www.sentinelone.com Open in urlscan Pro
104.24.117.125 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Submission: On October 14 via api (October 14th 2019, 7:40:13 pm UTC) from CH

Summary HTTP 120 Redirects Links 18 Behaviour Indicators

Summary

This website contacted 47 IPs in 7 countries across 41 domains to perform 120 HTTP transactions. The main IP is 104.24.117.125, located in United States and belongs to CLOUDFLARENET - Cloudflare, Inc., US. The main domain is www.sentinelone.com.
TLS certificate: Issued by CloudFlare Inc ECC CA-2 on February 11th 2019. Valid for: a year.

This is the only time www.sentinelone.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 50	104.24.117.125 104.24.117.125	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
2	143.204.101.77 143.204.101.77	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2606:4700::68... 2606:4700::6810:262f	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2606:4700::68... 2606:4700::6812:e134	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2600:9000:21f... 2600:9000:21f3:cc00:9:9d18:4580:21	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2600:9000:20e... 2600:9000:20eb:9600:1c:8a07:5e80:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a00:1450:400... 2a00:1450:4001:818::200a	15169 (GOOGLE) (GOOGLE - Google LLC)
5	2a00:1450:400... 2a00:1450:4001:816::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
2	34.241.136.74 34.241.136.74	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a00:1450:400... 2a00:1450:4001:81a::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
1 2	2a00:1450:400... 2a00:1450:4001:80b::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1	216.58.206.2 216.58.206.2	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation)
1	151.101.12.65 151.101.12.65	54113 (FASTLY) (FASTLY - Fastly)
2	2a03:2880:f01... 2a03:2880:f01c:8012:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK - Facebook)
12	23.253.188.26 23.253.188.26	19994 (RACKSPACE) (RACKSPACE - Rackspace Hosting)
2	104.111.251.133 104.111.251.133	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	143.204.101.88 143.204.101.88	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a02:26f0:6c0... 2a02:26f0:6c00:28c::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	151.101.13.2 151.101.13.2	54113 (FASTLY) (FASTLY - Fastly)
1	151.101.112.157 151.101.112.157	54113 (FASTLY) (FASTLY - Fastly)
1	151.101.113.140 151.101.113.140	54113 (FASTLY) (FASTLY - Fastly)
1 1	2a00:1450:400... 2a00:1450:400c:c04::9a	15169 (GOOGLE) (GOOGLE - Google LLC)
1 2	2a00:1450:400... 2a00:1450:4001:81d::2004	15169 (GOOGLE) (GOOGLE - Google LLC)
2	2a00:1450:400... 2a00:1450:4001:819::2003	15169 (GOOGLE) (GOOGLE - Google LLC)
1	2606:4700::68... 2606:4700::6810:252f	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	2600:9000:215... 2600:9000:2156:4200:c:a9b7:ddc0:93a1	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a00:1450:400... 2a00:1450:4001:81a::2002	15169 (GOOGLE) (GOOGLE - Google LLC)
1 2	2a05:f500:11:... 2a05:f500:11:101::b93f:9005	14413 (LINKEDIN) (LINKEDIN - LinkedIn Corporation)
1 1	2a05:f500:11:... 2a05:f500:11:101::b93f:9001	14413 (LINKEDIN) (LINKEDIN - LinkedIn Corporation)
1	3.223.86.3 3.223.86.3	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	34.233.22.190 34.233.22.190	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
6 9	34.252.172.232 34.252.172.232	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	3.210.94.27 3.210.94.27	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1	104.244.42.69 104.244.42.69	13414 (TWITTER) (TWITTER - Twitter Inc.)
1	192.28.144.124 192.28.144.124	15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.)
2	2a03:2880:f11... 2a03:2880:f11c:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	52.56.51.220 52.56.51.220	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER - Twitter Inc.)
1 1	2a00:1288:110... 2a00:1288:110:c305::a000	34010 (YAHOO-IRD) (YAHOO-IRD)
1	3.81.196.225 3.81.196.225	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
1 2	34.95.120.147 34.95.120.147	15169 (GOOGLE) (GOOGLE - Google LLC)
1	69.173.144.136 69.173.144.136	26667 (RUBICONPR...) (RUBICONPROJECT - The Rubicon Project)
1 1	172.217.18.162 172.217.18.162	15169 (GOOGLE) (GOOGLE - Google LLC)
1 2	185.33.223.202 185.33.223.202	29990 (ASN-APPNEXUS) (ASN-APPNEXUS - AppNexus)
1 2	18.196.132.129 18.196.132.129	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	104.16.94.80 104.16.94.80	13335 (CLOUDFLAR...) (CLOUDFLARENET - Cloudflare)
1	151.101.14.110 151.101.14.110	54113 (FASTLY) (FASTLY - Fastly)
1	162.247.242.21 162.247.242.21	23467 (NEWRELIC-...) (NEWRELIC-AS-1 - New Relic)
2	184.106.10.72 184.106.10.72	19994 (RACKSPACE) (RACKSPACE - Rackspace Hosting)
120	47

50 104.24.117.125 (United States) 1 redirects

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

www.sentinelone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
go.sentinelone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 143.204.101.77 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-101-77.fra50.r.cloudfront.net

app.cdn.lookbookhq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:262f (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

js.maxmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:e134 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

cdn.onesignal.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21f3:cc00:9:9d18:4580:21 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

d12ee1u74lotna.cloudfront.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20eb:9600:1c:8a07:5e80:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

platform-api.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:818::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:816::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.241.136.74 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-241-136-74.eu-west-1.compute.amazonaws.com

collector-5527.tvsquared.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81a::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80b::200e (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.206.2 (Mountain View, United States)

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra16s20-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.12.65 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

tag.marinsm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f01c:8012:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 23.253.188.26 (San Antonio, United States)

ASN19994 (RACKSPACE - Rackspace Hosting, US)

developer.livehelpnow.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.111.251.133 (Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-251-133.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 143.204.101.88 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-143-204-101-88.fra50.r.cloudfront.net

munchkin.brightfunnel.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:6c00:28c::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.13.2 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

a.quora.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.112.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.113.140 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c04::9a (Brussels, Belgium) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81d::2004 (Frankfurt am Main, Germany) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:819::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:252f (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

geoip-js.maxmind.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2156:4200:c:a9b7:ddc0:93a1 (United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)

c.sharethis.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81a::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:f500:11:101::b93f:9005 (Ireland) 1 redirects

ASN14413 (LINKEDIN - LinkedIn Corporation, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:f500:11:101::b93f:9001 (Ireland) 1 redirects

ASN14413 (LINKEDIN - LinkedIn Corporation, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.223.86.3 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-3-223-86-3.compute-1.amazonaws.com

q.quora.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.233.22.190 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-233-22-190.compute-1.amazonaws.com

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 34.252.172.232 (Dublin, Ireland) 6 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-34-252-172-232.eu-west-1.compute.amazonaws.com

pixel-geo.prfct.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.210.94.27 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-3-210-94-27.compute-1.amazonaws.com

count-server.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.69 (United States)

ASN13414 (TWITTER - Twitter Inc., US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 192.28.144.124 (United States)

ASN15224 (OMNITURE - Adobe Systems Inc., US)

327-mnm-087.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f11c:8083:face:b00c:0:25de (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.56.51.220 (London, United Kingdom)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-56-51-220.eu-west-2.compute.amazonaws.com

ga.clearbit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.244.42.131 (United States)

ASN13414 (TWITTER - Twitter Inc., US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1288:110:c305::a000 (United Kingdom) 1 redirects

ASN34010 (YAHOO-IRD, GB)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.81.196.225 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-3-81-196-225.compute-1.amazonaws.com

pixel.prfct.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.95.120.147 (United States) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: 147.120.95.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.136 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.217.18.162 (United States) 1 redirects

ASN15169 (GOOGLE - Google LLC, US)
PTR: fra15s29-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.33.223.202 (Netherlands) 1 redirects

ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US)
PTR: 318.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.196.132.129 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-196-132-129.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.94.80 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)

app-ab14.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.14.110 (Frankfurt am Main, Germany)

ASN54113 (FASTLY - Fastly, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 162.247.242.21 (San Francisco, United States)

ASN23467 (NEWRELIC-AS-1 - New Relic, US)
PTR: bam-9.nr-data.net

bam.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.106.10.72 (San Antonio, United States)

ASN19994 (RACKSPACE - Rackspace Hosting, US)

www.livehelpnow.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
50	sentinelone.com 1 redirects www.sentinelone.com go.sentinelone.com	3 MB
14	livehelpnow.net developer.livehelpnow.net www.livehelpnow.net	96 KB
10	prfct.co 6 redirects pixel-geo.prfct.co pixel.prfct.co	4 KB
5	gstatic.com fonts.gstatic.com	41 KB
4	sharethis.com 1 redirects platform-api.sharethis.com count-server.sharethis.com l.sharethis.com	29 KB
3	linkedin.com 2 redirects px.ads.linkedin.com www.linkedin.com	1 KB
3	doubleclick.net 2 redirects stats.g.doubleclick.net googleads.g.doubleclick.net cm.g.doubleclick.net	1 KB
2	adnxs.com 1 redirects secure.adnxs.com	2 KB
2	openx.net 1 redirects us-u.openx.net	475 B
2	twitter.com analytics.twitter.com	411 B
2	facebook.com www.facebook.com	200 B
2	google.de www.google.de	219 B
2	google.com 1 redirects www.google.com	311 B
2	quora.com a.quora.com q.quora.com	4 KB
2	marketo.net munchkin.marketo.net	6 KB
2	facebook.net connect.facebook.net	87 KB
2	bing.com bat.bing.com	7 KB
2	google-analytics.com 1 redirects www.google-analytics.com	18 KB
2	tvsquared.com collector-5527.tvsquared.com	9 KB
2	maxmind.com js.maxmind.com geoip-js.maxmind.com	3 KB
2	lookbookhq.com app.cdn.lookbookhq.com	2 KB
1	nr-data.net bam.nr-data.net	261 B
1	newrelic.com js-agent.newrelic.com	9 KB
1	marketo.com app-ab14.marketo.com	58 KB
1	rubiconproject.com pixel.rubiconproject.com	239 B
1	yahoo.com 1 redirects ads.yahoo.com	648 B
1	clearbit.com ga.clearbit.com	1 KB
1	mktoresp.com 327-mnm-087.mktoresp.com	303 B
1	t.co t.co	170 B
1	reddit.com alb.reddit.com	316 B
1	consensu.org c.sharethis.mgr.consensu.org
1	redditstatic.com www.redditstatic.com	5 KB
1	ads-twitter.com static.ads-twitter.com	2 KB
1	licdn.com snap.licdn.com	2 KB
1	brightfunnel.com munchkin.brightfunnel.com	7 KB
1	marinsm.com tag.marinsm.com	4 KB
1	googleadservices.com www.googleadservices.com	9 KB
1	googletagmanager.com www.googletagmanager.com	37 KB
1	googleapis.com fonts.googleapis.com	1 KB
1	cloudfront.net d12ee1u74lotna.cloudfront.net	456 B
1	onesignal.com cdn.onesignal.com	3 KB
120	41

	Domain	Requested by
44	www.sentinelone.com	1 redirects www.sentinelone.com munchkin.brightfunnel.com
12	developer.livehelpnow.net	www.sentinelone.com developer.livehelpnow.net
9	pixel-geo.prfct.co	6 redirects www.sentinelone.com
6	go.sentinelone.com	www.sentinelone.com go.sentinelone.com
5	fonts.gstatic.com	go.sentinelone.com www.sentinelone.com
2	www.livehelpnow.net
2	l.sharethis.com	1 redirects www.sentinelone.com
2	secure.adnxs.com	1 redirects www.sentinelone.com
2	us-u.openx.net	1 redirects www.sentinelone.com
2	analytics.twitter.com	www.sentinelone.com static.ads-twitter.com
2	www.facebook.com	www.sentinelone.com connect.facebook.net
2	px.ads.linkedin.com	1 redirects www.sentinelone.com
2	www.google.de	www.sentinelone.com
2	www.google.com	1 redirects www.sentinelone.com
2	munchkin.marketo.net	www.sentinelone.com munchkin.marketo.net
2	connect.facebook.net	www.sentinelone.com connect.facebook.net
2	bat.bing.com	www.googletagmanager.com www.sentinelone.com
2	www.google-analytics.com	1 redirects www.googletagmanager.com
2	collector-5527.tvsquared.com	www.sentinelone.com
2	app.cdn.lookbookhq.com	www.sentinelone.com
1	bam.nr-data.net	js-agent.newrelic.com
1	js-agent.newrelic.com	www.sentinelone.com
1	app-ab14.marketo.com	go.sentinelone.com
1	cm.g.doubleclick.net	1 redirects
1	pixel.rubiconproject.com	www.sentinelone.com
1	pixel.prfct.co	www.sentinelone.com
1	ads.yahoo.com	1 redirects
1	ga.clearbit.com	www.googletagmanager.com
1	327-mnm-087.mktoresp.com	munchkin.marketo.net
1	t.co	www.sentinelone.com
1	count-server.sharethis.com	platform-api.sharethis.com
1	alb.reddit.com	www.sentinelone.com
1	q.quora.com	www.sentinelone.com
1	www.linkedin.com	1 redirects
1	googleads.g.doubleclick.net	www.googleadservices.com
1	c.sharethis.mgr.consensu.org	platform-api.sharethis.com
1	geoip-js.maxmind.com	js.maxmind.com
1	stats.g.doubleclick.net	1 redirects
1	www.redditstatic.com	www.sentinelone.com
1	static.ads-twitter.com	www.sentinelone.com
1	a.quora.com	www.sentinelone.com
1	snap.licdn.com	www.sentinelone.com
1	munchkin.brightfunnel.com	www.sentinelone.com
1	tag.marinsm.com	www.sentinelone.com
1	www.googleadservices.com	www.googletagmanager.com
1	www.googletagmanager.com	www.sentinelone.com
1	fonts.googleapis.com	www.sentinelone.com
1	platform-api.sharethis.com	www.sentinelone.com
1	d12ee1u74lotna.cloudfront.net	www.sentinelone.com
1	cdn.onesignal.com	www.sentinelone.com
1	js.maxmind.com	www.sentinelone.com
120	51

This site contains links to these domains. Also see Links.

Domain
jobs.jobvite.com
blog.trendmicro.com
www.virustotal.com
developer.apple.com
yara.readthedocs.io
www.rapidtables.com
en.wikipedia.org
attack.mitre.org
www.linkedin.com
twitter.com
goo.gl
www.facebook.com
go.sentinelone.com
www.google.com

Subject Issuer	Validity	Valid
sentinelone.com CloudFlare Inc ECC CA-2	`2019-02-11` - `2020-02-11`	a year	crt.sh
cdn.lookbookhq.com Amazon	`2019-01-03` - `2020-02-03`	a year	crt.sh
*.maxmind.com COMODO RSA Organization Validation Secure Server CA	`2018-10-15` - `2020-11-06`	2 years	crt.sh
ssl898578.cloudflaressl.com COMODO ECC Domain Validation Secure Server CA 2	`2019-10-11` - `2020-04-18`	6 months	crt.sh
*.cloudfront.net DigiCert Global CA G2	`2019-07-17` - `2020-07-05`	a year	crt.sh
*.sharethis.com Go Daddy Secure Certificate Authority - G2	`2017-09-26` - `2020-09-29`	3 years	crt.sh
*.googleapis.com GTS CA 1O1	`2019-10-03` - `2019-12-26`	3 months	crt.sh
*.google.com GTS CA 1O1	`2019-09-17` - `2019-12-10`	3 months	crt.sh
*.tvsquared.com COMODO RSA Domain Validation Secure Server CA	`2018-10-23` - `2020-10-22`	2 years	crt.sh
*.google-analytics.com GTS CA 1O1	`2019-09-17` - `2019-12-10`	3 months	crt.sh
www.googleadservices.com GTS CA 1O1	`2019-09-17` - `2019-12-10`	3 months	crt.sh
www.bing.com Microsoft IT TLS CA 2	`2019-04-30` - `2021-04-30`	2 years	crt.sh
g.ssl.fastly.net GlobalSign Organization Validation CA - SHA256 - G2	`2019-09-23` - `2020-09-23`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2019-09-22` - `2019-12-20`	3 months	crt.sh
*.livehelpnow.net Go Daddy Secure Certificate Authority - G2	`2018-07-14` - `2020-07-14`	2 years	crt.sh
*.marketo.net DigiCert SHA2 Secure Server CA	`2018-12-24` - `2020-03-24`	a year	crt.sh
*.brightfunnel.com Amazon	`2019-05-11` - `2020-06-11`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
quora.com Let's Encrypt Authority X3	`2019-09-27` - `2019-12-26`	3 months	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2019-08-14` - `2020-08-18`	a year	crt.sh
*.reddit.com DigiCert SHA2 Secure Server CA	`2018-08-17` - `2020-09-02`	2 years	crt.sh
www.google.de GTS CA 1O1	`2019-09-17` - `2019-12-10`	3 months	crt.sh
*.sharethis.mgr.consensu.org Go Daddy Secure Certificate Authority - G2	`2018-05-21` - `2020-05-21`	2 years	crt.sh
*.g.doubleclick.net GTS CA 1O1	`2019-09-17` - `2019-12-10`	3 months	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2019-05-29` - `2021-06-29`	2 years	crt.sh
*.quora.com Let's Encrypt Authority X3	`2019-09-30` - `2019-12-29`	3 months	crt.sh
alb.reddit.com Amazon	`2019-05-20` - `2020-06-20`	a year	crt.sh
*.prfct.co DigiCert SHA2 Secure Server CA	`2019-09-03` - `2021-10-27`	2 years	crt.sh
t.co DigiCert SHA2 High Assurance Server CA	`2019-04-09` - `2020-04-01`	a year	crt.sh
*.mktoresp.com GeoTrust RSA CA 2018	`2018-02-05` - `2020-02-05`	2 years	crt.sh
www.google.com GTS CA 1O1	`2019-09-17` - `2019-12-10`	3 months	crt.sh
clearbit.com Amazon	`2018-11-21` - `2019-12-21`	a year	crt.sh
*.twitter.com DigiCert SHA2 High Assurance Server CA	`2019-04-09` - `2020-04-01`	a year	crt.sh
*.openx.net GeoTrust RSA CA 2018	`2018-01-04` - `2020-07-09`	3 years	crt.sh
*.rubiconproject.com DigiCert SHA2 Secure Server CA	`2019-01-10` - `2021-01-14`	2 years	crt.sh
*.adnxs.com DigiCert ECC Secure Server CA	`2019-01-23` - `2021-03-08`	2 years	crt.sh
app-ab14.marketo.com CloudFlare Inc ECC CA-2	`2019-02-22` - `2020-02-22`	a year	crt.sh
f4.shared.global.fastly.net GlobalSign CloudSSL CA - SHA256 - G3	`2019-04-10` - `2020-03-21`	a year	crt.sh
*.nr-data.net GeoTrust RSA CA 2018	`2018-01-11` - `2020-03-17`	2 years	crt.sh

This page contains 4 frames:

Primary Page: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Frame ID: 28239937D308FD9EC9316093DD54863D
Requests: 120 HTTP requests in this frame

Frame: https://c.sharethis.mgr.consensu.org/portal.html
Frame ID: CDE168212BA632F78A378089D6E42892
Requests: 1 HTTP requests in this frame

Frame: https://go.sentinelone.com/index.php/form/XDFrame
Frame ID: 74D6007399B620EAAEA4442106F47E25
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: 36D0DA6BD149433C20FFFEF9D3278D7A
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page URL History Show full URLs

https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection HTTP 301
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/ Page URL

Detected technologies

WordPress (CMS) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

PHP (Programming Languages) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

MySQL (Databases) Expand

Overall confidence: 100%
Detected patterns

headers link /rel="https:\/\/api\.w\.org\/"/i

Varnish (Cache Tools) Expand

Overall confidence: 100%
Detected patterns

headers via /varnish(?: $Varnish\/([\d.]+)$)?/i

CloudFlare (CDN) Expand

Overall confidence: 100%
Detected patterns

headers server /^cloudflare$/i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^\/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Page Statistics

120
Requests

100 %
HTTPS

42 %
IPv6

41
Domains

51
Subdomains

47
IPs

7
Countries

3013 kB
Transfer

4939 kB
Size

10
Cookies

18 Outgoing links

These are links going to different origins than the main page.

