urlscan.io logo urlscan.io
SecurityTrails logo

www.fortinet.com Open in urlscan Pro
52.9.7.17  Public Scan

Go To Rescan Add Verdict Report
URL: https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Submission: On August 19 via api from CH
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 19 IPs in 4 countries across 13 domains to perform 37 HTTP transactions. The main IP is 52.9.7.17, located in San Jose, United States and belongs to AMAZON-02 - Amazon.com, Inc., US. The main domain is www.fortinet.com.
TLS certificate: Issued by DigiCert SHA2 High Assurance Server CA on April 27th 2016. Valid for: 3 years.
This is the only time www.fortinet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
8 52.9.7.17 16509 (AMAZON-02)
2 104.111.219.46 16625 (AKAMAI-AS)
4 2.18.232.23 16625 (AKAMAI-AS)
1 2a00:1450:400... 15169 (GOOGLE)
2 52.49.41.66 16509 (AMAZON-02)
1 52.17.226.250 16509 (AMAZON-02)
2 172.82.228.19 15224 (OMNITURE)
1 1 66.117.28.86 15224 (OMNITURE)
1 151.101.12.134 54113 (FASTLY)
1 2.16.186.243 20940 (AKAMAI-ASN1)
4 2400:cb00:204... 13335 (CLOUDFLAR...)
2 151.101.192.134 54113 (FASTLY)
1 52.207.42.149 14618 (AMAZON-AES)
1 2.18.233.40 16625 (AKAMAI-AS)
1 13.32.223.9 16509 (AMAZON-02)
1 54.228.207.12 16509 (AMAZON-02)
1 2a03:2880:f02... 32934 (FACEBOOK)
1 3 18.196.241.5 16509 (AMAZON-02)
1 151.101.12.64 54113 (FASTLY)
37 19
8    52.9.7.17 (San Jose, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-9-7-17.us-west-1.compute.amazonaws.com
www.fortinet.com
2    104.111.219.46 (Amsterdam, Netherlands)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a104-111-219-46.deploy.static.akamaitechnologies.com
platform-api.sharethis.com
buttons-config.sharethis.com
4    2.18.232.23 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-232-23.deploy.static.akamaitechnologies.com
assets.adobedtm.com
1    2a00:1450:4001:81a::2008 (Ireland)

ASN15169 (GOOGLE - Google LLC, US)
www.googletagmanager.com
2    52.49.41.66 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-49-41-66.eu-west-1.compute.amazonaws.com
dpm.demdex.net
1    52.17.226.250 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-17-226-250.eu-west-1.compute.amazonaws.com
fortinet.demdex.net
2    172.82.228.19 (Lehi, United States)

ASN15224 (OMNITURE - Adobe Systems Inc., US)
PTR: *.sc.omtrdc.net
fortinetinc.sc.omtrdc.net
1    66.117.28.86 (Lehi, United States)

ASN15224 (OMNITURE - Adobe Systems Inc., US)
cm.everesttech.net
1    151.101.12.134 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)
fortinetblog-1.disqus.com
1    2.16.186.243 (European Union)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-243.deploy.static.akamaitechnologies.com
c.sharethis.mgr.consensu.org
4    2400:cb00:2048:1::6810:4ca6 (United States)

ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US)
c.disquscdn.com
2    151.101.192.134 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)
disqus.com
1    52.207.42.149 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-52-207-42-149.compute-1.amazonaws.com
count-server.sharethis.com
1    2.18.233.40 (European Union)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-233-40.deploy.static.akamaitechnologies.com
s.adroll.com
1    13.32.223.9 (Seattle, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: server-13-32-223-9.fra56.r.cloudfront.net
vidassets.terminus.services
1    54.228.207.12 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-228-207-12.eu-west-1.compute.amazonaws.com
d.adroll.com
1    2a03:2880:f02d:e:face:b00c:0:2 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)
graph.facebook.com
3    18.196.241.5 (Cambridge, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-196-241-5.eu-central-1.compute.amazonaws.com
l.sharethis.com
1    151.101.12.64 (San Francisco, United States)

