urlscan.io logo urlscan.io
SecurityTrails logo

www.appriver.com Open in urlscan Pro
40.90.243.91  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Submission: On January 09 via manual from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 28 IPs in 5 countries across 27 domains to perform 59 HTTP transactions. The main IP is 40.90.243.91, located in Washington, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US. The main domain is www.appriver.com.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on May 15th 2018. Valid for: 2 years.
This is the only time www.appriver.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
20 40.90.243.91 8075 (MICROSOFT...)
1 2a00:1450:400... 15169 (GOOGLE)
1 23.111.9.35 33438 (HIGHWINDS2)
2 2606:4700::68... 13335 (CLOUDFLAR...)
3 54.68.114.189 16509 (AMAZON-02)
1 2 2606:4700:20:... 13335 (CLOUDFLAR...)
1 2a04:4e42:1b:... 54113 (FASTLY)
2 13.224.196.41 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
1 2 2a00:1450:400... 15169 (GOOGLE)
2 216.58.207.66 15169 (GOOGLE)
1 2a02:26f0:10c... 20940 (AKAMAI-ASN1)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a00:1450:400... 15169 (GOOGLE)
1 2a02:26f0:6c0... 20940 (AKAMAI-ASN1)
1 1 2a00:1450:400... 15169 (GOOGLE)
1 3 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
1 2 2a05:f500:10:... 14413 (LINKEDIN)
1 1 2a05:f500:10:... 14413 (LINKEDIN)
1 2a00:1450:400... 15169 (GOOGLE)
1 34.192.123.20 14618 (AMAZON-AES)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2 54.156.185.237 14618 (AMAZON-AES)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a03:2880:f01... 32934 (FACEBOOK)
2 2a03:2880:f11... 32934 (FACEBOOK)
59 28
20    40.90.243.91 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)
www.appriver.com
1    2a00:1450:4001:819::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
fonts.googleapis.com
1    23.111.9.35 (Phoenix, United States)

ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US)
use.fontawesome.com
2    2606:4700::6811:4004 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
cdnjs.cloudflare.com
3    54.68.114.189 (Boardman, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-68-114-189.us-west-2.compute.amazonaws.com
analytics.influenceandco.com
2    2606:4700:20::681b:5a70 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
sitesearch360.com
cdn.sitesearch360.com
1    2a04:4e42:1b::621 (Ascension Island)

ASN54113 (FASTLY - Fastly, US)
cdn.jsdelivr.net
2    13.224.196.41 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-224-196-41.fra2.r.cloudfront.net
js.driftt.com
1    2a00:1450:4001:821::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.googletagmanager.com
3    2a00:1450:4001:80b::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
fonts.gstatic.com
2    2a00:1450:4001:808::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.google-analytics.com
2    216.58.207.66 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s25-in-f2.1e100.net
www.googleadservices.com
1    2a02:26f0:10c:38f::3adf (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)
sjs.bizographics.com
1    2606:4700::6811:45b0 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
js.hs-analytics.net
2    2a00:1450:4001:81d::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.gstatic.com
1    2a02:26f0:6c00:296::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)
snap.licdn.com
1    2a00:1450:400c:c00::9c (Brussels, Belgium)

ASN15169 (GOOGLE - Google LLC, US)
stats.g.doubleclick.net
3    2a00:1450:4001:825::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.google.com
2    2a00:1450:4001:825::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
www.google.de
2    2a05:f500:10:101::b93f:9105 (Ireland)

ASN14413 (LINKEDIN - LinkedIn Corporation, US)
px.ads.linkedin.com
1    2a05:f500:10:101::b93f:9101 (Ireland)

ASN14413 (LINKEDIN - LinkedIn Corporation, US)
www.linkedin.com
1    2a00:1450:4001:800::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)
googleads.g.doubleclick.net
1    34.192.123.20 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-192-123-20.compute-1.amazonaws.com
t.sf14g.com
1    2606:4700::6811:d4cc (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
js.hs-scripts.com
1    2606:4700::6810:f905 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
track.hubspot.com
2    54.156.185.237 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-54-156-185-237.compute-1.amazonaws.com
tracking.leadlander.com
1    2606:4700::6811:70b0 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
js.hsadspixel.net
1    2606:4700::6811:cacc (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
api.hubapi.com
2    2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)
connect.facebook.net
2    2a03:2880:f11c:8183:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)
www.facebook.com
Domain Requested by
20 www.appriver.com www.appriver.com
3 www.google.com 1 redirects www.gstatic.com
www.appriver.com
3 fonts.gstatic.com www.appriver.com
3 analytics.influenceandco.com www.appriver.com
analytics.influenceandco.com
2 www.facebook.com
2 connect.facebook.net js.hsadspixel.net
connect.facebook.net
2 tracking.leadlander.com 1 redirects
2 px.ads.linkedin.com 1 redirects www.appriver.com
2 www.google.de www.appriver.com
2 www.gstatic.com www.appriver.com
www.gstatic.com
2 www.googleadservices.com www.googletagmanager.com
www.gstatic.com
2 www.google-analytics.com 1 redirects www.googletagmanager.com
2 js.driftt.com www.appriver.com
js.driftt.com
2 cdnjs.cloudflare.com www.appriver.com
1 api.hubapi.com js.hsadspixel.net
1 js.hsadspixel.net js.hs-scripts.com
1 track.hubspot.com
1 js.hs-scripts.com js.hs-analytics.net
1 t.sf14g.com www.appriver.com
1 googleads.g.doubleclick.net www.googleadservices.com
1 www.linkedin.com 1 redirects
1 stats.g.doubleclick.net 1 redirects
1 snap.licdn.com www.appriver.com
1 js.hs-analytics.net www.appriver.com
1 sjs.bizographics.com www.googletagmanager.com
1 www.googletagmanager.com www.appriver.com
1 cdn.jsdelivr.net www.appriver.com
1 cdn.sitesearch360.com www.appriver.com
1 sitesearch360.com 1 redirects
1 use.fontawesome.com www.appriver.com
1 fonts.googleapis.com www.appriver.com
59 31
Subject Issuer Validity Valid
*.appriver.com
DigiCert SHA2 Secure Server CA		 2018-05-15 -
2020-08-14		 2 years crt.sh
*.storage.googleapis.com
GTS CA 1O1		 2019-12-10 -
2020-03-03		 3 months crt.sh
*.fontawesome.com
DigiCert SHA2 Secure Server CA		 2019-10-28 -
2020-12-23		 a year crt.sh
cloudflare.com
CloudFlare Inc ECC CA-2		 2020-01-07 -
2020-10-09		 9 months crt.sh
*.influenceandco.com
Go Daddy Secure Certificate Authority - G2		 2019-03-16 -
2020-05-16		 a year crt.sh
sni.cloudflaressl.com
CloudFlare Inc ECC CA-2		 2019-11-25 -
2020-10-09		 10 months crt.sh
f3.shared.global.fastly.net
GlobalSign CloudSSL CA - SHA256 - G3		 2019-05-29 -
2020-04-23		 a year crt.sh
drift.com
Amazon		 2019-10-03 -
2020-11-03		 a year crt.sh
*.google-analytics.com
GTS CA 1O1		 2019-12-10 -
2020-03-03		 3 months crt.sh
*.google.com
GTS CA 1O1		 2019-12-10 -
2020-03-03		 3 months crt.sh
www.googleadservices.com
GTS CA 1O1		 2019-12-10 -
2020-03-03		 3 months crt.sh
js.bizographics.com
DigiCert SHA2 Secure Server CA		 2018-04-13 -
2020-04-17		 2 years crt.sh
ssl803670.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2019-11-06 -
2020-05-14		 6 months crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA		 2019-04-01 -
2021-05-07		 2 years crt.sh
www.google.de
GTS CA 1O1		 2019-12-10 -
2020-03-03		 3 months crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA		 2019-05-29 -
2021-06-29		 2 years crt.sh
www.google.com
GTS CA 1O1		 2019-12-03 -
2020-02-25		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1O1		 2019-12-10 -
2020-03-03		 3 months crt.sh
t.sf14g.com
Go Daddy Secure Certificate Authority - G2		 2019-07-09 -
2020-09-07		 a year crt.sh
ssl817718.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2019-08-13 -
2020-02-19		 6 months crt.sh
hubspot.com
CloudFlare Inc ECC CA-2		 2019-12-04 -
2020-10-09		 10 months crt.sh
*.leadlander.com
Go Daddy Secure Certificate Authority - G2		 2019-07-09 -
2020-09-07		 a year crt.sh
ssl803643.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2019-11-06 -
2020-05-14		 6 months crt.sh
ssl817724.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2019-08-13 -
2020-02-19		 6 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2019-12-06 -
2020-03-05		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Frame ID: B598EFAE74C4730F44CD901F0C560F6B
Requests: 58 HTTP requests in this frame

