urlscan.io logo urlscan.io
SecurityTrails logo

securelist.com Open in urlscan Pro
185.85.15.34  Public Scan

Go To Rescan Add Verdict Report
URL: https://securelist.com/expert-cross-platform-adwind-rat/73773/
Submission: On May 14 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 20 IPs in 5 countries across 16 domains to perform 53 HTTP transactions. The main IP is 185.85.15.34, located in Russian Federation and belongs to KL-EXT, RU. The main domain is securelist.com.
TLS certificate: Issued by thawte EV SSL CA - G3 on June 8th 2017. Valid for: a year.
This is the only time securelist.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 185.85.15.34 200107 (KL-EXT)
20 185.85.15.25 200107 (KL-EXT)
1 108.161.188.224 54104 (AS-STACKPATH)
1 2.19.34.83 20940 (AKAMAI-ASN1)
3 172.217.22.4 15169 (GOOGLE)
1 4 192.229.233.25 15133 (EDGECAST)
1 104.244.43.80 13414 (TWITTER)
2 104.108.42.122 16625 (AKAMAI-AS)
4 185.60.216.19 32934 (FACEBOOK)
1 3 172.217.23.174 15169 (GOOGLE)
2 104.20.21.239 13335 (CLOUDFLAR...)
1 172.217.21.227 15169 (GOOGLE)
1 192.28.147.68 53580 (MARKETO)
1 104.244.42.197 13414 (TWITTER)
1 104.244.42.67 13414 (TWITTER)
1 173.194.76.157 15169 (GOOGLE)
1 185.60.216.15 32934 (FACEBOOK)
1 93.158.134.227 13238 (YANDEX)
4 185.60.216.35 32934 (FACEBOOK)
1 1 104.244.42.8 13414 (TWITTER)
1 52.209.191.106 16509 (AMAZON-02)
53 20
2    185.85.15.34 (Russian Federation)

ASN200107 (KL-EXT, RU)
securelist.com
kasperskycontenthub.com
20    185.85.15.25 (Russian Federation)

ASN200107 (KL-EXT, RU)
assets.kasperskycontenthub.com
media.kasperskycontenthub.com
1    108.161.188.224 (Los Angeles, United States)

ASN54104 (AS-STACKPATH - netDNA, US)
cdn.securelist.com
1    2.19.34.83 (European Union)

ASN20940 (AKAMAI-ASN1, US)
cdn.optimizely.com
3    172.217.22.4 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s14-in-f4.1e100.net
www.google.com
4    192.229.233.25 (United States)

ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US)
platform.twitter.com
1    104.244.43.80 (San Francisco, United States)

ASN13414 (TWITTER - Twitter Inc., US)
static.ads-twitter.com
2    104.108.42.122 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-108-42-122.deploy.static.akamaitechnologies.com
munchkin.marketo.net
4    185.60.216.19 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)
connect.facebook.net
staticxx.facebook.com
3    172.217.23.174 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s22-in-f174.1e100.net
www.google-analytics.com
apis.google.com
2    104.20.21.239 (San Francisco, United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
rum-static.pingdom.net
rum-collector.pingdom.net
1    172.217.21.227 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s13-in-f3.1e100.net
www.gstatic.com
1    192.28.147.68 (San Mateo, United States)

ASN53580 (MARKETO - MARKETO, Inc., US)
802-ijn-240.mktoresp.com
1    104.244.42.197 (San Francisco, United States)

ASN13414 (TWITTER - Twitter Inc., US)
t.co
1    104.244.42.67 (San Francisco, United States)

ASN13414 (TWITTER - Twitter Inc., US)
analytics.twitter.com
1    173.194.76.157 (Portage, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: ws-in-f157.1e100.net
stats.g.doubleclick.net
1    185.60.216.15 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)
graph.facebook.com
1    93.158.134.227 (Russian Federation)

ASN13238 (YANDEX, RU)
PTR: share-proxy-balancer.stable.qloud-b.yandex.net
share.yandex.ru
4    185.60.216.35 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)
www.facebook.com
1    104.244.42.8 (San Francisco, United States)

ASN13414 (TWITTER - Twitter Inc., US)
syndication.twitter.com
1    52.209.191.106 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-209-191-106.eu-west-1.compute.amazonaws.com
rum-collector-2.pingdom.net
Domain Requested by
16 assets.kasperskycontenthub.com securelist.com
cdn.optimizely.com
cdn.securelist.com
4 www.facebook.com securelist.com
connect.facebook.net
4 platform.twitter.com 1 redirects securelist.com
platform.twitter.com
4 media.kasperskycontenthub.com securelist.com
3 connect.facebook.net securelist.com
connect.facebook.net
3 www.google.com securelist.com
www.gstatic.com
2 www.google-analytics.com 1 redirects securelist.com
2 munchkin.marketo.net securelist.com
munchkin.marketo.net
1 rum-collector.pingdom.net
1 rum-collector-2.pingdom.net rum-static.pingdom.net
1 syndication.twitter.com 1 redirects
1 staticxx.facebook.com connect.facebook.net
1 share.yandex.ru cdn.securelist.com
1 graph.facebook.com cdn.securelist.com
1 stats.g.doubleclick.net securelist.com
1 analytics.twitter.com static.ads-twitter.com
1 t.co securelist.com
1 802-ijn-240.mktoresp.com munchkin.marketo.net
1 www.gstatic.com www.google.com
1 apis.google.com securelist.com
1 rum-static.pingdom.net securelist.com
1 static.ads-twitter.com securelist.com
1 cdn.optimizely.com securelist.com
1 kasperskycontenthub.com securelist.com
1 cdn.securelist.com securelist.com
1 securelist.com
53 26
Subject Issuer Validity Valid
securelist.com
thawte EV SSL CA - G3		 2017-06-08 -
2018-06-20		 a year crt.sh
cdn.securelist.com
Thawte RSA CA 2018		 2018-02-06 -
2019-02-24		 a year crt.sh
*.twimg.com
DigiCert SHA2 High Assurance Server CA		 2017-12-02 -
2018-12-05		 a year crt.sh
www.google.com
Google Internet Authority G3		 2018-04-24 -
2018-07-17		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2017-12-15 -
2019-03-22		 a year crt.sh

This page contains 8 frames:

Primary Page: https://securelist.com/expert-cross-platform-adwind-rat/73773/
Frame ID: 2AEBCA2F6140836507035ACCFA60ABC5
Requests: 46 HTTP requests in this frame

Frame: https://platform.twitter.com/widgets/widget_iframe.d383dc1d510865aceaa5e552afcf5663.html?origin=https%3A%2F%2Fsecurelist.com&settingsEndpoint=https%3A%2F%2Fsyndication.twitter.com%2Fsettings
Frame ID: 192B827358F1051C0BFB075BB42031B1
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfhf_8SAAAAAFOLFS54H1lR_oQ5pW_j7-h30oa1&co=aHR0cHM6Ly9zZWN1cmVsaXN0LmNvbTo0NDM.&hl=en&v=v1525674693836&theme=standard&size=normal&cb=o5w3yva7t20
Frame ID: BDF3E4EDDE558C367600AF9A90716172
Requests: 1 HTTP requests in this frame

Frame: https://staticxx.facebook.com/connect/xd_arbiter/r/RQ7NiRXMcYA.js?version=42
Frame ID: 20CDE718A564E5A8CB1A5D9AABEC1682
Requests: 1 HTTP requests in this frame

Frame: https://platform.twitter.com/jot.html
Frame ID: AA3312AB827F27D251A536AFE2566B79
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=en&v=v1525674693836&k=6Lfhf_8SAAAAAFOLFS54H1lR_oQ5pW_j7-h30oa1&cb=o3teoda7pcai
Frame ID: 43D2D021EF14C4468A169F8B752A0B37
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/connect/ping?client_id=160639043985664&domain=securelist.com&origin=1&redirect_uri=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FRQ7NiRXMcYA.js%3Fversion%3D42%23cb%3Df2d1e70ddec31a8%26domain%3Dsecurelist.com%26origin%3Dhttps%253A%252F%252Fsecurelist.com%252Ff2f90cb977e8e4%26relation%3Dparent&response_type=token%2Csigned_request%2Ccode&sdk=joey&version
Frame ID: D7956ED4C666B95296E1C1630C8D21EC
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 6B6BBDEF807528F7EB820D760C3670FC
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+wp-(?:content|includes)/i
  • script /\/wp-includes\//i
Overall confidence: 100%
Detected patterns
  • html /<link rel=["']stylesheet["'] [^>]+wp-(?:content|includes)/i
  • script /\/wp-includes\//i
Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
  • env /^gaGlobal$/i
Overall confidence: 100%
Detected patterns
  • script /apis\.google\.com\/js\/[a-z]*\.js/i
Overall confidence: 100%
Detected patterns
  • env /^Hammer$/i
Overall confidence: 100%
Detected patterns
  • script /munchkin\.marketo\.net\/munchkin\.js/i
  • env /^Munchkin$/i
Overall confidence: 100%
Detected patterns
  • script /optimizely\.com.*\.js/i
  • env /^optimizely$/i
Overall confidence: 100%
Detected patterns
  • script /\/\/platform\.twitter\.com\/widgets\.js/i
Overall confidence: 100%
Detected patterns
  • script /jquery.*\.js/i
  • env /^jQuery$/i
Overall confidence: 100%
Detected patterns
  • env /^Recaptcha$/i

Page Statistics

53
Requests

17 %
HTTPS

0 %
IPv6

16
Domains

26
Subdomains

20
IPs

5
Countries

795 kB
Transfer

1861 kB
Size

12
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 9
  • https://platform.twitter.com/oct.js HTTP 302
  • https://static.ads-twitter.com/oct.js
Request Chain 37
  • https://www.google-analytics.com/r/collect?v=1&_v=j67&aip=1&a=1750304253&t=pageview&_s=1&dl=https%3A%2F%2Fsecurelist.com%2Fexpert-cross-platform-adwind-rat%2F73773%2F&ul=en-us&de=UTF-8&dt=Expert%3A%20cross-platform%20Adwind%20RAT%20-%20Securelist&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=YEBAAEAB~&jid=1641052457&gjid=776260248&cid=815980307.1526310415&tid=UA-15857463-1&_gid=773534471.1526310415&_r=1&cd1=GReAT&cd2=73773&cd3=2016-02-11&cd4=Featured%2C%20Opinion&cd5=Backdoor%2C%20Cross-platform%20malware%2C%20Cyber%20espionage%2C%20Cybercrime%2C%20Java%2C%20RAT%20Trojan%2C%20Spear-Phishing%2C%20Targeted%20Attacks%2C%20TheSAS2016&z=1983364288 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-15857463-1&cid=815980307.1526310415&jid=1641052457&_gid=773534471.1526310415&gjid=776260248&_v=j67&z=1983364288
Request Chain 46
  • https://syndication.twitter.com/i/jot HTTP 302
  • https://platform.twitter.com/jot.html