URL: https://jobs.jobvite.com/sentinelone/jobs
Title: Jobs

Search URL Search Domain Scan URL

URL: https://blog.trendmicro.com/trendlabs-security-intelligence/mac-malware-that-spoofs-trading-app-steals-user-information-uploads-it-to-website/
Title: researchers

Search URL Search Domain Scan URL

URL: https://www.virustotal.com/gui/file/d2eaeca25dd996e4f34984a0acdc4c2a1dfa3bacf2594802ad20150d52d23d68/detection
Title: VirusTotal

Search URL Search Domain Scan URL

URL: https://developer.apple.com/videos/play/wwdc2019/701/
Title: WWDC 2019

Search URL Search Domain Scan URL

URL: https://yara.readthedocs.io/en/latest/
Title: Yara rules

Search URL Search Domain Scan URL

URL: https://www.rapidtables.com/convert/number/hex-to-ascii.html
Title: translate

Search URL Search Domain Scan URL

URL: https://en.wikipedia.org/wiki/Phrenology
Title: anymore

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1150/
Title: T1150

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1158/
Title: T1158

Search URL Search Domain Scan URL

URL: https://attack.mitre.org/techniques/T1160/
Title: T1160

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/2886771/
Title: LinkedIn

Search URL Search Domain Scan URL

URL: https://twitter.com/SentinelOne
Title: Twitter

Search URL Search Domain Scan URL

URL: https://goo.gl/e5C9f4
Title: YouTube

Search URL Search Domain Scan URL

URL: https://www.facebook.com/SentinelOne
Title: Facebook

Search URL Search Domain Scan URL

URL: https://go.sentinelone.com/ebook-macos-reversing-malware-registration.html
Title: Download eBook

Search URL Search Domain Scan URL

URL: https://www.google.com/maps/place/605+Fairchild+Dr,+Mountain+View,+CA+94043/@37.4025909,-122.0513717,17z/data=!3m1!4b1!4m5!3m4!1s0x808fb70df1223c4f:0x8f330ec33194f538!8m2!3d37.4025867!4d-122.049183
Title: 605 Fairchild Dr Mountain View, CA 94043

Search URL Search Domain Scan URL

URL: https://www.facebook.com/SentinelOne/
Title: Facebook

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/sentinelone/
Title: LinkedIn

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection HTTP 301
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 75

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=1030203491&t=pageview&_s=1&dl=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdetecting-macos-gmera-malware-through-behavioral-inspection%2F&ul=en-us&de=UTF-8&dt=Detecting%20macOS.GMERA%20Malware%20Through%20Behavioral%20Inspection&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=YEBAAEAB~&jid=1950630954&gjid=1013278698&cid=1591324942.1571081997&tid=UA-38175129-1&_gid=1382471389.1571081997&_r=1&gtm=2wga21KGGXSJ&z=1511826739 HTTP 302
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-38175129-1&cid=1591324942.1571081997&jid=1950630954&_gid=1382471389.1571081997&gjid=1013278698&_v=j79&z=1511826739 HTTP 302
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-38175129-1&cid=1591324942.1571081997&jid=1950630954&_v=j79&z=1511826739 HTTP 302
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-38175129-1&cid=1591324942.1571081997&jid=1950630954&_v=j79&z=1511826739&slf_rd=1&random=952466514

Request Chain 81

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=432890&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdetecting-macos-gmera-malware-through-behavioral-inspection%2F&time=1571081996676 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D432890%26url%3Dhttps%253A%252F%252Fwww.sentinelone.com%252Fblog%252Fdetecting-macos-gmera-malware-through-behavioral-inspection%252F%26time%3D1571081996676%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=432890&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdetecting-macos-gmera-malware-through-behavioral-inspection%2F&time=1571081996676&liSync=true

Request Chain 85

https://pixel-geo.prfct.co/tagjs?a_id=56252&source=js_tag HTTP 302
https://pixel-geo.prfct.co/tagjs?check_cookie=1&a_id=56252&source=js_tag

Request Chain 97

https://pixel-geo.prfct.co/cs/?partnerId=twtr HTTP 302
https://analytics.twitter.com/i/adsct?p_id=48571&p_user_id=pa_aFVeZvsxxJI8ImQrE

Request Chain 98

https://pixel-geo.prfct.co/cs/?partnerId=yah HTTP 302
https://ads.yahoo.com/cms/v1?nwid=10001073209&eid=pa_aFVeZvsxxJI8ImQrE&sigv=1&esig=2~f3e1dd52b28378e9631d7dc8da45b4733991918a HTTP 302
https://pixel.prfct.co/cb?partnerId=yah&xid=E0&eid=pa_aFVeZvsxxJI8ImQrE

Request Chain 99

https://pixel-geo.prfct.co/cs/?partnerId=opx HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537114372&val=pa_aFVeZvsxxJI8ImQrE HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537114372&val=pa_aFVeZvsxxJI8ImQrE

Request Chain 100

https://pixel-geo.prfct.co/cs/?partnerId=rbcn HTTP 302
https://pixel.rubiconproject.com/tap.php?v=189868&nid=4106&expires=30&put=pa_aFVeZvsxxJI8ImQrE

Request Chain 101

https://pixel-geo.prfct.co/cs/?partnerId=goo HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=nowspots_bidder&google_hm=cGFfYUZWZVp2c3h4Skk4SW1RckU HTTP 302
https://pixel-geo.prfct.co/cb?partnerId=goo

Request Chain 103

https://secure.adnxs.com/seg?t=2&add=4530935 HTTP 302
https://secure.adnxs.com/bounce?%2Fseg%3Ft%3D2%26add%3D4530935

Request Chain 104

https://l.sharethis.com/pview?event=pview&version=st_sop.js&lang=en&hostname=www.sentinelone.com&location=%2Fblog%2Fdetecting-macos-gmera-malware-through-behavioral-inspection%2F&product=custom-share-buttons&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdetecting-macos-gmera-malware-through-behavioral-inspection%2F&source=sharethis.js&fcmp=false&title=Detecting%20macOS.GMERA%20Malware%20Through%20Behavioral%20Inspection&publisher=anonymous&ts1571081996562=&consentDomain=.consensu.org&sop=true HTTP 301
https://l.sharethis.com/sc?cm=ZHQABl2kzw0AAAATMv8hAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdetecting-macos-gmera-malware-through-behavioral-inspection%2F&sop=true

120 HTTP transactions
4 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Redirect Chain

https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection
https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/

73 KB
20 KB

1292ms
1291ms

Document
text/html

104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

73f53fbaa9e67835f4d038a35b0c5d6efcfdc4abda4967340c1387b61cf5f755

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' http://yourcompany.lookbookhq.com https://yourcompany.lookbookhq.com http://yourcompany.pathfactory.com https://yourcompany.pathfactory.com;
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://sentinelone.pathfactory.com
X-Xss-Protection	1; mode=block

Request headers

:method: GET
:authority: www.sentinelone.com
:scheme: https
:path: /blog/detecting-macos-gmera-malware-through-behavioral-inspection/
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: navigate
sec-fetch-user: ?1
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: none
accept-encoding: gzip, deflate, br
cookie: __cfduid=d3da702fdf633e6af957f9434bdf8dfc71571081993
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1

Response headers

status: 200
date: Mon, 14 Oct 2019 19:39:55 GMT
content-type: text/html; charset=UTF-8
cache-control: public, max-age=600
content-security-policy: frame-ancestors 'self' http://yourcompany.lookbookhq.com https://yourcompany.lookbookhq.com http://yourcompany.pathfactory.com https://yourcompany.pathfactory.com;
expect-ct: enforce; max-age=2592000;
link: <https://www.sentinelone.com/wp-json/>; rel="https://api.w.org/" <https://www.sentinelone.com/?p=22871>; rel=shortlink
referrer-policy: origin-when-cross-origin
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-frame-options: ALLOW-FROM https://sentinelone.pathfactory.com
x-pantheon-styx-hostname: styx-fe4-9b9c45564-l5p5q
x-pingback: https://www.sentinelone.com/xmlrpc.php
x-styx-req-id: 657b2cd5-eeba-11e9-9a1a-965fbb56d065
x-xss-protection: 1; mode=block
x-served-by: cache-mdw17351-MDW, cache-ams21049-AMS
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1571081994.423794,VS0,VE1264
vary: Accept-Encoding, Cookie, Cookie
age: 0
via: 1.1 varnish
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 525c05a11cdf9d36-AMS
content-encoding: br

Redirect headers

status: 301
date: Mon, 14 Oct 2019 19:39:54 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d3da702fdf633e6af957f9434bdf8dfc71571081993; expires=Tue, 13-Oct-20 19:39:53 GMT; path=/; domain=.sentinelone.com; HttpOnly; Secure
cache-control: no-cache, must-revalidate, max-age=0
content-security-policy: frame-ancestors 'self' http://yourcompany.lookbookhq.com https://yourcompany.lookbookhq.com http://yourcompany.pathfactory.com https://yourcompany.pathfactory.com;
expect-ct: enforce; max-age=2592000;
expires: Wed, 11 Jan 1984 05:00:00 GMT
location: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
referrer-policy: origin-when-cross-origin
strict-transport-security: max-age=300
x-content-type-options: nosniff
x-frame-options: ALLOW-FROM https://sentinelone.pathfactory.com
x-pantheon-styx-hostname: styx-fe4-9b9c45564-jcn77
x-pingback: https://www.sentinelone.com/xmlrpc.php
x-redirect-by: WordPress
x-styx-req-id: 64f199f6-eeba-11e9-a15d-fe922eee6103
x-xss-protection: 1; mode=block
x-served-by: cache-mdw17359-MDW, cache-ams21046-AMS
x-cache: MISS, MISS
x-cache-hits: 0, 0
x-timer: S1571081994.584156,VS0,VE818
vary: Cookie, Cookie
age: 0
accept-ranges: bytes
via: 1.1 varnish
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 525c059bcd659d36-AMS

GET
H2 200 style.min.css
www.sentinelone.com/wp-includes/css/dist/block-library/ 29 KB
5 KB 43ms
40ms Stylesheet
text/css 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sentinelone.com/wp-includes/css/dist/block-library/style.min.css?ver=ca0f6f836087d310c8d70cd2c91f2976
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4b8fe5c3d0e5ef7a6582185cbf5c535b5d369c8df1da98c03ed69833e55f474d

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:55 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 3330663
x-pantheon-styx-hostname: styx-fe4-a-6df8df47df-fh49k
x-cache: HIT, HIT
status: 200
content-encoding: br
x-served-by: cache-mdw17330-MDW, cache-ams21034-AMS
last-modified: Fri, 06 Sep 2019 06:19:12 GMT
server: cloudflare
x-timer: S1567751333.976131,VS0,VE0
etag: W/"5d71fa60-726f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: 591616ee-d06e-11e9-a03b-da1d2777ff28
expires: Wed, 14 Oct 2020 19:39:55 GMT
cache-control: public, max-age=31622400
cf-ray: 525c05a93f0a9d36-AMS
x-cache-hits: 1, 2

GET
H2 200 amazonpolly-public.css
www.sentinelone.com/wp-content/plugins/amazon-polly/public/css/ 874 B
627 B 246ms
242ms Stylesheet
text/css 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sentinelone.com/wp-content/plugins/amazon-polly/public/css/amazonpolly-public.css?ver=1.0.0
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: d1768f0b8dcf5bf6c90a3f132bcb156c94db72fc7c830b2d63e03d6268aa12b9

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:55 GMT
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
age: 17835419
cf-polished: origSize=1047
x-pantheon-styx-hostname: styx-fe4-a-7f98dc4984-rj2dz
x-cache: HIT, HIT
status: 200
cf-bgj: minify
content-encoding: br
x-served-by: cache-mdw17350-MDW, cache-ams21024-AMS
last-modified: Fri, 22 Mar 2019 09:03:07 GMT
server: cloudflare
x-timer: S1553246577.807924,VS0,VE1
etag: W/"5c94a4cb-417"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: styx-8ec0bd2da2305bdcf66fcf8ef3230b2a
expires: Wed, 14 Oct 2020 19:39:55 GMT
cache-control: public, max-age=31622400
cf-ray: 525c05a93f0b9d36-AMS
x-cache-hits: 1, 1

GET
H2 200 frontend.min.css
www.sentinelone.com/wp-content/plugins/markdown-editor/assets/styles/ 5 KB
2 KB 47ms
44ms Stylesheet
text/css 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sentinelone.com/wp-content/plugins/markdown-editor/assets/styles/frontend.min.css?ver=0.1.6
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2b4535d12e0813ab5903b8bc89e6c3f79f1afc82d5facdb30fa97f9f3f566d69

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:55 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 1597942
x-pantheon-styx-hostname: styx-fe4-5bb679569f-5sb2x
x-cache: HIT, HIT
status: 200
content-encoding: br
x-served-by: cache-mdw17335-MDW, cache-ams21026-AMS
last-modified: Wed, 25 Sep 2019 04:49:34 GMT
server: cloudflare
x-timer: S1569484054.759222,VS0,VE1
etag: W/"5d8af1de-1428"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: e8f90ec1-df55-11e9-a4cb-425448b24ebd
expires: Wed, 14 Oct 2020 19:39:55 GMT
cache-control: public, max-age=31622400
cf-ray: 525c05a93f0d9d36-AMS
x-cache-hits: 3, 1

GET
H2 200 settings.css
www.sentinelone.com/wp-content/plugins/revslider/public/assets/css/ 30 KB
7 KB 44ms
41ms Stylesheet
text/css 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sentinelone.com/wp-content/plugins/revslider/public/assets/css/settings.css?ver=5.4.8.3
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: ff10a5404ba67b3b8cd958eb725c9863832d58acfe9fa7240cf1a278ec5832c1

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:55 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 1775263
cf-polished: origSize=39820
x-pantheon-styx-hostname: styx-fe4-a-7ffd645fbf-9wq72
x-cache: HIT, HIT
status: 200
cf-bgj: minify
content-encoding: br
x-served-by: cache-mdw17343-MDW, cache-ams21038-AMS
last-modified: Sat, 21 Sep 2019 23:11:30 GMT
server: cloudflare
x-timer: S1569306732.463976,VS0,VE1
etag: W/"5d86ae22-9b8c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: 64f19078-dcc7-11e9-a153-d26dddf5cc82
expires: Wed, 14 Oct 2020 19:39:55 GMT
cache-control: public, max-age=31622400
cf-ray: 525c05a93f0e9d36-AMS
x-cache-hits: 1, 1

GET
H2 200 overlay.css
app.cdn.lookbookhq.com/libraries/overlay/ 596 B
961 B 67ms
7ms Stylesheet
text/css 143.204.101.77
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://app.cdn.lookbookhq.com/libraries/overlay/overlay.css?ver=ca0f6f836087d310c8d70cd2c91f2976
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.101.77 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-101-77.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 07161bc89c289b1bc71c214f79cc91cc7e1637c66c4cbbe6f92d3b2971c7965c

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: SUqjeJartVa7GV7uwJ4iPvhMKYz5gDYe
via: 1.1 1d87c34bb2f20fda8e0841bc33179769.cloudfront.net (CloudFront)
last-modified: Thu, 01 Jun 2017 14:24:55 GMT
server: AmazonS3
age: 77432
etag: "d7a5747bc2a73f08ffd987439546b9ef"
x-cache: Hit from cloudfront
content-type: text/css
status: 200
date: Sun, 13 Oct 2019 22:09:24 GMT
x-amz-cf-pop: FRA50-C1
accept-ranges: bytes
content-length: 596
x-amz-cf-id: GHgst9GHLriu77iweMvEfuS72x8aE7ekqJt3oih70nOmFmHWG2XdFg==

GET
H2 200 bootstrap.css
www.sentinelone.com/wp-content/themes/sentinelone/assets/css/ 138 KB
19 KB 44ms
41ms Stylesheet
text/css 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sentinelone.com/wp-content/themes/sentinelone/assets/css/bootstrap.css?ver=ca0f6f836087d310c8d70cd2c91f2976
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2da9ee550ed280289e127eab04a9f96873bf6454eea1374d165f8971f7608d01

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:55 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 1688343
x-pantheon-styx-hostname: styx-fe4-a-6fdbf67967-txqdd
x-cache: HIT, HIT
status: 200
cf-bgj: minify
content-encoding: br
x-served-by: cache-mdw17331-MDW, cache-ams21029-AMS
last-modified: Wed, 25 Sep 2019 04:49:36 GMT
server: cloudflare
x-timer: S1569393653.505123,VS0,VE1
etag: W/"5d8af1e0-22682"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
x-styx-req-id: 505f2c17-df50-11e9-88a9-da16bdb94407
expires: Wed, 14 Oct 2020 19:39:55 GMT
cache-control: public, max-age=31622400
cf-ray: 525c05a93f0f9d36-AMS
x-cache-hits: 1, 1

GET
H2 200 style.min.css
www.sentinelone.com/wp-content/themes/sentinelone/assets/css/ 204 KB
39 KB 44ms
42ms Stylesheet
text/css 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sentinelone.com/wp-content/themes/sentinelone/assets/css/style.min.css?ver=1571069159

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

17a146ace265e90803dcf36559a6ca6e0a965fe4cb1f0381b0a9022cf8b68e64

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:55 GMT
via: 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
age: 12083
x-pantheon-styx-hostname: styx-fe4-a-7589bc57f6-7qzfr
x-cache: HIT, HIT
status: 200
content-encoding: br
x-served-by: cache-mdw17340-MDW, cache-ams21039-AMS
last-modified: Mon, 14 Oct 2019 16:05:59 GMT
server: cloudflare
x-timer: S1571069912.292382,VS0,VE0
etag: W/"5da49ce7-33173"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=300
content-type: text/css
x-styx-req-id: 85d3f1f7-ee9c-11e9-9aa9-3a17cb1d351c
expires: Wed, 14 Oct 2020 19:39:55 GMT
cache-control: public, max-age=31622400
cf-ray: 525c05a93f109d36-AMS
x-cache-hits: 1, 2

GET
H2 200 jquery.js Show response
www.sentinelone.com/wp-includes/js/jquery/ 95 KB
32 KB 49ms
46ms Script
application/x-javascript 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sentinelone.com/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8c7ee0238fa5cd80a02ef9870a7fff498ef52097181cb73edb9219dc022fd919

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:55 GMT
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
age: 11990578
cf-polished: origSize=96873
x-pantheon-styx-hostname: styx-fe4-a-684bbb557d-56wmw
x-cache: HIT, HIT
status: 200
cf-bgj: minify
content-encoding: br
x-served-by: cache-mdw17353-MDW, cache-ams21020-AMS
last-modified: Tue, 28 May 2019 23:08:07 GMT
server: cloudflare
x-timer: S1559091417.149777,VS0,VE1
etag: W/"5cedbf57-17a69"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: styx-565359640eacc9cfd8a7fdd75d324bfa
expires: Wed, 14 Oct 2020 19:39:55 GMT
cache-control: public, max-age=31622400
cf-ray: 525c05a93f119d36-AMS
x-cache-hits: 1, 1

GET
H2 200 jquery-migrate.min.js Show response
www.sentinelone.com/wp-includes/js/jquery/ 10 KB
4 KB 43ms
40ms Script
application/x-javascript 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sentinelone.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:55 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 1363109
x-pantheon-styx-hostname: styx-fe4-a-7589bc57f6-s4qwg
x-cache: HIT, HIT
status: 200
content-encoding: br
x-served-by: cache-mdw17356-MDW, cache-ams21047-AMS
last-modified: Sat, 28 Sep 2019 05:42:38 GMT
server: cloudflare
x-timer: S1569718887.986980,VS0,VE1
etag: W/"5d8ef2ce-2748"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 9fb56d08-e1d1-11e9-86cb-5260be86fc0a
expires: Wed, 14 Oct 2020 19:39:55 GMT
cache-control: public, max-age=31622400
cf-ray: 525c05a93f129d36-AMS
x-cache-hits: 1, 1

GET
H2 200 amazonpolly-public.js Show response
www.sentinelone.com/wp-content/plugins/amazon-polly/public/js/ 69 B
557 B 42ms
40ms Script
application/x-javascript 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sentinelone.com/wp-content/plugins/amazon-polly/public/js/amazonpolly-public.js?ver=1.0.0
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 907dcba194c3ec09f867fb15a38a83d98052ab5e5f1b68016c28f3e111413c98

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:55 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 1600218
cf-polished: origSize=210
x-pantheon-styx-hostname: styx-fe4-5bb679569f-pr8zh
x-cache: HIT, HIT
status: 200
cf-bgj: minify
content-encoding: br
x-served-by: cache-mdw17326-MDW, cache-ams21025-AMS
last-modified: Wed, 25 Sep 2019 04:49:34 GMT
server: cloudflare
x-timer: S1569481778.589061,VS0,VE0
etag: W/"5d8af1de-d2"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: e8f9a29e-df55-11e9-bd9c-de1a8881deff
expires: Wed, 14 Oct 2020 19:39:55 GMT
cache-control: public, max-age=31622400
cf-ray: 525c05a93f139d36-AMS
x-cache-hits: 1, 2

GET
H2 200 jquery.themepunch.tools.min.js Show response
www.sentinelone.com/wp-content/plugins/revslider/public/assets/js/ 108 KB
36 KB 47ms
45ms Script
application/x-javascript 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sentinelone.com/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.tools.min.js?ver=5.4.8.3
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: a1dff8b0c66227748951c4ff891f146f49c5a382ac8e3d6e3c2e9cf8aa560dc8