ASN54113 (FASTLY - Fastly, US)
links.services.disqus.com
Domain Requested by
8 www.fortinet.com www.fortinet.com
4 c.disquscdn.com fortinetblog-1.disqus.com
4 assets.adobedtm.com www.fortinet.com
assets.adobedtm.com
3 l.sharethis.com 1 redirects www.fortinet.com
2 disqus.com fortinetblog-1.disqus.com
2 fortinetinc.sc.omtrdc.net assets.adobedtm.com
www.fortinet.com
2 dpm.demdex.net assets.adobedtm.com
www.fortinet.com
1 links.services.disqus.com c.disquscdn.com
1 graph.facebook.com platform-api.sharethis.com
1 d.adroll.com s.adroll.com
1 vidassets.terminus.services www.googletagmanager.com
1 s.adroll.com www.googletagmanager.com
1 count-server.sharethis.com platform-api.sharethis.com
1 c.sharethis.mgr.consensu.org platform-api.sharethis.com
1 fortinetblog-1.disqus.com www.fortinet.com
1 cm.everesttech.net 1 redirects
1 fortinet.demdex.net assets.adobedtm.com
1 www.googletagmanager.com www.fortinet.com
1 buttons-config.sharethis.com platform-api.sharethis.com
1 platform-api.sharethis.com www.fortinet.com
0 fortinet.tt.omtrdc.net Failed assets.adobedtm.com
37 21
Subject Issuer Validity Valid
www.fortinet.com
DigiCert SHA2 High Assurance Server CA		 2016-04-27 -
2019-05-02		 3 years crt.sh
*.sharethis.com
DigiCert SHA2 Secure Server CA		 2018-02-14 -
2019-02-14		 a year crt.sh
assets.adobedtm.com
DigiCert SHA2 High Assurance Server CA		 2018-04-06 -
2019-04-11		 a year crt.sh
*.google-analytics.com
Google Internet Authority G3		 2018-08-07 -
2018-10-16		 2 months crt.sh
*.demdex.net
DigiCert SHA2 High Assurance Server CA		 2018-01-09 -
2021-02-12		 3 years crt.sh
*.sc.omtrdc.net
DigiCert SHA2 High Assurance Server CA		 2016-05-04 -
2019-05-23		 3 years crt.sh
*.disqus.com
DigiCert SHA2 Secure Server CA		 2018-03-28 -
2020-04-27		 2 years crt.sh
*.sharethis.mgr.consensu.org
DigiCert ECC Secure Server CA		 2018-07-31 -
2019-07-31		 a year crt.sh
ssl565697.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2018-04-29 -
2018-11-05		 6 months crt.sh
*.adroll.com
DigiCert SHA2 Secure Server CA		 2018-02-14 -
2019-02-14		 a year crt.sh
*.terminus.services
Amazon		 2018-01-17 -
2019-02-17		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2017-12-15 -
2019-03-22		 a year crt.sh
f.ssl.fastly.net
GlobalSign Organization Validation CA - SHA256 - G2		 2017-10-27 -
2018-09-03		 10 months crt.sh

This page contains 4 frames:

Primary Page: https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Frame ID: 81D4A825B9B0120791E322969110C368
Requests: 36 HTTP requests in this frame

Frame: https://fortinet.demdex.net/dest5.html?d_nsid=0
Frame ID: B763D511EA35B049ADD974D5F0836556
Requests: 1 HTTP requests in this frame

Frame: https://c.sharethis.mgr.consensu.org/v1.0/cmp/portal.html
Frame ID: 623BEA16FB5C7541CED167FF836639A2
Requests: 1 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=fortinetblog-1&t_i=%2Fcontent%2Ffortinet-blog%2Fus%2Fen%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines&t_u=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines.html&t_d=Hussarini%20%E2%80%93%20Targeted%20Cyber%20Attack%20in%20the%20Philippines&t_t=Hussarini%20%E2%80%93%20Targeted%20Cyber%20Attack%20in%20the%20Philippines&s_o=default
Frame ID: 6B12E0978E871606F59D83284FB2FA62
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i
Overall confidence: 100%
Detected patterns
  • script /(?:a|s)\.adroll\.com/i
  • env /^adroll_/i
Overall confidence: 100%
Detected patterns
  • env /^DISQUS/i
Overall confidence: 100%
Detected patterns
  • env /^google_tag_manager$/i
Overall confidence: 100%
Detected patterns
  • script /\/s[_-]code.*\.js/i
  • env /^s_(?:account|objectID|code|INST)$/i
Overall confidence: 100%
Detected patterns
  • env /^jQuery$/i