53 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
securelist.com/expert-cross-platform-adwind-rat/73773/ 		44 KB
16 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://securelist.com/expert-cross-platform-adwind-rat/73773/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
185.85.15.34 , Russian Federation, ASN200107 (KL-EXT, RU),
Reverse DNS
Software
/ Kaspersky Labs
Resource Hash
36395825cd10bbb8e0d729de0da849300520cd377474970e4d4f834de44a8367
Security Headers
Name Value
Content-Security-Policy connect-src 'self' https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.mktoresp.com https://*.optimizely.com https://*.pingdom.net https://*.reddit.com https://*.securelist.com https://*.youtube.com https://cdn.securelist.com https://e.infogram.com https://hn.algolia.com https://kasperskycontenthub.com https://securelist.com https://www.google-analytics.com; default-src 'self' https://*.securelist.com https://cdn.securelist.com https://kasperskycontenthub.com https://kasperskycontenthub.com/securelist https://securelist.com; font-src 'self' data: https://*.gstatic.com https://*.securelist.com https://*.wp.com https://assets.kasperskycontenthub.com https://cdn.securelist.com https://fonts.googleapis.com https://fonts.gstatic.com https://kasperskycontenthub.com https://securelist.com; frame-src 'self' http://*.slideshare.net https://*.addthis.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.infogram.com https://*.instagram.com https://*.libsyn.com https://*.marketo.com https://*.securelist.com https://*.sharethis.com https://*.slideshare.net https://*.twitter.com https://*.wp.com https://*.youtube.com https://cdn.securelist.com https://kasperskycontenthub.com https://player.vimeo.com https://s-static.ak.facebook.com https://securelist.com https://tpc.googlesyndication.com https://www.brighttalk.com; img-src 'self' data: http://*.netdna-cdn.com http://*.wordpress.com http://*.wp.com http://assets.kasperskycontenthub.com http://assets.kasperskydaily.com http://d2538mqrb7brka.cloudfront.net http://forum.kasperskyclub.ru http://i0.poll.fm http://media.kasperskycontenthub.com http://media.kasperskydaily.com https://*.addthis.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.gravatar.com https://*.gstatic.com https://*.infogram.com https://*.instagram.com https://*.netdna-cdn.com https://*.netdna-ssl.com https://*.securelist.com https://*.sharethis.com https://*.staticflickr.com https://*.twimg.com https://*.twitter.com https://*.wordpress.com https://*.wp.com https://*.ytimg.com https://addevent.com https://assets.kasperskycontenthub.com https://assets.kasperskydaily.com https://blog.kaspersky.com https://cdn.securelist.com https://csi.gstatic.com https://d1srlirzdlmpew.cloudfront.net https://d2538mqrb7brka.cloudfront.net https://geo.yahoo.com https://images.telechargement.fr https://instagramimages-a.akamaihd.net https://kaspersky.d2.sc.omtrdc.net https://kasperskycontenthub.com https://m.addthis.com https://maps.googleapis.com https://media.kasperskycontenthub.com https://media.kasperskydaily.com https://player.vimeo.com https://polldaddy.com https://rum-collector.pingdom.net https://s.w.org https://s3-eu-west-1.amazonaws.com https://scontent.cdninstagram.com https://securelist.com https://stats.g.doubleclick.net https://t.co https://threatpost.com https://track.addevent.com; object-src 'self' https://*.securelist.com https://kasperskycontenthub.com https://player.vimeo.com https://polldaddy.com https://securelist.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://assets.kasperskycontenthub.com https://*.addevent.com https://*.addthis.com https://*.cloudfront.net https://*.crazyegg.com https://*.demdex.net https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.flickr.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.gravatar.com https://*.gstatic.com https://*.instagram.com https://*.kaspersky.com https://*.marketo.com https://*.marketo.net https://*.optimizely.com https://*.polldaddy.com https://*.securelist.com https://*.sharethis.com https://*.twimg.com https://*.twitter.com https://*.woopra.com https://*.wp.com https://addthisevent.com https://adservice.google.com https://adservice.google.hr https://adservice.google.ru https://assets.adobedtm.com https://assets.kasperskycontenthub.com https://cdn.optimizely.com https://cdn.securelist.com https://connect.facebook.net https://connect.mail.ru https://e.infogram.com https://kaspersky.d2.sc.omtrdc.net https://kasperskycontenthub.com https://m.addthis.com https://m.addthisedge.com https://munchkin.marketo.net https://player.vimeo.com https://rum-static.pingdom.net https://script.crazyegg.com https://securelist.com https://share.yandex.ru/ https://static.ads-twitter.com https://vk.com https://www.addevent.com https://www.brighttalk.com https://www.flickr.com https://www.googletagmanager.com https://www.googletagservices.com https://www.linkedin.com; style-src 'self' 'unsafe-inline' http://*.googleapis.com http://assets.kasperskycontenthub.com https://*.googleapis.com https://*.gravatar.com https://*.kaspersky.com https://*.marketo.com https://*.securelist.com https://*.sharethis.com https://*.twimg.com https://*.twitter.com https://*.wp.com https://assets.kasperskycontenthub.com https://cdn.securelist.com https://fonts.googleapis.com https://kasperskycontenthub.com https://s0.wp.com https://secure.gravatar.com https://securelist.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
securelist.com
:scheme
https
:path
/expert-cross-platform-adwind-rat/73773/
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
accept-encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
2AEBCA2F6140836507035ACCFA60ABC5

Response headers

status
200
cache-control
max-age=14400, must-revalidate
content-type
text/html; charset=UTF-8
content-encoding
gzip
vary
Accept-Encoding,Cookie
server
content-security-policy
connect-src 'self' https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.mktoresp.com https://*.optimizely.com https://*.pingdom.net https://*.reddit.com https://*.securelist.com https://*.youtube.com https://cdn.securelist.com https://e.infogram.com https://hn.algolia.com https://kasperskycontenthub.com https://securelist.com https://www.google-analytics.com; default-src 'self' https://*.securelist.com https://cdn.securelist.com https://kasperskycontenthub.com https://kasperskycontenthub.com/securelist https://securelist.com; font-src 'self' data: https://*.gstatic.com https://*.securelist.com https://*.wp.com https://assets.kasperskycontenthub.com https://cdn.securelist.com https://fonts.googleapis.com https://fonts.gstatic.com https://kasperskycontenthub.com https://securelist.com; frame-src 'self' http://*.slideshare.net https://*.addthis.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.infogram.com https://*.instagram.com https://*.libsyn.com https://*.marketo.com https://*.securelist.com https://*.sharethis.com https://*.slideshare.net https://*.twitter.com https://*.wp.com https://*.youtube.com https://cdn.securelist.com https://kasperskycontenthub.com https://player.vimeo.com https://s-static.ak.facebook.com https://securelist.com https://tpc.googlesyndication.com https://www.brighttalk.com; img-src 'self' data: http://*.netdna-cdn.com http://*.wordpress.com http://*.wp.com http://assets.kasperskycontenthub.com http://assets.kasperskydaily.com http://d2538mqrb7brka.cloudfront.net http://forum.kasperskyclub.ru http://i0.poll.fm http://media.kasperskycontenthub.com http://media.kasperskydaily.com https://*.addthis.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.gravatar.com https://*.gstatic.com https://*.infogram.com https://*.instagram.com https://*.netdna-cdn.com https://*.netdna-ssl.com https://*.securelist.com https://*.sharethis.com https://*.staticflickr.com https://*.twimg.com https://*.twitter.com https://*.wordpress.com https://*.wp.com https://*.ytimg.com https://addevent.com https://assets.kasperskycontenthub.com https://assets.kasperskydaily.com https://blog.kaspersky.com https://cdn.securelist.com https://csi.gstatic.com https://d1srlirzdlmpew.cloudfront.net https://d2538mqrb7brka.cloudfront.net https://geo.yahoo.com https://images.telechargement.fr https://instagramimages-a.akamaihd.net https://kaspersky.d2.sc.omtrdc.net https://kasperskycontenthub.com https://m.addthis.com https://maps.googleapis.com https://media.kasperskycontenthub.com https://media.kasperskydaily.com https://player.vimeo.com https://polldaddy.com https://rum-collector.pingdom.net https://s.w.org https://s3-eu-west-1.amazonaws.com https://scontent.cdninstagram.com https://securelist.com https://stats.g.doubleclick.net https://t.co https://threatpost.com https://track.addevent.com; object-src 'self' https://*.securelist.com https://kasperskycontenthub.com https://player.vimeo.com https://polldaddy.com https://securelist.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://assets.kasperskycontenthub.com https://*.addevent.com https://*.addthis.com https://*.cloudfront.net https://*.crazyegg.com https://*.demdex.net https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.flickr.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.gravatar.com https://*.gstatic.com https://*.instagram.com https://*.kaspersky.com https://*.marketo.com https://*.marketo.net https://*.optimizely.com https://*.polldaddy.com https://*.securelist.com https://*.sharethis.com https://*.twimg.com https://*.twitter.com https://*.woopra.com https://*.wp.com https://addthisevent.com https://adservice.google.com https://adservice.google.hr https://adservice.google.ru https://assets.adobedtm.com https://assets.kasperskycontenthub.com https://cdn.optimizely.com https://cdn.securelist.com https://connect.facebook.net https://connect.mail.ru https://e.infogram.com https://kaspersky.d2.sc.omtrdc.net https://kasperskycontenthub.com https://m.addthis.com https://m.addthisedge.com https://munchkin.marketo.net https://player.vimeo.com https://rum-static.pingdom.net https://script.crazyegg.com https://securelist.com https://share.yandex.ru/ https://static.ads-twitter.com https://vk.com https://www.addevent.com https://www.brighttalk.com https://www.flickr.com https://www.googletagmanager.com https://www.googletagservices.com https://www.linkedin.com; style-src 'self' 'unsafe-inline' http://*.googleapis.com http://assets.kasperskycontenthub.com https://*.googleapis.com https://*.gravatar.com https://*.kaspersky.com https://*.marketo.com https://*.securelist.com https://*.sharethis.com https://*.twimg.com https://*.twitter.com https://*.wp.com https://assets.kasperskycontenthub.com https://cdn.securelist.com https://fonts.googleapis.com https://kasperskycontenthub.com https://s0.wp.com https://secure.gravatar.com https://securelist.com
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000; includeSubDomains
x-pingback
https://securelist.com/xmlrpc.php
link
<https://securelist.com/wp-json/>; rel="https://api.w.org/" <https://securelist.com/?p=73773>; rel=shortlink
wpe-backend
apache
x-wpe-loopback-upstream-addr
127.0.0.1:6789
x-cacheable
YES:14400.000
x-cache
MISS
x-pass-why
x-cache-group
normal
x-type
default
x-xss-protection
1; mode=block
x-content-type-options
nosniff
x-ua-compatible
IE=Edge,chrome=1
set-cookie
ClientRouteBlogs=b64f3b72fbdf7d198b85cd31ea8819a4309083059ba56a69ca2b87f04656c976;Path=/;Domain=securelist.com
x-powered-by
Kaspersky Labs
x-server
fr2/
date
Mon, 14 May 2018 15:06:51 GMT
content-length
12427
/
assets.kasperskycontenthub.com/wp-content/plugins/bwp-minify/min/ 		153 KB
32 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://assets.kasperskycontenthub.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/crayon-syntax-highlighter/css/min/crayon.min.css,wp-content/plugins/jquery-collapse-o-matic/light_style.css,wp-content/plugins/wds-securelist-widgets/css/securelist-plugin-styles.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/themes/securelist/css/fonts-lat.css,wp-content/themes/securelist/style.css,wp-content/themes/securelist/css/responsive.css,wp-content/themes/securelist/css/plugins.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css&ver=1526310273
Requested by
Host: securelist.com
URL: https://securelist.com/expert-cross-platform-adwind-rat/73773/
Protocol
SPDY
Server
185.85.15.25 , Russian Federation, ASN200107 (KL-EXT, RU),
Reverse DNS
Software
/ Kaspersky Labs, Kaspersky Labs
Resource Hash
319fd01db1a83a39f5de679fd76b032c5e8460669d478ed144adf957cdb57f8a

Request headers

Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

x-type
long-cache
x-cache-group
normal
content-encoding
gzip
x-cacheable
YES:14400.000
age
112
x-powered-by
Kaspersky Labs, Kaspersky Labs
x-cache
Hit from cloudfront
status
200
content-length
32531
access-control-allow-origin
*
x-pass-why
last-modified
Fri, 09 Feb 2018 14:47:59 GMT
server
x-wpe-loopback-upstream-addr
127.0.0.1:6789
date
Mon, 14 May 2018 15:06:49 GMT
vary
Accept-Encoding,Accept-Encoding
content-type
text/css; charset=utf-8
via
1.1 f131f7f70cfd3a8b96a854e1f446f33b.cloudfront.net (CloudFront)
cache-control
public, max-age=2592000
x-server
fr1/fr2/
x-amz-cf-id
9213LVC9elJVVRyUtWv8op3_rY2m6_a4Fe83dM4mr8TrAX0hvW3cMQ==
wpe-backend
apache
expires
Tue, 15 May 2018 15:04:58 GMT
/
assets.kasperskycontenthub.com/wp-content/plugins/bwp-minify/min/ 		387 B
377 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://assets.kasperskycontenthub.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/taxonomy-images/css/style.css&ver=1526310273
Requested by
Host: securelist.com
URL: https://securelist.com/expert-cross-platform-adwind-rat/73773/
Protocol
SPDY
Server
185.85.15.25 , Russian Federation, ASN200107 (KL-EXT, RU),
Reverse DNS
Software
/ Kaspersky Labs, Kaspersky Labs
Resource Hash
484aee1b81286040100dad5243407bd64be9aa7fc389b87ef2acd03451bc6888

Request headers

Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

x-type
long-cache
x-cache-group
normal
content-encoding
gzip
x-cacheable
YES:14400.000
age
113
x-powered-by
Kaspersky Labs, Kaspersky Labs
x-cache
Hit from cloudfront
status
200
content-length
202
access-control-allow-origin
*
x-pass-why
last-modified
Mon, 17 Apr 2017 06:14:49 GMT
server
x-wpe-loopback-upstream-addr
127.0.0.1:6789
date
Mon, 14 May 2018 15:06:49 GMT
vary
Accept-Encoding,Accept-Encoding
content-type
text/css; charset=utf-8
via
1.1 bc4389d82338e569938d96a220607237.cloudfront.net (CloudFront)
cache-control
public, max-age=2592000
x-server
fr1/fr2/
x-amz-cf-id
ATx8kD5-rD2MMG9AG20xo-Mz3GHAKVnTxlQfFsvXnJnsCljWdmN6xw==
wpe-backend
apache
expires
Tue, 15 May 2018 15:04:57 GMT
/
assets.kasperskycontenthub.com/wp-content/plugins/bwp-minify/min/ 		3 KB
970 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://assets.kasperskycontenthub.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1526310273
Requested by
Host: securelist.com
URL: https://securelist.com/expert-cross-platform-adwind-rat/73773/
Protocol
SPDY
Server
185.85.15.25 , Russian Federation, ASN200107 (KL-EXT, RU),
Reverse DNS
Software
/ Kaspersky Labs, Kaspersky Labs
Resource Hash
001020074fce061b86caeaebd1aeccff49b74d405137486eb293296f023519a2

