www.secureworks.com Open in urlscan Pro
2620:1ec:4f:1::44 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.secureworks.com/research/darktortilla-malware-analysis
Submission Tags: falconsandbox
Submission: On December 21 via api (December 21st 2022, 2:59:16 pm UTC) from US — Scanned from DE

Summary HTTP 77 Redirects Links 65 Behaviour Indicators

Summary

This website contacted 10 IPs in 2 countries across 9 domains to perform 77 HTTP transactions. The main IP is 2620:1ec:4f:1::44, located in United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is www.secureworks.com. The Cisco Umbrella rank of the primary domain is 533816.
TLS certificate: Issued by Thawte RSA CA 2018 on February 9th 2022. Valid for: a year.

This is the only time www.secureworks.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
8	2620:1ec:4f:1... 2620:1ec:4f:1::44	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
48	2a02:26f0:170... 2a02:26f0:1700:d::1737:6e8f	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2620:12a:8001::2 2620:12a:8001::2	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:82b::200a	15169 (GOOGLE) (GOOGLE)
2	23.45.104.85 23.45.104.85	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:806::2008	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:82a::2003	15169 (GOOGLE) (GOOGLE)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE)
11	2606:4700::68... 2606:4700::6810:9440	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:1b55	13335 (CLOUDFLAR...) (CLOUDFLARENET)
77	10

8 2620:1ec:4f:1::44 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.secureworks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

48 2a02:26f0:1700:d::1737:6e8f (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

content.secureworks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:12a:8001::2 (United States)

ASN54113 (FASTLY, US)

scwx.annuitas.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.45.104.85 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-45-104-85.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:806::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82a::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE, US)

725-smc-563.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 2606:4700::6810:9440 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:1b55 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
56	secureworks.com www.secureworks.com — Cisco Umbrella Rank: 533816 content.secureworks.com	3 MB
11	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 403	159 KB
3	annuitas.io scwx.annuitas.io	18 KB
2	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 3364	7 KB
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 672	304 B
1	mktoresp.com 725-smc-563.mktoresp.com	318 B
1	gstatic.com fonts.gstatic.com	17 KB
1	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 51	95 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 37	1 KB
77	9

	Domain	Requested by
48	content.secureworks.com	www.secureworks.com content.secureworks.com
11	cdn.cookielaw.org	www.googletagmanager.com cdn.cookielaw.org
8	www.secureworks.com	www.secureworks.com
3	scwx.annuitas.io	www.secureworks.com content.secureworks.com
2	munchkin.marketo.net	www.secureworks.com munchkin.marketo.net
1	geolocation.onetrust.com	cdn.cookielaw.org
1	725-smc-563.mktoresp.com	munchkin.marketo.net
1	fonts.gstatic.com	fonts.googleapis.com
1	www.googletagmanager.com	www.secureworks.com
1	fonts.googleapis.com	www.secureworks.com
77	10

This site contains links to these domains. Also see Links.

Domain
portal.secureworks.com
twitter.com
www.linkedin.com
www.facebook.com
blog.malwarebytes.com
github.com
wiki.hackforums.net
www.gosecure.net
www.virustotal.com
en.wikipedia.org
cyberhoot.com
marketplace.visualstudio.com
tigress.cs.arizona.edu
docs.microsoft.com
www.iso.org
www.magnumdb.com
yck1509.github.io
sandboxie-plus.com
pages.secureworks.com
jobs.dell.com
investors.secureworks.com
content.secureworks.com
www.onetrust.com

Subject Issuer	Validity	Valid
www.secureworks.com Thawte RSA CA 2018	`2022-02-09` - `2023-03-12`	a year	crt.sh
cert00029-azurecdn.akamaized.net R3	`2022-12-20` - `2023-03-20`	3 months	crt.sh
scwx.annuitas.io R3	`2022-11-22` - `2023-02-20`	3 months	crt.sh
upload.video.google.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2022-02-06` - `2023-02-07`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2022-11-28` - `2023-02-20`	3 months	crt.sh
*.mktoresp.com DigiCert TLS RSA SHA256 2020 CA1	`2022-10-05` - `2023-11-05`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2022-05-01` - `2023-05-01`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-12-13` - `2023-12-13`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.secureworks.com/research/darktortilla-malware-analysis
Frame ID: F79F3364BBCBE1FD91F4CD7C3CFCA9C2
Requests: 77 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

DarkTortilla Malware Analysis | SecureworksBack ButtonSearch IconFilter Icon

Detected technologies

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

77
Requests

100 %
HTTPS

80 %
IPv6

9
Domains

10
Subdomains

10
IPs

2
Countries

2865 kB
Transfer

4916 kB
Size

8
Cookies

65 Outgoing links

These are links going to different origins than the main page.

URL: https://portal.secureworks.com/portal/loginIDP
Title: Login

Search URL Search Domain Scan URL

URL: https://twitter.com/intent/tweet?url=https://www.secureworks.com/research/darktortilla-malware-analysis&text=DarkTortilla%20Malware%20Analysis&via=Secureworks

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/shareArticle?mini=true&url=https://www.secureworks.com/research/darktortilla-malware-analysis&source=Secureworks

Search URL Search Domain Scan URL

URL: https://www.facebook.com/sharer/sharer.php?u=https://www.secureworks.com/research/darktortilla-malware-analysis

Search URL Search Domain Scan URL

URL: https://blog.malwarebytes.com/cybercrime/malware/2017/03/explained-packer-crypter-and-protector/
Title: crypter

Search URL Search Domain Scan URL

URL: https://blog.malwarebytes.com/threat-analysis/2015/08/rainbows-steganography-and-malware-in-a-new-net-cryptor/
Title: possibly

Search URL Search Domain Scan URL

URL: https://github.com/malwares/Crypter/tree/master/%5BC%23%5D%20The%20RATs%20Crew%20Crypter
Title: crypter

Search URL Search Domain Scan URL

URL: https://wiki.hackforums.net/RATs_Crew
Title: RATs Crew

Search URL Search Domain Scan URL

URL: https://www.gosecure.net/blog/2021/11/02/new-malware-gameloader-in-discord-malspam-campaign-identified-by-gosecure-titan-labs/
Title: Gameloader

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/981aa83b2d33cca994021197237ac5ee3ad3402f7d25f04f4e76985f4ec8744c
Title: sample

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Optical_disc_image
Title: ISO image

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/5e03556be992d23088a3c49d24c45b1c21cd275bffb4e536348e8128d50374b6
Title: sample

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/4f15b28c91fa0e8d0dd9e86481bad04fa34fcaf564d08de7c4c0c513fc6e122d
Title: sample

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/55d7d9bd9d4a511417033b6c14ce93f962d6a6e6c6414f0cb7e455baee1d3ab7
Title: RFQ-010129H.exe

Search URL Search Domain Scan URL

URL: https://cyberhoot.com/cybrary/paste/
Title: public paste sites

Search URL Search Domain Scan URL

URL: https://marketplace.visualstudio.com/items?itemName=DeepSeaObfuscator.DeepSeaObfuscator
Title: DeepSea .NET code obfuscator

Search URL Search Domain Scan URL

URL: https://github.com/dnSpyEx/dnSpy
Title: dnSpy

Search URL Search Domain Scan URL

URL: http://tigress.cs.arizona.edu/transformPage/docs/flatten/index.html
Title: switch dispatch control flow obfuscation

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/a0b96236bfd79d2ebeadb8e3deb9448af3ec8edd1ea9672b7ad4793934bb4c47
Title: sample

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/%3F:
Title: ((!flag) ? 15 : 9)

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/dotnet/api/system.math.abs?view=net-6.0#system-math-abs(system-int32)
Title: Math.Abs(num2 * 25 * 25)

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/b3754c6ecc445e9a3b37c5ebe68adb9630ca4aa89a8e8515468f39ae8131f141
Title: sample

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/45ef054bca2ae4d67e6623bf28ff75e5d178924602674c654e1b569aa74601cd
Title: samples

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/0a5dc3b6669cf31e8536c59fe1315918eb4ecfd87998445e2eeb8fed64bd2f2c
Title: sample

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Caesar_cipher
Title: shift cipher

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/93dd1202697dbaed9ef4f4707f2628212bf13aad096de29c14924b1dae1d6d5b
Title: PVCore1.dll

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/dotnet/api/system.math.round?view=net-6.0#system-math-round(system-decimal)
Title: Math.Round()

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/dotnet/api/system.random
Title: Random.Random()

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/dotnet/api/system.guid
Title: Guid.Guid()

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Advanced_Encryption_Standard
Title: Rijndael

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Padding_(cryptography)#ISO_10126
Title: ISO10126 padding

Search URL Search Domain Scan URL

URL: https://www.iso.org/standard/18114.html
Title: standard

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/office/vba/language/reference/user-interface-help/msgbox-constants
Title: icon and button configuration

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/083acce46cb8cf35e37c778d1f4aee6814bca72d2874b793a47f9823f51df0fe/
Title: sample

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/53b3b37b7d1e40c80fcda2c424cd837379ac2ce93023de6c22ba3e2d94679671
Title: sample

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/win32/shell/csidl
Title: CSIDL

Search URL Search Domain Scan URL

URL: https://www.magnumdb.com/search?q=CSIDL_PROGRAM_FILES
Title: Program Files

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/dotnet/api/system.diagnostics.process.start?view=net-6.0
Title: Process.Start()

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/troubleshoot/windows-client/admin-development/create-desktop-shortcut-with-wsh
Title: WshShortcut

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/5be86cfca25e295f88b5aab42a6f604d2f1bb97f3c73b01df664c137908e2ec4
Title: sample

Search URL Search Domain Scan URL

URL: https://yck1509.github.io/ConfuserEx/
Title: ConfuserEx

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/previous-versions/dotnet/netframework-4.0/ee471451(v=vs.100)?redirectedfrom=MSDN
Title: COR_ENABLE_PROFILING

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/dotnet/api/system.diagnostics.debugger.isattached?view=net-6.0
Title: Debugger.IsAttached

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/dotnet/api/system.diagnostics.debugger.islogging?view=net-6.0
Title: Debugger.IsLogging

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/win32-computersystem
Title: Win32_ComputerSystem

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/win32-bios
Title: Win32_BIOS

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/win32-motherboarddevice
Title: Win32_MotherboardDevice

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/win32-pnpentity
Title: Win32_PnPEntity

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/windows/win32/cimwin32prov/win32-diskdrive
Title: Win32_DiskDrive

Search URL Search Domain Scan URL

URL: https://sandboxie-plus.com/Sandboxie/
Title: Sandboxie

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/2d0dc6216f613ac7551a7e70a798c22aee8eb9819428b1357e2b8c73bef905ad
Title: WatchDog executable

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-fscc/6e3f7352-d11c-4d76-8c39-2516a9df36e8
Title: Zone.Identifier

Search URL Search Domain Scan URL

URL: https://docs.microsoft.com/en-us/previous-versions/windows/internet-explorer/ie-developer/platform-apis/ms537183(v=vs.85)?redirectedfrom=MSDN
Title: URL security zones

Search URL Search Domain Scan URL

URL: https://github.com/malwares/Crypter/blob/master/%5BC%23%5D%20The%20RATs%20Crew%20Crypter/Form1.cs#L161-L163
Title: RunPe6

Search URL Search Domain Scan URL

URL: https://pages.secureworks.com/email-subscription.html?_ga=2.98586582.992821853.1618841296-805368899.1615224462
Title: SEND ME UPDATES

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/secureworks

Search URL Search Domain Scan URL

URL: https://twitter.com/secureworks

Search URL Search Domain Scan URL

URL: https://www.facebook.com/secureworks

Search URL Search Domain Scan URL

URL: https://github.com/secureworks

Search URL Search Domain Scan URL

URL: https://pages.secureworks.com/email-subscription.html
Title: Subscribe Now

Search URL Search Domain Scan URL

URL: https://jobs.dell.com/secureworks-jobs
Title: Careers

Search URL Search Domain Scan URL

URL: https://investors.secureworks.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://content.secureworks.com/-/media/Files/Corporate/modernslaverystatement_22_v2.ashx?modified=20220621140318
Title: Supply Chain Transparency

Search URL Search Domain Scan URL

URL: https://pages.secureworks.com/UnsubscribePage.html?mkt_unsubscribe=1
Title: Unsubscribe

Search URL Search Domain Scan URL

URL: https://www.onetrust.com/products/cookie-consent/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

77 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request darktortilla-malware-analysis Show response
www.secureworks.com/research/ 155 KB
161 KB 1481ms
1342ms Document
text/html 2620:1ec:4f:1::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:4f:1::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