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:55 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 1688343
x-pantheon-styx-hostname: styx-fe4-a-6fdbf67967-ccpmb
x-cache: HIT, HIT
status: 200
content-encoding: br
x-served-by: cache-mdw17365-MDW, cache-ams21021-AMS
last-modified: Wed, 25 Sep 2019 04:49:35 GMT
server: cloudflare
x-timer: S1569393653.533120,VS0,VE1
etag: W/"5d8af1df-1afe4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: e8fac77b-df55-11e9-99c3-36ddb7e19663
expires: Wed, 14 Oct 2020 19:39:55 GMT
cache-control: public, max-age=31622400
cf-ray: 525c05a93f149d36-AMS
x-cache-hits: 1, 1

GET
H2 200 jquery.themepunch.revolution.min.js Show response
www.sentinelone.com/wp-content/plugins/revslider/public/assets/js/ 63 KB
17 KB 48ms
46ms Script
application/x-javascript 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sentinelone.com/wp-content/plugins/revslider/public/assets/js/jquery.themepunch.revolution.min.js?ver=5.4.8.3
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 27ead7f47a3fb4d1e7cbef0c68e28bde7ea18923cf41d8ca82ba13584eebc710

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:55 GMT
via: 1.1 varnish, 1.1 varnish
cf-cache-status: HIT
age: 9021755
x-pantheon-styx-hostname: styx-fe4-a-74bc8f859b-pgkrm
x-cache: HIT, HIT
status: 200
content-encoding: br
x-served-by: cache-mdw17340-MDW, cache-ams21027-AMS
last-modified: Tue, 02 Jul 2019 09:33:00 GMT
server: cloudflare
x-timer: S1562060240.494058,VS0,VE1
etag: W/"5d1b24cc-fdb5"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 0c5903ba-5b97-4479-9e18-10711b9a6793
expires: Wed, 14 Oct 2020 19:39:55 GMT
cache-control: public, max-age=31622400
cf-ray: 525c05a93f169d36-AMS
x-cache-hits: 1, 1

GET
H2 200 geoip2.js Show response
js.maxmind.com/js/apis/geoip2/v2.1/ 4 KB
2 KB 103ms
32ms Script
application/javascript 2606:4700::6810:262f
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://js.maxmind.com/js/apis/geoip2/v2.1/geoip2.js?ver=ca0f6f836087d310c8d70cd2c91f2976
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:262f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 69666124ea4313cf5b2da94871c86acd68bcbc4d50b360fdebc4dc3b977dde21

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:55 GMT
content-encoding: gzip
cf-cache-status: HIT
last-modified: Mon, 14 Oct 2019 17:57:40 GMT
server: cloudflare
age: 1229
etag: W/"5da4b714-f39"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=43200
cf-ray: 525c05a9aec15988-VIE
expires: Tue, 15 Oct 2019 07:39:55 GMT

GET
H2 200 forms2.min.js Show response
go.sentinelone.com/js/forms2/js/ 169 KB
55 KB 72ms
22ms Script
application/x-javascript 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://go.sentinelone.com/js/forms2/js/forms2.min.js?ver=ca0f6f836087d310c8d70cd2c91f2976

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

321bbcc4cc57483b7e329186e5159498b668ddde87cb64696ddcdc95176cce82

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:55 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
last-modified: Wed, 25 Sep 2019 18:55:06 GMT
server: cloudflare
age: 4215
etag: W/"19c06bd-2a536-5936530f69680"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: public, max-age=14400
cf-ray: 525c05a98f889d36-AMS
expires: Mon, 14 Oct 2019 23:39:55 GMT

GET
H2 200 overlay.js Show response
app.cdn.lookbookhq.com/libraries/overlay/ 3 KB
1 KB 67ms
8ms Script
application/javascript 143.204.101.77
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://app.cdn.lookbookhq.com/libraries/overlay/overlay.js?ver=ca0f6f836087d310c8d70cd2c91f2976
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.101.77 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-101-77.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 22e99c10c854ffe87ce08eb21da77a11a8916ca6ee60188d9464e2fda4339942

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: LT4hxsSI0qCVR_LPs.1CSwsPcFoD2yTO
content-encoding: gzip
last-modified: Thu, 22 Jun 2017 15:42:46 GMT
server: AmazonS3
age: 77451
date: Sun, 13 Oct 2019 22:09:05 GMT
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
status: 200
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: x9YSM3F1HyCSDF0i6qtYZ5wrzigYkGpHPvCmkqN_lce_qUYU5Lbokw==
via: 1.1 1d87c34bb2f20fda8e0841bc33179769.cloudfront.net (CloudFront)

GET
H2 200 header.js Show response
www.sentinelone.com/wp-content/themes/sentinelone/assets/js/ 19 KB
6 KB 46ms
44ms Script
application/x-javascript 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sentinelone.com/wp-content/themes/sentinelone/assets/js/header.js?ver=1571069159

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ba6b848f8d173a2e19b98d15001bbad2d847e5b8d0601f09c2571789e2fde145

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:55 GMT
via: 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
age: 12083
cf-polished: origSize=33579
x-pantheon-styx-hostname: styx-fe4-a-7589bc57f6-7qzfr
x-cache: HIT, HIT
status: 200
cf-bgj: minify
content-encoding: br
x-served-by: cache-mdw17348-MDW, cache-ams21041-AMS
last-modified: Mon, 14 Oct 2019 16:05:59 GMT
server: cloudflare
x-timer: S1571069912.298081,VS0,VE1
etag: W/"5da49ce7-832b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=300
content-type: application/x-javascript
x-styx-req-id: 85d4b1da-ee9c-11e9-9aa9-3a17cb1d351c
expires: Wed, 14 Oct 2020 19:39:55 GMT
cache-control: public, max-age=31622400
cf-ray: 525c05a93f199d36-AMS
x-cache-hits: 1, 1

GET
H2 200 OneSignalSDK.js Show response
cdn.onesignal.com/sdks/ 8 KB
3 KB 41ms
39ms Script
application/javascript 2606:4700::6812:e134
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server: 2606:4700::6812:e134 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f740ae311866f8c7831b5d995f1d7699a9a98355c0ebc714d951bf0160dc6434

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:55 GMT
content-encoding: gzip
cf-cache-status: HIT
server: cloudflare
age: 3430
etag: W/"73b5b3cb28db170b055f798366552f28"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=43200
cf-ray: 525c05a93bd5598e-VIE
expires: Tue, 15 Oct 2019 07:39:55 GMT

GET
H2 200 sentinelone-white.svg
www.sentinelone.com/wp-content/uploads/2017/06/ 5 KB
2 KB 20ms
19ms Image
image/svg+xml 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.sentinelone.com/wp-content/uploads/2017/06/sentinelone-white.svg
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: aa85daedd2f22ba89e30f96b513f3aee7d144b84face7769ea9bd5009a035671

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:55 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 1517056
x-pantheon-styx-hostname: styx-fe4-a-5d7b76fc47-ptwss
x-cache: HIT, MISS
status: 200
content-encoding: br
x-served-by: cache-mdw17347-MDW, cache-ams21051-AMS
last-modified: Thu, 18 Oct 2018 21:20:02 GMT
server: cloudflare
x-timer: S1569564939.038037,VS0,VE101
etag: W/"5bc8f902-14e8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
expires: Wed, 14 Oct 2020 19:39:55 GMT
cache-control: public, max-age=31622400
cf-ray: 525c05a98f8d9d36-AMS
x-styx-req-id: 4ec454fb-e059-11e9-88ff-ce9069db7e4c
x-cache-hits: 1, 0

GET
H2 200 sentinelone_newlogo_onwhite_narrow.svg
www.sentinelone.com/wp-content/uploads/2017/06/ 12 KB
5 KB 18ms
17ms Image
image/svg+xml 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.sentinelone.com/wp-content/uploads/2017/06/sentinelone_newlogo_onwhite_narrow.svg
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf6a84e9f6a326cc354344904bf7694d887b8b9803d5640253c387c1934aeb1a

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:55 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 1600217
x-pantheon-styx-hostname: styx-fe4-58cf88dbb7-xdz7m
x-cache: MISS, HIT
status: 200
content-encoding: br
x-served-by: cache-mdw17347-MDW, cache-ams21045-AMS
last-modified: Thu, 18 Oct 2018 21:19:58 GMT
server: cloudflare
x-timer: S1569481778.365002,VS0,VE1
etag: W/"5bc8f8fe-3104"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/svg+xml
access-control-allow-origin: *
expires: Wed, 14 Oct 2020 19:39:55 GMT
cache-control: public, max-age=31622400
cf-ray: 525c05aa48529d36-AMS
x-styx-req-id: 5a58b837-e027-11e9-a9b6-5ab11b9e5366
x-cache-hits: 0, 1

GET
H2 200 player_line.png
d12ee1u74lotna.cloudfront.net/images/ 133 B
456 B 80ms
7ms Image
image/png 2600:9000:21f3:cc00:9:9d18:4580:21
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d12ee1u74lotna.cloudfront.net/images/player_line.png
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:21f3:cc00:9:9d18:4580:21 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 129d6ad3aaa317f80d0c676aeed9ca250d2fe25e23c2f00c1f7cae9af6363eeb

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:06:12 GMT
via: 1.1 6fa33d47af6f4da7007689083cfe9b9c.cloudfront.net (CloudFront)
last-modified: Sun, 04 Aug 2019 13:23:25 GMT
server: AmazonS3
age: 2023
etag: "853b010be92eeda4be2c999024d4e054"
x-cache: Hit from cloudfront
content-type: image/png
status: 200
x-amz-cf-pop: FRA2-C2
accept-ranges: bytes
content-length: 133
x-amz-cf-id: 5GSU4COeJYclop_X3XD5tYuMRAuloRBom8795nIDOyLdrzgj9_buVA==

GET
H2 200 Detecting-macOS.GMERA-Malware-Through-Behavioral-Inspection.jpg
www.sentinelone.com/wp-content/uploads/2019/09/ 88 KB
88 KB 20ms
20ms Image
image/jpeg 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/uploads/2019/09/Detecting-macOS.GMERA-Malware-Through-Behavioral-Inspection.jpg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

bce4fe5494e95686cead8d939eccd4aee14439912743736cc290b323ec875646

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:55 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 35038
x-pantheon-styx-hostname: styx-fe4-a-7589bc57f6-7qzfr
x-cache: HIT, MISS
status: 200
strict-transport-security: max-age=300
content-length: 90062
x-served-by: cache-mdw17333-MDW, cache-ams21033-AMS
last-modified: Wed, 25 Sep 2019 16:45:25 GMT
server: cloudflare
x-timer: S1571046957.409557,VS0,VE587
etag: "5d8b99a5-15fce"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
x-styx-req-id: 37c8b730-ec98-11e9-9aa9-3a17cb1d351c
expires: Wed, 14 Oct 2020 19:39:55 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 525c05aa68889d36-AMS
x-cache-hits: 1, 0

GET
H2 200 1-undetected-vt.jpg
www.sentinelone.com/wp-content/uploads/2019/09/ 76 KB
76 KB 19ms
19ms Image
image/jpeg 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/uploads/2019/09/1-undetected-vt.jpg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2a428d57497a58120d3826bef296a2dba1d6b835357a64b510b5835d1b2c6b0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:55 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 35038
x-pantheon-styx-hostname: styx-fe4-a-7589bc57f6-htpk8
x-cache: HIT, MISS
status: 200
strict-transport-security: max-age=300
content-length: 77627
x-served-by: cache-mdw17338-MDW, cache-ams21040-AMS
last-modified: Wed, 25 Sep 2019 14:02:42 GMT
server: cloudflare
x-timer: S1571046957.431602,VS0,VE109
etag: "5d8b7382-12f3b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
x-styx-req-id: 37c9ced5-ec98-11e9-81e5-faa2a6e3125e
expires: Wed, 14 Oct 2020 19:39:55 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 525c05aad91a9d36-AMS
x-cache-hits: 1, 0

GET
H2 200 2-terminal-resources-dir.jpg
www.sentinelone.com/wp-content/uploads/2019/09/ 59 KB
59 KB 22ms
22ms Image
image/jpeg 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/uploads/2019/09/2-terminal-resources-dir.jpg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

1581144cb5e588af4057bb8ef87f924d18f3079bafd36204806d28cb572c9f3e

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:55 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 35038
x-pantheon-styx-hostname: styx-fe4-9b9c45564-l5p5q
x-cache: HIT, MISS
status: 200
strict-transport-security: max-age=300
content-length: 60216
x-served-by: cache-mdw17368-MDW, cache-ams21029-AMS
last-modified: Wed, 25 Sep 2019 14:02:47 GMT
server: cloudflare
x-timer: S1571046957.412866,VS0,VE100
etag: "5d8b7387-eb38"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
x-styx-req-id: 380c0672-ec98-11e9-9a1a-965fbb56d065
expires: Wed, 14 Oct 2020 19:39:55 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 525c05aae9289d36-AMS
x-cache-hits: 1, 0

GET
H2 200 3-run-shell-script.jpg
www.sentinelone.com/wp-content/uploads/2019/09/ 294 KB
295 KB 23ms
23ms Image
image/jpeg 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/uploads/2019/09/3-run-shell-script.jpg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a6b570d96216eb0acf1285e98d32b2ad677f24e4cb31f767f2e0a57e123650df

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:56 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 35039
x-pantheon-styx-hostname: styx-fe4-9b9c45564-l5p5q
x-cache: HIT, MISS
status: 200
strict-transport-security: max-age=300
content-length: 301043
x-served-by: cache-mdw17338-MDW, cache-ams21025-AMS
last-modified: Wed, 25 Sep 2019 14:02:51 GMT
server: cloudflare
x-timer: S1571046957.411092,VS0,VE206
etag: "5d8b738b-497f3"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
x-styx-req-id: 380bb547-ec98-11e9-9a1a-965fbb56d065
expires: Wed, 14 Oct 2020 19:39:56 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 525c05ab09579d36-AMS
x-cache-hits: 1, 0

GET
H2 200 4-launchagent-decoded.jpg
www.sentinelone.com/wp-content/uploads/2019/09/ 400 KB
401 KB 54ms
54ms Image
image/jpeg 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/uploads/2019/09/4-launchagent-decoded.jpg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

87d4788d68dd152cd812912f67092b91aac84183c185b1aadbb9a18adaa3b59c

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:56 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 35039
x-pantheon-styx-hostname: styx-fe4-9b9c45564-l5p5q
x-cache: HIT, MISS
status: 200
strict-transport-security: max-age=300
content-length: 409420
x-served-by: cache-mdw17338-MDW, cache-ams21026-AMS
last-modified: Wed, 25 Sep 2019 14:02:57 GMT
server: cloudflare
x-timer: S1571046957.412974,VS0,VE213
etag: "5d8b7391-63f4c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
x-styx-req-id: 381b5ca9-ec98-11e9-9a1a-965fbb56d065
expires: Wed, 14 Oct 2020 19:39:56 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 525c05ab09619d36-AMS
x-cache-hits: 1, 0

GET
H2 200 5-hopper-and-ports.jpg
www.sentinelone.com/wp-content/uploads/2019/09/ 188 KB
189 KB 34ms
32ms Image
image/jpeg 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/uploads/2019/09/5-hopper-and-ports.jpg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

516133c5c56de224f7bb75c4e763da3dda81ca30e232adc737fc25a97a82373d

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:56 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 35039
x-pantheon-styx-hostname: styx-fe4-9b9c45564-jcn77
x-cache: HIT, MISS
status: 200
strict-transport-security: max-age=300
content-length: 192710
x-served-by: cache-mdw17373-MDW, cache-ams21039-AMS
last-modified: Wed, 25 Sep 2019 14:03:04 GMT
server: cloudflare
x-timer: S1571046957.409162,VS0,VE198
etag: "5d8b7398-2f0c6"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
x-styx-req-id: 381b3680-ec98-11e9-a15d-fe922eee6103
expires: Wed, 14 Oct 2020 19:39:56 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 525c05ab69d59d36-AMS
x-cache-hits: 1, 0

GET
H2 200 6-cert-revoked.jpg
www.sentinelone.com/wp-content/uploads/2019/09/ 22 KB
23 KB 19ms
17ms Image
image/jpeg 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/uploads/2019/09/6-cert-revoked.jpg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

de0c89aa6913f277233a134a6bcf17ba4bc9a605320e40b9025f969ca895cac6

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:56 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 35039
x-pantheon-styx-hostname: styx-fe4-a-7589bc57f6-htpk8
x-cache: HIT, MISS
status: 200
strict-transport-security: max-age=300
content-length: 22814
x-served-by: cache-mdw17369-MDW, cache-ams21048-AMS
last-modified: Wed, 25 Sep 2019 14:03:09 GMT
server: cloudflare
x-timer: S1571046957.408897,VS0,VE96
etag: "5d8b739d-591e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
x-styx-req-id: 381b4bdd-ec98-11e9-81e5-faa2a6e3125e
expires: Wed, 14 Oct 2020 19:39:56 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 525c05ab69d69d36-AMS
x-cache-hits: 1, 0

GET
H2 200 7-xprotect-yara-rule.jpg
www.sentinelone.com/wp-content/uploads/2019/09/ 171 KB
171 KB 20ms
17ms Image
image/jpeg 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/uploads/2019/09/7-xprotect-yara-rule.jpg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

8747ac8d279d1ac93bd3881a4a4b4346aff5975990e16e5bb29843223ca7474c

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:56 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 35039
x-pantheon-styx-hostname: styx-fe4-9b9c45564-l5p5q
x-cache: HIT, MISS
status: 200
strict-transport-security: max-age=300
content-length: 174800
x-served-by: cache-mdw17357-MDW, cache-ams21021-AMS
last-modified: Wed, 25 Sep 2019 14:03:13 GMT
server: cloudflare
x-timer: S1571046957.412519,VS0,VE216
etag: "5d8b73a1-2aad0"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
x-styx-req-id: 383055fa-ec98-11e9-9a1a-965fbb56d065
expires: Wed, 14 Oct 2020 19:39:56 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 525c05ab69d79d36-AMS
x-cache-hits: 1, 0

GET
H2 200 8-yara-2.jpg
www.sentinelone.com/wp-content/uploads/2019/09/ 138 KB
138 KB 29ms
26ms Image
image/jpeg 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/uploads/2019/09/8-yara-2.jpg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

a1be269a2e26a94494574950891fc8d221940eafebd459a2d9f65062b99376b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:56 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 35039
x-pantheon-styx-hostname: styx-fe4-a-7589bc57f6-mcvts
x-cache: HIT, MISS
status: 200
strict-transport-security: max-age=300
content-length: 141190
x-served-by: cache-mdw17379-MDW, cache-ams21023-AMS
last-modified: Wed, 25 Sep 2019 14:03:18 GMT
server: cloudflare
x-timer: S1571046957.411865,VS0,VE216
etag: "5d8b73a6-22786"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
x-styx-req-id: 6bc690df-ec8a-11e9-9960-da4aa7bab478
expires: Wed, 14 Oct 2020 19:39:56 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 525c05ab69d89d36-AMS
x-cache-hits: 1, 0

GET
H2 200 9-hidden-launch-agent.jpg
www.sentinelone.com/wp-content/uploads/2019/09/ 125 KB
126 KB 27ms
27ms Image
image/jpeg 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/uploads/2019/09/9-hidden-launch-agent.jpg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

b11ccddf88f593d3aa698bb8214c67f55133935fcd75fc7e25b25824f5c0949a

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:56 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 35039
x-pantheon-styx-hostname: styx-fe4-9b9c45564-l5p5q
x-cache: MISS, MISS
status: 200
strict-transport-security: max-age=300
content-length: 128164
x-served-by: cache-mdw17321-MDW, cache-ams21029-AMS
last-modified: Wed, 25 Sep 2019 14:03:23 GMT
server: cloudflare
x-timer: S1571046957.418126,VS0,VE156
etag: "5d8b73ab-1f4a4"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
x-styx-req-id: d1c2a55c-ee68-11e9-9a1a-965fbb56d065
expires: Wed, 14 Oct 2020 19:39:56 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 525c05ab79da9d36-AMS
x-cache-hits: 0, 0

GET
H2 200 10-apple-I.jpg
www.sentinelone.com/wp-content/uploads/2019/09/ 10 KB
11 KB 19ms
19ms Image
image/jpeg 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/uploads/2019/09/10-apple-I.jpg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