Page Statistics

37
Requests

97 %
HTTPS

16 %
IPv6

13
Domains

21
Subdomains

19
IPs

4
Countries

772 kB
Transfer

2008 kB
Size

11
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 12
  • https://cm.everesttech.net/cm/dd?d_uuid=64378846776645565141503986193519177191 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=W3nSJQAABvwEvzx0
Request Chain 34
  • https://l.sharethis.com/pview?event=pview&version=st_sop.js&lang=en&fpc=4e8ce6e-16553dce10e-42b9ecf-1&sessionID=1534710309134.33674&hostname=www.fortinet.com&location=%2Fblog%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines.html&product=sticky-share-buttons&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines.html&sharURL=&buttonType=&destination=&source=&st_optout=false&title=Hussarini%20%E2%80%93%20Targeted%20Cyber%20Attack%20in%20the%20Philippines&publisher=5977d47080bb1d0011ab6d8f&ts1534710309134=&sop=true HTTP 301
  • https://l.sharethis.com/sc?cm=ZGAMJ1t50iUAAAATXAQoAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines.html

37 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set hussarini---targeted-cyber-attack-in-the-philippines.html
www.fortinet.com/blog/threat-research/ 		44 KB
12 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.9.7.17 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-9-7-17.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
229f750e90c5addc8fc2535e9d6f94b6c7311cdcdf625e7b8467f09a07aa3a01
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Host
www.fortinet.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
81D4A825B9B0120791E322969110C368

Response headers

Accept-Ranges
bytes
Cache-control
no-cache="set-cookie"
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Sun, 19 Aug 2018 20:25:08 GMT
ETag
W/"b0fb-573cf96ccd6e6-gzip"
Last-Modified
Sun, 19 Aug 2018 20:25:08 GMT
Server
Apache
Set-Cookie
AWSELB=ADCDE3710804DABF75CED0801727222EF3B4A37C026E095A83DA52A26D27CF7F0160DD600D50E929CF0EB3F36AE521B6558D88F20AE6B83F6A793D5811CBF02FABAD38FA4B;PATH=/;MAX-AGE=900
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Vary
Accept-Encoding,User-Agent
X-Frame-Options
SAMEORIGIN
Content-Length
11515
Connection
keep-alive
clientlib-base.min.css
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/ 		211 KB
17 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.css
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.9.7.17 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-9-7-17.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
31ad41eb429a056fb28e89d8c140e7c439ab1f4e72b79a6df23f73d8db433919
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.fortinet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Cookie
AWSELB=ADCDE3710804DABF75CED0801727222EF3B4A37C026E095A83DA52A26D27CF7F0160DD600D50E929CF0EB3F36AE521B6558D88F20AE6B83F6A793D5811CBF02FABAD38FA4B
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:25:09 GMT
Content-Encoding
gzip
Last-Modified
Wed, 15 Aug 2018 17:13:04 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
ETag
"34a57-5737c7083d1e9-gzip"
Vary
Accept-Encoding,User-Agent
Connection
keep-alive
Content-Type
text/css
Cache-Control
max-age=604800, public
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Accept-Ranges
bytes
Content-Length
16743
sharethis.js
platform-api.sharethis.com/js/ 		134 KB
49 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://platform-api.sharethis.com/js/sharethis.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.219.46 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-219-46.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
9b371a8db8abe7f7f71cec6aa5aa013ceabe949d8ef311ae255debb4297a9c99

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:25:09 GMT
Content-Encoding
gzip
ETag
W/"217a3-h/YdvKciMy3vd/BkUGfREQ"
Vary
Accept-Encoding
Access-Control-Allow-Methods
DELETE, GET, HEAD, OPTIONS, POST, PUT
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=3600
Connection
keep-alive
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
Content-Length
49616
satelliteLib-32b0117a6a1b1e07ce775d6f834af5718192ddf1.js
assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/ 		135 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/satelliteLib-32b0117a6a1b1e07ce775d6f834af5718192ddf1.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
d6722d70ee2eeecc81a1424a4a1a6ef145369162a6cf5285ecfc122f79e1af97