82ce9acb16b4d2e861bd9a730e981c6f1b5443cac2217d0afb40d320f7e163c3

Security Headers

Name	Value
Content-Security-Policy	object-src 'none'; script-src 'self' 'nonce-NzY1NDQyMTk4NTJjNDEyOWFmNWJhYjcwYzllNzAxNzk=' 'sha256-wY8ZJu7Uu8c5AFYGRuoE7SNBraw8IAkl5Yz+glnnte8=' 'sha256-UGfgrQ+GKJogDAQthuGt5lpepOeF3ypbYTr2PPxcBdU=' 'sha256-hUiPqjPAx0BTYk+HP/Ohq7cZFW+CFLUDreW74sIBUJk=' 'sha256-MWnKpq2mO4B+C/F7fLTeifs05WkVCc8Hkl+SzXGUmtI=' 'sha256-QiHtJSgKkeO/qh+2A9GCUt3xk8ONLQAa6uua+j+nHLg=' 'sha256-7+1sMW/o6RcIncEOmuvZbRThB6NRZLwQjvsqQAGehKA=' 'sha256-tYinntSHdpRdg0LwZuBycjWqxaMdCzBdOnOGsSZH2Ho=' 'sha256-DP0AJIADL+tS8s/bg6t7xbMHunrd17JCuOgpyNjxt/M=' 'sha256-sqwbnK0D7p9u3WG0lgAYLYmp/byKS9zlT2eFORz1SDY=' 'sha256-L436NBsgbW4nnr2zz6geY9aouLDwQiH+458+ny7TeJ8=' 'sha256-t21JzuoP0AGVdHYfaGtWzFviQ1hj34OuECR3Ur2P1Dk=' 'sha256-kmGPVWtzfwq6b9fEOy1NmWxrKyxreHZU5tKvRxQpDMA=' 'sha256-SAqGhA/G1eraYlnHKoGwPlIvGfOo45eq5hoyKq2LnUY=' 'sha256-+08d4MzO/if2DlZslM+0a0gvpYaPHK7ilzV9yUXHxRo=' 'sha256-5RKybv4IYG3Rt1CcIXoS1OAD7D0vjWLop/a6KVpWxM0=' 'sha256-N/Mk5WIdXnJRlsc5rmMcLJsovC5ozGJ5BmVdRxKOeNc=' 'sha256-XJEfHQ97N7xwKM6MQXMpabeUHxVT647JYAYwrOX6sQQ=' 'sha256-sdKFLBOaDq01ySztbW/n0JnIwsMIlCr7AaMAznJOqA0=' 'sha256-7pyFNQ34QDbIyjfqF4dboUBH/FqtGtJgw7KPgC+aKY8=' 'sha256-yYGe3YxZ1stILsg6s+TKQ7ACovlrQ/V7H5hpGiko1EI=' 'sha256-JcTUCZru8bIzmyUfGjmyP1Nwn0ccUuwLyJA5/jgV2jI=' 'sha256-zEF/ALwwDYV2nZ+rdYGh2XpjU1lbO3oZ2osZayOlmpw=' 'sha256-ErdS+5vyua60ApoR4T4MK5hMhAxO8I75iqTuR4st0lk=' 'sha256-dgOinhXczUSm4ADnOKjecy4HqoIpihiWY1xMUGi3KiE=' 'sha256-bAZaADjFxXYURQUP9Z4p4eiIim+gCGst1ZWemjLGJxo=' 'sha256-x3E2vOOOHY24kNAmZOQxorAyW5o6cX3R7J5Jg+RTqZY=' 'sha256-WJHVKi7ReHnWJF4AUmd9vWDpqeX8GVtEsyAJP01M130=' 'sha256-mvYU2m+aQi6xWWVpxauZ/UaXg+HkwxCv4r/qVBDAm3A=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-Ov0LRI92VqZTYbOhyIvK8iFCm9rBs/HXaYLwlDMrra0=' 'sha256-HjgaVwCCuGQHih00gvN/PUGZuGwVIWd/6sThgUEi83E=' 'sha256-7oEVqsTDSU0XTGoiH3B7bXM3sMDjv58JCTndWi8pUKw=' 'sha256-ZlXTkZmAmWswFmM/VCVi0DLagBh+F9JWQiK/yRsf7yc=' 'sha256-76Yt/S5cofMdn9d5/cJOU32zSvhw1A8QJDSgL1c0YRI=' 'sha256-z4pF+zMq94+GUUF273G0WvSAL91jUazcB1NOISkNlzk=' 'sha256-4OIRiOWgv2ak/dapUtCUuoqEUnVBrH8A9LJCp3dthUw=' 'sha256-ew0tynw+zAqBiv217Nj202XmktwGvkQU7jXqQMotiHg=' 'sha256-2mFyIAC6FjDBvAg15BPawsugazV1sKm4T9x09V76BK0=' 'sha256-kxoZz5p2Ko+K+FXi8lIZc2opwhJF9WD4/wy9+dLYHzY=' 'sha256-+ThII46Fk+h63393vJ+nvAEZnTSXIwpqVJDSklAo5eM=' 'sha256-hUowsewUBuLRjFz7Z3pohTKe/pX/uO7uKD1k25qHLQY=' 'sha256-pMZUEpT65ftOEzHdiYyq/2vt545RymVHJSh5H2y5BDk=' 'sha256-nGkmLI0CpGjUy6Gg2vRE6xAh+vU4jlNVmPB+55WJmn8=' 'sha256-j6LWS7Q+Wsyd91b6000yHCoIqUaJIJQq56Lw3XQPcHA=' 'sha256-XQ6pUmmjpjpunCfT67q0ACDA7NqxLJx1iJwCFhC73wo=' 'sha256-tCniuKIyeHpfi5vxJOgLkz0eRI+cerKWFRsy5hMt5V0=' 'sha256-EZaJwK6Bh4sdKWjgv6zhJUdT2ISL4NhEQSPYf++uAeU=' 'sha256-1T7dud0UtKJZdhJcgsp1gh8MZDyA3S8DIsOpB3+co4M=' 'sha256-g6A8gRllShDRUg9hmXQZ0ZvMQ35F4jsarESQIDJtpE4=' 'sha256-y6vRm9V8P08qfB27ukHo07LF4IM00RKuKNzQBfsBlgg=' 'sha256-1GbAOPSdN7GyL999DpkIzp8XYAH1OP43heqQi7uU3FQ=' 'sha256-1p8zU6DNbl/tn8sFUoVBsvAF+dwRMDHK3WXM4vqIhDc=' 'sha256-a/dU49b8+CePl3YeekAugUB79FoCfbN22DFVyavn9pM=' 'sha256-39FcaN3WyGnHnf2UX+fHrSBSJq4KI6BETrXNemtzDa8=' 'sha256-4N1dEVT13lNPCpxXX2XuIlfUBwZp3wNLb/hBbSKGESA=' 'sha256-hNSRZgUy89mPGFidDBRWC4Ed4jKTrCtZP2zeBPNbdeI=' https://code.jquery.com https://js-agent.newrelic.com https://bam.nr-data.net https://content.secureworks.com https://pcdnscwx001.azureedge.net https://live-scwx-pe.pantheonsite.io https://marketo-scwx-pe.pantheonsite.io https://munchkin.marketo.net https://app-ab44.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://tagmanager.google.com https://translate.google.com https://bat.bing.com https://connect.facebook.net https://ad.atdmt.com https://static.ads-twitter.com https://analytics.twitter.com https://www.linkedin.com https://px.ads.linkedin.com https://snap.licdn.com https://sjs.bizographics.com https://.vimeo.com https://.vimeocdn.com https://j.6sc.co https://b.6sc.co https://.6sc.co https://epsilon.6sense.com https://.rlcdn.com https://gateway.zscaler.net https://scwx.annuitas.io https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://widgets.ziftsolutions.com https://hammock.hotprofile.biz https://transfertool.hotprofile.biz/production/ https://m-store-hammock.hot-profile.com/hot-profile/ https://wa2.hot-profile.com https://.on24.com https://.ceros.com https://.ubembed.com https://assets.ubembed.com https://app-script.monsido.com https://monsido-consent.com https://tracking.monsido.com https://.redditstatic.com https://.ensighten.com https://.ml314.com https://.choozle.com https://.bluekai.com https://cdn.bizible.com https://cdn.bizibly.com https://ws-assets.zoominfo.com https://ws.zoominfo.com https://insight.adsrvr.org https://js.adsrvr.org https://.clarity.ms https://static.ads-twitter.com https://cdn.pdst.fm https://.cloudfunctions.net https://tag.demandbase.com https://.bidr.io https://.company-target.com https://www.teads.com https://p.teads.tv https://www.facebook.com connect.facebook.net; img-src 'self' https://.vimeo.com https://.vimeocdn.com content.secureworks.com pcdnscwx001.azureedge.net id.rlcdn.com .googletagmanager.com cdn.cookielaw.org .gstatic.com optanon.blob.core.windows.net web.secureworks.com bat.bing.com .google-analytics.com j.6sc.co b.6sc.co c.6sc.co epsilon.6sense.com www.google.com attr.ml-api.io s.ml-attr.com www.google.com.ua secure.adnxs.com apt.techtarget.com id.rlcdn.com px.ads.linkedin.com .adslinkedin.com p.adsymptotic.com www.linkedin.com static.ziftsolutions.com .crazyegg.com .ubembed.com .redditstatic.com alb.reddit.com .ensighten.com ml314.com .choozle.com .bluekai.com cdn.bizible.com cdn.bizibly.com tracking.monsido.com .clarity.ms analytics.twitter.com t.co .bidr.io *.company-target.com www.facebook.com t.teads.tv; frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

cache-control: no-cache, no-store
content-length: 158688
content-security-policy: object-src 'none'; script-src 'self' 'nonce-NzY1NDQyMTk4NTJjNDEyOWFmNWJhYjcwYzllNzAxNzk=' 'sha256-wY8ZJu7Uu8c5AFYGRuoE7SNBraw8IAkl5Yz+glnnte8=' 'sha256-UGfgrQ+GKJogDAQthuGt5lpepOeF3ypbYTr2PPxcBdU=' 'sha256-hUiPqjPAx0BTYk+HP/Ohq7cZFW+CFLUDreW74sIBUJk=' 'sha256-MWnKpq2mO4B+C/F7fLTeifs05WkVCc8Hkl+SzXGUmtI=' 'sha256-QiHtJSgKkeO/qh+2A9GCUt3xk8ONLQAa6uua+j+nHLg=' 'sha256-7+1sMW/o6RcIncEOmuvZbRThB6NRZLwQjvsqQAGehKA=' 'sha256-tYinntSHdpRdg0LwZuBycjWqxaMdCzBdOnOGsSZH2Ho=' 'sha256-DP0AJIADL+tS8s/bg6t7xbMHunrd17JCuOgpyNjxt/M=' 'sha256-sqwbnK0D7p9u3WG0lgAYLYmp/byKS9zlT2eFORz1SDY=' 'sha256-L436NBsgbW4nnr2zz6geY9aouLDwQiH+458+ny7TeJ8=' 'sha256-t21JzuoP0AGVdHYfaGtWzFviQ1hj34OuECR3Ur2P1Dk=' 'sha256-kmGPVWtzfwq6b9fEOy1NmWxrKyxreHZU5tKvRxQpDMA=' 'sha256-SAqGhA/G1eraYlnHKoGwPlIvGfOo45eq5hoyKq2LnUY=' 'sha256-+08d4MzO/if2DlZslM+0a0gvpYaPHK7ilzV9yUXHxRo=' 'sha256-5RKybv4IYG3Rt1CcIXoS1OAD7D0vjWLop/a6KVpWxM0=' 'sha256-N/Mk5WIdXnJRlsc5rmMcLJsovC5ozGJ5BmVdRxKOeNc=' 'sha256-XJEfHQ97N7xwKM6MQXMpabeUHxVT647JYAYwrOX6sQQ=' 'sha256-sdKFLBOaDq01ySztbW/n0JnIwsMIlCr7AaMAznJOqA0=' 'sha256-7pyFNQ34QDbIyjfqF4dboUBH/FqtGtJgw7KPgC+aKY8=' 'sha256-yYGe3YxZ1stILsg6s+TKQ7ACovlrQ/V7H5hpGiko1EI=' 'sha256-JcTUCZru8bIzmyUfGjmyP1Nwn0ccUuwLyJA5/jgV2jI=' 'sha256-zEF/ALwwDYV2nZ+rdYGh2XpjU1lbO3oZ2osZayOlmpw=' 'sha256-ErdS+5vyua60ApoR4T4MK5hMhAxO8I75iqTuR4st0lk=' 'sha256-dgOinhXczUSm4ADnOKjecy4HqoIpihiWY1xMUGi3KiE=' 'sha256-bAZaADjFxXYURQUP9Z4p4eiIim+gCGst1ZWemjLGJxo=' 'sha256-x3E2vOOOHY24kNAmZOQxorAyW5o6cX3R7J5Jg+RTqZY=' 'sha256-WJHVKi7ReHnWJF4AUmd9vWDpqeX8GVtEsyAJP01M130=' 'sha256-mvYU2m+aQi6xWWVpxauZ/UaXg+HkwxCv4r/qVBDAm3A=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-Ov0LRI92VqZTYbOhyIvK8iFCm9rBs/HXaYLwlDMrra0=' 'sha256-HjgaVwCCuGQHih00gvN/PUGZuGwVIWd/6sThgUEi83E=' 'sha256-7oEVqsTDSU0XTGoiH3B7bXM3sMDjv58JCTndWi8pUKw=' 'sha256-ZlXTkZmAmWswFmM/VCVi0DLagBh+F9JWQiK/yRsf7yc=' 'sha256-76Yt/S5cofMdn9d5/cJOU32zSvhw1A8QJDSgL1c0YRI=' 'sha256-z4pF+zMq94+GUUF273G0WvSAL91jUazcB1NOISkNlzk=' 'sha256-4OIRiOWgv2ak/dapUtCUuoqEUnVBrH8A9LJCp3dthUw=' 'sha256-ew0tynw+zAqBiv217Nj202XmktwGvkQU7jXqQMotiHg=' 'sha256-2mFyIAC6FjDBvAg15BPawsugazV1sKm4T9x09V76BK0=' 'sha256-kxoZz5p2Ko+K+FXi8lIZc2opwhJF9WD4/wy9+dLYHzY=' 'sha256-+ThII46Fk+h63393vJ+nvAEZnTSXIwpqVJDSklAo5eM=' 'sha256-hUowsewUBuLRjFz7Z3pohTKe/pX/uO7uKD1k25qHLQY=' 'sha256-pMZUEpT65ftOEzHdiYyq/2vt545RymVHJSh5H2y5BDk=' 'sha256-nGkmLI0CpGjUy6Gg2vRE6xAh+vU4jlNVmPB+55WJmn8=' 'sha256-j6LWS7Q+Wsyd91b6000yHCoIqUaJIJQq56Lw3XQPcHA=' 'sha256-XQ6pUmmjpjpunCfT67q0ACDA7NqxLJx1iJwCFhC73wo=' 'sha256-tCniuKIyeHpfi5vxJOgLkz0eRI+cerKWFRsy5hMt5V0=' 'sha256-EZaJwK6Bh4sdKWjgv6zhJUdT2ISL4NhEQSPYf++uAeU=' 'sha256-1T7dud0UtKJZdhJcgsp1gh8MZDyA3S8DIsOpB3+co4M=' 'sha256-g6A8gRllShDRUg9hmXQZ0ZvMQ35F4jsarESQIDJtpE4=' 'sha256-y6vRm9V8P08qfB27ukHo07LF4IM00RKuKNzQBfsBlgg=' 'sha256-1GbAOPSdN7GyL999DpkIzp8XYAH1OP43heqQi7uU3FQ=' 'sha256-1p8zU6DNbl/tn8sFUoVBsvAF+dwRMDHK3WXM4vqIhDc=' 'sha256-a/dU49b8+CePl3YeekAugUB79FoCfbN22DFVyavn9pM=' 'sha256-39FcaN3WyGnHnf2UX+fHrSBSJq4KI6BETrXNemtzDa8=' 'sha256-4N1dEVT13lNPCpxXX2XuIlfUBwZp3wNLb/hBbSKGESA=' 'sha256-hNSRZgUy89mPGFidDBRWC4Ed4jKTrCtZP2zeBPNbdeI=' https://code.jquery.com https://js-agent.newrelic.com https://bam.nr-data.net https://content.secureworks.com https://pcdnscwx001.azureedge.net https://live-scwx-pe.pantheonsite.io https://marketo-scwx-pe.pantheonsite.io https://munchkin.marketo.net https://app-ab44.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://tagmanager.google.com https://translate.google.com https://bat.bing.com https://connect.facebook.net https://ad.atdmt.com https://static.ads-twitter.com https://analytics.twitter.com https://www.linkedin.com https://px.ads.linkedin.com https://snap.licdn.com https://sjs.bizographics.com https://*.vimeo.com https://*.vimeocdn.com https://j.6sc.co https://b.6sc.co https://*.6sc.co https://epsilon.6sense.com https://*.rlcdn.com https://gateway.zscaler.net https://scwx.annuitas.io https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://*.drift.com https://*.driftt.com https://*.simplecast.com https://*.crazyegg.com https://widgets.ziftsolutions.com https://hammock.hotprofile.biz https://transfertool.hotprofile.biz/production/ https://m-store-hammock.hot-profile.com/hot-profile/ https://wa2.hot-profile.com https://*.on24.com https://*.ceros.com https://*.ubembed.com https://assets.ubembed.com https://app-script.monsido.com https://monsido-consent.com https://tracking.monsido.com https://*.redditstatic.com https://*.ensighten.com https://*.ml314.com https://*.choozle.com https://*.bluekai.com https://cdn.bizible.com https://cdn.bizibly.com https://ws-assets.zoominfo.com https://ws.zoominfo.com https://insight.adsrvr.org https://js.adsrvr.org https://*.clarity.ms https://static.ads-twitter.com https://cdn.pdst.fm https://*.cloudfunctions.net https://tag.demandbase.com https://*.bidr.io https://*.company-target.com https://www.teads.com https://p.teads.tv https://www.facebook.com connect.facebook.net; img-src 'self' https://*.vimeo.com https://*.vimeocdn.com content.secureworks.com pcdnscwx001.azureedge.net id.rlcdn.com *.googletagmanager.com cdn.cookielaw.org *.gstatic.com optanon.blob.core.windows.net web.secureworks.com bat.bing.com *.google-analytics.com j.6sc.co b.6sc.co c.6sc.co epsilon.6sense.com www.google.com attr.ml-api.io s.ml-attr.com www.google.com.ua secure.adnxs.com apt.techtarget.com id.rlcdn.com px.ads.linkedin.com *.adslinkedin.com p.adsymptotic.com www.linkedin.com static.ziftsolutions.com *.crazyegg.com *.ubembed.com *.redditstatic.com alb.reddit.com *.ensighten.com ml314.com *.choozle.com *.bluekai.com cdn.bizible.com cdn.bizibly.com tracking.monsido.com *.clarity.ms analytics.twitter.com t.co *.bidr.io *.company-target.com www.facebook.com t.teads.tv; frame-ancestors 'none';
content-type: text/html; charset=utf-8
date: Wed, 21 Dec 2022 14:59:09 GMT
expires: -1
pragma: no-cache
referrer-policy: no-referrer-when-downgrade
server: Microsoft-IIS/10.0
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-azure-ref: 0PB+jYwAAAACiR2UUue5uTrJdN5UFT2GwRlJBMzFFREdFMDMyMAAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
x-azure-ref-originshield: 0PB+jYwAAAABW/JK+AsjmRKmsrUf7KD3CRlJBMjMxMDUwNDE3MDE5ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
x-cache: PRIVATE_NOSTORE
x-content-type-options: nosniff
x-frame-options: DENY
x-xss-protection: 1; mode=block