27d1236d4d0734ed2562f2133d912b8232b1f074dee072a3f8997944fe51546b

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:56 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 35039
x-pantheon-styx-hostname: styx-fe4-9b9c45564-jcn77
x-cache: HIT, MISS
status: 200
strict-transport-security: max-age=300
content-length: 10525
x-served-by: cache-mdw17330-MDW, cache-ams21033-AMS
last-modified: Wed, 25 Sep 2019 14:03:28 GMT
server: cloudflare
x-timer: S1571046957.411501,VS0,VE104
etag: "5d8b73b0-291d"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
x-styx-req-id: 38404c75-ec98-11e9-a15d-fe922eee6103
expires: Wed, 14 Oct 2020 19:39:56 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 525c05ab89f99d36-AMS
x-cache-hits: 1, 0

GET
H2 200 11-agent-detection.jpg
www.sentinelone.com/wp-content/uploads/2019/09/ 49 KB
50 KB 19ms
19ms Image
image/jpeg 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/uploads/2019/09/11-agent-detection.jpg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

002efb822e8def29aa25426f8ea9442eeca5270893e218bb57abea8eafde43c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:56 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 35039
x-pantheon-styx-hostname: styx-fe4-9b9c45564-mtjgs
x-cache: HIT, MISS
status: 200
strict-transport-security: max-age=300
content-length: 50552
x-served-by: cache-mdw17378-MDW, cache-ams21025-AMS
last-modified: Wed, 25 Sep 2019 14:03:31 GMT
server: cloudflare
x-timer: S1571046957.414460,VS0,VE100
etag: "5d8b73b3-c578"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
x-styx-req-id: ca934509-ede2-11e9-aa3f-6ac4c6779cab
expires: Wed, 14 Oct 2020 19:39:56 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 525c05ab89fb9d36-AMS
x-cache-hits: 1, 0

GET
H2 200 12-management-console.jpg
www.sentinelone.com/wp-content/uploads/2019/09/ 138 KB
138 KB 19ms
18ms Image
image/jpeg 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/uploads/2019/09/12-management-console.jpg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ed8550163f5591773d7f83f2361083f8b701bdaadb3e85c911c98ee1b7e7c8b0

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:56 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 35039
x-pantheon-styx-hostname: styx-fe4-9b9c45564-mtjgs
x-cache: HIT, MISS
status: 200
strict-transport-security: max-age=300
content-length: 141399
x-served-by: cache-mdw17372-MDW, cache-ams21042-AMS
last-modified: Wed, 25 Sep 2019 14:03:35 GMT
server: cloudflare
x-timer: S1571046957.428766,VS0,VE191
etag: "5d8b73b7-22857"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
x-styx-req-id: 388cb47b-ec98-11e9-aa3f-6ac4c6779cab
expires: Wed, 14 Oct 2020 19:39:56 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 525c05abaa159d36-AMS
x-cache-hits: 1, 0

GET
H2 200 13-attack-story-line.jpg
www.sentinelone.com/wp-content/uploads/2019/09/ 87 KB
87 KB 17ms
17ms Image
image/jpeg 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.sentinelone.com/wp-content/uploads/2019/09/13-attack-story-line.jpg

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

84b78a7942c95f4a0f35d6c27ed05c7b37b7edd7dae8b2614be8a7dac2c6646c

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:56 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 35039
x-pantheon-styx-hostname: styx-fe4-9b9c45564-mtjgs
x-cache: MISS, MISS
status: 200
strict-transport-security: max-age=300
content-length: 88775
x-served-by: cache-mdw17342-MDW, cache-ams21046-AMS
last-modified: Wed, 25 Sep 2019 14:03:39 GMT
server: cloudflare
x-timer: S1571046957.417750,VS0,VE249
etag: "5d8b73bb-15ac7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
x-styx-req-id: d1c305bd-ee68-11e9-aa3f-6ac4c6779cab
expires: Wed, 14 Oct 2020 19:39:56 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 525c05abaa289d36-AMS
x-cache-hits: 0, 0

GET
H2 200 wp-emoji-release.min.js Show response
www.sentinelone.com/wp-includes/js/ 14 KB
4 KB 18ms
18ms Script
application/x-javascript 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sentinelone.com/wp-includes/js/wp-emoji-release.min.js?ver=ca0f6f836087d310c8d70cd2c91f2976
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: f4799ef2939b8377cf33f07b07b6d90a4a245adbf1c6eaf47ee3b0fcefcc07fe

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:56 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 3330663
x-pantheon-styx-hostname: styx-fe4-a-6df8df47df-fh49k
x-cache: HIT, HIT
status: 200
content-encoding: br
x-served-by: cache-mdw17354-MDW, cache-ams21023-AMS
last-modified: Fri, 06 Sep 2019 06:19:12 GMT
server: cloudflare
x-timer: S1567751333.147117,VS0,VE1
etag: W/"5d71fa60-3610"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 592e9080-d06e-11e9-a03b-da1d2777ff28
expires: Wed, 14 Oct 2020 19:39:56 GMT
cache-control: public, max-age=31622400
cf-ray: 525c05abaa2a9d36-AMS
x-cache-hits: 2, 1

GET
H2 200 300x250.jpg
www.sentinelone.com/wp-content/uploads/2017/06/ 57 KB
58 KB 17ms
17ms Image
image/jpeg 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.sentinelone.com/wp-content/uploads/2017/06/300x250.jpg
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 7e76b70f51266b69f619ca2b24a1207e44f15c714cbe6150274ffbcc49b39d65

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:56 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 1589526
x-pantheon-styx-hostname: styx-fe4-5bb679569f-5sb2x
x-cache: HIT, HIT
status: 200
content-length: 58714
x-served-by: cache-mdw17362-MDW, cache-ams21024-AMS
last-modified: Mon, 12 Aug 2019 07:55:29 GMT
server: cloudflare
x-timer: S1569492471.869977,VS0,VE1
etag: "5d511b71-e55a"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
x-styx-req-id: ad49ee7e-df65-11e9-a4cb-425448b24ebd
expires: Wed, 14 Oct 2020 19:39:56 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 525c05abaa2d9d36-AMS
x-cache-hits: 1, 1

GET
H2 200 192379_Archer_06_Target_0040.jpg
www.sentinelone.com/wp-content/uploads/2017/06/ 55 KB
55 KB 18ms
18ms Image
image/jpeg 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.sentinelone.com/wp-content/uploads/2017/06/192379_Archer_06_Target_0040.jpg
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 60fce9050c9cae25545bbc0ad0cac6b2801051254b593a335670aa7dcc587686

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:56 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 5349273
x-pantheon-styx-hostname: styx-fe4-a-5d4bcdb8f5-lhh4p
x-cache: HIT, HIT
status: 200
content-length: 56462
x-served-by: cache-mdw17363-MDW, cache-ams21020-AMS
last-modified: Fri, 12 Apr 2019 14:49:03 GMT
server: cloudflare
x-timer: S1565732724.842373,VS0,VE3
etag: "5cb0a55f-dc8e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
x-styx-req-id: bb4db892-b3e6-11e9-b8e8-0a580abc1493
expires: Wed, 14 Oct 2020 19:39:56 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 525c05abba399d36-AMS
x-cache-hits: 1, 1

GET
H2 200 pre-featured.png
www.sentinelone.com/wp-content/uploads/2017/06/ 27 KB
28 KB 16ms
16ms Image
image/png 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.sentinelone.com/wp-content/uploads/2017/06/pre-featured.png
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9dc46ec88c0ea2b460e666af0594929240032360e1dddf54b0cda12769ba47aa

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:56 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 1810438
x-pantheon-styx-hostname: styx-fe4-548fd49669-8mz4l
x-cache: HIT, HIT
status: 200
content-length: 28087
x-served-by: cache-mdw17327-MDW, cache-ams21050-AMS
last-modified: Thu, 18 Oct 2018 21:19:42 GMT
server: cloudflare
x-timer: S1569271559.615922,VS0,VE47
etag: "5bc8f8ee-6db7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: 055b1463-da8c-11e9-92f8-ca157f9d3151
expires: Wed, 14 Oct 2020 19:39:56 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 525c05abba3d9d36-AMS
x-cache-hits: 1, 1

GET
H2 200 Locations-w-Stockholm.png
www.sentinelone.com/wp-content/uploads/2017/06/ 58 KB
59 KB 38ms
38ms Image
image/png 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.sentinelone.com/wp-content/uploads/2017/06/Locations-w-Stockholm.png
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: c6f5b82a3821df76441e1ef71dc4932bfbc26c549e0cd8fd6d02bed2b3db0166

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:56 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 1807007
x-pantheon-styx-hostname: styx-fe4-548fd49669-8mz4l
x-cache: HIT, MISS
status: 200
content-length: 59767
x-served-by: cache-mdw17347-MDW, cache-ams21021-AMS
last-modified: Thu, 18 Oct 2018 21:15:45 GMT
server: cloudflare
x-timer: S1569274989.053721,VS0,VE102
etag: "5bc8f801-e977"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/png
x-styx-req-id: c46b0d74-da8d-11e9-92f8-ca157f9d3151
expires: Wed, 14 Oct 2020 19:39:56 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 525c05abca499d36-AMS
x-cache-hits: 1, 0

GET
H2 200 highlight.pack.js Show response
www.sentinelone.com/wp-content/plugins/markdown-editor/assets/scripts/ 45 KB
18 KB 30ms
29ms Script
application/x-javascript 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sentinelone.com/wp-content/plugins/markdown-editor/assets/scripts/highlight.pack.js?ver=9.12.0
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 06c6b725b44640d99123f7f0cbcb63edab75af6ebf6d373a198d068ab5e00563

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:55 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 5324755
cf-polished: origSize=46071
x-pantheon-styx-hostname: styx-fe4-a-6f4ddbc8cb-74c4v
x-cache: HIT, HIT
status: 200
cf-bgj: minify
content-encoding: br
x-served-by: cache-mdw17354-MDW, cache-ams21041-AMS
last-modified: Sat, 10 Aug 2019 19:07:31 GMT
server: cloudflare
x-timer: S1565757240.343979,VS0,VE2
etag: W/"5d4f15f3-b3f7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: f325e1c7-bbcc-11e9-8ab0-1ab5236c9ea5
expires: Wed, 14 Oct 2020 19:39:55 GMT
cache-control: public, max-age=31622400
cf-ray: 525c05a99f979d36-AMS
x-cache-hits: 1, 1

GET
H2 200 line-numbers.min.js Show response
www.sentinelone.com/wp-content/plugins/markdown-editor/assets/scripts/ 2 KB
1 KB 22ms
22ms Script
application/x-javascript 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sentinelone.com/wp-content/plugins/markdown-editor/assets/scripts/line-numbers.min.js?ver=2.3.0
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 9f38f42d69ba3fbbf264d0d20b65c6472d7ceed9be4eeef33748abd772556cd4

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:55 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 5841416
x-pantheon-styx-hostname: styx-fe4-7b47fdd589-5wmrq
x-cache: HIT, HIT
status: 200
content-encoding: br
x-served-by: cache-mdw17363-MDW, cache-ams21023-AMS
last-modified: Wed, 31 Jul 2019 22:05:40 GMT
server: cloudflare
x-timer: S1565240579.303305,VS0,VE1
etag: W/"5d4210b4-6c9"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: bb054d23-b3e6-11e9-84d1-0a580a2c0590
expires: Wed, 14 Oct 2020 19:39:55 GMT
cache-control: public, max-age=31622400
cf-ray: 525c05a9bfb49d36-AMS
x-cache-hits: 1, 1

GET
H2 200 clipboard.min.js Show response
www.sentinelone.com/wp-includes/js/ 11 KB
3 KB 18ms
17ms Script
application/x-javascript 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sentinelone.com/wp-includes/js/clipboard.min.js?ver=ca0f6f836087d310c8d70cd2c91f2976
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 32537e7938c4da728fd6db27da867e525b6cd8bf04cf8c9f222536887312c41a

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:55 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 3330420
x-pantheon-styx-hostname: styx-fe4-a-6df8df47df-fh49k
x-cache: HIT, HIT
status: 200
content-encoding: br
x-served-by: cache-mdw17374-MDW, cache-ams21032-AMS
last-modified: Fri, 06 Sep 2019 06:19:12 GMT
server: cloudflare
x-timer: S1567751576.934018,VS0,VE1
etag: W/"5d71fa60-2a26"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 591e20aa-d06e-11e9-a03b-da1d2777ff28
expires: Wed, 14 Oct 2020 19:39:55 GMT
cache-control: public, max-age=31622400
cf-ray: 525c05a9cfce9d36-AMS
x-cache-hits: 1, 1

GET
H2 200 frontend.min.js Show response
www.sentinelone.com/wp-content/plugins/markdown-editor/assets/scripts/ 2 KB
807 B 16ms
16ms Script
application/x-javascript 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sentinelone.com/wp-content/plugins/markdown-editor/assets/scripts/frontend.min.js?ver=0.1.6
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: eca7f32a8c752a64d7e45b588740ccfcb1524035a952e9b3a567ab59cded2c9f

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:55 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 1774260
x-pantheon-styx-hostname: styx-fe4-a-7ffd645fbf-5vpzb
x-cache: HIT, HIT
status: 200
content-encoding: br
x-served-by: cache-mdw17322-MDW, cache-ams21031-AMS
last-modified: Wed, 18 Sep 2019 19:32:23 GMT
server: cloudflare
x-timer: S1569307736.789073,VS0,VE1
etag: W/"5d828647-64e"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: f42525bb-da89-11e9-ab02-ce95f6a349c9
expires: Wed, 14 Oct 2020 19:39:55 GMT
cache-control: public, max-age=31622400
cf-ray: 525c05a9dfd89d36-AMS
x-cache-hits: 1, 1

GET
H2 200 sharethis.js Show response
platform-api.sharethis.com/js/ 87 KB
27 KB 36ms
35ms Script
text/javascript 2600:9000:20eb:9600:1c:8a07:5e80:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://platform-api.sharethis.com/js/sharethis.js?ver=ca0f6f836087d310c8d70cd2c91f2976
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:20eb:9600:1c:8a07:5e80:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: /
Resource Hash: fc9ad4a349c92da22eb6998451f9c97d505bbc884595e0a694d4a9e4ef0c734d

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 15:19:30 GMT
content-encoding: gzip
x-amz-cf-pop: FRA2-C1
etag: W/"15d36-iy7p4sU52s+j0OWGFp+NouOChvM"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: text/javascript; charset=utf-8
status: 200
edge-control: cache-maxage=60m,downstream-ttl=60m
cache-control: max-age=600, public
x-amz-cf-id: ARGPUDOOQmtLBIxFtGDALTQGfrxwt7LZpbtbo-AStap8vJtRUvcL7g==
via: 1.1 e86025dac63232624d2273c5fd256ce4.cloudfront.net (CloudFront)

GET
H2 200 footer.js Show response
www.sentinelone.com/wp-content/themes/sentinelone/assets/js/ 37 KB
11 KB 34ms
34ms Script
application/x-javascript 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://www.sentinelone.com/wp-content/themes/sentinelone/assets/js/footer.js?ver=1571069159

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

51ad538f85c2de9b2db831da78b01c53ee5da02f284cdb0f4fe1ac4fd8e87f58

Security Headers

Name	Value
Strict-Transport-Security	max-age=300

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:55 GMT
via: 1.1 varnish
vary: Accept-Encoding
cf-cache-status: HIT
age: 12083
cf-polished: origSize=53631
x-pantheon-styx-hostname: styx-fe4-a-7589bc57f6-7qzfr
x-cache: HIT, HIT
status: 200
cf-bgj: minify
content-encoding: br
x-served-by: cache-mdw17324-MDW, cache-ams21034-AMS
last-modified: Mon, 14 Oct 2019 16:05:59 GMT
server: cloudflare
x-timer: S1571069912.301694,VS0,VE1
etag: W/"5da49ce7-d17f"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=300
content-type: application/x-javascript
x-styx-req-id: 8606a0f0-ee9c-11e9-9aa9-3a17cb1d351c
expires: Wed, 14 Oct 2020 19:39:55 GMT
cache-control: public, max-age=31622400
cf-ray: 525c05a9fff19d36-AMS
x-cache-hits: 1, 1

GET
H2 200 main.js Show response
www.sentinelone.com/wp-content/themes/sentinelone/assets/js/ 130 KB
35 KB 22ms
22ms Script
application/x-javascript 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sentinelone.com/wp-content/themes/sentinelone/assets/js/main.js?ver=ca0f6f836087d310c8d70cd2c91f2976
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 4079db0499412e8533729e95b4e9d6893a93a10c7d1fa8ae548e46e8f70c94bf

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:55 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 3330662
cf-polished: origSize=154987
x-pantheon-styx-hostname: styx-fe4-556fb79d49-jtnpw
x-cache: HIT, HIT
status: 200
cf-bgj: minify
content-encoding: br
x-served-by: cache-mdw17350-MDW, cache-ams21030-AMS
last-modified: Fri, 06 Sep 2019 06:19:11 GMT
server: cloudflare
x-timer: S1567751333.093708,VS0,VE0
etag: W/"5d71fa5f-25d6b"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/x-javascript
x-styx-req-id: 59204a6d-d06e-11e9-a601-de0369eda0de
expires: Wed, 14 Oct 2020 19:39:55 GMT
cache-control: public, max-age=31622400
cf-ray: 525c05aa48519d36-AMS
x-cache-hits: 1, 1

GET
H2 200 css
fonts.googleapis.com/ 21 KB
1 KB 19ms
19ms Stylesheet
text/css 2a00:1450:4001:818::200a
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:818::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

ESF /

Resource Hash

333229d8fc6cdddbe8698b444238abd9c509032d074b334aadf3df2ef0ea768c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: br
last-modified: Mon, 14 Oct 2019 19:39:55 GMT
server: ESF
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
status: 200
date: Mon, 14 Oct 2019 19:39:55 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
x-xss-protection: 0
expires: Mon, 14 Oct 2019 19:39:55 GMT

GET
H2 200 pxiEyp8kv8JHgFVrJJfecnFHGPc.woff2
fonts.gstatic.com/s/poppins/v8/ 8 KB
8 KB 9ms
6ms Font
font/woff2 2a00:1450:4001:816::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v8/pxiEyp8kv8JHgFVrJJfecnFHGPc.woff2

Requested by

Host: go.sentinelone.com
URL: https://go.sentinelone.com/js/forms2/js/forms2.min.js?ver=ca0f6f836087d310c8d70cd2c91f2976

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

fab32ccef85408b763c899ad7c0b910c96c76dc9ed7158ce304fdcd3c0bf8388

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: cors
Referer: https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
Origin: https://www.sentinelone.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 10 Oct 2019 08:42:43 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:24:29 GMT
server: sffe
age: 385033
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 7968
x-xss-protection: 0
expires: Fri, 09 Oct 2020 08:42:43 GMT

GET
H/1.1 200
OK tv2track.js Show response
collector-5527.tvsquared.com/ 20 KB
9 KB 189ms
61ms Script
application/javascript 34.241.136.74
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://collector-5527.tvsquared.com/tv2track.js
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.241.136.74 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-34-241-136-74.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b556b631fa500e2a930169fee2b7268e9c547ed90c8c2d8b2ac6617f1a0553f8

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 14 Oct 2019 19:39:56 GMT
Content-Encoding: gzip
Last-Modified: Mon, 30 Sep 2019 09:43:07 GMT
Server: nginx
ETag: "5d91ce2b-210c"
Content-Type: application/javascript
Cache-Control: max-age=600
Connection: keep-alive
X-Robots-Tag: noindex
Content-Length: 8460
Expires: Mon, 14 Oct 2019 19:49:56 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 187 KB
37 KB 54ms
53ms Script
application/javascript 2a00:1450:4001:81a::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1ce90a671170e905094f16ebd6f3c8be2c45d4833a10557da515f60fee4c2f9d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:56 GMT
content-encoding: br
last-modified: Mon, 14 Oct 2019 18:00:00 GMT
server: Google Tag Manager
access-control-allow-headers: Cache-Control
status: 200
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: http://www.googletagmanager.com
cache-control: private, max-age=900
access-control-allow-credentials: true
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 37354
x-xss-protection: 0
expires: Mon, 14 Oct 2019 19:39:56 GMT

GET
H2 200 getForm Show response
go.sentinelone.com/index.php/form/ 6 KB
2 KB 727ms
726ms Script
application/javascript 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://go.sentinelone.com/index.php/form/getForm?munchkinId=327-MNM-087&form=1985&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdetecting-macos-gmera-malware-through-behavioral-inspection%2F&callback=jQuery1124018284707886589002_1571081996012&_=1571081996013

Requested by

Host: go.sentinelone.com
URL: https://go.sentinelone.com/js/forms2/js/forms2.min.js?ver=ca0f6f836087d310c8d70cd2c91f2976

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

2488f8c2966d62e23b859a321baa7ff4a4e2a0713765b4ae98cbdd53b5dceb3f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: application/javascript; charset=utf-8
status: 200
cf-ray: 525c05ab79db9d36-AMS