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:25:09 GMT
Content-Encoding
gzip
Last-Modified
Thu, 16 Aug 2018 21:17:40 GMT
Server
Apache
ETag
"44535ad2e5d8393acc9c64001139dde3:1534454260"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*, *
Content-Length
40080
Expires
Sun, 19 Aug 2018 21:25:09 GMT
fortinet-logo-white.svg
www.fortinet.com/content/dam/fortinet-blog/ 		32 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/fortinet-logo-white.svg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.9.7.17 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-9-7-17.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.fortinet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Cookie
AWSELB=ADCDE3710804DABF75CED0801727222EF3B4A37C026E095A83DA52A26D27CF7F0160DD600D50E929CF0EB3F36AE521B6558D88F20AE6B83F6A793D5811CBF02FABAD38FA4B; __unam=4e8ce6e-16553dce10e-42b9ecf-1; AMCV_ED8739F75677FE917F000101%40AdobeOrg=-330454231%7CMCIDTS%7C17763%7CvVersion%7C3.1.2; check=true
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:25:09 GMT
Content-Encoding
gzip
Last-Modified
Wed, 15 Aug 2018 17:13:05 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
ETag
"7ebb-5737c70917627-gzip"
Vary
Accept-Encoding,User-Agent
Connection
keep-alive
Content-Type
image/svg+xml
Cache-Control
max-age=604800, public
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Accept-Ranges
bytes
Content-Length
1998
clientlib-base.min.js
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/ 		164 KB
53 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.9.7.17 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-9-7-17.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
0b6043877e5dd01857f2e94cb94b6c4b7157a088277d0f59a15a9ed9917c9c87
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.fortinet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Cookie
AWSELB=ADCDE3710804DABF75CED0801727222EF3B4A37C026E095A83DA52A26D27CF7F0160DD600D50E929CF0EB3F36AE521B6558D88F20AE6B83F6A793D5811CBF02FABAD38FA4B
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:25:09 GMT
Content-Encoding
gzip
Last-Modified
Wed, 15 Aug 2018 17:13:04 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
ETag
"28ff0-5737c7086bc04-gzip"
Vary
Accept-Encoding,User-Agent
Connection
keep-alive
Content-Type
application/javascript
Cache-Control
max-age=604800, public
transfer-encoding
chunked
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Accept-Ranges
bytes
5977d47080bb1d0011ab6d8f.js
buttons-config.sharethis.com/js/ 		444 B
865 B 		Script
General
Check archive.org
Download Go to
Full URL
https://buttons-config.sharethis.com/js/5977d47080bb1d0011ab6d8f.js
Requested by
Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.219.46 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-219-46.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
7f0daa7591ef2b42b26dd9d39102440c242e7fd798e7898a620e5489d67ec73e

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:25:09 GMT
Last-Modified
Tue, 16 Jan 2018 20:14:52 GMT
Server
AmazonS3
x-amz-request-id
30389A7BEC8F4F13
ETag
"6167cc13570c31ffc1713616a6fb087d"
Content-Type
text/javascript
Cache-Control
public, max-age=60
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
444
x-amz-id-2
EEuYAjexJMW2wudV3DIl+nCjz3+EAqEDpw+ZXw7bT9fpNejB5vqxEwcm8nCdjRKpUjJWn3L8jgo=
gtm.js
www.googletagmanager.com/ 		67 KB
24 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-NBSLLPJ
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:81a::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager (scaffolding) /
Resource Hash
4ce9ed609fccf877301edf2571eb3b7125706ed8f39e5f61ab8a794cd4a975de
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 19 Aug 2018 20:25:09 GMT
content-encoding
gzip
server
Google Tag Manager (scaffolding)
access-control-allow-headers
Cache-Control
status
200
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
private, max-age=900
access-control-allow-credentials
true
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
24151
x-xss-protection
1; mode=block
expires
Sun, 19 Aug 2018 20:25:09 GMT
id
dpm.demdex.net/ 		367 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1534710309278
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/satelliteLib-32b0117a6a1b1e07ce775d6f834af5718192ddf1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.49.41.66 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-49-41-66.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
6747aaf1ef6b02fec0f93f87b1952e45cbded30c47ac5b0a6faff9062dd690c4