Frame: https://js.driftt.com/deploy/assets/index.html
Frame ID: 9B51C64442C49E5DFD64B0B81D00A317
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • headers server /^(?:Microsoft-)?IIS(?:\/([\d.]+))?/i
Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href="https:\/\/use\.fontawesome\.com\/releases\/v([^>]+)\/css\//i
Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i
Overall confidence: 100%
Detected patterns
  • html /<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com/i

Page Statistics

59
Requests

100 %
HTTPS

77 %
IPv6

27
Domains

31
Subdomains

28
IPs

5
Countries

1668 kB
Transfer

3192 kB
Size

12
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 18
  • https://sitesearch360.com/cdn/sitesearch360-v10.min.js HTTP 301
  • https://cdn.sitesearch360.com/sitesearch360-v10.min.js
Request Chain 38
  • https://www.google-analytics.com/r/collect?v=1&_v=j79&a=1088422697&t=pageview&_s=1&dl=https%3A%2F%2Fwww.appriver.com%2Fblog%2Fpowerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult%2F&ul=en-us&de=UTF-8&dt=PowerPoint%20Malware%20References%20Drake%20Lyrics%20to%20Drop%20Lokibot%20%26%20Azorult&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=YEBAAAAB~&jid=1864095029&gjid=1399566840&cid=1636405235.1578576688&tid=UA-247764-29&_gid=905748960.1578576688&_r=1&gtm=2wg121N4LLGZ&z=931342951 HTTP 302
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-247764-29&cid=1636405235.1578576688&jid=1864095029&_gid=905748960.1578576688&gjid=1399566840&_v=j79&z=931342951 HTTP 302
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-247764-29&cid=1636405235.1578576688&jid=1864095029&_v=j79&z=931342951 HTTP 302
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-247764-29&cid=1636405235.1578576688&jid=1864095029&_v=j79&z=931342951&slf_rd=1&random=2589494804
Request Chain 40
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=177881&url=https%3A%2F%2Fwww.appriver.com%2Fblog%2Fpowerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult%2F&time=1578576687780 HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D177881%26url%3Dhttps%253A%252F%252Fwww.appriver.com%252Fblog%252Fpowerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult%252F%26time%3D1578576687780%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=177881&url=https%3A%2F%2Fwww.appriver.com%2Fblog%2Fpowerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult%2F&time=1578576687780&liSync=true
Request Chain 50
  • https://tracking.leadlander.com/api/tracking?accountId=31727&page=https%3A%2F%2Fwww.appriver.com%2Fblog%2Fpowerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult%2F&referer=&fp=46b0604f6a632a0d294665c9ac64fb79 HTTP 302
  • https://tracking.leadlander.com/tracking.png

59 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set /
www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/ 		90 KB
36 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
40.90.243.91 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
83ba631b15e3d878205bae3c4fa5fe1191b28490101603e4c0194df14c34586b

Request headers

Host
www.appriver.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Sec-Fetch-User
?1
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Accept-Encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Sec-Fetch-User
?1

Response headers

Cache-Control
private
Content-Type
text/html; charset=utf-8
Content-Encoding
gzip
Vary
Accept-Encoding
Server
Microsoft-IIS/10.0
Set-Cookie
ASP.NET_SessionId=55xxzcdedlpqop1bz3qfoy2x; path=/; HttpOnly WWW-SRV=www-srv01; path=/
X-AspNetMvc-Version
5.2
X-Powered-By
ASP.NET
Date
Thu, 09 Jan 2020 13:31:27 GMT
Content-Length
36795
css
fonts.googleapis.com/ 		9 KB
791 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Roboto:300,400,500,700&subset=latin
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:819::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
ESF /
Resource Hash
33e2656713e8648323bd5193b2e314db7df61f4d37d5df4ce22ad72b04a1166a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
br
last-modified
Thu, 09 Jan 2020 13:31:27 GMT
server
ESF
access-control-allow-origin
*
date
Thu, 09 Jan 2020 13:31:27 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
x-xss-protection
0
expires
Thu, 09 Jan 2020 13:31:27 GMT
all.css
use.fontawesome.com/releases/v5.6.3/css/ 		52 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://use.fontawesome.com/releases/v5.6.3/css/all.css
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.111.9.35 Phoenix, United States, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
481a0574246e281316ffa0e15399bf5388bb81ae550ce0401a0353b6bb2d1e5a

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Origin
https://www.appriver.com

Response headers

date
Thu, 09 Jan 2020 13:31:27 GMT
content-encoding
gzip
last-modified
Thu, 20 Dec 2018 17:45:13 GMT
server
NetDNA-cache/2.2
access-control-allow-origin
*
etag
W/"dc93d584e41f8417f6b7163320d34329"
vary
Access-Control-Request-Headers, Access-Control-Request-Method, Accept-Encoding
access-control-allow-methods
GET
content-type
text/css
status
200
access-control-max-age
3000
cache-control
max-age=31556926
x-cache
HIT
select2.min.css
cdnjs.cloudflare.com/ajax/libs/select2/4.0.6-rc.0/css/ 		15 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.6-rc.0/css/select2.min.css
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4004 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
1100388fbf996eb7b0090bf027336657188a330191b295cc1a0b7b23a0008aab
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 13:31:27 GMT
content-encoding
br
cf-cache-status
HIT
age
23210627
cf-ray
5526c588bbd7dff3-FRA
status
200
strict-transport-security
max-age=15780000; includeSubDomains
alt-svc
h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified
Thu, 17 May 2018 09:25:33 GMT
server
cloudflare
etag
W/"5afd4a8d-3bab"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css
access-control-allow-origin
*
expires
Tue, 29 Dec 2020 13:31:27 GMT
cache-control
public, max-age=30672000
timing-allow-origin
*
served-in-seconds
0.004
web.bundle_C85F4000462B3D2F41F590254D9EECB5.css
www.appriver.com/Content/bundles/ 		290 KB
44 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.appriver.com/Content/bundles/web.bundle_C85F4000462B3D2F41F590254D9EECB5.css
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
40.90.243.91 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
12ad1a7f0ac2e674b7fd8a8fb0273f5707e3b8abb5d1519b401678b0141407d8

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Thu, 09 Jan 2020 13:31:27 GMT
Content-Encoding
gzip
Last-Modified
Thu, 09 Jan 2020 04:16:31 GMT
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
ETag
"80391392a3c6d51:0"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
public,max-age=31536000
Accept-Ranges
bytes
Content-Length
44235
custom.bundle_7B88C09F2EB013C77644D8B88D379A70.css
www.appriver.com/Scripts/bundles/ 		4 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.appriver.com/Scripts/bundles/custom.bundle_7B88C09F2EB013C77644D8B88D379A70.css
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
40.90.243.91 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
13d0364b0487b65c1d81b8d9c3735d57c2eb67fba04016acf01bef5e1a4fd368

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Thu, 09 Jan 2020 13:31:27 GMT
Content-Encoding
gzip
Last-Modified
Thu, 09 Jan 2020 04:16:31 GMT
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
ETag
"80391392a3c6d51:0"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
public,max-age=31536000
Accept-Ranges
bytes
Content-Length
1156
virus_backimg.jpg
www.appriver.com/files/images/blog/pickett/ 		294 KB
294 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.appriver.com/files/images/blog/pickett/virus_backimg.jpg
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
40.90.243.91 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
7a048cc33b4678d96f1f7297cb87bbcc927e4a9af5f9bbcc102efc560099b944