GET
H2 200 getForm Show response
go.sentinelone.com/index.php/form/ 6 KB
1 KB 881ms
880ms Script
application/javascript 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://go.sentinelone.com/index.php/form/getForm?munchkinId=327-MNM-087&form=2426&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdetecting-macos-gmera-malware-through-behavioral-inspection%2F&callback=jQuery1124018284707886589002_1571081996014&_=1571081996015

Requested by

Host: go.sentinelone.com
URL: https://go.sentinelone.com/js/forms2/js/forms2.min.js?ver=ca0f6f836087d310c8d70cd2c91f2976

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

6254de8bc8dd45f9679f65ce954d8cd623c66641d52274976d5eb93eeef0bb5f

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
content-type: application/javascript; charset=utf-8
status: 200
cf-ray: 525c05ab89f19d36-AMS

GET
DATA 200
OK truncated
/ 177 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 6fead81d343f693107904c5577dfd9642bb6ec751e305860c940fdcb5e6c4ae8

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 242 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 91eb7001a90f9178135eede72f1c8a5300cababa4a078cb59debaa50de4b1788

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 364 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 223dbeaf95c21e29aad42c8656d9ad41dbe9497df36c95118158609625d95c53

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 pxiByp8kv8JHgFVrLGT9Z1xlFd2JQEk.woff2
fonts.gstatic.com/s/poppins/v8/ 8 KB
8 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:816::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v8/pxiByp8kv8JHgFVrLGT9Z1xlFd2JQEk.woff2

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

5e07f937be00bbef113152fa46b2b2d5df97f405b152881c96e1c5069d8f405d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: cors
Referer: https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
Origin: https://www.sentinelone.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 11 Oct 2019 16:58:58 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:23:41 GMT
server: sffe
age: 268858
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 7960
x-xss-protection: 0
expires: Sat, 10 Oct 2020 16:58:58 GMT

GET
H2 200 pxiByp8kv8JHgFVrLDz8Z1xlFd2JQEk.woff2
fonts.gstatic.com/s/poppins/v8/ 8 KB
8 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:816::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v8/pxiByp8kv8JHgFVrLDz8Z1xlFd2JQEk.woff2

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

0fe2aa289162af5650c4a5ad04948ed0872b83982060632f75b9dbd8520d2c8b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: cors
Referer: https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
Origin: https://www.sentinelone.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Tue, 08 Oct 2019 20:44:24 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:17:57 GMT
server: sffe
age: 514532
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 7988
x-xss-protection: 0
expires: Wed, 07 Oct 2020 20:44:24 GMT

GET
H2 200 pxiByp8kv8JHgFVrLCz7Z1xlFd2JQEk.woff2
fonts.gstatic.com/s/poppins/v8/ 8 KB
8 KB 6ms
5ms Font
font/woff2 2a00:1450:4001:816::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v8/pxiByp8kv8JHgFVrLCz7Z1xlFd2JQEk.woff2

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

56a522e79770e488da6015ed10f8c2bdafbcd87a7c6d443f7a293579bd0ef58d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: cors
Referer: https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
Origin: https://www.sentinelone.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 10 Oct 2019 14:28:40 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:18:02 GMT
server: sffe
age: 364276
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 7924
x-xss-protection: 0
expires: Fri, 09 Oct 2020 14:28:40 GMT

GET
H2 200 fa-solid-900.woff2
www.sentinelone.com/wp-content/themes/sentinelone/assets/webfonts/ 74 KB
74 KB 19ms
19ms Font
font/woff2 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sentinelone.com/wp-content/themes/sentinelone/assets/webfonts/fa-solid-900.woff2
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8d86fae5265d97fb99e40108128776ef137a0f05e4147895820add73c26c05b1

Request headers

Sec-Fetch-Mode: cors
Referer: https://www.sentinelone.com/wp-content/themes/sentinelone/assets/css/style.min.css?ver=1571069159
Origin: https://www.sentinelone.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:56 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 5237059
x-pantheon-styx-hostname: styx-fe4-a-57ddb78b9c-5q5dr
x-cache: HIT, MISS
status: 200
content-length: 75356
x-served-by: cache-mdw17369-MDW, cache-ams21034-AMS
last-modified: Thu, 15 Aug 2019 03:06:00 GMT
server: cloudflare
x-timer: S1565844937.955841,VS0,VE99
etag: "5d54cc18-1265c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
expires: Wed, 14 Oct 2020 19:39:56 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 525c05ab9a089d36-AMS
x-styx-req-id: d5946537-bf09-11e9-95a2-42addebe397d
x-cache-hits: 1, 0

GET
H2 200 fa-brands-400.woff2
www.sentinelone.com/wp-content/themes/sentinelone/assets/webfonts/ 73 KB
73 KB 18ms
17ms Font
font/woff2 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://www.sentinelone.com/wp-content/themes/sentinelone/assets/webfonts/fa-brands-400.woff2
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: bb84784890d0dfbd6f09c0db2bf11725e4c7052e41f7c50940ac887f84747b83

Request headers

Sec-Fetch-Mode: cors
Referer: https://www.sentinelone.com/wp-content/themes/sentinelone/assets/css/style.min.css?ver=1571069159
Origin: https://www.sentinelone.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:56 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 1775062
x-pantheon-styx-hostname: styx-fe4-548fd49669-v8pwv
x-cache: HIT, HIT
status: 200
content-length: 74680
x-served-by: cache-mdw17322-MDW, cache-ams21030-AMS
last-modified: Wed, 18 Sep 2019 19:32:24 GMT
server: cloudflare
x-timer: S1569306935.991825,VS0,VE1
etag: "5d828648-123b8"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: font/woff2
access-control-allow-origin: *
expires: Wed, 14 Oct 2020 19:39:56 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 525c05ab9a0c9d36-AMS
x-styx-req-id: 8810dcfd-da86-11e9-91cd-1e025e98a09f
x-cache-hits: 1, 1

GET
H2 200 pxiGyp8kv8JHgFVrJJLucHtAOvWDSA.woff2
fonts.gstatic.com/s/poppins/v8/ 9 KB
9 KB 8ms
7ms Font
font/woff2 2a00:1450:4001:816::2003
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/poppins/v8/pxiGyp8kv8JHgFVrJJLucHtAOvWDSA.woff2

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:816::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

sffe /

Resource Hash

7930f49c4da455b5c7dd46dd4aaa7260afedf32a341da9fa5f6867cdcf4acee4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: cors
Referer: https://fonts.googleapis.com/css?family=Poppins:100,100i,200,200i,300,300i,400,400i,500,500i,600,600i,700,700i,800,800i,900,900i
Origin: https://www.sentinelone.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Thu, 10 Oct 2019 05:02:43 GMT
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2019 19:24:11 GMT
server: sffe
age: 398233
status: 200
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 9120
x-xss-protection: 0
expires: Fri, 09 Oct 2020 05:02:43 GMT

GET
DATA 200
OK truncated
/ 351 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 4c131a74d2f424e29ffb16d2b03fec20e3f0cae46c4f0aff594cdc8ade80c3ca

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:80b::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80b::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 19 Aug 2019 17:22:41 GMT
server: Golfe2
age: 6346
date: Mon, 14 Oct 2019 17:54:10 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 17803
expires: Mon, 14 Oct 2019 19:54:10 GMT

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 24 KB
9 KB 22ms
22ms Script
text/javascript 216.58.206.2
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

216.58.206.2 Mountain View, United States, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

fra16s20-in-f2.1e100.net

Software

cafe /

Resource Hash

a6b5e22c905bbb22ce9e7aad76eeca32474b5ba7c932893d554b0edfddc7f9e2

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
content-disposition: attachment; filename="f.txt"
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 9184
x-xss-protection: 0
server: cafe
etag: 4597387999763492622
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 14 Oct 2019 19:39:56 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 23 KB
7 KB 93ms
93ms Script
application/javascript 2620:1ec:c11::200
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to

Full URL: https://bat.bing.com/bat.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: /
Resource Hash: b139982ce002c53ddfb65aec1e90704c0a3704fc5aa35247f9323b74a1d3f721

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:55 GMT
content-encoding: gzip
last-modified: Tue, 10 Sep 2019 18:57:28 GMT
x-msedge-ref: Ref A: BD4B356031A74280A364FECEB4E2E696 Ref B: VIEEDGE1111 Ref C: 2019-10-14T19:39:56Z
status: 200
etag: "09c5197968d51:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 7148

GET
H/1.1 200
OK 56a667965d8d21035d00000d.js Show response
tag.marinsm.com/serve/ 10 KB
4 KB 194ms
174ms Script
text/javascript 151.101.12.65
Fastly

General

Check archive.org

Show headers Download Go to

Full URL

https://tag.marinsm.com/serve/56a667965d8d21035d00000d.js

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.12.65 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),

Reverse DNS

Software

Cowboy /

Resource Hash

c689e898f375f195f008ef22c48f7fe5da6751c1fd50620630ba52019ce43df0

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 14 Oct 2019 19:39:56 GMT
Via: 1.1 vegur, 1.1 varnish
X-Content-Type-Options: nosniff
Age: 0
X-Cache: MISS
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 3466
X-Served-By: cache-fra19178-FRA
Server: Cowboy
X-Timer: S1571081996.388289,VS0,VE119
Vary: Accept-Encoding
Content-Type: text/javascript
Cache-Control: max-age=1800
Accept-Ranges: bytes
X-Cache-Hits: 0

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 103 KB
22 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

c6caa5f8a513462ad3a6785f7150bb63deb90ca6347ec42390d08dbe814c331c

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
content-length: 22384
x-xss-protection: 0
pragma: public
x-fb-debug: E5y85+C5/SVtL3cxP+//LtHSXHFnSGIs+espZlohDe56cQ4NjU/MEmXeL/tLvR1fxBTImzDowp01Mu+Kms5Lyg==
x-fb-trip-id: 194532234
x-frame-options: DENY
date: Mon, 14 Oct 2019 19:39:56 GMT
vary: Accept-Encoding
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK lhn-jssdk-current.min.js Show response
developer.livehelpnow.net/js/sdk/ 152 KB
34 KB 602ms
308ms Script
application/javascript 23.253.188.26
Rackspace Hosting

General

Check archive.org

Show headers Download Go to

Full URL: https://developer.livehelpnow.net/js/sdk/lhn-jssdk-current.min.js
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 23.253.188.26 San Antonio, United States, ASN19994 (RACKSPACE - Rackspace Hosting, US),
Reverse DNS
Software: nginx/1.12.2 /
Resource Hash: c6f682a42d0e6df5cc40996f9df6bfa8eea5b711e2f49a4ce41d3fea1d55cd5d

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 14 Oct 2019 19:39:56 GMT
content-encoding: gzip
Server: nginx/1.12.2
etag: 64F5488
vary: Accept-Encoding, Origin
Content-Type: application/javascript
access-control-allow-origin: null
access-control-expose-headers
cache-control: public, max-age=900
access-control-allow-credentials: true
Connection: keep-alive
accept-ranges: bytes
Content-Length: 34086

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 7ms
6ms Script
application/x-javascript 104.111.251.133
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.251.133 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-251-133.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 66f7eaa7a45f696c332cd450771f4be48e110f6afbe1fe7b39c7a95518aeef76

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 14 Oct 2019 19:39:56 GMT
Content-Encoding: gzip
Last-Modified: Fri, 05 Apr 2019 02:53:44 GMT
Server: Apache
ETag: "54520320df20b526337717d6d28181fc:1554432824"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 752

GET
H/1.1 200
OK bf-munchkin.min.js Show response
munchkin.brightfunnel.com/js/build/ 20 KB
7 KB 106ms
8ms Script
application/javascript 143.204.101.88
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 143.204.101.88 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: server-143-204-101-88.fra50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e71e9eb057dbce45fc842c86a300d5410f757f7e0aa9084cb849631528e031f0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 14 Oct 2019 19:37:52 GMT
Content-Encoding: gzip
Connection: keep-alive
Last-Modified: Wed, 06 Jun 2018 17:39:04 GMT
Server: AmazonS3
Age: 125
Vary: Accept-Encoding
X-Cache: Hit from cloudfront
Content-Type: application/javascript
Via: 1.1 ba77f90aac0ddbc2c4c2c02062fac762.cloudfront.net (CloudFront)
Cache-Control: max-age=300
Transfer-Encoding: chunked
X-Amz-Cf-Pop: FRA50-C1
X-Amz-Cf-Id: 3byd92Xf7bipDa7f4PnALsC-HUlowB6iRryhagE9tSMTjJ0hzyxZzw==

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 3 KB
2 KB 23ms
8ms Script
application/x-javascript 2a02:26f0:6c00:28c::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:6c00:28c::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: 41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 14 Oct 2019 19:39:56 GMT
Content-Encoding: gzip
Last-Modified: Mon, 07 Oct 2019 16:41:31 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=15399
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1576

GET
H2 200 qevents.js Show response
a.quora.com/ 11 KB
4 KB 77ms
61ms Script
binary/octet-stream 151.101.13.2
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://a.quora.com/qevents.js
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.13.2 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 49052dedc29d55935c2e8ee6304810244bc8ee8543e83b784aed5ead572c0555

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: o5oQBtRTJ98RtL.utc0fd2mRCQnxCwoJ
content-encoding: gzip
etag: "e4edfba72ae7d549b78192eb73bd6456"
age: 1928
x-cache: HIT
status: 200
content-length: 3429
x-amz-id-2: QlzTR5YxsdI4IB6uBpdVENiy/kpCB6jvOEpck43IeqGyEnUb/gZHE0VlYVlxtn0iwN2VP9ibtUQ=
x-served-by: cache-fra19145-FRA
last-modified: Wed, 21 Aug 2019 14:52:15 GMT
server: AmazonS3
x-amz-meta-s3cmd-attrs: atime:1566399132/ctime:1566399131/gid:1000000/gname:employee/md5:e4edfba72ae7d549b78192eb73bd6456/mode:33188/mtime:1149709104/uid:1000230/uname:xiao
x-timer: S1571081996.393035,VS0,VE0
date: Mon, 14 Oct 2019 19:39:56 GMT
vary: Accept-Encoding
x-amz-request-id: A7E3C8BDB7C500B2
via: 1.1 varnish
cache-control: max-age=7200
accept-ranges: bytes
content-type: binary/octet-stream
x-cache-hits: 430

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 6ms
5ms Script
application/javascript 151.101.112.157
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: /
Resource Hash: 319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:56 GMT
content-encoding: gzip
age: 41226
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1954
x-served-by: cache-hhn4078-HHN
last-modified: Tue, 23 Jan 2018 20:09:00 GMT
x-timer: S1571081996.376427,VS0,VE0
etag: "b7b33882a4f3ffd5cbf07434f3137166+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 16 KB
5 KB 87ms
5ms Script
application/javascript 151.101.113.140
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.113.140 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: snooserv /
Resource Hash: 3d15b6c83aceefb58ef1dd147c1a7ed7a76254c039387416abaf9f7c66beb032

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:56 GMT
content-encoding: gzip
age: 17
x-cache: HIT, HIT
status: 200
content-length: 5325
x-served-by: cache-iad2123-IAD, cache-hhn4043-HHN
last-modified: Thu, 29 Aug 2019 19:06:18 GMT
server: snooserv
x-timer: S1571081996.464511,VS0,VE0
etag: "364dd685e7a12d491363ff4e900fd6fa"
vary: Accept-Encoding,Origin
content-type: application/javascript
via: 1.1 varnish, 1.1 varnish
cache-control: public, max-age=60
accept-ranges: bytes
x-cache-hits: 1, 13

GET
H/1.1 200
OK tv2track.php
collector-5527.tvsquared.com/ 43 B
371 B 91ms
90ms Image
image/gif 34.241.136.74
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://collector-5527.tvsquared.com/tv2track.php?action_name=Detecting%20macOS.GMERA%20Malware%20Through%20Behavioral%20Inspection&idsite=TV-45457227-1&rec=1&r=416325&h=21&m=39&s=56&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdetecting-macos-gmera-malware-through-behavioral-inspection%2F&_id=95ce05dfb62bb2af&_idts=1571081996&_idvc=0&_idn=1&_viewts=&cookie=1&res=1600x1200&gt_ms=1296
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.241.136.74 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-34-241-136-74.eu-west-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 14 Oct 2019 19:39:56 GMT
Server: nginx
Connection: keep-alive
P3P: CP='OTI DSP COR NID STP UNI OTPa OUR'
Content-Length: 43
Content-Type: image/gif

GET
H2

200

ga-audiences
www.google.de/ads/
Redirect Chain

https://www.google-analytics.com/r/collect?v=1&_v=j79&a=1030203491&t=pageview&_s=1&dl=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdetecting-macos-gmera-malware-through-behavioral-inspection%2F&ul=en...
https://stats.g.doubleclick.net/r/collect?v=1&aip=1&t=dc&_r=3&tid=UA-38175129-1&cid=1591324942.1571081997&jid=1950630954&_gid=1382471389.1571081997&gjid=1013278698&_v=j79&z=1511826739
https://www.google.com/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-38175129-1&cid=1591324942.1571081997&jid=1950630954&_v=j79&z=1511826739
https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-38175129-1&cid=1591324942.1571081997&jid=1950630954&_v=j79&z=1511826739&slf_rd=1&random=952466514

42 B
109 B

30ms
30ms

Image
image/gif

2a00:1450:4001:819::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-38175129-1&cid=1591324942.1571081997&jid=1950630954&_v=j79&z=1511826739&slf_rd=1&random=952466514

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Oct 2019 19:39:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Mon, 14 Oct 2019 19:39:56 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 302
content-type: text/html; charset=UTF-8
location: https://www.google.de/ads/ga-audiences?v=1&aip=1&t=sr&_r=4&tid=UA-38175129-1&cid=1591324942.1571081997&jid=1950630954&_v=j79&z=1511826739&slf_rd=1&random=952466514
cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 0
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 300800713594069 Show response
connect.facebook.net/signals/config/ 281 KB
65 KB 151ms
150ms Script
application/x-javascript 2a03:2880:f01c:8012:face:b00c:0:3
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/300800713594069?v=2.9.5&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f01c:8012:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

e66d05d503b4cc1e79d89032cdb16140a6cd9a310b0d4d8063b9aa140a421aec

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-fb-trip-id: 194532234
pragma: public
x-fb-debug: 4ToM+Abi4tyo4nc6JxoZQfkoqpCbxm1RtTuTGwYiOxCQaFDHlUsKRwP0t4G0oGce7UeIpD0N3Kg90K+m04jwLA==
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: DENY
date: Mon, 14 Oct 2019 19:39:56 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
content-type: application/x-javascript; charset=utf-8
status: 200
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
vary: Accept-Encoding
x-xss-protection: 0
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 me Show response
geoip-js.maxmind.com/geoip/v2.1/country/ 771 B
1 KB 89ms
57ms XHR
application/vnd.maxmind.com-country+json 2606:4700::6810:252f
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL: https://geoip-js.maxmind.com/geoip/v2.1/country/me?referrer=https%3A%2F%2Fwww.sentinelone.com
Requested by: Host: js.maxmind.com
URL: https://js.maxmind.com/js/apis/geoip2/v2.1/geoip2.js?ver=ca0f6f836087d310c8d70cd2c91f2976
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:252f , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: e0564fcbd61a1b36690883c0aa8b28ef01ad2acf749e888edbf494b69c49f119

Request headers

Sec-Fetch-Mode: cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:56 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
status: 200
content-type: application/vnd.maxmind.com-country+json; charset=UTF-8; version=2.1
access-control-allow-origin: *
cf-ray: 525c05af5a1acba4-VIE
content-length: 771

GET
H2 200 portal.html
c.sharethis.mgr.consensu.org/ Frame CDE1 0
0 13ms
13ms Document
text/html 2600:9000:2156:4200:c:a9b7:ddc0:93a1
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://c.sharethis.mgr.consensu.org/portal.html
Requested by: Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js?ver=ca0f6f836087d310c8d70cd2c91f2976
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2600:9000:2156:4200:c:a9b7:ddc0:93a1 , United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
Software: /
Resource Hash

Request headers

:method: GET
:authority: c.sharethis.mgr.consensu.org
:scheme: https
:path: /portal.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: nested-navigate
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
referer: https://www.sentinelone.com/
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Referer: https://www.sentinelone.com/

Response headers

status: 200
content-type: text/html; charset=utf-8
accept-ranges: bytes
content-encoding: gzip
edge-control: cache-maxage=60m,downstream-ttl=60m
last-modified: Mon, 30 Sep 2019 19:20:14 GMT
date: Mon, 14 Oct 2019 19:36:22 GMT
cache-control: max-age=600, public
etag: W/"361b-16d839db5b0"
vary: Accept-Encoding
x-cache: Hit from cloudfront
via: 1.1 0d37b2e69745cd9f0c5457fbf1a83129.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA50-C1
x-amz-cf-id: I0T9kyPhrpdYkrju0yMJ_SpaTXfDIzmbB3RjEfnPFJNTkpjvczwcOA==
age: 215

