Report - util.fortect.com/tk-8187/tk-7098.php?channel=wki&campaign=direct&adgroup=lander-FileCoAuth.exe&ads_name=direct&keyword=direct&d=t&productid=1&refCookie=exeanalysis.com&sourceCookie=/go/route-wki.phpchannel=wki&d=t&adgroup=lander-FileCoAuth.exe

Report Overview

Visited public
2025-02-21 21:10:25
Tags
URL
util.fortect.com/tk-8187/tk-7098.php?channel=wki&campaign=direct&adgroup=lander-FileCoAuth.exe&ads_name=direct&keyword=direct&d=t&productid=1&refCookie=exeanalysis.com&sourceCookie=/go/route-wki.phpchannel=wki&d=t&adgroup=lander-FileCoAuth.exe
Finishing URL
about:privatebrowsing
IP / ASN
104.26.2.16
#13335 CLOUDFLARENET
Title
about:privatebrowsing

Detections

urlquery

0

Network Intrusion Detection

2

Threat Detection Systems

0

Domain Summary

Domain / FQDN	Rank	Registered	First Seen	Last Seen	Sent	Received	IP
util.fortect.com	unknown	2022-01-21	2022-07-27	2025-02-19	711 B	845 kB	104.26.3.16
cloud.fortect.com	unknown	2022-01-21	2022-04-04	2025-02-19	936 B	841 kB	104.26.3.16

Related reports

Network Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Severity	Source IP	Destination IP	Alert
2025-02-21 21:09:54	medium	Client IP	104.26.3.16	ET ADWARE_PUP Observed PC Optimizer Software Domain (fortect .com in TLS SNI)
2025-02-21 21:09:55	medium	Client IP	104.26.3.16	ET ADWARE_PUP Observed PC Optimizer Software Domain (fortect .com in TLS SNI)

Threat Detection Systems

Public InfoSec YARA rules

No alerts detected

OpenPhish

No alerts detected

PhishTank

No alerts detected

Quad9 DNS

No alerts detected

ThreatFox

No alerts detected

Files detected

URL
cloud.fortect.com/app/installation/downloader/7218/Fortect.exe
IP
104.26.3.16
ASN
#13335 CLOUDFLARENET

File type
PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
Size
840 kB (840304 bytes)
Hash
2b23e24ae267e28e44f72042614e0d77
adb3365fdee23ed104415cbfe77417359ff1434e
f815fb154a13b2e2d3c223a0762fcd67657f772edd71f501772a62eccdf1cee4

JavaScript (0)

HTTP Transactions (2)