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Origin
https://www.fortinet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
irl1-prod-dcs-002551432.edge-irl1.demdex.com 5.36.2.20180809152735 7ms
Pragma
no-cache
Content-Encoding
gzip
X-TID
e1rvCAo+SUg=
Vary
Origin, Accept-Encoding, User-Agent
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://www.fortinet.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
303
Expires
Thu, 01 Jan 1970 00:00:00 GMT
mbox-contents-081c7224345c702ebcf6ef22d3b7449ec11ce42d.js
assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/ 		72 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/mbox-contents-081c7224345c702ebcf6ef22d3b7449ec11ce42d.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/satelliteLib-32b0117a6a1b1e07ce775d6f834af5718192ddf1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
13f9871faf609461bb6206bfa6d9f987e80805137f54655e19177cb52fb3d016

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Sun, 19 Aug 2018 20:25:09 GMT
Content-Encoding
gzip
Last-Modified
Thu, 16 Aug 2018 21:17:40 GMT
Server
Apache
ETag
"12042a5e77e5e1f1023020ffebee8b4b:1534454260"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*, *
Content-Length
26562
Expires
Sun, 19 Aug 2018 21:25:09 GMT
truncated
/ 		71 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
Cookie set dest5.html
fortinet.demdex.net/ Frame B763 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://fortinet.demdex.net/dest5.html?d_nsid=0
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/satelliteLib-32b0117a6a1b1e07ce775d6f834af5718192ddf1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.17.226.250 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-17-226-250.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Host
fortinet.demdex.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Accept-Encoding
gzip, deflate
Cookie
demdex=64378846776645565141503986193519177191
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
81D4A825B9B0120791E322969110C368
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=21600
Content-Encoding
gzip
Content-Type
text/html
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified
Sun, 19 Aug 2018 19:55:56 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Set-Cookie
demdex=64378846776645565141503986193519177191;Path=/;Domain=.demdex.net;Expires=Fri, 15-Feb-2019 20:25:09 GMT;Max-Age=15552000
Vary
Accept-Encoding, User-Agent
X-TID
dAm1ZHSdSvQ=
Content-Length
2766
Connection
keep-alive
id
fortinetinc.sc.omtrdc.net/ 		3 B
529 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://fortinetinc.sc.omtrdc.net/id?d_visid_ver=3.1.2&d_fieldgroup=A&mcorgid=ED8739F75677FE917F000101%40AdobeOrg&mid=64721873467910646821466231062176681071&ts=1534710309323
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/satelliteLib-32b0117a6a1b1e07ce775d6f834af5718192ddf1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
172.82.228.19 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
*.sc.omtrdc.net
Software
Omniture DC/2.0.0 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Origin
https://www.fortinet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Date
Sun, 19 Aug 2018 20:25:09 GMT
X-Content-Type-Options
nosniff
Server
Omniture DC/2.0.0
xserver
www40
Vary
Origin
Access-Control-Allow-Methods
GET, POST, DELETE
P3P
CP="This is not a P3P policy"
Access-Control-Allow-Origin
https://www.fortinet.com
Cache-Control
no-cache, no-store, max-age=0, no-transform, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/x-javascript
Content-Length
3
X-XSS-Protection
1; mode=block
X-C
ms-6.4.0
ibs:dpid=411&dpuuid=W3nSJQAABvwEvzx0
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=64378846776645565141503986193519177191
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=W3nSJQAABvwEvzx0
42 B
763 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=W3nSJQAABvwEvzx0
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.49.41.66 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-49-41-66.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

