www.esentire.com Open in urlscan Pro
104.20.162.46 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://u33254697.ct.sendgrid.net/ls/click?upn=u001.rfmZKoSIQF-2FqHrRaNSBoL-2Fqha94otdn-2BHXpZMDZdwV45ScDtk71xRL991boGgrdHKvDOsuOo...
Effective URL:
https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
Submission: On August 05 via api (August 5th 2024, 7:37:24 pm UTC) from IL — Scanned from IL

Summary HTTP 138 Redirects Links 12 Behaviour Indicators

Summary

This website contacted 34 IPs in 6 countries across 26 domains to perform 138 HTTP transactions. The main IP is 104.20.162.46, located in and belongs to CLOUDFLARENET, US. The main domain is www.esentire.com. The Cisco Umbrella rank of the primary domain is 793853.
TLS certificate: Issued by DigiCert EV RSA CA G2 on April 23rd 2024. Valid for: a year.

This is the only time www.esentire.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	167.89.123.64 167.89.123.64	11377 (SENDGRID) (SENDGRID)
4	104.20.162.46 104.20.162.46	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	104.17.248.203 104.17.248.203	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.187.31 104.18.187.31	13335 (CLOUDFLAR...) (CLOUDFLARENET)
17	2.19.126.206 2.19.126.206	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
10	52.95.145.115 52.95.145.115	16509 (AMAZON-02) (AMAZON-02)
3	172.217.16.136 172.217.16.136	15169 (GOOGLE) (GOOGLE)
12	104.16.118.43 104.16.118.43	13335 (CLOUDFLAR...) (CLOUDFLARENET)
6	52.95.146.233 52.95.146.233	16509 (AMAZON-02) (AMAZON-02)
6	184.24.77.154 184.24.77.154	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
6	34.96.102.137 34.96.102.137	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
10	3.92.120.28 3.92.120.28	14618 (AMAZON-AES) (AMAZON-AES)
2	104.18.26.50 104.18.26.50	13335 (CLOUDFLAR...) (CLOUDFLARENET)
11	2.17.147.176 2.17.147.176	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2.21.20.144 2.21.20.144	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 4	131.253.33.237 131.253.33.237	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	18.245.86.77 18.245.86.77	16509 (AMAZON-02) (AMAZON-02)
8	172.217.16.196 172.217.16.196	15169 (GOOGLE) (GOOGLE)
2	104.18.31.176 104.18.31.176	13335 (CLOUDFLAR...) (CLOUDFLARENET)
4	65.9.66.103 65.9.66.103	16509 (AMAZON-02) (AMAZON-02)
2	216.239.38.181 216.239.38.181	15169 (GOOGLE) (GOOGLE)
1	173.194.76.155 173.194.76.155	15169 (GOOGLE) (GOOGLE)
2	142.250.185.227 142.250.185.227	15169 (GOOGLE) (GOOGLE)
1	142.250.185.66 142.250.185.66	15169 (GOOGLE) (GOOGLE)
3	142.250.184.227 142.250.184.227	15169 (GOOGLE) (GOOGLE)
3 6	108.174.10.20 108.174.10.20	14413 (LINKEDIN) (LINKEDIN)
2	13.107.246.45 13.107.246.45	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
1	13.225.83.200 13.225.83.200	16509 (AMAZON-02) (AMAZON-02)
3	20.10.16.51 20.10.16.51	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	172.64.150.44 172.64.150.44	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	18.245.86.73 18.245.86.73	16509 (AMAZON-02) (AMAZON-02)
1 2	13.74.129.1 13.74.129.1	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	3.215.172.219 3.215.172.219	14618 (AMAZON-AES) (AMAZON-AES)
1	3.5.252.223 3.5.252.223	16509 (AMAZON-02) (AMAZON-02)
138	34

1 167.89.123.64 (Chicago, United States) 1 redirects

ASN11377 (SENDGRID, US)
PTR: o16789123x64.outbound-mail.sendgrid.net

u33254697.ct.sendgrid.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.20.162.46 (None, )

ASN13335 (CLOUDFLARENET, US)

www.esentire.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.17.248.203 (None, )

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.187.31 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 2.19.126.206 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-19-126-206.deploy.static.akamaitechnologies.com

use.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 52.95.145.115 (Montreal, Canada)

ASN16509 (AMAZON-02, US)
PTR: s3-w.ca-central-1.amazonaws.com

esentire-dot-com-assets.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.217.16.136 (United States)

ASN15169 (GOOGLE, US)
PTR: zrh04s06-in-f136.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 104.16.118.43 (None, )

ASN13335 (CLOUDFLARENET, US)

ws.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ws-assets.zoominfo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 52.95.146.233 (Montreal, Canada)

ASN16509 (AMAZON-02, US)
PTR: s3.ca-central-1.amazonaws.com

s3.ca-central-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 184.24.77.154 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a184-24-77-154.deploy.static.akamaitechnologies.com

p.typekit.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 34.96.102.137 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 137.102.96.34.bc.googleusercontent.com

dev.visualwebsiteoptimizer.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 3.92.120.28 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-92-120-28.compute-1.amazonaws.com

mdr.esentire.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.26.50 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.mouseflow.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2.17.147.176 (Prague, Czech Republic)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-147-176.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.21.20.144 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-21-20-144.deploy.static.akamaitechnologies.com

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 131.253.33.237 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.245.86.77 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-86-77.fra60.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 172.217.16.196 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f196.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.18.31.176 (None, )

ASN13335 (CLOUDFLARENET, US)

tracking.g2crowd.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 65.9.66.103 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-103.fra56.r.cloudfront.net

nexus.ensighten.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 216.239.38.181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.194.76.155 (United States)

ASN15169 (GOOGLE, US)
PTR: ws-in-f155.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.227 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f3.1e100.net

www.google.co.il	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.184.227 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s12-in-f3.1e100.net

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 108.174.10.20 (United States) 3 redirects

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-20.fwd.linkedin.com

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.107.246.45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 15.197.193.217 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.225.83.200 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-83-200.fra2.r.cloudfront.net

d1eoo1tco6rr5e.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 20.10.16.51 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

z.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.64.150.44 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

js.zi-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.245.86.73 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-86-73.fra60.r.cloudfront.net

js.driftt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.74.129.1 (Dublin, Ireland) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.215.172.219 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-215-172-219.compute-1.amazonaws.com

pi.pardot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.5.252.223 (Montreal, Canada)

ASN16509 (AMAZON-02, US)
PTR: s3-r-w.ca-central-1.amazonaws.com

esentire-dot-com-assets.s3.ca-central-1.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
23	typekit.net use.typekit.net — Cisco Umbrella Rank: 1178 p.typekit.net — Cisco Umbrella Rank: 1499	224 KB
17	amazonaws.com esentire-dot-com-assets.s3.amazonaws.com s3.ca-central-1.amazonaws.com esentire-dot-com-assets.s3.ca-central-1.amazonaws.com	6 MB
14	esentire.com www.esentire.com — Cisco Umbrella Rank: 793853 mdr.esentire.com	489 KB
12	zoominfo.com ws.zoominfo.com — Cisco Umbrella Rank: 10891 ws-assets.zoominfo.com — Cisco Umbrella Rank: 34577	33 KB
11	6sc.co j.6sc.co — Cisco Umbrella Rank: 12402 c.6sc.co — Cisco Umbrella Rank: 16017 ipv6.6sc.co — Cisco Umbrella Rank: 12823 b.6sc.co — Cisco Umbrella Rank: 6896	22 KB
10	google.com www.google.com — Cisco Umbrella Rank: 10 analytics.google.com — Cisco Umbrella Rank: 238	1 KB
7	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 1114 z.clarity.ms — Cisco Umbrella Rank: 8883 c.clarity.ms — Cisco Umbrella Rank: 1838	29 KB
6	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 669 www.linkedin.com — Cisco Umbrella Rank: 914	6 KB
6	visualwebsiteoptimizer.com dev.visualwebsiteoptimizer.com — Cisco Umbrella Rank: 4988	83 KB
4	ensighten.com nexus.ensighten.com — Cisco Umbrella Rank: 5862	12 KB
4	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 534 c.bing.com — Cisco Umbrella Rank: 341	17 KB
3	zi-scripts.com js.zi-scripts.com — Cisco Umbrella Rank: 15834	4 KB
3	gstatic.com www.gstatic.com	213 KB
3	driftt.com js.driftt.com — Cisco Umbrella Rank: 17606	62 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	304 KB
2	google.co.il www.google.co.il — Cisco Umbrella Rank: 18481	562 B
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 252 googleads.g.doubleclick.net — Cisco Umbrella Rank: 77	2 KB
2	g2crowd.com tracking.g2crowd.com — Cisco Umbrella Rank: 19182	2 KB
2	mouseflow.com cdn.mouseflow.com — Cisco Umbrella Rank: 11558	56 KB
2	unpkg.com unpkg.com — Cisco Umbrella Rank: 1314	11 KB
1	pardot.com pi.pardot.com — Cisco Umbrella Rank: 12600	1 KB
1	cloudfront.net d1eoo1tco6rr5e.cloudfront.net
1	adsrvr.org 1 redirects insight.adsrvr.org — Cisco Umbrella Rank: 1486	87 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1884	14 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 410	6 KB
1	sendgrid.net 1 redirects u33254697.ct.sendgrid.net	320 B
138	26

	Domain	Requested by
17	use.typekit.net	www.esentire.com use.typekit.net mdr.esentire.com
10	mdr.esentire.com	www.esentire.com mdr.esentire.com
10	ws.zoominfo.com	www.esentire.com ws-assets.zoominfo.com js.zi-scripts.com
10	esentire-dot-com-assets.s3.amazonaws.com	www.esentire.com
8	www.google.com	www.googletagmanager.com mdr.esentire.com www.esentire.com www.gstatic.com
7	b.6sc.co	www.esentire.com
6	dev.visualwebsiteoptimizer.com	www.esentire.com dev.visualwebsiteoptimizer.com
6	p.typekit.net	www.esentire.com use.typekit.net
6	s3.ca-central-1.amazonaws.com	www.esentire.com mdr.esentire.com
5	px.ads.linkedin.com	2 redirects snap.licdn.com www.esentire.com
4	nexus.ensighten.com	www.googletagmanager.com nexus.ensighten.com
4	www.esentire.com	www.esentire.com
3	js.zi-scripts.com	mdr.esentire.com js.zi-scripts.com
3	z.clarity.ms	www.clarity.ms
3	www.gstatic.com	www.google.com
3	js.driftt.com	www.esentire.com js.driftt.com
3	bat.bing.com	www.googletagmanager.com bat.bing.com www.esentire.com
3	www.googletagmanager.com	www.esentire.com www.googletagmanager.com
2	c.clarity.ms	1 redirects
2	www.clarity.ms	bat.bing.com www.clarity.ms
2	ws-assets.zoominfo.com	mdr.esentire.com js.zi-scripts.com
2	www.google.co.il	www.esentire.com
2	analytics.google.com	www.googletagmanager.com
2	tracking.g2crowd.com	www.esentire.com tracking.g2crowd.com
2	j.6sc.co	www.googletagmanager.com j.6sc.co
2	cdn.mouseflow.com	www.esentire.com mdr.esentire.com
2	unpkg.com	www.esentire.com
1	esentire-dot-com-assets.s3.ca-central-1.amazonaws.com
1	pi.pardot.com	mdr.esentire.com
1	c.bing.com	1 redirects
1	d1eoo1tco6rr5e.cloudfront.net	nexus.ensighten.com
1	insight.adsrvr.org	1 redirects
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	www.linkedin.com	1 redirects
1	googleads.g.doubleclick.net	www.googletagmanager.com
1	stats.g.doubleclick.net	www.googletagmanager.com
1	snap.licdn.com	www.googletagmanager.com
1	cdn.jsdelivr.net	www.esentire.com
1	u33254697.ct.sendgrid.net	1 redirects
138	40

This site contains links to these domains. Also see Links.

Domain
twitter.com
linkedin.com
developers.cloudflare.com
x.com
github.com
www.ired.team
esentire.channeltivity.com
ca.linkedin.com
www.youtube.com

Subject Issuer	Validity	Valid
www.esentire.com DigiCert EV RSA CA G2	`2024-04-23` - `2025-05-02`	a year	crt.sh
unpkg.com WE1	`2024-07-28` - `2024-10-26`	3 months	crt.sh
*.jsdelivr.net Sectigo RSA Domain Validation Secure Server CA	`2024-05-04` - `2025-05-04`	a year	crt.sh
use.typekit.net DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-02-01` - `2025-03-03`	a year	crt.sh
*.s3.amazonaws.com Amazon RSA 2048 M01	`2024-04-22` - `2025-04-07`	a year	crt.sh
*.google-analytics.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
zoominfo.com E5	`2024-07-18` - `2024-10-16`	3 months	crt.sh
*.s3.ca-central-1.amazonaws.com Amazon RSA 2048 M01	`2024-05-28` - `2025-05-17`	a year	crt.sh
*.visualwebsiteoptimizer.com Starfield Secure Certificate Authority - G2	`2024-06-29` - `2025-07-31`	a year	crt.sh
mdr.esentire.com R10	`2024-06-30` - `2024-09-28`	3 months	crt.sh
cdn.mouseflow.com Cloudflare Inc ECC CA-3	`2023-10-25` - `2024-10-23`	a year	crt.sh
6sc.co R11	`2024-07-03` - `2024-10-01`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
www.bing.com Microsoft Azure RSA TLS Issuing CA 04	`2024-06-19` - `2024-12-16`	6 months	crt.sh
drift.com Amazon RSA 2048 M03	`2024-07-30` - `2025-08-27`	a year	crt.sh
*.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
g2crowd.com WE1	`2024-06-23` - `2024-09-21`	3 months	crt.sh
nexus.ensighten.com Amazon RSA 2048 M02	`2023-09-29` - `2024-10-27`	a year	crt.sh
*.g.doubleclick.net WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.google.co.il WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.gstatic.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2024-06-14` - `2024-12-14`	6 months	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2023-12-07` - `2024-12-07`	a year	crt.sh
*.cloudfront.net Amazon RSA 2048 M01	`2023-10-10` - `2024-09-19`	a year	crt.sh
a.clarity.ms Microsoft Azure RSA TLS Issuing CA 08	`2024-06-23` - `2025-06-18`	a year	crt.sh
zi-scripts.com WE1	`2024-07-25` - `2024-10-23`	3 months	crt.sh
pi.pardot.com DigiCert TLS RSA SHA256 2020 CA1	`2024-06-05` - `2025-06-04`	a year	crt.sh

This page contains 10 frames:

Primary Page: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
Frame ID: 54791CD6089265D5D807D4712CA69E37
Requests: 92 HTTP requests in this frame

Frame: https://mdr.esentire.com/l/651833/2022-10-12/27fwyb?ScoringCateogry=TRU%20Interest
Frame ID: B42B2EBC55C6D41FDEBA39EE5CE77114
Requests: 14 HTTP requests in this frame

Frame: https://mdr.esentire.com/l/651833/2023-08-01/2pz6mw
Frame ID: 8937EF8EC59E5C1F95B86EBEF816E6BC
Requests: 21 HTTP requests in this frame

Frame: https://d1eoo1tco6rr5e.cloudfront.net/zy90xae/11yjcw6/iframe
Frame ID: 441756BE6CD3BCF2730ED2C4D7225207
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9tZHIuZXNlbnRpcmUuY29tOjQ0Mw..&hl=iw&v=hfUfsXWZFeg83qqxrK27GB8P&size=normal&cb=cdwvojjowtzy
Frame ID: A1388DF21F5BEDC8EB1556C4194CCEE5
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9tZHIuZXNlbnRpcmUuY29tOjQ0Mw..&hl=iw&v=hfUfsXWZFeg83qqxrK27GB8P&size=normal&cb=12p6cjrw2ikl
Frame ID: 4E50EB44BDDB10214C5F9D7003738A61
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=iw&v=hfUfsXWZFeg83qqxrK27GB8P&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ
Frame ID: F1EB0EF0C6EABF2A1175245300499FFD
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=iw&v=hfUfsXWZFeg83qqxrK27GB8P&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ
Frame ID: E2713CD9A20CF4B11A2005897D7D1C3B
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core?d=1&embedId=ys3mr8d6dw69&eId=ys3mr8d6dw69&region=US&forceShow=false&skipCampaigns=false&sessionId=9025ac12-5e30-4457-b763-7a7b58417d2e&sessionStarted=1722886640.617&campaignRefreshToken=f2bcb24b-e267-4401-9293-c279acac0a2d&hideController=false&pageLoadStartTime=1722886635485&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.esentire.com%2Fblog%2Fquartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
Frame ID: 7DEE18D65092969EFD02445DBB33400F
Requests: 1 HTTP requests in this frame

Frame: https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1722886635485
Frame ID: 0BAFDD153A58E4FBA95EEDC69D3D7FF8
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

eSentire | Quartet of Trouble: XWorm, AsyncRAT, VenomRAT, and…

Page URL History Show full URLs

https://u33254697.ct.sendgrid.net/ls/click?upn=u001.rfmZKoSIQF-2FqHrRaNSBoL-2Fqha94otdn-2BHXpZMDZdwV45ScDtk71x... HTTP 302
https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverag... Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Ensighten (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

//nexus\.ensighten\.com/

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Mouse Flow (Analytics) Expand

Overall confidence: 100%
Detected patterns

cdn\.mouseflow\.com

Typekit (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*href="[^"]+use\.typekit\.(?:net|com)

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

reCAPTCHA (Captchas) Expand

Overall confidence: 100%
Detected patterns

/recaptcha/api\.js

Page Statistics

138
Requests

96 %
HTTPS

0 %
IPv6

26
Domains

40
Subdomains

34
IPs

6
Countries

7282 kB
Transfer

12709 kB
Size

48
Cookies

12 Outgoing links

These are links going to different origins than the main page.