GET
H2 200 html5reset-1.6.1.css
content.secureworks.com/content/app/css/ 1 KB
1 KB 169ms
21ms Stylesheet
text/css 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/css/html5reset-1.6.1.css?v=11-10-2022

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

db61679243f9f3b5a03de90b1ad228130ad3e87b79b9d153ce1ca6afbdf9a2b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 21 Dec 2022 14:59:09 GMT
x-azure-ref-originshield: 0AwRtYwAAAAC6MDu4l1rrQYeAM7mMzl1VRlJBMjMxMDUwNDE4MDMzADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
content-length: 573
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 03 Nov 2022 07:39:26 GMT
server: Microsoft-IIS/10.0
etag: "863e3f6657efd81:0"
x-azure-ref: 0AwRtYwAAAACCzUtswh8gQ5+hdAMv4lLbRlJBMjMxMDUwNDIwMDUzADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=1367956
accept-ranges: bytes

GET
H2 200 western-typographies.css
content.secureworks.com/content/app/css/ 2 KB
840 B 168ms
20ms Stylesheet
text/css 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/css/western-typographies.css?v=11-10-2022

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

fa85f97108080f24b26ca0450d471edf522d233337c1b73e41ab4a27d19ac94f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 21 Dec 2022 14:59:09 GMT
x-azure-ref-originshield: 0KImQYwAAAAAcpYcoyFgNQrVIzBQEa60gRlJBMjMxMDUwNDE3MDA5ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
content-length: 365
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 03 Nov 2022 07:39:26 GMT
server: Microsoft-IIS/10.0
etag: "9dde646657efd81:0"
x-azure-ref: 0KImQYwAAAADpMVpfB6bfR7bZsexcXI6ORlJBMzFFREdFMDkxMAAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=1373974
accept-ranges: bytes

GET
H2 200 main.css
content.secureworks.com/content/app/css/ 585 KB
83 KB 171ms
23ms Stylesheet
text/css 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/css/main.css?v=11-10-2022

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

ed29203489c4a783ed40982e756aa1448078d6f12c2eb12ec4051a46ee445996

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 21 Dec 2022 14:59:09 GMT
x-azure-ref-originshield: 0gO5sYwAAAABdaKCoLafJRp9AUOweqKNpRlJBMjMxMDUwNDE4MDM5ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
content-length: 84328
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 03 Nov 2022 07:37:17 GMT
server: Microsoft-IIS/10.0
etag: "2f73a31957efd81:0"
x-azure-ref: 0gO5sYwAAAACLahemaghWQ4w/jxn4gdmiRlJBMjMxMDUwNDIwMDQ5ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=1358816
accept-ranges: bytes

GET
H2 200 jquery-3.6.0.min.js Show response
content.secureworks.com/content/app/js/ 87 KB
31 KB 173ms
25ms Script
application/javascript 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/js/jquery-3.6.0.min.js?v=11-10-2022

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

ce9d07500ad91ec2b524c270764ec4c9a33e78320d8d374ec400ede488f6251b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 21 Dec 2022 14:59:09 GMT
x-azure-ref-originshield: 0KImQYwAAAAA6rEf4DGmxQImlIMDF9Au8RlJBMjMxMDUwNDE4MDM3ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
content-length: 30954
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 03 Nov 2022 07:39:49 GMT
server: Microsoft-IIS/10.0
etag: "a53f07357efd81:0"
x-azure-ref: 0KImQYwAAAABOXaXP4hR4ToLhs3Bo8psARlJBMzFFREdFMDMxOQAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1373882
accept-ranges: bytes

GET
H2 200 scripts.js Show response
scwx.annuitas.io/wp-json/pdg/v1/ 46 KB
16 KB 1648ms
283ms Script
application/x-javascript 2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://scwx.annuitas.io/wp-json/pdg/v1/scripts.js

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

994d380448d039b7d1c6aa96008c28f2cdd1c40634f829893ff91b27cb92db42

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

expires: Sun, 05 Nov 2023 00:15:35 GMT
strict-transport-security: max-age=300
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
date: Wed, 21 Dec 2022 14:59:11 GMT
age: 4113816
x-cache: HIT, HIT
x-pantheon-styx-hostname: styx-fe2-b-798459774c-k5w5m
content-length: 16478
x-served-by: cache-chi-kigq8000092-CHI, cache-maa10239-MAA
last-modified: Thu, 03 Nov 2022 15:44:15 GMT
server: nginx
x-timer: S1671634751.005515,VS0,VE2
etag: W/"6363e1cf-b663"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: cd7d5112-5bd5-11ed-b2ec-9e8655583318
cache-control: max-age=31622400
accept-ranges: bytes
x-cache-hits: 1, 1

GET
H2 200 marketo-from-custom.js Show response
content.secureworks.com/content/app/js/ 15 KB
4 KB 170ms
22ms Script
application/javascript 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/js/marketo-from-custom.js?v=11-10-2022

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

17d07551ce1a1399239c84c686df031c0e068f34b979cf621daa6f6b33165863

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 21 Dec 2022 14:59:09 GMT
x-azure-ref-originshield: 0gO5sYwAAAADGcz8OkwVPRI1rOMwXqkiVRlJBMjMxMDUwNDE4MDM1ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
content-length: 3089
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 03 Nov 2022 07:37:36 GMT
server: Microsoft-IIS/10.0
etag: "d911cd2457efd81:0"
x-azure-ref: 0gO5sYwAAAADxwb0QGGJLRI1vtSfAlt8+RlJBMjMxMDUwNDIwMDM5ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1373880
accept-ranges: bytes

GET
H2 200 css2
fonts.googleapis.com/ 10 KB
1 KB 80ms
31ms Stylesheet
text/css 2a00:1450:4001:82b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Saira+Condensed:wght@100;200;300;400;500;600;700;800;900&display=swap

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

b59483e35a1d02486315e56e20d8e4c492859bce398097e768b2b91de1fa89df

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Wed, 21 Dec 2022 14:59:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 21 Dec 2022 14:59:09 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 21 Dec 2022 14:59:09 GMT

GET
H2 200 image001.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/ 31 KB
32 KB 74ms
19ms Image
image/jpeg 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/image001.ashx?la=en&modified=20220818164028&hash=8531CEBA514F82DAC4D2FA8D9EEDA856

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

7e72877c60ab8819f0bb79b3b80ff59857560f32b0063aa5d33972a1847697b2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:09 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 18 Aug 2022 16:40:28 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 09cmdYwAAAACmASC2LT+IT4mGwslyBeezRlJBMjMxMDUwNDE3MDUzADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
etag: a7f5e32b16ea48b0a25ab76d0f417f14
x-azure-ref: 0jRKgYwAAAAD60wzPyuTBSpUwVEi3t5M2RlJBMzFFREdFMDMxMwAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
content-type: image/jpeg
cache-control: public, max-age=2392164
content-disposition: inline; filename="image001.jpg"
accept-ranges: bytes
content-length: 31870
expires: Wed, 18 Jan 2023 07:28:33 GMT

GET
H2 200 image002.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/ 36 KB
36 KB 20ms
19ms Image
image/jpeg 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/image002.ashx?la=en&modified=20220818164029&hash=E2757C0968727EA2C826E1AE05113B2D

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

ca830692a08d6782a873814816325da9b1d78685ba2a6e0cb8dbf353068aa2d8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:09 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 18 Aug 2022 16:40:29 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 09cmdYwAAAAAit19+mjhnRrFQBG2tz8iKRlJBMjMxMDUwNDE3MDM1ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
etag: f95449355164406781e3e5de5100ebcb
x-azure-ref: 09cmdYwAAAADKk5byn6FdSLJMXZoBI/JwRlJBMzFFREdFMDkwNgAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
content-type: image/jpeg
cache-control: public, max-age=2242539
content-disposition: inline; filename="image002.jpg"
accept-ranges: bytes
content-length: 36433
expires: Mon, 16 Jan 2023 13:54:48 GMT

GET
H2 200 image003.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/ 48 KB
49 KB 20ms
19ms Image
image/jpeg 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/image003.ashx?la=en&modified=20220818164029&hash=A37958B78444369645B6531AA764E207

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

87a2344d633ebafbbd87a3096a3f2549b7e672823bc9eb06bae809ac1a256f51

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:10 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 18 Aug 2022 16:40:29 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 0jRKgYwAAAADdWFLNUhc2S4M6qXMILgRsRlJBMjMxMDUwNDE3MDI5ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
etag: 69291196031d4413b217e4045993cf5a
x-azure-ref: 0jRKgYwAAAACi1XiWaD0JTKl1OJH3no/2RlJBMzFFREdFMDMwOAAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
content-type: image/jpeg
cache-control: public, max-age=2392179
content-disposition: inline; filename="image003.jpg"
accept-ranges: bytes
content-length: 49174
expires: Wed, 18 Jan 2023 07:28:49 GMT

GET
H2 200 image004.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/ 23 KB
24 KB 20ms
20ms Image
image/jpeg 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/image004.ashx?la=en&modified=20220818164029&hash=D3E63AF7399DAC2FF3100E7672D342A2

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

0ff82f1393a06e0572aaec57ea2e54f5cbe9733281c33597cf157d92e78d2844

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:10 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 18 Aug 2022 16:40:29 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 09cmdYwAAAADJcQex3ek2TamJ4pUCRlVKRlJBMjMxMDUwNDE3MDE3ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
etag: 4404fb06074646789bf7d370addc3ba6
x-azure-ref: 0jRKgYwAAAADoSPVd6H2xRbyuQs49GH2uRlJBMzFFREdFMDMxMwAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
content-type: image/jpeg
cache-control: public, max-age=2392141
content-disposition: inline; filename="image004.jpg"
accept-ranges: bytes
content-length: 23655
expires: Wed, 18 Jan 2023 07:28:11 GMT

GET
H2 200 image005.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/ 36 KB
37 KB 20ms
20ms Image
image/jpeg 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/image005.ashx?la=en&modified=20220818164030&hash=02DEF01B413434273017009323445A41

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

6fb7b90a809d74d9cbe61845481acd2df1ff6ca86ef4cdb21b165116cea623dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:10 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 18 Aug 2022 16:40:30 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 09cmdYwAAAADTEuSHwWY9RqCyplFsTcmoRlJBMjMxMDUwNDE4MDM5ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
etag: d0ae7be21b7b48cdb5e7142cec897720
x-azure-ref: 09cmdYwAAAAC0TT3Nas6YQrz/lssFMROKRlJBMzFFREdFMDkxMAAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
content-type: image/jpeg
cache-control: public, max-age=2242504
content-disposition: inline; filename="image005.jpg"
accept-ranges: bytes
content-length: 37313
expires: Mon, 16 Jan 2023 13:54:14 GMT

GET
H2 200 image006.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/ 95 KB
96 KB 21ms
20ms Image
image/jpeg 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/image006.ashx?la=en&modified=20220818164030&hash=3B6A9B04F6EA12AC6AA4DF7C6FBCC112

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

e859546666d2f0254e40a7f73b7132acac6f3d5b65cf356b39e2ef11e596b8ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:10 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 18 Aug 2022 16:40:30 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 0Xq6iYwAAAABUTObpSRrkR6D5D/323GksQU1TMDRFREdFMTkxMwAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
etag: 9c182f4f9b004f5fa65b89c888356b7b
x-azure-ref: 0Xq6iYwAAAACHDfZ2ino1Rq30jAIGua7dRFVTMzBFREdFMDYxMwAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
content-type: image/jpeg
cache-control: public, max-age=2563178
content-disposition: inline; filename="image006.jpg"
accept-ranges: bytes
content-length: 97445
expires: Fri, 20 Jan 2023 06:58:48 GMT

GET
H2 200 image007.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/ 19 KB
19 KB 20ms
19ms Image
image/jpeg 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/image007.ashx?la=en&modified=20220818164030&hash=C45E8BD7FFDEFB273F4A045A21A2C194

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

4bfff8ead47480a1ec16c5a282262bfbf5def48527635946dadeb71958f02602

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:10 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 18 Aug 2022 16:40:30 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 0Xq6iYwAAAACg5UlYNGcvSqapoDsG6NFiQU1TMDRFREdFMTkxMwAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
etag: 98dcc69d85c0462d98420ca0679801ba
x-azure-ref: 0Xq6iYwAAAADb54TlAGfFRKQxE7PTv3SQRFVTMzBFREdFMDYwOQAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
content-type: image/jpeg
cache-control: public, max-age=2563131
content-disposition: inline; filename="image007.jpg"
accept-ranges: bytes
content-length: 19144
expires: Fri, 20 Jan 2023 06:58:01 GMT

GET
H2 200 image008.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/ 191 KB
192 KB 22ms
22ms Image
image/jpeg 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/image008.ashx?la=en&modified=20220818164031&hash=46A02E5463453FAFAF7D1B5B1DB0E202

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

f3fbef930989a82aab70be4871c21f9dac22732ad7af9bdc2a67b58dbbfe22cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:10 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 18 Aug 2022 16:40:31 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 0jRKgYwAAAADLzOr+8dFaRLSynS/jZy49RlJBMjMxMDUwNDE4MDQ5ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
etag: 2fa4cd8063024533ac8e09512e963991
x-azure-ref: 0jRKgYwAAAADKEg4dqDawTpeRB6akP8LtRlJBMzFFREdFMDMwOAAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
content-type: image/jpeg
cache-control: public, max-age=2392147
content-disposition: inline; filename="image008.jpg"
accept-ranges: bytes
content-length: 195846
expires: Wed, 18 Jan 2023 07:28:17 GMT

GET
H2 200 image009.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/ 36 KB
37 KB 20ms
20ms Image
image/jpeg 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/image009.ashx?la=en&modified=20220818164031&hash=7D60E487D25B00116A03A32C9F24429A