DCS
irl1-prod-dcs-93ef0805.edge-irl1.demdex.com 5.36.2.20180809152735 4ms
Pragma
no-cache
X-TID
Z9r2nAEeRvI=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
42
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date
Sun, 19 Aug 2018 20:25:09 GMT
Server
AMO-cookiemap/1.1
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=W3nSJQAABvwEvzx0
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=15,max=100
Content-Length
0
new-ransomware-follows-wannacry-exploits.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/individual-images/ 		132 KB
132 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-images/individual-images/new-ransomware-follows-wannacry-exploits.png.thumb.319.319.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.9.7.17 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-9-7-17.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
5d531df9b9835ac329dc5aad30daefe5ebb2b93ca912ab20b6e763bf77d888ba
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.fortinet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Cookie
AWSELB=ADCDE3710804DABF75CED0801727222EF3B4A37C026E095A83DA52A26D27CF7F0160DD600D50E929CF0EB3F36AE521B6558D88F20AE6B83F6A793D5811CBF02FABAD38FA4B; __unam=4e8ce6e-16553dce10e-42b9ecf-1; check=true; mbox=session#5ad56834b11a4ac0a861a99b02cc4dd4#1534712170; AMCVS_ED8739F75677FE917F000101%40AdobeOrg=1; AMCV_ED8739F75677FE917F000101%40AdobeOrg=-330454231%7CMCIDTS%7C17763%7CMCMID%7C64721873467910646821466231062176681071%7CMCAAMLH-1535315109%7C6%7CMCAAMB-1535315109%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1534717509s%7CNONE%7CvVersion%7C3.1.2
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:25:09 GMT
Last-Modified
Wed, 15 Aug 2018 19:06:21 GMT
Server
Apache
ETag
"21074-5737e05a656f8"
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
image/png
Cache-Control
max-age=604800, public
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Accept-Ranges
bytes
Content-Length
135284
a_deep_dive_analysis_of_fallchill_remote_admin_tool.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/individual-images/ 		12 KB
12 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-images/individual-images/a_deep_dive_analysis_of_fallchill_remote_admin_tool.png.thumb.319.319.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.9.7.17 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-9-7-17.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
910ab43f73b6073142379650feb6de6f77744c9a418754fab9e8c71b12065c10
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.fortinet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Cookie
AWSELB=ADCDE3710804DABF75CED0801727222EF3B4A37C026E095A83DA52A26D27CF7F0160DD600D50E929CF0EB3F36AE521B6558D88F20AE6B83F6A793D5811CBF02FABAD38FA4B; __unam=4e8ce6e-16553dce10e-42b9ecf-1; check=true; mbox=session#5ad56834b11a4ac0a861a99b02cc4dd4#1534712170; AMCVS_ED8739F75677FE917F000101%40AdobeOrg=1; AMCV_ED8739F75677FE917F000101%40AdobeOrg=-330454231%7CMCIDTS%7C17763%7CMCMID%7C64721873467910646821466231062176681071%7CMCAAMLH-1535315109%7C6%7CMCAAMB-1535315109%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1534717509s%7CNONE%7CvVersion%7C3.1.2
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:25:09 GMT
Last-Modified
Wed, 15 Aug 2018 17:34:11 GMT
Server
Apache
ETag
"3022-5737cbc0ebd93"
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
image/png
Cache-Control
max-age=604800, public
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Accept-Ranges
bytes
Content-Length
12322
rehashed-rat-in-apt-campaign-against-vietnamese-organizations.jpg.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/individual-images/ 		125 KB