URL: https://twitter.com/intent/tweet?url=https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare

Search URL Search Domain Scan URL

URL: https://linkedin.com/shareArticle?url=https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare/&title=Quartet%20of%20Trouble:%20XWorm,%20AsyncRAT,%20VenomRAT,%20and%20PureLogs%20Stealer%20Leverage%20TryCloudflare
Title: .linkedin-share-icon{fill:#fff}

Search URL Search Domain Scan URL

URL: https://developers.cloudflare.com/cloudflare-one/connections/connect-networks/do-more-with-tunnels/trycloudflare/
Title: TryCloudflare

Search URL Search Domain Scan URL

URL: https://x.com/1ZRR4H/status/1809285083997630827
Title: reported

Search URL Search Domain Scan URL

URL: https://github.com/TheWover/donut
Title: Donut loader

Search URL Search Domain Scan URL

URL: https://github.com/hutorny/chaskey?tab=readme-ov-file#chaskey-cipher
Title: Chaskey cipher implementation

Search URL Search Domain Scan URL

URL: https://github.com/esThreatIntelligence/iocs/blob/main/Quartet%20of%20Trouble%3A%20XWorm%2C%20AsyncRAT%2C%20VenomRAT%2C%20and%20PureLogs%20Stealer%20leveraging%20WebDAV/iocs-7-21-2024.txt
Title: here

Search URL Search Domain Scan URL

URL: https://www.ired.team/offensive-security/code-injection-process-injection/early-bird-apc-queue-code-injection
Title: Early Bird APC queue injection

Search URL Search Domain Scan URL

URL: https://esentire.channeltivity.com/Login
Title: PARTNER LOGIN →

Search URL Search Domain Scan URL

URL: https://ca.linkedin.com/company/esentire-inc-
Title: .clsLinkedFooterIcon-1{fill:#172143;stroke-width:0}

Search URL Search Domain Scan URL

URL: https://twitter.com/eSentire

Search URL Search Domain Scan URL

URL: https://www.youtube.com/c/eSentireInc

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://u33254697.ct.sendgrid.net/ls/click?upn=u001.rfmZKoSIQF-2FqHrRaNSBoL-2Fqha94otdn-2BHXpZMDZdwV45ScDtk71xRL991boGgrdHKvDOsuOomCNkHRRqdBcujFYXdCZlYTRY-2FA1WwpHPPKTJC5aT1tPHyL8oM12q3Wo2BCLd0BxLObCZdc3k5jhCm98eV-2FTrOyrCFg9UKrS-2BuRE-3DfAjq_xe6fOXjz6id-2FgGyhTJI-2FmntAo0gAdry6sqehMjQCGvD7nF2NiWe4ARPoaOnYktAL9dfmrwfaDW6MJJfqVz9tPYFaKLOXKkBY1QqqO6mAP0Uh-2FTEzJxy5kJBouU-2F-2BwJUSjUgNmJg3TXQoGYt3ET7v81TJBm1Ww7DL6FhkNjmObZzQRNlyvMyOvHr-2Fl1SGjsLN9w4IMrdiaaWOhdMSAXShiWIAZOrJMvgBevTrkmR4tQQ-3D HTTP 302
https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 83

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1780050&time=1722886637863&li_adsId=e8b461a9-1d79-43dd-8014-1b895cb788cb&url=https%3A%2F%2Fwww.esentire.com%2Fblog%2Fquartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare&tm=gtmv2 HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1780050&time=1722886637863&li_adsId=e8b461a9-1d79-43dd-8014-1b895cb788cb&url=https%3A%2F%2Fwww.esentire.com%2Fblog%2Fquartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare&tm=gtmv2&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1780050%26time%3D1722886637863%26li_adsId%3De8b461a9-1d79-43dd-8014-1b895cb788cb%26url%3Dhttps%253A%252F%252Fwww.esentire.com%252Fblog%252Fquartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare%26tm%3Dgtmv2%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1780050&time=1722886637863&li_adsId=e8b461a9-1d79-43dd-8014-1b895cb788cb&url=https%3A%2F%2Fwww.esentire.com%2Fblog%2Fquartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare&tm=gtmv2&cookiesTest=true&liSync=true

Request Chain 99

https://insight.adsrvr.org/tags/zy90xae/11yjcw6/iframe HTTP 301
https://d1eoo1tco6rr5e.cloudfront.net/zy90xae/11yjcw6/iframe

Request Chain 120

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=B846E87E3B554E06B8B58EFB22C829C0&RedC=c.clarity.ms&MXFR=2CDC950A4F0E6BBB3F0381D84B0E65AF HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=B846E87E3B554E06B8B58EFB22C829C0&MUID=196DA57311E06E563013B1A110E66FBE

138 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare Show response
www.esentire.com/blog/
Redirect Chain

https://u33254697.ct.sendgrid.net/ls/click?upn=u001.rfmZKoSIQF-2FqHrRaNSBoL-2Fqha94otdn-2BHXpZMDZdwV45ScDtk71xRL991boGgrdHKvDOsuOomCNkHRRqdBcujFYXdCZlYTRY-2FA1WwpHPPKTJC5aT1tPHyL8oM12q3Wo2BCLd0BxLO...
https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare

120 KB
32 KB

388ms
138ms

Document
text/html

104.20.162.46
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.162.46 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9aa15e4c5d31e0a86a5d2bca3da1a4455400577897793352f358677d75446da9

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

age: 317604
cache-control: public, s-maxage=31536000, max-age=0
cf-cache-status: HIT
cf-ray: 8ae93d9ecf67923b-FRA
content-encoding: br
content-type: text/html; charset=UTF-8
date: Mon, 05 Aug 2024 19:37:15 GMT
last-modified: Fri, 02 Aug 2024 03:23:51 GMT
permissions-policy: geolocation=(), midi=(),sync-xhr=(),accelerometer=(), gyroscope=(), magnetometer=(), camera=(), fullscreen=(self)
server: cloudflare
strict-transport-security: max-age=15552000
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block

Redirect headers

Connection: keep-alive
Content-Length: 139
Content-Type: text/html; charset=utf-8
Date: Mon, 05 Aug 2024 19:37:14 GMT
Location: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
Server: nginx
X-Robots-Tag: noindex, nofollow

GET
H2 200 style.css
www.esentire.com/ 1 MB
170 KB 135ms
132ms Stylesheet
text/css 104.20.162.46
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.esentire.com/style.css?v=4.9.61

Requested by

Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.162.46 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

590139c47cae0a27239951d75af3d6a8f9e6b0dbaa48bbee05e38c26f5c961bb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:15 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000
cf-cache-status: HIT
age: 323415
x-xss-protection: 1; mode=block
last-modified: Thu, 01 Aug 2024 22:25:41 GMT
server: cloudflare
etag: "122243-61ea6b0dde340-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
cache-control: max-age=2592000, public
permissions-policy: geolocation=(), midi=(),sync-xhr=(),accelerometer=(), gyroscope=(), magnetometer=(), camera=(), fullscreen=(self)
cf-ray: 8ae93d9fc86c923b-FRA

GET
H2 200 aos.css
unpkg.com/aos@2.3.1/dist/ 25 KB
5 KB 410ms
162ms Stylesheet
text/css 104.17.248.203
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/aos@2.3.1/dist/aos.css

Requested by

Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.248.203 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1aa8845fd06e475aefe733d4e55b36a92fcd487975049c8172341827ac9cc03e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.esentire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:15 GMT
content-encoding: gzip
via: 1.1 fly.io
cf-cache-status: HIT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 12542660
last-modified: Thu, 17 May 2018 22:11:13 GMT
fly-request-id: 01HRW73VV6PZEM1DDHST3D5N5N-fra
server: cloudflare
etag: "65c5-BVfTdFS2f0LyyxAeV+UHD7EZNXA"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8ae93da1495591de-FRA

GET
H2 200 swiper-bundle.min.css
cdn.jsdelivr.net/npm/swiper@9/ 18 KB
6 KB 269ms
126ms Stylesheet
text/css 104.18.187.31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/swiper@9/swiper-bundle.min.css

Requested by

Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.187.31 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

af8545de3876815292506711e1369bff9dfe57ec7e04c45c3e1bdac48a11f3b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.esentire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:15 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 17690
x-jsd-version: 9.4.1
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 5125
x-served-by: cache-fra-etou8220057-FRA, cache-lga21925-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"4691-p8Uo3JAYru/tmlIzcWjeyyIOL2E"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z%2BCabA1CI44W6etBYOQFmXmdw0tgovyNbrYHLSNpvMP1UYS2pyN4czHQd2pNeqFaIGJ%2Ba0tGn9ErppA7KhbLgWrt%2FhcBXShGecxQJ6uScHebk61RFxzsn0riPhWfKW0aNEY%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8ae93da07e44e3d3-TLV

GET
H2 200 evh1ctd.css
use.typekit.net/ 5 KB
1 KB 384ms
128ms Stylesheet
text/css 2.19.126.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/evh1ctd.css

Requested by

Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.19.126.206 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-19-126-206.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

f744aac8deccee35ee463043ea3290200814752b40315b995447bf21628bc8a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

Referer: https://www.esentire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
date: Mon, 05 Aug 2024 19:37:15 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 824

GET
H2 200 amm2djb.css
use.typekit.net/ 10 KB
1 KB 393ms
137ms Stylesheet
text/css 2.19.126.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/amm2djb.css

Requested by

Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.19.126.206 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-19-126-206.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

f4e9b4fbd7414d4edc46952b383c63b8ffee6f8ac0570e437878b25096501019

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

Referer: https://www.esentire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
date: Mon, 05 Aug 2024 19:37:15 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 1141

GET
H/1.1 200
OK mdr_nav_1.png
esentire-dot-com-assets.s3.amazonaws.com/assetsV4/Common/ 6 KB
7 KB 670ms
235ms Image
image/png 52.95.145.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://esentire-dot-com-assets.s3.amazonaws.com/assetsV4/Common/mdr_nav_1.png
Requested by: Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.95.145.115 Montreal, Canada, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-w.ca-central-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 059056575901aa7a59d7873b94ea1a173fca5cd4f716e802188507ba9cf87075

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 19:37:16 GMT
x-amz-version-id: 9DH8p1EmU4QiSTUD1rI6.VRI1nMbMXBE
Last-Modified: Wed, 19 Jun 2024 15:41:29 GMT
Server: AmazonS3
x-amz-request-id: 0EDRP7WEYPJN31M1
ETag: "aab205f16dc5c31a332797af14383a22"
x-amz-server-side-encryption: AES256
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 6378
x-amz-id-2: u0+7omAXcOPqFQXeRXRNyLeuhk7mSbSZZSJamG5BMhwzWQdlU9k4B8CkjismFkO95V5NOAYhgKw=

GET
H/1.1 200
OK dfir_nav_1.png
esentire-dot-com-assets.s3.amazonaws.com/assetsV4/Common/ 8 KB
8 KB 667ms
232ms Image
image/png 52.95.145.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://esentire-dot-com-assets.s3.amazonaws.com/assetsV4/Common/dfir_nav_1.png
Requested by: Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.95.145.115 Montreal, Canada, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-w.ca-central-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 292d424d2f2b6cacac6680fa03279e7344085e0b7af46102b8792357837f7d1c

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 19:37:16 GMT
x-amz-version-id: pRO2_x5tq58HAgXSJTezEnueBMF6tWYu
Last-Modified: Wed, 19 Jun 2024 16:51:18 GMT
Server: AmazonS3
x-amz-request-id: 0EDW2M4CJQ07D6D7
ETag: "2ea5ff8b1cb1a2c21d1332e4da0f2a19"
x-amz-server-side-encryption: AES256
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 7969
x-amz-id-2: uCRresqo8OKFeHmuCVUNWN89XD3/+KL51AHecVGB93n2IBGlzwT1j/cjDfV8fm1R1VR8JYF+LuM=

GET
H/1.1 200
OK exposure_nav_1.png
esentire-dot-com-assets.s3.amazonaws.com/assetsV4/Common/ 8 KB
8 KB 234ms
229ms Image
image/png 52.95.145.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://esentire-dot-com-assets.s3.amazonaws.com/assetsV4/Common/exposure_nav_1.png
Requested by: Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.95.145.115 Montreal, Canada, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-w.ca-central-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 394458008b8fadfc2ad3c2a30a423b2a0b266571021b1994b114be3fc76f5173

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 19:37:17 GMT
x-amz-version-id: eJESwbEvw8z6lGLQ92vkj1lllj8eruVv
Last-Modified: Wed, 19 Jun 2024 16:51:19 GMT
Server: AmazonS3
x-amz-request-id: F95VX195EVHCFSXA
ETag: "33667c79cca845be7ce5742429361825"
x-amz-server-side-encryption: AES256
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 8179
x-amz-id-2: A5KUr/Wuj0OhVcEm9a8whH8YM2HLBjn2SKklDwan6JZAO4KeVCN9z1aKxiIn5ZP4/18rCt/W/Ms=

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 326 KB
106 KB 410ms
145ms Script
application/javascript 172.217.16.136
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-57Z6ZWR

Requested by

Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.136 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f136.1e100.net

Software

Google Tag Manager /

Resource Hash

b74576b08d40570a2488e01ce6a5cdc4731dfa5fbee19ed3ec319b516a76ae28

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.esentire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:16 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 108138
x-xss-protection: 0
last-modified: Mon, 05 Aug 2024 18:02:26 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 05 Aug 2024 19:37:16 GMT

GET
H3 200 3k8XsFBkOniCq5dTRwpV Show response
ws.zoominfo.com/pixel/ 0
648 B 398ms
269ms Script
text/javascript 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/3k8XsFBkOniCq5dTRwpV

Requested by

Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.esentire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:16 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: Express
content-type: text/javascript
access-control-allow-origin: *
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
content-length: 0
cf-ray: 8ae93da4ef66bb49-FRA
alt-svc: h3=":443"; ma=86400

GET
H/1.1 200
OK Quartet-of-Trouble-Picture1.png
esentire-dot-com-assets.s3.amazonaws.com/assetsV3/Blog/Blog-Images/ 1017 KB
1018 KB 239ms
225ms Image
image/png 52.95.145.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://esentire-dot-com-assets.s3.amazonaws.com/assetsV3/Blog/Blog-Images/Quartet-of-Trouble-Picture1.png
Requested by: Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.95.145.115 Montreal, Canada, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-w.ca-central-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 7ce288cb12412b17e31bf9dbdd079fb1c268f40242af385c6cc66ec040ed959f

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 19:37:17 GMT
x-amz-version-id: gBJTPC_UXAMTvkA90BlHIcsez.5h0QbD
Last-Modified: Thu, 01 Aug 2024 03:09:10 GMT
Server: AmazonS3
x-amz-request-id: F95G3YB7SNR0X1EH
ETag: "1a9972128d06245f2c2797e2e6f97567"
x-amz-server-side-encryption: AES256
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 1041863
x-amz-id-2: wh4n/hBsuC4jdawx7/lyl9fR8MIJeFpoYuhkZu2oDiE3SGxHHvBit5cjZ61LwQ9YmiAErh3G7/Y=

GET
H/1.1 200
OK Quartet-of-Trouble-Picture2.png
esentire-dot-com-assets.s3.amazonaws.com/assetsV3/Blog/Blog-Images/ 1 MB
1 MB 464ms
222ms Image
image/png 52.95.145.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://esentire-dot-com-assets.s3.amazonaws.com/assetsV3/Blog/Blog-Images/Quartet-of-Trouble-Picture2.png
Requested by: Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.95.145.115 Montreal, Canada, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-w.ca-central-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 4fa1c8c5dc4b5fd94585efbdfb9e1e4d824afaad10cfd224d484ff14ae9026ab

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 19:37:17 GMT
x-amz-version-id: GyMHlRudKcfdCMMoEgMizrKmE4zwpsIG
Last-Modified: Thu, 01 Aug 2024 03:09:08 GMT
Server: AmazonS3
x-amz-request-id: F95TJWR43PVMTE0A
ETag: "c389a16d41780290a8b30c3a1256ca4b"
x-amz-server-side-encryption: AES256
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 1285425
x-amz-id-2: zceon3cHqhCGSnJJyeQg74xqtyYfuOpEahWD0m5vHDTY96/wZ6zp49LciHUd2y4cCiRVkD7e6nE=

GET
H/1.1 200
OK Quartet-of-Trouble-Picture3.png
esentire-dot-com-assets.s3.amazonaws.com/assetsV3/Blog/Blog-Images/ 714 KB
715 KB 642ms
230ms Image
image/png 52.95.145.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://esentire-dot-com-assets.s3.amazonaws.com/assetsV3/Blog/Blog-Images/Quartet-of-Trouble-Picture3.png
Requested by: Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.95.145.115 Montreal, Canada, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-w.ca-central-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: a1067898b4df6ddd82f808a67b4f27c03cedb847ae187393c28cd36c0c3d4433

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 19:37:17 GMT
x-amz-version-id: zsEg255NU8EFeUhjTlkywI9BA_SwPrVN
Last-Modified: Thu, 01 Aug 2024 03:09:06 GMT
Server: AmazonS3
x-amz-request-id: F95S2ERN4W0EQ8SA
ETag: "4da0c5839bf7e31dc91031dcd29637ca"
x-amz-server-side-encryption: AES256
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 731538
x-amz-id-2: IHyXmDQ+RAOl5xpHxyjY2VCCgdfp1I3xQQ2YH9xSC0gs/gOl6NwWn1JBomNm+r/3zkebRQMXsD0=

GET
H/1.1 200
OK Quartet-of-Trouble-Picture4.png
esentire-dot-com-assets.s3.amazonaws.com/assetsV3/Blog/Blog-Images/ 554 KB
555 KB 660ms
234ms Image
image/png 52.95.145.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://esentire-dot-com-assets.s3.amazonaws.com/assetsV3/Blog/Blog-Images/Quartet-of-Trouble-Picture4.png
Requested by: Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.95.145.115 Montreal, Canada, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-w.ca-central-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 289c13897ae28c85b0f62569e5e4e91d473784d7a2dae6cb120ad0669648a22d

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 19:37:17 GMT
x-amz-version-id: 3pfK4EMTaUbBu2RZSq.NBN_U8JUXeO.X
Last-Modified: Thu, 01 Aug 2024 03:09:05 GMT
Server: AmazonS3
x-amz-request-id: F95NZHR0Z703PB9H
ETag: "3eda3eb031e0649c02e970828deef259"
x-amz-server-side-encryption: AES256
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 567706
x-amz-id-2: x+IJ63s7uFHuC75xeGdIs7fnm8ykSN0y61mLLLpRkhQ18R593K5uSbOkDtFokflsJ7NONwBXfjw=

GET
H/1.1 200
OK Quartet-of-Trouble-Picture5.png
esentire-dot-com-assets.s3.amazonaws.com/assetsV3/Blog/Blog-Images/ 353 KB
353 KB 656ms
241ms Image
image/png 52.95.145.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://esentire-dot-com-assets.s3.amazonaws.com/assetsV3/Blog/Blog-Images/Quartet-of-Trouble-Picture5.png
Requested by: Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.95.145.115 Montreal, Canada, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-w.ca-central-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 3f389a407a87fd2623fce11abfdc07c6a18d4d39952e7e6e73de5b97abda5a9b

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 19:37:17 GMT
x-amz-version-id: 1v5HpQcDvGaqDEyWVI_M886ocAFX2seC
Last-Modified: Thu, 01 Aug 2024 03:09:04 GMT
Server: AmazonS3
x-amz-request-id: F95Z76PX0NCFKWKQ
ETag: "7c302f514523c6cb07f0371bbe3675ea"
x-amz-server-side-encryption: AES256
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 361287
x-amz-id-2: hkEVoIESJtwdwAD8kRCww9vk6+b+u3Brdi6RO0AN3UbtrWILhhaFgnDUanUs8/LFklhz8+CaA+k=

GET
H/1.1 200
OK Quartet-of-Trouble-Picture6.png
esentire-dot-com-assets.s3.amazonaws.com/assetsV3/Blog/Blog-Images/ 544 KB
544 KB 264ms
232ms Image
image/png 52.95.145.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://esentire-dot-com-assets.s3.amazonaws.com/assetsV3/Blog/Blog-Images/Quartet-of-Trouble-Picture6.png
Requested by: Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.95.145.115 Montreal, Canada, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-w.ca-central-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 757f3155c93f2a631151c76d062ce293b55ba1182ea115c7a621c1fc55f3e816

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 19:37:17 GMT
x-amz-version-id: Cxmna_Hh1u2rv1c2VKoPSCoxMqYNqY9Q
Last-Modified: Thu, 01 Aug 2024 03:09:02 GMT
Server: AmazonS3
x-amz-request-id: F95JF31M9D19X4ME
ETag: "d7601f3213527eb4f2ac1bf3c8bcd3df"
x-amz-server-side-encryption: AES256
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 556844
x-amz-id-2: Pha7BFK9BxN1DwTv38mmNvRs/mWONMwey2WEDNY33qym5t5ej9WQcSPT9PAo0FkIMd/2tQbZtGU=

GET
H/1.1 200
OK TI_emblem_blog_2022-03-18-204335.svg
esentire-dot-com-assets.s3.amazonaws.com/assets/userphotos/ 4 KB
4 KB 229ms
228ms Image
image/svg+xml 52.95.145.115
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://esentire-dot-com-assets.s3.amazonaws.com/assets/userphotos/TI_emblem_blog_2022-03-18-204335.svg
Requested by: Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.95.145.115 Montreal, Canada, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-w.ca-central-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: c011e83e468fbf6f59a51ff6c351790af7825b2b9d534d63db70315a76ddd60f

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 19:37:18 GMT
x-amz-version-id: null
Last-Modified: Fri, 18 Mar 2022 20:43:37 GMT
Server: AmazonS3
x-amz-request-id: 9AJ1FF609V5TKNZ4
ETag: "6b3c9d6a151bbdc8152a5f92e44fd362"
Content-Type: image/svg+xml
Accept-Ranges: bytes
Content-Length: 4050
x-amz-id-2: QN4k4MYDfRXR99ffHo/aME90fhOjVrA74Bc9bRSN56vQ3OgUvi7i2/CQem3xpGRht7ZYkwbz4l8=

GET
H/1.1 200
OK read_latest_blog_img_536x302_1.png
s3.ca-central-1.amazonaws.com/esentire-dot-com-assets/assetsV4/Blog/ 371 KB
372 KB 669ms
237ms Image
image/png 52.95.146.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.ca-central-1.amazonaws.com/esentire-dot-com-assets/assetsV4/Blog/read_latest_blog_img_536x302_1.png
Requested by: Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.95.146.233 Montreal, Canada, ASN16509 (AMAZON-02, US),
Reverse DNS: s3.ca-central-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: b66965d52d8f65eb6e2d498799406c3b22bca8aa8db97c2fbe44779232311cb2

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 19:37:17 GMT
x-amz-version-id: null
Last-Modified: Tue, 22 Aug 2023 19:16:42 GMT
Server: AmazonS3
x-amz-request-id: F95PPQEAVMJMF1SW
ETag: "6dcaff31edfd0bd0ea1e3e0b8f3762d0"
x-amz-server-side-encryption: AES256
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 380224
x-amz-id-2: v9e9OLzkgywekSpL1FiXaaHs/DfaN1QUxY9osdoruyJ490a/vmHoo5/xmeEDr0twzr+EZiJEGFM=