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

5ebcdd5733470d147d39d595bf431d4a0ac1008b830d46506ad9438d03553eef

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:10 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 18 Aug 2022 16:40:31 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 09cmdYwAAAABSd++4viDPQ5lUsBCoe7V3RlJBMjMxMDUwNDE4MDQ3ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
etag: 213cee0d28b44b7a94a93b7101154e1d
x-azure-ref: 09cmdYwAAAADCfWWgxFrCQrhe7kM/vsM/RlJBMzFFREdFMDkxMAAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
content-type: image/jpeg
cache-control: public, max-age=2242499
content-disposition: inline; filename="image009.jpg"
accept-ranges: bytes
content-length: 37321
expires: Mon, 16 Jan 2023 13:54:09 GMT

GET
H2 200 image010.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/ 105 KB
106 KB 20ms
20ms Image
image/jpeg 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/image010.ashx?la=en&modified=20220818164031&hash=F01AC8ECC3DD40F401291D7B1FE818D2

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

6895318639473264d86f0148e6247451f76849e5a75212297b333fe7181cd326

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:10 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 18 Aug 2022 16:40:31 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 0Xq6iYwAAAAA702j8yEf7Q4vSXLkwM8yLRlJBMjMxMDUwNDE4MDM1ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
etag: 887da966f2a343dfa1a9ad8c8f3b9454
x-azure-ref: 0Xq6iYwAAAADPkXo+HL5DRK9+xe/0GEqDRlJBMzFFREdFMDkxOAAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
content-type: image/jpeg
cache-control: public, max-age=2563155
content-disposition: inline; filename="image010.jpg"
accept-ranges: bytes
content-length: 107312
expires: Fri, 20 Jan 2023 06:58:25 GMT

GET
H2 200 image011.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/ 42 KB
43 KB 20ms
20ms Image
image/png 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/image011.ashx?la=en&modified=20220818164031&hash=BC2FDB7260BFED3924E9DBBE71D7C56E

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

2413337fb4673ef87c86a35c47611f61420e0c4ed0d1b46fb6e6fa01e5f54f51

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:10 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 18 Aug 2022 16:40:31 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 09smdYwAAAABZi/sLKMoOQ7YDgSXhgnlwRlJBMjMxMDUwNDE4MDM5ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
etag: bc5ca73745ba4be4a76ebc9493e5c4bc
x-azure-ref: 09smdYwAAAAAc7hsJrA98QpO/uhlHwzbdRlJBMzFFREdFMDkwNgAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
content-type: image/png
cache-control: public, max-age=2242450
content-disposition: inline; filename="image011.png"
accept-ranges: bytes
content-length: 42968
expires: Mon, 16 Jan 2023 13:53:20 GMT

GET
H2 200 image012.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/ 53 KB
54 KB 23ms
22ms Image
image/jpeg 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/image012.ashx?la=en&modified=20220818164032&hash=9ECD00A00C79BC312EB024025BB11D18

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

9f1a4ba00de603e3f00a969f62525a93f1292c0d083ac82d8bbd72caae052b93

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:10 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 18 Aug 2022 16:40:32 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 09smdYwAAAADkrLfIIGKeTbqBmVYSZSi2RlJBMjMxMDUwNDE4MDUxADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
etag: 3d43122dd3934d12a41ff0cb87fe25a8
x-azure-ref: 0jhKgYwAAAADS2zLL3QwAQaGmE4wchV4ZRlJBMzFFREdFMDMxMwAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
content-type: image/jpeg
cache-control: public, max-age=2392198
content-disposition: inline; filename="image012.jpg"
accept-ranges: bytes
content-length: 54530
expires: Wed, 18 Jan 2023 07:29:08 GMT

GET
H2 200 image013.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/ 38 KB
39 KB 20ms
20ms Image
image/jpeg 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/image013.ashx?la=en&modified=20220818164032&hash=A192D50EA07B5DAD8FB87722424F7CC6

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

a3950b23aedb801776d097d5b836a9f8d6978359cb181067d150d8a5d56bf083

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:10 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 18 Aug 2022 16:40:32 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 09smdYwAAAABIZpJHLZh0QrGl8ot8BvtZRlJBMjMxMDUwNDE4MDI3ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
etag: aa5d2c46403b497d8befe99e94dfbd1c
x-azure-ref: 09smdYwAAAAAGcICYUBZbTLXsUa7AZPIgRlJBMzFFREdFMDMxNAAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
content-type: image/jpeg
cache-control: public, max-age=2242545
content-disposition: inline; filename="image013.jpg"
accept-ranges: bytes
content-length: 39404
expires: Mon, 16 Jan 2023 13:54:55 GMT

GET
H2 200 image014.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/ 12 KB
12 KB 19ms
19ms Image
image/jpeg 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/image014.ashx?la=en&modified=20220818164032&hash=6BC66D50E8E9390FD0BEAD0B057EA5D6

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

7769ab9086a2c079f789f8fa45234036dbfd48186ce42a507fe2cd1c25a3fab0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:10 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 18 Aug 2022 16:40:32 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 0geaeYwAAAAAUHgly291tQLxbZidyFEzCRlJBMjMxMDUwNDE3MDM1ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
etag: 572564c66f1b4c379a8b42e3384b76a5
x-azure-ref: 0geaeYwAAAACkEShXvAz1QLKz9VKKnE51RlJBMzFFREdFMDMwOAAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
content-type: image/jpeg
cache-control: public, max-age=2315315
content-disposition: inline; filename="image014.jpg"
accept-ranges: bytes
content-length: 11889
expires: Tue, 17 Jan 2023 10:07:45 GMT

GET
H2 200 image015.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/ 29 KB
29 KB 20ms
20ms Image
image/jpeg 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/image015.ashx?la=en&modified=20220818164033&hash=8CB3B7A83C2C049B3EB9B7CFBEAFA4B1

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

d369ff6f9f28ed06ac81a430e3c10c80097cc18992e090133845b87d205fe1ce

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:10 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 18 Aug 2022 16:40:33 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 0Xq6iYwAAAABfNmM7oePKTZgMqUktNevVQU1TMDRFREdFMTkwNwAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
etag: c1716601be404cefbe887150f4c99692
x-azure-ref: 0Xq6iYwAAAAAhKMU+QIgGS5YHsoVzEO35RFVTMzBFREdFMDYxMgAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
content-type: image/jpeg
cache-control: public, max-age=2563111
content-disposition: inline; filename="image015.jpg"
accept-ranges: bytes
content-length: 29463
expires: Fri, 20 Jan 2023 06:57:41 GMT

GET
H2 200 image016.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/ 31 KB
32 KB 20ms
20ms Image
image/jpeg 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/image016.ashx?la=en&modified=20220818164033&hash=7AEF1A05B9426693CA2EFE4989ACF398

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

fbdd71ed9a2c925dfc858e1777398c502c8dc7d0914f2eb9515ce619b4d990fd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:10 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 18 Aug 2022 16:40:33 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 09smdYwAAAAC3WLNFR/e9SLnAKVLWxlZ6RlJBMjMxMDUwNDE3MDM3ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
etag: 065c208fb27843368be8f2015de1e85f
x-azure-ref: 0Xq6iYwAAAADHYdXr4OFlTK/nK0pDaJYIRlJBMzFFREdFMDMxMQAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
content-type: image/jpeg
cache-control: public, max-age=2563094
content-disposition: inline; filename="image016.jpg"
accept-ranges: bytes
content-length: 31999
expires: Fri, 20 Jan 2023 06:57:24 GMT

GET
H2 200 image017.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/ 57 KB
57 KB 20ms
20ms Image
image/jpeg 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/image017.ashx?la=en&modified=20220818164033&hash=D291B2B9B2F717DFBFE2D29ECCD0B24C

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

44ca0939ee0fb76f4871cf1b4b35b23dfd67c44aa6673f4dc76ccd476a05ccd8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:10 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 18 Aug 2022 16:40:33 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 09smdYwAAAABP+bQpobDzQ5GK0HRfpmwgRlJBMjMxMDUwNDE3MDE3ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
etag: 8ec453a570f14837a578d30060b753ed
x-azure-ref: 0Xq6iYwAAAACuxB4VUkr5S52k7651jsJoRlJBMzFFREdFMDMxNwAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
content-type: image/jpeg
cache-control: public, max-age=2563098
content-disposition: inline; filename="image017.jpg"
accept-ranges: bytes
content-length: 58070
expires: Fri, 20 Jan 2023 06:57:28 GMT

GET
H2 200 image018.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/ 27 KB
28 KB 20ms
20ms Image
image/jpeg 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/image018.ashx?la=en&modified=20220818164033&hash=8683DD34C178D14D6E297DEBA705AE3C

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

00bca840431e27eaa77f57d0dcdd8a2ef3c434a308dbde2f97aaf8359e848d18

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:10 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 18 Aug 2022 16:40:33 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 09smdYwAAAAAbAxjIoTv5TamRv2g/1oirRlJBMjMxMDUwNDE4MDIzADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
etag: bdd8e2e4d3474cd48942dec3f49a68ba
x-azure-ref: 09smdYwAAAAANyYSEnRonRYRylJxFJF0ARlJBMzFFREdFMDkyMQAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
content-type: image/jpeg
cache-control: public, max-age=2242529
content-disposition: inline; filename="image018.jpg"
accept-ranges: bytes
content-length: 27741
expires: Mon, 16 Jan 2023 13:54:39 GMT

GET
H2 200 image019.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/ 110 KB
111 KB 20ms
20ms Image
image/jpeg 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/image019.ashx?la=en&modified=20220818164034&hash=C2F4D582649DF918E68C30A7C11B203A

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

b26c5e3f314ea765ecec79c3c9702b187aef83159a43a9c2a532e5f68d135d70

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:10 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 18 Aug 2022 16:40:34 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 09smdYwAAAAAMn+yDNkF9TplemgsYstsbRlJBMjMxMDUwNDE3MDM1ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
etag: e7873ed69e7b4f548dfded6f96455156
x-azure-ref: 0Xq6iYwAAAACM/G40wbWjQ7MlS9lA4eKFRlJBMzFFREdFMDMwOAAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
content-type: image/jpeg
cache-control: public, max-age=2563076
content-disposition: inline; filename="image019.jpg"
accept-ranges: bytes
content-length: 112818
expires: Fri, 20 Jan 2023 06:57:06 GMT

GET
H2 200 image020.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/ 36 KB
36 KB 20ms
20ms Image
image/jpeg 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/image020.ashx?la=en&modified=20220818164034&hash=CF29F46ED94209DABBC72197D7ABDF83

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

723a553818880d604ae8b8aa9e14521a5c5b885816931ce0ac522f23083b3e79

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:10 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 18 Aug 2022 16:40:34 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 09smdYwAAAAAklFLafwcLSLIPHgL+EuE4RlJBMjMxMDUwNDE3MDQ1ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
etag: 572424e72a0d4f8cabb59f43e69531af
x-azure-ref: 09smdYwAAAAC7yAR3KqPjQYXuI8RloBNkRlJBMzFFREdFMDkxMAAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
content-type: image/jpeg
cache-control: public, max-age=2242564
content-disposition: inline; filename="image020.jpg"
accept-ranges: bytes
content-length: 36656
expires: Mon, 16 Jan 2023 13:55:14 GMT

GET
H2 200 image021.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/ 10 KB
10 KB 19ms
19ms Image
image/jpeg 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/image021.ashx?la=en&modified=20220818164034&hash=16E26CF210192C9040C7F4CD569B4FC9

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

79fad722d19f564084c672a04f8bbd3800f53e10d869701b8c8fc49b56b83e5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:10 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 18 Aug 2022 16:40:34 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 0jxKgYwAAAAChbG8TmiEAR63AaAc7ftI9RlJBMjMxMDUwNDE3MDI3ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
etag: 90a83341eb0943e5a1b1d461b5fc6243
x-azure-ref: 0jxKgYwAAAAC43yANh4GoTZJrpu7SL+jwRlJBMzFFREdFMDMxMwAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
content-type: image/jpeg
cache-control: public, max-age=2392156
content-disposition: inline; filename="image021.jpg"
accept-ranges: bytes
content-length: 9918
expires: Wed, 18 Jan 2023 07:28:26 GMT

GET
H2 200 image022.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/ 9 KB
10 KB 19ms
19ms Image
image/jpeg 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Threat%20Analysis/100%20darktortilla/image022.ashx?la=en&modified=20220818164034&hash=6E45EA2917D8289A83A16A40B3CB9888

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

d72b2e64a9dcff3480f93b796bc7d9932f37ba7ec859822d14bbafa91a5bd614

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:10 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 18 Aug 2022 16:40:34 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 09smdYwAAAAAkwX+04a5jQIfu0hMy1oRTRlJBMjMxMDUwNDE3MDQ5ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
etag: 1b697e7688564fba87b7f35e774c1404
x-azure-ref: 09smdYwAAAACdbA8yjA+UQa3KMSR/dxJHRlJBMzFFREdFMDMxOQAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
content-type: image/jpeg
cache-control: public, max-age=2242476
content-disposition: inline; filename="image022.jpg"
accept-ranges: bytes
content-length: 9649
expires: Mon, 16 Jan 2023 13:53:46 GMT

GET
H2 200 002-background-treated_360x190.ashx
content.secureworks.com/-/media/Images/Insights/2022/abstract%20approved/002-purple-black-faded-screen/ 30 KB
30 KB 20ms
19ms Image
image/png 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/2022/abstract%20approved/002-purple-black-faded-screen/002-background-treated_360x190.ashx?modified=20220621213741

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

d06f16436de248c88426110742cf0fa0e9fe7a2707399ecb2f27b3425a6b6162

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:10 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 21 Jun 2022 21:37:41 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 0vqVjYwAAAADFXo2BP2FuRItGwV1AfffjRlJBMjMxMDUwNDE3MDM3ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
etag: 02b515b1c4464caaa68045744107a917
x-azure-ref: 0vqVjYwAAAADujethfCC1SoC5p1WseIJZRlJBMjMxMDUwNDE5MDMzADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
content-type: image/png
cache-control: public, max-age=664736
content-disposition: inline; filename="002-background-treated_360x190.png"
accept-ranges: bytes
content-length: 30267
expires: Thu, 29 Dec 2022 07:38:06 GMT

GET
H2 200 blog-right-sidebar-ad.ashx
content.secureworks.com/-/media/Images/Insights/Blog/2022%20right%20sidebar%20ads/ 21 KB
21 KB 20ms
19ms Image
image/png 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Blog/2022%20right%20sidebar%20ads/blog-right-sidebar-ad.ashx?modified=20221102152447

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

62e55cc7119c6aae1e7aaac1870c9796ccc25fccdd4937f126f6114e66fd3b5a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:10 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 02 Nov 2022 15:24:47 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 0maVjYwAAAACWdBey9cAdTbDAr6iLkr5eQU1TMDRFREdFMTgxOAAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
etag: 9a6cd664e4ae440c96fa0d2bacbcb2db
x-azure-ref: 0maVjYwAAAADcdosX0EQCSrKL/xTAsfLgQlJVMzBFREdFMDQwOQAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
content-type: image/png
cache-control: public, max-age=841414
content-disposition: inline; filename="blog-right-sidebar-ad.png"
accept-ranges: bytes
content-length: 21359
expires: Sat, 31 Dec 2022 08:42:44 GMT