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/155/ 9 KB
4 KB 80ms
80ms Script
application/x-javascript 104.111.251.133
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/155/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 104.111.251.133 , Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a104-111-251-133.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: efb6b9732bf508ee305363b10cf2a67ace474e06eb42642f2c3696b2442a5775

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 14 Oct 2019 19:39:56 GMT
Content-Encoding: gzip
Last-Modified: Fri, 30 Nov 2018 03:18:20 GMT
Server: Apache
ETag: "c67dad42946949112916578f78706df8:1543547900"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 3923
Expires: Wed, 22 Jan 2020 19:39:56 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/970186784/ 2 KB
1 KB 98ms
20ms Script
text/javascript 2a00:1450:4001:81a::2002
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/970186784/?random=1571081996674&cv=9&fst=1571081996674&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wga21&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdetecting-macos-gmera-malware-through-behavioral-inspection%2F&tiba=Detecting%20macOS.GMERA%20Malware%20Through%20Behavioral%20Inspection&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81a::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

a957fbc6d56d40f2f9f179a5101c056e5254d06578a744db4e89e5e77900b18e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Oct 2019 19:39:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
status: 200
cache-control: no-cache, must-revalidate
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 992
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=432890&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdetecting-macos-gmera-malware-through-behavioral-inspection%2F&time=1571081996676
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D432890%26url%3Dhttps%253A%252F%252Fwww.sentinelone.com%252Fblog%252Fdetecting-mac...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=432890&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdetecting-macos-gmera-malware-through-behavioral-inspection%2F&time=1571081996676&liSync=true

0
93 B

162ms
162ms

Image
application/javascript

2a05:f500:11:101::b93f:9005
LinkedIn Corporation

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=432890&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdetecting-macos-gmera-malware-through-behavioral-inspection%2F&time=1571081996676&liSync=true
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:57 GMT
content-encoding: gzip
server: Play
vary: Accept-Encoding
x-li-fabric: prod-lor1
status: 200
x-li-proto: http/2
x-li-pop: prod-tln1
content-type: application/javascript
content-length: 20
x-li-uuid: oziUo8CazRVQmY9v5ioAAA==

Redirect headers

date: Mon, 14 Oct 2019 19:39:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 302
vary: Accept-Encoding
content-length: 20
x-li-uuid: pASCmMCazRWwtczf0SoAAA==
server: Play
pragma: no-cache
x-li-pop: prod-tln1
x-frame-options: sameorigin
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
strict-transport-security: max-age=2592000
x-li-fabric: prod-lor1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=432890&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdetecting-macos-gmera-malware-through-behavioral-inspection%2F&time=1571081996676&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
content-security-policy: default-src *; connect-src 'self' static.licdn.com media.licdn.com static-exp1.licdn.com static-exp2.licdn.com media-exp1.licdn.com media-exp2.licdn.com https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob:; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' platform.linkedin.com spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK pixel
q.quora.com/_/ad/ea333f827b114f8cb49ce787666ea90b/ 43 B
456 B 474ms
93ms Image
image/gif 3.223.86.3
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://q.quora.com/_/ad/ea333f827b114f8cb49ce787666ea90b/pixel?j=1&u=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdetecting-macos-gmera-malware-through-behavioral-inspection%2F&tag=ViewContent&ts=1571081996677
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.223.86.3 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-3-223-86-3.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 14 Oct 2019 19:39:57 GMT
Server: nginx
Connection: keep-alive
Content-Length: 43
X-Q-Stat: 81,932b0ee35561520ee2e45fd45e672788,10.0.4.205,34996,144.76.109.30,,6809820873,1,1571081997.106,0.002,,.,0,0,0.000,0.000,-,0,0,304,278,139,10,26847,,,,,,,
Content-Type: image/gif

GET
H2 204 0
bat.bing.com/action/ 0
174 B 120ms
47ms Image
text/plain 2620:1ec:c11::200
Microsoft Corpora...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bat.bing.com/action/0?ti=25019324&Ver=2&mid=c12f55eb-0778-0e26-0143-1156b9066900&pi=0&lg=en-US&sw=1600&sh=1200&sc=24&tl=Detecting%20macOS.GMERA%20Malware%20Through%20Behavioral%20Inspection&p=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdetecting-macos-gmera-malware-through-behavioral-inspection%2F&r=&evt=pageLoad&msclkid=N&rn=904460
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK - Microsoft Corporation, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 204
pragma: no-cache
date: Mon, 14 Oct 2019 19:39:55 GMT
cache-control: no-cache, must-revalidate
x-msedge-ref: Ref A: 78BA770EBC52416FAE197042A726305F Ref B: VIEEDGE1111 Ref C: 2019-10-14T19:39:56Z
access-control-allow-origin: *
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK rp.gif
alb.reddit.com/ 35 B
316 B 399ms
92ms Image
image/gif 34.233.22.190
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1571081996681&id=t2_49y2da7g&event=PageVisit&s=z%2BGfHl1Zdcpw6WO8bMT7k7g%2Ff5wu5QAEHHAV4znF2XM%3D
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.233.22.190 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-233-22-190.compute-1.amazonaws.com
Software: /
Resource Hash: 6a842ea462daca2a0b5a0f5f25bcfc8e0059ac811ca6c6a1bc54e4d9119621c3

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 14 Oct 2019 19:39:57 GMT
Cache-Control: no-cache, no-store, must-revalidate
Connection: keep-alive
Content-Length: 35
Content-Type: image/gif

GET
H/1.1

200
OK

tagjs Show response
pixel-geo.prfct.co/
Redirect Chain

https://pixel-geo.prfct.co/tagjs?a_id=56252&source=js_tag
https://pixel-geo.prfct.co/tagjs?check_cookie=1&a_id=56252&source=js_tag

83 B
411 B

55ms
54ms

Script
text/javascript

34.252.172.232
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel-geo.prfct.co/tagjs?check_cookie=1&a_id=56252&source=js_tag
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.252.172.232 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-34-252-172-232.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 5b91b48f4444cc2818966a82275464cec6ebffa7f881ae699d5fcb019fcae28f

Request headers

Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Cache-Control: no-store, no-cache, private
Connection: keep-alive
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Content-Length: 83
Content-Type: text/javascript

Redirect headers

Location: https://pixel-geo.prfct.co/tagjs?check_cookie=1&a_id=56252&source=js_tag
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H2 200 tadas-sar-717999-unsplash-768x576.jpg
www.sentinelone.com/wp-content/uploads/2017/06/ 39 KB
39 KB 24ms
23ms Image
image/jpeg 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://www.sentinelone.com/wp-content/uploads/2017/06/tadas-sar-717999-unsplash-768x576.jpg
Requested by: Host: munchkin.brightfunnel.com
URL: https://munchkin.brightfunnel.com/js/build/bf-munchkin.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software: cloudflare /
Resource Hash: 747240f550af0fb18ac6d397b9e20361d277fd62452b5f81f0bc9f6148fc87f5

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:56 GMT
via: 1.1 varnish
cf-cache-status: HIT
age: 1517056
x-pantheon-styx-hostname: styx-fe4-8f95b5fb6-9psk4
x-cache: HIT, MISS
status: 200
content-length: 39564
x-served-by: cache-mdw17325-MDW, cache-ams21037-AMS
last-modified: Fri, 22 Mar 2019 05:40:07 GMT
server: cloudflare
x-timer: S1569564941.733586,VS0,VE97
etag: "5c947537-9a8c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: image/jpeg
x-styx-req-id: fd066376-df7c-11e9-bb65-96592e45102c
expires: Wed, 14 Oct 2020 19:39:56 GMT
cache-control: public, max-age=31622400
accept-ranges: bytes
cf-ray: 525c05afff899d36-AMS
x-cache-hits: 1, 0

GET
H/1.1 200
OK get_counts Show response
count-server.sharethis.com/v2.0/ 271 B
517 B 390ms
114ms Script
text/javascript 3.210.94.27
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://count-server.sharethis.com/v2.0/get_counts?cb=window.__sharethis__.cb1&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdetecting-macos-gmera-malware-through-behavioral-inspection%2F
Requested by: Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js?ver=ca0f6f836087d310c8d70cd2c91f2976
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.210.94.27 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-3-210-94-27.compute-1.amazonaws.com
Software: / Express
Resource Hash: 39a77eb6cae33385ae4ac8adf32399127519a6facb26cef5e9a8de91dc3995f3

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 14 Oct 2019 19:39:57 GMT
Cache-Control: public, max-age=900
ETag: 6183b7054280983dac634afb2a20e4bf
Connection: keep-alive
X-Powered-By: Express
Content-Length: 271
Content-Type: text/javascript; charset=utf-8

GET
H2 200 adsct
t.co/i/ 43 B
170 B 131ms
131ms Image
image/gif 104.244.42.69
Twitter Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nv1yw&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.69 , United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:56 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 126
pragma: no-cache
last-modified: Mon, 14 Oct 2019 19:39:56 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 099fcfdf334609e06c06b572b3029d2c
x-transaction: 00e0a46800b80426
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H/1.1 200
OK visitWebPage Show response
327-mnm-087.mktoresp.com/webevents/ 2 B
303 B 497ms
98ms XHR
text/plain 192.28.144.124
Adobe Systems Inc.

General

Check archive.org

Show headers Download Go to

Full URL: https://327-mnm-087.mktoresp.com/webevents/visitWebPage?_mchNc=1571081996756&_mchCn=&_mchId=327-MNM-087&_mchTk=_mch-sentinelone.com-1571081996756-87074&_mchHo=www.sentinelone.com&_mchPo=&_mchRu=%2Fblog%2Fdetecting-macos-gmera-malware-through-behavioral-inspection%2F&_mchPc=https%3A&_mchVr=155&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/155/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 192.28.144.124 , United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
Software: akka-http/10.1.7 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Sec-Fetch-Mode: cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 14 Oct 2019 19:39:57 GMT
Content-Encoding: gzip
Server: akka-http/10.1.7
Transfer-Encoding: chunked
X-Request-Id: 4237c13e-7586-4d1c-baff-89238a9c85b4
Content-Type: text/plain; charset=UTF-8

GET
H2 200 /
www.google.com/pagead/1p-user-list/970186784/ 42 B
122 B 22ms
21ms Image
image/gif 2a00:1450:4001:81d::2004
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/970186784/?random=1571081996674&cv=9&fst=1571079600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wga21&sendb=1&frm=0&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdetecting-macos-gmera-malware-through-behavioral-inspection%2F&tiba=Detecting%20macOS.GMERA%20Malware%20Through%20Behavioral%20Inspection&async=1&fmt=3&is_vtc=1&random=1847722924&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Oct 2019 19:39:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.de/pagead/1p-user-list/970186784/ 42 B
110 B 39ms
39ms Image
image/gif 2a00:1450:4001:819::2003
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-user-list/970186784/?random=1571081996674&cv=9&fst=1571079600000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=0&u_nmime=0&gtm=2wga21&sendb=1&frm=0&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdetecting-macos-gmera-malware-through-behavioral-inspection%2F&tiba=Detecting%20macOS.GMERA%20Malware%20Through%20Behavioral%20Inspection&async=1&fmt=3&is_vtc=1&random=1847722924&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:819::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Oct 2019 19:39:56 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
status: 200
cache-control: no-cache, no-store, must-revalidate
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 forms2.css
go.sentinelone.com/js/forms2/css/ 11 KB
2 KB 60ms
59ms Stylesheet
text/css 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://go.sentinelone.com/js/forms2/css/forms2.css

Requested by

Host: go.sentinelone.com
URL: https://go.sentinelone.com/js/forms2/js/forms2.min.js?ver=ca0f6f836087d310c8d70cd2c91f2976

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca37defba3e7908b75ff5acc26ef0010d590b5fe04b9bc1ca48e81dbc59223df

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4215
cf-polished: origSize=13304
status: 200
last-modified: Wed, 25 Sep 2019 18:55:06 GMT
cf-bgj: minify
server: cloudflare
etag: W/"8a0b9a-33f8-5936530f69680"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
cf-ray: 525c05b00f8d9d36-AMS
expires: Mon, 14 Oct 2019 23:39:56 GMT

GET
H2 200 forms2-theme-plain.css
go.sentinelone.com/js/forms2/css/ 745 B
534 B 33ms
33ms Stylesheet
text/css 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://go.sentinelone.com/js/forms2/css/forms2-theme-plain.css

Requested by

Host: go.sentinelone.com
URL: https://go.sentinelone.com/js/forms2/js/forms2.min.js?ver=ca0f6f836087d310c8d70cd2c91f2976

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

d85715179f69128f2d7295d52f7a305264366d6f8e59ce0c6c45918c26646ab1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:56 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
age: 4215
cf-polished: origSize=828
status: 200
last-modified: Wed, 25 Sep 2019 18:55:06 GMT
cf-bgj: minify
server: cloudflare
etag: W/"8a0b9c-33c-5936530f69680"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/css
cache-control: public, max-age=14400
cf-ray: 525c05b00fa59d36-AMS
expires: Mon, 14 Oct 2019 23:39:56 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
200 B 6ms
5ms Image
image/gif 2a03:2880:f11c:8083:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=300800713594069&ev=PageView&dl=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdetecting-macos-gmera-malware-through-behavioral-inspection%2F&rl=&if=false&ts=1571081996992&sw=1600&sh=1200&v=2.9.5&r=stable&ec=0&o=30&fbp=fb.1.1571081996990.1053397388&it=1571081996655&coo=false&rqm=GET

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:56 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
content-length: 44
expires: Mon, 14 Oct 2019 19:39:56 GMT

GET
H2 200 ga.js Show response
ga.clearbit.com/v1/ 4 KB
1 KB 357ms
282ms Script
application/javascript 52.56.51.220
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://ga.clearbit.com/v1/ga.js?authorization=pk_ed7b4bbadb390cf24ef37a1223019246
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-KGGXSJ
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.56.51.220 London, United Kingdom, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-56-51-220.eu-west-2.compute.amazonaws.com
Software: envoy /
Resource Hash: 3b3c7778ba4e247b97d37e9559528c0f1524faf72de80d4312a322e5e2420d65

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:57 GMT
content-encoding: gzip
server: envoy
x-api-version: 2018-03-28
vary: Accept-Encoding
x-account-id: 330680ff-f4de-4d19-81d4-375af65453c9
status: 200
content-type: application/javascript;charset=utf-8

GET
H2 200 XDFrame Show response
go.sentinelone.com/index.php/form/ Frame 74D6 2 KB
670 B 166ms
108ms Document
text/html 104.24.117.125
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://go.sentinelone.com/index.php/form/XDFrame

Requested by

Host: go.sentinelone.com
URL: https://go.sentinelone.com/js/forms2/js/forms2.min.js?ver=ca0f6f836087d310c8d70cd2c91f2976

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.24.117.125 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

369da070010b5ab76547cee5045e1a7f72c29368b1eab64a2845e2488c513148

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

:method: GET
:authority: go.sentinelone.com
:scheme: https
:path: /index.php/form/XDFrame
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: nested-navigate
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: same-site
referer: https://www.sentinelone.com/
accept-encoding: gzip, deflate, br
cookie: _ga=GA1.2.1591324942.1571081997; _gid=GA1.2.1382471389.1571081997; _gat_UA-38175129-1=1; bf_lead=70msn2a368l00; _mkto_trk=id:327-MNM-087&token:_mch-sentinelone.com-1571081996756-87074; __cfduid=d71cd0f56de6861d1e3be806dd3d06ff11571081996; BIGipServerab14web-nginx-app_https=!bBSzQgDVspbuw6Bybf/nLIVwOTHiDirz7NfmlmCtnGkV24xnTLjUfyZPYOd89Io+vIK41sjWrdWfzG4=; _fbp=fb.1.1571081996990.1053397388
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Referer: https://www.sentinelone.com/

Response headers

status: 200
date: Mon, 14 Oct 2019 19:39:57 GMT
content-type: text/html; charset=utf-8
cache-control: max-age=3600
strict-transport-security: max-age=63113904
x-content-type-options: nosniff
vary: Accept-Encoding
cf-cache-status: DYNAMIC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 525c05b24ab59d36-AMS
content-encoding: br

GET
H2

200

adsct
analytics.twitter.com/i/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=twtr
https://analytics.twitter.com/i/adsct?p_id=48571&p_user_id=pa_aFVeZvsxxJI8ImQrE

43 B
294 B

116ms
116ms

Image
image/gif

104.244.42.131
Twitter Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?p_id=48571&p_user_id=pa_aFVeZvsxxJI8ImQrE

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 65
x-xss-protection: 0
x-response-time: 108
pragma: no-cache
last-modified: Mon, 14 Oct 2019 19:39:57 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: d432aa13f26105c4f3d20ea18727e1d2
x-transaction: 00f765f90028d00c
expires: Tue, 31 Mar 1981 05:00:00 GMT

Redirect headers

Location: https://analytics.twitter.com/i/adsct?p_id=48571&p_user_id=pa_aFVeZvsxxJI8ImQrE
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H/1.1

200
OK

cb
pixel.prfct.co/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=yah
https://ads.yahoo.com/cms/v1?nwid=10001073209&eid=pa_aFVeZvsxxJI8ImQrE&sigv=1&esig=2~f3e1dd52b28378e9631d7dc8da45b4733991918a
https://pixel.prfct.co/cb?partnerId=yah&xid=E0&eid=pa_aFVeZvsxxJI8ImQrE

43 B
460 B

371ms
89ms

Image
image/gif

3.81.196.225
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.prfct.co/cb?partnerId=yah&xid=E0&eid=pa_aFVeZvsxxJI8ImQrE
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.81.196.225 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-3-81-196-225.compute-1.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Cache-Control: no-store, no-cache, private
Connection: keep-alive
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Content-Length: 43
Content-Type: image/gif

Redirect headers

Date: Mon, 14 Oct 2019 19:39:57 GMT
X-Content-Type-Options: nosniff
Server: ATS
Age: 0
Expect-CT: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
Strict-Transport-Security: max-age=31536000
P3P: policyref="https://policies.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Location: https://pixel.prfct.co/cb?partnerId=yah&xid=E0&eid=pa_aFVeZvsxxJI8ImQrE
Connection: keep-alive
Content-Length: 0
X-XSS-Protection: 1; mode=block

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=opx
https://us-u.openx.net/w/1.0/sd?id=537114372&val=pa_aFVeZvsxxJI8ImQrE
https://us-u.openx.net/w/1.0/sd?cc=1&id=537114372&val=pa_aFVeZvsxxJI8ImQrE

43 B
183 B

18ms
18ms

Image
image/gif

34.95.120.147
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537114372&val=pa_aFVeZvsxxJI8ImQrE
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.95.120.147 , United States, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS: 147.120.95.34.bc.googleusercontent.com
Software: OXGW/16.163.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 14 Oct 2019 19:39:57 GMT
via: 1.1 google
server: OXGW/16.163.0
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
status: 200
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: clear
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Mon, 14 Oct 2019 19:39:57 GMT
via: 1.1 google
server: OXGW/16.163.0
status: 302
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537114372&val=pa_aFVeZvsxxJI8ImQrE
alt-svc: clear
content-length: 0

GET
H/1.1

204
No Content

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=rbcn
https://pixel.rubiconproject.com/tap.php?v=189868&nid=4106&expires=30&put=pa_aFVeZvsxxJI8ImQrE

0
239 B

41ms
11ms

Image
image/gif

69.173.144.136
The Rubicon Project

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=189868&nid=4106&expires=30&put=pa_aFVeZvsxxJI8ImQrE
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 69.173.144.136 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT - The Rubicon Project, Inc., US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost: 4cdacfaa68e4ab216fffbcc107c5b898
Content-Type: image/gif

Redirect headers

Location: https://pixel.rubiconproject.com/tap.php?v=189868&nid=4106&expires=30&put=pa_aFVeZvsxxJI8ImQrE
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

GET
H/1.1

200
OK

cb
pixel-geo.prfct.co/
Redirect Chain

https://pixel-geo.prfct.co/cs/?partnerId=goo
https://cm.g.doubleclick.net/pixel?google_nid=nowspots_bidder&google_hm=cGFfYUZWZVp2c3h4Skk4SW1RckU
https://pixel-geo.prfct.co/cb?partnerId=goo

43 B
365 B

29ms
29ms

Image
image/gif

34.252.172.232
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-geo.prfct.co/cb?partnerId=goo
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.252.172.232 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-34-252-172-232.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Cache-Control: no-store, no-cache, private
Connection: keep-alive
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Content-Length: 43
Content-Type: image/gif

Redirect headers

pragma: no-cache
date: Mon, 14 Oct 2019 19:39:57 GMT
server: HTTP server (unknown)
status: 302
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://pixel-geo.prfct.co/cb?partnerId=goo
cache-control: no-cache, must-revalidate
content-type: text/html; charset=UTF-8
alt-svc: quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43",h3-Q048="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000
content-length: 240
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK /
pixel-geo.prfct.co/seg/ 43 B
365 B 182ms
109ms Image
image/gif 34.252.172.232
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel-geo.prfct.co/seg/?add=4530935&source=js_tag&a_id=56252
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.252.172.232 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-34-252-172-232.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Cache-Control: no-store, no-cache, private
Connection: keep-alive
P3P: CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Content-Length: 43
Content-Type: image/gif