GET
H/1.1 200
OK read_latest_blog_img_536x302_2.png
s3.ca-central-1.amazonaws.com/esentire-dot-com-assets/assetsV4/Blog/ 370 KB
371 KB 717ms
223ms Image
image/png 52.95.146.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.ca-central-1.amazonaws.com/esentire-dot-com-assets/assetsV4/Blog/read_latest_blog_img_536x302_2.png
Requested by: Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.95.146.233 Montreal, Canada, ASN16509 (AMAZON-02, US),
Reverse DNS: s3.ca-central-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 4405b521bec90d058c7b0c1a50688e4c3ef7164d5fdf0100ff9ce2cc959b75a9

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 19:37:17 GMT
x-amz-version-id: null
Last-Modified: Tue, 22 Aug 2023 19:16:44 GMT
Server: AmazonS3
x-amz-request-id: F95JM0QFSHZCXXC0
ETag: "210ba7549faa86981e4e975de8969f09"
x-amz-server-side-encryption: AES256
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 379155
x-amz-id-2: +88OgySZFnKYo2imA9NQnAH3ZuaooacevjXY3RoZ7uyTkSv2fhZRNZQyLQPqQjPSGZ3w5hWGCvk=

GET
H/1.1 200
OK read_latest_blog_img_536x302_3.png
s3.ca-central-1.amazonaws.com/esentire-dot-com-assets/assetsV4/Blog/ 57 KB
58 KB 652ms
236ms Image
image/png 52.95.146.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.ca-central-1.amazonaws.com/esentire-dot-com-assets/assetsV4/Blog/read_latest_blog_img_536x302_3.png
Requested by: Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.95.146.233 Montreal, Canada, ASN16509 (AMAZON-02, US),
Reverse DNS: s3.ca-central-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: db07014834ec4835789ae74999d34c1e3b0a801ddd5d46934b19be874e201cf4

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 19:37:17 GMT
x-amz-version-id: null
Last-Modified: Tue, 22 Aug 2023 19:16:46 GMT
Server: AmazonS3
x-amz-request-id: F95MDM0JCWFZNRQG
ETag: "e00e0d8657042f56be754e4c10c3b3ea"
x-amz-server-side-encryption: AES256
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 58608
x-amz-id-2: pnLkzFzQz8pTymkHd5+kRJ/56AaMy8anHvyqFo8WA76JQ3ZFaeYaiPfj0KUT1n+xBjh7Rp/2nIE=

GET
H2 200 main.js Show response
www.esentire.com/ 681 KB
168 KB 144ms
131ms Script
application/javascript 104.20.162.46
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.esentire.com/main.js?v=4.9.61

Requested by

Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.162.46 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7075befd3bf43d8abf3cdc002ecef678a8f0b77bf271d77e84ff5a759e0d3603

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000
cf-cache-status: HIT
age: 323415
x-xss-protection: 1; mode=block
last-modified: Thu, 01 Aug 2024 22:25:41 GMT
server: cloudflare
etag: "aa369-61ea6b0dde340-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=2592000, public
permissions-policy: geolocation=(), midi=(),sync-xhr=(),accelerometer=(), gyroscope=(), magnetometer=(), camera=(), fullscreen=(self)
cf-ray: 8ae93da42d18923b-FRA

GET
H2 200 style.js Show response
www.esentire.com/ 4 KB
1 KB 143ms
131ms Script
application/javascript 104.20.162.46
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.esentire.com/style.js

Requested by

Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.20.162.46 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

89341264b13866dd5f3546ed87a7bc9838ece80bb1aff0f36e08635e61b4da56

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:16 GMT
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=15552000
cf-cache-status: HIT
age: 323415
content-length: 1119
x-xss-protection: 1; mode=block
last-modified: Thu, 01 Aug 2024 22:25:41 GMT
server: cloudflare
etag: "f1b-61ea6b0dde340-gzip"
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=2592000, public
permissions-policy: geolocation=(), midi=(),sync-xhr=(),accelerometer=(), gyroscope=(), magnetometer=(), camera=(), fullscreen=(self)
accept-ranges: bytes
cf-ray: 8ae93da42d1a923b-FRA

GET
H2 200 aos.js Show response
unpkg.com/aos@2.3.1/dist/ 14 KB
6 KB 159ms
147ms Script
application/javascript 104.17.248.203
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/aos@2.3.1/dist/aos.js

Requested by

Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.17.248.203 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f268612ba59ead1b24353bb77d66783bcc435aff1c22be5f93c40bac3869968e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:16 GMT
content-encoding: gzip
via: 1.1 fly.io
cf-cache-status: HIT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 12533830
last-modified: Thu, 17 May 2018 22:11:13 GMT
fly-request-id: 01HRWFHAF8SKKDG260QG5VXNSB-fra
server: cloudflare
etag: "379f-cNv9OKDx/DsafZ+tq1h4ZITDTxc"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8ae93da42d9291de-FRA

GET
H2 200 p.css
p.typekit.net/ 5 B
173 B 381ms
124ms Stylesheet
text/css 184.24.77.154
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=bji2rhx&ht=tk&f=9785.9786.9787.9788.9791.9792.9793.9794.10884.32874&a=5128113&app=typekit&e=css
Requested by: Host: www.esentire.com
URL: https://www.esentire.com/style.css?v=4.9.61
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.24.77.154 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a184-24-77-154.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

Referer: https://www.esentire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:16 GMT
last-modified: Sun, 19 May 2024 12:57:48 GMT
server: nginx
etag: "6649f74c-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET
H2 200 p.css
p.typekit.net/ 5 B
173 B 285ms
121ms Stylesheet
text/css 184.24.77.154
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=evh1ctd&ht=tk&f=139.171.173.175.5474.32231&a=4193844&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/evh1ctd.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.24.77.154 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a184-24-77-154.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

Referer: https://use.typekit.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:16 GMT
last-modified: Sun, 19 May 2024 12:57:48 GMT
server: nginx
etag: "6649f74c-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET
H2 200 p.css
p.typekit.net/ 5 B
173 B 282ms
126ms Stylesheet
text/css 184.24.77.154
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=amm2djb&ht=tk&f=39884.39885.39886.39887.39888.39889.39890.39891.39893.39900.39901.39906.39907.39909&a=87474164&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/amm2djb.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.24.77.154 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a184-24-77-154.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

Referer: https://use.typekit.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:16 GMT
last-modified: Sun, 19 May 2024 12:57:48 GMT
server: nginx
etag: "6649f74c-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET
H2 200 j.php Show response
dev.visualwebsiteoptimizer.com/ 20 KB
7 KB 343ms
186ms Script
application/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/j.php?a=780243&u=https%3A%2F%2Fwww.esentire.com%2Fblog%2Fquartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare&vn=2
Requested by: Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gbel2 /
Resource Hash: c6b658ab894865d35f9c3438e51ec5750f07daee297421f172167a570293315a

Request headers

Referer: https://www.esentire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:16 GMT
content-encoding: gzip
via: 1.1 google
server: gbel2
etag: W/"1722604683_EA"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=0, no-cache, must-revalidate
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H/1.1 200
OK 27fwyb Show response
mdr.esentire.com/l/651833/2022-10-12/ Frame B42B 27 KB
6 KB 931ms
500ms Document
text/html 3.92.120.28
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://mdr.esentire.com/l/651833/2022-10-12/27fwyb?ScoringCateogry=TRU%20Interest
Requested by: Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 3.92.120.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-92-120-28.compute-1.amazonaws.com
Software: /
Resource Hash: 751a6a8b2923d6438a1db74bda221eef2696cb48a2dda6f5fbeeddef82e9bd2b

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Connection: keep-alive
Content-Length: 5568
Content-Type: text/html; charset=utf-8
Date: Mon, 05 Aug 2024 19:37:16 GMT
X-Pardot-Route: e8229a0ff18ebffc83a98010d2521dd5
cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
expires: Thu, 19 Nov 1981 08:52:00 GMT
p3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
pragma: no-cache
vary: Accept-Encoding,User-Agent
x-pardot-rsp: 0/0/1

GET
H/1.1 200
OK 2pz6mw Show response
mdr.esentire.com/l/651833/2023-08-01/ Frame 8937 27 KB
6 KB 934ms
506ms Document
text/html 3.92.120.28
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://mdr.esentire.com/l/651833/2023-08-01/2pz6mw
Requested by: Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 3.92.120.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-92-120-28.compute-1.amazonaws.com
Software: /
Resource Hash: 330c47e7ebe6607060f82766dbe9f4781412a77c9c843b71ca42dfcf5fb254b3

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Connection: keep-alive
Content-Length: 5782
Content-Type: text/html; charset=utf-8
Date: Mon, 05 Aug 2024 19:37:16 GMT
X-Pardot-Route: e8229a0ff18ebffc83a98010d2521dd5
cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
expires: Thu, 19 Nov 1981 08:52:00 GMT
p3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
pragma: no-cache
vary: Accept-Encoding,User-Agent
x-pardot-canary: true
x-pardot-rsp: 0/0/1

GET
H/1.1 200
OK esentire-blog-article-hero-bg-img.jpg
s3.ca-central-1.amazonaws.com/esentire-dot-com-assets/assetsV4/Common/Blog/ 124 KB
125 KB 577ms
233ms Image
image/jpeg 52.95.146.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.ca-central-1.amazonaws.com/esentire-dot-com-assets/assetsV4/Common/Blog/esentire-blog-article-hero-bg-img.jpg
Requested by: Host: www.esentire.com
URL: https://www.esentire.com/style.css?v=4.9.61
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.95.146.233 Montreal, Canada, ASN16509 (AMAZON-02, US),
Reverse DNS: s3.ca-central-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: e1dba500bdcaeebd215a440a2652d2ea1672f49ef51b502b8c0049ef3999e101

Request headers

Referer: https://www.esentire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 19:37:17 GMT
x-amz-version-id: null
Last-Modified: Sat, 01 Jul 2023 14:21:52 GMT
Server: AmazonS3
x-amz-request-id: F95ZXP74HDA83CFG
ETag: "e41dab96eba47e73ae1d43d27f727d1e"
x-amz-server-side-encryption: AES256
Content-Type: image/jpeg
Accept-Ranges: bytes
Content-Length: 127279
x-amz-id-2: MWGQOcAIlFd2u7aFyhLGvqcUUbgrg/Rrmuo7j79/zQ6UO15M9nNZC/Qd8RCz9Rpvb38GjS+b4bQ=

GET
DATA 200
OK truncated
/ 204 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 0296082ec0c6091c6fa321c8bbbed527b451d01700da4da260393ae4c1254e0c

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml;charset=utf-8

GET
H/1.1 200
OK blog_main_recommended_dark_1920x1304.png
s3.ca-central-1.amazonaws.com/esentire-dot-com-assets/assetsV4/Blog/ 285 KB
286 KB 594ms
225ms Image
image/png 52.95.146.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.ca-central-1.amazonaws.com/esentire-dot-com-assets/assetsV4/Blog/blog_main_recommended_dark_1920x1304.png
Requested by: Host: www.esentire.com
URL: https://www.esentire.com/style.css?v=4.9.61
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.95.146.233 Montreal, Canada, ASN16509 (AMAZON-02, US),
Reverse DNS: s3.ca-central-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 66bbf78e206bb2e53678c8b01fa159ec0901d9eadfd591bd9080e181b9ba6188

Request headers

Referer: https://www.esentire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 19:37:18 GMT
x-amz-version-id: null
Last-Modified: Tue, 25 Apr 2023 06:51:40 GMT
Server: AmazonS3
x-amz-request-id: 9AJAC5NW8RVPTHYJ
ETag: "e351ea7865f7cdb1db352629698435bb"
x-amz-server-side-encryption: AES256
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 292229
x-amz-id-2: JFF1865cZPbTt5bDy6aaoVoZJxhVvzUOkqxWvr0uZf5n3Qqv2KdGtscpxibPhiSXUS+U2wpa+Pc=

GET
H2 200 l
use.typekit.net/af/0626f2/000000000000000077359441/30/ 23 KB
24 KB 573ms
321ms Font
application/font-woff2 2.19.126.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/0626f2/000000000000000077359441/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/amm2djb.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.126.206 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-19-126-206.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: c72dec0cf8cadba7af0e75dab5638b76af4cb53e02c171c2ff68f45318caaae9

Request headers

Referer: https://use.typekit.net/amm2djb.css
Origin: https://www.esentire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:16 GMT
server: nginx
etag: "dd7ba2fabd12b224f191c0f337ced807f714d3d6"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 24060

GET
H2 200 l
use.typekit.net/af/f1c6f0/00000000000000007735945d/30/ 24 KB
24 KB 594ms
343ms Font
application/font-woff2 2.19.126.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/f1c6f0/00000000000000007735945d/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n6&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/amm2djb.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.126.206 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-19-126-206.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: c646c4f54d3d04ac4f7736f4d73811b55fdf8ce9c23fc2dab6ccad3e57263a67

Request headers

Referer: https://use.typekit.net/amm2djb.css
Origin: https://www.esentire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:16 GMT
server: nginx
etag: "13e17f614cf73490e08d945927ed77a5dceaba2a"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 24388

GET
H2 200 l
use.typekit.net/af/2c6c03/000000000000000077359463/30/ 24 KB
25 KB 453ms
202ms Font
application/font-woff2 2.19.126.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/2c6c03/000000000000000077359463/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/amm2djb.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.126.206 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-19-126-206.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: f9737651c97ca4327dd9d755ab8fd813bd504e8b7c975b7e1c63dcb154c1bc19

Request headers

Referer: https://use.typekit.net/amm2djb.css
Origin: https://www.esentire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:16 GMT
server: nginx
etag: "e3ec062323e4590b4b7846ed4c41ccffee56a2aa"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 24908

GET
H2 200 l
use.typekit.net/af/89996a/000000000000000077359445/30/ 22 KB
23 KB 373ms
123ms Font
application/font-woff2 2.19.126.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/89996a/000000000000000077359445/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/amm2djb.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.126.206 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-19-126-206.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 95a026ca9deb402ba2f984f169cab087ee00d5064f9d7554f946fe0807e662be

Request headers

Referer: https://use.typekit.net/amm2djb.css
Origin: https://www.esentire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:16 GMT
server: nginx
etag: "d3de06ff3edf13d0a437cfac23873ccf84d0f4b1"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 22892

GET
H2 200 l
use.typekit.net/af/e4377d/00000000000000003b9b48a0/27/ 25 KB
26 KB 491ms
241ms Font
application/font-woff2 2.19.126.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/e4377d/00000000000000003b9b48a0/27/l?fvd=n9&primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&v=3
Requested by: Host: www.esentire.com
URL: https://www.esentire.com/style.css?v=4.9.61
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.126.206 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-19-126-206.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 6c41f5ce80780db463e6bfea9383aee7428f003bfe49801275ddd3fc94712aa0

Request headers

Referer: https://www.esentire.com/
Origin: https://www.esentire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:16 GMT
server: nginx
etag: "2e9cfb1d54b2d6a0227370aa808d14a33d0eceb0"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 25984

GET
H2 200 l
use.typekit.net/af/53fac9/00000000000000007735946b/30/ 23 KB
23 KB 537ms
287ms Font
application/font-woff2 2.19.126.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/53fac9/00000000000000007735946b/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n8&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/amm2djb.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.126.206 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-19-126-206.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: a40bfa310302ae462972ce0c9a5ee7aed186843a740949c44cfe55b9e33e757b

Request headers

Referer: https://use.typekit.net/amm2djb.css
Origin: https://www.esentire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:16 GMT
server: nginx
etag: "4b4487143050a1f20bda646f47dc32b8d38e8339"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 23680

GET
H2 200 l
use.typekit.net/af/6eb20e/000000000000000077359422/30/ 25 KB
25 KB 536ms
286ms Font
application/font-woff2 2.19.126.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/6eb20e/000000000000000077359422/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/amm2djb.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.126.206 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-19-126-206.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 9bf513df0f079590770691276af121de4ae99f02b15c3d3fa46021aecc5c2a20

Request headers

Referer: https://use.typekit.net/amm2djb.css
Origin: https://www.esentire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:16 GMT
server: nginx
etag: "25ec39b00996b06f97d164a5bb4516fb45bb3d20"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 25152

GET
H3 200 ce788296-8259-4e39-bcae-56ddd5b7e767.js Show response
cdn.mouseflow.com/projects/ 194 KB
56 KB 294ms
152ms Script
application/javascript 104.18.26.50
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.mouseflow.com/projects/ce788296-8259-4e39-bcae-56ddd5b7e767.js

Requested by

Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.26.50 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

28ba48ed2e733a4c01ca9db5fe713acffcf36df68a29e1e8447bf19f7cb66692

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:17 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
x-mf-continent: AS
age: 226369
x-cache-status: MISS
alt-svc: h3=":443"; ma=86400
x-mf-script-region: non-enforced-privacy
x-mf-country: IL
last-modified: Wed, 31 Jul 2024 19:34:40 GMT
server: cloudflare
etag: W/"baa1c9af80e3da1:0"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=86400
cf-ray: 8ae93daaeebc8ecd-FRA
expires: Tue, 06 Aug 2024 19:37:17 GMT

GET
H3 200 va_gq-e71f51c3a3ac0e27ca417ebf56cf6f89br.js Show response
dev.visualwebsiteoptimizer.com/edrv/ 267 KB
69 KB 196ms
123ms Script
text/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/edrv/va_gq-e71f51c3a3ac0e27ca417ebf56cf6f89br.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=780243&u=https%3A%2F%2Fwww.esentire.com%2Fblog%2Fquartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare&vn=2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gbel2 /
Resource Hash: 300097ade377400d7750c77675d14ee24a9d3399b2415f45d39208e3c8af6eb7

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
Origin: https://www.esentire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:16 GMT
content-encoding: br
via: 1.1 google
last-modified: Fri, 02 Aug 2024 13:17:41 GMT
server: gbel2
etag: "66acdc75-11492"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 70802

GET
H3 200 nc-483987b46da5adb5ff8a6772f11a96edbr.js Show response
dev.visualwebsiteoptimizer.com/edrv/ 9 KB
3 KB 201ms
129ms Script
text/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/edrv/nc-483987b46da5adb5ff8a6772f11a96edbr.js
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/j.php?a=780243&u=https%3A%2F%2Fwww.esentire.com%2Fblog%2Fquartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare&vn=2
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gbel2 /
Resource Hash: 9a6fdf1e965fabfc04e21a3f795c4c59c550dd8d11a14d2755964f6d8f61aa74

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
Origin: https://www.esentire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:16 GMT
content-encoding: br
via: 1.1 google
last-modified: Fri, 02 Aug 2024 13:17:41 GMT
server: gbel2
etag: "66acdc75-cb9"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3257

GET
H2 200 v.gif
dev.visualwebsiteoptimizer.com/ 35 B
144 B 261ms
260ms Image
image/gif 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/v.gif?cd=0&a=780243&d=esentire.com&u=DC233C68943E2FE4AF34E45DC0325487E&h=40a91b7fb36c9947f25bde585643b710&t=false

Requested by

Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv03c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:16 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv03c
content-type: image/gif
access-control-allow-origin: *
cache-control: public, max-age=43200
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35

GET
BLOB 200
OK 505ec46b-89b5-4f62-9495-ec049c35c1c2
https://www.esentire.com/ 891 B
0 Other
application/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://www.esentire.com/505ec46b-89b5-4f62-9495-ec049c35c1c2
Requested by: Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ed1c2e73addf521868e19e127518321be3b0f84c2287363b5cab1e484a8c0dbc

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Length: 891
Content-Type: application/javascript

GET
H2 200 92169fb0-0d98-4c23-b691-2da2893257b1.js Show response
j.6sc.co/j/ 885 B
837 B 440ms
144ms Script
application/javascript 2.17.147.176
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://j.6sc.co/j/92169fb0-0d98-4c23-b691-2da2893257b1.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-57Z6ZWR
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.147.176 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-147-176.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: be5c1b590974d405894200d9807154391fca4bc7d0db1dcf4994252f69db403c