	URL	IP	Response	Size
	cloud.fortect.com/app/installation/downloader/7218/Fortect.exe	104.26.3.16	200 OK	840 kB
URL User Request GET HTTP/2 cloud.fortect.com/app/installation/downloader/7218/Fortect.exe IP 104.26.3.16:443 ASN #13335 CLOUDFLARENET Certificate IssuerGoogle Trust Services Subjectfortect.com Fingerprint56:61:8C:95:11:C4:44:90:20:C8:E7:72:03:10:16:25:FD:01:3F:AC ValidityThu, 02 Jan 2025 17:49:08 GMT - Wed, 02 Apr 2025 18:48:57 GMT File type PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections Size 840 kB (840304 bytes) Hash 2b23e24ae267e28e44f72042614e0d77 adb3365fdee23ed104415cbfe77417359ff1434e f815fb154a13b2e2d3c223a0762fcd67657f772edd71f501772a62eccdf1cee4 HTTP Headers GET /app/installation/downloader/7218/Fortect.exe HTTP/1.1 Host: cloud.fortect.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Connection: keep-alive Cookie: _trackid=30301873; _trackid_30301873=30301873; _tracking=wki; _tracking_wki=wki; _campaign=direct; _campaign_direct=direct; _adgroup=lander-FileCoAuth.exe; _adgroup_lander-FileCoAuth.exe=lander-FileCoAuth.exe; _keyword=direct; _keyword_direct=direct; _ads=direct; _ads_direct=direct; _browser=Firefox; _browser_Firefox=Firefox; _country=Norway; _country_Norway=Norway; gui_7216_7218=8 Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache TE: trailers HTTP/2 200 OK date: Fri, 21 Feb 2025 21:09:55 GMT content-type: application/x-msdownload content-length: 840304 x-amz-id-2: xjY0pmR9r/Xasjmj0mMX8B0X0jSRrdE72NI2QbcOjdwaMbET2qoGKFdPUJ+2FYAj918yAMXNmwg= x-amz-request-id: YBRK5YTZ801FAG47 last-modified: Thu, 20 Feb 2025 11:55:56 GMT etag: "2b23e24ae267e28e44f72042614e0d77" cache-control: max-age=2678400 cf-cache-status: HIT age: 5350 accept-ranges: bytes report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2fQJ7ExndZVdMH6nmoSxy2cI95NqBYKUUe28ls%2FlBMd1dx8MihLFXKyHnO4BT5Qg%2BI7yOCYSrghJrliczDU5nlMLu8sqg%2B49RllqMBlhQTmPDqQzcIW6RuITutTtXH5P5yP%2B"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 9159b85c79ffb4fd-OSL server-timing: cfL4;desc="?proto=TCP&rtt=3868&min_rtt=481&rtt_var=6610&sent=11&recv=16&lost=0&retrans=0&sent_bytes=6793&recv_bytes=1840&delivery_rate=8593471&cwnd=257&unsent_bytes=0&cid=0c726c6f0ab5ca35&ts=418&x=0" X-Firefox-Spdy: h2

