%7C30701919064669812843964203262491280941%7CMCAAMLH-1535313008%7C6%7CMCAAMB-1535313008%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1534715408s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-17770%7CvVersion%7C3.1.2; mbox=session#af877a20090e410f8be98e54fe7ba8b7#1534710069|PC#af877a20090e410f8be98e54fe7ba8b7.26_30#1597953009; gpv_pn=www.fortinet.com%2Fblog%2Fthreat-research%2Fgandcrab-v4-0-analysis--new-shell--same-old-menace.html; s_cc=true
Connection: keep-alive
Cache-Control: no-cache
Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sun, 19 Aug 2018 19:50:09 GMT
Last-Modified: Wed, 15 Aug 2018 17:35:53 GMT
Server: Apache
ETag: "1d232-5737cc21f98d3"
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
Content-Type: image/png
Cache-Control: max-age=604800, public
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Accept-Ranges: bytes
Content-Length: 119346

Redirect headers

Location: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace/_jcr_content/root/responsivegrid/image_1133015980.img.png
Date: Sun, 19 Aug 2018 19:50:08 GMT
Server: Apache
Connection: keep-alive
Content-Length: 362
Content-Type: text/html; charset=iso-8859-1

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Response headers

Access-Control-Allow-Origin: *
Content-Type: image/gif

GET
S 404 t.js
vidassets.terminus.services/a01961d7-dcca-4b51-8e61-d0a209a6967f/ 0
0 26ms
7ms Script
application/json 13.32.223.54
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://vidassets.terminus.services/a01961d7-dcca-4b51-8e61-d0a209a6967f/t.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NBSLLPJ
Protocol: SPDY
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.32.223.54 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-13-32-223-54.fra56.r.cloudfront.net
Software: /
Resource Hash

Request headers

Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

cache-control: public, s-maxage=900
content-type: application/json

GET
S 200 lounge.fda8427fde61b6f55d19bcd47d8c54b0.css
c.disquscdn.com/next/embed/styles/ 99 KB
19 KB 18ms
17ms Stylesheet
text/css 2400:cb00:2048:1::6810:4da6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/styles/lounge.fda8427fde61b6f55d19bcd47d8c54b0.css

Requested by

Host: fortinetblog-1.disqus.com
URL: https://fortinetblog-1.disqus.com/embed.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:4da6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

fbf5d901393f5552a007fe5e20ae88c5b8d09a5ae1b972a398d3218e9b013a09

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sun, 19 Aug 2018 19:50:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
strict-transport-security: max-age=300; includeSubdomains
content-length: 19061
x-xss-protection: 1; mode=block
timing-allow-origin: *
last-modified: Fri, 10 Aug 2018 23:38:57 GMT
server: cloudflare
fastly-debug-digest: b0b057f5f589562c68db995740e80deb923167a1f09065d1396852e651436f1b
etag: "5b6e2211-4a75"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
cf-ray: 44cf25c13dc4975c-FRA
expires: Mon, 12 Aug 2019 18:38:21 GMT

GET
S 200 common.bundle.e63a160a6bfb2f2953b5059c50baaf15.js Show response
c.disquscdn.com/next/embed/ 242 KB
81 KB 16ms
15ms Script
application/javascript 2400:cb00:2048:1::6810:4da6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/common.bundle.e63a160a6bfb2f2953b5059c50baaf15.js

Requested by

Host: fortinetblog-1.disqus.com
URL: https://fortinetblog-1.disqus.com/embed.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:4da6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b58042b3caa084f224cc60cb8aa59b30b4219dbc797d2084ffe095e94d2a221a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sun, 19 Aug 2018 19:50:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
strict-transport-security: max-age=300; includeSubdomains
content-length: 82692
x-xss-protection: 1; mode=block
timing-allow-origin: *
last-modified: Tue, 31 Jul 2018 22:23:46 GMT
server: cloudflare
fastly-debug-digest: bd8ba0469cb199f6986186933efa1473af5ff288ff29039c1feb7332871058c9
etag: "5b60e172-14304"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
cf-ray: 44cf25c13dc7975c-FRA
expires: Thu, 01 Aug 2019 00:05:08 GMT