126 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-images/individual-images/rehashed-rat-in-apt-campaign-against-vietnamese-organizations.jpg.thumb.319.319.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.9.7.17 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-9-7-17.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
9adb1961521d9a92ee99cbfc4031784b655a821931ebdfcb602e0c42ce3756af
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.fortinet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Cookie
AWSELB=ADCDE3710804DABF75CED0801727222EF3B4A37C026E095A83DA52A26D27CF7F0160DD600D50E929CF0EB3F36AE521B6558D88F20AE6B83F6A793D5811CBF02FABAD38FA4B; __unam=4e8ce6e-16553dce10e-42b9ecf-1; check=true; mbox=session#5ad56834b11a4ac0a861a99b02cc4dd4#1534712170; AMCVS_ED8739F75677FE917F000101%40AdobeOrg=1; AMCV_ED8739F75677FE917F000101%40AdobeOrg=-330454231%7CMCIDTS%7C17763%7CMCMID%7C64721873467910646821466231062176681071%7CMCAAMLH-1535315109%7C6%7CMCAAMB-1535315109%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1534717509s%7CNONE%7CvVersion%7C3.1.2
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:25:09 GMT
Last-Modified
Thu, 16 Aug 2018 01:36:23 GMT
Server
Apache
ETag
"1f4ad-573837887b9ef"
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
image/png
Cache-Control
max-age=604800, public
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Accept-Ranges
bytes
Content-Length
128173
huss_01.png
www.fortinet.com/content/dam/fortinet-blog/article-images/hussarini_targeted_cyber_attack-/ 		24 KB
25 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-images/hussarini_targeted_cyber_attack-/huss_01.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.9.7.17 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-9-7-17.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
7f6185c8b0e6ffe5a06775b931d75bdaabd830458ca41f58dddfafbc97c38185
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.fortinet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Cookie
AWSELB=ADCDE3710804DABF75CED0801727222EF3B4A37C026E095A83DA52A26D27CF7F0160DD600D50E929CF0EB3F36AE521B6558D88F20AE6B83F6A793D5811CBF02FABAD38FA4B; __unam=4e8ce6e-16553dce10e-42b9ecf-1; check=true; mbox=session#5ad56834b11a4ac0a861a99b02cc4dd4#1534712170; AMCVS_ED8739F75677FE917F000101%40AdobeOrg=1; AMCV_ED8739F75677FE917F000101%40AdobeOrg=-330454231%7CMCIDTS%7C17763%7CMCMID%7C64721873467910646821466231062176681071%7CMCAAMLH-1535315109%7C6%7CMCAAMB-1535315109%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1534717509s%7CNONE%7CvVersion%7C3.1.2
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:25:09 GMT
Last-Modified
Wed, 15 Aug 2018 18:24:01 GMT
Server
Apache
ETag
"60b0-5737d6e49ac3b"
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
image/png
Cache-Control
max-age=604800, public
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Accept-Ranges
bytes
Content-Length
24752
embed.js
fortinetblog-1.disqus.com/ 		63 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://fortinetblog-1.disqus.com/embed.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.12.134 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
openresty /
Resource Hash
2db8b8060eb4328b596b5d3662718e968eb4dc544c9ca33eff7611d19c98337a
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:25:09 GMT
Content-Encoding
gzip
Server
openresty
Age
4
Vary
Accept-Encoding
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Cache-Control
private, max-age=60
X-Service
router
Strict-Transport-Security
max-age=300; includeSubdomains
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length
21328
portal.html
c.sharethis.mgr.consensu.org/v1.0/cmp/ Frame 623B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://c.sharethis.mgr.consensu.org/v1.0/cmp/portal.html
Requested by
Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.16.186.243 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-186-243.deploy.static.akamaitechnologies.com
Software
/
Resource Hash