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Thu, 09 Jan 2020 13:31:27 GMT
ETag
"21ae3161a8c5d51:0"
Last-Modified
Tue, 07 Jan 2020 22:18:25 GMT
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
Content-Type
image/jpeg
Cache-Control
public,max-age=31536000
Accept-Ranges
bytes
Content-Length
301002
eml2.png
www.appriver.com/files/images/blog/pickett/ 		34 KB
34 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.appriver.com/files/images/blog/pickett/eml2.png
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
40.90.243.91 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
452e0758181578be3520e1dcfe3b45d8afd358bb73846f1de1e2a31d6a7f297b

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Thu, 09 Jan 2020 13:31:27 GMT
ETag
"1766add6a2c5d51:0"
Last-Modified
Tue, 07 Jan 2020 21:38:45 GMT
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
Content-Type
image/png
Cache-Control
public,max-age=31536000
Accept-Ranges
bytes
Content-Length
34420
oletools.png
www.appriver.com/files/images/blog/pickett/ 		54 KB
55 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.appriver.com/files/images/blog/pickett/oletools.png
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
40.90.243.91 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
4e409755939707a86c840ee5800adf69a72f9450d21b09c5cdc32c6bce74e969

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Thu, 09 Jan 2020 13:31:27 GMT
ETag
"9ffafdb7a3c5d51:0"
Last-Modified
Tue, 07 Jan 2020 21:45:03 GMT
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
Content-Type
image/png
Cache-Control
public,max-age=31536000
Accept-Ranges
bytes
Content-Length
55718
pb_scr_obf.png
www.appriver.com/files/images/blog/pickett/ 		361 KB
361 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.appriver.com/files/images/blog/pickett/pb_scr_obf.png
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
40.90.243.91 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
0a514feb4fbfd8d954e169ac87470b6bed79eba11271398753ffe9a51fbd657d

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Thu, 09 Jan 2020 13:31:27 GMT
ETag
"84be691a4c5d51:0"
Last-Modified
Tue, 07 Jan 2020 21:47:06 GMT
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
Content-Type
image/png
Cache-Control
public,max-age=31536000
Accept-Ranges
bytes
Content-Length
369686
keke2.png
www.appriver.com/files/images/blog/pickett/ 		36 KB
37 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.appriver.com/files/images/blog/pickett/keke2.png
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
40.90.243.91 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e7345e59a5bcd2cc16c436ffb983b737d8bb66a72114f9a511eb33788dfb30bd

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Thu, 09 Jan 2020 13:31:27 GMT
ETag
"30493343a4c5d51:0"
Last-Modified
Tue, 07 Jan 2020 21:48:57 GMT
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
Content-Type
image/png
Cache-Control
public,max-age=31536000
Accept-Ranges
bytes
Content-Length
37117
pastee.png
www.appriver.com/files/images/blog/pickett/ 		131 KB
131 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.appriver.com/files/images/blog/pickett/pastee.png
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
40.90.243.91 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
c11ed7852b584a310cef29afdf9895e87a6e673d26c3433dcfc805a15488d2fb

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Thu, 09 Jan 2020 13:31:27 GMT
ETag
"729ee362a4c5d51:0"
Last-Modified
Tue, 07 Jan 2020 21:49:50 GMT
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
Content-Type
image/png
Cache-Control
public,max-age=31536000
Accept-Ranges
bytes
Content-Length
133791
facebook.svg
www.appriver.com/Files/Images/blog/ 		3 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.appriver.com/Files/Images/blog/facebook.svg
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
40.90.243.91 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
2c236b21dc59de1096ee6ffc8eb2ef05f83511ea93d50d2ccd03596ad6d55384

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Thu, 09 Jan 2020 13:31:27 GMT
Content-Encoding
gzip
ETag
"078bdf14192d01:0"
Last-Modified
Tue, 19 May 2015 14:41:52 GMT
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
Content-Type
image/svg+xml
Cache-Control
public,max-age=31536000
Accept-Ranges
bytes
Content-Length
1150
linkedin.svg
www.appriver.com/Files/Images/blog/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.appriver.com/Files/Images/blog/linkedin.svg
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
40.90.243.91 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
6a4f823d50a1a06f1a0e80295b4f84c2ca97a4a89b27656e238cf6b9e42c3141

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Thu, 09 Jan 2020 13:31:27 GMT
Content-Encoding
gzip
ETag
"078bdf14192d01:0"
Last-Modified
Tue, 19 May 2015 14:41:52 GMT
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
Content-Type
image/svg+xml
Cache-Control
public,max-age=31536000
Accept-Ranges
bytes
Content-Length
1257
twitter.svg
www.appriver.com/Files/Images/blog/ 		3 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.appriver.com/Files/Images/blog/twitter.svg
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
40.90.243.91 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
bd9ec13873a2e31cbcc40f920bc9671095703fc7e2e8f606a2846e939542d0b7

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Thu, 09 Jan 2020 13:31:27 GMT
Content-Encoding
gzip
ETag
"078bdf14192d01:0"
Last-Modified
Tue, 19 May 2015 14:41:52 GMT
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
Content-Type
image/svg+xml
Cache-Control
public,max-age=31536000
Accept-Ranges
bytes
Content-Length
1302
googleplus.svg
www.appriver.com/Files/Images/blog/ 		4 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.appriver.com/Files/Images/blog/googleplus.svg
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
40.90.243.91 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
11fca3ef33a320d845f71d9cea70929727e8a9a060532c647dfcf03e2181489a

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Thu, 09 Jan 2020 13:31:27 GMT
Content-Encoding
gzip
ETag
"078bdf14192d01:0"
Last-Modified
Tue, 19 May 2015 14:41:52 GMT
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
Content-Type
image/svg+xml
Cache-Control
public,max-age=31536000
Accept-Ranges
bytes
Content-Length
1864
web.bundle_8DD348CE8F37E3F318204BE07D57F622.js
www.appriver.com/Scripts/bundles/ 		521 KB
152 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.appriver.com/Scripts/bundles/web.bundle_8DD348CE8F37E3F318204BE07D57F622.js
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
40.90.243.91 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
f5cb5954856ae331352a3e2a8e8e3dc1ad02f4bd9ef50dab0e403a7bb24e1112

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Thu, 09 Jan 2020 13:31:27 GMT
Content-Encoding
gzip
Last-Modified
Thu, 09 Jan 2020 04:16:30 GMT
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
ETag
"0a37a91a3c6d51:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
public,max-age=31536000
Accept-Ranges
bytes
Content-Length
155168
ico.min.js
analytics.influenceandco.com/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.influenceandco.com/ico.min.js
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.68.114.189 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-68-114-189.us-west-2.compute.amazonaws.com
Software
nginx/1.12.1 /
Resource Hash
5656b290bce93d78816ead066f56eab01ce842ce26adc9f54d82125eb6ecdb99

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Thu, 09 Jan 2020 13:31:28 GMT
Last-Modified
Thu, 02 Jan 2020 18:48:39 GMT
Server
nginx/1.12.1
ETag
"5e0e3b07-704"
Content-Type
application/javascript
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1796
select2.min.js
cdnjs.cloudflare.com/ajax/libs/select2/4.0.6-rc.0/js/ 		66 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.6-rc.0/js/select2.min.js
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4004 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
1cd91b9dd3e258ce4421181a85cde15a2b860fa0adc0580c7c4534a37cde69ba
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 13:31:27 GMT
content-encoding
br
cf-cache-status
HIT
age
23210627
cf-ray
5526c5898e57dff3-FRA
status
200
strict-transport-security
max-age=15780000; includeSubDomains
alt-svc
h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified
Thu, 17 May 2018 09:25:33 GMT
server
cloudflare
etag
W/"5afd4a8d-108a7"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Tue, 29 Dec 2020 13:31:27 GMT
cache-control
public, max-age=30672000
timing-allow-origin
*
served-in-seconds
0.003
sitesearch360-v10.min.js
cdn.sitesearch360.com/
Redirect Chain
  • https://sitesearch360.com/cdn/sitesearch360-v10.min.js
  • https://cdn.sitesearch360.com/sitesearch360-v10.min.js
85 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.sitesearch360.com/sitesearch360-v10.min.js
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:20::681b:5a70 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
a122bb989721de6bcac918697f25c349b873d3d9143951035c3af944cb5c01b5