GET
S 200 lounge.bundle.d9de07e390c24c083ffd3c2c531d3ebf.js Show response
c.disquscdn.com/next/embed/ 360 KB
94 KB 14ms
13ms Script
application/javascript 2400:cb00:2048:1::6810:4da6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/lounge.bundle.d9de07e390c24c083ffd3c2c531d3ebf.js

Requested by

Host: fortinetblog-1.disqus.com
URL: https://fortinetblog-1.disqus.com/embed.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:4da6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

e77d1cca37b1fdf7d24b674dab4a639286ef3f7ffe2d4b7a72e70d5d6bcc5bd7

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sun, 19 Aug 2018 19:50:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
strict-transport-security: max-age=300; includeSubdomains
content-length: 95587
x-xss-protection: 1; mode=block
timing-allow-origin: *
last-modified: Tue, 14 Aug 2018 23:13:01 GMT
server: cloudflare
fastly-debug-digest: 1ae910ba9efd9b4004323493e3629dde07f55420c7f4a29e23afa9f2288aa39b
etag: "5b7361fd-17563"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
cf-ray: 44cf25c13dc9975c-FRA
expires: Thu, 15 Aug 2019 04:43:49 GMT

GET
H/1.1 200
OK config.js Show response
disqus.com/next/ 5 KB
3 KB 6ms
5ms Script
application/javascript 151.101.192.134
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/next/config.js

Requested by

Host: fortinetblog-1.disqus.com
URL: https://fortinetblog-1.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.192.134 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

3eaf5886f85c6f2592611b9bb3d6fcff29e3cebad3af2846f2b157714c8e4e86

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sun, 19 Aug 2018 19:50:08 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 49
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 2375
X-XSS-Protection: 1; mode=block
Server: nginx
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=300; includeSubdomains
Content-Type: application/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Timing-Allow-Origin: *

GET
H/1.1 200
OK s22554166743254
fortinetinc.sc.omtrdc.net/b/ss/fortinetincproduction/1/JS-2.9.0-D7QN/ 43 B
591 B 24ms
23ms Image
image/gif 172.82.228.19
Adobe Systems Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://fortinetinc.sc.omtrdc.net/b/ss/fortinetincproduction/1/JS-2.9.0-D7QN/s22554166743254?AQB=1&ndh=1&pf=1&t=19%2F7%2F2018%2019%3A50%3A8%200%200&sdid=70B437B440280CD9-1CC37AEF700D4915&D=D%3D&mid=30701919064669812843964203262491280941&aamlh=6&ce=UTF-8&g=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fgandcrab-v4-0-analysis--new-shell--same-old-menace.html&events=event3&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&v1=www.fortinet.com%2Fblog%2Fthreat-research%2Fgandcrab-v4-0-analysis--new-shell--same-old-menace.html&v3=%2B1&c7=Entire%20Site&v27=BLOG&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=ED8739F75677FE917F000101%40AdobeOrg&AQE=1

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

172.82.228.19 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),

Reverse DNS

*.sc.omtrdc.net

Software

Omniture DC/2.0.0 /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date: Sun, 19 Aug 2018 19:50:08 GMT
X-Content-Type-Options: nosniff
X-C: ms-6.4.0
P3P: CP="This is not a P3P policy"
Connection: keep-alive
Content-Length: 43
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Mon, 20 Aug 2018 19:50:08 GMT
Server: Omniture DC/2.0.0
xserver: www50
ETag: "3295760781218480128-5306684046653498417"
Vary: *
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, max-age=0, no-transform, private
Expires: Sat, 18 Aug 2018 19:50:08 GMT

GET
H/1.1 200
OK /
disqus.com/embed/comments/ Frame 0B4B 0
0 168ms
167ms Document
text/html 151.101.192.134
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://disqus.com/embed/comments/?base=default&f=fortinetblog-1&t_i=%2Fcontent%2Ffortinet-blog%2Fus%2Fen%2Fthreat-research%2Fgandcrab-v4-0-analysis--new-shell--same-old-menace&t_u=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fgandcrab-v4-0-analysis--new-shell--same-old-menace.html&t_d=GandCrab%20V4.0%20Analysis%3A%20New%20Shell%2C%20Same%20Old%20Menace&t_t=GandCrab%20V4.0%20Analysis%3A%20New%20Shell%2C%20Same%20Old%20Menace&s_o=default