GET
H/1.1

200
OK

bounce
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/seg?t=2&add=4530935
https://secure.adnxs.com/bounce?%2Fseg%3Ft%3D2%26add%3D4530935

43 B
1018 B

47ms
14ms

Image
image/gif

185.33.223.202
AppNexus

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fseg%3Ft%3D2%26add%3D4530935

Requested by

Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

185.33.223.202 , Netherlands, ASN29990 (ASN-APPNEXUS - AppNexus, Inc, US),

Reverse DNS

318.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net

Software

nginx/1.13.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 14 Oct 2019 19:39:59 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 318.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.19:80
AN-X-Request-Uuid: e0aa36e4-fe86-4fe8-8e04-49d1dba32cd8
Server: nginx/1.13.4
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 14 Oct 2019 19:39:59 GMT
X-Proxy-Origin: 144.76.109.30; 144.76.109.30; 318.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.220.80:80
AN-X-Request-Uuid: 86d00102-07a5-4e9b-b0b3-debe2bdf0ef9
Server: nginx/1.13.4
Access-Control-Allow-Origin: *
P3P: policyref="http://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://secure.adnxs.com/bounce?%2Fseg%3Ft%3D2%26add%3D4530935
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

sc Show response
l.sharethis.com/
Redirect Chain

https://l.sharethis.com/pview?event=pview&version=st_sop.js&lang=en&hostname=www.sentinelone.com&location=%2Fblog%2Fdetecting-macos-gmera-malware-through-behavioral-inspection%2F&product=custom-sha...
https://l.sharethis.com/sc?cm=ZHQABl2kzw0AAAATMv8hAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdetecting-macos-gmera-malware-through-behavioral-inspection%2F&sop=true

52 B
511 B

7ms
7ms

XHR
text/plain

18.196.132.129
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://l.sharethis.com/sc?cm=ZHQABl2kzw0AAAATMv8hAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdetecting-macos-gmera-malware-through-behavioral-inspection%2F&sop=true
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.196.132.129 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-196-132-129.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: bd767259c1f71a025cfeb07fc71d1bd31a8a20d2a32540e8cd5395cb980cd1e6

Request headers

Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 14 Oct 2019 19:39:57 GMT
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://www.sentinelone.com
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
Access-Control-Allow-Headers: *
Content-Length: 52
Stid: ZHQABl2kzw0AAAATMv8hAw==

Redirect headers

Date: Mon, 14 Oct 2019 19:39:57 GMT
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: https://www.sentinelone.com
Access-Control-Max-Age: 1728000
P3p: policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Location: /sc?cm=ZHQABl2kzw0AAAATMv8hAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdetecting-macos-gmera-malware-through-behavioral-inspection%2F&sop=true
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
X-Robots-Tag: noindex, nofollow
Access-Control-Allow-Headers: *
Content-Length: 210
Stid: ZHQABl2kzw0AAAATMv8hAw==

GET
H2 200 forms2.min.js Show response
app-ab14.marketo.com/js/forms2/js/ Frame 74D6 169 KB
58 KB 211ms
15ms Script
application/x-javascript 104.16.94.80
Cloudflare

General

Check archive.org

Show headers Download Go to

Full URL

https://app-ab14.marketo.com/js/forms2/js/forms2.min.js

Requested by

Host: go.sentinelone.com
URL: https://go.sentinelone.com/index.php/form/XDFrame

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.16.94.80 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),

Reverse DNS

Software

cloudflare /

Resource Hash

321bbcc4cc57483b7e329186e5159498b668ddde87cb64696ddcdc95176cce82

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904
X-Content-Type-Options	nosniff

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://go.sentinelone.com/index.php/form/XDFrame
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
age: 2659
status: 200
vary: Accept-Encoding
last-modified: Wed, 25 Sep 2019 18:55:06 GMT
server: cloudflare
etag: "19c06bd-2a536-5936530f69680"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=63113904
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=14400
cf-ray: 525c05b42af0c2e0-FRA
expires: Mon, 14 Oct 2019 23:39:57 GMT

POST
H2 200 /
www.facebook.com/tr/ Frame 36D0 0
0 6ms
5ms Document
text/plain 2a03:2880:f11c:8083:face:b00c:0:25de
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://www.facebook.com/tr/

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f11c:8083:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

:method: POST
:authority: www.facebook.com
:scheme: https
:path: /tr/
content-length: 6569
pragma: no-cache
cache-control: no-cache
origin: https://www.sentinelone.com
upgrade-insecure-requests: 1
content-type: application/x-www-form-urlencoded
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
sec-fetch-mode: nested-navigate
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
sec-fetch-site: cross-site
referer: https://www.sentinelone.com/
accept-encoding: gzip, deflate, br
cookie: fr=0wO7KypSvB5rDnJ9d..BdpM8M...1.0.BdpM8M.
Origin: https://www.sentinelone.com
Upgrade-Insecure-Requests: 1
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Mode: nested-navigate
Referer: https://www.sentinelone.com/

Response headers

status: 200
content-type: text/plain
access-control-allow-origin: https://www.sentinelone.com
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-length: 0
server: proxygen-bolt
date: Mon, 14 Oct 2019 19:39:57 GMT

GET
H2 200 nr-1130.min.js Show response
js-agent.newrelic.com/ 24 KB
9 KB 6ms
6ms Script
application/javascript 151.101.14.110
Fastly

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-1130.min.js
Requested by: Host: www.sentinelone.com
URL: https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.14.110 Frankfurt am Main, Germany, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0e78b8cde09dbe0fc473f87bc77ec30ccc56780398d8676cf93c4aaec432257f

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:57 GMT
content-encoding: gzip
x-amz-request-id: 8174A4BD27442C39
x-cache: HIT
status: 200
content-length: 9407
x-amz-id-2: okRb4AqloAZZ3+qaWnpqMQYC7hkPpbr/Yrluzst01SO9f1ckk5T9tspUtBHMBazVI7CvXAVZCdo=
x-served-by: cache-fra19126-FRA
last-modified: Tue, 09 Jul 2019 23:52:06 GMT
server: AmazonS3
x-timer: S1571081998.754138,VS0,VE0
etag: "73f8857196b9ef7fd3b302cbc557b8ac"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 19874

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
117 B 134ms
133ms Script
application/javascript 104.244.42.131
Twitter Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nv1yw&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdetecting-macos-gmera-malware-through-behavioral-inspection%2F

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER - Twitter Inc., US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 14 Oct 2019 19:39:57 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=631138519
content-length: 57
x-xss-protection: 0
x-response-time: 127
pragma: no-cache
last-modified: Mon, 14 Oct 2019 19:39:57 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: d432aa13f26105c4f3d20ea18727e1d2
x-transaction: 0015279c00462f10
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H/1.1 200
OK lhn-jquery-1.11.0.min.js Show response
developer.livehelpnow.net/js/ 113 KB
35 KB 105ms
105ms Script
application/javascript 23.253.188.26
Rackspace Hosting

General

Check archive.org

Show headers Download Go to

Full URL: https://developer.livehelpnow.net/js/lhn-jquery-1.11.0.min.js
Requested by: Host: developer.livehelpnow.net
URL: https://developer.livehelpnow.net/js/sdk/lhn-jssdk-current.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 23.253.188.26 San Antonio, United States, ASN19994 (RACKSPACE - Rackspace Hosting, US),
Reverse DNS
Software: nginx/1.12.2 /
Resource Hash: d9489da9d99ea1ec11ff83caf99f0ecb424a4bce4c834dd03e2d77df4e03ee60

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 14 Oct 2019 19:39:57 GMT
content-encoding: gzip
Server: nginx/1.12.2
etag: 61C0144
vary: Accept-Encoding, Origin
Content-Type: application/javascript
access-control-allow-origin: null
access-control-expose-headers
cache-control: public, max-age=900
access-control-allow-credentials: true
Connection: keep-alive
accept-ranges: bytes
Content-Length: 35578

GET
H/1.1 200
OK ff6fa290ed Show response
bam.nr-data.net/1/ 57 B
261 B 113ms
112ms Script
text/javascript 162.247.242.21
New Relic

General

Check archive.org

Show headers Download Go to

Full URL: https://bam.nr-data.net/1/ff6fa290ed?a=81984029&v=1130.54e767a&to=YVZaMEoHDRVTBkZcC1gceQdMDwwIHRZbWwNaVg%3D%3D&rst=4249&ref=https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/&ap=968&be=2203&fe=4239&dc=3181&perf=%7B%22timing%22:%7B%22of%22:1571081993510,%22n%22:0,%22r%22:0,%22re%22:902,%22f%22:902,%22dn%22:902,%22dne%22:902,%22c%22:902,%22ce%22:902,%22rq%22:902,%22rp%22:2194,%22rpe%22:2198,%22dl%22:2196,%22di%22:3178,%22ds%22:3181,%22de%22:3242,%22dc%22:4238,%22l%22:4239,%22le%22:4240%7D,%22navigation%22:%7B%22rc%22:1%7D%7D&fp=2671&fcp=2671&at=TRFZRgIdHhs%3D&jsonp=NREUM.setToken
Requested by: Host: js-agent.newrelic.com
URL: https://js-agent.newrelic.com/nr-1130.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 162.247.242.21 San Francisco, United States, ASN23467 (NEWRELIC-AS-1 - New Relic, US),
Reverse DNS: bam-9.nr-data.net
Software: /
Resource Hash: f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 57
Content-Type: text/javascript;charset=ISO-8859-1

GET
H/1.1 200
OK / Show response
developer.livehelpnow.net/oauth/token/ 602 B
826 B 124ms
124ms Script
text/plain 23.253.188.26
Rackspace Hosting

General

Check archive.org

Show headers Download Go to

Full URL: https://developer.livehelpnow.net/oauth/token/?client_id=db31c47b-8a4c-4e44-befa-bdb887fea42d&client_secret=C55EB26033B048C096A8F20BA94494A917B699B15EB94643B9&grant_type=client_credentials&callback=lhnQuery111009916052026483695_1571081997961&_=1571081997962
Requested by: Host: developer.livehelpnow.net
URL: https://developer.livehelpnow.net/js/lhn-jquery-1.11.0.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 23.253.188.26 San Antonio, United States, ASN19994 (RACKSPACE - Rackspace Hosting, US),
Reverse DNS
Software: nginx/1.12.2 /
Resource Hash: 5a057071d3c89028847dfff036a27a8735837d7a928075b8bddeb0d649cef8e4

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 14 Oct 2019 19:39:58 GMT
content-encoding: gzip
Server: nginx/1.12.2
vary: Origin
access-control-allow-origin: null
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 465
x-request-id: 2n6plg6krdl2juj0mo1q0vc1

GET
H/1.1 200
OK / Show response
developer.livehelpnow.net/api/ui/hoc/a9448d3b-41a2-4db2-a4bc-377aa7289527/init/ 1 KB
1022 B 145ms
145ms XHR
application/json 23.253.188.26
Rackspace Hosting

General

Check archive.org

Show headers Download Go to

Full URL: https://developer.livehelpnow.net/api/ui/hoc/a9448d3b-41a2-4db2-a4bc-377aa7289527/init/?current_url=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdetecting-macos-gmera-malware-through-behavioral-inspection%2F
Requested by: Host: developer.livehelpnow.net
URL: https://developer.livehelpnow.net/js/lhn-jquery-1.11.0.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 23.253.188.26 San Antonio, United States, ASN19994 (RACKSPACE - Rackspace Hosting, US),
Reverse DNS
Software: nginx/1.12.2 /
Resource Hash: a20e858e7ecf39cc67d524c7152970c9e70ae71e853d63a0aea2ca6a4e8412e3

Request headers

Accept: */*
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ2aXNpdG9yIiwiZG9tYWluIjoiIiwiZXhwIjoxNTcxMTY4Mzk4LCJpYXQiOjE1NzEwODE5OTgsImlzcyI6eyJhcHAiOiJqc19zZGsiLCJjbGllbnQiOjM0MTk0LCJjbGllbnRfbGV2ZWwiOiJiYXNpYyIsImxobnhfZmVhdHVyZXMiOltdfSwianRpIjoiNGY0YjA4ZWEtZTkyZC00YjJjLTllODMtMzlkNjVlMjMyYThiIiwicmVzb3VyY2UiOnsiaWQiOm51bGwsInR5cGUiOiJFbGl4aXIuTGhuRGIuTW9kZWwuQ29yZS5WaXNpdG9yIn19.V7obkXplDvsRgjQwNJkdPXYjQkP3HvWBiBUeqxft70w
Sec-Fetch-Mode: cors

Response headers

Date: Mon, 14 Oct 2019 19:39:58 GMT
content-encoding: gzip
Server: nginx/1.12.2
vary: Origin
Content-Type: application/json; charset=utf-8
access-control-allow-origin: https://www.sentinelone.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 591
x-request-id: 2n6plg7kgth4er4as41q69d2

GET
H/1.1 200
OK red.css
developer.livehelpnow.net/css/modern/ 2 KB
949 B 103ms
101ms Stylesheet
text/css 23.253.188.26
Rackspace Hosting

General

Check archive.org

Show headers Download Go to

Full URL: https://developer.livehelpnow.net/css/modern/red.css
Requested by: Host: developer.livehelpnow.net
URL: https://developer.livehelpnow.net/js/sdk/lhn-jssdk-current.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 23.253.188.26 San Antonio, United States, ASN19994 (RACKSPACE - Rackspace Hosting, US),
Reverse DNS
Software: nginx/1.12.2 /
Resource Hash: 98b405ea2fa7dd875891d65c9469cbb4f07eb3ac993854015d19b59db85d8988

Request headers

Sec-Fetch-Mode: cors
Referer: https://www.sentinelone.com/
Origin: https://www.sentinelone.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 14 Oct 2019 19:39:58 GMT
content-encoding: gzip
Server: nginx/1.12.2
etag: 60B303B
vary: Accept-Encoding, Origin
Content-Type: text/css
access-control-allow-origin: https://www.sentinelone.com
access-control-expose-headers
cache-control: public, max-age=604800
access-control-allow-credentials: true
Connection: keep-alive
accept-ranges: bytes
Content-Length: 534

GET
H/1.1 200
OK opensans.css
developer.livehelpnow.net/css/fonts/ 13 KB
2 KB 207ms
102ms Stylesheet
text/css 23.253.188.26
Rackspace Hosting

General

Check archive.org

Show headers Download Go to

Full URL: https://developer.livehelpnow.net/css/fonts/opensans.css
Requested by: Host: developer.livehelpnow.net
URL: https://developer.livehelpnow.net/js/sdk/lhn-jssdk-current.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 23.253.188.26 San Antonio, United States, ASN19994 (RACKSPACE - Rackspace Hosting, US),
Reverse DNS
Software: nginx/1.12.2 /
Resource Hash: 1b5fcccaf14bf081a8920c151497ccaaa6500f946eb95eeff9c15642bdcdf7bc

Request headers

Sec-Fetch-Mode: cors
Referer: https://www.sentinelone.com/
Origin: https://www.sentinelone.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 14 Oct 2019 19:39:58 GMT
content-encoding: gzip
Server: nginx/1.12.2
etag: F87F24
vary: Accept-Encoding, Origin
Content-Type: text/css
access-control-allow-origin: https://www.sentinelone.com
access-control-expose-headers
cache-control: public, max-age=604800
access-control-allow-credentials: true
Connection: keep-alive
accept-ranges: bytes
Content-Length: 1405

GET
H/1.1 200
OK button.css
developer.livehelpnow.net/css/modern/ 5 KB
2 KB 312ms
112ms Stylesheet
text/css 23.253.188.26
Rackspace Hosting

General

Check archive.org

Show headers Download Go to

Full URL: https://developer.livehelpnow.net/css/modern/button.css
Requested by: Host: developer.livehelpnow.net
URL: https://developer.livehelpnow.net/js/sdk/lhn-jssdk-current.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 23.253.188.26 San Antonio, United States, ASN19994 (RACKSPACE - Rackspace Hosting, US),
Reverse DNS
Software: nginx/1.12.2 /
Resource Hash: 6f39b20456d3d6706ddbe267bb6d5cb2f5a158ccd23ad5628fc6671dd963ae69

Request headers

Sec-Fetch-Mode: cors
Referer: https://www.sentinelone.com/
Origin: https://www.sentinelone.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 14 Oct 2019 19:39:58 GMT
content-encoding: gzip
Server: nginx/1.12.2
etag: 53EA427
vary: Accept-Encoding, Origin
Content-Type: text/css
access-control-allow-origin: https://www.sentinelone.com
access-control-expose-headers
cache-control: public, max-age=604800
access-control-allow-credentials: true
Connection: keep-alive
accept-ranges: bytes
Content-Length: 1358

GET
H/1.1 200
OK hoc.css
developer.livehelpnow.net/css/modern/ 48 KB
11 KB 412ms
212ms Stylesheet
text/css 23.253.188.26
Rackspace Hosting

General

Check archive.org

Show headers Download Go to

Full URL: https://developer.livehelpnow.net/css/modern/hoc.css
Requested by: Host: developer.livehelpnow.net
URL: https://developer.livehelpnow.net/js/sdk/lhn-jssdk-current.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 23.253.188.26 San Antonio, United States, ASN19994 (RACKSPACE - Rackspace Hosting, US),
Reverse DNS
Software: nginx/1.12.2 /
Resource Hash: eca1c587d10477f73fafbfcfea499a594c31e19bb1a21f84a7afe16f04779863

Request headers

Sec-Fetch-Mode: cors
Referer: https://www.sentinelone.com/
Origin: https://www.sentinelone.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 14 Oct 2019 19:39:58 GMT
content-encoding: gzip
Server: nginx/1.12.2
etag: 720E667
vary: Accept-Encoding, Origin
Content-Type: text/css
access-control-allow-origin: https://www.sentinelone.com
access-control-expose-headers
cache-control: public, max-age=604800
access-control-allow-credentials: true
Connection: keep-alive
accept-ranges: bytes
Content-Length: 10448

POST
H/1.1 200
OK / Show response
developer.livehelpnow.net/api/visitor/init/ 635 B
929 B 192ms
192ms XHR
application/json 23.253.188.26
Rackspace Hosting

General

Check archive.org

Show headers Download Go to

Full URL: https://developer.livehelpnow.net/api/visitor/init/
Requested by: Host: developer.livehelpnow.net
URL: https://developer.livehelpnow.net/js/lhn-jquery-1.11.0.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 23.253.188.26 San Antonio, United States, ASN19994 (RACKSPACE - Rackspace Hosting, US),
Reverse DNS
Software: nginx/1.12.2 /
Resource Hash: ec5c5de5cfd302604c533f1b5b36f895d3166be20b780f253b87de5f2a578ba3

Request headers

Accept: */*
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ2aXNpdG9yIiwiZG9tYWluIjoiIiwiZXhwIjoxNTcxMTY4Mzk4LCJpYXQiOjE1NzEwODE5OTgsImlzcyI6eyJhcHAiOiJqc19zZGsiLCJjbGllbnQiOjM0MTk0LCJjbGllbnRfbGV2ZWwiOiJiYXNpYyIsImxobnhfZmVhdHVyZXMiOltdfSwianRpIjoiNGY0YjA4ZWEtZTkyZC00YjJjLTllODMtMzlkNjVlMjMyYThiIiwicmVzb3VyY2UiOnsiaWQiOm51bGwsInR5cGUiOiJFbGl4aXIuTGhuRGIuTW9kZWwuQ29yZS5WaXNpdG9yIn19.V7obkXplDvsRgjQwNJkdPXYjQkP3HvWBiBUeqxft70w
Sec-Fetch-Mode: cors
Content-Type: application/x-www-form-urlencoded; charset=UTF-8

Response headers

Date: Mon, 14 Oct 2019 19:39:59 GMT
content-encoding: gzip
Server: nginx/1.12.2
vary: Origin
Content-Type: application/json; charset=utf-8
access-control-allow-origin: https://www.sentinelone.com
access-control-expose-headers
cache-control: max-age=0, private, must-revalidate
access-control-allow-credentials: true
Connection: keep-alive
Content-Length: 498
x-request-id: 2n6plg8g46skeui9bk1qkv03

GET
H/1.1 200
OK button-minimizer.svg
developer.livehelpnow.net/images/ 476 B
739 B 102ms
101ms Image
image/svg+xml 23.253.188.26
Rackspace Hosting

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://developer.livehelpnow.net/images/button-minimizer.svg
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 23.253.188.26 San Antonio, United States, ASN19994 (RACKSPACE - Rackspace Hosting, US),
Reverse DNS
Software: nginx/1.12.2 /
Resource Hash: feb27aca82243552ce89930957fea723db3185c9cf635866869c4653b32bccab