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 13:31:27 GMT
content-encoding
br
cf-cache-status
HIT
last-modified
Mon, 20 Aug 2018 11:40:26 GMT
server
cloudflare
age
101669
etag
W/"15304-573dc6023c181-gzip"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
max-age=2678400
cf-ray
5526c589eb2cd6b5-FRA
access-control-allow-origin
*

Redirect headers

date
Thu, 09 Jan 2020 13:31:27 GMT
server
cloudflare
location
https://cdn.sitesearch360.com/sitesearch360-v10.min.js
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
status
301
cache-control
max-age=3600
cf-ray
5526c589ba90d6b5-FRA
expires
Thu, 09 Jan 2020 14:31:27 GMT
js.cookie.min.js
cdn.jsdelivr.net/npm/js-cookie@2/src/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.jsdelivr.net/npm/js-cookie@2/src/js.cookie.min.js
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a04:4e42:1b::621 , Ascension Island, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
/
Resource Hash
39b8fe6364621725ff90431a34af0f87976d95c00cbfd1d0f3711a3f1fa1a07b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-cache
HIT, HIT
status
200
date
Thu, 09 Jan 2020 13:31:27 GMT
content-length
1062
x-served-by
cache-ams21021-AMS, cache-hhn4074-HHN
etag
W/"79f-7pVBzxqV0qiF+LFDoQXKqgjKnJ0"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
public, max-age=604800, s-maxage=43200
accept-ranges
bytes
timing-allow-origin
*
custom.bundle_F4CE133DCC58978A721B3AF136397CA1.js
www.appriver.com/Scripts/bundles/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.appriver.com/Scripts/bundles/custom.bundle_F4CE133DCC58978A721B3AF136397CA1.js
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
40.90.243.91 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
1308794cf46d949b52aa2ea33568d0b80a233c582fefdce14d6c04d84d221006

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Thu, 09 Jan 2020 13:31:27 GMT
Content-Encoding
gzip
Last-Modified
Thu, 09 Jan 2020 04:16:31 GMT
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
ETag
"80391392a3c6d51:0"
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
public,max-age=31536000
Accept-Ranges
bytes
Content-Length
1418
n3tifahsaxzc.js
js.driftt.com/include/1578576900000/ 		136 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/include/1578576900000/n3tifahsaxzc.js
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.224.196.41 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-224-196-41.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
1d552a1ad0c29116bfed2c344c8b04c48bdce50b1392e887709e8dc03304582b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 13:31:27 GMT
content-encoding
gzip
x-amz-cf-pop
FRA2-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
status
200
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 3aed5a4f89d72775aaf2cc5a5f642386.cloudfront.net (CloudFront)
last-modified
Tue, 07 Jan 2020 17:19:36 GMT
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET, POST, OPTIONS
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
max-age=10
access-control-allow-credentials
true
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id
gNHg5VAL5oDx9z51sU_Of9BlPPx5veqYmHfpsh109J1IZ6taStOzwQ==
gtm.js
www.googletagmanager.com/ 		72 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-N4LLGZ
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:821::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
50f11d0515d6d6011fdef5ecf4368dfbaece3aa4b482eb29c6889aea97c31fd1
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 13:31:27 GMT
content-encoding
br
last-modified
Thu, 09 Jan 2020 12:00:00 GMT
server
Google Tag Manager
access-control-allow-origin
http://www.googletagmanager.com
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
content-length
25032
x-xss-protection
0
expires
Thu, 09 Jan 2020 13:31:27 GMT
footer-bg.jpg
www.appriver.com/images/ 		74 KB
74 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.appriver.com/images/footer-bg.jpg
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
40.90.243.91 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
1e432c235feaef270075cafe07264c1ff103d7bc0ef6aa2275b6b96e60aa7e11

Request headers

Referer
https://www.appriver.com/Content/bundles/web.bundle_C85F4000462B3D2F41F590254D9EECB5.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Thu, 09 Jan 2020 13:31:27 GMT
ETag
"df8b680cb10d51:0"
Last-Modified
Wed, 22 May 2019 18:20:14 GMT
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
Content-Type
image/jpeg
Cache-Control
public,max-age=31536000
Accept-Ranges
bytes
Content-Length
75341
twitter-dark.svg
www.appriver.com/images/ 		930 B
862 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.appriver.com/images/twitter-dark.svg
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
40.90.243.91 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
8682d94fa8777afcb80985446e0aeef122b0898e6d400234e84898f4c3cf97b7

Request headers

Referer
https://www.appriver.com/Content/bundles/web.bundle_C85F4000462B3D2F41F590254D9EECB5.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Thu, 09 Jan 2020 13:31:27 GMT
Content-Encoding
gzip
ETag
"76d567cef6fd11:0"
Last-Modified
Wed, 24 Feb 2016 14:29:44 GMT
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
Content-Type
image/svg+xml
Cache-Control
public,max-age=31536000
Accept-Ranges
bytes
Content-Length
547
facebook-dark.svg
www.appriver.com/images/ 		652 B
749 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.appriver.com/images/facebook-dark.svg
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
40.90.243.91 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
ec460c1b28fa4ae1147ac62358f5ad102d09319a0386aca826d1ed95799ceff7

Request headers

Referer
https://www.appriver.com/Content/bundles/web.bundle_C85F4000462B3D2F41F590254D9EECB5.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Thu, 09 Jan 2020 13:31:27 GMT
Content-Encoding
gzip
ETag
"4ee05ecef6fd11:0"
Last-Modified
Wed, 24 Feb 2016 14:29:44 GMT
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
Content-Type
image/svg+xml
Cache-Control
public,max-age=31536000
Accept-Ranges
bytes
Content-Length
434
linkedin-dark.svg
www.appriver.com/images/ 		832 B
826 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.appriver.com/images/linkedin-dark.svg
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
40.90.243.91 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
3d4f40e53e2677e623afc93dfb6f5860e54956e1c9cc3c0a38a4a8d9c9f1ef63

Request headers

Referer
https://www.appriver.com/Content/bundles/web.bundle_C85F4000462B3D2F41F590254D9EECB5.css
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Thu, 09 Jan 2020 13:31:27 GMT
Content-Encoding
gzip
ETag
"46e762cef6fd11:0"
Last-Modified
Wed, 24 Feb 2016 14:29:44 GMT
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
Content-Type
image/svg+xml
Cache-Control
public,max-age=31536000
Accept-Ranges
bytes
Content-Length
511
glyphicons-halflings-regular.woff2
www.appriver.com/fonts/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.appriver.com/fonts/glyphicons-halflings-regular.woff2
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
40.90.243.91 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://www.appriver.com/Content/bundles/web.bundle_C85F4000462B3D2F41F590254D9EECB5.css
Origin
https://www.appriver.com

Response headers

Date
Thu, 09 Jan 2020 13:31:27 GMT
ETag
"32c56746386d31:0"
Last-Modified
Fri, 05 Jan 2018 20:23:15 GMT
Server
Microsoft-IIS/10.0
X-Powered-By
ASP.NET
Content-Type
application/font-woff2
Cache-Control
public,max-age=31536000
Accept-Ranges
bytes
Content-Length
18028
KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmSU5fBBc4AMP6lQ.woff2
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto:300,400,500,700&subset=latin
Origin
https://www.appriver.com

Response headers

date
Thu, 21 Nov 2019 23:39:14 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:52 GMT
server
sffe
age
4197133
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11180
x-xss-protection
0
expires
Fri, 20 Nov 2020 23:39:14 GMT
KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
fonts.gstatic.com/s/roboto/v20/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOmCnqEu92Fr1Mu4mxKKTU1Kg.woff2
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto:300,400,500,700&subset=latin
Origin
https://www.appriver.com

Response headers

date
Thu, 09 Jan 2020 00:21:24 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:50 GMT
server
sffe
age
47403
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11016
x-xss-protection
0
expires
Fri, 08 Jan 2021 00:21:24 GMT
KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
fonts.gstatic.com/s/roboto/v20/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v20/KFOlCnqEu92Fr1MmWUlfBBc4AMP6lQ.woff2
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://fonts.googleapis.com/css?family=Roboto:300,400,500,700&subset=latin
Origin
https://www.appriver.com