Requested by

Host: fortinetblog-1.disqus.com
URL: https://fortinetblog-1.disqus.com/embed.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.192.134 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

nginx /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src https://.twitter.com: https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://.services.disqus.com: https://cdn.boomtrain.com/p13n/ 'unsafe-inline' https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ https://apis.google.com https://disqus.com
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Host: disqus.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
Accept-Encoding: gzip, deflate
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id: 6D5AD8F36F3838B021AFF6C9C31A8CBE
Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html

Response headers

Server: nginx
Content-Security-Policy: script-src https://*.twitter.com:* https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ 'unsafe-inline' https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ https://apis.google.com https://disqus.com
Link: <https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control: stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p: CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Timing-Allow-Origin: *
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Type: text/html; charset=utf-8
Last-Modified: Mon, 09 Jul 2018 13:04:21 GMT
ETag: W/"lounge:view:6780348574.25610d9412d215f54074f80a4da8b8fb.2"
Content-Encoding: gzip
Content-Length: 2811
Date: Sun, 19 Aug 2018 19:50:09 GMT
Age: 0
Connection: keep-alive
Vary: Accept-Encoding
Strict-Transport-Security: max-age=300; includeSubdomains

GET
S 200 / Show response
graph.facebook.com/ 645 B
837 B 54ms
41ms Script
text/javascript 2a03:2880:f01c:800e:face:b00c:0:2
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?id=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fgandcrab-v4-0-analysis--new-shell--same-old-menace.html&callback=window.__sharethis__.cb4

Requested by

Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

436c7512cf01cda9c25348730d1782c21a4bf1e8757373670322b22ee0661527

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: gzip
etag: "6436429d3d95244dac599aee053d127d496e74b0"
x-app-usage: {"call_count":0,"total_cputime":0,"total_time":0}
status: 200
x-fb-rev: 4226578
content-length: 425
pragma: no-cache
x-fb-debug: UQnYhnSCtVO9oY7BuBjUITgG2GBa9+i0Eeo2jk+S1yMOm7eX3tQZIHTPdptMOc8mQ/DNZpwoOgfD0JgWzD1upg==
x-fb-trace-id: FW9SQoiFgmL
date: Sun, 19 Aug 2018 19:50:09 GMT
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, no-cache, no-store, must-revalidate
facebook-api-version: v2.7
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
S 200 alfie.f51946af45e0b561c60f768335c9eb79.js Show response
c.disquscdn.com/next/embed/ 19 KB
7 KB 29ms
29ms Script
application/javascript 2400:cb00:2048:1::6810:4da6
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://c.disquscdn.com/next/embed/alfie.f51946af45e0b561c60f768335c9eb79.js

Requested by

Host: fortinetblog-1.disqus.com
URL: https://fortinetblog-1.disqus.com/embed.js

Protocol

SPDY

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

2400:cb00:2048:1::6810:4da6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

eda8f00e9255746e7620848227aca122053845c9b4a90f1b3e26b4cd99af9e25

Security Headers

Name	Value
Strict-Transport-Security	max-age=300; includeSubdomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date: Sun, 19 Aug 2018 19:50:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
status: 200
strict-transport-security: max-age=300; includeSubdomains
content-length: 6605
x-xss-protection: 1; mode=block
timing-allow-origin: *
last-modified: Wed, 07 Mar 2018 01:19:31 GMT
server: cloudflare
fastly-debug-digest: baac760ca1e6f62ea6380d62d4f07b5dfbb97755c19df0448623d4ede950e2e4
etag: "5a9f3e23-19cd"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=31536000, public, immutable, no-transform
cf-ray: 44cf25c4b8f7975c-FRA
expires: Thu, 07 Mar 2019 10:59:25 GMT