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id: xNg_FfBioe8BWBlPwLso62mH1YwsX1SZ
content-encoding: gzip
date: Mon, 05 Aug 2024 19:37:17 GMT
x-amz-cf-pop: PRG50-C1
x-amz-server-side-encryption: AES256
x-amz-meta-content-type: application/json
content-length: 457
last-modified: Mon, 15 Jan 2024 03:43:54 GMT
server: AmazonS3
etag: "1a802ea224537febfdd14a71f0d37293"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, max-age=1800
accept-ranges: bytes
x-amz-cf-id: 6A6yMoMLiKuqhEHLuwl_7KMd2P-k3MhTErQkAbiDKHiOzlmXXD1vuA==
expires: Mon, 05 Aug 2024 20:07:17 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 332 KB
107 KB 143ms
142ms Script
application/javascript 172.217.16.136
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-2XXPJCPHB7&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-57Z6ZWR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.136 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f136.1e100.net

Software

Google Tag Manager /

Resource Hash

1bc33dfafd19d93ca1b0dea61704b0ccecd258107e880ea11f7c5bd2d3e775eb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:16 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 109708
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Mon, 05 Aug 2024 19:37:16 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 393ms
122ms Script
application/javascript 2.21.20.144
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-57Z6ZWR

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.21.20.144 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-21-20-144.deploy.static.akamaitechnologies.com

Software

Resource Hash

cb31bb53eefec5a74b7e7271abd4e97e0735174d7d0b0dec0f2217462573d1f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sun, 28 Jul 2024 07:35:22 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=51866
accept-ranges: bytes
content-length: 14597

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 265 KB
91 KB 234ms
233ms Script
application/javascript 172.217.16.136
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=AW-478097890&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-57Z6ZWR

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.136 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

zrh04s06-in-f136.1e100.net

Software

Google Tag Manager /

Resource Hash

d1ca0e327b4eb9071a8eb5de96c0d8d05ae94d397bb6e70bc650107b7be1ec2a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:16 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 93167
x-xss-protection: 0
last-modified: Mon, 05 Aug 2024 18:02:26 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 05 Aug 2024 19:37:16 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 49 KB
14 KB 563ms
146ms Script
application/javascript 131.253.33.237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-57Z6ZWR

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

131.253.33.237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Mon, 05 Aug 2024 19:37:17 GMT
last-modified: Sat, 13 Jul 2024 20:42:16 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 772A5FF2CB8648788401A44D9956851D Ref B: LON212050702031 Ref C: 2024-08-05T19:37:17Z
etag: "044982565d5da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 14183

GET
H2 200 ys3mr8d6dw69.js Show response
js.driftt.com/include/1722886800000/ 221 KB
62 KB 610ms
352ms Script
application/javascript 18.245.86.77
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/include/1722886800000/ys3mr8d6dw69.js

Requested by

Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.77 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-77.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

889da033525190aa887d2361d6cb460c50e9b128e017c33f4499063aeaa73632

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:17 GMT
x-amz-version-id: y3tne.Y80za7KusdtSa.ECjRnvsUlRYa
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
via: 1.1 34f8e9435dea359238debf97e45feb10.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA60-P6
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-envoy-upstream-service-time: 38
last-modified: Wed, 24 Jul 2024 21:19:18 GMT
server: istio-envoy
etag: W/"a69573aefab19654390c860151e62853"
vary: Accept-Encoding
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
x-amz-cf-id: kCZ69h52sedubcdzTg5M0UX9QHnScZnOWNQzNyXOrFRg82uOVzgbww==

GET
H3 200 api.js Show response
www.google.com/recaptcha/ 1 KB
0 20ms
20ms Script
text/javascript 172.217.16.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-57Z6ZWR

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f196.1e100.net

Software

GSE /

Resource Hash

866395df337061d40f857b7b979240980f0ba715b3f34c86d8bb39134dd3029a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Mon, 05 Aug 2024 19:37:17 GMT

GET
H2 200 1985.js Show response
tracking.g2crowd.com/attribution_tracking/conversions/ 2 KB
2 KB 416ms
161ms Script
text/javascript 104.18.31.176
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://tracking.g2crowd.com/attribution_tracking/conversions/1985.js?p=https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare&e=

Requested by

Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.31.176 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b1411d4106395d0cb0db4107487b3a75bf127eba609783cdc8e814af2083c916

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:17 GMT
strict-transport-security: max-age=15552000; includeSubDomains
x-content-type-options: nosniff
content-encoding: br
x-permitted-cross-domain-policies: none
x-dns-prefetch-control: off
cross-origin-resource-policy: cross-origin
content-disposition: inline
x-xss-protection: 0
referrer-policy: no-referrer
server: cloudflare
cross-origin-opener-policy: same-origin
x-download-options: noopen
vary: Origin, Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/javascript;charset=UTF-8
access-control-allow-origin: *
origin-agent-cluster: ?1
cf-ray: 8ae93dae89ec92b7-FRA

GET
H2 200 Bootstrap.js Show response
nexus.ensighten.com/choozle/17616/ 29 KB
10 KB 396ms
139ms Script
application/javascript 65.9.66.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/choozle/17616/Bootstrap.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-57Z6ZWR
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-103.fra56.r.cloudfront.net
Software: CloudFront /
Resource Hash: 6f411aac2d2328d466581151e547f217f1fdd692964a65bb677e4977a476d786

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sun, 17 Dec 2023 01:08:44 GMT
x-amz-version-id: Q0b8fDJRoal0UPtaJzego52wLAwbGO1Z
content-encoding: br
via: 1.1 106758604a7f1ae0fa6678cd3d828d62.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-C1
age: 20111314
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Sun, 29 Oct 2023 16:53:04 GMT
server: CloudFront
etag: W/"1685a4748ac201242013e1a28f1a8a2d"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=300
x-amz-cf-id: 1vctQ-D4oDSde5Gb6n4Vm7uOCT9YJDe1hliommKFGOCdF8bQ6c04sw==

GET
H3 200 s.gif
dev.visualwebsiteoptimizer.com/ 35 B
53 B 208ms
208ms Image
image/gif 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dev.visualwebsiteoptimizer.com/s.gif?account_id=780243&u=DC233C68943E2FE4AF34E45DC0325487E&s=1722886636&ed=%7B%22sr%22%3A%221600x1200%22%2C%22sc%22%3A24%2C%22de%22%3A%22UTF-8%22%2C%22ul%22%3A%22he-il%22%2C%22r%22%3A%22%22%2C%22lt%22%3A1722886636921%2C%22tO%22%3A-3%2C%22tz%22%3A%22Asia%2FJerusalem%22%7D&cu=https%3A%2F%2Fwww.esentire.com%2Fblog%2Fquartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare&r=0&p=1&cq=0&vn=undefined&vns=undefined&vno=undefined&eTime=1722886636948&v=9ed9a9027

Requested by

Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare

Protocol

Security

QUIC, , AES_128_GCM

Server

34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

137.102.96.34.bc.googleusercontent.com

Software

gnv03c /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Aug 2024 19:37:16 GMT
via: 1.1 google
x-content-type-options: nosniff
server: gnv03c
content-type: image/gif
access-control-allow-origin: *
cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
expires: Mon, 10 Jan 2005 00:00:01 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
0 338ms
122ms Fetch
text/plain 216.239.38.181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-2XXPJCPHB7&gtm=45je47v0v895821412z8813556160za200zb813556160&_p=1722886635443&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=95250752&cid=158771616.1722886637&ul=he-il&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=Ag&_s=1&sid=1722886637&sct=1&seg=0&dl=https%3A%2F%2Fwww.esentire.com%2Fblog%2Fquartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare&dt=eSentire%20%7C%20Quartet%20of%20Trouble%3A%20XWorm%2C%20AsyncRAT%2C%20VenomRAT%2C%20and%E2%80%A6&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2938
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-2XXPJCPHB7&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.38.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Aug 2024 19:37:17 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.esentire.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
255 B 382ms
123ms Ping
text/plain 173.194.76.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-2XXPJCPHB7&cid=158771616.1722886637&gtm=45je47v0v895821412z8813556160za200zb813556160&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0&tag_exp=95250752
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-2XXPJCPHB7&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 173.194.76.155 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: ws-in-f155.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Aug 2024 19:37:17 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.esentire.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.co.il/ads/ 42 B
408 B 431ms
167ms Image
image/gif 142.250.185.227
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.il/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-2XXPJCPHB7&cid=158771616.1722886637&gtm=45je47v0v895821412z8813556160za200zb813556160&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0&tag_exp=95250752&tag_exp=95250752&z=1864688708

Requested by

Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Aug 2024 19:37:17 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 lll4sbn.css
use.typekit.net/ Frame B42B 4 KB
987 B 143ms
141ms Stylesheet
text/css 2.19.126.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://use.typekit.net/lll4sbn.css

Requested by

Host: mdr.esentire.com
URL: https://mdr.esentire.com/l/651833/2022-10-12/27fwyb?ScoringCateogry=TRU%20Interest

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.19.126.206 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-19-126-206.deploy.static.akamaitechnologies.com

Software

nginx /

Resource Hash

45858a52f9f6000b2db5d0c51be6d7b77eb000774da14a7ed9d1f64953314bea

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains;

Request headers

Referer: https://mdr.esentire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains;
content-encoding: gzip
date: Mon, 05 Aug 2024 19:37:17 GMT
server: nginx
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 764

GET
H/1.1 200
OK piUtils.js Show response
mdr.esentire.com/js/ Frame B42B 343 KB
100 KB 342ms
341ms Script
application/javascript 3.92.120.28
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://mdr.esentire.com/js/piUtils.js?ver=2021-09-20
Requested by: Host: mdr.esentire.com
URL: https://mdr.esentire.com/l/651833/2022-10-12/27fwyb?ScoringCateogry=TRU%20Interest
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 3.92.120.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-92-120-28.compute-1.amazonaws.com
Software: /
Resource Hash: 87fbc6477d07c0b9eb56d8839da504fcaf1cdbb8bec3e7f6581cfe92f4abdfce

Request headers

Referer: https://mdr.esentire.com/l/651833/2022-10-12/27fwyb?ScoringCateogry=TRU%20Interest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 19:37:17 GMT
content-encoding: gzip
X-Pardot-Route: e8229a0ff18ebffc83a98010d2521dd5
last-modified: Mon, 05 Aug 2024 14:44:41 GMT
etag: "55cc5-gzip"
Transfer-Encoding: chunked
vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
cache-control: max-age=63072000
Connection: keep-alive
accept-ranges: bytes
expires: Wed, 05 Aug 2026 19:37:17 GMT

GET
H3 200 api.js Show response
www.google.com/recaptcha/ Frame B42B 1 KB
963 B 387ms
135ms Script
text/javascript 172.217.16.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: mdr.esentire.com
URL: https://mdr.esentire.com/l/651833/2022-10-12/27fwyb?ScoringCateogry=TRU%20Interest

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f196.1e100.net

Software

GSE /

Resource Hash

866395df337061d40f857b7b979240980f0ba715b3f34c86d8bb39134dd3029a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mdr.esentire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Mon, 05 Aug 2024 19:37:17 GMT

GET
H2 200 evh1ctd.css
use.typekit.net/ Frame 8937 5 KB
0 1ms
1ms Stylesheet
text/css 2.19.126.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/evh1ctd.css
Requested by: Host: mdr.esentire.com
URL: https://mdr.esentire.com/l/651833/2023-08-01/2pz6mw
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.126.206 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-19-126-206.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: f744aac8deccee35ee463043ea3290200814752b40315b995447bf21628bc8a4

Request headers

Referer: https://mdr.esentire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:15 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 824

GET
H2 200 amm2djb.css
use.typekit.net/ Frame 8937 10 KB
0 1ms
1ms Stylesheet
text/css 2.19.126.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/amm2djb.css
Requested by: Host: mdr.esentire.com
URL: https://mdr.esentire.com/l/651833/2023-08-01/2pz6mw
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.126.206 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-19-126-206.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: f4e9b4fbd7414d4edc46952b383c63b8ffee6f8ac0570e437878b25096501019

Request headers

Referer: https://mdr.esentire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:15 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: text/css;charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 1141

GET
H/1.1 200
OK piUtils.js Show response
mdr.esentire.com/js/ Frame 8937 343 KB
0 328ms
328ms Script
application/javascript 3.92.120.28
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://mdr.esentire.com/js/piUtils.js?ver=2021-09-20
Requested by: Host: mdr.esentire.com
URL: https://mdr.esentire.com/l/651833/2023-08-01/2pz6mw
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 3.92.120.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-92-120-28.compute-1.amazonaws.com
Software: /
Resource Hash: 87fbc6477d07c0b9eb56d8839da504fcaf1cdbb8bec3e7f6581cfe92f4abdfce

Request headers

Referer: https://mdr.esentire.com/l/651833/2023-08-01/2pz6mw
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 19:37:17 GMT
content-encoding: gzip
X-Pardot-Route: e8229a0ff18ebffc83a98010d2521dd5
last-modified: Mon, 05 Aug 2024 14:44:41 GMT
etag: "55cc5-gzip"
vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
cache-control: max-age=63072000
accept-ranges: bytes
expires: Wed, 05 Aug 2026 19:37:17 GMT

GET
H3 200 api.js Show response
www.google.com/recaptcha/ Frame 8937 1 KB
0 372ms
372ms Script
text/javascript 172.217.16.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api.js

Requested by

Host: mdr.esentire.com
URL: https://mdr.esentire.com/l/651833/2023-08-01/2pz6mw

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f196.1e100.net

Software

GSE /

Resource Hash

866395df337061d40f857b7b979240980f0ba715b3f34c86d8bb39134dd3029a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mdr.esentire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
server: GSE
x-frame-options: SAMEORIGIN
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: Mon, 05 Aug 2024 19:37:17 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/478097890/ 4 KB
1 KB 433ms
169ms Script
text/javascript 142.250.185.66
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/478097890/?random=1722886637199&cv=11&fst=1722886637199&bg=ffffff&guid=ON&async=1&gtm=45be47v0v899675426z8813556160za201zb813556160&gcd=13l3l3l3l1&dma=0&tag_exp=95250753&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.esentire.com%2Fblog%2Fquartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare&hn=www.googleadservices.com&frm=0&tiba=eSentire%20%7C%20Quartet%20of%20Trouble%3A%20XWorm%2C%20AsyncRAT%2C%20VenomRAT%2C%20and%E2%80%A6&userId=%5Bobject%20Object%5D&npa=0&pscdl=noapi&auid=833261723.1722886637&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=AW-478097890&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.66 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s48-in-f2.1e100.net

Software

cafe /

Resource Hash

37cbebd9da48cf99078f85641f9d3c51d6bb6b40b310646586fd2e34d40930cd

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Aug 2024 19:37:17 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1498
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 settings.js Show response
dev.visualwebsiteoptimizer.com/ 10 KB
4 KB 147ms
146ms Script
application/javascript 34.96.102.137
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://dev.visualwebsiteoptimizer.com/settings.js?a=780243&settings_type=1&vn=&eventArch=1&uuid=&ec=1166744&exc=37
Requested by: Host: dev.visualwebsiteoptimizer.com
URL: https://dev.visualwebsiteoptimizer.com/edrv/va_gq-e71f51c3a3ac0e27ca417ebf56cf6f89br.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.96.102.137 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 137.102.96.34.bc.googleusercontent.com
Software: gbel2 /
Resource Hash: 4a08b73a28eaff4ad179207dfe6aff8bd4f89dd2e1522eaac42211af81dfcf33

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:17 GMT
content-encoding: gzip
via: 1.1 google
server: gbel2
etag: W/"1722604683_EA"
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=0, no-cache, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000

GET
H2 200 p.css
p.typekit.net/ Frame 8937 5 B
0 1ms
1ms Stylesheet
text/css 184.24.77.154
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=evh1ctd&ht=tk&f=139.171.173.175.5474.32231&a=4193844&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/evh1ctd.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.24.77.154 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a184-24-77-154.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

Referer: https://use.typekit.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:16 GMT
last-modified: Sun, 19 May 2024 12:57:48 GMT
server: nginx
etag: "6649f74c-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET
H2 200 p.css
p.typekit.net/ Frame 8937 5 B
0 1ms
1ms Stylesheet
text/css 184.24.77.154
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=amm2djb&ht=tk&f=39884.39885.39886.39887.39888.39889.39890.39891.39893.39900.39901.39906.39907.39909&a=87474164&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/amm2djb.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.24.77.154 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a184-24-77-154.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

Referer: https://use.typekit.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:16 GMT
last-modified: Sun, 19 May 2024 12:57:48 GMT
server: nginx
etag: "6649f74c-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET
H2 200 p.css
p.typekit.net/ Frame B42B 5 B
173 B 124ms
122ms Stylesheet
text/css 184.24.77.154
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://p.typekit.net/p.css?s=1&k=lll4sbn&ht=tk&f=9785.9786.9787.9788.9789&a=36697760&app=typekit&e=css
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/lll4sbn.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.24.77.154 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a184-24-77-154.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

Referer: https://use.typekit.net/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:17 GMT
last-modified: Sun, 19 May 2024 12:57:48 GMT
server: nginx
etag: "6649f74c-5"
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=604800
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 5

GET
H2 200 recaptcha__iw.js Show response
www.gstatic.com/recaptcha/releases/hfUfsXWZFeg83qqxrK27GB8P/ Frame B42B 536 KB
213 KB 382ms
123ms Script
text/javascript 142.250.184.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/hfUfsXWZFeg83qqxrK27GB8P/recaptcha__iw.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f3.1e100.net

Software

sffe /

Resource Hash

2cd1b3d6aec451c56fefd09df423d0aad082be67ea0eca4007052c8f7f054dae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mdr.esentire.com/
Origin: https://mdr.esentire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 12:41:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24955
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 217147
x-xss-protection: 0
last-modified: Mon, 29 Jul 2024 04:00:39 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 05 Aug 2025 12:41:23 GMT

GET
H3 200 formcomplete.js Show response
ws-assets.zoominfo.com/ Frame B42B 90 KB
27 KB 202ms
200ms Script
application/javascript 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-assets.zoominfo.com/formcomplete.js
Requested by: Host: mdr.esentire.com
URL: https://mdr.esentire.com/l/651833/2022-10-12/27fwyb?ScoringCateogry=TRU%20Interest
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b1a4915e59e76e65870b9b2fe38250746fd0eaa301b836516e71bc7c6dd8ae4

Request headers

Referer: https://mdr.esentire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:17 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
age: 751
x-guploader-uploadid: AHxI1nMs3CwUr8w8-CJuq69E67rykNZisHByf9ecxhAgbDNakS5YSLqtFMpvhFOMDm1SizmsPbzmVcAzXA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 16 May 2024 10:14:37 GMT
server: cloudflare
etag: W/"006455bd44ed289ddcc403d0ecd96ab0"
x-goog-hash: crc32c=p5SAHw==, md5=AGRVvUTtKJ3cxAPQ7NlqsA==
x-goog-generation: 1715854477710382
content-type: application/javascript
cache-control: public, max-age=3600
x-goog-stored-content-length: 91778
cf-ray: 8ae93daead7ebb49-FRA
expires: Mon, 05 Aug 2024 20:24:46 GMT

GET
H/1.1 200
OK op-tin-form-background.png
s3.ca-central-1.amazonaws.com/esentire-dot-com-assets/assetsV3/Resources/ Frame B42B 6 KB
6 KB 224ms
224ms Image
image/png 52.95.146.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://s3.ca-central-1.amazonaws.com/esentire-dot-com-assets/assetsV3/Resources/op-tin-form-background.png
Requested by: Host: mdr.esentire.com
URL: https://mdr.esentire.com/l/651833/2022-10-12/27fwyb?ScoringCateogry=TRU%20Interest
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.95.146.233 Montreal, Canada, ASN16509 (AMAZON-02, US),
Reverse DNS: s3.ca-central-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: 49b029f72d9fe725914b70a169198b272798c39d8b105d6bdf6d70dc8bf76772

Request headers

Referer: https://mdr.esentire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 19:37:18 GMT
x-amz-version-id: null
Last-Modified: Wed, 25 May 2022 21:15:04 GMT
Server: AmazonS3
x-amz-request-id: 9AJ2FD69A13A4RBR
ETag: "337c287b37e7c61f7730ab33114ee82c"
Content-Type: image/png
Accept-Ranges: bytes
Content-Length: 5834
x-amz-id-2: +0J0op62Cn2gnmxToV3fsYYpaXowJcJb7gNi2mYU3u9G36aaNDNVIvw+FTZCK4pEJrCJ69inb4w=

GET
H2 200 l
use.typekit.net/af/2dce9d/00000000000000003b9b489b/27/ Frame B42B 26 KB
26 KB 125ms
125ms Font
application/font-woff2 2.19.126.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/2dce9d/00000000000000003b9b489b/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/lll4sbn.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.126.206 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-19-126-206.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 9f773c8d3e203911e734c49d7bc12c559a1b8dd1361ddc22459591696953f130