Request headers

Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

x-type
long-cache
x-cache-group
normal
content-encoding
gzip
x-cacheable
YES:14400.000
age
113
x-powered-by
Kaspersky Labs, Kaspersky Labs
x-cache
Hit from cloudfront
status
200
content-length
822
access-control-allow-origin
*
x-pass-why
last-modified
Mon, 17 Apr 2017 06:14:49 GMT
server
x-wpe-loopback-upstream-addr
127.0.0.1:6789
date
Mon, 14 May 2018 15:06:49 GMT
vary
Accept-Encoding,Accept-Encoding
content-type
text/css; charset=utf-8
via
1.1 53e3dfdf8efd0c06e5d27cfdbfbe5876.cloudfront.net (CloudFront)
cache-control
public, max-age=2592000
x-server
fr1/fr2/
x-amz-cf-id
LzSJJxFy8f9pOvFpZ0irroAYbAftPHoiwwMS5ILj14aCv3lw6ls4ag==
wpe-backend
apache
expires
Tue, 15 May 2018 15:04:57 GMT
jquery.js
cdn.securelist.com/wp-includes/js/jquery/ 		95 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.securelist.com/wp-includes/js/jquery/jquery.js?ver=1.12.4
Requested by
Host: securelist.com
URL: https://securelist.com/expert-cross-platform-adwind-rat/73773/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
108.161.188.224 Los Angeles, United States, ASN54104 (AS-STACKPATH - netDNA, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
fc48d1d80ece71a79a7b39877f4104d49d3da6c3665cf6dc203000fb7df4447e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

:path
/wp-includes/js/jquery/jquery.js?ver=1.12.4
pragma
no-cache
cookie
ClientRouteBlogs=b64f3b72fbdf7d198b85cd31ea8819a4309083059ba56a69ca2b87f04656c976
accept-encoding
gzip, deflate
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept
*/*
cache-control
no-cache
:authority
cdn.securelist.com
referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
:scheme
https
:method
GET
Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

x-type
static/known
date
Mon, 14 May 2018 15:06:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 17 Apr 2017 06:14:51 GMT
server
NetDNA-cache/2.2
status
200
etag
W/"58f45d5b-17ba0"
vary
Accept-Encoding
x-cache
HIT
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public, max-age=2592000
/
assets.kasperskycontenthub.com/wp-content/plugins/bwp-minify/min/ 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.kasperskycontenthub.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/kaspersky-cookies-notification/languages/en_US/alert_text.js,wp-content/plugins/kaspersky-cookies-notification/scripts/alert.js,wp-content/plugins/honeypot-comments/public/assets/js/public.js,wp-content/plugins/kspr_twitter_pullquote/js/kaspersky-twitter-pullquote.js,wp-content/plugins/kaspersky-social-sharing/assets/js/social-share.js&ver=1526310273
Requested by
Host: securelist.com
URL: https://securelist.com/expert-cross-platform-adwind-rat/73773/
Protocol
SPDY
Server
185.85.15.25 , Russian Federation, ASN200107 (KL-EXT, RU),
Reverse DNS
Software
/ Kaspersky Labs, Kaspersky Labs
Resource Hash
aa48d80ae8c79e7b0dc15723099e5442eb7406a6ea7dcb89ca0332e3f4fa8215

Request headers

Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

x-type
long-cache
x-cache-group
normal
content-encoding
gzip
x-cacheable
YES:14400.000
age
112
x-powered-by
Kaspersky Labs, Kaspersky Labs
x-cache
Hit from cloudfront
status
200
content-length
5866
access-control-allow-origin
*
x-pass-why
last-modified
Fri, 11 May 2018 17:00:57 GMT
server
x-wpe-loopback-upstream-addr
127.0.0.1:6789
date
Mon, 14 May 2018 15:06:49 GMT
vary
Accept-Encoding,Accept-Encoding
content-type
application/x-javascript; charset=utf-8
via
1.1 5954578e851092964f39f2f5f0596950.cloudfront.net (CloudFront)
cache-control
public, max-age=2592000
x-server
fr1/fr2/
x-amz-cf-id
F9_9iHNPn2x8e3seKbgALeyHB7_YH7IwU8kkzhadRqSw1UFmWRSiJQ==
wpe-backend
apache
expires
Tue, 15 May 2018 15:04:57 GMT
/
kasperskycontenthub.com/ 		0
103 B 		Script
General
Check archive.org
Download Go to
Full URL
https://kasperskycontenthub.com/?dm=ed1f9e435dc885292eab65620c51f3fb&action=load&blogid=43&siteid=1&t=536955859&back=https%3A%2F%2Fsecurelist.com%2Fexpert-cross-platform-adwind-rat%2F73773%2F
Requested by
Host: securelist.com
URL: https://securelist.com/expert-cross-platform-adwind-rat/73773/
Protocol
SPDY
Server
185.85.15.34 , Russian Federation, ASN200107 (KL-EXT, RU),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

cache-control
max-age=14400, must-revalidate
content-type
text/html; charset=UTF-8
3431070370.js
cdn.optimizely.com/js/ 		170 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.optimizely.com/js/3431070370.js
Requested by
Host: securelist.com
URL: https://securelist.com/expert-cross-platform-adwind-rat/73773/
Protocol
HTTP/1.1
Server
2.19.34.83 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
bcbfbc1990e303c9d1cc88d1070306355e390389ccb1ad029691e7753bd5aa39
Security Headers
Name Value
Strict-Transport-Security max-age=86400

Request headers

Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

x-amz-version-id
r5RVI8qwLXNb2LYUXlsnDqfR7RDirBzq
Content-Encoding
gzip
ETag
"63b068e22cf0d2fbcb0b553f36a04e4d"
x-amz-request-id
BD627BAEBCC9DDFD
x-amz-meta-revision
34
x-amz-replication-status
COMPLETED
Access-Control-Allow-Methods
GET, HEAD
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
62071
x-amz-id-2
BDszoGnW26HQ4ve+De349BU2K4/c7JFFGWC8fk6WvIkR2OSrkmqMjQfSikJDxXPCQ8Tw8JcJcs0=
Last-Modified
Thu, 01 Mar 2018 22:23:46 GMT
Server
AmazonS3
Date
Mon, 14 May 2018 15:06:54 GMT
Access-Control-Max-Age
86400
Strict-Transport-Security
max-age=86400
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Access-Control-Expose-Headers
x-amz-meta-revision
Cache-Control
max-age=120
Accept-Ranges
bytes
Timing-Allow-Origin
*
Access-Control-Allow-Headers
*
Banner_370x370_EN-1.jpg
media.kasperskycontenthub.com/wp-content/uploads/sites/43/2017/10/07170458/ 		27 KB
27 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2017/10/07170458/Banner_370x370_EN-1.jpg
Requested by
Host: securelist.com
URL: https://securelist.com/expert-cross-platform-adwind-rat/73773/
Protocol
SPDY
Server
185.85.15.25 , Russian Federation, ASN200107 (KL-EXT, RU),
Reverse DNS
Software
/ Kaspersky Labs
Resource Hash
cb5255e725fd8ad9c2fb13800e3de032b206fc6b37dd6afd3f83bbd20404bd2e

Request headers

Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Mon, 14 May 2018 15:06:49 GMT
via
1.1 a5dd7270846a000392d2981b8c28634f.cloudfront.net (CloudFront)
age
2238482
x-powered-by
Kaspersky Labs
x-cache
Hit from cloudfront
status
200
content-length
27413
last-modified
Wed, 07 Mar 2018 17:04:59 GMT
server
etag
"ab0faeff6bb3b76cea7f9e5cc5c4dbec"
content-type
image/jpeg
cache-control
max-age=31536000
x-server
fr1/
accept-ranges
bytes
x-amz-cf-id
21ZWkiOut0_DhSEaaDy5Px9QxM2i88Vra8sc_hcBCR5GpIheU1rf4w==
expires
Thu, 07 Mar 2019 17:04:58 GMT
api.js
www.google.com/recaptcha/ 		763 B
542 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?hl=en
Requested by
Host: securelist.com
URL: https://securelist.com/expert-cross-platform-adwind-rat/73773/
Protocol
SPDY
Server
172.217.22.4 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s14-in-f4.1e100.net
Software
GSE /
Resource Hash
c58eefa453e4b86d8e5ae369b2739837bc82d39f8c21dba4bea3520efc9bac19
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Mon, 14 May 2018 15:06:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
status
200
cache-control
private, max-age=300
alt-svc
hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
449
x-xss-protection
1; mode=block
expires
Mon, 14 May 2018 15:06:54 GMT
oct.js
static.ads-twitter.com/
Redirect Chain
  • https://platform.twitter.com/oct.js
  • https://static.ads-twitter.com/oct.js
5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ads-twitter.com/oct.js
Requested by
Host: securelist.com
URL: https://securelist.com/expert-cross-platform-adwind-rat/73773/
Protocol
SPDY
Server
104.244.43.80 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US),
Reverse DNS
Software
/
Resource Hash
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5

Request headers

Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Mon, 14 May 2018 15:06:54 GMT
content-encoding
gzip
age
54508
x-cache
HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200
content-length
1954
x-served-by
cache-tw-fra1-cr1-9-TWFRA1
last-modified
Tue, 23 Jan 2018 19:05:33 GMT
x-timer
S1526310414.066034,VS0,VE0
etag
"b7b33882a4f3ffd5cbf07434f3137166+gzip"
vary
Accept-Encoding,Host
content-type
application/javascript; charset=utf-8
via
1.1 varnish
cache-control
no-cache
accept-ranges
bytes

Redirect headers

Location
https://static.ads-twitter.com/oct.js
Date
Mon, 14 May 2018 15:06:54 GMT
Server
ECS (fcn/41A2)
Content-Length
0
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
/
assets.kasperskycontenthub.com/wp-content/plugins/bwp-minify/min/ 		108 KB
15 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://assets.kasperskycontenthub.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/gravityforms/css/formreset.min.css,wp-content/plugins/gravityforms/css/formsmain.min.css,wp-content/plugins/gravityforms/css/readyclass.min.css,wp-content/plugins/gravityforms/css/browsers.min.css,wp-content/plugins/gravityformsmailchimp/css/form_settings.css&ver=1526310273
Requested by
Host: securelist.com
URL: https://securelist.com/expert-cross-platform-adwind-rat/73773/
Protocol
SPDY
Server
185.85.15.25 , Russian Federation, ASN200107 (KL-EXT, RU),
Reverse DNS
Software
/ Kaspersky Labs, Kaspersky Labs
Resource Hash
443efbf367d2c260ea52c7dd8d4abba80f93fa69f24d523affce71a7a7ed32d2

Request headers

Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

x-type
long-cache
x-cache-group
normal
content-encoding
gzip
x-cacheable
YES:14400.000
age
112
x-powered-by
Kaspersky Labs, Kaspersky Labs
x-cache
Hit from cloudfront
status
200
content-length
15102
access-control-allow-origin
*
x-pass-why
last-modified
Mon, 17 Apr 2017 06:14:49 GMT
server
x-wpe-loopback-upstream-addr
127.0.0.1:6789
date
Mon, 14 May 2018 15:06:49 GMT
vary
Accept-Encoding,Accept-Encoding
content-type
text/css; charset=utf-8
via
1.1 281d5965f165d7acaf2c52921da12d67.cloudfront.net (CloudFront)
cache-control
public, max-age=2592000
x-server
fr1/fr2/
x-amz-cf-id
DFwHia6zB0TqcXh_k19Bp9blR2ED3DIlHFGQoTrmlgSlPM83D21T_A==
wpe-backend
apache
expires
Tue, 15 May 2018 15:04:57 GMT
/
assets.kasperskycontenthub.com/wp-content/plugins/bwp-minify/min/ 		81 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.kasperskycontenthub.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/crayon-syntax-highlighter/js/min/crayon.min.js,wp-content/plugins/wds-no-login-autocomplete/js/script.js,wp-content/plugins/wds-securelist-widgets/js/jquery.mousewheel.js,wp-content/plugins/wds-securelist-widgets/js/jquery.antiscroll.js,wp-content/themes/securelist/js/jquery.tinycarousel.min.js,wp-content/plugins/wds-securelist-widgets/js/securelist-plugin-scripts.js,wp-includes/js/jquery/ui/core.min.js,wp-content/themes/securelist/js/jquery.magnific-popup.min.js,wp-content/themes/securelist/js/jquery.bpopup.min.js,wp-content/themes/securelist/js/jquery.slides.js&ver=1526310273
Requested by
Host: securelist.com
URL: https://securelist.com/expert-cross-platform-adwind-rat/73773/
Protocol
SPDY
Server
185.85.15.25 , Russian Federation, ASN200107 (KL-EXT, RU),
Reverse DNS
Software
/ Kaspersky Labs, Kaspersky Labs
Resource Hash
07751e421cdfa3f2c93bfb302ef60df17d8867347420ab00d1a1beb11a459786

