| cloud.fortect.com/app/installation/downloader/6501/Fortect.exe | 104.26.3.16 | 200 OK | 752 kB |
URL User Request GET HTTP/2cloud.fortect.com/app/installation/downloader/6501/Fortect.exe IP104.26.3.16:443
CertificateIssuerGoogle Trust Services LLC Subjectfortect.com Fingerprint22:8B:26:68:38:AF:A1:8E:7B:B4:D7:66:C0:7F:58:63:77:0C:6E:12 ValidityWed, 13 Mar 2024 16:20:43 GMT - Tue, 11 Jun 2024 16:20:42 GMT
File typePE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections Size752 kB (752320 bytes) Hash96ea06fd96d2e843cd365f99d4e187cd 80bd221fe1682b971851dda06a29c3b95eb1f671 02696881e9e71c0589a200739cd1c4338292ff779c45ea22b92417900d5e056d
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed | VirusTotal | suspicious | |
GET /app/installation/downloader/6501/Fortect.exe HTTP/1.1
Host: cloud.fortect.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Connection: keep-alive
Cookie: _trackid=11767291; _trackid_11767291=11767291; _tracking=wt; _tracking_wt=wt; _campaign=WTEN; _campaign_WTEN=WTEN; _adgroup=expandable-v3; _adgroup_expandable-v3=expandable-v3; _keyword=direct; _keyword_direct=direct; _ads=direct; _ads_direct=direct; _browser=Firefox; _browser_Firefox=Firefox; _country=Norway; _country_Norway=Norway; gui_6200_6501=3
Upgrade-Insecure-Requests: 1
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
TE: trailers
HTTP/2 200 OK
date: Fri, 10 May 2024 18:25:11 GMT
content-type: application/x-msdownload
content-length: 752320
x-amz-id-2: 8mSGKYCcb6NV9/Q3b+hbXVfq+x6tCWoezuHOvbk3NWFujJhA2SGdXc4Lp1HvtMhVFOynk6ENOyo=
x-amz-request-id: 7DQPETMD5EC8KQXH
last-modified: Tue, 30 Apr 2024 09:50:19 GMT
etag: "96ea06fd96d2e843cd365f99d4e187cd"
cache-control: max-age=345600
cf-cache-status: HIT
age: 446
accept-ranges: bytes
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VeyILcfJlwGLLYiGUjbmp%2B9xI%2B60K3fY1ZHdYNwCfokiZoN%2BELUaErnig%2BWeBBSiwAAQHt8IzJSgP0GZvSVGNKLT%2FrTTgHIMQvSK6VbOjuC4yEGZFHQBj8CrbWWsR4mwscYT"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
vary: Accept-Encoding
server: cloudflare
cf-ray: 881bf86c8f08b4ff-OSL
X-Firefox-Spdy: h2
|
| util.fortect.com/tk-2216/tk-8392.php?channel=wt&campaign=WTEN&adgroup=expandable-v3&ads_name=direct&keyword=direct&d=t&productid=1&gclid=EAIaIQobChMI7vSlnvDuhQMVOBuiAx0ahArkEAAYASAAEgKGW_D_BwE | 104.26.3.16 | 302 Found | 6.1 kB |
URL User Request GET HTTP/2util.fortect.com/tk-2216/tk-8392.php?channel=wt&campaign=WTEN&adgroup=expandable-v3&ads_name=direct&keyword=direct&d=t&productid=1&gclid=EAIaIQobChMI7vSlnvDuhQMVOBuiAx0ahArkEAAYASAAEgKGW_D_BwE IP104.26.3.16:443
CertificateIssuerGoogle Trust Services LLC Subjectfortect.com Fingerprint22:8B:26:68:38:AF:A1:8E:7B:B4:D7:66:C0:7F:58:63:77:0C:6E:12 ValidityWed, 13 Mar 2024 16:20:43 GMT - Tue, 11 Jun 2024 16:20:42 GMT
Hasha7f3446cf916a340049c60ef9f818c66 7213443f013659dbe57b76597a1c9d421e3a0903 46aba4500beeac270c1f2c814de47616b0dc824b2ec86ed02240ef18bf22adf4
Analyzer | Verdict | Alert | mnemonic secure dns | malicious | Sinkholed |
GET /tk-2216/tk-8392.php?channel=wt&campaign=WTEN&adgroup=expandable-v3&ads_name=direct&keyword=direct&d=t&productid=1&gclid=EAIaIQobChMI7vSlnvDuhQMVOBuiAx0ahArkEAAYASAAEgKGW_D_BwE HTTP/1.1
Host: util.fortect.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br
DNT: 1
Upgrade-Insecure-Requests: 1
Connection: keep-alive
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: cross-site
Pragma: no-cache
Cache-Control: no-cache
HTTP/2 302 Found
date: Fri, 10 May 2024 18:25:11 GMT
content-type: text/html; charset=UTF-8
location: https://cloud.fortect.com/app/installation/downloader/6501/Fortect.exe
p3p: CP="CAO DSP AND SO ON" policyref="/w3c/p3p.xml"
cache-control: no-store, no-cache, must-revalidate
expires: Thu, 19 Nov 1981 08:52:00 GMT