Request headers

Referer: https://use.typekit.net/lll4sbn.css
Origin: https://mdr.esentire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:17 GMT
server: nginx
etag: "a1119676fee063a49b1ff958b4d90e4f6e89bf96"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 26228

GET
H2 200 l
use.typekit.net/af/23ddd7/00000000000000003b9b489e/27/ Frame B42B 25 KB
25 KB 132ms
131ms Font
application/font-woff2 2.19.126.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/23ddd7/00000000000000003b9b489e/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/lll4sbn.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.126.206 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-19-126-206.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 6288260a06fe7aed43a17310ce3829c5d7fafe983d20b9c89cb3c0f23037ef6a

Request headers

Referer: https://use.typekit.net/lll4sbn.css
Origin: https://mdr.esentire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:17 GMT
server: nginx
etag: "85a7dc54b1423ed2b8515fe6cdedf49858069f1b"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 25712

GET
H2 200 recaptcha__iw.js Show response
www.gstatic.com/recaptcha/releases/hfUfsXWZFeg83qqxrK27GB8P/ Frame 8937 536 KB
0 367ms
367ms Script
text/javascript 142.250.184.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/hfUfsXWZFeg83qqxrK27GB8P/recaptcha__iw.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f3.1e100.net

Software

sffe /

Resource Hash

2cd1b3d6aec451c56fefd09df423d0aad082be67ea0eca4007052c8f7f054dae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://mdr.esentire.com/
Origin: https://mdr.esentire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 12:41:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24955
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 217147
x-xss-protection: 0
last-modified: Mon, 29 Jul 2024 04:00:39 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 05 Aug 2025 12:41:23 GMT

GET
H3 200 ce788296-8259-4e39-bcae-56ddd5b7e767.js Show response
cdn.mouseflow.com/projects/ Frame 8937 194 KB
340 B 137ms
136ms Script
application/javascript 104.18.26.50
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.mouseflow.com/projects/ce788296-8259-4e39-bcae-56ddd5b7e767.js

Requested by

Host: mdr.esentire.com
URL: https://mdr.esentire.com/l/651833/2023-08-01/2pz6mw

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.26.50 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

28ba48ed2e733a4c01ca9db5fe713acffcf36df68a29e1e8447bf19f7cb66692

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://mdr.esentire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:17 GMT
strict-transport-security: max-age=15552000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
x-mf-continent: AS
age: 226369
x-cache-status: MISS
alt-svc: h3=":443"; ma=86400
x-mf-script-region: non-enforced-privacy
x-mf-country: IL
last-modified: Wed, 31 Jul 2024 19:34:40 GMT
server: cloudflare
etag: W/"baa1c9af80e3da1:0"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=86400
cf-ray: 8ae93daecca38ecd-FRA
expires: Tue, 06 Aug 2024 19:37:17 GMT

GET
H2 200 l
use.typekit.net/af/89996a/000000000000000077359445/30/ Frame 8937 22 KB
0 0ms
0ms Font
application/font-woff2 2.19.126.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/89996a/000000000000000077359445/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/amm2djb.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.126.206 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-19-126-206.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 95a026ca9deb402ba2f984f169cab087ee00d5064f9d7554f946fe0807e662be

Request headers

Referer: https://use.typekit.net/amm2djb.css
Origin: https://mdr.esentire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:16 GMT
server: nginx
etag: "d3de06ff3edf13d0a437cfac23873ccf84d0f4b1"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 22892

GET
H2 200 l
use.typekit.net/af/2c6c03/000000000000000077359463/30/ Frame 8937 24 KB
0 0ms
0ms Font
application/font-woff2 2.19.126.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/2c6c03/000000000000000077359463/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/amm2djb.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.126.206 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-19-126-206.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: f9737651c97ca4327dd9d755ab8fd813bd504e8b7c975b7e1c63dcb154c1bc19

Request headers

Referer: https://use.typekit.net/amm2djb.css
Origin: https://mdr.esentire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:16 GMT
server: nginx
etag: "e3ec062323e4590b4b7846ed4c41ccffee56a2aa"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 24908

GET
H2 200 l
use.typekit.net/af/0626f2/000000000000000077359441/30/ Frame 8937 23 KB
0 1ms
1ms Font
application/font-woff2 2.19.126.206
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://use.typekit.net/af/0626f2/000000000000000077359441/30/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n5&v=3
Requested by: Host: use.typekit.net
URL: https://use.typekit.net/amm2djb.css
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.19.126.206 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-19-126-206.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: c72dec0cf8cadba7af0e75dab5638b76af4cb53e02c171c2ff68f45318caaae9

Request headers

Referer: https://use.typekit.net/amm2djb.css
Origin: https://mdr.esentire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:16 GMT
server: nginx
etag: "dd7ba2fabd12b224f191c0f337ced807f714d3d6"
content-type: application/font-woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
content-length: 24060

GET
H2 200 6si.min.js Show response
j.6sc.co/ 68 KB
18 KB 146ms
146ms Script
application/javascript 2.17.147.176
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/j/92169fb0-0d98-4c23-b691-2da2893257b1.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.147.176 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-147-176.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

4dba9e54570483a0624219ec53864f468c9cbdf4f9c1f23821e539de7cb0c9fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:17 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 12 Jul 2024 19:23:12 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "669182a0-10e5e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, proxy-revalidate, max-age=10800
accept-ranges: bytes
content-length: 18671
expires: Mon, 05 Aug 2024 22:37:17 GMT

GET
H2 200 recaptcha__iw.js Show response
www.gstatic.com/recaptcha/releases/hfUfsXWZFeg83qqxrK27GB8P/ 536 KB
0 339ms
339ms Script
text/javascript 142.250.184.227
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/hfUfsXWZFeg83qqxrK27GB8P/recaptcha__iw.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/api.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.184.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra24s12-in-f3.1e100.net

Software

sffe /

Resource Hash

2cd1b3d6aec451c56fefd09df423d0aad082be67ea0eca4007052c8f7f054dae

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
Origin: https://www.esentire.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 12:41:23 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 24955
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 217147
x-xss-protection: 0
last-modified: Mon, 29 Jul 2024 04:00:39 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 05 Aug 2025 12:41:23 GMT

POST
H/1.1 204
No Content / Show response
px.ads.linkedin.com/wa/ 0
712 B 637ms
225ms XHR
text/plain 108.174.10.20
LINKEDIN

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 108.174.10.20 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS: 108-174-10-20.fwd.linkedin.com
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Mon, 05 Aug 2024 19:37:18 GMT
Server: Play
X-Li-Pop: prod-lva1-x
LinkedIn-Action: 1
Vary: Origin
X-Li-Fabric: prod-lva1
Access-Control-Allow-Origin: https://www.esentire.com
X-LI-Proto: http/1.1
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-LI-UUID: AAYe9M4RoAwjXf4kTq7Rww==

GET
H/1.1 200
OK attribution_trigger Show response
px.ads.linkedin.com/ 2 B
998 B 631ms
234ms XHR
application/json 108.174.10.20
LINKEDIN

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=1780050&time=1722886637863&url=https%3A%2F%2Fwww.esentire.com%2Fblog%2Fquartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare&tm=gtmv2
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 108.174.10.20 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS: 108-174-10-20.fwd.linkedin.com
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept: *
Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 19:37:18 GMT
content-encoding: gzip
X-Li-Pop: prod-lva1-x
Transfer-Encoding: chunked
Access-Control-Allow-Methods: GET, OPTIONS
Content-Type: application/json
Access-Control-Allow-Origin: *
X-Li-Fabric: prod-lva1
X-LI-Proto: http/1.1
X-RestLi-Protocol-Version: 1.0.0
Connection: keep-alive
Access-Control-Allow-Headers: *
X-LI-UUID: AAYe9M4RYb6Wc0b1E/O7QA==
X-FS-UUID: 00061ef4ce1161be967346f513f3bb40

GET
H/1.1

200
OK

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1780050&time=1722886637863&li_adsId=e8b461a9-1d79-43dd-8014-1b895cb788cb&url=https%3A%2F%2Fwww.esentire.com%2Fblog%2Fquartet-of-trouble-xworm-asyn...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1780050&time=1722886637863&li_adsId=e8b461a9-1d79-43dd-8014-1b895cb788cb&url=https%3A%2F%2Fwww.esentire.com%2Fblog%2Fquartet-of-trouble-xworm-asyn...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D1780050%26time%3D1722886637863%26li_adsId%3De8b461a9-1d79-43dd-8014-1b895cb788cb%...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1780050&time=1722886637863&li_adsId=e8b461a9-1d79-43dd-8014-1b895cb788cb&url=https%3A%2F%2Fwww.esentire.com%2Fblog%2Fquartet-of-trouble-xworm-asyn...

0
600 B

213ms
213ms

Image
application/javascript

108.174.10.20
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1780050&time=1722886637863&li_adsId=e8b461a9-1d79-43dd-8014-1b895cb788cb&url=https%3A%2F%2Fwww.esentire.com%2Fblog%2Fquartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare&tm=gtmv2&cookiesTest=true&liSync=true
Requested by: Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
Protocol: HTTP/1.1
Server: 108.174.10.20 , United States, ASN14413 (LINKEDIN, US),
Reverse DNS: 108-174-10-20.fwd.linkedin.com
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 19:37:19 GMT
Server: Play
X-Li-Pop: prod-lva1-x
LinkedIn-Action: 1
X-Li-Fabric: prod-lva1
Content-Type: application/javascript
X-LI-Proto: http/1.1
Connection: keep-alive
content-length: 0
X-LI-UUID: AAYe9M4jEYefKcYCEZtjsg==

Redirect headers

Date: Mon, 05 Aug 2024 19:37:19 GMT
Strict-Transport-Security: max-age=31536000
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self'
LinkedIn-Action: 1
Connection: keep-alive
content-length: 0
X-LI-UUID: AAYe9M4ffeeOXXFVEKQIkg==
Pragma: no-cache
Server: Play
X-Li-Pop: prod-lva1-x
X-Frame-Options: sameorigin
X-Li-Fabric: prod-lva1
Location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=1780050&time=1722886637863&li_adsId=e8b461a9-1d79-43dd-8014-1b895cb788cb&url=https%3A%2F%2Fwww.esentire.com%2Fblog%2Fquartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare&tm=gtmv2&cookiesTest=true&liSync=true
Cache-Control: no-cache, no-store
X-LI-Proto: http/1.1
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 serverComponent.php Show response
nexus.ensighten.com/choozle/17616/ 385 B
718 B 153ms
152ms Script
text/javascript 65.9.66.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/choozle/17616/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/choozle/17616/code/&publishedOn=Sun%20Oct%2029%2016:52:55%20GMT%202023&ClientID=923&PageID=https%3A%2F%2Fwww.esentire.com%2Fblog%2Fquartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/choozle/17616/Bootstrap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 65.9.66.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-103.fra56.r.cloudfront.net
Software: CloudFront /
Resource Hash: 6a9af3952277f5e6e533a582cbcb836df278251f1186f572244f8f8d3e52d39f

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:18 GMT
via: 1.1 106758604a7f1ae0fa6678cd3d828d62.cloudfront.net (CloudFront)
server: CloudFront
x-amz-cf-pop: FRA56-C1
x-cache: Miss from cloudfront
content-type: text/javascript
cache-control: no-cache, no-store
alt-svc: h3=":443"; ma=86400
content-length: 385
x-amz-cf-id: W9VffI1qLuyWTq8yu3AUMzSFcSxZE544YrtCHPDw6xgNGvqxE_1bMg==
expires: Mon, 05 Aug 2024 19:37:17 GMT

POST
H2 200 assign
tracking.g2crowd.com/attribution_tracking/conversions/ 0
0 243ms
240ms Ping
text/html 104.18.31.176
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.g2crowd.com/attribution_tracking/conversions/assign
Requested by: Host: tracking.g2crowd.com
URL: https://tracking.g2crowd.com/attribution_tracking/conversions/1985.js?p=https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare&e=
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.18.31.176 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryC6uSSAciZHuljoa9

Response headers

GET
H3 200 /
www.google.com/pagead/1p-user-list/478097890/ 42 B
64 B 134ms
133ms Image
image/gif 172.217.16.196
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/478097890/?random=1722886637199&cv=11&fst=1722884400000&bg=ffffff&guid=ON&async=1&gtm=45be47v0v899675426z8813556160za201zb813556160&gcd=13l3l3l3l1&dma=0&tag_exp=95250753&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.esentire.com%2Fblog%2Fquartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare&hn=www.googleadservices.com&frm=0&tiba=eSentire%20%7C%20Quartet%20of%20Trouble%3A%20XWorm%2C%20AsyncRAT%2C%20VenomRAT%2C%20and%E2%80%A6&userId=%5Bobject%20Object%5D&npa=0&pscdl=noapi&auid=833261723.1722886637&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDaQooLNZo9DWg8OFU7AmxNr3lpQkjYmEKE7Q&random=2018287682&rmt_tld=0&ipr=y

Requested by

Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f196.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Aug 2024 19:37:18 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.co.il/pagead/1p-user-list/478097890/ 42 B
154 B 136ms
135ms Image
image/gif 142.250.185.227
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.il/pagead/1p-user-list/478097890/?random=1722886637199&cv=11&fst=1722884400000&bg=ffffff&guid=ON&async=1&gtm=45be47v0v899675426z8813556160za201zb813556160&gcd=13l3l3l3l1&dma=0&tag_exp=95250753&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.esentire.com%2Fblog%2Fquartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare&hn=www.googleadservices.com&frm=0&tiba=eSentire%20%7C%20Quartet%20of%20Trouble%3A%20XWorm%2C%20AsyncRAT%2C%20VenomRAT%2C%20and%E2%80%A6&userId=%5Bobject%20Object%5D&npa=0&pscdl=noapi&auid=833261723.1722886637&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDaQooLNZo9DWg8OFU7AmxNr3lpQkjYmEKE7Q&random=2018287682&rmt_tld=1&ipr=y

Requested by

Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Aug 2024 19:37:18 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 134632430.js Show response
bat.bing.com/p/action/ 4 KB
2 KB 139ms
139ms Script
application/javascript 131.253.33.237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/134632430.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

131.253.33.237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

6372895be2e5bf284dba633b182432c2becc6e92d9a3dcd04b66bd7ece5334c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
date: Mon, 05 Aug 2024 19:37:17 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 25EE4AA91A924D5D8744D6456921A738 Ref B: LON212050702031 Ref C: 2024-08-05T19:37:18Z
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
cache-control: private,max-age=60

GET
H2 200 / Show response
c.6sc.co/ 7 B
194 B 170ms
163ms XHR
text/html 2.17.147.176
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.147.176 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-147-176.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:18 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.esentire.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 4 B
282 B 422ms
148ms XHR
text/html 2.17.147.176
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.147.176 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-147-176.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Aug 2024 19:37:18 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.esentire.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: null
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1722886638242_34706348_39337986_24_873_64_146_219";dur=1
content-length: 4
expires: Mon, 05 Aug 2024 19:37:18 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 273ms
268ms Image
image/gif 2.17.147.176
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=9521f388917852d4872d30f86ea1a41c&svisitor=null&visitor=e6b2f95e-cb76-46a9-845b-aaf15d0d8560&session=8fe7c81a-d536-4905-87cb-89b3be899767&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Mon%2C%2005%20Aug%202024%2019%3A37%3A18%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22Learn%20more%20about%20how%20four%20malware%2C%20XWorm%2C%20AsyncRAT%2C%20VenomRAT%2C%20and%20PureLogs%20Stealer%2C%20are%20leveraging%20TryCloudflare%20and%20get%20security%20recommendations%20from%20our%E2%80%A6%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22eSentire%20%7C%20Quartet%20of%20Trouble%3A%20XWorm%2C%20AsyncRAT%2C%20VenomRAT%2C%20and%E2%80%A6%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.esentire.com%2Fblog%2Fquartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare&pageViewId=fe5fc5a3-6fb6-4223-8fd6-e38ae416639a&webTagId=92169fb0-0d98-4c23-b691-2da2893257b1&v=1.1.22

Requested by

Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.147.176 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-147-176.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Aug 2024 19:37:18 GMT
x-content-type-options: nosniff
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 05 Aug 2024 19:37:18 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 292ms
288ms Image
image/gif 2.17.147.176
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=9521f388917852d4872d30f86ea1a41c&svisitor=null&visitor=e6b2f95e-cb76-46a9-845b-aaf15d0d8560&session=8fe7c81a-d536-4905-87cb-89b3be899767&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%229521f388917852d4872d30f86ea1a41c%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2005%20Aug%202024%2019%3A37%3A18%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22disableCookies%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2005%20Aug%202024%2019%3A37%3A18%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIPv6Ping%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2005%20Aug%202024%2019%3A37%3A18%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableIgnorePageUrlHash%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2005%20Aug%202024%2019%3A37%3A18%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableRetargeting%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2005%20Aug%202024%2019%3A37%3A18%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setWhiteListFields%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2005%20Aug%202024%2019%3A37%3A18%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCustomMetatags%5C%22%2C%5C%22value%5C%22%3A%5C%22%5B%5D%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2005%20Aug%202024%2019%3A37%3A18%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22storeTagId%5C%22%2C%5C%22value%5C%22%3A%5C%2292169fb0-0d98-4c23-b691-2da2893257b1%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2005%20Aug%202024%2019%3A37%3A18%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2005%20Aug%202024%2019%3A37%3A18%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setCompanyDetailsExpiration%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2005%20Aug%202024%2019%3A37%3A18%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableMapCookieCapture%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2005%20Aug%202024%2019%3A37%3A18%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22false%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Mon%2C%2005%20Aug%202024%2019%3A37%3A18%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22Learn%20more%20about%20how%20four%20malware%2C%20XWorm%2C%20AsyncRAT%2C%20VenomRAT%2C%20and%20PureLogs%20Stealer%2C%20are%20leveraging%20TryCloudflare%20and%20get%20security%20recommendations%20from%20our%E2%80%A6%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22eSentire%20%7C%20Quartet%20of%20Trouble%3A%20XWorm%2C%20AsyncRAT%2C%20VenomRAT%2C%20and%E2%80%A6%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.esentire.com%2Fblog%2Fquartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare&pageViewId=fe5fc5a3-6fb6-4223-8fd6-e38ae416639a&webTagId=92169fb0-0d98-4c23-b691-2da2893257b1&v=1.1.22

Requested by

Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.147.176 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-147-176.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Aug 2024 19:37:18 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 05 Aug 2024 19:37:18 GMT

GET
H3 200 f32640d2533198ecbf42d71590d80394.js Show response
nexus.ensighten.com/choozle/17616/code/ 673 B
1 KB 122ms
121ms Script
application/javascript 65.9.66.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/choozle/17616/code/f32640d2533198ecbf42d71590d80394.js?conditionId0=4945953
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/choozle/17616/Bootstrap.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 65.9.66.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-103.fra56.r.cloudfront.net
Software: CloudFront /
Resource Hash: a7f1e6984ac0287cf5b1ec86891b63ec3b0d9f9c65668a17eb67681cf19bf603

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Wed, 10 Jan 2024 05:02:54 GMT
x-amz-version-id: buFIYeCFS7wrqnTG.CeF4hp.GpCiOxPl
via: 1.1 c4a2e8b9ec0bdec016055cf127d5dad8.cloudfront.net (CloudFront)
age: 18023665
x-amz-cf-pop: FRA56-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
content-length: 673
last-modified: Sun, 29 Oct 2023 16:53:06 GMT
server: CloudFront
etag: "52da2691ab5005d39c0b1be0bf0cf01a"
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
accept-ranges: bytes
x-amz-cf-id: o0diC8sH8avnEcCcFf9928ap9jGBc83CiQE9TQwmQpJBZgrBPkrmOw==

GET
H3 200 d3d14424fac71699bdbff068d9b1184b.js Show response
nexus.ensighten.com/choozle/17616/code/ 2 KB
803 B 122ms
121ms Script
application/javascript 65.9.66.103
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://nexus.ensighten.com/choozle/17616/code/d3d14424fac71699bdbff068d9b1184b.js?conditionId0=421905
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/choozle/17616/Bootstrap.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 65.9.66.103 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-65-9-66-103.fra56.r.cloudfront.net
Software: CloudFront /
Resource Hash: e80cfc6df2f882813f88dcf1175bc0c47e13c0cd8517bc240a65ee6cc758b0f2