Request headers

Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

x-type
long-cache
x-cache-group
normal
content-encoding
gzip
x-cacheable
YES:14400.000
age
113
x-powered-by
Kaspersky Labs, Kaspersky Labs
x-cache
Hit from cloudfront
status
200
content-length
24727
access-control-allow-origin
*
x-pass-why
last-modified
Wed, 21 Jun 2017 14:32:46 GMT
server
x-wpe-loopback-upstream-addr
127.0.0.1:6789
date
Mon, 14 May 2018 15:06:49 GMT
vary
Accept-Encoding,Accept-Encoding
content-type
application/x-javascript; charset=utf-8
via
1.1 e7c35757c4581d46396ae4c0a48815ef.cloudfront.net (CloudFront)
cache-control
public, max-age=2592000
x-server
fr1/fr2/
x-amz-cf-id
4zhV1e5gwjbXz7IvPd864KbDsqbR6EUrv1yNs8nLY8a2C_RQ5D5vPA==
wpe-backend
apache
expires
Tue, 15 May 2018 15:04:57 GMT
/
assets.kasperskycontenthub.com/wp-content/plugins/bwp-minify/min/ 		99 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.kasperskycontenthub.com/wp-content/plugins/bwp-minify/min/?f=wp-content/themes/securelist/js/jquery.flexslider-min.js,wp-content/themes/securelist/js/jquery.truncate.min.js,wp-content/themes/securelist/js/jquery.flexnav.min.js,wp-content/themes/securelist/js/jquery.sticky.js,wp-content/themes/securelist/js/doubletaptogo.min.js,wp-content/themes/securelist/js/hammer.min.js,wp-content/themes/securelist/js/jquery.tosrus.min.all.js,wp-content/themes/securelist/js/functions.js,wp-includes/js/comment-reply.min.js,wp-content/plugins/kaspersky-tracking/js/external-tracking.js&ver=1526310273
Requested by
Host: securelist.com
URL: https://securelist.com/expert-cross-platform-adwind-rat/73773/
Protocol
SPDY
Server
185.85.15.25 , Russian Federation, ASN200107 (KL-EXT, RU),
Reverse DNS
Software
/ Kaspersky Labs, Kaspersky Labs
Resource Hash
4ac3af002881a6a741a1c2ffa0e71ba2572928f3eddebc0d3a2214c7a006d6b3

Request headers

Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

x-type
long-cache
x-cache-group
normal
content-encoding
gzip
x-cacheable
YES:14400.000
age
113
x-powered-by
Kaspersky Labs, Kaspersky Labs
x-cache
Hit from cloudfront
status
200
content-length
24389
access-control-allow-origin
*
x-pass-why
last-modified
Wed, 17 Jan 2018 16:42:05 GMT
server
x-wpe-loopback-upstream-addr
127.0.0.1:6789
date
Mon, 14 May 2018 15:06:49 GMT
vary
Accept-Encoding,Accept-Encoding
content-type
application/x-javascript; charset=utf-8
via
1.1 10e95c517e657ad53448fce5195e9cba.cloudfront.net (CloudFront)
cache-control
public, max-age=2592000
x-server
fr1/fr2/
x-amz-cf-id
hgg2rZzeWcpdW04t8l3JBGS6joKuHSN8B6ukREF5Eddwq40DWcZpVw==
wpe-backend
apache
expires
Tue, 15 May 2018 15:04:57 GMT
/
assets.kasperskycontenthub.com/wp-content/plugins/bwp-minify/min/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.kasperskycontenthub.com/wp-content/plugins/bwp-minify/min/?f=wp-includes/js/wp-embed.min.js,wp-content/plugins/akismet/_inc/form.js,wp-content/plugins/gravityforms/js/placeholders.jquery.min.js&ver=1526310273
Requested by
Host: securelist.com
URL: https://securelist.com/expert-cross-platform-adwind-rat/73773/
Protocol
SPDY
Server
185.85.15.25 , Russian Federation, ASN200107 (KL-EXT, RU),
Reverse DNS
Software
/ Kaspersky Labs, Kaspersky Labs
Resource Hash
2b4b4b24f6ec1da0474895b8db623f43122a788ba77837eee61aaa3e785a8536

Request headers

Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

x-type
long-cache
x-cache-group
normal
content-encoding
gzip
x-cacheable
YES:14400.000
age
113
x-powered-by
Kaspersky Labs, Kaspersky Labs
x-cache
Hit from cloudfront
status
200
content-length
2563
access-control-allow-origin
*
x-pass-why
last-modified
Mon, 17 Apr 2017 06:14:51 GMT
server
x-wpe-loopback-upstream-addr
127.0.0.1:6789
date
Mon, 14 May 2018 15:06:49 GMT
vary
Accept-Encoding,Accept-Encoding
content-type
application/x-javascript; charset=utf-8
via
1.1 a7cfc7facd5206ba992dff0c0b5504da.cloudfront.net (CloudFront)
cache-control
public, max-age=2592000
x-server
fr1/fr2/
x-amz-cf-id
Cmj3aUsjBpzk3hXW4lhO521DrifpUAuqeHV0wZPscww8l0MgCgtagg==
wpe-backend
apache
expires
Tue, 15 May 2018 15:05:01 GMT
munchkin.js
munchkin.marketo.net/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: securelist.com
URL: https://securelist.com/expert-cross-platform-adwind-rat/73773/
Protocol
HTTP/1.1
Server
104.108.42.122 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-42-122.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
c1f1036a3e1edd4fe0090a0c5f8b29cf7eaef22b41b15a1c11a509a344542b17

Request headers

Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Mon, 14 May 2018 15:06:54 GMT
Content-Encoding
gzip
Last-Modified
Fri, 04 May 2018 05:13:44 GMT
Server
Apache
ETag
"ded8e0c7fc902f6e7a3af47df473897d:1525410824"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
752
munchkin.js
munchkin.marketo.net/153/ 		8 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://munchkin.marketo.net/153/munchkin.js
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol
HTTP/1.1
Server
104.108.42.122 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-108-42-122.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
88694454a2bc3241a6531d725aa9f7f53725d43f59eb07418753f8f819ec46b5

Request headers

Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Mon, 14 May 2018 15:06:54 GMT
Content-Encoding
gzip
Last-Modified
Fri, 02 Jun 2017 17:28:55 GMT
Server
Apache
ETag
"fafeea2338ae61b3f895cc89d77ce074:1496424535"
Vary
Accept-Encoding
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control
max-age=8640000
Connection
keep-alive
Accept-Ranges
bytes
Content-Type
application/x-javascript
Content-Length
3659
Expires
Wed, 22 Aug 2018 15:06:54 GMT
MuseoSans-500.woff2
assets.kasperskycontenthub.com/wp-content/themes/securelist/fonts/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.kasperskycontenthub.com/wp-content/themes/securelist/fonts/MuseoSans-500.woff2
Requested by
Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/3431070370.js
Protocol
SPDY
Server
185.85.15.25 , Russian Federation, ASN200107 (KL-EXT, RU),
Reverse DNS
Software
/ Kaspersky Labs
Resource Hash
ff6f0a5143d6e6285b150295b5d9bc5b485a0399319776d2154de0ae0b28768a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Referer
https://assets.kasperskycontenthub.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/crayon-syntax-highlighter/css/min/crayon.min.css,wp-content/plugins/jquery-collapse-o-matic/light_style.css,wp-content/plugins/wds-securelist-widgets/css/securelist-plugin-styles.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/themes/securelist/css/fonts-lat.css,wp-content/themes/securelist/style.css,wp-content/themes/securelist/css/responsive.css,wp-content/themes/securelist/css/plugins.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css&ver=1526310273
Origin
https://securelist.com

Response headers

x-type
static/known
date
Mon, 14 May 2018 15:06:49 GMT
via
1.1 f131f7f70cfd3a8b96a854e1f446f33b.cloudfront.net (CloudFront)
age
2409108
x-powered-by
Kaspersky Labs
x-cache
Hit from cloudfront
status
200
content-length
17940
last-modified
Mon, 05 Jun 2017 08:56:08 GMT
server
etag
"59351ca8-4614"
vary
Accept-Encoding
content-type
application/x-font-woff
access-control-allow-origin
*
cache-control
public, max-age=2592000
x-server
fr1/
accept-ranges
bytes
x-amz-cf-id
uSlLMZlgJEb97JzfWrncffTmeZceOd9Aur19pcSk5En2J40DcYYJ_Q==
fbevents.js
connect.facebook.net/en_US/ 		39 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: securelist.com
URL: https://securelist.com/expert-cross-platform-adwind-rat/73773/
Protocol
SPDY
Server
185.60.216.19 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
112560223d7dcf6f78bd1f4f1271590233b6cd02adf7a10f896b0f628c2c4d24
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Origin, Accept-Encoding
content-length
12398
x-xss-protection
0
pragma
private
x-fb-debug
h3DSoS9ywUkc8pYaxbttkTqLapHI/lccFEL3S2lt77oXQEbpKvOWvHBIutwCVb5CwYIsTXznPaGhIbb9+AdMLA==
date
Mon, 14 May 2018 15:06:54 GMT
x-frame-options
DENY
access-control-allow-methods
OPTIONS
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://connect.facebook.net
access-control-expose-headers
X-FB-Debug, X-Loader-Length
cache-control
private
access-control-allow-credentials
true
expires
Sat, 01 Jan 2000 00:00:00 GMT
analytics.js
www.google-analytics.com/ 		34 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: securelist.com
URL: https://securelist.com/expert-cross-platform-adwind-rat/73773/
Protocol
SPDY
Server
172.217.23.174 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s22-in-f174.1e100.net
Software
Golfe2 /
Resource Hash
2218bbf47b340278b7b696dbe3af4eed89edffa709c19abd6747b18147c3a675
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 12 Apr 2018 18:13:11 GMT
server
Golfe2
age
647
date
Mon, 14 May 2018 14:56:07 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
timing-allow-origin
*
alt-svc
hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
14353
expires
Mon, 14 May 2018 16:56:07 GMT
prum.min.js
rum-static.pingdom.net/ 		6 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://rum-static.pingdom.net/prum.min.js
Requested by
Host: securelist.com
URL: https://securelist.com/expert-cross-platform-adwind-rat/73773/
Protocol
SPDY
Server
104.20.21.239 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
69d900b16d7cb5f320fbc87a6fbe2e57c7b8bbc4a13b3a213509003b976ac5e3

Request headers

Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Mon, 14 May 2018 15:06:54 GMT
content-encoding
gzip
cf-cache-status
HIT
last-modified
Mon, 15 Jan 2018 08:08:12 GMT
server
cloudflare
etag
W/"5a5c616c-18fd"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
status
200
cache-control
public, max-age=43200
cf-ray
41ae457ac8442690-FRA
content-length
2736
expires
Tue, 15 May 2018 03:06:54 GMT
all.js
connect.facebook.net/en_US/ 		207 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/all.js
Requested by
Host: securelist.com
URL: https://securelist.com/expert-cross-platform-adwind-rat/73773/
Protocol
SPDY
Server
185.60.216.19 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
24f77c3f263ea1f2326e274a2d308155e439e5fca983724fdedb61c253102545
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
V091FA8/sImhYfcs2H6JpA==
status
200
content-length
63431
x-xss-protection
0
x-fb-debug
7Pf/mBmNhZGzASjzLKeiCRQg6E6ZsojSdAcFCBH4ETo8zT3oRs9d6Np2DEwlfrXkLMOecst3yrNc7QAovcgjcw==
x-fb-content-md5
c49ff546b6b639e54c699ba1b3b3d456
x-frame-options
DENY
date
Mon, 14 May 2018 15:06:54 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"8cbdcc51905af9464af78a897a993f49"
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
timing-allow-origin
*
expires
Mon, 14 May 2018 15:16:47 GMT
widgets.js
platform.twitter.com/ 		123 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets.js
Requested by
Host: securelist.com
URL: https://securelist.com/expert-cross-platform-adwind-rat/73773/
Protocol
HTTP/1.1
Server
192.229.233.25 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/419B) /
Resource Hash
e35e107c1e3d4ec87c9db64ce2f49381949ebc94b2356448140b4b2c3c4f661f

Request headers

Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Mon, 14 May 2018 15:06:54 GMT
Content-Encoding
gzip
Last-Modified
Mon, 07 May 2018 22:01:37 GMT
Server
ECS (fcn/419B)
Etag
"032b36172a4167c76faf336a933991e6+gzip"
Vary
Accept-Encoding
X-Cache
HIT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Cache-Control
public, max-age=1800
Content-Type
application/javascript; charset=utf-8
Content-Length
36338
platform.js
apis.google.com/js/ 		43 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://apis.google.com/js/platform.js
Requested by
Host: securelist.com
URL: https://securelist.com/expert-cross-platform-adwind-rat/73773/
Protocol
SPDY
Server
172.217.23.174 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra15s22-in-f174.1e100.net
Software
ESF /
Resource Hash
39524d8d9f302dd133fc45b2273b25cc44d6d440dc35ed7d7b22c90f783cb650
Security Headers
Name Value
Content-Security-Policy script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.gstatic.com https://www.google-analytics.com https://pagead2.googleadservices.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://s.ytimg.com https://www.youtube.com;report-uri /_/cspreport/es_oz_20180507.12_p0
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

content-security-policy
script-src 'unsafe-inline' 'unsafe-eval' 'self' https://*.gstatic.com https://www.google-analytics.com https://pagead2.googleadservices.com https://pagead2.googlesyndication.com https://tpc.googlesyndication.com https://s.ytimg.com https://www.youtube.com;report-uri /_/cspreport/es_oz_20180507.12_p0
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="This is not a P3P policy! See g.co/p3phelp for more info."
status
200
alt-svc
hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
x-xss-protection
1; mode=block
x-ua-compatible
IE=edge, chrome=1
server
ESF
x-frame-options
SAMEORIGIN
date
Mon, 14 May 2018 15:06:54 GMT
strict-transport-security
max-age=31536000
content-type
application/javascript; charset=utf-8
cache-control
private, max-age=1800, stale-while-revalidate=1800
etag
"7cae815ae9af1ba9a4879b95f3f1a7ce"
timing-allow-origin
*
expires
Mon, 14 May 2018 15:06:54 GMT
abstraction_7-300x210.jpg
media.kasperskycontenthub.com/wp-content/uploads/sites/43/2017/06/07174029/ 		14 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2017/06/07174029/abstraction_7-300x210.jpg
Requested by
Host: securelist.com
URL: https://securelist.com/expert-cross-platform-adwind-rat/73773/
Protocol
SPDY
Server
185.85.15.25 , Russian Federation, ASN200107 (KL-EXT, RU),
Reverse DNS
Software
/ Kaspersky Labs
Resource Hash
e756da5b70667e4c06ddc14a0c0db1188d671be47f5121df8a8ff6c8546c8e37