GET
H/1.1 200
OK ping Show response
links.services.disqus.com/api/ 294 B
920 B 58ms
58ms XHR
text/javascript 151.101.112.64
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://links.services.disqus.com/api/ping?format=jsonp&key=cfdfcf52dffd0a702a61bad27507376d&loc=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fgandcrab-v4-0-analysis--new-shell--same-old-menace.html&subId=5412148&v=1&jsonp=vglnk_jsonp_15347082094330
Requested by: Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/alfie.f51946af45e0b561c60f768335c9eb79.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.64 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: Apache-Coyote/1.1 /
Resource Hash: df30e1d0bcd3d1b51ef4e9a027034893ba8090f84a92252aa7b493978e9d99a5

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer: https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html
Origin: https://www.fortinet.com

Response headers

Pragma: no-cache
Date: Sun, 19 Aug 2018 19:50:09 GMT
Server: Apache-Coyote/1.1
P3P: CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin: https://www.fortinet.com
Cache-Control: no-cache, no-store
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/javascript;charset=UTF-8
Content-Length: 294
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

112 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

11 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.demdex.net/	1970-01-18 22:37:40	Name: demdex Value: 30347591455497431484000761923051120549
www.fortinet.com/	1969-12-31 23:59:59	Name: st_shares_https://www.fortinet.com/blog/threat-research/gandcrab-v4-0-analysis--new-shell--same-old-menace.html Value: [object Object]
.fortinet.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.fortinet.com/	1970-01-18 18:18:30	Name: gpv_pn Value: www.fortinet.com%2Fblog%2Fthreat-research%2Fgandcrab-v4-0-analysis--new-shell--same-old-menace.html
.fortinet.com/	1970-01-19 11:52:33	Name: mbox Value: session#af877a20090e410f8be98e54fe7ba8b7#1534710069\|PC#af877a20090e410f8be98e54fe7ba8b7.26_30#1597953009
.fortinet.com/	1970-01-19 11:51:06	Name: AMCV_ED8739F75677FE917F000101%40AdobeOrg Value: -330454231%7CMCIDTS%7C17763%7CMCMID%7C30701919064669812843964203262491280941%7CMCAAMLH-1535313008%7C6%7CMCAAMB-1535313008%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1534715408s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-17770%7CvVersion%7C3.1.2
www.fortinet.com/blog/threat-research	1969-12-31 23:59:59	Name: __sharethis_cookie_test__ Value: 1
.fortinet.com/	1970-01-19 00:50:24	Name: __unam Value: 4e8ce6e-16553bcd23e-23b5e30e-1
.fortinet.com/	1969-12-31 23:59:59	Name: AMCVS_ED8739F75677FE917F000101%40AdobeOrg Value: 1
.fortinet.com/	1969-12-31 23:59:59	Name: check Value: true
www.fortinet.com/	1970-01-18 18:18:29	Name: AWSELB Value: ADCDE3710804DABF75CED0801727222EF3B4A37C02AB82F6B4B34B65D91DB92F926500FCE4053BBF2263FFE136272BE68C6476E6DD96F8DEFF40FD294F0D109CB7D0FEDBA6