GET
H2 200 state-of-the-threat-2022_500x300.ashx
content.secureworks.com/-/media/Images/Insights/Resources/Reports/state%20of%20the%20threat%202022/ 156 KB
157 KB 20ms
20ms Image
image/png 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/Insights/Resources/Reports/state%20of%20the%20threat%202022/state-of-the-threat-2022_500x300.ashx?modified=20220930143542

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

baa55d1d4627050073e047eb2f9dbe86720736f51f37a116602e5705c3966b33

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:10 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Fri, 30 Sep 2022 14:35:42 GMT
server: Microsoft-IIS/10.0
etag: dca4e3938b8e4a69a36ea6fa76e12158
x-azure-ref: 017xFYwAAAADXExHchouVSakZvKl/VQ7FQU1TMDRFREdFMTgwOAAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
content-type: image/png
cache-control: public, max-age=1118067
content-disposition: inline; filename="state-of-the-threat-2022_500x300.png"
accept-ranges: bytes
content-length: 160244
expires: Tue, 03 Jan 2023 13:33:37 GMT

GET
H2 200 close.svg
www.secureworks.com/content/rc/images/ 850 B
1 KB 26ms
26ms Image
image/svg+xml 2620:1ec:4f:1::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.secureworks.com/content/rc/images/close.svg

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:4f:1::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

0049c42b57e92164c558905bff7c17441afe55dc569f0062162e77a532964b80

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:10 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 03 Nov 2022 07:37:47 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 0vfSgYwAAAAAzrsIiYnCRSrD5D0fbmSfVRlJBMjMxMDUwNDE4MDI3ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
etag: "ff1482b57efd81:0"
x-azure-ref: 0Ph+jYwAAAACPLF4JI6aVS66fLAOwsx7PRlJBMzFFREdFMDMyMAAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
x-cache: TCP_HIT
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public,max-age=2592000
accept-ranges: bytes
content-length: 850

GET
H2 200 libs.min.js Show response
content.secureworks.com/content/app/js/ 257 KB
70 KB 20ms
20ms Script
application/javascript 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/js/libs.min.js?v=11-10-2022

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

08681ba3da35c665e877f6f9a6e158ff94b4d96c363610cdb061ebb79a718c35

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 10 Nov 2022 12:12:44 GMT
server: Microsoft-IIS/10.0
date: Wed, 21 Dec 2022 14:59:09 GMT
etag: "b261abdfdf4d81:0"
x-azure-ref: 0ge5sYwAAAADKEQe9PV6ESadsDftkvOXjRlJBMjMxMDUwNDE3MDUzADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1291576
accept-ranges: bytes
content-length: 70793

GET
H2 200 main.js Show response
content.secureworks.com/content/app/js/ 73 KB
19 KB 20ms
20ms Script
application/javascript 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/js/main.js?v=11-10-2022

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

d4e7d83d3cc135b07a38c58433b2d7c363a1d8d4450b021d0eddda62d222a229

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 21 Dec 2022 14:59:09 GMT
x-azure-ref-originshield: 0zPFsYwAAAAAQ9/GUZ+OVSpoj0dE1LKNQRlJBMjMxMDUwNDE3MDE3ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
content-length: 19410
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 10 Nov 2022 12:12:44 GMT
server: Microsoft-IIS/10.0
etag: "b261abdfdf4d81:0"
x-azure-ref: 0zPFsYwAAAACUzzdu5quERaMgsnN3h2jLRlJBMjMxMDUwNDE5MDI5ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1208436
accept-ranges: bytes

GET
H2 200 products.js Show response
content.secureworks.com/content/rc/js/ 44 KB
14 KB 20ms
19ms Script
application/javascript 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/rc/js/products.js?v=11-10-2022

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

9eb064a8d93265a1b1bb725f0db9c1d209a4efdae9eca7ddc67a094755c64b4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 21 Dec 2022 14:59:09 GMT
x-azure-ref-originshield: 0gu5sYwAAAAAkarUxwWapRpQ4RhKlKjigRlJBMjMxMDUwNDE4MDM5ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
content-length: 13755
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 03 Nov 2022 07:37:54 GMT
server: Microsoft-IIS/10.0
etag: "5c3bb22f57efd81:0"
x-azure-ref: 0gu5sYwAAAACyD1qrDZzPRKN0+KmkJ1fDRlJBMjMxMDUwNDIwMDM5ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1225028
accept-ranges: bytes

GET
H2 200 default.css
content.secureworks.com/content/app/css/highlighter/ 1 KB
1 KB 20ms
19ms Stylesheet
text/css 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/css/highlighter/default.css?v=11-10-2022

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

22494645cd5c6508829ef760cfafdf7292ddfbb824f23a323b6d3f3bd10a2538

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 21 Dec 2022 14:59:09 GMT
x-azure-ref-originshield: 0gu5sYwAAAABbv4heuwYDRoVLz23q4OuGRlJBMjMxMDUwNDE3MDE5ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
content-length: 580
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 03 Nov 2022 07:39:29 GMT
server: Microsoft-IIS/10.0
etag: "22be5b6857efd81:0"
x-azure-ref: 0gu5sYwAAAAAJl+5gSFzgQZW//Q25YHxCRlJBMjMxMDUwNDIwMDQ5ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cache-control: public, max-age=1373972
accept-ranges: bytes

GET
H2 200 highlight.pack.js Show response
content.secureworks.com/content/app/js/libs/ 50 KB
20 KB 20ms
20ms Script
application/javascript 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/js/libs/highlight.pack.js?v=11-10-2022

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

154248124c7d6ba28a3d741311104b4d4a503dad23095470f663f2613532c733

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 21 Dec 2022 14:59:09 GMT
x-azure-ref-originshield: 0O12PYwAAAAB82uZIEAafS5zi2tGlox+yRlJBMjMxMDUwNDE4MDMzADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
content-length: 20267
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 03 Nov 2022 07:39:50 GMT
server: Microsoft-IIS/10.0
etag: "ef56bd7457efd81:0"
x-azure-ref: 0KYmQYwAAAAB1EiJWJIYmR67Yj2lmUSgYRlJBMzFFREdFMDkwNgAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1373929
accept-ranges: bytes

GET
H2 200 bundle.js Show response
content.secureworks.com/content/micro/ 726 KB
211 KB 20ms
19ms Script
application/javascript 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/micro/bundle.js?v=11-10-2022

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

394e969fc7f0aa85a1cf698f0aba18c5f931463ea9091d9914b17df6ad9893e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 03 Nov 2022 07:39:52 GMT
server: Microsoft-IIS/10.0
date: Wed, 21 Dec 2022 14:59:09 GMT
etag: "16e1ba7557efd81:0"
x-azure-ref: 0yfJsYwAAAAC/nHeTolxcQY11pPq9FMt2RlJBMjMxMDUwNDE4MDQ1ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public, max-age=1201888
accept-ranges: bytes
content-length: 215635

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
2 KB 307ms
20ms Script
application/x-javascript 23.45.104.85
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.104.85 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-104-85.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 91a50850c517899e1c975079158949f7a500ddf5a7307fe36bf50092926beedc

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 21 Dec 2022 14:59:11 GMT
Content-Encoding: gzip
Last-Modified: Fri, 09 Sep 2022 01:18:39 GMT
Server: AkamaiNetStorage
ETag: "92b41a298690c047b0c4602dd843cba4:1662686319.691662"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 728

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 305 KB
95 KB 330ms
45ms Script
application/javascript 2a00:1450:4001:806::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

cbfbd6f3e7601336282fb9d30d8358e6ba68377e2bc0b69d32144bcd2bb1108f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 14:59:11 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 96996
x-xss-protection: 0
last-modified: Wed, 21 Dec 2022 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 21 Dec 2022 14:59:11 GMT

GET
H2 200 visuelt-regular.woff
content.secureworks.com/content/app/fonts/visuelt/ 34 KB
34 KB 19ms
19ms Font
application/font-woff 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/fonts/visuelt/visuelt-regular.woff

Requested by

Host: content.secureworks.com
URL: https://content.secureworks.com/content/app/css/main.css?v=11-10-2022

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

01922d641b94002b4861c92b1462f8e9008baaa53707603d64a5b97fee783b03

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://content.secureworks.com/content/app/css/main.css?v=11-10-2022
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:11 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 03 Nov 2022 07:37:30 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 0vFd6YwAAAACDdAEcPJDtQaEwrwZuzvsNRlJBMjMxMDUwNDE4MDI1ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
etag: "15904e2157efd81:0"
x-azure-ref: 0AHZ7YwAAAADSibS0pHYmQbWgiy6dwubaRlJBMjMxMDUwNDIwMDIzADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=2187976
accept-ranges: bytes
content-length: 34560

GET
H2 200 arrow.svg
content.secureworks.com/content/app/img/svg/ 2 KB
1 KB 23ms
21ms Image
image/svg+xml 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/content/app/img/svg/arrow.svg

Requested by

Host: content.secureworks.com
URL: https://content.secureworks.com/content/app/css/main.css?v=11-10-2022

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

c414c4b0d50c45bc35cd0beae9dd6e255bc68bb44b7f2298f55ad4e1ba9efec0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://content.secureworks.com/content/app/css/main.css?v=11-10-2022
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 03 Nov 2022 07:37:33 GMT
server: Microsoft-IIS/10.0
date: Wed, 21 Dec 2022 14:59:11 GMT
etag: "811cca2257efd81:0"
x-azure-ref: 0caFlYwAAAADP+f8ICRUSQI3DWM0EML/UQU1TMDRFREdFMTkwNwAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
cache-control: public, max-age=858457
accept-ranges: bytes
content-length: 905

GET
H2 200 icomoon.ttf
content.secureworks.com/content/app/fonts/icomoon-new/ 3 KB
3 KB 26ms
24ms Font
application/font-ttf 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/fonts/icomoon-new/icomoon.ttf?8und5p

Requested by

Host: content.secureworks.com
URL: https://content.secureworks.com/content/app/css/main.css?v=11-10-2022

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

c97d6fa5b4ad8db4c6110b5e4a13eb698c381f580cb44440813c04f369df0a56

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://content.secureworks.com/content/app/css/main.css?v=11-10-2022
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:11 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 03 Nov 2022 07:37:27 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 0p5h7YwAAAABUVKzN1qIpSr2ER94DEnseRlJBMjMxMDUwNDE4MDQ5ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
etag: "c57391f57efd81:0"
x-azure-ref: 0w7GEYwAAAAAPHOUvYCcUTaHphwgIfB4NRlJBMjMxMDUwNDE5MDIxADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
content-type: application/font-ttf
access-control-allow-origin: *
cache-control: public, max-age=597929
accept-ranges: bytes
content-length: 2904

GET
H2 200 visuelt-medium.woff
content.secureworks.com/content/app/fonts/visuelt/ 36 KB
36 KB 24ms
22ms Font
application/font-woff 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/fonts/visuelt/visuelt-medium.woff

Requested by

Host: content.secureworks.com
URL: https://content.secureworks.com/content/app/css/main.css?v=11-10-2022

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

30a584b184cc0bffda4f65106a5440dd18027f5d832d74b56ee5d219b3b48cd6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://content.secureworks.com/content/app/css/main.css?v=11-10-2022
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:11 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 03 Nov 2022 07:37:30 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 0C1prYwAAAAC3OwJ8hP8uSK3nLj62AjgaRlJBMjMxMDUwNDE3MDI3ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
etag: "13aaf2157efd81:0"
x-azure-ref: 0C1prYwAAAAA11x5CVYQySqhD9y725gquRlJBMjMxMDUwNDE5MDA5ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=1277080
accept-ranges: bytes
content-length: 36448

GET
H2 200 visuelt-black.woff
content.secureworks.com/content/app/fonts/visuelt/ 34 KB
35 KB 26ms
25ms Font
application/font-woff 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://content.secureworks.com/content/app/fonts/visuelt/visuelt-black.woff

Requested by

Host: content.secureworks.com
URL: https://content.secureworks.com/content/app/css/main.css?v=11-10-2022

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

baacf8d144dbd8a579bde4d8221f515052f5eeb8a3a81cb6415cea17b4e30f9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://content.secureworks.com/content/app/css/main.css?v=11-10-2022
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:11 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 03 Nov 2022 07:37:29 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 0kNl8YwAAAABh7ppclZWaTY/KacmbsEpWRlJBMjMxMDUwNDE4MDIzADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
etag: "498c5d2057efd81:0"
x-azure-ref: 0kNl8YwAAAAA5/sSUDgxnQ50XNdACAtV2RlJBMjMxMDUwNDIwMDA5ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
content-type: application/font-woff
access-control-allow-origin: *
cache-control: public, max-age=2416092
accept-ranges: bytes
content-length: 35128

GET
H2 200 Visuelt-Light.ttf
www.secureworks.com/content/assets/fonts/ 139 KB
140 KB 29ms
29ms Font
application/font-ttf 2620:1ec:4f:1::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.secureworks.com/content/assets/fonts/Visuelt-Light.ttf

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:4f:1::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

7863ca6b764cf33a59a47bd455e1ef2713b5599e78e8d5b1803c0e8844186b70

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:10 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 03 Nov 2022 07:37:38 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 0P5ChYwAAAABOXei86PFSTomVdHkvgTE1RlJBMjMxMDUwNDE4MDI3ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
etag: "fea1fc2557efd81:0"
x-azure-ref: 0Px+jYwAAAAAWrwzMG/cmTIfObiiWL4EzRlJBMzFFREdFMDMyMAAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
x-cache: TCP_HIT
content-type: application/font-ttf
access-control-allow-origin: *
cache-control: public,max-age=2592000
accept-ranges: bytes
content-length: 142684

GET
H2 200 Visuelt-Bold.ttf
www.secureworks.com/content/assets/fonts/ 170 KB
171 KB 27ms
26ms Font
application/font-ttf 2620:1ec:4f:1::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.secureworks.com/content/assets/fonts/Visuelt-Bold.ttf

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:4f:1::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

64ba221769f51fcba3ae03ff9ebccac7cc1017e5f10900475b871ecfe7bda514

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:10 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 03 Nov 2022 07:37:38 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 0ydGcYwAAAADHfEViADXPQb/3GHYthic0RlJBMjMxMDUwNDE3MDIzADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
etag: "b4eef12557efd81:0"
x-azure-ref: 0Px+jYwAAAAASO6RFIFdeQoYzM6KE6U2PRlJBMzFFREdFMDMyMAAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
x-cache: TCP_HIT
content-type: application/font-ttf
access-control-allow-origin: *
cache-control: public,max-age=2592000
accept-ranges: bytes
content-length: 174376

GET
H2 200 track_event Show response
scwx.annuitas.io/wp-json/pdg/v1/ 2 B
562 B 816ms
270ms XHR
application/json 2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://scwx.annuitas.io/wp-json/pdg/v1/track_event?url=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fdarktortilla-malware-analysis

Requested by

Host: content.secureworks.com
URL: https://content.secureworks.com/content/app/js/jquery-3.6.0.min.js?v=11-10-2022