Response headers

date
Fri, 22 Nov 2019 04:03:04 GMT
x-content-type-options
nosniff
last-modified
Wed, 24 Jul 2019 01:18:58 GMT
server
sffe
age
4181303
content-type
font/woff2
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-origin
*
content-length
11020
x-xss-protection
0
expires
Sat, 21 Nov 2020 04:03:04 GMT
analytics.js
www.google-analytics.com/ 		43 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N4LLGZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:808::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 19 Aug 2019 17:22:41 GMT
server
Golfe2
age
3472
date
Thu, 09 Jan 2020 12:33:35 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
17803
expires
Thu, 09 Jan 2020 14:33:35 GMT
conversion_async.js
www.googleadservices.com/pagead/ 		26 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N4LLGZ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s25-in-f2.1e100.net
Software
cafe /
Resource Hash
d8678ca34e4815f18939c65aeddb30a6bd5332a41d843b109218319f73cb0fdf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 13:31:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-disposition
attachment; filename="f.txt"
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
9937
x-xss-protection
0
server
cafe
etag
2163967560479294588
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Thu, 09 Jan 2020 13:31:27 GMT
insight.min.js
sjs.bizographics.com/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://sjs.bizographics.com/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N4LLGZ
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:10c:38f::3adf , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Thu, 09 Jan 2020 13:31:27 GMT
Content-Encoding
gzip
Last-Modified
Mon, 07 Oct 2019 16:41:31 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=27946
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1576
53864.js
js.hs-analytics.net/analytics/1578576900000/ 		74 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1578576900000/53864.js
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:45b0 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd99f383d6d86314e03a1618c8c43b3d8f1813e5af2aef399da6ac43d6b0443f

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 13:31:27 GMT
content-encoding
gzip
cf-cache-status
MISS
x-amz-request-id
4BEDDDBDFA74F800
status
200
content-type
text/javascript
x-amz-id-2
gBzLcwmukPEJJOWfUGKpx024MJD5A7zKeVW0E/7w+ba5N8lSjPMTkSJjypU5sMeefHtK3GI0NYE=
last-modified
Thu, 02 Jan 2020 14:15:27 GMT
server
cloudflare
etag
W/"790ff03a1fcc2ac42af84c488e753568"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
x-amz-version-id
null
cache-control
max-age=300, public
access-control-allow-credentials
false
cf-ray
5526c58a7d45d72d-FRA
expires
Thu, 09 Jan 2020 13:36:27 GMT
loader.js
www.gstatic.com/wcm/ 		422 B
358 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/wcm/loader.js
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
cbb6560ed1e9e91e2ceb73f50c333bf5fd86d56839161bf5383a1dd44faf5bc2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 12:39:18 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Wed, 02 Oct 2019 19:45:00 GMT
server
sffe
age
3129
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=3600
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
286
x-xss-protection
0
expires
Thu, 09 Jan 2020 13:39:18 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:6c00:296::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Thu, 09 Jan 2020 13:31:27 GMT
Content-Encoding
gzip
Last-Modified
Mon, 07 Oct 2019 16:41:31 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=29543
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1576
impl-1_32.js
www.gstatic.com/wcm/ 		30 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/wcm/impl-1_32.js
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/wcm/loader.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
sffe /
Resource Hash
9cc17f2a29825643f4ab4b92f34c6fe5e9b12f1dd87068a07c4933488fd880f7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Wed, 08 Jan 2020 21:43:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 05 Aug 2019 17:45:00 GMT
server
sffe
age
56867
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=31536000
accept-ranges
bytes
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
12298
x-xss-protection
0
expires
Thu, 07 Jan 2021 21:43:40 GMT
ga-audiences
www.google.de/ads/
Redirect Chain
  • https://www.google-analytics.com/r/collect?v=1&_v=j79&a=1088422697&t=pageview&_s=1&dl=https%3A%2F%2Fwww.appriver.com%2Fblog%2Fpowerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult%...
  • https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-247764-29&cid=1636405235.1578576688&jid=1864095029&_gid=905748960.1578576688&gjid=1399566840&_v=j79&z=931342951
  • https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-247764-29&cid=1636405235.1578576688&jid=1864095029&_v=j79&z=931342951
  • https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-247764-29&cid=1636405235.1578576688&jid=1864095029&_v=j79&z=931342951&slf_rd=1&random=2589494804
42 B
109 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-247764-29&cid=1636405235.1578576688&jid=1864095029&_v=j79&z=931342951&slf_rd=1&random=2589494804
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 09 Jan 2020 13:31:27 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Thu, 09 Jan 2020 13:31:27 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
location
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-247764-29&cid=1636405235.1578576688&jid=1864095029&_v=j79&z=931342951&slf_rd=1&random=2589494804
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
302
cache-control
no-cache, no-store, must-revalidate
content-type
text/html; charset=UTF-8
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
0
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
wcm
www.googleadservices.com/pagead/conversion/1069855855/ 		17 B
755 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion/1069855855/wcm?cl=BIL1CMbgk2MQ7-iS_gM&fb=8662234645&callback=corscb
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/wcm/impl-1_32.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
216.58.207.66 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
fra16s25-in-f2.1e100.net
Software
cafe /
Resource Hash
298f43e50bca9522b9df850442cb53fb51580aa277a3feb754aed322ea644159
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Origin
https://www.appriver.com

Response headers

date
Thu, 09 Jan 2020 13:31:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.appriver.com
cache-control
private
access-control-allow-credentials
true
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
37
x-xss-protection
0
collect
px.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=177881&url=https%3A%2F%2Fwww.appriver.com%2Fblog%2Fpowerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult%2F&time=1578576687780
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D177881%26url%3Dhttps%253A%252F%252Fwww.appriver.com%252Fblog%252Fpowerpoint-malwa...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=177881&url=https%3A%2F%2Fwww.appriver.com%2Fblog%2Fpowerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult%2F&time=1578576687780&li...
0
93 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=177881&url=https%3A%2F%2Fwww.appriver.com%2Fblog%2Fpowerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult%2F&time=1578576687780&liSync=true
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 13:31:28 GMT
content-encoding
gzip
server
Play
vary
Accept-Encoding
x-li-fabric
prod-lva1
status
200
x-li-proto
http/2
x-li-pop
prod-efr5
content-type
application/javascript
content-length
20
x-li-uuid
2DrnUiI76BWwjksvICsAAA==

Redirect headers

date
Thu, 09 Jan 2020 13:31:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
302
x-li-pop
prod-efr5
content-length
20
x-li-uuid
RrF7TCI76BUwirO9/ioAAA==
pragma
no-cache
server
Play
x-frame-options
sameorigin
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
vary
Accept-Encoding
strict-transport-security
max-age=2592000
x-li-fabric
prod-lva1
location
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=177881&url=https%3A%2F%2Fwww.appriver.com%2Fblog%2Fpowerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult%2F&time=1578576687780&liSync=true
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
content-security-policy
default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob:; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-li-proto
http/2
expires
Thu, 01 Jan 1970 00:00:00 GMT
wcm
www.google.com/pagead/attribution/ 		17 B
137 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google.com/pagead/attribution/wcm?cl=BIL1CMbgk2MQ7-iS_gM&fb=8662234645&use_ssct=1&callback=corscb
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/wcm/impl-1_32.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
298f43e50bca9522b9df850442cb53fb51580aa277a3feb754aed322ea644159
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Origin
https://www.appriver.com