Request headers

Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Mon, 14 May 2018 15:06:49 GMT
via
1.1 6558236a06004e2e5ed43d07e2124e70.cloudfront.net (CloudFront)
age
5312945
x-powered-by
Kaspersky Labs
x-cache
Hit from cloudfront
status
200
content-length
14504
last-modified
Wed, 07 Mar 2018 17:40:31 GMT
server
etag
"a4b06c118e3bf0d7da4b9e5a655ab74d"
content-type
image/jpeg
cache-control
max-age=31536000
x-server
fr1/
accept-ranges
bytes
x-amz-cf-id
4UD1etzAof582mvJ_hauEs3k5G3d4oMsNJPk1kil6LL_xW13KwQTvQ==
expires
Thu, 07 Mar 2019 17:40:29 GMT
180503-zoopark-cover-300x225.jpg
media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/05/03095509/ 		48 KB
48 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/05/03095509/180503-zoopark-cover-300x225.jpg
Requested by
Host: securelist.com
URL: https://securelist.com/expert-cross-platform-adwind-rat/73773/
Protocol
SPDY
Server
185.85.15.25 , Russian Federation, ASN200107 (KL-EXT, RU),
Reverse DNS
Software
/ Kaspersky Labs
Resource Hash
16c4d615aadb133b6e205d335446cdafca05353937649f77bd86d3856a6e50bb

Request headers

Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Mon, 14 May 2018 15:06:49 GMT
via
1.1 10e95c517e657ad53448fce5195e9cba.cloudfront.net (CloudFront)
age
968614
x-powered-by
Kaspersky Labs
x-cache
Hit from cloudfront
status
200
content-length
49307
last-modified
Thu, 03 May 2018 09:55:12 GMT
server
etag
"ec6c4883d4b798099798317a5241fa3c"
content-type
image/jpeg
cache-control
max-age=31536000
x-server
fr1/
accept-ranges
bytes
x-amz-cf-id
D9HWXyttONbT20XV4plk_7M2ISLig2L1zOEZ1YHHma9rg7OBT5GBSg==
expires
Fri, 03 May 2019 09:55:09 GMT
quarter_threat-300x200.jpg
media.kasperskycontenthub.com/wp-content/uploads/sites/43/2014/08/08080813/ 		25 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2014/08/08080813/quarter_threat-300x200.jpg
Requested by
Host: securelist.com
URL: https://securelist.com/expert-cross-platform-adwind-rat/73773/
Protocol
SPDY
Server
185.85.15.25 , Russian Federation, ASN200107 (KL-EXT, RU),
Reverse DNS
Software
/ Kaspersky Labs
Resource Hash
c18baa8fcdf36ccb31a351ab04c0b00f8d35f86d98901634d668577bd8566efe

Request headers

Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Mon, 14 May 2018 15:06:49 GMT
via
1.1 63c6fe97aba90610d2a46b7713c49586.cloudfront.net (CloudFront)
age
18265
x-powered-by
Kaspersky Labs
x-cache
Hit from cloudfront
status
200
content-length
25397
last-modified
Thu, 08 Mar 2018 08:08:14 GMT
server
etag
"773980652b7c28460d83caccbb7bf824"
content-type
image/jpeg
cache-control
max-age=31536000
x-server
fr1/
accept-ranges
bytes
x-amz-cf-id
VgCJoTYg8ZquBK3Lky6Sz2lNbMUGdj7wMNOdbxfv06PBD2HNubjngw==
expires
Fri, 08 Mar 2019 08:08:13 GMT
ico-sprite.png
assets.kasperskycontenthub.com/wp-content/themes/securelist/images/ 		72 KB
72 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.kasperskycontenthub.com/wp-content/themes/securelist/images/ico-sprite.png
Requested by
Host: securelist.com
URL: https://securelist.com/expert-cross-platform-adwind-rat/73773/
Protocol
SPDY
Server
185.85.15.25 , Russian Federation, ASN200107 (KL-EXT, RU),
Reverse DNS
Software
/ Kaspersky Labs, Kaspersky Labs
Resource Hash
17d2606bcd1b5c97d99a7cc1e620007d0292febb9932a2f99268457857d40ae3

Request headers

Referer
https://assets.kasperskycontenthub.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/crayon-syntax-highlighter/css/min/crayon.min.css,wp-content/plugins/jquery-collapse-o-matic/light_style.css,wp-content/plugins/wds-securelist-widgets/css/securelist-plugin-styles.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/themes/securelist/css/fonts-lat.css,wp-content/themes/securelist/style.css,wp-content/themes/securelist/css/responsive.css,wp-content/themes/securelist/css/plugins.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css&ver=1526310273
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

x-type
static/known
date
Mon, 14 May 2018 15:06:49 GMT
via
1.1 bc4389d82338e569938d96a220607237.cloudfront.net (CloudFront)
age
2235583
x-powered-by
Kaspersky Labs, Kaspersky Labs
x-cache
Hit from cloudfront
status
200
content-length
73694
last-modified
Fri, 09 Feb 2018 14:47:59 GMT
server
etag
"5a7db49f-11fde"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=2592000
x-server
fr1/fr1/
accept-ranges
bytes
x-amz-cf-id
Z0CQKDSNlpqpidgdAVLNls3jSHD7u8nYETEy2_LhMFU0WYvhY0jNNQ==
MuseoSans-300.woff2
assets.kasperskycontenthub.com/wp-content/themes/securelist/fonts/ 		17 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.kasperskycontenthub.com/wp-content/themes/securelist/fonts/MuseoSans-300.woff2
Requested by
Host: securelist.com
URL: https://securelist.com/expert-cross-platform-adwind-rat/73773/
Protocol
SPDY
Server
185.85.15.25 , Russian Federation, ASN200107 (KL-EXT, RU),
Reverse DNS
Software
/ Kaspersky Labs, Kaspersky Labs
Resource Hash
85c2761557d3602f2b7cfb72f1a65de17f3114aee7e3bfa9893c6d654522e4a3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Referer
https://assets.kasperskycontenthub.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/crayon-syntax-highlighter/css/min/crayon.min.css,wp-content/plugins/jquery-collapse-o-matic/light_style.css,wp-content/plugins/wds-securelist-widgets/css/securelist-plugin-styles.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/themes/securelist/css/fonts-lat.css,wp-content/themes/securelist/style.css,wp-content/themes/securelist/css/responsive.css,wp-content/themes/securelist/css/plugins.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css&ver=1526310273
Origin
https://securelist.com

Response headers

x-type
static/known
date
Mon, 14 May 2018 15:06:49 GMT
via
1.1 53e3dfdf8efd0c06e5d27cfdbfbe5876.cloudfront.net (CloudFront)
age
2235581
x-powered-by
Kaspersky Labs, Kaspersky Labs
x-cache
Hit from cloudfront
status
200
content-length
17852
last-modified
Mon, 05 Jun 2017 08:56:08 GMT
server
etag
"59351ca8-45bc"
vary
Accept-Encoding
content-type
application/x-font-woff
access-control-allow-origin
*
cache-control
public, max-age=2592000
x-server
fr1/fr1/
accept-ranges
bytes
x-amz-cf-id
R2-VWQcTm0og4DeseulhrsjslDCg3wTs-ZgpxtcH4VNAYMOI4QadtQ==
MuseoSans-700.woff2
assets.kasperskycontenthub.com/wp-content/themes/securelist/fonts/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.kasperskycontenthub.com/wp-content/themes/securelist/fonts/MuseoSans-700.woff2
Requested by
Host: securelist.com
URL: https://securelist.com/expert-cross-platform-adwind-rat/73773/
Protocol
SPDY
Server
185.85.15.25 , Russian Federation, ASN200107 (KL-EXT, RU),
Reverse DNS
Software
/ Kaspersky Labs, Kaspersky Labs
Resource Hash
3c2885574185694a5d1ecbebe7e0c026284a2dfbf29c91a942305ab2c2d07b9b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Referer
https://assets.kasperskycontenthub.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/crayon-syntax-highlighter/css/min/crayon.min.css,wp-content/plugins/jquery-collapse-o-matic/light_style.css,wp-content/plugins/wds-securelist-widgets/css/securelist-plugin-styles.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/themes/securelist/css/fonts-lat.css,wp-content/themes/securelist/style.css,wp-content/themes/securelist/css/responsive.css,wp-content/themes/securelist/css/plugins.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css&ver=1526310273
Origin
https://securelist.com

Response headers

x-type
static/known
date
Mon, 14 May 2018 15:06:49 GMT
via
1.1 5954578e851092964f39f2f5f0596950.cloudfront.net (CloudFront)
age
2242067
x-powered-by
Kaspersky Labs, Kaspersky Labs
x-cache
Hit from cloudfront
status
200
content-length
18188
last-modified
Mon, 05 Jun 2017 08:56:08 GMT
server
etag
"59351ca8-470c"
vary
Accept-Encoding
content-type
application/x-font-woff
access-control-allow-origin
*
cache-control
public, max-age=2592000
x-server
fr1/fr1/
accept-ranges
bytes
x-amz-cf-id
QGts4UsVSFHjqG0yrqBwTwhESvTg1lPvSXGnQ8cIypuNlAAOZ96npw==
promo-box-bg.png
assets.kasperskycontenthub.com/wp-content/plugins/wds-securelist-widgets/images/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.kasperskycontenthub.com/wp-content/plugins/wds-securelist-widgets/images/promo-box-bg.png
Requested by
Host: securelist.com
URL: https://securelist.com/expert-cross-platform-adwind-rat/73773/
Protocol
SPDY
Server
185.85.15.25 , Russian Federation, ASN200107 (KL-EXT, RU),
Reverse DNS
Software
/ Kaspersky Labs, Kaspersky Labs
Resource Hash
8f4a638f81df85f44c33f0912737d12d57582490339ef48d2409de169371ba76

Request headers

Referer
https://assets.kasperskycontenthub.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/crayon-syntax-highlighter/css/min/crayon.min.css,wp-content/plugins/jquery-collapse-o-matic/light_style.css,wp-content/plugins/wds-securelist-widgets/css/securelist-plugin-styles.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/themes/securelist/css/fonts-lat.css,wp-content/themes/securelist/style.css,wp-content/themes/securelist/css/responsive.css,wp-content/themes/securelist/css/plugins.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css&ver=1526310273
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

x-type
static/known
date
Mon, 14 May 2018 15:06:49 GMT
via
1.1 281d5965f165d7acaf2c52921da12d67.cloudfront.net (CloudFront)
age
2235583
x-powered-by
Kaspersky Labs, Kaspersky Labs
x-cache
Hit from cloudfront
status
200
content-length
1198
last-modified
Mon, 17 Apr 2017 06:14:49 GMT
server
etag
"58f45d59-4ae"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=2592000
x-server
fr1/fr1/
accept-ranges
bytes
x-amz-cf-id
qMbUGw-RvIpfAGGyGx0QybJNvQOmLQF0ckfqdQ7PsqneoF7a72A99w==
recaptcha__en.js
www.gstatic.com/recaptcha/api2/v1525674693836/ 		231 KB
75 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/api2/v1525674693836/recaptcha__en.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?hl=en
Protocol
SPDY
Server
172.217.21.227 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s13-in-f3.1e100.net
Software
sffe /
Resource Hash
76fa662b1d96ebfb33e28737dd63cf21cb5537129af4564242f33485a69d03b6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Thu, 10 May 2018 17:02:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 07 May 2018 18:15:00 GMT
server
sffe
age
338679
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
76331
x-xss-protection
1; mode=block
expires
Fri, 10 May 2019 17:02:15 GMT
visitWebPage
802-ijn-240.mktoresp.com/webevents/ 		2 B
272 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://802-ijn-240.mktoresp.com/webevents/visitWebPage?_mchNc=1526310414558&_mchCn=&_mchId=802-IJN-240&_mchTk=_mch-securelist.com-1526310414558-37959&_mchHo=securelist.com&_mchPo=&_mchRu=%2Fexpert-cross-platform-adwind-rat%2F73773%2F&_mchPc=https%3A&_mchVr=153&_mchHa=&_mchRe=&_mchQp=
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/153/munchkin.js
Protocol
HTTP/1.1
Server
192.28.147.68 San Mateo, United States, ASN53580 (MARKETO - MARKETO, Inc., US),
Reverse DNS
Software
spray-can/1.3.3 /
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
Origin
https://securelist.com