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Sun, 17 Dec 2023 01:08:45 GMT
x-amz-version-id: d.aon4EQnln_gHxylT_5DcIMBZE80ZbS
content-encoding: br
via: 1.1 c4a2e8b9ec0bdec016055cf127d5dad8.cloudfront.net (CloudFront)
age: 20111314
x-amz-cf-pop: FRA56-C1
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
alt-svc: h3=":443"; ma=86400
last-modified: Sun, 29 Oct 2023 16:53:06 GMT
server: CloudFront
etag: W/"e8e93310d35a9462151b8fdab5b436ce"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=315360000
x-amz-cf-id: I6Rk1G4xcUl75Nabfok36r2Ke_aqEcmyKNVoIZ8hrEStnX6jwSlfcQ==

GET
H3 200 getMapping Show response
ws.zoominfo.com/formcomplete-v2/ Frame B42B 4 KB
1 KB 268ms
266ms XHR
application/json 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/getMapping?formId=26bf2eb7-54b7-461e-8445-5dddcb620d26

Requested by

Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

e123f133d734923e26c69963f004328056cedd935e03acfe726a2ee845a7dd1e

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://mdr.esentire.com/
_zitok
visitorId
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
x-powered-by: Express
alt-svc: h3=":443"; ma=86400
server: cloudflare
etag: W/"e90-WOUrGNQTk7pF6psA3Z2C4LR18Ks"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://mdr.esentire.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,Authorization, visitorId, _zitok
cf-ray: 8ae93db34b45bb49-FRA

OPTIONS
H3 200 getMapping
ws.zoominfo.com/formcomplete-v2/ Frame 0
0 404ms
279ms Preflight
text/html 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/getMapping?formId=26bf2eb7-54b7-461e-8445-5dddcb620d26

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _zitok,visitorid
Access-Control-Request-Method: GET
Origin: https://mdr.esentire.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,Authorization,visitorId,_zitok
access-control-allow-origin: https://mdr.esentire.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8ae93db19b659277-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 05 Aug 2024 19:37:18 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

GET
H2 200 134632430 Show response
www.clarity.ms/tag/uet/ 1 KB
2 KB 750ms
539ms Script
application/x-javascript 13.107.246.45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/uet/134632430
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/134632430.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 13.107.246.45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 1d7c00e8f914fbc2c4bb27b5774abd25d01b0cb8f1f4bddabba46cb47deaff13

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0
date: Mon, 05 Aug 2024 19:37:18 GMT
x-azure-ref: 20240805T193718Z-r164bbb7d64qjmbxxt3dv2c2ys0000000m40000000003qpx
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 1183
expires: -1

GET
H2 204 0
bat.bing.com/action/ 0
287 B 142ms
142ms Image
text/plain 131.253.33.237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=134632430&tm=gtm002&Ver=2&mid=1c204f09-ccff-420e-8ff8-678e0f9a90fe&sid=20112420536211efaf18f572ce1a115e&vid=20114000536211efaf9e056914da4a96&vids=1&msclkid=N&gtm_tag_source=1&pi=918639831&lg=he-IL&sw=1600&sh=1200&sc=24&tl=eSentire%20%7C%20Quartet%20of%20Trouble%3A%20XWorm,%20AsyncRAT,%20VenomRAT,%20and%E2%80%A6&p=https%3A%2F%2Fwww.esentire.com%2Fblog%2Fquartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare&r=&lt=2202&evt=pageLoad&sv=1&cdb=AQAQ&rn=652580

Requested by

Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

131.253.33.237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Mon, 05 Aug 2024 19:37:17 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: AC282C59E6BF4964A6739F4C20AB35C5 Ref B: LON212050702031 Ref C: 2024-08-05T19:37:18Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

iframe
d1eoo1tco6rr5e.cloudfront.net/zy90xae/11yjcw6/ Frame 4417
Redirect Chain

https://insight.adsrvr.org/tags/zy90xae/11yjcw6/iframe
https://d1eoo1tco6rr5e.cloudfront.net/zy90xae/11yjcw6/iframe

0
0

371ms
121ms

Document
text/html

13.225.83.200
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d1eoo1tco6rr5e.cloudfront.net/zy90xae/11yjcw6/iframe
Requested by: Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/choozle/17616/code/f32640d2533198ecbf42d71590d80394.js?conditionId0=4945953
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.83.200 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-83-200.fra2.r.cloudfront.net
Software: AmazonS3 /
Resource Hash

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Age: 38564
Cache-Control: max-age=86400
Connection: keep-alive
Content-Length: 138
Content-Type: text/html
Date: Mon, 05 Aug 2024 08:55:34 GMT
ETag: "622775a53db7f6c768484781afbe7098"
Last-Modified: Wed, 18 Jan 2023 19:24:08 GMT
Server: AmazonS3
Via: 1.1 ac0e9b19969df989a920e6d1b834d008.cloudfront.net (CloudFront)
X-Amz-Cf-Id: iZkJWM6zB-bWoitR1B8viO3NLovrpEI9OsR7Y2a9cpXvbCaVGoHk2g==
X-Amz-Cf-Pop: FRA2-C2
X-Cache: Hit from cloudfront
x-amz-server-side-encryption: AES256

Redirect headers

content-length: 0
date: Mon, 05 Aug 2024 19:37:18 GMT
location: https://d1eoo1tco6rr5e.cloudfront.net/zy90xae/11yjcw6/iframe

GET
H3 200 anchor
www.google.com/recaptcha/api2/ Frame A138 0
0 392ms
146ms Document
text/html 172.217.16.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9tZHIuZXNlbnRpcmUuY29tOjQ0Mw..&hl=iw&v=hfUfsXWZFeg83qqxrK27GB8P&size=normal&cb=cdwvojjowtzy

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/hfUfsXWZFeg83qqxrK27GB8P/recaptcha__iw.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f196.1e100.net

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-4Mm1GmQBEbwDER634hMxcQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mdr.esentire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-4Mm1GmQBEbwDER634hMxcQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 05 Aug 2024 19:37:18 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 anchor
www.google.com/recaptcha/api2/ Frame 4E50 0
0 352ms
151ms Document
text/html 172.217.16.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ&co=aHR0cHM6Ly9tZHIuZXNlbnRpcmUuY29tOjQ0Mw..&hl=iw&v=hfUfsXWZFeg83qqxrK27GB8P&size=normal&cb=12p6cjrw2ikl

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/hfUfsXWZFeg83qqxrK27GB8P/recaptcha__iw.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f196.1e100.net

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-D-YlDTQ61LnkLruU5nQo0w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mdr.esentire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-D-YlDTQ61LnkLruU5nQo0w' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 05 Aug 2024 19:37:18 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 entitlementCheck Show response
ws.zoominfo.com/formcomplete-v2/ Frame B42B 18 B
361 B 287ms
287ms XHR
application/json 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/entitlementCheck?formId=26bf2eb7-54b7-461e-8445-5dddcb620d26

Requested by

Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

1d921f25ecbb79c2d9404e247fdce4e9fe3f8ccecf0f237c5524b5975c62cbea

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://mdr.esentire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:19 GMT
via: 1.1 google
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
x-powered-by: Express
etag: W/"12-6lq1h4LOKy3FCGyvW8ncJRrsJDw"
content-type: application/json; charset=utf-8
access-control-allow-origin: https://mdr.esentire.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,Authorization, visitorId, _zitok
content-length: 18
cf-ray: 8ae93db4fd4ebb49-FRA
alt-svc: h3=":443"; ma=86400

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.41/ 62 KB
26 KB 100ms
99ms Script
application/javascript 13.107.246.45
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.41/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/uet/134632430
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 13.107.246.45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 63bb2e926bb71d9af20024a237718b3cbd8bcb03af6fe3510132024571005f69

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:18 GMT
content-encoding: br
last-modified: Thu, 01 Aug 2024 19:54:07 GMT
etag: W/"0x8DCB263B4239D88"
vary: Accept-Encoding
x-azure-ref: 20240805T193718Z-r164bbb7d64qjmbxxt3dv2c2ys0000000m40000000003qq4
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 5adb8338-101e-0065-59b7-e4809f000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28
x-fd-int-roxy-purgeid: 51562430

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 371ms
371ms Image
image/gif 2.17.147.176
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=9521f388917852d4872d30f86ea1a41c&svisitor=null&visitor=e6b2f95e-cb76-46a9-845b-aaf15d0d8560&session=8fe7c81a-d536-4905-87cb-89b3be899767&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2005%20Aug%202024%2019%3A37%3A19%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2005%20Aug%202024%2019%3A37%3A18%20GMT%22%2C%22timeSpent%22%3A%221004%22%2C%22totalTimeSpent%22%3A%221004%22%7D&isIframe=false&m=%7B%22description%22%3A%22Learn%20more%20about%20how%20four%20malware%2C%20XWorm%2C%20AsyncRAT%2C%20VenomRAT%2C%20and%20PureLogs%20Stealer%2C%20are%20leveraging%20TryCloudflare%20and%20get%20security%20recommendations%20from%20our%E2%80%A6%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22eSentire%20%7C%20Quartet%20of%20Trouble%3A%20XWorm%2C%20AsyncRAT%2C%20VenomRAT%2C%20and%E2%80%A6%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.esentire.com%2Fblog%2Fquartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare&pageViewId=fe5fc5a3-6fb6-4223-8fd6-e38ae416639a&webTagId=92169fb0-0d98-4c23-b691-2da2893257b1&v=1.1.22

Requested by

Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.147.176 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-147-176.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Aug 2024 19:37:19 GMT
x-content-type-options: nosniff
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 05 Aug 2024 19:37:19 GMT

POST
H/1.1 204
No Content collect Show response
z.clarity.ms/ 0
280 B 841ms
429ms XHR
text/plain 20.10.16.51
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://z.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.41/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.10.16.51 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.esentire.com
Date: Mon, 05 Aug 2024 19:37:19 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 319ms
318ms Image
image/gif 2.17.147.176
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=9521f388917852d4872d30f86ea1a41c&svisitor=null&visitor=e6b2f95e-cb76-46a9-845b-aaf15d0d8560&session=8fe7c81a-d536-4905-87cb-89b3be899767&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2005%20Aug%202024%2019%3A37%3A20%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2005%20Aug%202024%2019%3A37%3A19%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%222005%22%7D&isIframe=false&m=%7B%22description%22%3A%22Learn%20more%20about%20how%20four%20malware%2C%20XWorm%2C%20AsyncRAT%2C%20VenomRAT%2C%20and%20PureLogs%20Stealer%2C%20are%20leveraging%20TryCloudflare%20and%20get%20security%20recommendations%20from%20our%E2%80%A6%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22eSentire%20%7C%20Quartet%20of%20Trouble%3A%20XWorm%2C%20AsyncRAT%2C%20VenomRAT%2C%20and%E2%80%A6%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.esentire.com%2Fblog%2Fquartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare&pageViewId=fe5fc5a3-6fb6-4223-8fd6-e38ae416639a&webTagId=92169fb0-0d98-4c23-b691-2da2893257b1&v=1.1.22

Requested by

Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.147.176 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-147-176.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Aug 2024 19:37:20 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 05 Aug 2024 19:37:20 GMT

GET
H3 200 bframe
www.google.com/recaptcha/api2/ Frame F1EB 0
0 135ms
132ms Document
text/html 172.217.16.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=iw&v=hfUfsXWZFeg83qqxrK27GB8P&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/hfUfsXWZFeg83qqxrK27GB8P/recaptcha__iw.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f196.1e100.net

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-RZwpsFWeL7r5rtoLorc2fQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mdr.esentire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-RZwpsFWeL7r5rtoLorc2fQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 05 Aug 2024 19:37:20 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H3 200 zi-tag.js Show response
js.zi-scripts.com/ Frame 8937 9 KB
3 KB 202ms
126ms Script
application/javascript 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/zi-tag.js
Requested by: Host: mdr.esentire.com
URL: https://mdr.esentire.com/l/651833/2023-08-01/2pz6mw
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e779904e434d50e426e79dfac680cdb8a04564e67121c257974278a02979e407

Request headers

Referer: https://mdr.esentire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:20 GMT
x-amz-version-id: PTl7rnF_EEhUwyN5J882FhdYw1E0brGf
via: 1.1 a1498dff3937a5cd56baf5f0f59e01c2.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
content-encoding: gzip
x-amz-cf-pop: MRS52-P5
age: 60729
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 18 Jul 2024 08:13:46 GMT
server: cloudflare
etag: W/"b2877da906a3216c4f3fc4030b205e54"
vary: Accept-Encoding
content-type: application/javascript
cf-ray: 8ae93dbd6d58e3d3-TLV
x-amz-cf-id: 1ECJwnGJmFaXeM-8lGaU0aLbyc6zRlmYjj6uDz6fIIKW6dtjWyKLBA==

GET
H/1.1 200
OK pd.js Show response
mdr.esentire.com/ Frame 8937 5 KB
2 KB 203ms
201ms Script
application/javascript 3.92.120.28
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://mdr.esentire.com/pd.js
Requested by: Host: mdr.esentire.com
URL: https://mdr.esentire.com/l/651833/2023-08-01/2pz6mw
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 3.92.120.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-92-120-28.compute-1.amazonaws.com
Software: /
Resource Hash: 41402adfc915ad6dfd6328c06c8038763d25fe603e63beba4a2638a2bbc03136

Request headers

Referer: https://mdr.esentire.com/l/651833/2023-08-01/2pz6mw
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 19:37:20 GMT
content-encoding: gzip
X-Pardot-Route: e8229a0ff18ebffc83a98010d2521dd5
last-modified: Mon, 05 Aug 2024 14:44:41 GMT
etag: "15f4-gzip"
vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
cache-control: max-age=63072000
Connection: keep-alive
accept-ranges: bytes
Content-Length: 1988
expires: Wed, 05 Aug 2026 19:37:20 GMT

GET
H3 200 bframe
www.google.com/recaptcha/api2/ Frame E271 0
0 247ms
133ms Document
text/html 172.217.16.196
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/api2/bframe?hl=iw&v=hfUfsXWZFeg83qqxrK27GB8P&k=6LfVnCYTAAAAAB4x9xlkeTsV8CO6np5UMhNjRNNZ

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/hfUfsXWZFeg83qqxrK27GB8P/recaptcha__iw.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.217.16.196 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f196.1e100.net

Software

GSE /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-6NXJXQrngpEfDRQkKNUGhg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://mdr.esentire.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-6NXJXQrngpEfDRQkKNUGhg' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 05 Aug 2024 19:37:20 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server: GSE
x-content-type-options: nosniff
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK pd.js Show response
mdr.esentire.com/ Frame B42B 5 KB
0 21ms
21ms Script
application/javascript 3.92.120.28
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://mdr.esentire.com/pd.js
Requested by: Host: mdr.esentire.com
URL: https://mdr.esentire.com/l/651833/2022-10-12/27fwyb?ScoringCateogry=TRU%20Interest
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 3.92.120.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-92-120-28.compute-1.amazonaws.com
Software: /
Resource Hash: 41402adfc915ad6dfd6328c06c8038763d25fe603e63beba4a2638a2bbc03136

Request headers

Referer: https://mdr.esentire.com/l/651833/2022-10-12/27fwyb?ScoringCateogry=TRU%20Interest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 19:37:20 GMT
content-encoding: gzip
X-Pardot-Route: e8229a0ff18ebffc83a98010d2521dd5
last-modified: Mon, 05 Aug 2024 14:44:41 GMT
etag: "15f4-gzip"
vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
cache-control: max-age=63072000
accept-ranges: bytes
Content-Length: 1988
expires: Wed, 05 Aug 2026 19:37:20 GMT

GET
H3 200 getSubscriptions Show response
js.zi-scripts.com/unified/v1/master/ Frame 8937 195 B
579 B 563ms
563ms Fetch
application/json 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 6a5d6d3db7f5ec56b4bba04eec450d9704bde48410ea6c0ba5abf6f52b06d8ee

Request headers

Content-Type: application/json
Referer: https://mdr.esentire.com/
Authorization: Bearer 9617e6db401669836307
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
visited_url: https://mdr.esentire.com/l/651833/2023-08-01/2pz6mw

Response headers

date: Mon, 05 Aug 2024 19:37:21 GMT
via: 1.1 a8f403e7a1e295eca645452cd239f186.cloudfront.net (CloudFront)
content-encoding: gzip
cf-cache-status: DYNAMIC
x-amz-cf-pop: MRS52-P5
x-powered-by: Express
x-cache: Miss from cloudfront
alt-svc: h3=":443"; ma=86400
apigw-requestid: cDN9uitEPHcES-w=
server: cloudflare
etag: W/"c3-wjoHttP3xQ35zOEjUPnW0XD2FSk"
vary: Origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://mdr.esentire.com
cf-ray: 8ae93dc0797ce3ed-TLV
x-amz-cf-id: XVSfJ-Q7pAO7jbLxVJEvyjP7VcTEumbcvwYwWKOsDfg8k1fsukk41A==

OPTIONS
H3 204 getSubscriptions
js.zi-scripts.com/unified/v1/master/ Frame 0
0 358ms
287ms Preflight 172.64.150.44
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.zi-scripts.com/unified/v1/master/getSubscriptions
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.64.150.44 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,visited_url
Access-Control-Request-Method: GET
Origin: https://mdr.esentire.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Origin,X-Requested-With,Content-Type,Accept,Authorization,X-Amp-Device-Id,X-Amp-Session-Id,visited_url,_zitok,forwarded,x-ziaccesstoken
access-control-allow-methods: POST, GET, OPTIONS, PATCH, DELETE, PUT
access-control-allow-origin: https://mdr.esentire.com
alt-svc: h3=":443"; ma=86400
apigw-requestid: cDN9ojwYvHcES_Q=
cf-cache-status: DYNAMIC
cf-ray: 8ae93dbeaef0e3ed-TLV
date: Mon, 05 Aug 2024 19:37:20 GMT
server: cloudflare
vary: Origin
via: 1.1 a8f403e7a1e295eca645452cd239f186.cloudfront.net (CloudFront)
x-amz-cf-id: S5KWaIYOkSRwR7fycJ0-FQusqrY0kDOIBYbToN5irqdDJAkqXH19qg==
x-amz-cf-pop: MRS52-P5
x-cache: Miss from cloudfront
x-powered-by: Express

GET
H/1.1 200
OK analytics Show response
mdr.esentire.com/ Frame 8937 0
476 B 299ms
298ms Script
text/javascript 3.92.120.28
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://mdr.esentire.com/analytics?ver=3&pi_form=true&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=92316&account_id=652833&title=&url=https%3A%2F%2Fmdr.esentire.com%2Fl%2F651833%2F2023-08-01%2F2pz6mw&referrer=https%3A%2F%2Fwww.esentire.com%2Fblog%2Fquartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
Requested by: Host: mdr.esentire.com
URL: https://mdr.esentire.com/pd.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 3.92.120.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-92-120-28.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mdr.esentire.com/l/651833/2023-08-01/2pz6mw
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
Date: Mon, 05 Aug 2024 19:37:20 GMT
X-Pardot-Route: 9b06e8e2308c32c7bf9ba8adfb7be2e1
x-pardot-rsp: 0/0/1
vary: User-Agent
Content-Type: text/javascript; charset=utf-8
p3p: CP="CAO DSP AND SO ON" policyref="/w3c/p3p.xml"
cache-control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H/1.1 200
OK analytics Show response
mdr.esentire.com/ Frame B42B 0
476 B 343ms
343ms Script
text/javascript 3.92.120.28
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://mdr.esentire.com/analytics?ver=3&pi_form=true&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=94344&account_id=652833&title=&url=https%3A%2F%2Fmdr.esentire.com%2Fl%2F651833%2F2022-10-12%2F27fwyb%3FScoringCateogry%3DTRU%2520Interest&referrer=https%3A%2F%2Fwww.esentire.com%2Fblog%2Fquartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
Requested by: Host: mdr.esentire.com
URL: https://mdr.esentire.com/pd.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 3.92.120.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-92-120-28.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://mdr.esentire.com/l/651833/2022-10-12/27fwyb?ScoringCateogry=TRU%20Interest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
Date: Mon, 05 Aug 2024 19:37:20 GMT
X-Pardot-Route: 9b06e8e2308c32c7bf9ba8adfb7be2e1
x-pardot-rsp: 0/0/1
vary: User-Agent
Content-Type: text/javascript; charset=utf-8
p3p: CP="CAO DSP AND SO ON" policyref="/w3c/p3p.xml"
cache-control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 0
expires: Thu, 19 Nov 1981 08:52:00 GMT