Response headers

date
Thu, 09 Jan 2020 13:31:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
content-type
application/json; charset=UTF-8
access-control-allow-origin
https://www.appriver.com
cache-control
private
access-control-allow-credentials
true
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
37
x-xss-protection
0
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/1069855855/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1069855855/?random=1578576687846&cv=9&fst=1578576687846&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg121&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.appriver.com%2Fblog%2Fpowerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult%2F&tiba=PowerPoint%20Malware%20References%20Drake%20Lyrics%20to%20Drop%20Lokibot%20%26%20Azorult&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
a2c6347ba5b7ca9bb589f6bf75c7a0b789ea4ad60ca17d034272528b25ab55e1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 09 Jan 2020 13:31:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-type
text/javascript; charset=UTF-8
server
cafe
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status
200
cache-control
no-cache, must-revalidate
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q049="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
1076
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/1069855855/ 		42 B
134 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/1069855855/?random=1578576687846&cv=9&fst=1578574800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg121&sendb=1&frm=0&url=https%3A%2F%2Fwww.appriver.com%2Fblog%2Fpowerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult%2F&tiba=PowerPoint%20Malware%20References%20Drake%20Lyrics%20to%20Drop%20Lokibot%20%26%20Azorult&async=1&fmt=3&is_vtc=1&random=3913158928&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 09 Jan 2020 13:31:27 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/1069855855/ 		42 B
110 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/1069855855/?random=1578576687846&cv=9&fst=1578574800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=0&u_nmime=0&gtm=2wg121&sendb=1&frm=0&url=https%3A%2F%2Fwww.appriver.com%2Fblog%2Fpowerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult%2F&tiba=PowerPoint%20Malware%20References%20Drake%20Lyrics%20to%20Drop%20Lokibot%20%26%20Azorult&async=1&fmt=3&is_vtc=1&random=3913158928&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:825::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

pragma
no-cache
date
Thu, 09 Jan 2020 13:31:27 GMT
x-content-type-options
nosniff
content-type
image/gif
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status
200
cache-control
no-cache, no-store, must-revalidate
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
sf14g.js
t.sf14g.com/ 		37 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://t.sf14g.com/sf14g.js
Requested by
Host: www.appriver.com
URL: https://www.appriver.com/Scripts/bundles/custom.bundle_F4CE133DCC58978A721B3AF136397CA1.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.192.123.20 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-34-192-123-20.compute-1.amazonaws.com
Software
Kestrel /
Resource Hash
86ecafc33ecb5976760d6b5f13a2874525e3f4bfa8b12a0e14d6c98ae9e727cd
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 13:31:28 GMT
last-modified
Tue, 16 Oct 2018 18:33:02 GMT
server
Kestrel
etag
"1d4657eab9c909b"
strict-transport-security
max-age=2592000
content-type
application/javascript
status
200
accept-ranges
bytes
content-length
37787
start_tracking_data.php
analytics.influenceandco.com/ 		8 B
401 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://analytics.influenceandco.com/start_tracking_data.php?key=f6e52be6ef2d9a4adbac87536dc5efa5&host=https://www.appriver.com&url=https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Requested by
Host: analytics.influenceandco.com
URL: https://analytics.influenceandco.com/ico.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.68.114.189 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-68-114-189.us-west-2.compute.amazonaws.com
Software
nginx/1.12.1 / PHP/5.5.38
Resource Hash
1f22cdf6902082f2b8de2de9a4d2e873a01b6d794bbff0eac4ffd47f778d39f8

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Origin
https://www.appriver.com

Response headers

Date
Thu, 09 Jan 2020 13:31:28 GMT
Server
nginx/1.12.1
X-Powered-By
PHP/5.5.38
Transfer-Encoding
chunked
Content-Type
text/html
Access-Control-Allow-Origin
https://www.appriver.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
53864.js
js.hs-scripts.com/ 		1012 B
976 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-scripts.com/53864.js
Requested by
Host: js.hs-analytics.net
URL: https://js.hs-analytics.net/analytics/1578576900000/53864.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:d4cc , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
da0cb0a2f1faab96e39587bef44a16083fbc76032c3d6770f0bd502d289a6c07

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 13:31:28 GMT
content-encoding
gzip
cf-cache-status
EXPIRED
status
200
access-control-max-age
3600
content-length
470
server
cloudflare
x-trace
2B5A880A60BCDB59BFE67074EDE0D6209231D0CAFB000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
access-control-allow-origin
https://www.appriver.com
cache-control
public, max-age=60
access-control-allow-credentials
true
accept-ranges
bytes
cf-ray
5526c58ffd7327a2-FRA
expires
Thu, 09 Jan 2020 13:32:28 GMT
__ptq.gif
track.hubspot.com/ 		45 B
317 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=en-us&bfp=643011938&v=1.1&a=53864&pu=https%3A%2F%2Fwww.appriver.com%2Fblog%2Fpowerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult%2F&t=PowerPoint+Malware+References+Drake+Lyrics+to+Drop+Lokibot+%26+Azorult&cts=1578576688605&vi=c7f437a48ca43baa9766f25402c9e153&nc=true&u=191026037.c7f437a48ca43baa9766f25402c9e153.1578576688603.1578576688603.1578576688603.1&b=191026037.1.1578576688603
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:f905 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 13:31:28 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
p3p
CP="NOI CUR ADM OUR NOR STA NID"
status
200
cache-control
no-cache, no-store, no-transform
access-control-allow-credentials
false
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
5526c58fd85bdfa5-FRA
content-type
image/gif
content-length
45
x-robots-tag
none
index.html
js.driftt.com/deploy/assets/ Frame 9B51 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.driftt.com/deploy/assets/index.html
Requested by
Host: js.driftt.com
URL: https://js.driftt.com/include/1578576900000/n3tifahsaxzc.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.224.196.41 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-224-196-41.fra2.r.cloudfront.net
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

:method
GET
:authority
js.driftt.com
:scheme
https
:path
/deploy/assets/index.html
pragma
no-cache
cache-control
no-cache
upgrade-insecure-requests
1
user-agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site
cross-site
sec-fetch-mode
nested-navigate
referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
accept-encoding
gzip, deflate, br
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/

Response headers

status
200
content-type
text/html; charset=utf-8
content-length
894
date
Thu, 09 Jan 2020 13:28:09 GMT
server
nginx
last-modified
Tue, 07 Jan 2020 17:19:36 GMT
etag
"6067b97d81a145fb45978ca4940f6d53"
x-amz-server-side-encryption
AES256
accept-ranges
bytes
cache-control
max-age=10
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-headers
DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Hit from cloudfront
via
1.1 3aed5a4f89d72775aaf2cc5a5f642386.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
Q0fdDVo2hvpl8a3BW_xnp6ygjuNQ_iZ7P2OlFQ8ihX8M8FUmNaM-9A==
tracking.png
tracking.leadlander.com/
Redirect Chain
  • https://tracking.leadlander.com/api/tracking?accountId=31727&page=https%3A%2F%2Fwww.appriver.com%2Fblog%2Fpowerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult%2F&referer=&fp=46b06...
  • https://tracking.leadlander.com/tracking.png
68 B
347 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tracking.leadlander.com/tracking.png
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.156.185.237 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-54-156-185-237.compute-1.amazonaws.com
Software
Kestrel /
Resource Hash
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7
Security Headers
Name Value
Strict-Transport-Security max-age=2592000

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

Date
Thu, 09 Jan 2020 13:31:28 GMT
Last-Modified
Wed, 26 Sep 2018 16:48:51 GMT
Server
Kestrel
ETag
"1d455b8cd761bc4"
Strict-Transport-Security
max-age=2592000
Content-Type
image/png
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
68

Redirect headers

Location
/tracking.png
Date
Thu, 09 Jan 2020 13:31:28 GMT
Server
Kestrel
Connection
keep-alive
Content-Length
0
Strict-Transport-Security
max-age=2592000
fb.js
js.hsadspixel.net/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsadspixel.net/fb.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/53864.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2606:4700::6811:70b0 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
d998e1c989da89276b479d0ab823fb7090fa39e25fdc4856c9034e8af92caa0c

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 13:31:28 GMT
via
1.1 7f7e359e1c06a914d3d305785359b84d.cloudfront.net (CloudFront)
cf-cache-status
HIT
age
305
x-cache
Hit from cloudfront
status
200
x-amz-replication-status
COMPLETED
content-encoding
gzip
x-amz-version-id
o3e7t_ng9I6UO2yJ9PBoEsHFkU9lFHC8
last-modified
Tue, 17 Dec 2019 01:38:33 GMT
server
cloudflare
etag
W/"5df15688eed67be6535dfec7cf8fe9e6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=600
x-amz-cf-pop
IAD89-C1
cf-ray
5526c590c9f56497-FRA
x-amz-cf-id
9ncLz7dkSjHK3L75fEJenjrnXUPNd6-KR9IlKDW2hsuqjxI76KEZlg==
json
api.hubapi.com/hs-script-loader-public/v1/config/ 		32 B
604 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.hubapi.com/hs-script-loader-public/v1/config/json?portalId=53864
Requested by
Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:cacc , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
7057453c2e6d9c66459bcdac3c7965d6a494f56823a46c88927c5ce6749ff970
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Origin
https://www.appriver.com