accept-ch: Sec-Ch-Ua,Sec-Ch-Ua-Full-Version,Sec-Ch-Ua-Platform,Sec-Ch-Ua-Platform-Version
set-cookie: PHPSESSID=pqq4t4ermi9fl3fmpd1tabln0l; path=/
_refcook=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None
_source=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None
_refcook=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None
_source=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None
_trackid=11767291; expires=Tue, 09-Jul-2024 18:25:10 GMT; Max-Age=5184000; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None
_trackid_11767291=11767291; expires=Tue, 09-Jul-2024 18:25:10 GMT; Max-Age=5184000; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None
_tracking=wt; expires=Tue, 09-Jul-2024 18:25:10 GMT; Max-Age=5184000; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None
_tracking_wt=wt; expires=Tue, 09-Jul-2024 18:25:10 GMT; Max-Age=5184000; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None
_campaign=WTEN; expires=Tue, 09-Jul-2024 18:25:10 GMT; Max-Age=5184000; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None
_campaign_WTEN=WTEN; expires=Tue, 09-Jul-2024 18:25:10 GMT; Max-Age=5184000; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None
_adgroup=expandable-v3; expires=Tue, 09-Jul-2024 18:25:10 GMT; Max-Age=5184000; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None
_adgroup_expandable-v3=expandable-v3; expires=Tue, 09-Jul-2024 18:25:10 GMT; Max-Age=5184000; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None
_keyword=direct; expires=Tue, 09-Jul-2024 18:25:10 GMT; Max-Age=5184000; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None
_keyword_direct=direct; expires=Tue, 09-Jul-2024 18:25:10 GMT; Max-Age=5184000; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None
_ads=direct; expires=Tue, 09-Jul-2024 18:25:10 GMT; Max-Age=5184000; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None
_ads_direct=direct; expires=Tue, 09-Jul-2024 18:25:10 GMT; Max-Age=5184000; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None
_browser=Firefox; expires=Tue, 09-Jul-2024 18:25:10 GMT; Max-Age=5184000; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None
_browser_Firefox=Firefox; expires=Tue, 09-Jul-2024 18:25:10 GMT; Max-Age=5184000; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None
_country=Norway; expires=Tue, 09-Jul-2024 18:25:10 GMT; Max-Age=5184000; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None
_country_Norway=Norway; expires=Tue, 09-Jul-2024 18:25:10 GMT; Max-Age=5184000; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None
gui_6200_6501=169603; expires=Tue, 09-Jul-2024 18:25:10 GMT; Max-Age=5184000; path=/; domain=fortect.com
ABtestDataTestID=25; expires=Tue, 09-Jul-2024 18:25:10 GMT; Max-Age=5184000; path=/; domain=fortect.com
ABtestDataTestVersion=3; expires=Tue, 09-Jul-2024 18:25:10 GMT; Max-Age=5184000; path=/; domain=fortect.com
ABtestDataTestName=gui_6200_6501; expires=Tue, 09-Jul-2024 18:25:10 GMT; Max-Age=5184000; path=/; domain=fortect.com
gui_6200_6501=3; expires=Tue, 09-Jul-2024 18:25:10 GMT; Max-Age=5184000; path=/; domain=fortect.com
ABtestDataTestID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None
ABtestDataTestVersion=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None
ABtestDataTestName=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None
pragma: no-cache
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Dp%2FktPUS1srlgr7dLDqvwfO22ohrnmPJ5UVJa2YRx11YkCCcP12xP%2B1UPfyHnF4FHofkyL6TshD8Q2GBOyEHfE061iJ%2FM6pHCxC8DhITwuSHDeLX82GXL4Y2pMeaXdO4sfY%3D"}],"group":"cf-nel","max_age":604800}
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server: cloudflare
cf-ray: 881bf86b1ca3b4ff-OSL
X-Firefox-Spdy: h2
|