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.adobedtm.com
buttons-config.sharethis.com
c.disquscdn.com
c.sharethis.mgr.consensu.org
cm.everesttech.net
count-server.sharethis.com
d.adroll.com
disqus.com
dpm.demdex.net
fortinet.demdex.net
fortinet.tt.omtrdc.net
fortinetblog-1.disqus.com
fortinetinc.sc.omtrdc.net
graph.facebook.com
l.sharethis.com
links.services.disqus.com
platform-api.sharethis.com
s.adroll.com
vidassets.terminus.services
www.fortinet.com
www.googletagmanager.com
13.32.223.54
151.101.112.64
151.101.12.134
151.101.192.134
172.227.102.19
172.82.228.19
18.194.222.56
2.16.186.243
2.18.232.23
2.18.233.40
2400:cb00:2048:1::6810:4da6
2a00:1450:4001:821::2008
2a03:2880:f01c:800e:face:b00c:0:2
34.248.66.236
34.251.231.74
52.71.155.233
52.9.7.17
52.9.90.207
54.217.251.76
66.117.28.86
66.117.29.6
0885e959c99611e2301fc0891e286bc7a1eac54fa4e2c7635e195be8963aa1eb
0b6043877e5dd01857f2e94cb94b6c4b7157a088277d0f59a15a9ed9917c9c87
13f9871faf609461bb6206bfa6d9f987e80805137f54655e19177cb52fb3d016
24038492cb3d19fef34ce0a9bc55033f3030c04eeea97a93c22b2ec8914c1316
31ad41eb429a056fb28e89d8c140e7c439ab1f4e72b79a6df23f73d8db433919
3eaf5886f85c6f2592611b9bb3d6fcff29e3cebad3af2846f2b157714c8e4e86
4018c716b7b2fc00807268cb8d517cf94d9560b3238f6ffdecd3e8ac865e9c8f
41eaf6511ba0bd3c49b4d6047e3d307a910236248102a0ae57dd766967568da1
42068879df2ff7e8617b86e15f2796075ed3f050b5752102f2220036cc6b68dd
436c7512cf01cda9c25348730d1782c21a4bf1e8757373670322b22ee0661527
4ce9ed609fccf877301edf2571eb3b7125706ed8f39e5f61ab8a794cd4a975de
5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d
73e9038a52e8087fce8ac2f15051c54e23fedbe6e4d5537a08632b50ec9ffe4d
7f0daa7591ef2b42b26dd9d39102440c242e7fd798e7898a620e5489d67ec73e
8e1e0966b4257e4b292f4a3f03bcb0e235daae15964a0ab22d1176fee2da1e73
9b371a8db8abe7f7f71cec6aa5aa013ceabe949d8ef311ae255debb4297a9c99
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a862642fb3ce1d45b9a0730018cedc1b5ee4eff7347dff7ed8a8d63bff246888
b58042b3caa084f224cc60cb8aa59b30b4219dbc797d2084ffe095e94d2a221a
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cfe3c9db0e1ed41b388acac04e493b060c890ea29390262f780751ee681acebb
d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17
d481efc9433ac72d5fc440adc76a006c52a3e3e45ab09936c533586e45a19af5
d63d617d211aaabb73660debe6d713095b271ee70821adb411c1292935012bd2
d6722d70ee2eeecc81a1424a4a1a6ef145369162a6cf5285ecfc122f79e1af97
df30e1d0bcd3d1b51ef4e9a027034893ba8090f84a92252aa7b493978e9d99a5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e65cf5108c80dca04640eb55670754edbda09df69d96b1c5308dd7aae16e5ae8
e6f6d66459cdaf4ccd8b6a49546f78a77215acef509b0c771738e5c93ddfc2e9
e77d1cca37b1fdf7d24b674dab4a639286ef3f7ffe2d4b7a72e70d5d6bcc5bd7
e81c5a16f377c2cfa0b23c2a98d35eac836b3a07d58cfb855f641b374ec3953d
eb447c1428f829ebfa32dcfdf6c6fafe474b77fa190ed680ee33ca4369c58965
eda8f00e9255746e7620848227aca122053845c9b4a90f1b3e26b4cd99af9e25
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f13cb66d38a0f76c3e2ebb26b0ff6d7a36509a0054a657514ca19e3992feee96
fbf5d901393f5552a007fe5e20ae88c5b8d09a5ae1b972a398d3218e9b013a09

www.fortinet.com Open in urlscan Pro 52.9.7.17 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

39 Requests

100 %HTTPS

14 %IPv6

13 Domains

21 Subdomains

21 IPs

3 Countries

1120 kBTransfer

2353 kBSize

11 Cookies

15 Outgoing links

Redirected requests

39 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.fortinet.com Open in urlscan Pro
52.9.7.17 Public Scan

Screenshot
Live screenshot

Full Image

39
Requests

100 %
HTTPS

14 %
IPv6

13
Domains

21
Subdomains

21
IPs

3
Countries

1120 kB
Transfer

2353 kB
Size

11
Cookies

39 HTTP transactions
2 data transactions