Response headers

date
Thu, 09 Jan 2020 13:31:28 GMT
vary
Accept-Encoding
cf-cache-status
DYNAMIC
status
200
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
32
server
cloudflare
x-trace
2B7DE0076E419A1A2B007D70D80CC3E943E1D9EFFD000000000000000000
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
180
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
content-type
application/json;charset=utf-8
access-control-allow-origin
https://www.appriver.com
access-control-allow-credentials
false
accept-ranges
bytes
cf-ray
5526c5910fc1c2d6-FRA
access-control-allow-headers
*
fbevents.js
connect.facebook.net/en_US/ 		126 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
1ada5b4d0b63b06d2bd668cd7d6597689796da41a434a675cfdbd2a1bddf251a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-24=":443"; ma=3600
content-length
30426
x-xss-protection
0
pragma
public
x-fb-debug
7ocxlKrWyr0+5aNCteOUb/ufpM7IuRWs+SfsJDBD/cf9/QttQtlW8MPhhRzOTiHjmXC8dJjOQEvGQ65JiUk2SQ==
x-fb-trip-id
1850256238
date
Thu, 09 Jan 2020 13:31:28 GMT
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
expires
Sat, 01 Jan 2000 00:00:00 GMT
311677159236065
connect.facebook.net/signals/config/ 		447 KB
112 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/311677159236065?v=2.9.15&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
54930afaba706d3f5a1550e2bb54cd49acef8b24a685a4367257dfef099d07a2
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-24=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
3GshsQNgWn3VBNxYVw2BeAeVFCjPZI0UxddFIHgEpBERpqGBWBgceMk/gMuID5cp8KdbdlKq1I0LQMoE6+2bWg==
x-fb-trip-id
1850256238
date
Thu, 09 Jan 2020 13:31:28 GMT
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		44 B
325 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=311677159236065&ev=PageView&dl=https%3A%2F%2Fwww.appriver.com%2Fblog%2Fpowerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult%2F&rl=&if=false&ts=1578576689012&sw=1600&sh=1200&v=2.9.15&r=stable&a=tmhubspot&ec=0&o=30&fbp=fb.1.1578576689011.903946011&it=1578576688929&coo=false&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 13:31:29 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-24=":443"; ma=3600
content-length
44
expires
Thu, 09 Jan 2020 13:31:29 GMT
/
www.facebook.com/tr/ 		44 B
100 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=311677159236065&ev=Microdata&dl=https%3A%2F%2Fwww.appriver.com%2Fblog%2Fpowerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult%2F&rl=&if=false&ts=1578576689515&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22PowerPoint%20Malware%20References%20Drake%20Lyrics%20to%20Drop%20Lokibot%20%26%20Azorult%22%7D&cd[OpenGraph]=%7B%22og%3Atitle%22%3A%22PowerPoint%20Malware%20References%20Drake%20Lyrics%20to%20Drop%20Lokibot%20%26%20Azorult%22%2C%22og%3Adescription%22%3A%22PowerPoint%20Malware%20References%20Drake%20Lyrics%20to%20Drop%20Lokibot%20%26%20Azorult%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.appriver.com%2Fblog%2Fpowerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult%2F%3F.ToString()%22%2C%22og%3Atype%22%3A%22website%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fwww.appriver.com%2Ffiles%2Fimages%2Fblog%2Fpickett%2Fvirus_backimg.jpg%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%7B%22%40context%22%3A%22http%3A%2F%2Fschema.org%22%2C%22%40type%22%3A%22WebSite%22%2C%22url%22%3A%22https%3A%2F%2Fappriver.com%2F%22%2C%22potentialAction%22%3A%7B%22%40type%22%3A%22SearchAction%22%2C%22target%22%3A%22https%3A%2F%2Fwww.appriver.com%2Fsearch%3Fss360Query%3D%7Bsearch_term_string%7D%22%2C%22query-input%22%3A%22required%20name%3Dsearch_term_string%22%7D%7D%5D&sw=1600&sh=1200&v=2.9.15&r=stable&a=tmhubspot&ec=1&o=30&fbp=fb.1.1578576689011.903946011&it=1578576688929&coo=false&es=automatic&tm=3&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8183:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36

Response headers

date
Thu, 09 Jan 2020 13:31:29 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-24=":443"; ma=3600
content-length
44
expires
Thu, 09 Jan 2020 13:31:29 GMT
end_tracking_data.php
analytics.influenceandco.com/ 		8 B
294 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://analytics.influenceandco.com/end_tracking_data.php?id=15803044&host=https://www.appriver.com&key=f6e52be6ef2d9a4adbac87536dc5efa5&timer=8501
Requested by
Host: analytics.influenceandco.com
URL: https://analytics.influenceandco.com/ico.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.68.114.189 Boardman, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-68-114-189.us-west-2.compute.amazonaws.com
Software
nginx/1.12.1 / PHP/5.5.38
Resource Hash
1f22cdf6902082f2b8de2de9a4d2e873a01b6d794bbff0eac4ffd47f778d39f8

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.88 Safari/537.36
Referer
https://www.appriver.com/blog/powerpoint-malware-references-drake-lyrics-to-drop-lokibot-and-azorult/
Origin
https://www.appriver.com

Response headers

Date
Thu, 09 Jan 2020 13:31:36 GMT
Server
nginx/1.12.1
X-Powered-By
PHP/5.5.38
Transfer-Encoding
chunked
Content-Type
text/html
Access-Control-Allow-Origin
https://www.appriver.com
Access-Control-Allow-Credentials
true
Connection
keep-alive

Verdicts & Comments Add Verdict or Comment

110 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate function| drift function| driftt string| cmsVirtualPath object| dataLayer string| localizedRequiredMessages object| google_tag_manager string| GoogleAnalyticsObject function| ga string| _bizo_data_partner_id undefined| _bizo_data_partner_title undefined| _bizo_data_partner_domain undefined| _bizo_data_partner_company undefined| _bizo_data_partner_location undefined| _bizo_data_partner_employee_range undefined| _bizo_data_partner_sics undefined| _bizo_data_partner_email string| google_replace_number function| _googWcmImpl string| _googWcmAk function| _googWcmGet string| _linkedin_data_partner_id string| _linkedin_partner_id object| _linkedin_data_partner_ids object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| _googWccDebug function| lintrk boolean| _already_called_lintrk object| __core-js_shared__ object| platform boolean| __DRIFTT_WIDGET_INCLUDED__ string| __DRIFT_INSTANCE_ID__ boolean| __DRIFTT_SHOW_WIDGET_ON_BOOT__ function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO string| google_wcc_status object| _hsq object| _paq boolean| _hstc_loaded function| checkCookieAcceptance function| acceptCookies function| debounce function| qs object| $appriverNav number| headerHeight object| $dropdownMenu object| $rowHeaders object| $autoHide object| $headerVideoVideos object| $headerVideoFullscreen object| $ctaRoundBtn object| $imageThumbs object| defaultOptions object| ss360Config function| moveLabel function| setupFooter function| anchorScroll function| moveReCaptcha function| setupResponsiveImages function| slugify function| mobileOnScroll function| onScroll string| $slug number| $winWidth boolean| mobile number| waitForElCounter function| debounceWindowResize function| debounceScroll function| waitForEl function| $ function| jQuery function| picturefill object| html5 object| Modernizr function| CBPFWTabs function| objectFitPolyfill object| toastr function| mobileAndTabletcheck number| ico_tracker_start_timer string| ico_tracker_session_id number| ico_tracker_window_scroll string| ico_tracker_key function| sendICOUpdateData function| getICOMaxScroll function| sendICOData function| UniBox object| SS360 function| initializeSs360 function| sxQuery object| ss360Settings function| Cookies function| showEmeaDisclaimer object| emeaCountries number| sf14gv number| ss360UniboxCount number| timer boolean| _url string| llfp boolean| _hstc_ran string| __hsUserToken number| expireDateTime object| e boolean| PIXELS_RAN function| fbq function| _fbq