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cache-hits: 0, 1
strict-transport-security: max-age=300
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 21 Dec 2022 14:59:12 GMT
via: 1.1 varnish, 1.1 varnish
age: 91
x-cache: MISS, HIT
content-length: 22
x-served-by: cache-chi-kigq8000037-CHI, cache-maa10246-MAA
server: nginx
x-timer: S1671634752.100787,VS0,VE1
vary: Accept-Encoding
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
x-styx-req-id: d13e4b57-813f-11ed-ac9e-42e98ed4f124
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
accept-ranges: bytes
x-robots-tag: noindex
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
link: <https://scwx.annuitas.io/wp-json/>; rel="https://api.w.org/"
x-pantheon-styx-hostname: styx-fe2-a-cf859446b-h648z

GET
H2 200 search Show response
scwx.annuitas.io/wp-json/pdg/v1/ 3 KB
922 B 816ms
271ms XHR
application/json 2620:12a:8001::2
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://scwx.annuitas.io/wp-json/pdg/v1/search?content_position=manual-test&url=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fdarktortilla-malware-analysis

Requested by

Host: content.secureworks.com
URL: https://content.secureworks.com/content/app/js/jquery-3.6.0.min.js?v=11-10-2022

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2620:12a:8001::2 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

nginx /

Resource Hash

aaf0f3286bb1e3e3b0886954cd3dd9ac5b98104ca08a520dbc02dcc7ea090c0d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-cache-hits: 0, 1
strict-transport-security: max-age=300
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 21 Dec 2022 14:59:12 GMT
via: 1.1 varnish, 1.1 varnish
age: 89
x-cache: MISS, HIT
content-length: 766
x-served-by: cache-chi-kigq8000068-CHI, cache-maa10246-MAA
server: nginx
x-timer: S1671634752.100884,VS0,VE1
vary: Accept-Encoding
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
x-styx-req-id: d13e3779-813f-11ed-b3cb-6e2c7af024c2
access-control-expose-headers: X-WP-Total, X-WP-TotalPages, Link
accept-ranges: bytes
x-robots-tag: noindex
access-control-allow-headers: Authorization, X-WP-Nonce, Content-Disposition, Content-MD5, Content-Type
link: <https://scwx.annuitas.io/wp-json/>; rel="https://api.w.org/"
x-pantheon-styx-hostname: styx-fe2-b-7b54449884-tv7cf

GET
H2 200 EJRLQgErUN8XuHNEtX81i9TmEkrnfc9Q962f.woff2
fonts.gstatic.com/s/sairacondensed/v11/ 16 KB
17 KB 76ms
25ms Font
font/woff2 2a00:1450:4001:82a::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/sairacondensed/v11/EJRLQgErUN8XuHNEtX81i9TmEkrnfc9Q962f.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Saira+Condensed:wght@100;200;300;400;500;600;700;800;900&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82a::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ba24f9ef72f1973e4b0b7b2a2302836376fe6e2f533eaee680ee711d835827d9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 01:24:05 GMT
x-content-type-options: nosniff
age: 48906
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 16832
x-xss-protection: 0
last-modified: Wed, 27 Apr 2022 15:12:17 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Thu, 21 Dec 2023 01:24:05 GMT

GET
H2 200 Visuelt.ttf
www.secureworks.com/content/assets/fonts/ 167 KB
168 KB 26ms
26ms Font
application/font-ttf 2620:1ec:4f:1::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.secureworks.com/content/assets/fonts/Visuelt.ttf

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:4f:1::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

98842c0f43a891b9264682dda87aab221bbe5aabfc08cb44f6785df5cf595326

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
Origin: https://www.secureworks.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:11 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 03 Nov 2022 07:39:51 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 03qGdYwAAAADoJ4Jx0YOCTZNs15biZ3epRlJBMjMxMDUwNDE4MDQ3ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
etag: "f06ffb7457efd81:0"
x-azure-ref: 0Px+jYwAAAABsE9vmLl5+Qb0lrXSokEjrRlJBMzFFREdFMDMyMAAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
x-cache: TCP_HIT
content-type: application/font-ttf
access-control-allow-origin: *
cache-control: public,max-age=2592000
accept-ranges: bytes
content-length: 171496

GET
H2 200 warning.ashx
content.secureworks.com/-/media/Images/shared/icons/buttons/utility/ 244 B
764 B 21ms
19ms Image
image/svg+xml 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/shared/icons/buttons/utility/warning.ashx?modified=20221020215207

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

5f2d6e604ad2bafcb500a244f270fa557c8275586dc31c9058a1cfa4f46d125f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:11 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 20 Oct 2022 21:52:07 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 08JdjYwAAAACOUQneTfsYTZiK++9M2CDfRlJBMjMxMDUwNDE4MDM3ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
etag: b370dd3d1a404660b8227483d8eb6fff
x-azure-ref: 075djYwAAAAA/noYLOgi6TZZzds87KTDoRlJBMjMxMDUwNDIwMDMxADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
content-type: image/svg+xml
cache-control: public, max-age=596690
content-disposition: inline; filename="warning.svg"
accept-ranges: bytes
content-length: 244
expires: Wed, 28 Dec 2022 12:44:01 GMT

GET
H2 200 globe.ashx
content.secureworks.com/-/media/Images/shared/icons/buttons/utility/ 2 KB
1 KB 25ms
23ms Image
image/svg+xml 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/shared/icons/buttons/utility/globe.ashx?modified=20221020215152

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

d774717dcbf112735e877fa11abd3b7a3e9ce75c82935d0a78724132c8ca1fe3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 21 Dec 2022 14:59:11 GMT
x-azure-ref-originshield: 08ZdjYwAAAADunGBjO3LeQ7B1Yq+0gnDORlJBMjMxMDUwNDE3MDE3ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
content-disposition: inline; filename="globe.svg"
content-length: 749
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 20 Oct 2022 21:51:52 GMT
server: Microsoft-IIS/10.0
etag: 7d221ab6182243ebb9f626238749ba99
x-azure-ref: 08ZdjYwAAAABnnxwWogsrQaq1+HUNar2rRlJBMjMxMDUwNDIwMDIzADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=761512
accept-ranges: bytes
expires: Fri, 30 Dec 2022 10:31:03 GMT

GET
H2 200 in.ashx
content.secureworks.com/-/media/Images/shared/icons/social/ 768 B
1 KB 26ms
24ms Image
image/svg+xml 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/shared/icons/social/in.ashx?modified=20221031144532

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

3931826d11b4250a6e4d10a8249417bbdf73eb1a03f95f124b790b5c8a576bab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:11 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 31 Oct 2022 14:45:32 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 0CZhjYwAAAAAfze26sv3fQq7hGmN52up1QU1TMDRFREdFMTkxMQAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
etag: e3eaed4027ef45f381a9ca6767b60f64
x-azure-ref: 0CZhjYwAAAABKugTjQloKSKJAs6AO8llvQlJVMzBFREdFMDQwNwAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
content-type: image/svg+xml
cache-control: public, max-age=596695
content-disposition: inline; filename="in.svg"
accept-ranges: bytes
content-length: 768
expires: Wed, 28 Dec 2022 12:44:06 GMT

GET
H2 200 tw.ashx
content.secureworks.com/-/media/Images/shared/icons/social/ 1 KB
1 KB 27ms
26ms Image
image/svg+xml 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/shared/icons/social/tw.ashx?modified=20221031144531

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

318f094b79b56bc57c182543d28cffa228816b3d53a1361ad21d9830cfc4f55b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 21 Dec 2022 14:59:11 GMT
x-azure-ref-originshield: 09JdjYwAAAACjWL4py2iZTJsk7Amd2x+6RlJBMjMxMDUwNDE4MDMxADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
content-disposition: inline; filename="tw.svg"
content-length: 689
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 31 Oct 2022 14:45:31 GMT
server: Microsoft-IIS/10.0
etag: 1cfd65ea761243428664256ff1a11d92
x-azure-ref: 09JdjYwAAAAA5i67rqYxcRpgEo+Z1Km0PRlJBMjMxMDUwNDIwMDM1ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=596774
accept-ranges: bytes
expires: Wed, 28 Dec 2022 12:45:25 GMT

GET
H2 200 fb.ashx
content.secureworks.com/-/media/Images/shared/icons/social/ 403 B
812 B 28ms
27ms Image
image/svg+xml 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/shared/icons/social/fb.ashx?modified=20221031144532

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

c14c30ca00b3badf163de6dc6d1ee20208fc164bacc5b2dd5bee60d13a80cda0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:11 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 31 Oct 2022 14:45:32 GMT
server: Microsoft-IIS/10.0
etag: 2972ab029c2e47d18428a81633dd48a5
x-azure-ref: 09JdjYwAAAACk9Auu+MxtRq/xFs4nNWf6RlJBMjMxMDUwNDE4MDM5ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
content-type: image/svg+xml
cache-control: public, max-age=596704
content-disposition: inline; filename="fb.svg"
accept-ranges: bytes
content-length: 403
expires: Wed, 28 Dec 2022 12:44:15 GMT

GET
H2 200 gb.ashx
content.secureworks.com/-/media/Images/shared/icons/social/ 2 KB
2 KB 29ms
28ms Image
image/svg+xml 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/shared/icons/social/gb.ashx?modified=20221031144532

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

3c7024701a817fee5de0e62bb8d83edb43e08a9be594dde00fd2d2fcf5a20fd0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Wed, 21 Dec 2022 14:59:11 GMT
x-azure-ref-originshield: 03p5jYwAAAADr6BX8e13JT4wDaagS6aJLRlJBMjMxMDUwNDE4MDMxADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
content-disposition: inline; filename="gb.svg"
content-length: 1230
referrer-policy: no-referrer-when-downgrade
last-modified: Mon, 31 Oct 2022 14:45:32 GMT
server: Microsoft-IIS/10.0
etag: e9232effb940416d99f84a976e984c00
x-azure-ref: 03Z5jYwAAAADHrp7V4xfMQoCarBImJGSmRlJBMjMxMDUwNDE5MDMxADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
vary: Accept-Encoding
content-type: image/svg+xml
cache-control: public, max-age=761399
accept-ranges: bytes
expires: Fri, 30 Dec 2022 10:29:10 GMT

GET
H2 200 right-arrow.ashx
content.secureworks.com/-/media/Images/shared/icons/buttons/ 270 B
791 B 27ms
26ms Image
image/svg+xml 2a02:26f0:1700:d::1737:6e8f
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://content.secureworks.com/-/media/Images/shared/icons/buttons/right-arrow.ashx?modified=20221020215130

Requested by

Host: www.secureworks.com
URL: https://www.secureworks.com/research/darktortilla-malware-analysis

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:1700:d::1737:6e8f Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

ca6538789c7267c0fd372b35a2de78fe51227c09651cc785afeae0b485913548

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:11 GMT
x-content-type-options: nosniff
referrer-policy: no-referrer-when-downgrade
last-modified: Thu, 20 Oct 2022 21:51:30 GMT
server: Microsoft-IIS/10.0
x-azure-ref-originshield: 0EJpjYwAAAABAhKOhyuGER7RR9EloOHJ1RlJBMjMxMDUwNDE4MDQ3ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
etag: b074483aa26d4f8ebd6e202c749c1289
x-azure-ref: 0EJpjYwAAAAAkwBLcSYOGQJazZi4g5muNRlJBMjMxMDUwNDIwMDM1ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
content-type: image/svg+xml
cache-control: public, max-age=761471
content-disposition: inline; filename="right-arrow.svg"
accept-ranges: bytes
content-length: 270
expires: Fri, 30 Dec 2022 10:30:22 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/162/ 11 KB
5 KB 24ms
24ms Script
application/x-javascript 23.45.104.85
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/162/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.104.85 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-104-85.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5d4972183041556a4368526fbac13acafc83de9ff3ca29ce81f31eb29c8f8a57

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 21 Dec 2022 14:59:11 GMT
Content-Encoding: gzip
Last-Modified: Fri, 01 Jul 2022 00:59:12 GMT
Server: AkamaiNetStorage
ETag: "75daf56f6191efe42577301908659c29:1656637152.894482"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4677
Expires: Fri, 31 Mar 2023 14:59:11 GMT

POST
H/1.1 200
OK visitWebPage
725-smc-563.mktoresp.com/webevents/ 2 B
318 B 575ms
105ms Ping
text/plain 192.28.144.124
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL: https://725-smc-563.mktoresp.com/webevents/visitWebPage?_mchNc=1671634751515&_mchCn=&_mchId=725-SMC-563&_mchTk=_mch-secureworks.com-1671634751515-48442&_mchHo=www.secureworks.com&_mchPo=&_mchRu=%2Fresearch%2Fdarktortilla-malware-analysis&_mchPc=https%3A&_mchVr=162&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/162/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

Date: Wed, 21 Dec 2022 14:59:12 GMT
Content-Encoding: gzip
Server: nginx/1.20.1
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: 32118ba6-32ea-4d71-b896-162d54fa92a0

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
8 KB 99ms
43ms Script
application/javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-P6Z7M2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

bbc4456bca95006683a8f081d0d2ed645eef5b14c62eca12c70f7e1cec26c1a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 21 Dec 2022 14:59:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: QpLkTroHlqrE0LequA2uwg==
age: 54435
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 7151
x-ms-lease-status: unlocked
last-modified: Mon, 19 Dec 2022 19:23:40 GMT
server: cloudflare
etag: 0x8DAE1F6893DDFBD
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 79cfdc39-c01e-0166-7007-142ce9000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 77d17aed8e84bb85-FRA

GET
H2 200 1bdee92e-dd5f-49d1-9ccb-9a788319e959.json Show response
cdn.cookielaw.org/consent/1bdee92e-dd5f-49d1-9ccb-9a788319e959/ 4 KB
2 KB 90ms
48ms XHR
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/1bdee92e-dd5f-49d1-9ccb-9a788319e959/1bdee92e-dd5f-49d1-9ccb-9a788319e959.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

752dd070e8cebef9f65b50aea437d166ad27acaf00dcafb17f4edd7aa77f5a1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 21 Dec 2022 14:59:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: AYn6ZIFJ46Gq5TyARNtxRg==
age: 83100
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 1597
x-ms-lease-status: unlocked
last-modified: Wed, 30 Nov 2022 22:00:16 GMT
server: cloudflare
etag: 0x8DAD31E43CEA055
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 58b9809e-301e-0115-0607-055c2a000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 77d17aee1fde91fc-FRA
expires: Thu, 22 Dec 2022 14:59:11 GMT

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 59 B
304 B 137ms
82ms XHR
application/json 2606:4700::6812:1b55
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:1b55 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

date: Wed, 21 Dec 2022 14:59:11 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 77d17aeebe619217-FRA
access-control-allow-headers: Content-Type

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/202211.1.0/ 383 KB
92 KB 39ms
38ms Script
application/javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202211.1.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff3565cc93cf3c21b441dd5911de725fb55e4d203cfe380ea1b70adfc9c7504b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 21 Dec 2022 14:59:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 9qSRvp3H9roScfT6qXUxeQ==
age: 22293
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 93485
x-ms-lease-status: unlocked
last-modified: Thu, 15 Dec 2022 13:30:03 GMT
server: cloudflare
etag: 0x8DADEA07933BD54
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: e3dbcf52-f01e-014c-2807-1159ac000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 77d17aef4ad6bb85-FRA

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/1bdee92e-dd5f-49d1-9ccb-9a788319e959/6100965c-dab8-4356-a34f-a357e219a4fa/ 68 KB
13 KB 63ms
62ms Fetch
application/x-javascript 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/1bdee92e-dd5f-49d1-9ccb-9a788319e959/6100965c-dab8-4356-a34f-a357e219a4fa/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