Response headers

Access-Control-Allow-Origin
*
Date
Mon, 14 May 2018 15:06:54 GMT
Content-Encoding
gzip
Server
spray-can/1.3.3
Content-Length
22
X-Request-Id
b79eac60-cc0b-471d-8219-fd5cffa714e3
Content-Type
text/plain; charset=UTF-8
adsct
t.co/i/ 		43 B
171 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=ntt0i&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0
Requested by
Host: securelist.com
URL: https://securelist.com/expert-cross-platform-adwind-rat/73773/
Protocol
SPDY
Server
104.244.42.197 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block; report=https://twitter.com/i/xss_report

Request headers

Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Mon, 14 May 2018 15:06:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
content-length
65
x-xss-protection
1; mode=block; report=https://twitter.com/i/xss_report
x-response-time
111
pragma
no-cache
last-modified
Mon, 14 May 2018 15:06:54 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=0
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
5ce5186b05ca71a22307e42d4b702bdb
x-transaction
003a88ad00e7b7db
expires
Tue, 31 Mar 1981 05:00:00 GMT
social-icons.png
assets.kasperskycontenthub.com/wp-content/themes/securelist/images/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://assets.kasperskycontenthub.com/wp-content/themes/securelist/images/social-icons.png
Requested by
Host: cdn.securelist.com
URL: https://cdn.securelist.com/wp-includes/js/jquery/jquery.js?ver=1.12.4
Protocol
SPDY
Server
185.85.15.25 , Russian Federation, ASN200107 (KL-EXT, RU),
Reverse DNS
Software
/ Kaspersky Labs, Kaspersky Labs
Resource Hash
16b69de644b5937cf6ab489f4a6394e8f7df203cf23d9294fa93379e6f74e8c3

Request headers

Referer
https://assets.kasperskycontenthub.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/crayon-syntax-highlighter/css/min/crayon.min.css,wp-content/plugins/jquery-collapse-o-matic/light_style.css,wp-content/plugins/wds-securelist-widgets/css/securelist-plugin-styles.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/themes/securelist/css/fonts-lat.css,wp-content/themes/securelist/style.css,wp-content/themes/securelist/css/responsive.css,wp-content/themes/securelist/css/plugins.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css&ver=1526310273
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

x-type
static/known
date
Mon, 14 May 2018 15:06:49 GMT
via
1.1 e7c35757c4581d46396ae4c0a48815ef.cloudfront.net (CloudFront)
age
2242067
x-powered-by
Kaspersky Labs, Kaspersky Labs
x-cache
Hit from cloudfront
status
200
content-length
8344
last-modified
Fri, 29 Sep 2017 05:49:50 GMT
server
etag
"59cddefe-2098"
vary
Accept-Encoding
content-type
image/png
access-control-allow-origin
*
cache-control
public, max-age=2592000
x-server
fr1/fr1/
accept-ranges
bytes
x-amz-cf-id
HQ1RYPGokbYWYbHOtCRiQcrw7GgitKMk946SW1glqaac1owLDw2gEg==
MuseoSans-500Italic.woff2
assets.kasperskycontenthub.com/wp-content/themes/securelist/fonts/ 		18 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.kasperskycontenthub.com/wp-content/themes/securelist/fonts/MuseoSans-500Italic.woff2
Requested by
Host: cdn.securelist.com
URL: https://cdn.securelist.com/wp-includes/js/jquery/jquery.js?ver=1.12.4
Protocol
SPDY
Server
185.85.15.25 , Russian Federation, ASN200107 (KL-EXT, RU),
Reverse DNS
Software
/ Kaspersky Labs, Kaspersky Labs
Resource Hash
6aed6d601cc564d08abf786285f2309152ecfa0a6bea310eb397c4fd9b899545

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Referer
https://assets.kasperskycontenthub.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/crayon-syntax-highlighter/css/min/crayon.min.css,wp-content/plugins/jquery-collapse-o-matic/light_style.css,wp-content/plugins/wds-securelist-widgets/css/securelist-plugin-styles.css,wp-content/plugins/honeypot-comments/public/assets/css/public.css,wp-content/plugins/kspr_twitter_pullquote/css/style.css,wp-content/themes/securelist/css/fonts-lat.css,wp-content/themes/securelist/style.css,wp-content/themes/securelist/css/responsive.css,wp-content/themes/securelist/css/plugins.css,wp-content/plugins/kaspersky-social-sharing/assets/css/style.css&ver=1526310273
Origin
https://securelist.com

Response headers

x-type
static/known
date
Mon, 14 May 2018 15:06:49 GMT
via
1.1 10e95c517e657ad53448fce5195e9cba.cloudfront.net (CloudFront)
age
2235579
x-powered-by
Kaspersky Labs, Kaspersky Labs
x-cache
Hit from cloudfront
status
200
content-length
18860
last-modified
Mon, 05 Jun 2017 08:56:08 GMT
server
etag
"59351ca8-49ac"
vary
Accept-Encoding
content-type
application/x-font-woff
access-control-allow-origin
*
cache-control
public, max-age=2592000
x-server
fr1/fr1/
accept-ranges
bytes
x-amz-cf-id
GnjzURcLrX_j7c5Qexxa8hdQslsEgalW4aJgq3n8Fo2mcF8P7ofXIw==
fontawesome-webfont.woff2
assets.kasperskycontenthub.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/ 		63 KB
63 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://assets.kasperskycontenthub.com/wp-content/plugins/kaspersky-social-sharing/assets/fonts/fontawesome-webfont.woff2?v=4.3.0
Requested by
Host: cdn.securelist.com
URL: https://cdn.securelist.com/wp-includes/js/jquery/jquery.js?ver=1.12.4
Protocol
SPDY
Server
185.85.15.25 , Russian Federation, ASN200107 (KL-EXT, RU),
Reverse DNS
Software
/ Kaspersky Labs, Kaspersky Labs
Resource Hash
3c4a1bb7ce3234407184f0d80cc4dec075e4ad616b44dcc5778e1cfb1bc24019

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Referer
https://assets.kasperskycontenthub.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/kaspersky-social-sharing/assets/css/custom.css&ver=1526310273
Origin
https://securelist.com

Response headers

x-type
static/known
date
Mon, 14 May 2018 15:06:49 GMT
via
1.1 a7cfc7facd5206ba992dff0c0b5504da.cloudfront.net (CloudFront)
age
2235579
x-powered-by
Kaspersky Labs, Kaspersky Labs
x-cache
Hit from cloudfront
status
200
content-length
64464
last-modified
Wed, 21 Jun 2017 14:32:46 GMT
server
etag
"594a838e-fbd0"
vary
Accept-Encoding
content-type
application/x-font-woff
access-control-allow-origin
*
cache-control
public, max-age=2592000
x-server
fr1/fr1/
accept-ranges
bytes
x-amz-cf-id
eqdgMnnKLUZ1isO4ZPBesbVgNxaXnUEZMGj2DDp2qWlOXU4fLL0Iog==
adsct
analytics.twitter.com/i/ 		31 B
249 B 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=ntt0i&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fsecurelist.com%2Fexpert-cross-platform-adwind-rat%2F73773%2F
Requested by
Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/oct.js
Protocol
SPDY
Server
104.244.42.67 San Francisco, United States, ASN13414 (TWITTER - Twitter Inc., US),
Reverse DNS
Software
tsa_o /
Resource Hash
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block; report=https://twitter.com/i/xss_report

Request headers

Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Mon, 14 May 2018 15:06:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
strict-transport-security
max-age=631138519
content-length
57
x-xss-protection
1; mode=block; report=https://twitter.com/i/xss_report
x-response-time
107
pragma
no-cache
last-modified
Mon, 14 May 2018 15:06:54 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
content-type
application/javascript;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
dc4aac081f40b0e6621132639cbb2e0b
x-transaction
00ed9a7400a15769
expires
Tue, 31 Mar 1981 05:00:00 GMT
collect
stats.g.doubleclick.net/r/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j67&aip=1&a=1750304253&t=pageview&_s=1&dl=https%3A%2F%2Fsecurelist.com%2Fexpert-cross-platform-adwind-rat%2F73773%2F&ul=en-us&de=UTF-8&dt=Expert%3A...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-15857463-1&cid=815980307.1526310415&jid=1641052457&_gid=773534471.1526310415&gjid=776260248&_v=j67&z=1983364288
35 B
102 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-15857463-1&cid=815980307.1526310415&jid=1641052457&_gid=773534471.1526310415&gjid=776260248&_v=j67&z=1983364288
Requested by
Host: securelist.com
URL: https://securelist.com/expert-cross-platform-adwind-rat/73773/
Protocol
SPDY
Server
173.194.76.157 Portage, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
ws-in-f157.1e100.net
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Mon, 14 May 2018 15:06:54 GMT
status
200
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Mon, 14 May 2018 15:06:54 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
status
302
location
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-15857463-1&cid=815980307.1526310415&jid=1641052457&_gid=773534471.1526310415&gjid=776260248&_v=j67&z=1983364288
content-type
text/html; charset=UTF-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
alt-svc
hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
content-length
417
expires
Fri, 01 Jan 1990 00:00:00 GMT
839281392784015
connect.facebook.net/signals/config/ 		55 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/839281392784015?v=2.8.14&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
SPDY
Server
185.60.216.19 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
80c2f3d1a2e051cdc6347e41debd9568eb0b7453cee100637a1f5b1f543817c0
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Origin, Accept-Encoding
content-length
13393
x-xss-protection
0
pragma
public
x-fb-debug
ITUHdq3c+TSM86CMoNj9mxeXpoNjkpcj6+nKzMZZIo4WF+GbpWLIzr5CgWs80aHPXpPz4Vj86U03aChN4aSddA==
x-frame-options
DENY
date
Mon, 14 May 2018 15:06:54 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
access-control-allow-methods
OPTIONS
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
https://connect.facebook.net
access-control-expose-headers
X-FB-Debug, X-Loader-Length
cache-control
public, max-age=1200
access-control-allow-credentials
true
expires
Sat, 01 Jan 2000 00:00:00 GMT
widget_iframe.d383dc1d510865aceaa5e552afcf5663.html
platform.twitter.com/widgets/ Frame 192B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/widgets/widget_iframe.d383dc1d510865aceaa5e552afcf5663.html?origin=https%3A%2F%2Fsecurelist.com&settingsEndpoint=https%3A%2F%2Fsyndication.twitter.com%2Fsettings
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.229.233.25 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/41CE) /
Resource Hash

Request headers

Host
platform.twitter.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
2AEBCA2F6140836507035ACCFA60ABC5
Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/

Response headers

Content-Encoding
gzip
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Mon, 14 May 2018 15:06:54 GMT
Etag
"fbca609ced8e558319180092b6f196eb+gzip"
Last-Modified
Mon, 07 May 2018 21:48:23 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (fcn/41CE)
Vary
Accept-Encoding
X-Cache
HIT
Content-Length
5846
/
graph.facebook.com/ 		146 B
490 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://graph.facebook.com/?id=https%3A%2F%2Fsecurelist.com%2Fexpert-cross-platform-adwind-rat%2F73773%2F
Requested by
Host: cdn.securelist.com
URL: https://cdn.securelist.com/wp-includes/js/jquery/jquery.js?ver=1.12.4
Protocol
SPDY
Server
185.60.216.15 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
a1c6c44e9563677985ad809826e415c385058e5bfe563b0a667e8e3695c4f309
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload

Request headers

Accept
application/json, text/javascript, */*; q=0.01
Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
Origin
https://securelist.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
content-encoding
gzip
etag
"b6569588e87667c10d29a4d20aea181fd7fb0b6a"
status
200
x-fb-rev
3904546
content-length
131
pragma
no-cache
x-fb-debug
eMBGvVA5frrmUQYRIzGt9AG74jhHOozcobgBQcXTOEmLdekpmWjme2p0O1aMa062KL80uHey82aqLFAPzsBNtw==
x-fb-trace-id
Hgiz/CqgcFB
date
Mon, 14 May 2018 15:06:54 GMT
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, no-cache, no-store, must-revalidate
facebook-api-version
v2.6
expires
Sat, 01 Jan 2000 00:00:00 GMT
gpp.xml
share.yandex.ru/ 		0
182 B 		Script
General
Check archive.org
Download Go to
Full URL
https://share.yandex.ru/gpp.xml?url=https%3A%2F%2Fsecurelist.com%2Fexpert-cross-platform-adwind-rat%2F73773%2F&callback=jQuery1124028291678013570887_1526310414052&_=1526310414053
Requested by
Host: cdn.securelist.com
URL: https://cdn.securelist.com/wp-includes/js/jquery/jquery.js?ver=1.12.4
Protocol
HTTP/1.1
Server
93.158.134.227 , Russian Federation, ASN13238 (YANDEX, RU),
Reverse DNS
share-proxy-balancer.stable.qloud-b.yandex.net
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