12 Cookies

Domain/Path Name / Value
.appriver.com/ Name: __hssc
Value: 191026037.1.1578576688603
www.appriver.com/ Name: driftt_aid
Value: 57aa887d-1e80-4c86-bc73-2172aeb45867
.appriver.com/ Name: hubspotutk
Value: c7f437a48ca43baa9766f25402c9e153
.appriver.com/ Name: __hssrc
Value: 1
.appriver.com/ Name: __hstc
Value: 191026037.c7f437a48ca43baa9766f25402c9e153.1578576688603.1578576688603.1578576688603.1
.appriver.com/ Name: _gat_UA-247764-29
Value: 1
.appriver.com/ Name: _gcl_au
Value: 1.1.805265666.1578576688
www.appriver.com/ Name: gwcc
Value: %7B%22fallback%22%3A%228662234645%22%2C%22clabel%22%3A%22BIL1CMbgk2MQ7-iS_gM%22%2C%22backoff%22%3A86400%2C%22backoff_expires%22%3A1578663087%7D
.appriver.com/ Name: _ga
Value: GA1.2.1636405235.1578576688
www.appriver.com/ Name: WWW-SRV
Value: www-srv01
.appriver.com/ Name: _gid
Value: GA1.2.905748960.1578576688
www.appriver.com/ Name: ASP.NET_SessionId
Value: 55xxzcdedlpqop1bz3qfoy2x

1 Console Messages

Source Level URL
Text
console-api log URL: https://cdn.sitesearch360.com/sitesearch360-v10.min.js(Line 1)
Message:
SiteSearch360 v10.57 initialized to .searchBox

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.influenceandco.com
api.hubapi.com
cdn.jsdelivr.net
cdn.sitesearch360.com
cdnjs.cloudflare.com
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
googleads.g.doubleclick.net
js.driftt.com
js.hs-analytics.net
js.hs-scripts.com
js.hsadspixel.net
px.ads.linkedin.com
sitesearch360.com
sjs.bizographics.com
snap.licdn.com
stats.g.doubleclick.net
t.sf14g.com
track.hubspot.com
tracking.leadlander.com
use.fontawesome.com
www.appriver.com
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
13.224.196.41
216.58.207.66
23.111.9.35
2606:4700:20::681b:5a70
2606:4700::6810:f905
2606:4700::6811:4004
2606:4700::6811:45b0
2606:4700::6811:70b0
2606:4700::6811:cacc
2606:4700::6811:d4cc
2a00:1450:4001:800::2002
2a00:1450:4001:808::200e
2a00:1450:4001:80b::2003
2a00:1450:4001:819::200a
2a00:1450:4001:81d::2003
2a00:1450:4001:821::2008
2a00:1450:4001:825::2003
2a00:1450:4001:825::2004
2a00:1450:400c:c00::9c
2a02:26f0:10c:38f::3adf
2a02:26f0:6c00:296::25ea
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8183:face:b00c:0:25de
2a04:4e42:1b::621
2a05:f500:10:101::b93f:9101
2a05:f500:10:101::b93f:9105
34.192.123.20
40.90.243.91
54.156.185.237
54.68.114.189
0a514feb4fbfd8d954e169ac87470b6bed79eba11271398753ffe9a51fbd657d
0d9fd7ccabde9b202de45ee6b65878ce9594975d8e8810b0878d3f3fa3637d0e
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
1100388fbf996eb7b0090bf027336657188a330191b295cc1a0b7b23a0008aab
11fca3ef33a320d845f71d9cea70929727e8a9a060532c647dfcf03e2181489a
12ad1a7f0ac2e674b7fd8a8fb0273f5707e3b8abb5d1519b401678b0141407d8
1308794cf46d949b52aa2ea33568d0b80a233c582fefdce14d6c04d84d221006
13d0364b0487b65c1d81b8d9c3735d57c2eb67fba04016acf01bef5e1a4fd368
1ada5b4d0b63b06d2bd668cd7d6597689796da41a434a675cfdbd2a1bddf251a
1cd91b9dd3e258ce4421181a85cde15a2b860fa0adc0580c7c4534a37cde69ba
1d552a1ad0c29116bfed2c344c8b04c48bdce50b1392e887709e8dc03304582b
1e432c235feaef270075cafe07264c1ff103d7bc0ef6aa2275b6b96e60aa7e11
1f22cdf6902082f2b8de2de9a4d2e873a01b6d794bbff0eac4ffd47f778d39f8
298f43e50bca9522b9df850442cb53fb51580aa277a3feb754aed322ea644159
2c236b21dc59de1096ee6ffc8eb2ef05f83511ea93d50d2ccd03596ad6d55384
33e2656713e8648323bd5193b2e314db7df61f4d37d5df4ce22ad72b04a1166a
39b8fe6364621725ff90431a34af0f87976d95c00cbfd1d0f3711a3f1fa1a07b
3d4f40e53e2677e623afc93dfb6f5860e54956e1c9cc3c0a38a4a8d9c9f1ef63
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
452e0758181578be3520e1dcfe3b45d8afd358bb73846f1de1e2a31d6a7f297b
481a0574246e281316ffa0e15399bf5388bb81ae550ce0401a0353b6bb2d1e5a
4e409755939707a86c840ee5800adf69a72f9450d21b09c5cdc32c6bce74e969
50f11d0515d6d6011fdef5ecf4368dfbaece3aa4b482eb29c6889aea97c31fd1
54930afaba706d3f5a1550e2bb54cd49acef8b24a685a4367257dfef099d07a2
5656b290bce93d78816ead066f56eab01ce842ce26adc9f54d82125eb6ecdb99
5d1bc9b443f3f81fa4b4ad4634c1bb9702194c1898e3a9de0ab5e2cdc0e9f479
69539b5b3777cffda28a66d7f2aa9b17c91ee1ec8fd50c00c442af91753a60f7
6a4f823d50a1a06f1a0e80295b4f84c2ca97a4a89b27656e238cf6b9e42c3141
7057453c2e6d9c66459bcdac3c7965d6a494f56823a46c88927c5ce6749ff970
7a048cc33b4678d96f1f7297cb87bbcc927e4a9af5f9bbcc102efc560099b944
83ba631b15e3d878205bae3c4fa5fe1191b28490101603e4c0194df14c34586b
8682d94fa8777afcb80985446e0aeef122b0898e6d400234e84898f4c3cf97b7
86ecafc33ecb5976760d6b5f13a2874525e3f4bfa8b12a0e14d6c98ae9e727cd
92606bd38901e67d069f2ef883715b6e5ae07d72ae3bead3ad92346528374afc
9cc17f2a29825643f4ab4b92f34c6fe5e9b12f1dd87068a07c4933488fd880f7
a122bb989721de6bcac918697f25c349b873d3d9143951035c3af944cb5c01b5
a2c6347ba5b7ca9bb589f6bf75c7a0b789ea4ad60ca17d034272528b25ab55e1
bd9ec13873a2e31cbcc40f920bc9671095703fc7e2e8f606a2846e939542d0b7
c11ed7852b584a310cef29afdf9895e87a6e673d26c3433dcfc805a15488d2fb
cbb6560ed1e9e91e2ceb73f50c333bf5fd86d56839161bf5383a1dd44faf5bc2
cd99f383d6d86314e03a1618c8c43b3d8f1813e5af2aef399da6ac43d6b0443f
d8678ca34e4815f18939c65aeddb30a6bd5332a41d843b109218319f73cb0fdf
d998e1c989da89276b479d0ab823fb7090fa39e25fdc4856c9034e8af92caa0c
da0cb0a2f1faab96e39587bef44a16083fbc76032c3d6770f0bd502d289a6c07
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e7345e59a5bcd2cc16c436ffb983b737d8bb66a72114f9a511eb33788dfb30bd
ec460c1b28fa4ae1147ac62358f5ad102d09319a0386aca826d1ed95799ceff7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f5cb5954856ae331352a3e2a8e8e3dc1ad02f4bd9ef50dab0e403a7bb24e1112
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c