34f56e228d705aa118440b8b8dc3cd9150563090edd15d926eb9480e3a4cd792

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 21 Dec 2022 14:59:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: cQN71reRbOW/mTgz7lJ55Q==
age: 46542
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 13533
x-ms-lease-status: unlocked
last-modified: Wed, 30 Nov 2022 22:00:15 GMT
server: cloudflare
etag: 0x8DAD31E4352F1E6
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: f6100955-701e-009e-6207-05a1a1000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 77d17aefdb5191fc-FRA
expires: Thu, 22 Dec 2022 14:59:11 GMT

GET
H2 200 otFloatingFlat.json Show response
cdn.cookielaw.org/scripttemplates/202211.1.0/assets/ 10 KB
3 KB 43ms
42ms Fetch
application/json 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202211.1.0/assets/otFloatingFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

179a0ba55c3bbf759340ba2a57846f81a7de249ed7e502b5e8814af2ef964533

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 21 Dec 2022 14:59:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: ArKqLlzKF+4bYVWIA8ARTQ==
age: 83099
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 2702
x-ms-lease-status: unlocked
last-modified: Thu, 15 Dec 2022 13:29:55 GMT
server: cloudflare
etag: 0x8DADEA0749EB81E
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 910bc5b5-d01e-0010-21d9-10ee00000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 77d17af03c1891fc-FRA

GET
H2 200 otPcCenter.json Show response
cdn.cookielaw.org/scripttemplates/202211.1.0/assets/v2/ 61 KB
12 KB 47ms
46ms Fetch
application/json 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202211.1.0/assets/v2/otPcCenter.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

40c8084ce459211c73bf91eaa18b6152cc5fc9e29245dcec381da35ee51334b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 21 Dec 2022 14:59:12 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: DNL7D9cwlU7yFZUg2W8ZNA==
age: 83099
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 12540
x-ms-lease-status: unlocked
last-modified: Thu, 15 Dec 2022 13:29:57 GMT
server: cloudflare
etag: 0x8DADEA0758F35B0
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: e2e96bfe-301e-0099-40d9-105724000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 77d17af03c1d91fc-FRA

GET
H2 200 otCommonStyles.css Show response
cdn.cookielaw.org/scripttemplates/202211.1.0/assets/ 21 KB
4 KB 39ms
38ms Fetch
text/css 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/202211.1.0/assets/otCommonStyles.css

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 21 Dec 2022 14:59:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: XcxlleAcPGO2n5kTZrHH2Q==
age: 46542
x-ms-lease-status: unlocked
last-modified: Thu, 15 Dec 2022 13:30:09 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/css
access-control-allow-origin: *
x-ms-request-id: 4cb42891-201e-0068-2ad9-1086b7000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 77d17af03c1f91fc-FRA

GET
H2 200 ot_close.svg
cdn.cookielaw.org/logos/static/ 651 B
623 B 36ms
36ms Image
image/svg+xml 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/ot_close.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 21 Dec 2022 14:59:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: pcXWFGpuVeSg/jVnYCseRg==
age: 53927
x-ms-lease-status: unlocked
last-modified: Mon, 19 Dec 2022 19:23:42 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 421ae4ec-701e-0095-230c-14b9d5000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 77d17af0ae5cbb85-FRA

GET
H2 200 ot_guard_logo.svg Show response
cdn.cookielaw.org/logos/static/ 497 B
494 B 40ms
39ms Fetch
image/svg+xml 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/202211.1.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 21 Dec 2022 14:59:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: tXyZydHjxQshFMbbBT1/8A==
age: 73183
x-ms-lease-status: unlocked
last-modified: Mon, 19 Dec 2022 19:23:42 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 57d21bbd-701e-0112-7c06-14aaaf000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 77d17af0bd0a91fc-FRA

GET
H2 200 SW_logo_black_print.png
cdn.cookielaw.org/logos/7465cc90-ea12-4f33-80a4-557abead3b10/1bdee92e-dd5f-49d1-9ccb-9a788319e959/4cc354d6-2763-454f-a29d-f10f1788b6aa/ 22 KB
22 KB 37ms
36ms Image
image/png 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/7465cc90-ea12-4f33-80a4-557abead3b10/1bdee92e-dd5f-49d1-9ccb-9a788319e959/4cc354d6-2763-454f-a29d-f10f1788b6aa/SW_logo_black_print.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b96ae3ad93fc2ec81fe1f623ba74a9f3f607f2ea79c7b741e55b73366b41cf73

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 21 Dec 2022 14:59:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 2qjIoAdJjqAKBeXNXVdNEg==
age: 13913
content-length: 22030
x-ms-lease-status: unlocked
last-modified: Tue, 22 Mar 2022 06:08:54 GMT
server: cloudflare
etag: 0x8DA0BCA71F312CB
vary: Accept-Encoding
content-type: image/png
access-control-allow-origin: *
x-ms-request-id: 88bc663b-401e-0133-0c8e-a3c79e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 77d17af0ceaebb85-FRA

GET
H2 200 powered_by_logo.svg
cdn.cookielaw.org/logos/static/ 5 KB
2 KB 36ms
35ms Image
image/svg+xml 2606:4700::6810:9440
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cdn.cookielaw.org/logos/static/powered_by_logo.svg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 21 Dec 2022 14:59:12 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: gzip
content-md5: Y+c301RBZNK39PvKQWrIBw==
age: 31308
x-ms-lease-status: unlocked
last-modified: Mon, 19 Dec 2022 19:23:43 GMT
server: cloudflare
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
x-ms-request-id: 487d5023-101e-000d-091e-1437ea000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
cf-ray: 77d17af0ceb2bb85-FRA

GET
H2 200 TI%20Exec%20Report-2022%20Vol%205-360x190.ashx
www.secureworks.com/-/media/Images/Insights/Resources/Reports/threat%20intelligence%202022%20vol%205/ 26 KB
26 KB 28ms
27ms Image
image/png 2620:1ec:4f:1::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.secureworks.com/-/media/Images/Insights/Resources/Reports/threat%20intelligence%202022%20vol%205/TI%20Exec%20Report-2022%20Vol%205-360x190.ashx

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:4f:1::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

da1fe3f8dde102a9b72a179c0c5dac00c9ce9d1ba39f40d741c8905a3759c0f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:11 GMT
x-content-type-options: nosniff
x-azure-ref-originshield: 0EHyhYwAAAAC6cMSyPmWARbTjCKmypBbaRlJBMjMxMDUwNDE4MDI5ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
x-cache: TCP_HIT
content-disposition: inline; filename="TI Exec Report-2022 Vol 5-360x190.png"
content-length: 26520
referrer-policy: no-referrer-when-downgrade
last-modified: Tue, 18 Oct 2022 20:23:43 GMT
server: Microsoft-IIS/10.0
etag: 8f54992782e64585bd45538579f5168e
x-azure-ref: 0QB+jYwAAAACg2hiq0HDdTII0C5mj1H5kRlJBMzFFREdFMDMyMAAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
content-type: image/png
cache-control: public, max-age=2592000
accept-ranges: bytes
expires: Wed, 18 Jan 2023 14:45:52 GMT

GET
H2 200 places_0059_submay-tunnel-in-motion_360x190.ashx
www.secureworks.com/-/media/Images/Insights/Places/059%20subway%20tunnel%20in%20motion/ 16 KB
16 KB 27ms
27ms Image
image/jpeg 2620:1ec:4f:1::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.secureworks.com/-/media/Images/Insights/Places/059%20subway%20tunnel%20in%20motion/places_0059_submay-tunnel-in-motion_360x190.ashx

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:4f:1::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

68eee8f211cc578654435110eecffce8723f6412ec47100e85d58a7723151646

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:11 GMT
x-content-type-options: nosniff
x-azure-ref-originshield: 05h6jYwAAAAD9XHEaDIo8QYfDdfsBRwwaRlJBMjMxMDUwNDE3MDE3ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
x-cache: TCP_HIT
content-disposition: inline; filename="places_0059_submay-tunnel-in-motion_360x190.jpg"
content-length: 16032
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 13 Apr 2016 13:58:52 GMT
server: Microsoft-IIS/10.0
etag: f78a5cdfd40b4bac8361d7b2446ff5a5
x-azure-ref: 0QB+jYwAAAAAiqzmEVeZnTLeIl81Uq1tRRlJBMzFFREdFMDMyMAAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
content-type: image/jpeg
cache-control: public, max-age=2586317
accept-ranges: bytes
expires: Thu, 19 Jan 2023 09:35:47 GMT

GET
H2 200 Frost-Sullivan-XDR-award-webinar-360x190.ashx
www.secureworks.com/-/media/Images/Insights/Resources/White%20Papers/Frost%20Sullivan%20XDR%202021/ 15 KB
16 KB 26ms
26ms Image
image/jpeg 2620:1ec:4f:1::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.secureworks.com/-/media/Images/Insights/Resources/White%20Papers/Frost%20Sullivan%20XDR%202021/Frost-Sullivan-XDR-award-webinar-360x190.ashx

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:4f:1::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

0362cdbe5964c7e4d350c77698f669858b183fec54cf5ab68f9812952aae5e85

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.secureworks.com/research/darktortilla-malware-analysis
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.124 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 21 Dec 2022 14:59:11 GMT
x-content-type-options: nosniff
x-azure-ref-originshield: 05h6jYwAAAADrQDTRF6+RQI6ngrfeBhLxRlJBMjMxMDUwNDE4MDI3ADNhNjliMjRhLWU0YjItNDhhMC1iYjk2LWZlZDRlOWYzODJiYg==
x-cache: TCP_HIT
content-disposition: inline; filename="Frost-Sullivan-XDR-award-webinar-360x190.jpg"
content-length: 15550
referrer-policy: no-referrer-when-downgrade
last-modified: Wed, 18 Aug 2021 20:50:48 GMT
server: Microsoft-IIS/10.0
etag: 54b7f06605d04300aa143a1fa46f6c24
x-azure-ref: 0QB+jYwAAAACAvOF2UEUMSpS+LHkfE1zBRlJBMzFFREdFMDMyMAAzYTY5YjI0YS1lNGIyLTQ4YTAtYmI5Ni1mZWQ0ZTlmMzgyYmI=
content-type: image/jpeg
cache-control: public, max-age=2592000
accept-ranges: bytes
expires: Fri, 20 Jan 2023 14:57:43 GMT

