Report - util.fortect.com/tk-6500/tk-4317.php?channel=wki&campaign=direct&adgroup=lander-xlstatcr1c.dll&ads_name=direct&keyword=direct&d=t&productid=1&refCookie=dllanalysis.com&sourceCookie=/go/route-wki.phpchannel=wki&d=t&adgroup=lander-xlstatcr1c.dll

Report Overview

Visitedpublic

2025-02-19 20:21:18

Detections

urlquery

Network Intrusion Detection

Threat Detection Systems

Host Summary

Host	Rank	Registered	First Seen	Last Seen	Sent	Received	IP	Fingerprints
util.fortect.com	unknown	2022-01-21	2022-07-27	2025-02-19	709 B	844 kB	104.26.2.16
cloud.fortect.com	unknown	2022-01-21	2022-04-04	2025-02-19	907 B	841 kB	104.26.2.16

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-02-19 20:20:47	medium	Client IP	104.26.2.16	ET ADWARE_PUP Observed PC Optimizer Software Domain (fortect .com in TLS SNI)
2025-02-19 20:20:47	medium	Client IP	172.67.75.40	ET ADWARE_PUP Observed PC Optimizer Software Domain (fortect .com in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

File detected

URL

cloud.fortect.com/app/installation/downloader/7216/Fortect.exe

IP / ASN

104.26.2.16

#13335 CLOUDFLARENET

File Overview

File TypePE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections

Size840 kB (840304 bytes)

MD506973cd452bfd255a42db3081722e0d2

SHA1d742f584da1f3b2ed212125a61415133a0384398

SHA256b50d674fe3873196ee5ff2bc24ca30c28054a01532943d969273a5562b0b5ef0

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Response	Size
	GET util.fortect.com/tk-6500/tk-4317.php?channel=wki&campaign=direct&adgroup=lander-xlstatcr1c.dll&ads_name=direct&keyword=direct&d=t&productid=1&refCookie=dllanalysis.com&sourceCookie=/go/route-wki.phpchannel=wki&d=t&adgroup=lander-xlstatcr1c.dll	104.26.2.16	302 Found	840 kB
URL util.fortect.com/tk-6500/tk-4317.php?channel=wki&campaign=direct&adgroup=lander-xlstatcr1c.dll&ads_name=direct&keyword=direct&d=t&productid=1&refCookie=dllanalysis.com&sourceCookie=/go/route-wki.phpchannel=wki&d=t&adgroup=lander-xlstatcr1c.dll IP / ASN 104.26.2.16 #13335 CLOUDFLARENET Requested byN/A Resource Info File typedata First Seen2025-02-19 Last Seen2025-02-19 Times Seen7 Size840 kB (840312 bytes) MD572abaace6543df558bde9b811a2c9179 SHA1e1915ff42fe75ed08f2e726d0cee6d9e30baa70f SHA256cf75d2130471466681111b706bc8865f4062d0b915c5eefef137ad0980907564 Certificate Info IssuerGoogle Trust Services Subjectfortect.com Fingerprint56:61:8C:95:11:C4:44:90:20:C8:E7:72:03:10:16:25:FD:01:3F:AC ValidityThu, 02 Jan 2025 17:49:08 GMT - Wed, 02 Apr 2025 18:48:57 GMT HTTP Headers GET /tk-6500/tk-4317.php?channel=wki&campaign=direct&adgroup=lander-xlstatcr1c.dll&ads_name=direct&keyword=direct&d=t&productid=1&refCookie=dllanalysis.com&sourceCookie=/go/route-wki.phpchannel=wki&d=t&adgroup=lander-xlstatcr1c.dll HTTP/1.1 Host: util.fortect.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 302 Found date: Wed, 19 Feb 2025 20:20:47 GMT content-type: text/html; charset=UTF-8 location: https://cloud.fortect.com/app/installation/downloader/7216/Fortect.exe p3p: CP="CAO DSP AND SO ON" policyref="/w3c/p3p.xml" cache-control: no-store, no-cache, must-revalidate expires: Thu, 19 Nov 1981 08:52:00 GMT accept-ch: Sec-Ch-Ua,Sec-Ch-Ua-Full-Version,Sec-Ch-Ua-Platform,Sec-Ch-Ua-Platform-Version set-cookie: PHPSESSID=t8gbise7m8u0do8p8uohbf0nd8; path=/ _refcook=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _source=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _refcook=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _source=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _trackid=30150096; expires=Sun, 20-Apr-2025 04:41:52 GMT; Max-Age=5127665; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _trackid_30150096=30150096; expires=Sun, 20-Apr-2025 04:41:52 GMT; Max-Age=5127665; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _tracking=wki; expires=Sun, 20-Apr-2025 04:41:52 GMT; Max-Age=5127665; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _tracking_wki=wki; expires=Sun, 20-Apr-2025 04:41:52 GMT; Max-Age=5127665; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _campaign=direct; expires=Sun, 20-Apr-2025 04:41:52 GMT; Max-Age=5127665; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _campaign_direct=direct; expires=Sun, 20-Apr-2025 04:41:52 GMT; Max-Age=5127665; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _adgroup=lander-xlstatcr1c.dll; expires=Sun, 20-Apr-2025 04:41:52 GMT; Max-Age=5127665; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _adgroup_lander-xlstatcr1c.dll=lander-xlstatcr1c.dll; expires=Sun, 20-Apr-2025 04:41:52 GMT; Max-Age=5127665; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _keyword=direct; expires=Sun, 20-Apr-2025 04:41:52 GMT; Max-Age=5127665; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _keyword_direct=direct; expires=Sun, 20-Apr-2025 04:41:52 GMT; Max-Age=5127665; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _ads=direct; expires=Sun, 20-Apr-2025 04:41:52 GMT; Max-Age=5127665; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _ads_direct=direct; expires=Sun, 20-Apr-2025 04:41:52 GMT; Max-Age=5127665; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _browser=Firefox; expires=Sun, 20-Apr-2025 04:41:52 GMT; Max-Age=5127665; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _browser_Firefox=Firefox; expires=Sun, 20-Apr-2025 04:41:52 GMT; Max-Age=5127665; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _country=Norway; expires=Sun, 20-Apr-2025 04:41:52 GMT; Max-Age=5127665; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _country_Norway=Norway; expires=Sun, 20-Apr-2025 04:41:52 GMT; Max-Age=5127665; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None pragma: no-cache cf-cache-status: DYNAMIC report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ni53gpDh0r03eNv3Mo1hQc5Ck2oEz6RayCOY%2BPXCc7wG%2FnAE6rgfY3XmKTpoXN7cidOzmjKrPjBT8vlEFEKWlyJhCYe0rki1kQBNl6Riu%2FJcJDq6V0jYEmICZeG2ePT%2BT04%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} server: cloudflare cf-ray: 9148f5a5d883568b-OSL server-timing: cfL4;desc="?proto=TCP&rtt=6008&min_rtt=596&rtt_var=10884&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3276&recv_bytes=1419&delivery_rate=6895238&cwnd=254&unsent_bytes=0&cid=23ae07583b0eeb72&ts=272&x=0" X-Firefox-Spdy: h2