Date
Mon, 14 May 2018 15:06:54 GMT
Server
nginx
Connection
keep-alive
Keep-Alive
timeout=120
X-qloud-router
man4-6e6966239616.qloud-c.yandex.net
/
www.facebook.com/tr/ 		44 B
245 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=839281392784015&ev=PageView&dl=https%3A%2F%2Fsecurelist.com%2Fexpert-cross-platform-adwind-rat%2F73773%2F&rl=&if=false&ts=1526310414759&sw=1600&sh=1200&v=2.8.14&r=stable&ec=0&o=28&it=1526310414661
Requested by
Host: securelist.com
URL: https://securelist.com/expert-cross-platform-adwind-rat/73773/
Protocol
SPDY
Server
185.60.216.35 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Request headers

Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

date
Mon, 14 May 2018 15:06:54 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
content-length
44
expires
Mon, 14 May 2018 15:06:54 GMT
/
www.facebook.com/impression.php/f1943fba5f21738/ 		43 B
201 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/impression.php/f1943fba5f21738/?api_key=160639043985664&lid=115&payload=%7B%22source%22%3A%22jssdk%22%7D
Requested by
Host: securelist.com
URL: https://securelist.com/expert-cross-platform-adwind-rat/73773/
Protocol
SPDY
Server
185.60.216.35 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
content-encoding
gzip
x-content-type-options
nosniff
status
200
vary
Origin, Accept-Encoding
x-xss-protection
0
pragma
no-cache
x-fb-debug
EKwjhPmivUOG+AIaqmBg7R8rVgMHan6lRzFExZPmEudC3x3I6EWjvFhPbbamR9ZtaaajWuarLxGzNovQEbuDkw==
date
Mon, 14 May 2018 15:06:54 GMT
expect-ct
max-age=10, report-uri="http://reports.fb.com/expectct/"
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
image/gif
access-control-allow-origin
https://www.facebook.com
access-control-expose-headers
X-FB-Debug, X-Loader-Length
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
expires
Sat, 01 Jan 2000 00:00:00 GMT
anchor
www.google.com/recaptcha/api2/ Frame BDF3 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Lfhf_8SAAAAAFOLFS54H1lR_oQ5pW_j7-h30oa1&co=aHR0cHM6Ly9zZWN1cmVsaXN0LmNvbTo0NDM.&hl=en&v=v1525674693836&theme=standard&size=normal&cb=o5w3yva7t20
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/api2/v1525674693836/recaptcha__en.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.217.22.4 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s14-in-f4.1e100.net
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-zO5UrWEkbOCmH697GJJDD16tvg0' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/anchor?ar=1&k=6Lfhf_8SAAAAAFOLFS54H1lR_oQ5pW_j7-h30oa1&co=aHR0cHM6Ly9zZWN1cmVsaXN0LmNvbTo0NDM.&hl=en&v=v1525674693836&theme=standard&size=normal&cb=o5w3yva7t20
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
accept-encoding
gzip, deflate
cookie
NID=130=lsudV3SS7k0Hy7h1mSR4Hlh_AMnq5uNVeSUiWosNwWuYVmNzzhzGuX2JQYTrvSCNmjV8_T0jQy9fj7Pr7c0jcywGYkwvPoiebz45sv7V-AJrZTp4Kcyd7oXUP5Wl7oW7
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
2AEBCA2F6140836507035ACCFA60ABC5
Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/

Response headers

status
200
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Mon, 14 May 2018 15:06:54 GMT
content-security-policy
script-src 'report-sample' 'nonce-zO5UrWEkbOCmH697GJJDD16tvg0' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
10624
server
GSE
alt-svc
hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
RQ7NiRXMcYA.js
staticxx.facebook.com/connect/xd_arbiter/r/ Frame 20CD 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://staticxx.facebook.com/connect/xd_arbiter/r/RQ7NiRXMcYA.js?version=42
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.60.216.19 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
staticxx.facebook.com
:scheme
https
:path
/connect/xd_arbiter/r/RQ7NiRXMcYA.js?version=42
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
accept-encoding
gzip, deflate
cookie
fr=0VZdn0DsxbTM1DY5F..Ba-aYO...1.0.Ba-aYO.
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
2AEBCA2F6140836507035ACCFA60ABC5
Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/

Response headers

status
200
expires
Sat, 11 May 2019 18:20:06 GMT
x-xss-protection
0
content-type
text/html; charset=utf-8
x-content-type-options
nosniff
cache-control
public,max-age=31536000,immutable
vary
Accept-Encoding
content-encoding
gzip
x-fb-debug
ZxEh4/taTFkoTMq+gXZUi899w/AA5OxffylsZGegPJOXN3A2Qak501wwJARLeu3RbhuNrDcyrmA1mSHxgO3HBA==
content-length
13628
date
Mon, 14 May 2018 15:06:54 GMT
jot.html
platform.twitter.com/ Frame AA33
Redirect Chain
  • https://syndication.twitter.com/i/jot
  • https://platform.twitter.com/jot.html
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://platform.twitter.com/jot.html
Requested by
Host: platform.twitter.com
URL: https://platform.twitter.com/widgets.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
192.229.233.25 , United States, ASN15133 (EDGECAST - MCI Communications Services, Inc. d/b/a Verizon Business, US),
Reverse DNS
Software
ECS (fcn/41EC) /
Resource Hash

Request headers

Host
platform.twitter.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Cookie
personalization_id="v1_RICfNz2/EKakyOUt2jZ3vg=="
Upgrade-Insecure-Requests
1
Origin
null
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
2AEBCA2F6140836507035ACCFA60ABC5

Response headers

Accept-Ranges
bytes
Cache-Control
public, max-age=315360000
Content-Type
text/html; charset=utf-8
Date
Mon, 14 May 2018 15:06:55 GMT
Etag
"d9592a6c704736fa4da218d4357976dd"
Last-Modified
Mon, 07 May 2018 22:01:37 GMT
P3P
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
Server
ECS (fcn/41EC)
X-Cache
HIT
Content-Length
80

Redirect headers

status
302 302 Found
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
content-length
0
content-type
text/html;charset=utf-8
date
Mon, 14 May 2018 15:06:55 GMT
expires
Tue, 31 Mar 1981 05:00:00 GMT
last-modified
Mon, 14 May 2018 15:06:54 GMT
location
https://platform.twitter.com/jot.html
pragma
no-cache
server
tsa_o
strict-transport-security
max-age=631138519
x-connection-hash
c441a83c956aeb5a6366d7580bed8766
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-response-time
108
x-transaction
00464c6d00e3298d
x-tsa-request-body-time
0
x-twitter-response-tags
BouncerCompliant
x-xss-protection
0
bframe
www.google.com/recaptcha/api2/ Frame 43D2 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=en&v=v1525674693836&k=6Lfhf_8SAAAAAFOLFS54H1lR_oQ5pW_j7-h30oa1&cb=o3teoda7pcai
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/api2/v1525674693836/recaptcha__en.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
172.217.22.4 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s14-in-f4.1e100.net
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-J4brRKcOFeSoVsyphhzYyfrM4qg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

:method
GET
:authority
www.google.com
:scheme
https
:path
/recaptcha/api2/bframe?hl=en&v=v1525674693836&k=6Lfhf_8SAAAAAFOLFS54H1lR_oQ5pW_j7-h30oa1&cb=o3teoda7pcai
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
accept-encoding
gzip, deflate
cookie
NID=130=lsudV3SS7k0Hy7h1mSR4Hlh_AMnq5uNVeSUiWosNwWuYVmNzzhzGuX2JQYTrvSCNmjV8_T0jQy9fj7Pr7c0jcywGYkwvPoiebz45sv7V-AJrZTp4Kcyd7oXUP5Wl7oW7
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
2AEBCA2F6140836507035ACCFA60ABC5
Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/

Response headers

status
200
content-type
text/html; charset=utf-8
cache-control
no-cache, no-store, max-age=0, must-revalidate
pragma
no-cache
expires
Mon, 01 Jan 1990 00:00:00 GMT
date
Mon, 14 May 2018 15:06:55 GMT
content-security-policy
script-src 'report-sample' 'nonce-J4brRKcOFeSoVsyphhzYyfrM4qg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-encoding
gzip
x-content-type-options
nosniff
x-xss-protection
1; mode=block
content-length
679
server
GSE
alt-svc
hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
ping
www.facebook.com/connect/ Frame D795 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/connect/ping?client_id=160639043985664&domain=securelist.com&origin=1&redirect_uri=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FRQ7NiRXMcYA.js%3Fversion%3D42%23cb%3Df2d1e70ddec31a8%26domain%3Dsecurelist.com%26origin%3Dhttps%253A%252F%252Fsecurelist.com%252Ff2f90cb977e8e4%26relation%3Dparent&response_type=token%2Csigned_request%2Ccode&sdk=joey&version
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/all.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.60.216.35 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

:method
GET
:authority
www.facebook.com
:scheme
https
:path
/connect/ping?client_id=160639043985664&domain=securelist.com&origin=1&redirect_uri=https%3A%2F%2Fstaticxx.facebook.com%2Fconnect%2Fxd_arbiter%2Fr%2FRQ7NiRXMcYA.js%3Fversion%3D42%23cb%3Df2d1e70ddec31a8%26domain%3Dsecurelist.com%26origin%3Dhttps%253A%252F%252Fsecurelist.com%252Ff2f90cb977e8e4%26relation%3Dparent&response_type=token%2Csigned_request%2Ccode&sdk=joey&version
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
accept-encoding
gzip, deflate
cookie
fr=0VZdn0DsxbTM1DY5F..Ba-aYO...1.0.Ba-aYO.
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
2AEBCA2F6140836507035ACCFA60ABC5
Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/

Response headers

status
200
x-xss-protection
0
pragma
no-cache
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' *.atlassolutions.com blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* *.atlassolutions.com attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
cache-control
private, no-cache, no-store, must-revalidate
expect-ct
max-age=10, report-uri="http://reports.fb.com/expectct/"
strict-transport-security
max-age=15552000; preload
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
vary
Accept-Encoding
content-encoding
gzip
content-type
text/html; charset=UTF-8
x-fb-debug
43grjFVKpJcpEUYwKMrTNXgNJ4FsrXwcr1KIPU0Uyzk2X4VXw2M2q0AqtwHtNXMyEBlRn+AqyBscG57EJwyveA==
date
Mon, 14 May 2018 15:06:55 GMT
beacon.gif
rum-collector-2.pingdom.net/img/ 		0
254 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://rum-collector-2.pingdom.net/img/beacon.gif?id=560b0cc5abe53daf128a2dfc&sAW=1600&sAH=1200&bIW=1600&bIH=1200&pD=24&dPR=1&or=landscape-primary&nT=0&rC=0&nS=0&cS=0&cE=0&dLE=0&dLS=0&fS=0&hS=-1&rE=-1&rS=-1&reS=1&resS=5014&resE=5016&uEE=-1&uES=-1&dL=5017&dI=5624&dCLES=5624&dCLEE=5637&dC=6063&lES=6064&lEE=6075&s=nt&title=Expert%3A%20cross-platform%20Adwind%20RAT%20-%20Securelist&path=https%3A%2F%2Fsecurelist.com%2Fexpert-cross-platform-adwind-rat%2F73773%2F&ref=&sId=bjfd8n9r&sST=1526310415&sIS=1&rV=0&v=1.3.3
Requested by
Host: rum-static.pingdom.net
URL: https://rum-static.pingdom.net/prum.min.js
Protocol
HTTP/1.1
Server
52.209.191.106 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-209-191-106.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
Origin
https://securelist.com

Response headers

Pragma
no-cache
Date
Mon, 14 May 2018 15:06:55 GMT
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
Expires
0
beacon.gif
rum-collector.pingdom.net/img/ 		43 B
125 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://rum-collector.pingdom.net/img/beacon.gif?id=560b0cc5abe53daf128a2dfc&sAW=1600&sAH=1200&bIW=1600&bIH=1200&pD=24&dPR=1&or=landscape-primary&nT=0&rC=0&nS=0&cS=0&cE=0&dLE=0&dLS=0&fS=0&hS=-1&rE=-1&rS=-1&reS=1&resS=5014&resE=5016&uEE=-1&uES=-1&dL=5017&dI=5624&dCLES=5624&dCLEE=5637&dC=6063&lES=6064&lEE=6075&s=nt&title=Expert%3A%20cross-platform%20Adwind%20RAT%20-%20Securelist&path=https%3A%2F%2Fsecurelist.com%2Fexpert-cross-platform-adwind-rat%2F73773%2F&ref=&sId=bjfd8n9r&sST=1526310415&sIS=1&rV=0&v=1.3.3
Protocol
SPDY
Server
104.20.21.239 San Francisco, United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36

Response headers

status
200
date
Mon, 14 May 2018 15:06:55 GMT
content-encoding
gzip
server
cloudflare
cf-ray
41ae457e5ad12690-FRA
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type
image/gif
/
www.facebook.com/tr/ Frame 6B6B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
185.60.216.35 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash

Request headers

:method
POST
:authority
www.facebook.com
:scheme
https
:path
/tr/
content-length
3910
pragma
no-cache
cache-control
no-cache
origin
https://securelist.com
upgrade-insecure-requests
1
content-type
application/x-www-form-urlencoded
user-agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/
accept-encoding
gzip, deflate
cookie
fr=0VZdn0DsxbTM1DY5F..Ba-aYO...1.0.Ba-aYO.
Origin
https://securelist.com
Upgrade-Insecure-Requests
1
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) HeadlessChrome/66.0.3359.139 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
2AEBCA2F6140836507035ACCFA60ABC5
Referer
https://securelist.com/expert-cross-platform-adwind-rat/73773/