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 14 Oct 2019 19:39:58 GMT
content-encoding: gzip
Server: nginx/1.12.2
etag: 13EE36C
vary: Accept-Encoding, Origin
Content-Type: image/svg+xml
access-control-allow-origin: null
access-control-expose-headers
cache-control: public, max-age=604800
access-control-allow-credentials: true
Connection: keep-alive
accept-ranges: bytes
Content-Length: 342

GET
H/1.1 200
OK button-closer.svg
developer.livehelpnow.net/images/ 553 B
769 B 111ms
102ms Image
image/svg+xml 23.253.188.26
Rackspace Hosting

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://developer.livehelpnow.net/images/button-closer.svg
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 23.253.188.26 San Antonio, United States, ASN19994 (RACKSPACE - Rackspace Hosting, US),
Reverse DNS
Software: nginx/1.12.2 /
Resource Hash: 1428c76fe21c9f3b2b01e4252dab7c1a8ac1f272c635369dabd37101414cb15c

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 14 Oct 2019 19:39:58 GMT
content-encoding: gzip
Server: nginx/1.12.2
etag: 2A21599
vary: Accept-Encoding, Origin
Content-Type: image/svg+xml
access-control-allow-origin: null
access-control-expose-headers
cache-control: public, max-age=604800
access-control-allow-credentials: true
Connection: keep-alive
accept-ranges: bytes
Content-Length: 372

GET
H/1.1 200
OK socket.js Show response
developer.livehelpnow.net/js/ 26 KB
8 KB 102ms
102ms Script
application/javascript 23.253.188.26
Rackspace Hosting

General

Check archive.org

Show headers Download Go to

Full URL: https://developer.livehelpnow.net/js/socket.js
Requested by: Host: developer.livehelpnow.net
URL: https://developer.livehelpnow.net/js/sdk/lhn-jssdk-current.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, RSA, AES_256_GCM
Server: 23.253.188.26 San Antonio, United States, ASN19994 (RACKSPACE - Rackspace Hosting, US),
Reverse DNS
Software: nginx/1.12.2 /
Resource Hash: 50de66ff6b84e0a8e18b8956f042ec239253e3e1e8a8b8bbaade27e05b478f86

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 14 Oct 2019 19:39:59 GMT
content-encoding: gzip
Server: nginx/1.12.2
etag: 5C2E353
vary: Accept-Encoding, Origin
Content-Type: application/javascript
access-control-allow-origin: null
access-control-expose-headers
cache-control: public, max-age=900
access-control-allow-credentials: true
Connection: keep-alive
accept-ranges: bytes
Content-Length: 7673

GET
H/1.1 200
OK spacer.gif
www.livehelpnow.net/lhn/images/ 43 B
334 B 427ms
100ms Image
image/gif 184.106.10.72
Rackspace Hosting

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.livehelpnow.net/lhn/images/spacer.gif

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

184.106.10.72 San Antonio, United States, ASN19994 (RACKSPACE - Rackspace Hosting, US),

Reverse DNS

Software

Microsoft-IIS/8.0 /

Resource Hash

548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 14 Oct 2019 19:40:05 GMT
Last-Modified: Mon, 12 Feb 2018 05:50:17 GMT
Server: Microsoft-IIS/8.0
ETag: "e440495cc5a3d31:0"
Content-Type: image/gif
Cache-Control: public,max-age=900
Accept-Ranges: bytes
Content-Length: 43
X-Xss-Protection: 1; mode=block

GET
H/1.1 200
OK e.ashx
www.livehelpnow.net/lhn/handler/ 0
185 B 102ms
101ms Image
text/plain 184.106.10.72
Rackspace Hosting

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.livehelpnow.net/lhn/handler/e.ashx?c=34194&e=Chrome:%20Script%20error.%20line%3A0%20column%3A0%20%7C%20&p=https%3A%2F%2Fwww.sentinelone.com%2Fblog%2Fdetecting-macos-gmera-malware-through-behavioral-inspection%2F

Protocol

HTTP/1.1

Security

TLS 1.2, RSA, AES_256_GCM

Server

184.106.10.72 San Antonio, United States, ASN19994 (RACKSPACE - Rackspace Hosting, US),

Reverse DNS

Software

Microsoft-IIS/8.0 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Xss-Protection	1; mode=block

Request headers

Sec-Fetch-Mode: no-cors
Referer: https://www.sentinelone.com/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 14 Oct 2019 19:40:05 GMT
Cache-Control: private
Server: Microsoft-IIS/8.0
Content-Length: 0
X-Xss-Protection: 1; mode=block
Content-Type: text/plain

Verdicts & Comments Add Verdict or Comment

125 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

10 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
go.sentinelone.com/	1969-12-31 23:59:59	Name: BIGipServerab14web-nginx-app_https Value: !bBSzQgDVspbuw6Bybf/nLIVwOTHiDirz7NfmlmCtnGkV24xnTLjUfyZPYOd89Io+vIK41sjWrdWfzG4=
.sentinelone.com/	1970-01-19 06:34:17	Name: _fbp Value: fb.1.1571081996990.1053397388
.sentinelone.com/	1970-01-19 13:10:17	Name: __cfduid Value: d71cd0f56de6861d1e3be806dd3d06ff11571081996
.sentinelone.com/	1970-01-19 21:55:53	Name: _mkto_trk Value: id:327-MNM-087&token:_mch-sentinelone.com-1571081996756-87074
.sentinelone.com/	1970-01-19 13:03:05	Name: bf_lead Value: 70msn2a368l00
.sentinelone.com/	1970-01-19 21:55:53	Name: _ga Value: GA1.2.1591324942.1571081997
www.sentinelone.com/	1969-12-31 23:59:59	Name: st_shares_https://www.sentinelone.com/blog/detecting-macos-gmera-malware-through-behavioral-inspection/ Value: [object Object]
.sentinelone.com/	1970-01-19 04:24:42	Name: _gat_UA-38175129-1 Value: 1
.sentinelone.com/	1970-01-19 04:26:08	Name: _gid Value: GA1.2.1382471389.1571081997
www.sentinelone.com/	1970-01-19 21:55:53	Name: _tq_id.TV-45457227-1.802f Value: 95ce05dfb62bb2af.1571081996.0.1571081996..

3 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	log	URL: https://www.sentinelone.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1(Line 2) Message: JQMIGRATE: Migrate is installed, version 1.4.1
console-api	log	URL: https://cdn.onesignal.com/sdks/OneSignalSDK.js(Line 1) Message: OneSignal: Using fallback ES5 Stub for backwards compatibility.
console-api	error	URL: https://ga.clearbit.com/v1/ga.js?authorization=pk_ed7b4bbadb390cf24ef37a1223019246(Line 100) Message: Clearbit error: Your account is over its quota.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' http://yourcompany.lookbookhq.com https://yourcompany.lookbookhq.com http://yourcompany.pathfactory.com https://yourcompany.pathfactory.com;
Strict-Transport-Security	max-age=300
X-Content-Type-Options	nosniff
X-Frame-Options	ALLOW-FROM https://sentinelone.pathfactory.com
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

327-mnm-087.mktoresp.com
a.quora.com
ads.yahoo.com
alb.reddit.com
analytics.twitter.com
app-ab14.marketo.com
app.cdn.lookbookhq.com
bam.nr-data.net
bat.bing.com
c.sharethis.mgr.consensu.org
cdn.onesignal.com
cm.g.doubleclick.net
collector-5527.tvsquared.com
connect.facebook.net
count-server.sharethis.com
d12ee1u74lotna.cloudfront.net
developer.livehelpnow.net
fonts.googleapis.com
fonts.gstatic.com
ga.clearbit.com
geoip-js.maxmind.com
go.sentinelone.com
googleads.g.doubleclick.net
js-agent.newrelic.com
js.maxmind.com
l.sharethis.com
munchkin.brightfunnel.com
munchkin.marketo.net
pixel-geo.prfct.co
pixel.prfct.co
pixel.rubiconproject.com
platform-api.sharethis.com
px.ads.linkedin.com
q.quora.com
secure.adnxs.com
snap.licdn.com
static.ads-twitter.com
stats.g.doubleclick.net
t.co
tag.marinsm.com
us-u.openx.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
www.livehelpnow.net
www.redditstatic.com
www.sentinelone.com
104.111.251.133
104.16.94.80
104.24.117.125
104.244.42.131
104.244.42.69
143.204.101.77
143.204.101.88
151.101.112.157
151.101.113.140
151.101.12.65
151.101.13.2
151.101.14.110
162.247.242.21
172.217.18.162
18.196.132.129
184.106.10.72
185.33.223.202
192.28.144.124
216.58.206.2
23.253.188.26
2600:9000:20eb:9600:1c:8a07:5e80:93a1
2600:9000:2156:4200:c:a9b7:ddc0:93a1
2600:9000:21f3:cc00:9:9d18:4580:21
2606:4700::6810:252f
2606:4700::6810:262f
2606:4700::6812:e134
2620:1ec:c11::200
2a00:1288:110:c305::a000
2a00:1450:4001:80b::200e
2a00:1450:4001:816::2003
2a00:1450:4001:818::200a
2a00:1450:4001:819::2003
2a00:1450:4001:81a::2002
2a00:1450:4001:81a::2008
2a00:1450:4001:81d::2004
2a00:1450:400c:c04::9a
2a02:26f0:6c00:28c::25ea
2a03:2880:f01c:8012:face:b00c:0:3
2a03:2880:f11c:8083:face:b00c:0:25de
2a05:f500:11:101::b93f:9001
2a05:f500:11:101::b93f:9005
3.210.94.27
3.223.86.3
3.81.196.225
34.233.22.190
34.241.136.74
34.252.172.232
34.95.120.147
52.56.51.220
69.173.144.136
002efb822e8def29aa25426f8ea9442eeca5270893e218bb57abea8eafde43c0
06c6b725b44640d99123f7f0cbcb63edab75af6ebf6d373a198d068ab5e00563
07161bc89c289b1bc71c214f79cc91cc7e1637c66c4cbbe6f92d3b2971c7965c
0e78b8cde09dbe0fc473f87bc77ec30ccc56780398d8676cf93c4aaec432257f
0fe2aa289162af5650c4a5ad04948ed0872b83982060632f75b9dbd8520d2c8b
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
129d6ad3aaa317f80d0c676aeed9ca250d2fe25e23c2f00c1f7cae9af6363eeb
1428c76fe21c9f3b2b01e4252dab7c1a8ac1f272c635369dabd37101414cb15c
1581144cb5e588af4057bb8ef87f924d18f3079bafd36204806d28cb572c9f3e
17a146ace265e90803dcf36559a6ca6e0a965fe4cb1f0381b0a9022cf8b68e64
1b5fcccaf14bf081a8920c151497ccaaa6500f946eb95eeff9c15642bdcdf7bc
1ce90a671170e905094f16ebd6f3c8be2c45d4833a10557da515f60fee4c2f9d
223dbeaf95c21e29aad42c8656d9ad41dbe9497df36c95118158609625d95c53
22e99c10c854ffe87ce08eb21da77a11a8916ca6ee60188d9464e2fda4339942
2488f8c2966d62e23b859a321baa7ff4a4e2a0713765b4ae98cbdd53b5dceb3f
27d1236d4d0734ed2562f2133d912b8232b1f074dee072a3f8997944fe51546b
27ead7f47a3fb4d1e7cbef0c68e28bde7ea18923cf41d8ca82ba13584eebc710
2a428d57497a58120d3826bef296a2dba1d6b835357a64b510b5835d1b2c6b0a
2b4535d12e0813ab5903b8bc89e6c3f79f1afc82d5facdb30fa97f9f3f566d69
2da9ee550ed280289e127eab04a9f96873bf6454eea1374d165f8971f7608d01
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5
321bbcc4cc57483b7e329186e5159498b668ddde87cb64696ddcdc95176cce82
32537e7938c4da728fd6db27da867e525b6cd8bf04cf8c9f222536887312c41a
333229d8fc6cdddbe8698b444238abd9c509032d074b334aadf3df2ef0ea768c
369da070010b5ab76547cee5045e1a7f72c29368b1eab64a2845e2488c513148
39a77eb6cae33385ae4ac8adf32399127519a6facb26cef5e9a8de91dc3995f3
3b3c7778ba4e247b97d37e9559528c0f1524faf72de80d4312a322e5e2420d65
3d15b6c83aceefb58ef1dd147c1a7ed7a76254c039387416abaf9f7c66beb032
4079db0499412e8533729e95b4e9d6893a93a10c7d1fa8ae548e46e8f70c94bf
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d
49052dedc29d55935c2e8ee6304810244bc8ee8543e83b784aed5ead572c0555
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b8fe5c3d0e5ef7a6582185cbf5c535b5d369c8df1da98c03ed69833e55f474d
4c131a74d2f424e29ffb16d2b03fec20e3f0cae46c4f0aff594cdc8ade80c3ca
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
50de66ff6b84e0a8e18b8956f042ec239253e3e1e8a8b8bbaade27e05b478f86
516133c5c56de224f7bb75c4e763da3dda81ca30e232adc737fc25a97a82373d
51ad538f85c2de9b2db831da78b01c53ee5da02f284cdb0f4fe1ac4fd8e87f58
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
56a522e79770e488da6015ed10f8c2bdafbcd87a7c6d443f7a293579bd0ef58d
5a057071d3c89028847dfff036a27a8735837d7a928075b8bddeb0d649cef8e4
5b91b48f4444cc2818966a82275464cec6ebffa7f881ae699d5fcb019fcae28f
5e07f937be00bbef113152fa46b2b2d5df97f405b152881c96e1c5069d8f405d
60fce9050c9cae25545bbc0ad0cac6b2801051254b593a335670aa7dcc587686
6254de8bc8dd45f9679f65ce954d8cd623c66641d52274976d5eb93eeef0bb5f
66f7eaa7a45f696c332cd450771f4be48e110f6afbe1fe7b39c7a95518aeef76
69666124ea4313cf5b2da94871c86acd68bcbc4d50b360fdebc4dc3b977dde21
6a842ea462daca2a0b5a0f5f25bcfc8e0059ac811ca6c6a1bc54e4d9119621c3
6f39b20456d3d6706ddbe267bb6d5cb2f5a158ccd23ad5628fc6671dd963ae69
6fead81d343f693107904c5577dfd9642bb6ec751e305860c940fdcb5e6c4ae8
73f53fbaa9e67835f4d038a35b0c5d6efcfdc4abda4967340c1387b61cf5f755
747240f550af0fb18ac6d397b9e20361d277fd62452b5f81f0bc9f6148fc87f5
7930f49c4da455b5c7dd46dd4aaa7260afedf32a341da9fa5f6867cdcf4acee4
7e76b70f51266b69f619ca2b24a1207e44f15c714cbe6150274ffbcc49b39d65
84b78a7942c95f4a0f35d6c27ed05c7b37b7edd7dae8b2614be8a7dac2c6646c
8747ac8d279d1ac93bd3881a4a4b4346aff5975990e16e5bb29843223ca7474c
87d4788d68dd152cd812912f67092b91aac84183c185b1aadbb9a18adaa3b59c
8c7ee0238fa5cd80a02ef9870a7fff498ef52097181cb73edb9219dc022fd919
8d86fae5265d97fb99e40108128776ef137a0f05e4147895820add73c26c05b1
907dcba194c3ec09f867fb15a38a83d98052ab5e5f1b68016c28f3e111413c98
91eb7001a90f9178135eede72f1c8a5300cababa4a078cb59debaa50de4b1788
98b405ea2fa7dd875891d65c9469cbb4f07eb3ac993854015d19b59db85d8988
9dc46ec88c0ea2b460e666af0594929240032360e1dddf54b0cda12769ba47aa
9f38f42d69ba3fbbf264d0d20b65c6472d7ceed9be4eeef33748abd772556cd4
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1be269a2e26a94494574950891fc8d221940eafebd459a2d9f65062b99376b6
a1dff8b0c66227748951c4ff891f146f49c5a382ac8e3d6e3c2e9cf8aa560dc8
a20e858e7ecf39cc67d524c7152970c9e70ae71e853d63a0aea2ca6a4e8412e3
a6b570d96216eb0acf1285e98d32b2ad677f24e4cb31f767f2e0a57e123650df
a6b5e22c905bbb22ce9e7aad76eeca32474b5ba7c932893d554b0edfddc7f9e2
a957fbc6d56d40f2f9f179a5101c056e5254d06578a744db4e89e5e77900b18e
aa85daedd2f22ba89e30f96b513f3aee7d144b84face7769ea9bd5009a035671
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b11ccddf88f593d3aa698bb8214c67f55133935fcd75fc7e25b25824f5c0949a
b139982ce002c53ddfb65aec1e90704c0a3704fc5aa35247f9323b74a1d3f721
b556b631fa500e2a930169fee2b7268e9c547ed90c8c2d8b2ac6617f1a0553f8
ba6b848f8d173a2e19b98d15001bbad2d847e5b8d0601f09c2571789e2fde145
bb84784890d0dfbd6f09c0db2bf11725e4c7052e41f7c50940ac887f84747b83
bce4fe5494e95686cead8d939eccd4aee14439912743736cc290b323ec875646
bd767259c1f71a025cfeb07fc71d1bd31a8a20d2a32540e8cd5395cb980cd1e6
c689e898f375f195f008ef22c48f7fe5da6751c1fd50620630ba52019ce43df0
c6caa5f8a513462ad3a6785f7150bb63deb90ca6347ec42390d08dbe814c331c
c6f5b82a3821df76441e1ef71dc4932bfbc26c549e0cd8fd6d02bed2b3db0166
c6f682a42d0e6df5cc40996f9df6bfa8eea5b711e2f49a4ce41d3fea1d55cd5d
ca37defba3e7908b75ff5acc26ef0010d590b5fe04b9bc1ca48e81dbc59223df
cf6a84e9f6a326cc354344904bf7694d887b8b9803d5640253c387c1934aeb1a
d1768f0b8dcf5bf6c90a3f132bcb156c94db72fc7c830b2d63e03d6268aa12b9
d85715179f69128f2d7295d52f7a305264366d6f8e59ce0c6c45918c26646ab1
d9489da9d99ea1ec11ff83caf99f0ecb424a4bce4c834dd03e2d77df4e03ee60
dbb67c620eaabf6679a314db18d3ae43037aef71ab27422e6feec08ee987cc0a
de0c89aa6913f277233a134a6bcf17ba4bc9a605320e40b9025f969ca895cac6
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e0564fcbd61a1b36690883c0aa8b28ef01ad2acf749e888edbf494b69c49f119
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e66d05d503b4cc1e79d89032cdb16140a6cd9a310b0d4d8063b9aa140a421aec
e71e9eb057dbce45fc842c86a300d5410f757f7e0aa9084cb849631528e031f0
ec5c5de5cfd302604c533f1b5b36f895d3166be20b780f253b87de5f2a578ba3
eca1c587d10477f73fafbfcfea499a594c31e19bb1a21f84a7afe16f04779863
eca7f32a8c752a64d7e45b588740ccfcb1524035a952e9b3a567ab59cded2c9f
ed8550163f5591773d7f83f2361083f8b701bdaadb3e85c911c98ee1b7e7c8b0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
efb6b9732bf508ee305363b10cf2a67ace474e06eb42642f2c3696b2442a5775
f4799ef2939b8377cf33f07b07b6d90a4a245adbf1c6eaf47ee3b0fcefcc07fe
f69a13217482dc43f25e74cfcb9391d0f06d22501f10f5cb5e413d2d98a5cd23
f740ae311866f8c7831b5d995f1d7699a9a98355c0ebc714d951bf0160dc6434
fab32ccef85408b763c899ad7c0b910c96c76dc9ed7158ce304fdcd3c0bf8388
fc9ad4a349c92da22eb6998451f9c97d505bbc884595e0a694d4a9e4ef0c734d
feb27aca82243552ce89930957fea723db3185c9cf635866869c4653b32bccab
ff10a5404ba67b3b8cd958eb725c9863832d58acfe9fa7240cf1a278ec5832c1

www.sentinelone.com Open in urlscan Pro 104.24.117.125 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page URL History Show full URLs

Detected technologies

Page Statistics

120 Requests

100 %HTTPS

42 %IPv6

41 Domains

51 Subdomains

47 IPs

7 Countries

3013 kBTransfer

4939 kBSize

10 Cookies

18 Outgoing links

Page URL History

Redirected requests

120 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 4 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.sentinelone.com Open in urlscan Pro
104.24.117.125 Public Scan

Screenshot
Live screenshot

Full Image

120
Requests

100 %
HTTPS

42 %
IPv6

41
Domains

51
Subdomains

47
IPs

7
Countries

3013 kB
Transfer

4939 kB
Size

10
Cookies

120 HTTP transactions
4 data transactions