	GET cloud.fortect.com/app/installation/downloader/7216/Fortect.exe	104.26.2.16	200 OK	840 kB
URL cloud.fortect.com/app/installation/downloader/7216/Fortect.exe IP / ASN 104.26.2.16 #13335 CLOUDFLARENET Requested byN/A Resource Info File typePE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections First Seen2025-02-10 Last Seen2025-02-25 Times Seen52 Size840 kB (840304 bytes) MD506973cd452bfd255a42db3081722e0d2 SHA1d742f584da1f3b2ed212125a61415133a0384398 SHA256b50d674fe3873196ee5ff2bc24ca30c28054a01532943d969273a5562b0b5ef0 Certificate Info IssuerGoogle Trust Services Subjectfortect.com Fingerprint56:61:8C:95:11:C4:44:90:20:C8:E7:72:03:10:16:25:FD:01:3F:AC ValidityThu, 02 Jan 2025 17:49:08 GMT - Wed, 02 Apr 2025 18:48:57 GMT HTTP Headers GET /app/installation/downloader/7216/Fortect.exe HTTP/1.1 Host: cloud.fortect.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Cookie: _trackid=30150096; _trackid_30150096=30150096; _tracking=wki; _tracking_wki=wki; _campaign=direct; _campaign_direct=direct; _adgroup=lander-xlstatcr1c.dll; _adgroup_lander-xlstatcr1c.dll=lander-xlstatcr1c.dll; _keyword=direct; _keyword_direct=direct; _ads=direct; _ads_direct=direct; _browser=Firefox; _browser_Firefox=Firefox; _country=Norway; _country_Norway=Norway Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 200 OK date: Wed, 19 Feb 2025 20:20:47 GMT content-type: application/x-msdownload content-length: 840304 x-amz-id-2: T9aheTfy9S9GR1JpYToLJ1pBQZrGWcpfFFqbgaRRgJd2agGBLdMrj+meszYiDtY6vFzHhLUS9mWGrG6gxrHQ4uJQBsZ8ETCk x-amz-request-id: 7F6BK32RA0ASQ33F last-modified: Sun, 09 Feb 2025 13:23:36 GMT etag: "06973cd452bfd255a42db3081722e0d2" cache-control: max-age=2678400 cf-cache-status: HIT age: 6911 accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=i31ReDMowc9Z8ffykEhg9fktui9xB4SShO4CGLvShLcH2wgP4MwETrMmsxr3MlSu%2BOWHRjhIlpKqQBSaSLprYFBVlxxhIqz8KQHCNixnUseTx00A7FDAvl1EgjxG1jic03nH"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 9148f5a7bbc8568b-OSL server-timing: cfL4;desc="?proto=TCP&rtt=4735&min_rtt=555&rtt_var=8331&sent=10&recv=14&lost=0&retrans=0&sent_bytes=6057&recv_bytes=1824&delivery_rate=6895238&cwnd=256&unsent_bytes=0&cid=23ae07583b0eeb72&ts=343&x=0" X-Firefox-Spdy: h2

Detections

Host Summary

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Threat Detection Systems

Public InfoSec YARA rules

OpenPhish

PhishTank

Quad9 DNS

ThreatFox

File detected

JavaScript (0)

HTTP Transactions (2)

HTTP Headers

HTTP Headers