POST
H/1.1 204
No Content collect Show response
z.clarity.ms/ 0
280 B 214ms
212ms XHR
text/plain 20.10.16.51
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://z.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.41/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.10.16.51 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.esentire.com
Date: Mon, 05 Aug 2024 19:37:20 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2

GET
H2 200 core
js.driftt.com/ Frame 7DEE 0
0 474ms
236ms Document
text/html 18.245.86.73
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core?d=1&embedId=ys3mr8d6dw69&eId=ys3mr8d6dw69&region=US&forceShow=false&skipCampaigns=false&sessionId=9025ac12-5e30-4457-b763-7a7b58417d2e&sessionStarted=1722886640.617&campaignRefreshToken=f2bcb24b-e267-4401-9293-c279acac0a2d&hideController=false&pageLoadStartTime=1722886635485&mode=CHAT&driftEnableLog=false&secureIframe=false&u=https%3A%2F%2Fwww.esentire.com%2Fblog%2Fquartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1722886800000/ys3mr8d6dw69.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-73.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 05 Aug 2024 19:37:21 GMT
etag: W/"9274c0ff52d0ea301eff17185711c576"
last-modified: Wed, 24 Jul 2024 21:19:01 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 997d50190609a53c76124b45ad43b3ec.cloudfront.net (CloudFront)
x-amz-cf-id: ob8qBH---vv64pe5Nz4NBTn074uge-C7oJsYi9Fdiim8mKhS6afVAw==
x-amz-cf-pop: FRA60-P6
x-amz-server-side-encryption: AES256
x-amz-version-id: e.x5p6Pj3I94qvY0w0S0kqCQS7PUrPBy
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 23

GET
H2 200 chat
js.driftt.com/core/ Frame 0BAF 0
0 461ms
231ms Document
text/html 18.245.86.73
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.driftt.com/core/chat?d=1&region=US&driftEnableLog=false&pageLoadStartTime=1722886635485

Requested by

Host: js.driftt.com
URL: https://js.driftt.com/include/1722886800000/ys3mr8d6dw69.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.245.86.73 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-245-86-73.fra60.r.cloudfront.net

Software

istio-envoy /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 05 Aug 2024 19:37:21 GMT
etag: W/"9274c0ff52d0ea301eff17185711c576"
last-modified: Wed, 24 Jul 2024 21:19:01 GMT
server: istio-envoy
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
via: 1.1 997d50190609a53c76124b45ad43b3ec.cloudfront.net (CloudFront)
x-amz-cf-id: Po_pa7r3HbA5Vh102OFyfib3L8RR3EkNRii27JU4g0jKAfluxl5weA==
x-amz-cf-pop: FRA60-P6
x-amz-server-side-encryption: AES256
x-amz-version-id: e.x5p6Pj3I94qvY0w0S0kqCQS7PUrPBy
x-cache: RefreshHit from cloudfront
x-envoy-upstream-service-time: 22

GET
H/1.1 200
OK pd.js Show response
mdr.esentire.com/ 5 KB
0 1ms
1ms Script
application/javascript 3.92.120.28
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://mdr.esentire.com/pd.js
Requested by: Host: www.esentire.com
URL: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 3.92.120.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-92-120-28.compute-1.amazonaws.com
Software: /
Resource Hash: 41402adfc915ad6dfd6328c06c8038763d25fe603e63beba4a2638a2bbc03136

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 19:37:20 GMT
content-encoding: gzip
X-Pardot-Route: e8229a0ff18ebffc83a98010d2521dd5
last-modified: Mon, 05 Aug 2024 14:44:41 GMT
etag: "15f4-gzip"
vary: Accept-Encoding,User-Agent
Content-Type: application/javascript
cache-control: max-age=63072000
accept-ranges: bytes
Content-Length: 1988
expires: Wed, 05 Aug 2026 19:37:20 GMT

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=B846E87E3B554E06B8B58EFB22C829C0&RedC=c.clarity.ms&MXFR=2CDC950A4F0E6BBB3F0381D84B0E65AF
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=B846E87E3B554E06B8B58EFB22C829C0&MUID=196DA57311E06E563013B1A110E66FBE

42 B
465 B

138ms
138ms

Image
image/gif

13.74.129.1
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=B846E87E3B554E06B8B58EFB22C829C0&MUID=196DA57311E06E563013B1A110E66FBE
Protocol: H2
Server: 13.74.129.1 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Aug 2024 19:37:21 GMT
last-modified: Thu, 01 Aug 2024 17:45:27 GMT
server: Microsoft-IIS/10.0
etag: "43fd8f983ae4da1:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Mon, 05 Aug 2024 19:37:20 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 25FD7CDFF877468A9C1F1D1DE3FD9A31 Ref B: LON212050702031 Ref C: 2024-08-05T19:37:21Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=B846E87E3B554E06B8B58EFB22C829C0&MUID=196DA57311E06E563013B1A110E66FBE
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H/1.1 200
OK analytics Show response
mdr.esentire.com/ 3 KB
3 KB 380ms
380ms Script
text/javascript 3.92.120.28
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://mdr.esentire.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=null&account_id=652833&title=eSentire%20%7C%20Quartet%20of%20Trouble%3A%20XWorm%2C%20AsyncRAT%2C%20VenomRAT%2C%20and%E2%80%A6&url=https%3A%2F%2Fwww.esentire.com%2Fblog%2Fquartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare&referrer=
Requested by: Host: mdr.esentire.com
URL: https://mdr.esentire.com/pd.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 3.92.120.28 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-92-120-28.compute-1.amazonaws.com
Software: /
Resource Hash: b124108fa93a89b3bbcb0fc04ca312195e3433dc3eab53f5d4a98b4a5483cd09

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
Date: Mon, 05 Aug 2024 19:37:20 GMT
content-encoding: gzip
X-Pardot-Route: 9b06e8e2308c32c7bf9ba8adfb7be2e1
x-pardot-rsp: 0/0/1
vary: Accept-Encoding,User-Agent
Content-Type: text/javascript; charset=utf-8
p3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
cache-control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 1437
expires: Thu, 19 Nov 1981 08:52:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 235ms
235ms Image
image/gif 2.17.147.176
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=9521f388917852d4872d30f86ea1a41c&svisitor=null&visitor=e6b2f95e-cb76-46a9-845b-aaf15d0d8560&session=8fe7c81a-d536-4905-87cb-89b3be899767&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2005%20Aug%202024%2019%3A37%3A21%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2005%20Aug%202024%2019%3A37%3A20%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%223005%22%7D&isIframe=false&m=%7B%22description%22%3A%22Learn%20more%20about%20how%20four%20malware%2C%20XWorm%2C%20AsyncRAT%2C%20VenomRAT%2C%20and%20PureLogs%20Stealer%2C%20are%20leveraging%20TryCloudflare%20and%20get%20security%20recommendations%20from%20our%E2%80%A6%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22eSentire%20%7C%20Quartet%20of%20Trouble%3A%20XWorm%2C%20AsyncRAT%2C%20VenomRAT%2C%20and%E2%80%A6%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.esentire.com%2Fblog%2Fquartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare&pageViewId=fe5fc5a3-6fb6-4223-8fd6-e38ae416639a&webTagId=92169fb0-0d98-4c23-b691-2da2893257b1&v=1.1.22

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.147.176 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-147-176.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Aug 2024 19:37:21 GMT
x-content-type-options: nosniff
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 05 Aug 2024 19:37:21 GMT

GET
H/1.1 200
OK analytics Show response
pi.pardot.com/ 50 B
1 KB 721ms
299ms Script
text/javascript 3.215.172.219
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://pi.pardot.com/analytics?conly=true&visitor_id=622778047&visitor_id_sign=1d962666051bf8736e1ad79f571acf5841f3eac8f76b933412e12c836455283cb151ea569e8e1578a221a412f9ec06969f528a85&pi_opt_in=&campaign_id=69698&account_id=652833&title=eSentire%20%7C%20Quartet%20of%20Trouble%3A%20XWorm%2C%20AsyncRAT%2C%20VenomRAT%2C%20and%E2%80%A6&url=https%3A%2F%2Fwww.esentire.com%2Fblog%2Fquartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare&referrer=

Requested by

Host: mdr.esentire.com
URL: https://mdr.esentire.com/analytics?ver=3&visitor_id=&visitor_id_sign=&pi_opt_in=&campaign_id=null&account_id=652833&title=eSentire%20%7C%20Quartet%20of%20Trouble%3A%20XWorm%2C%20AsyncRAT%2C%20VenomRAT%2C%20and%E2%80%A6&url=https%3A%2F%2Fwww.esentire.com%2Fblog%2Fquartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare&referrer=

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.215.172.219 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-215-172-219.compute-1.amazonaws.com

Software

Resource Hash

dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
Date: Mon, 05 Aug 2024 19:37:21 GMT
strict-transport-security: max-age=31536000; includeSubDomains
X-Pardot-Route: 9b06e8e2308c32c7bf9ba8adfb7be2e1
x-pardot-rsp: 0/0/1
vary: User-Agent
Content-Type: text/javascript; charset=utf-8
p3p: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml", CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT", policyref="/w3c/p3p.xml"
cache-control: no-store, no-cache, must-revalidate
Connection: keep-alive
Content-Length: 50
expires: Thu, 19 Nov 1981 08:52:00 GMT

OPTIONS
H3 200 /
ws.zoominfo.com/pixel/3k8XsFBkOniCq5dTRwpV/ Frame 0
0 281ms
281ms Preflight
text/html 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/3k8XsFBkOniCq5dTRwpV/?iszitag=true

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _vtok,_zitok,content-type,visited-url
Access-Control-Request-Method: GET
Origin: https://mdr.esentire.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
access-control-allow-origin: https://mdr.esentire.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8ae93dc42f449277-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 05 Aug 2024 19:37:21 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

GET
H3 200 formcomplete.js Show response
ws-assets.zoominfo.com/ Frame 8937 90 KB
0 202ms
200ms Script
application/javascript 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://ws-assets.zoominfo.com/formcomplete.js
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b1a4915e59e76e65870b9b2fe38250746fd0eaa301b836516e71bc7c6dd8ae4

Request headers

Referer: https://mdr.esentire.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:17 GMT
content-encoding: gzip
cf-cache-status: DYNAMIC
age: 751
x-guploader-uploadid: AHxI1nMs3CwUr8w8-CJuq69E67rykNZisHByf9ecxhAgbDNakS5YSLqtFMpvhFOMDm1SizmsPbzmVcAzXA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=86400
last-modified: Thu, 16 May 2024 10:14:37 GMT
server: cloudflare
etag: W/"006455bd44ed289ddcc403d0ecd96ab0"
x-goog-hash: crc32c=p5SAHw==, md5=AGRVvUTtKJ3cxAPQ7NlqsA==
x-goog-generation: 1715854477710382
content-type: application/javascript
cache-control: public, max-age=3600
x-goog-stored-content-length: 91778
cf-ray: 8ae93daead7ebb49-FRA
expires: Mon, 05 Aug 2024 20:24:46 GMT

GET
H3 200 / Show response
ws.zoominfo.com/pixel/3k8XsFBkOniCq5dTRwpV/ Frame 8937 3 KB
2 KB 330ms
329ms Fetch
text/javascript 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/pixel/3k8XsFBkOniCq5dTRwpV/?iszitag=true

Requested by

Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

fc4394616c5affbda8b0fa823ff37988027194183f569609e76c94d07896114c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

visited-url: https://mdr.esentire.com/l/651833/2023-08-01/2pz6mw
Referer: https://mdr.esentire.com/l/651833/2023-08-01/2pz6mw
_vtok: MzEuMTg3Ljc4Ljg5
_zitok: d31d4e7cf0f1fa0ea15d1722886641
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/javascript

Response headers

date: Mon, 05 Aug 2024 19:37:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
server: cloudflare
x-powered-by: Express
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: https://mdr.esentire.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,requestFromZITag,unifiedScriptVerified,_zitok,_vtok,visited-url
alt-svc: h3=":443"; ma=86400
cf-ray: 8ae93dc5ec4fbb49-FRA

OPTIONS
H3 200 forms
ws.zoominfo.com/formcomplete-v2/ Frame 0
0 256ms
256ms Preflight
text/html 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type
Access-Control-Request-Method: POST
Origin: https://mdr.esentire.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,Authorization,visitorId,_zitok
access-control-allow-origin: https://mdr.esentire.com
allow: POST
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8ae93dc42f489277-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 05 Aug 2024 19:37:21 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

POST
H3 200 forms Show response
ws.zoominfo.com/formcomplete-v2/ Frame 8937 329 B
617 B 274ms
274ms Fetch
application/json 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/forms

Requested by

Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

0d25b195a9e079199c4c40786692b703ae9ac12797e545739d54b59910e3626b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://mdr.esentire.com/
Authorization: bearer 6c382de353510dfcf1473a0344d536
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Mon, 05 Aug 2024 19:37:21 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
x-powered-by: Express
alt-svc: h3=":443"; ma=86400
server: cloudflare
etag: W/"149-adATgqvQQDs1zrZjZ3hYKQ0pHxU"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://mdr.esentire.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,Authorization, visitorId, _zitok
cf-ray: 8ae93dc5cc13bb49-FRA

OPTIONS
H3 200 getMapping
ws.zoominfo.com/formcomplete-v2/ Frame 0
0 259ms
259ms Preflight
text/html 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/getMapping?formId=b63ff39c-eb2e-46f5-83d8-13b1a021ffc8

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: _zitok,visitorid
Access-Control-Request-Method: GET
Origin: https://mdr.esentire.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for,x-ws-collect-type,Authorization,visitorId,_zitok
access-control-allow-origin: https://mdr.esentire.com
allow: GET,HEAD
alt-svc: h3=":443"; ma=86400
cf-cache-status: DYNAMIC
cf-ray: 8ae93dc78b199277-FRA
content-encoding: gzip
content-type: text/html; charset=utf-8
date: Mon, 05 Aug 2024 19:37:21 GMT
server: cloudflare
via: 1.1 google
x-content-type-options: nosniff
x-powered-by: Express
x-robots-tag: noindex, nofollow

GET
H3 200 getMapping Show response
ws.zoominfo.com/formcomplete-v2/ Frame 8937 4 KB
1 KB 304ms
303ms XHR
application/json 104.16.118.43
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ws.zoominfo.com/formcomplete-v2/getMapping?formId=b63ff39c-eb2e-46f5-83d8-13b1a021ffc8

Requested by

Host: ws-assets.zoominfo.com
URL: https://ws-assets.zoominfo.com/formcomplete.js

Protocol

Security

QUIC, , AES_128_GCM

Server

104.16.118.43 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

9dc24edf14078c73494d82fe7b648fd8fd453d53fb7a21d4ede5bbf81fd49ef8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://mdr.esentire.com/
_zitok: d31d4e7cf0f1fa0ea15d1722886641
visitorId
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Mon, 05 Aug 2024 19:37:22 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
via: 1.1 google
x-powered-by: Express
alt-svc: h3=":443"; ma=86400
server: cloudflare
etag: W/"e7a-b68QFHZaTQ9qaoGN4gLYg7+C/5E"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: https://mdr.esentire.com
access-control-allow-credentials: true
x-robots-tag: noindex, nofollow
access-control-allow-headers: Content-Type,cf-ipcountry,service-version,x-appengine-user-ip,x-forwarded-for, x-ws-collect-type,Authorization, visitorId, _zitok
cf-ray: 8ae93dc92944bb49-FRA

GET
BLOB 200
OK 392d0d9c-7e9c-4a51-b855-b37fbd61c381 Show response
https://mdr.esentire.com/ Frame 8937 3 KB
0 Script
text/javascript

General

Check archive.org

Show headers Download Go to

Full URL: blob:https://mdr.esentire.com/392d0d9c-7e9c-4a51-b855-b37fbd61c381
Requested by: Host: js.zi-scripts.com
URL: https://js.zi-scripts.com/zi-tag.js
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: fc4394616c5affbda8b0fa823ff37988027194183f569609e76c94d07896114c

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Length: 3029
Content-Type: text/javascript

GET
H/1.1 200
OK blue_favicon_48x48.ico
esentire-dot-com-assets.s3.ca-central-1.amazonaws.com/assetsV4/External/ 9 KB
10 KB 652ms
232ms Other
image/x-icon 3.5.252.223
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://esentire-dot-com-assets.s3.ca-central-1.amazonaws.com/assetsV4/External/blue_favicon_48x48.ico?v=2024
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 3.5.252.223 Montreal, Canada, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-r-w.ca-central-1.amazonaws.com
Software: AmazonS3 /
Resource Hash: eb00669d8aee4822bdc78b66583e1e852fecc587f342f783ccde7c0647f06c10

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Mon, 05 Aug 2024 19:37:23 GMT
x-amz-version-id: 9_Vk6vo_KVWwICAwTVugnQwOlBsZi5Aq
Last-Modified: Wed, 10 Jan 2024 16:02:23 GMT
Server: AmazonS3
x-amz-request-id: SBNC1ZXZT4KVZGSB
ETag: "6a64c79bf17117dee28c50ddbb747e59"
x-amz-server-side-encryption: AES256
Content-Type: image/x-icon
Accept-Ranges: bytes
Content-Length: 9662
x-amz-id-2: QVgKN/m3zrumZ1onie2rTDxL68AD5Q+wMre/1CcMrYxwY6JDWlHPzuEjyXXXcuOT3+drDcLyL/bW30EC9ST0Lwaxdl8Uj2nrO4kk6T0S2PY=

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 252ms
251ms Image
image/gif 2.17.147.176
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=9521f388917852d4872d30f86ea1a41c&svisitor=null&visitor=e6b2f95e-cb76-46a9-845b-aaf15d0d8560&session=8fe7c81a-d536-4905-87cb-89b3be899767&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2005%20Aug%202024%2019%3A37%3A22%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2005%20Aug%202024%2019%3A37%3A21%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%224006%22%7D&isIframe=false&m=%7B%22description%22%3A%22Learn%20more%20about%20how%20four%20malware%2C%20XWorm%2C%20AsyncRAT%2C%20VenomRAT%2C%20and%20PureLogs%20Stealer%2C%20are%20leveraging%20TryCloudflare%20and%20get%20security%20recommendations%20from%20our%E2%80%A6%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22eSentire%20%7C%20Quartet%20of%20Trouble%3A%20XWorm%2C%20AsyncRAT%2C%20VenomRAT%2C%20and%E2%80%A6%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.esentire.com%2Fblog%2Fquartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare&pageViewId=fe5fc5a3-6fb6-4223-8fd6-e38ae416639a&webTagId=92169fb0-0d98-4c23-b691-2da2893257b1&v=1.1.22

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.147.176 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-147-176.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Aug 2024 19:37:22 GMT
x-content-type-options: nosniff
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 05 Aug 2024 19:37:22 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
0 125ms
123ms Fetch
text/plain 216.239.38.181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-2XXPJCPHB7&gtm=45je47v0v895821412za200zb813556160&_p=1722886635443&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=95250752&cid=158771616.1722886637&ul=he-il&sr=1600x1200&are=1&frm=0&pscdl=noapi&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=AAg&_s=2&sid=1722886637&sct=1&seg=0&dl=https%3A%2F%2Fwww.esentire.com%2Fblog%2Fquartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare&dt=eSentire%20%7C%20Quartet%20of%20Trouble%3A%20XWorm%2C%20AsyncRAT%2C%20VenomRAT%2C%20and%E2%80%A6&en=Blog_visit&_et=5&tfd=7952
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-2XXPJCPHB7&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.38.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Aug 2024 19:37:22 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.esentire.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H/1.1 204
No Content collect Show response
z.clarity.ms/ 0
280 B 204ms
203ms XHR
text/plain 20.10.16.51
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://z.clarity.ms/collect
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.41/clarity.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.10.16.51 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://www.esentire.com
Date: Mon, 05 Aug 2024 19:37:22 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 267ms
266ms Image
image/gif 2.17.147.176
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=9521f388917852d4872d30f86ea1a41c&svisitor=null&visitor=e6b2f95e-cb76-46a9-845b-aaf15d0d8560&session=8fe7c81a-d536-4905-87cb-89b3be899767&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2005%20Aug%202024%2019%3A37%3A23%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2005%20Aug%202024%2019%3A37%3A22%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%225006%22%7D&isIframe=false&m=%7B%22description%22%3A%22Learn%20more%20about%20how%20four%20malware%2C%20XWorm%2C%20AsyncRAT%2C%20VenomRAT%2C%20and%20PureLogs%20Stealer%2C%20are%20leveraging%20TryCloudflare%20and%20get%20security%20recommendations%20from%20our%E2%80%A6%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22eSentire%20%7C%20Quartet%20of%20Trouble%3A%20XWorm%2C%20AsyncRAT%2C%20VenomRAT%2C%20and%E2%80%A6%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.esentire.com%2Fblog%2Fquartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare&pageViewId=fe5fc5a3-6fb6-4223-8fd6-e38ae416639a&webTagId=92169fb0-0d98-4c23-b691-2da2893257b1&v=1.1.22