	util.fortect.com/tk-8187/tk-7098.php?channel=wki&campaign=direct&adgroup=lander-FileCoAuth.exe&ads_name=direct&keyword=direct&d=t&productid=1&refCookie=exeanalysis.com&sourceCookie=/go/route-wki.phpchannel=wki&d=t&adgroup=lander-FileCoAuth.exe	104.26.3.16	302 Found	840 kB
URL User Request GET HTTP/2 util.fortect.com/tk-8187/tk-7098.php?channel=wki&campaign=direct&adgroup=lander-FileCoAuth.exe&ads_name=direct&keyword=direct&d=t&productid=1&refCookie=exeanalysis.com&sourceCookie=/go/route-wki.phpchannel=wki&d=t&adgroup=lander-FileCoAuth.exe IP 104.26.3.16:443 ASN #13335 CLOUDFLARENET Certificate IssuerGoogle Trust Services Subjectfortect.com Fingerprint56:61:8C:95:11:C4:44:90:20:C8:E7:72:03:10:16:25:FD:01:3F:AC ValidityThu, 02 Jan 2025 17:49:08 GMT - Wed, 02 Apr 2025 18:48:57 GMT File type Size 840 kB (840304 bytes) Hash d41d8cd98f00b204e9800998ecf8427e da39a3ee5e6b4b0d3255bfef95601890afd80709 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 HTTP Headers GET /tk-8187/tk-7098.php?channel=wki&campaign=direct&adgroup=lander-FileCoAuth.exe&ads_name=direct&keyword=direct&d=t&productid=1&refCookie=exeanalysis.com&sourceCookie=/go/route-wki.phpchannel=wki&d=t&adgroup=lander-FileCoAuth.exe HTTP/1.1 Host: util.fortect.com User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate, br DNT: 1 Upgrade-Insecure-Requests: 1 Connection: keep-alive Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: cross-site Pragma: no-cache Cache-Control: no-cache HTTP/2 302 Found date: Fri, 21 Feb 2025 21:09:55 GMT content-type: text/html; charset=UTF-8 location: https://cloud.fortect.com/app/installation/downloader/7218/Fortect.exe p3p: CP="CAO DSP AND SO ON" policyref="/w3c/p3p.xml" cache-control: no-store, no-cache, must-revalidate expires: Thu, 19 Nov 1981 08:52:00 GMT accept-ch: Sec-Ch-Ua,Sec-Ch-Ua-Full-Version,Sec-Ch-Ua-Platform,Sec-Ch-Ua-Platform-Version set-cookie: PHPSESSID=j460aetkupbskakbcc15igvfch; path=/ _refcook=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _source=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _refcook=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _source=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _trackid=30301873; expires=Tue, 22-Apr-2025 16:15:02 GMT; Max-Age=5166307; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _trackid_30301873=30301873; expires=Tue, 22-Apr-2025 16:15:02 GMT; Max-Age=5166307; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _tracking=wki; expires=Tue, 22-Apr-2025 16:15:02 GMT; Max-Age=5166307; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _tracking_wki=wki; expires=Tue, 22-Apr-2025 16:15:02 GMT; Max-Age=5166307; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _campaign=direct; expires=Tue, 22-Apr-2025 16:15:02 GMT; Max-Age=5166307; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _campaign_direct=direct; expires=Tue, 22-Apr-2025 16:15:02 GMT; Max-Age=5166307; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _adgroup=lander-FileCoAuth.exe; expires=Tue, 22-Apr-2025 16:15:02 GMT; Max-Age=5166307; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _adgroup_lander-FileCoAuth.exe=lander-FileCoAuth.exe; expires=Tue, 22-Apr-2025 16:15:02 GMT; Max-Age=5166307; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _keyword=direct; expires=Tue, 22-Apr-2025 16:15:02 GMT; Max-Age=5166307; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _keyword_direct=direct; expires=Tue, 22-Apr-2025 16:15:02 GMT; Max-Age=5166307; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _ads=direct; expires=Tue, 22-Apr-2025 16:15:02 GMT; Max-Age=5166307; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _ads_direct=direct; expires=Tue, 22-Apr-2025 16:15:02 GMT; Max-Age=5166307; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _browser=Firefox; expires=Tue, 22-Apr-2025 16:15:02 GMT; Max-Age=5166307; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _browser_Firefox=Firefox; expires=Tue, 22-Apr-2025 16:15:02 GMT; Max-Age=5166307; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _country=Norway; expires=Tue, 22-Apr-2025 16:15:02 GMT; Max-Age=5166307; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None _country_Norway=Norway; expires=Tue, 22-Apr-2025 16:15:02 GMT; Max-Age=5166307; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None gui_7216_7218=83948; expires=Tue, 22-Apr-2025 21:09:55 GMT; Max-Age=5184000; path=/; domain=fortect.com ABtestDataTestID=51; expires=Tue, 22-Apr-2025 21:09:55 GMT; Max-Age=5184000; path=/; domain=fortect.com ABtestDataTestVersion=3; expires=Tue, 22-Apr-2025 21:09:55 GMT; Max-Age=5184000; path=/; domain=fortect.com ABtestDataTestName=gui_7216_7218; expires=Tue, 22-Apr-2025 21:09:55 GMT; Max-Age=5184000; path=/; domain=fortect.com gui_7216_7218=8; expires=Tue, 22-Apr-2025 21:09:55 GMT; Max-Age=5184000; path=/; domain=fortect.com ABtestDataTestID=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None ABtestDataTestVersion=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None ABtestDataTestName=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; Max-Age=0; path=/; domain=fortect.com; secure; HttpOnly; SameSite=None pragma: no-cache cf-cache-status: DYNAMIC report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2Fj1QV910TD0gq%2FKVtrU7kavFDCrOlVUy1SNabUJiC7c%2FurW6WQ%2BTLMYwVYpKN79xCKf1VPnzyF3%2B7BI1tXOJc0Gl6vFaHftjMQ4oes%2Fv7TC4fieZpp586vTa4SgxvNbjX6g%3D"}],"group":"cf-nel","max_age":604800} nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} vary: Accept-Encoding server: cloudflare cf-ray: 9159b85a2ea3b4fd-OSL server-timing: cfL4;desc="?proto=TCP&rtt=6169&min_rtt=481&rtt_var=11390&sent=7&recv=11&lost=0&retrans=0&sent_bytes=3276&recv_bytes=1420&delivery_rate=6808777&cwnd=254&unsent_bytes=0&cid=0c726c6f0ab5ca35&ts=329&x=0" X-Firefox-Spdy: h2