Verdicts & Comments Add Verdict or Comment

75 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.secureworks.com/	1969-12-31 23:59:59	Name: ApplicationGatewayAffinityCORS Value: fe782f07a4a30b728296a249197117bf
www.secureworks.com/	1969-12-31 23:59:59	Name: ApplicationGatewayAffinity Value: fe782f07a4a30b728296a249197117bf
www.secureworks.com/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: x4dr553pstub21krqmvg2o2t
www.secureworks.com/	1970-01-20 17:56:34	Name: SC_ANALYTICS_GLOBAL_COOKIE Value: b7e568845048438391c9170a1fd9f630\|False
www.secureworks.com/	1969-12-31 23:59:59	Name: ASLBSA Value: 000380727e236e0411a7a76a5d52ad30c1b4e37ca623b122d6484086f77f92d144aa
www.secureworks.com/	1969-12-31 23:59:59	Name: ASLBSACORS Value: 000380727e236e0411a7a76a5d52ad30c1b4e37ca623b122d6484086f77f92d144aa
.secureworks.com/	1970-01-20 17:56:34	Name: _mkto_trk Value: id:725-SMC-563&token:_mch-secureworks.com-1671634751515-48442
.secureworks.com/	1970-01-20 17:06:10	Name: OptanonConsent Value: isGpcEnabled=0&datestamp=Wed+Dec+21+2022+14%3A59%3A12+GMT%2B0000+(GMT)&version=202211.1.0&isIABGlobal=false&hosts=&landingPath=https%3A%2F%2Fwww.secureworks.com%2Fresearch%2Fdarktortilla-malware-analysis&groups=C0002%3A0%2CC0004%3A0%2CC0003%3A0%2CC0001%3A1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	object-src 'none'; script-src 'self' 'nonce-NzY1NDQyMTk4NTJjNDEyOWFmNWJhYjcwYzllNzAxNzk=' 'sha256-wY8ZJu7Uu8c5AFYGRuoE7SNBraw8IAkl5Yz+glnnte8=' 'sha256-UGfgrQ+GKJogDAQthuGt5lpepOeF3ypbYTr2PPxcBdU=' 'sha256-hUiPqjPAx0BTYk+HP/Ohq7cZFW+CFLUDreW74sIBUJk=' 'sha256-MWnKpq2mO4B+C/F7fLTeifs05WkVCc8Hkl+SzXGUmtI=' 'sha256-QiHtJSgKkeO/qh+2A9GCUt3xk8ONLQAa6uua+j+nHLg=' 'sha256-7+1sMW/o6RcIncEOmuvZbRThB6NRZLwQjvsqQAGehKA=' 'sha256-tYinntSHdpRdg0LwZuBycjWqxaMdCzBdOnOGsSZH2Ho=' 'sha256-DP0AJIADL+tS8s/bg6t7xbMHunrd17JCuOgpyNjxt/M=' 'sha256-sqwbnK0D7p9u3WG0lgAYLYmp/byKS9zlT2eFORz1SDY=' 'sha256-L436NBsgbW4nnr2zz6geY9aouLDwQiH+458+ny7TeJ8=' 'sha256-t21JzuoP0AGVdHYfaGtWzFviQ1hj34OuECR3Ur2P1Dk=' 'sha256-kmGPVWtzfwq6b9fEOy1NmWxrKyxreHZU5tKvRxQpDMA=' 'sha256-SAqGhA/G1eraYlnHKoGwPlIvGfOo45eq5hoyKq2LnUY=' 'sha256-+08d4MzO/if2DlZslM+0a0gvpYaPHK7ilzV9yUXHxRo=' 'sha256-5RKybv4IYG3Rt1CcIXoS1OAD7D0vjWLop/a6KVpWxM0=' 'sha256-N/Mk5WIdXnJRlsc5rmMcLJsovC5ozGJ5BmVdRxKOeNc=' 'sha256-XJEfHQ97N7xwKM6MQXMpabeUHxVT647JYAYwrOX6sQQ=' 'sha256-sdKFLBOaDq01ySztbW/n0JnIwsMIlCr7AaMAznJOqA0=' 'sha256-7pyFNQ34QDbIyjfqF4dboUBH/FqtGtJgw7KPgC+aKY8=' 'sha256-yYGe3YxZ1stILsg6s+TKQ7ACovlrQ/V7H5hpGiko1EI=' 'sha256-JcTUCZru8bIzmyUfGjmyP1Nwn0ccUuwLyJA5/jgV2jI=' 'sha256-zEF/ALwwDYV2nZ+rdYGh2XpjU1lbO3oZ2osZayOlmpw=' 'sha256-ErdS+5vyua60ApoR4T4MK5hMhAxO8I75iqTuR4st0lk=' 'sha256-dgOinhXczUSm4ADnOKjecy4HqoIpihiWY1xMUGi3KiE=' 'sha256-bAZaADjFxXYURQUP9Z4p4eiIim+gCGst1ZWemjLGJxo=' 'sha256-x3E2vOOOHY24kNAmZOQxorAyW5o6cX3R7J5Jg+RTqZY=' 'sha256-WJHVKi7ReHnWJF4AUmd9vWDpqeX8GVtEsyAJP01M130=' 'sha256-mvYU2m+aQi6xWWVpxauZ/UaXg+HkwxCv4r/qVBDAm3A=' 'sha256-IgMQOOOedQeMPBl7lSreMVPmJvU62bc6l8HcsGXnbWc=' 'sha256-Ov0LRI92VqZTYbOhyIvK8iFCm9rBs/HXaYLwlDMrra0=' 'sha256-HjgaVwCCuGQHih00gvN/PUGZuGwVIWd/6sThgUEi83E=' 'sha256-7oEVqsTDSU0XTGoiH3B7bXM3sMDjv58JCTndWi8pUKw=' 'sha256-ZlXTkZmAmWswFmM/VCVi0DLagBh+F9JWQiK/yRsf7yc=' 'sha256-76Yt/S5cofMdn9d5/cJOU32zSvhw1A8QJDSgL1c0YRI=' 'sha256-z4pF+zMq94+GUUF273G0WvSAL91jUazcB1NOISkNlzk=' 'sha256-4OIRiOWgv2ak/dapUtCUuoqEUnVBrH8A9LJCp3dthUw=' 'sha256-ew0tynw+zAqBiv217Nj202XmktwGvkQU7jXqQMotiHg=' 'sha256-2mFyIAC6FjDBvAg15BPawsugazV1sKm4T9x09V76BK0=' 'sha256-kxoZz5p2Ko+K+FXi8lIZc2opwhJF9WD4/wy9+dLYHzY=' 'sha256-+ThII46Fk+h63393vJ+nvAEZnTSXIwpqVJDSklAo5eM=' 'sha256-hUowsewUBuLRjFz7Z3pohTKe/pX/uO7uKD1k25qHLQY=' 'sha256-pMZUEpT65ftOEzHdiYyq/2vt545RymVHJSh5H2y5BDk=' 'sha256-nGkmLI0CpGjUy6Gg2vRE6xAh+vU4jlNVmPB+55WJmn8=' 'sha256-j6LWS7Q+Wsyd91b6000yHCoIqUaJIJQq56Lw3XQPcHA=' 'sha256-XQ6pUmmjpjpunCfT67q0ACDA7NqxLJx1iJwCFhC73wo=' 'sha256-tCniuKIyeHpfi5vxJOgLkz0eRI+cerKWFRsy5hMt5V0=' 'sha256-EZaJwK6Bh4sdKWjgv6zhJUdT2ISL4NhEQSPYf++uAeU=' 'sha256-1T7dud0UtKJZdhJcgsp1gh8MZDyA3S8DIsOpB3+co4M=' 'sha256-g6A8gRllShDRUg9hmXQZ0ZvMQ35F4jsarESQIDJtpE4=' 'sha256-y6vRm9V8P08qfB27ukHo07LF4IM00RKuKNzQBfsBlgg=' 'sha256-1GbAOPSdN7GyL999DpkIzp8XYAH1OP43heqQi7uU3FQ=' 'sha256-1p8zU6DNbl/tn8sFUoVBsvAF+dwRMDHK3WXM4vqIhDc=' 'sha256-a/dU49b8+CePl3YeekAugUB79FoCfbN22DFVyavn9pM=' 'sha256-39FcaN3WyGnHnf2UX+fHrSBSJq4KI6BETrXNemtzDa8=' 'sha256-4N1dEVT13lNPCpxXX2XuIlfUBwZp3wNLb/hBbSKGESA=' 'sha256-hNSRZgUy89mPGFidDBRWC4Ed4jKTrCtZP2zeBPNbdeI=' https://code.jquery.com https://js-agent.newrelic.com https://bam.nr-data.net https://content.secureworks.com https://pcdnscwx001.azureedge.net https://live-scwx-pe.pantheonsite.io https://marketo-scwx-pe.pantheonsite.io https://munchkin.marketo.net https://app-ab44.marketo.com https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googletagmanager.com https://ajax.googleapis.com https://tagmanager.google.com https://translate.google.com https://bat.bing.com https://connect.facebook.net https://ad.atdmt.com https://static.ads-twitter.com https://analytics.twitter.com https://www.linkedin.com https://px.ads.linkedin.com https://snap.licdn.com https://sjs.bizographics.com https://.vimeo.com https://.vimeocdn.com https://j.6sc.co https://b.6sc.co https://.6sc.co https://epsilon.6sense.com https://.rlcdn.com https://gateway.zscaler.net https://scwx.annuitas.io https://geolocation.onetrust.com https://optanon.blob.core.windows.net https://cdn.cookielaw.org https://trk.techtarget.com https://api.rollbar.com https://.drift.com https://.driftt.com https://.simplecast.com https://.crazyegg.com https://widgets.ziftsolutions.com https://hammock.hotprofile.biz https://transfertool.hotprofile.biz/production/ https://m-store-hammock.hot-profile.com/hot-profile/ https://wa2.hot-profile.com https://.on24.com https://.ceros.com https://.ubembed.com https://assets.ubembed.com https://app-script.monsido.com https://monsido-consent.com https://tracking.monsido.com https://.redditstatic.com https://.ensighten.com https://.ml314.com https://.choozle.com https://.bluekai.com https://cdn.bizible.com https://cdn.bizibly.com https://ws-assets.zoominfo.com https://ws.zoominfo.com https://insight.adsrvr.org https://js.adsrvr.org https://.clarity.ms https://static.ads-twitter.com https://cdn.pdst.fm https://.cloudfunctions.net https://tag.demandbase.com https://.bidr.io https://.company-target.com https://www.teads.com https://p.teads.tv https://www.facebook.com connect.facebook.net; img-src 'self' https://.vimeo.com https://.vimeocdn.com content.secureworks.com pcdnscwx001.azureedge.net id.rlcdn.com .googletagmanager.com cdn.cookielaw.org .gstatic.com optanon.blob.core.windows.net web.secureworks.com bat.bing.com .google-analytics.com j.6sc.co b.6sc.co c.6sc.co epsilon.6sense.com www.google.com attr.ml-api.io s.ml-attr.com www.google.com.ua secure.adnxs.com apt.techtarget.com id.rlcdn.com px.ads.linkedin.com .adslinkedin.com p.adsymptotic.com www.linkedin.com static.ziftsolutions.com .crazyegg.com .ubembed.com .redditstatic.com alb.reddit.com .ensighten.com ml314.com .choozle.com .bluekai.com cdn.bizible.com cdn.bizibly.com tracking.monsido.com .clarity.ms analytics.twitter.com t.co .bidr.io *.company-target.com www.facebook.com t.teads.tv; frame-ancestors 'none';
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

725-smc-563.mktoresp.com
cdn.cookielaw.org
content.secureworks.com
fonts.googleapis.com
fonts.gstatic.com
geolocation.onetrust.com
munchkin.marketo.net
scwx.annuitas.io
www.googletagmanager.com
www.secureworks.com
192.28.144.124
23.45.104.85
2606:4700::6810:9440
2606:4700::6812:1b55
2620:12a:8001::2
2620:1ec:4f:1::44
2a00:1450:4001:806::2008
2a00:1450:4001:82a::2003
2a00:1450:4001:82b::200a
2a02:26f0:1700:d::1737:6e8f
0049c42b57e92164c558905bff7c17441afe55dc569f0062162e77a532964b80
00bca840431e27eaa77f57d0dcdd8a2ef3c434a308dbde2f97aaf8359e848d18
01922d641b94002b4861c92b1462f8e9008baaa53707603d64a5b97fee783b03
0362cdbe5964c7e4d350c77698f669858b183fec54cf5ab68f9812952aae5e85
08681ba3da35c665e877f6f9a6e158ff94b4d96c363610cdb061ebb79a718c35
0ff82f1393a06e0572aaec57ea2e54f5cbe9733281c33597cf157d92e78d2844
154248124c7d6ba28a3d741311104b4d4a503dad23095470f663f2613532c733
179a0ba55c3bbf759340ba2a57846f81a7de249ed7e502b5e8814af2ef964533
17d07551ce1a1399239c84c686df031c0e068f34b979cf621daa6f6b33165863
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
22494645cd5c6508829ef760cfafdf7292ddfbb824f23a323b6d3f3bd10a2538
2413337fb4673ef87c86a35c47611f61420e0c4ed0d1b46fb6e6fa01e5f54f51
30a584b184cc0bffda4f65106a5440dd18027f5d832d74b56ee5d219b3b48cd6
318f094b79b56bc57c182543d28cffa228816b3d53a1361ad21d9830cfc4f55b
34f56e228d705aa118440b8b8dc3cd9150563090edd15d926eb9480e3a4cd792
3931826d11b4250a6e4d10a8249417bbdf73eb1a03f95f124b790b5c8a576bab
394e969fc7f0aa85a1cf698f0aba18c5f931463ea9091d9914b17df6ad9893e7
3c7024701a817fee5de0e62bb8d83edb43e08a9be594dde00fd2d2fcf5a20fd0
40c8084ce459211c73bf91eaa18b6152cc5fc9e29245dcec381da35ee51334b0
44ca0939ee0fb76f4871cf1b4b35b23dfd67c44aa6673f4dc76ccd476a05ccd8
4bfff8ead47480a1ec16c5a282262bfbf5def48527635946dadeb71958f02602
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5d4972183041556a4368526fbac13acafc83de9ff3ca29ce81f31eb29c8f8a57
5ebcdd5733470d147d39d595bf431d4a0ac1008b830d46506ad9438d03553eef
5f2d6e604ad2bafcb500a244f270fa557c8275586dc31c9058a1cfa4f46d125f
5fa00d047acd959697b9d7772c31dcd37bec33c70c6fbf80ab8316205d1d286d
62e55cc7119c6aae1e7aaac1870c9796ccc25fccdd4937f126f6114e66fd3b5a
64ba221769f51fcba3ae03ff9ebccac7cc1017e5f10900475b871ecfe7bda514
6895318639473264d86f0148e6247451f76849e5a75212297b333fe7181cd326
68eee8f211cc578654435110eecffce8723f6412ec47100e85d58a7723151646
691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
6fb7b90a809d74d9cbe61845481acd2df1ff6ca86ef4cdb21b165116cea623dd
723a553818880d604ae8b8aa9e14521a5c5b885816931ce0ac522f23083b3e79
752dd070e8cebef9f65b50aea437d166ad27acaf00dcafb17f4edd7aa77f5a1b
7769ab9086a2c079f789f8fa45234036dbfd48186ce42a507fe2cd1c25a3fab0
7863ca6b764cf33a59a47bd455e1ef2713b5599e78e8d5b1803c0e8844186b70
79fad722d19f564084c672a04f8bbd3800f53e10d869701b8c8fc49b56b83e5a
7e72877c60ab8819f0bb79b3b80ff59857560f32b0063aa5d33972a1847697b2
82ce9acb16b4d2e861bd9a730e981c6f1b5443cac2217d0afb40d320f7e163c3
87a2344d633ebafbbd87a3096a3f2549b7e672823bc9eb06bae809ac1a256f51
901bb0e03b8c3c0a1cf4c487a177417328bb7d8c94106ecefceedd7d7f6c4ddc
91a50850c517899e1c975079158949f7a500ddf5a7307fe36bf50092926beedc
930239150e702d9d4bf43c3881aa70f8ad5fd9068dcbecb7c8bcca654784f7f1
98842c0f43a891b9264682dda87aab221bbe5aabfc08cb44f6785df5cf595326
994d380448d039b7d1c6aa96008c28f2cdd1c40634f829893ff91b27cb92db42
9eb064a8d93265a1b1bb725f0db9c1d209a4efdae9eca7ddc67a094755c64b4f
9f1a4ba00de603e3f00a969f62525a93f1292c0d083ac82d8bbd72caae052b93
a3950b23aedb801776d097d5b836a9f8d6978359cb181067d150d8a5d56bf083
aaf0f3286bb1e3e3b0886954cd3dd9ac5b98104ca08a520dbc02dcc7ea090c0d
b26c5e3f314ea765ecec79c3c9702b187aef83159a43a9c2a532e5f68d135d70
b59483e35a1d02486315e56e20d8e4c492859bce398097e768b2b91de1fa89df
b96ae3ad93fc2ec81fe1f623ba74a9f3f607f2ea79c7b741e55b73366b41cf73
ba24f9ef72f1973e4b0b7b2a2302836376fe6e2f533eaee680ee711d835827d9
baa55d1d4627050073e047eb2f9dbe86720736f51f37a116602e5705c3966b33
baacf8d144dbd8a579bde4d8221f515052f5eeb8a3a81cb6415cea17b4e30f9f
bbc4456bca95006683a8f081d0d2ed645eef5b14c62eca12c70f7e1cec26c1a0
c14c30ca00b3badf163de6dc6d1ee20208fc164bacc5b2dd5bee60d13a80cda0
c414c4b0d50c45bc35cd0beae9dd6e255bc68bb44b7f2298f55ad4e1ba9efec0
c97d6fa5b4ad8db4c6110b5e4a13eb698c381f580cb44440813c04f369df0a56
ca6538789c7267c0fd372b35a2de78fe51227c09651cc785afeae0b485913548
ca830692a08d6782a873814816325da9b1d78685ba2a6e0cb8dbf353068aa2d8
cbfbd6f3e7601336282fb9d30d8358e6ba68377e2bc0b69d32144bcd2bb1108f
ce9d07500ad91ec2b524c270764ec4c9a33e78320d8d374ec400ede488f6251b
d06f16436de248c88426110742cf0fa0e9fe7a2707399ecb2f27b3425a6b6162
d369ff6f9f28ed06ac81a430e3c10c80097cc18992e090133845b87d205fe1ce
d4e7d83d3cc135b07a38c58433b2d7c363a1d8d4450b021d0eddda62d222a229
d72b2e64a9dcff3480f93b796bc7d9932f37ba7ec859822d14bbafa91a5bd614
d774717dcbf112735e877fa11abd3b7a3e9ce75c82935d0a78724132c8ca1fe3
da1fe3f8dde102a9b72a179c0c5dac00c9ce9d1ba39f40d741c8905a3759c0f3
db61679243f9f3b5a03de90b1ad228130ad3e87b79b9d153ce1ca6afbdf9a2b0
e859546666d2f0254e40a7f73b7132acac6f3d5b65cf356b39e2ef11e596b8ad
ed29203489c4a783ed40982e756aa1448078d6f12c2eb12ec4051a46ee445996
f3fbef930989a82aab70be4871c21f9dac22732ad7af9bdc2a67b58dbbfe22cc
fa85f97108080f24b26ca0450d471edf522d233337c1b73e41ab4a27d19ac94f
fbdd71ed9a2c925dfc858e1777398c502c8dc7d0914f2eb9515ce619b4d990fd
ff3565cc93cf3c21b441dd5911de725fb55e4d203cfe380ea1b70adfc9c7504b

www.secureworks.com Open in urlscan Pro 2620:1ec:4f:1::44 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

77 Requests

100 %HTTPS

80 %IPv6

9 Domains

10 Subdomains

10 IPs

2 Countries

2865 kBTransfer

4916 kBSize

8 Cookies

65 Outgoing links

Redirected requests

77 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.secureworks.com Open in urlscan Pro
2620:1ec:4f:1::44 Public Scan

Screenshot
Live screenshot

Full Image

77
Requests

100 %
HTTPS

80 %
IPv6

9
Domains

10
Subdomains

10
IPs

2
Countries

2865 kB
Transfer

4916 kB
Size

8
Cookies

77 HTTP transactions
0 data transactions