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.147.176 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-147-176.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.esentire.com/blog/quartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 05 Aug 2024 19:37:23 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Mon, 05 Aug 2024 19:37:23 GMT

GET img.gif
b.6sc.co/v1/beacon/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: b.6sc.co
URL: https://b.6sc.co/v1/beacon/img.gif?token=9521f388917852d4872d30f86ea1a41c&svisitor=null&visitor=e6b2f95e-cb76-46a9-845b-aaf15d0d8560&session=8fe7c81a-d536-4905-87cb-89b3be899767&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2005%20Aug%202024%2019%3A37%3A24%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2005%20Aug%202024%2019%3A37%3A23%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%226007%22%7D&isIframe=false&m=%7B%22description%22%3A%22Learn%20more%20about%20how%20four%20malware%2C%20XWorm%2C%20AsyncRAT%2C%20VenomRAT%2C%20and%20PureLogs%20Stealer%2C%20are%20leveraging%20TryCloudflare%20and%20get%20security%20recommendations%20from%20our%E2%80%A6%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22eSentire%20%7C%20Quartet%20of%20Trouble%3A%20XWorm%2C%20AsyncRAT%2C%20VenomRAT%2C%20and%E2%80%A6%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.esentire.com%2Fblog%2Fquartet-of-trouble-xworm-asyncrat-venomrat-and-purelogs-stealer-leverage-trycloudflare&pageViewId=fe5fc5a3-6fb6-4223-8fd6-e38ae416639a&webTagId=92169fb0-0d98-4c23-b691-2da2893257b1&v=1.1.22

Verdicts & Comments Add Verdict or Comment

120 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

48 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.esentire.com/	1970-01-21 07:21:49	Name: _vwo_uuid_v2 Value: DC233C68943E2FE4AF34E45DC0325487E\|40a91b7fb36c9947f25bde585643b710
.zoominfo.com/	1970-01-20 22:34:48	Name: __cf_bm Value: KmhSUVWpaRjbkRfWl8.wnigh72NWYRdajDtn5yIJkVU-1722886636-1.0.1.1-z93N7uYDCa4puJqP14fTqwoDm17.ZZzeFwXNgfXcYO3AA9ACAjKeY8hZQZ2fKcr1u9Rzq3dS9OEBiqIroXaGlw
.zoominfo.com/	1969-12-31 23:59:59	Name: _cfuvid Value: FvEWML9NuDD8Q1Oc3qk6UD1dN9iLjXHgI4ltjCT5a40-1722886636449-0.0.1.1-604800000
.esentire.com/	1970-01-21 00:44:22	Name: _gcl_au Value: 1.1.833261723.1722886637
.esentire.com/	1970-01-21 08:10:46	Name: _vwo_uuid Value: DC233C68943E2FE4AF34E45DC0325487E
.esentire.com/	1970-01-21 00:44:22	Name: _vwo_ds Value: 3%241722886636%3A27.65071398%3A%3A
.esentire.com/	1970-01-20 22:34:48	Name: _vwo_sn Value: 0%3A1%3A%3A%3A1
.esentire.com/	1970-01-21 08:10:46	Name: _ga Value: GA1.1.158771616.1722886637
.esentire.com/	1970-01-21 08:10:46	Name: _ga_2XXPJCPHB7 Value: GS1.1.1722886637.1.0.1722886637.60.0.0
.esentire.com/	1970-01-21 00:58:46	Name: _vis_opt_s Value: 1%7C
.esentire.com/	1969-12-31 23:59:59	Name: _vis_opt_test_cookie Value: 1
.esentire.com/	1969-12-31 23:59:59	Name: mf_ce788296-8259-4e39-bcae-56ddd5b7e767 Value: \|\|1722886637601\|\|0\|\|\|\|0\|0\|79.9409
.g2crowd.com/	1970-01-20 22:34:48	Name: __cf_bm Value: D9vSZHoPAjraPJogWuB9gWuzZCwMzBGh0DJbYCqFNms-1722886637-1.0.1.1-t_RHbLmFDinWFCHF3OGqwskaeaLXGa.0_qgBLdF8oVxrhrEtaJQNNI5aGa1Z4bb_VzAsAVwVfoSn55nK7qSQ3w
.doubleclick.net/	1970-01-20 22:34:47	Name: test_cookie Value: CheckForPermission
www.esentire.com/	1970-01-21 08:10:46	Name: _gd_visitor Value: e6b2f95e-cb76-46a9-845b-aaf15d0d8560
www.esentire.com/	1970-01-20 22:35:01	Name: _gd_session Value: 8fe7c81a-d536-4905-87cb-89b3be899767
.esentire.com/	1970-01-20 22:36:13	Name: _uetsid Value: 20112420536211efaf18f572ce1a115e
.esentire.com/	1970-01-21 07:56:22	Name: _uetvid Value: 20114000536211efaf9e056914da4a96
.bing.com/	1970-01-21 07:56:22	Name: MUID Value: 196DA57311E06E563013B1A110E66FBE
.linkedin.com/	1970-01-21 00:44:22	Name: li_sugr Value: 1ac2913e-cae9-4c6d-91d4-f8f77f172f61
.linkedin.com/	1970-01-20 22:36:13	Name: lidc Value: "b=VGST07:s=V:r=V:a=V:p=V:g=3026:u=1:x=1:i=1722886638:t=1722973038:v=2:sig=AQF4On4r1BW2V__5d8LF5H_m2BTRYJ9-"
.linkedin.com/	1970-01-21 07:20:22	Name: bcookie Value: "v=2&89e5fb3f-6c0c-4e85-8293-bbb127f2c515"
.linkedin.com/	1970-01-20 23:17:58	Name: UserMatchHistory Value: AQJNOyhjqZqEDAAAAZEkC8xHoJ8MVRF0DvVTYQCkxtQ6GOhphY-Dbi1oQ6w9lSLwDt4GcWtBPT31aQ
.linkedin.com/	1970-01-20 23:17:58	Name: AnalyticsSyncHistory Value: AQI7_x9vVlxn-gAAAZEkC8xH7s4UfOqf8TrstcjaVZHQt4EbLJdboDxMiwD6fnGkDUoc6CTGFe6pP1CUs9sSmA
www.clarity.ms/	1970-01-21 07:20:22	Name: CLID Value: 15e6de7730624d55bd82e06998a6069d.20240805.20250805
.esentire.com/	1970-01-21 07:20:22	Name: _clck Value: qgna0m%7C2%7Cfo2%7C0%7C1678
.www.linkedin.com/	1970-01-21 07:20:22	Name: bscookie Value: "v=1&2024080519371928e14f59-1ac5-4603-8d82-5a2d25cf5ee8AQEki4pgM_WAGcN4qdNKMgdno6io-rtZ"
.adsrvr.org/	1970-01-21 07:20:22	Name: TDID Value: 2a44c96b-f5bc-4da8-b916-cfb1d0d1a871
.adsrvr.org/	1970-01-21 07:20:22	Name: TDCPM Value: CAESEwoEa3J1eBILCLj33fTHsY89EAUYBSgBMgsI9tW2gZjkmj0QBTgBQgQiAggBWgd6eTkweGFlYAFyBGtydXg.
.esentire.com/	1970-01-20 22:36:13	Name: _clsk Value: 178d979%7C1722886639998%7C1%7C1%7Cz.clarity.ms%2Fcollect
www.esentire.com/	1970-01-20 22:34:48	Name: drift_campaign_refresh Value: f2bcb24b-e267-4401-9293-c279acac0a2d
www.esentire.com/	1970-01-20 22:34:48	Name: gtm_page_view Value: 1
mdr.esentire.com/	1970-01-21 08:10:46	Name: visitor_id651833 Value: 622778047
mdr.esentire.com/	1970-01-21 08:10:46	Name: visitor_id651833-hash Value: 1d962666051bf8736e1ad79f571acf5841f3eac8f76b933412e12c836455283cb151ea569e8e1578a221a412f9ec06969f528a85
mdr.esentire.com/	1970-01-20 22:34:48	Name: lpv651833 Value: aHR0cHM6Ly93d3cuZXNlbnRpcmUuY29tL2Jsb2cvcXVhcnRldC1vZi10cm91YmxlLXh3b3JtLWFzeW5jcmF0LXZlbm9tcmF0LWFuZC1wdXJlbG9ncy1zdGVhbGVyLWxldmVyYWdlLXRyeWNsb3VkZmxhcmU%3D
www.esentire.com/	1970-01-21 08:10:46	Name: visitor_id651833 Value: 622778047
www.esentire.com/	1970-01-21 08:10:46	Name: visitor_id651833-hash Value: 1d962666051bf8736e1ad79f571acf5841f3eac8f76b933412e12c836455283cb151ea569e8e1578a221a412f9ec06969f528a85
.c.bing.com/	1970-01-20 22:44:51	Name: MR Value: 0
.c.bing.com/	1970-01-21 07:56:22	Name: SRM_B Value: 196DA57311E06E563013B1A110E66FBE
.mdr.esentire.com/	1970-01-21 07:20:22	Name: _zitok Value: d31d4e7cf0f1fa0ea15d1722886641
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-21 07:56:22	Name: MUID Value: 196DA57311E06E563013B1A110E66FBE
.c.clarity.ms/	1970-01-20 22:44:51	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 22:34:47	Name: ANONCHK Value: 0
.pardot.com/	1970-01-21 08:10:46	Name: visitor_id651833 Value: 622778047
.pardot.com/	1970-01-21 08:10:46	Name: visitor_id651833-hash Value: 1d962666051bf8736e1ad79f571acf5841f3eac8f76b933412e12c836455283cb151ea569e8e1578a221a412f9ec06969f528a85
.esentire.com/	1970-01-21 08:10:46	Name: drift_aid Value: e805ee50-8b7e-4f46-ae73-3c4ceabca891
.esentire.com/	1970-01-21 08:10:46	Name: driftt_aid Value: e805ee50-8b7e-4f46-ae73-3c4ceabca891

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.google.com
b.6sc.co
bat.bing.com
c.6sc.co
c.bing.com
c.clarity.ms
cdn.jsdelivr.net
cdn.mouseflow.com
d1eoo1tco6rr5e.cloudfront.net
dev.visualwebsiteoptimizer.com
esentire-dot-com-assets.s3.amazonaws.com
esentire-dot-com-assets.s3.ca-central-1.amazonaws.com
googleads.g.doubleclick.net
insight.adsrvr.org
ipv6.6sc.co
j.6sc.co
js.driftt.com
js.zi-scripts.com
mdr.esentire.com
nexus.ensighten.com
p.typekit.net
pi.pardot.com
px.ads.linkedin.com
s3.ca-central-1.amazonaws.com
snap.licdn.com
stats.g.doubleclick.net
tracking.g2crowd.com
u33254697.ct.sendgrid.net
unpkg.com
use.typekit.net
ws-assets.zoominfo.com
ws.zoominfo.com
www.clarity.ms
www.esentire.com
www.google.co.il
www.google.com
www.googletagmanager.com
www.gstatic.com
www.linkedin.com
z.clarity.ms
b.6sc.co
104.16.118.43
104.17.248.203
104.18.187.31
104.18.26.50
104.18.31.176
104.20.162.46
108.174.10.20
13.107.246.45
13.225.83.200
13.74.129.1
131.253.33.237
142.250.184.227
142.250.185.227
142.250.185.66
15.197.193.217
167.89.123.64
172.217.16.136
172.217.16.196
172.64.150.44
173.194.76.155
18.245.86.73
18.245.86.77
184.24.77.154
2.17.147.176
2.19.126.206
2.21.20.144
20.10.16.51
216.239.38.181
3.215.172.219
3.5.252.223
3.92.120.28
34.96.102.137
52.95.145.115
52.95.146.233
65.9.66.103
0296082ec0c6091c6fa321c8bbbed527b451d01700da4da260393ae4c1254e0c
059056575901aa7a59d7873b94ea1a173fca5cd4f716e802188507ba9cf87075
0d25b195a9e079199c4c40786692b703ae9ac12797e545739d54b59910e3626b
1aa8845fd06e475aefe733d4e55b36a92fcd487975049c8172341827ac9cc03e
1bc33dfafd19d93ca1b0dea61704b0ccecd258107e880ea11f7c5bd2d3e775eb
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
1d7c00e8f914fbc2c4bb27b5774abd25d01b0cb8f1f4bddabba46cb47deaff13
1d921f25ecbb79c2d9404e247fdce4e9fe3f8ccecf0f237c5524b5975c62cbea
289c13897ae28c85b0f62569e5e4e91d473784d7a2dae6cb120ad0669648a22d
28ba48ed2e733a4c01ca9db5fe713acffcf36df68a29e1e8447bf19f7cb66692
292d424d2f2b6cacac6680fa03279e7344085e0b7af46102b8792357837f7d1c
2b1a4915e59e76e65870b9b2fe38250746fd0eaa301b836516e71bc7c6dd8ae4
2cd1b3d6aec451c56fefd09df423d0aad082be67ea0eca4007052c8f7f054dae
300097ade377400d7750c77675d14ee24a9d3399b2415f45d39208e3c8af6eb7
330c47e7ebe6607060f82766dbe9f4781412a77c9c843b71ca42dfcf5fb254b3
37cbebd9da48cf99078f85641f9d3c51d6bb6b40b310646586fd2e34d40930cd
394458008b8fadfc2ad3c2a30a423b2a0b266571021b1994b114be3fc76f5173
3f389a407a87fd2623fce11abfdc07c6a18d4d39952e7e6e73de5b97abda5a9b
41402adfc915ad6dfd6328c06c8038763d25fe603e63beba4a2638a2bbc03136
4405b521bec90d058c7b0c1a50688e4c3ef7164d5fdf0100ff9ce2cc959b75a9
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
45858a52f9f6000b2db5d0c51be6d7b77eb000774da14a7ed9d1f64953314bea
49b029f72d9fe725914b70a169198b272798c39d8b105d6bdf6d70dc8bf76772
4a08b73a28eaff4ad179207dfe6aff8bd4f89dd2e1522eaac42211af81dfcf33
4dba9e54570483a0624219ec53864f468c9cbdf4f9c1f23821e539de7cb0c9fc
4fa1c8c5dc4b5fd94585efbdfb9e1e4d824afaad10cfd224d484ff14ae9026ab
590139c47cae0a27239951d75af3d6a8f9e6b0dbaa48bbee05e38c26f5c961bb
6288260a06fe7aed43a17310ce3829c5d7fafe983d20b9c89cb3c0f23037ef6a
6372895be2e5bf284dba633b182432c2becc6e92d9a3dcd04b66bd7ece5334c0
63bb2e926bb71d9af20024a237718b3cbd8bcb03af6fe3510132024571005f69
66bbf78e206bb2e53678c8b01fa159ec0901d9eadfd591bd9080e181b9ba6188
6a5d6d3db7f5ec56b4bba04eec450d9704bde48410ea6c0ba5abf6f52b06d8ee
6a9af3952277f5e6e533a582cbcb836df278251f1186f572244f8f8d3e52d39f
6c41f5ce80780db463e6bfea9383aee7428f003bfe49801275ddd3fc94712aa0
6f411aac2d2328d466581151e547f217f1fdd692964a65bb677e4977a476d786
7075befd3bf43d8abf3cdc002ecef678a8f0b77bf271d77e84ff5a759e0d3603
74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b
751a6a8b2923d6438a1db74bda221eef2696cb48a2dda6f5fbeeddef82e9bd2b
757f3155c93f2a631151c76d062ce293b55ba1182ea115c7a621c1fc55f3e816
7ce288cb12412b17e31bf9dbdd079fb1c268f40242af385c6cc66ec040ed959f
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
866395df337061d40f857b7b979240980f0ba715b3f34c86d8bb39134dd3029a
87fbc6477d07c0b9eb56d8839da504fcaf1cdbb8bec3e7f6581cfe92f4abdfce
889da033525190aa887d2361d6cb460c50e9b128e017c33f4499063aeaa73632
89341264b13866dd5f3546ed87a7bc9838ece80bb1aff0f36e08635e61b4da56
95a026ca9deb402ba2f984f169cab087ee00d5064f9d7554f946fe0807e662be
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9a6fdf1e965fabfc04e21a3f795c4c59c550dd8d11a14d2755964f6d8f61aa74
9aa15e4c5d31e0a86a5d2bca3da1a4455400577897793352f358677d75446da9
9bf513df0f079590770691276af121de4ae99f02b15c3d3fa46021aecc5c2a20
9dc24edf14078c73494d82fe7b648fd8fd453d53fb7a21d4ede5bbf81fd49ef8
9f773c8d3e203911e734c49d7bc12c559a1b8dd1361ddc22459591696953f130
a1067898b4df6ddd82f808a67b4f27c03cedb847ae187393c28cd36c0c3d4433
a40bfa310302ae462972ce0c9a5ee7aed186843a740949c44cfe55b9e33e757b
a7f1e6984ac0287cf5b1ec86891b63ec3b0d9f9c65668a17eb67681cf19bf603
abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb
af8545de3876815292506711e1369bff9dfe57ec7e04c45c3e1bdac48a11f3b2
b124108fa93a89b3bbcb0fc04ca312195e3433dc3eab53f5d4a98b4a5483cd09
b1411d4106395d0cb0db4107487b3a75bf127eba609783cdc8e814af2083c916
b66965d52d8f65eb6e2d498799406c3b22bca8aa8db97c2fbe44779232311cb2
b74576b08d40570a2488e01ce6a5cdc4731dfa5fbee19ed3ec319b516a76ae28
be5c1b590974d405894200d9807154391fca4bc7d0db1dcf4994252f69db403c
c011e83e468fbf6f59a51ff6c351790af7825b2b9d534d63db70315a76ddd60f
c646c4f54d3d04ac4f7736f4d73811b55fdf8ce9c23fc2dab6ccad3e57263a67
c6b658ab894865d35f9c3438e51ec5750f07daee297421f172167a570293315a
c72dec0cf8cadba7af0e75dab5638b76af4cb53e02c171c2ff68f45318caaae9
cb31bb53eefec5a74b7e7271abd4e97e0735174d7d0b0dec0f2217462573d1f1
d1ca0e327b4eb9071a8eb5de96c0d8d05ae94d397bb6e70bc650107b7be1ec2a
db07014834ec4835789ae74999d34c1e3b0a801ddd5d46934b19be874e201cf4
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
dcf430710cdd1359115293f45d5023b2a560aef8a2c1e59d578b8b1e10a216d3
e123f133d734923e26c69963f004328056cedd935e03acfe726a2ee845a7dd1e
e1dba500bdcaeebd215a440a2652d2ea1672f49ef51b502b8c0049ef3999e101
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e779904e434d50e426e79dfac680cdb8a04564e67121c257974278a02979e407
e80cfc6df2f882813f88dcf1175bc0c47e13c0cd8517bc240a65ee6cc758b0f2
eb00669d8aee4822bdc78b66583e1e852fecc587f342f783ccde7c0647f06c10
ed1c2e73addf521868e19e127518321be3b0f84c2287363b5cab1e484a8c0dbc
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f268612ba59ead1b24353bb77d66783bcc435aff1c22be5f93c40bac3869968e
f4e9b4fbd7414d4edc46952b383c63b8ffee6f8ac0570e437878b25096501019
f744aac8deccee35ee463043ea3290200814752b40315b995447bf21628bc8a4
f9737651c97ca4327dd9d755ab8fd813bd504e8b7c975b7e1c63dcb154c1bc19
fc4394616c5affbda8b0fa823ff37988027194183f569609e76c94d07896114c
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

www.esentire.com Open in urlscan Pro 104.20.162.46 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

138 Requests

96 %HTTPS

0 %IPv6

26 Domains

40 Subdomains

34 IPs

6 Countries

7282 kBTransfer

12709 kBSize

48 Cookies

12 Outgoing links

Page URL History

Redirected requests

138 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.esentire.com Open in urlscan Pro
104.20.162.46 Public Scan

Screenshot
Live screenshot

Full Image

138
Requests

96 %
HTTPS

0 %
IPv6

26
Domains

40
Subdomains

34
IPs

6
Countries

7282 kB
Transfer

12709 kB
Size

48
Cookies

138 HTTP transactions
1 data transactions