Response headers

status
200
content-type
text/plain
content-length
0
server
proxygen-bolt
date
Mon, 14 May 2018 15:06:55 GMT

Verdicts & Comments Add Verdict or Comment

59 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

undefined| $ function| jQuery object| kss object| gdprStrings function| mktoMunchkinFunction object| Munchkin function| mktoMunchkin object| geolocation object| optly object| optimizely function| fbq function| _fbq string| GoogleAnalyticsObject function| ga object| _prum object| ___grecaptcha_cfg object| grecaptcha boolean| __google_recaptcha_client object| MunchkinTracker object| twttr string| colomatduration string| colomatslideEffect string| colomatpauseInit string| colomattouchstart object| CrayonSyntaxSettings object| CrayonSyntaxStrings function| jQueryCrayon object| CrayonUtil object| jqueryPopup function| popupWindow function| popdownWindow object| CrayonSyntax object| SecurelistTOC object| jQuery1124028291678013570887 object| addComment object| filetypes string| baseHref string| hrefRedirect function| Hammer function| gaHitCallbackHandler object| ak_js object| commentForm object| replyRowContainer undefined| children object| wp object| Placeholders string| currentURL string| currentDir object| GET object| gaplugins object| gaGlobal object| gaData object| gapi object| ___jsl function| __twttrll object| __twttr object| FB object| recaptcha object| closure_lm_175887

12 Cookies

Domain/Path Name / Value
.twitter.com/ Name: personalization_id
Value: "v1_RICfNz2/EKakyOUt2jZ3vg=="
.securelist.com/ Name: _gid
Value: GA1.2.773534471.1526310415
.facebook.com/ Name: fr
Value: 0VZdn0DsxbTM1DY5F..Ba-aYO...1.0.Ba-aYO.
.google.com/ Name: NID
Value: 130=lsudV3SS7k0Hy7h1mSR4Hlh_AMnq5uNVeSUiWosNwWuYVmNzzhzGuX2JQYTrvSCNmjV8_T0jQy9fj7Pr7c0jcywGYkwvPoiebz45sv7V-AJrZTp4Kcyd7oXUP5Wl7oW7
.securelist.com/ Name: optimizelyEndUserId
Value: oeu1526310414514r0.9501435712572308
.securelist.com/ Name: _ga
Value: GA1.2.815980307.1526310415
securelist.com/expert-cross-platform-adwind-rat/73773 Name: pa-l
Value: pa-l=sid%3Dbjfd8n9r%26sst%3D1526310415%26sis%3D1%26rv%3D0
.securelist.com/ Name: _mkto_trk
Value: id:802-IJN-240&token:_mch-securelist.com-1526310414558-37959
.securelist.com/ Name: optimizelySegments
Value: %7B%223392371197%22%3A%22gc%22%2C%223406351312%22%3A%22false%22%2C%223424680516%22%3A%22direct%22%7D
.securelist.com/ Name: optimizelyPendingLogEvents
Value: %5B%5D
.securelist.com/ Name: optimizelyBuckets
Value: %7B%7D
.securelist.com/ Name: _gat
Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy connect-src 'self' https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.google-analytics.com https://*.google.com https://*.mktoresp.com https://*.optimizely.com https://*.pingdom.net https://*.reddit.com https://*.securelist.com https://*.youtube.com https://cdn.securelist.com https://e.infogram.com https://hn.algolia.com https://kasperskycontenthub.com https://securelist.com https://www.google-analytics.com; default-src 'self' https://*.securelist.com https://cdn.securelist.com https://kasperskycontenthub.com https://kasperskycontenthub.com/securelist https://securelist.com; font-src 'self' data: https://*.gstatic.com https://*.securelist.com https://*.wp.com https://assets.kasperskycontenthub.com https://cdn.securelist.com https://fonts.googleapis.com https://fonts.gstatic.com https://kasperskycontenthub.com https://securelist.com; frame-src 'self' http://*.slideshare.net https://*.addthis.com https://*.doubleclick.net https://*.facebook.com https://*.google.com https://*.infogram.com https://*.instagram.com https://*.libsyn.com https://*.marketo.com https://*.securelist.com https://*.sharethis.com https://*.slideshare.net https://*.twitter.com https://*.wp.com https://*.youtube.com https://cdn.securelist.com https://kasperskycontenthub.com https://player.vimeo.com https://s-static.ak.facebook.com https://securelist.com https://tpc.googlesyndication.com https://www.brighttalk.com; img-src 'self' data: http://*.netdna-cdn.com http://*.wordpress.com http://*.wp.com http://assets.kasperskycontenthub.com http://assets.kasperskydaily.com http://d2538mqrb7brka.cloudfront.net http://forum.kasperskyclub.ru http://i0.poll.fm http://media.kasperskycontenthub.com http://media.kasperskydaily.com https://*.addthis.com https://*.doubleclick.net https://*.facebook.com https://*.google-analytics.com https://*.google.com https://*.gravatar.com https://*.gstatic.com https://*.infogram.com https://*.instagram.com https://*.netdna-cdn.com https://*.netdna-ssl.com https://*.securelist.com https://*.sharethis.com https://*.staticflickr.com https://*.twimg.com https://*.twitter.com https://*.wordpress.com https://*.wp.com https://*.ytimg.com https://addevent.com https://assets.kasperskycontenthub.com https://assets.kasperskydaily.com https://blog.kaspersky.com https://cdn.securelist.com https://csi.gstatic.com https://d1srlirzdlmpew.cloudfront.net https://d2538mqrb7brka.cloudfront.net https://geo.yahoo.com https://images.telechargement.fr https://instagramimages-a.akamaihd.net https://kaspersky.d2.sc.omtrdc.net https://kasperskycontenthub.com https://m.addthis.com https://maps.googleapis.com https://media.kasperskycontenthub.com https://media.kasperskydaily.com https://player.vimeo.com https://polldaddy.com https://rum-collector.pingdom.net https://s.w.org https://s3-eu-west-1.amazonaws.com https://scontent.cdninstagram.com https://securelist.com https://stats.g.doubleclick.net https://t.co https://threatpost.com https://track.addevent.com; object-src 'self' https://*.securelist.com https://kasperskycontenthub.com https://player.vimeo.com https://polldaddy.com https://securelist.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' http://assets.kasperskycontenthub.com https://*.addevent.com https://*.addthis.com https://*.cloudfront.net https://*.crazyegg.com https://*.demdex.net https://*.doubleclick.net https://*.facebook.com https://*.facebook.net https://*.flickr.com https://*.google-analytics.com https://*.google.com https://*.googleapis.com https://*.googlesyndication.com https://*.gravatar.com https://*.gstatic.com https://*.instagram.com https://*.kaspersky.com https://*.marketo.com https://*.marketo.net https://*.optimizely.com https://*.polldaddy.com https://*.securelist.com https://*.sharethis.com https://*.twimg.com https://*.twitter.com https://*.woopra.com https://*.wp.com https://addthisevent.com https://adservice.google.com https://adservice.google.hr https://adservice.google.ru https://assets.adobedtm.com https://assets.kasperskycontenthub.com https://cdn.optimizely.com https://cdn.securelist.com https://connect.facebook.net https://connect.mail.ru https://e.infogram.com https://kaspersky.d2.sc.omtrdc.net https://kasperskycontenthub.com https://m.addthis.com https://m.addthisedge.com https://munchkin.marketo.net https://player.vimeo.com https://rum-static.pingdom.net https://script.crazyegg.com https://securelist.com https://share.yandex.ru/ https://static.ads-twitter.com https://vk.com https://www.addevent.com https://www.brighttalk.com https://www.flickr.com https://www.googletagmanager.com https://www.googletagservices.com https://www.linkedin.com; style-src 'self' 'unsafe-inline' http://*.googleapis.com http://assets.kasperskycontenthub.com https://*.googleapis.com https://*.gravatar.com https://*.kaspersky.com https://*.marketo.com https://*.securelist.com https://*.sharethis.com https://*.twimg.com https://*.twitter.com https://*.wp.com https://assets.kasperskycontenthub.com https://cdn.securelist.com https://fonts.googleapis.com https://kasperskycontenthub.com https://s0.wp.com https://secure.gravatar.com https://securelist.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

802-ijn-240.mktoresp.com
analytics.twitter.com
apis.google.com
assets.kasperskycontenthub.com
cdn.optimizely.com
cdn.securelist.com
connect.facebook.net
graph.facebook.com
kasperskycontenthub.com
media.kasperskycontenthub.com
munchkin.marketo.net
platform.twitter.com
rum-collector-2.pingdom.net
rum-collector.pingdom.net
rum-static.pingdom.net
securelist.com
share.yandex.ru
static.ads-twitter.com
staticxx.facebook.com
stats.g.doubleclick.net
syndication.twitter.com
t.co
www.facebook.com
www.google-analytics.com
www.google.com
www.gstatic.com
104.108.42.122
104.20.21.239
104.244.42.197
104.244.42.67
104.244.42.8
104.244.43.80
108.161.188.224
172.217.21.227
172.217.22.4
172.217.23.174
173.194.76.157
185.60.216.15
185.60.216.19
185.60.216.35
185.85.15.25
185.85.15.34
192.229.233.25
192.28.147.68
2.19.34.83
52.209.191.106
93.158.134.227
001020074fce061b86caeaebd1aeccff49b74d405137486eb293296f023519a2
07751e421cdfa3f2c93bfb302ef60df17d8867347420ab00d1a1beb11a459786
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
112560223d7dcf6f78bd1f4f1271590233b6cd02adf7a10f896b0f628c2c4d24
16b69de644b5937cf6ab489f4a6394e8f7df203cf23d9294fa93379e6f74e8c3
16c4d615aadb133b6e205d335446cdafca05353937649f77bd86d3856a6e50bb
17d2606bcd1b5c97d99a7cc1e620007d0292febb9932a2f99268457857d40ae3
2218bbf47b340278b7b696dbe3af4eed89edffa709c19abd6747b18147c3a675
24f77c3f263ea1f2326e274a2d308155e439e5fca983724fdedb61c253102545
2b4b4b24f6ec1da0474895b8db623f43122a788ba77837eee61aaa3e785a8536
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5
319fd01db1a83a39f5de679fd76b032c5e8460669d478ed144adf957cdb57f8a
36395825cd10bbb8e0d729de0da849300520cd377474970e4d4f834de44a8367
39524d8d9f302dd133fc45b2273b25cc44d6d440dc35ed7d7b22c90f783cb650
3c2885574185694a5d1ecbebe7e0c026284a2dfbf29c91a942305ab2c2d07b9b
3c4a1bb7ce3234407184f0d80cc4dec075e4ad616b44dcc5778e1cfb1bc24019
443efbf367d2c260ea52c7dd8d4abba80f93fa69f24d523affce71a7a7ed32d2
484aee1b81286040100dad5243407bd64be9aa7fc389b87ef2acd03451bc6888
4ac3af002881a6a741a1c2ffa0e71ba2572928f3eddebc0d3a2214c7a006d6b3
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
69d900b16d7cb5f320fbc87a6fbe2e57c7b8bbc4a13b3a213509003b976ac5e3
6aed6d601cc564d08abf786285f2309152ecfa0a6bea310eb397c4fd9b899545
76fa662b1d96ebfb33e28737dd63cf21cb5537129af4564242f33485a69d03b6
80c2f3d1a2e051cdc6347e41debd9568eb0b7453cee100637a1f5b1f543817c0
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85c2761557d3602f2b7cfb72f1a65de17f3114aee7e3bfa9893c6d654522e4a3
88694454a2bc3241a6531d725aa9f7f53725d43f59eb07418753f8f819ec46b5
8f4a638f81df85f44c33f0912737d12d57582490339ef48d2409de169371ba76
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1c6c44e9563677985ad809826e415c385058e5bfe563b0a667e8e3695c4f309
aa48d80ae8c79e7b0dc15723099e5442eb7406a6ea7dcb89ca0332e3f4fa8215
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
bcbfbc1990e303c9d1cc88d1070306355e390389ccb1ad029691e7753bd5aa39
c18baa8fcdf36ccb31a351ab04c0b00f8d35f86d98901634d668577bd8566efe
c1f1036a3e1edd4fe0090a0c5f8b29cf7eaef22b41b15a1c11a509a344542b17
c58eefa453e4b86d8e5ae369b2739837bc82d39f8c21dba4bea3520efc9bac19
cb5255e725fd8ad9c2fb13800e3de032b206fc6b37dd6afd3f83bbd20404bd2e
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e35e107c1e3d4ec87c9db64ce2f49381949ebc94b2356448140b4b2c3c4f661f
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e756da5b70667e4c06ddc14a0c0db1188d671be47f5121df8a8ff6c8546c8e37
fc48d1d80ece71a79a7b39877f4104d49d3da6c3665cf6dc203000fb7df4447e
ff6f0a5143d6e6285b150295b5d9bc5b485a0399319776d2154de0ae0b28768a