Request headers

Host
c.sharethis.mgr.consensu.org
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
81D4A825B9B0120791E322969110C368
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Methods
DELETE, GET, HEAD, OPTIONS, POST, PUT
Access-Control-Allow-Origin
*
Content-Type
text/html; charset=UTF-8
ETag
W/"26b-4977387000"
Last-Modified
Tue, 01 Jan 1980 00:00:00 GMT
Vary
Accept-Encoding
Content-Length
619
Cache-Control
public, max-age=600
Date
Sun, 19 Aug 2018 20:25:09 GMT
Connection
keep-alive
json
fortinet.tt.omtrdc.net/m2/fortinet/mbox/ 		0
0
lounge.fda8427fde61b6f55d19bcd47d8c54b0.css
c.disquscdn.com/next/embed/styles/ 		99 KB
19 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/styles/lounge.fda8427fde61b6f55d19bcd47d8c54b0.css
Requested by
Host: fortinetblog-1.disqus.com
URL: https://fortinetblog-1.disqus.com/embed.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::6810:4ca6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fbf5d901393f5552a007fe5e20ae88c5b8d09a5ae1b972a398d3218e9b013a09
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 19 Aug 2018 20:25:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
status
200
strict-transport-security
max-age=300; includeSubdomains
content-length
19061
x-xss-protection
1; mode=block
timing-allow-origin
*
last-modified
Fri, 10 Aug 2018 23:38:57 GMT
server
cloudflare
fastly-debug-digest
b0b057f5f589562c68db995740e80deb923167a1f09065d1396852e651436f1b
etag
"5b6e2211-4a75"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
cf-ray
44cf59099a26641b-FRA
expires
Mon, 12 Aug 2019 18:38:21 GMT
common.bundle.e63a160a6bfb2f2953b5059c50baaf15.js
c.disquscdn.com/next/embed/ 		242 KB
81 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/common.bundle.e63a160a6bfb2f2953b5059c50baaf15.js
Requested by
Host: fortinetblog-1.disqus.com
URL: https://fortinetblog-1.disqus.com/embed.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::6810:4ca6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b58042b3caa084f224cc60cb8aa59b30b4219dbc797d2084ffe095e94d2a221a
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 19 Aug 2018 20:25:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
status
200
strict-transport-security
max-age=300; includeSubdomains
content-length
82692
x-xss-protection
1; mode=block
timing-allow-origin
*
last-modified
Tue, 31 Jul 2018 22:23:46 GMT
server
cloudflare
fastly-debug-digest
bd8ba0469cb199f6986186933efa1473af5ff288ff29039c1feb7332871058c9
etag
"5b60e172-14304"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
cf-ray
44cf59099a27641b-FRA
expires
Thu, 01 Aug 2019 00:05:08 GMT
lounge.bundle.d9de07e390c24c083ffd3c2c531d3ebf.js
c.disquscdn.com/next/embed/ 		360 KB
94 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/lounge.bundle.d9de07e390c24c083ffd3c2c531d3ebf.js
Requested by
Host: fortinetblog-1.disqus.com
URL: https://fortinetblog-1.disqus.com/embed.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::6810:4ca6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e77d1cca37b1fdf7d24b674dab4a639286ef3f7ffe2d4b7a72e70d5d6bcc5bd7
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 19 Aug 2018 20:25:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
status
200
strict-transport-security
max-age=300; includeSubdomains
content-length
95587
x-xss-protection
1; mode=block
timing-allow-origin
*
last-modified
Tue, 14 Aug 2018 23:13:01 GMT
server
cloudflare
fastly-debug-digest
1ae910ba9efd9b4004323493e3629dde07f55420c7f4a29e23afa9f2288aa39b
etag
"5b7361fd-17563"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
cf-ray
44cf59099a28641b-FRA
expires
Thu, 15 Aug 2019 04:43:49 GMT
config.js
disqus.com/next/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://disqus.com/next/config.js
Requested by
Host: fortinetblog-1.disqus.com
URL: https://fortinetblog-1.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.134 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
3eaf5886f85c6f2592611b9bb3d6fcff29e3cebad3af2846f2b157714c8e4e86
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:25:09 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
50
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
2375
X-XSS-Protection
1; mode=block
Server
nginx
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
Content-Type
application/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Timing-Allow-Origin
*
s-code-contents-678d604999b9203058dbe982c7a7ddbf795bb1f4.js
assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/ 		34 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/s-code-contents-678d604999b9203058dbe982c7a7ddbf795bb1f4.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/satelliteLib-32b0117a6a1b1e07ce775d6f834af5718192ddf1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e6f6d66459cdaf4ccd8b6a49546f78a77215acef509b0c771738e5c93ddfc2e9

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:25:09 GMT
Content-Encoding
gzip
Last-Modified
Thu, 16 Aug 2018 21:17:40 GMT
Server
Apache
ETag
"ac82a81e88b9df1be1b1053ef751f92e:1534454260"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*, *, *
Content-Length
13207
Expires
Sun, 19 Aug 2018 21:25:09 GMT
satellite-59ceae2064746d21fe0037dd.js
assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/scripts/ 		1 KB
901 B 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/scripts/satellite-59ceae2064746d21fe0037dd.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/satelliteLib-32b0117a6a1b1e07ce775d6f834af5718192ddf1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
24038492cb3d19fef34ce0a9bc55033f3030c04eeea97a93c22b2ec8914c1316

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:25:09 GMT
Content-Encoding
gzip
Last-Modified
Thu, 16 Aug 2018 21:17:40 GMT
Server
Apache
ETag
"d8619d86a5e27900726ec96a76ead3cc:1534454260"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*, *
Content-Length
459
Expires
Sun, 19 Aug 2018 21:25:09 GMT
get_counts
count-server.sharethis.com/v2.0/ 		373 B
429 B 		Script
General
Check archive.org
Download Go to
Full URL
https://count-server.sharethis.com/v2.0/get_counts?cb=window.__sharethis__.cb3&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines.html&refDomain=www.fortinet.com&sop=true
Requested by
Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.207.42.149 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-207-42-149.compute-1.amazonaws.com
Software
/
Resource Hash
ecde1397bf9f358424cf678f9031166acf9580070945b1ab1dd692aa87b715f0

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:25:09 GMT
Content-Encoding
gzip
Connection
keep-alive
Content-Length
272
Content-Type
application/json
truncated
/ 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/gif
s25876251551307
fortinetinc.sc.omtrdc.net/b/ss/fortinetincproduction/1/JS-2.9.0-D7QN/ 		43 B
586 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://fortinetinc.sc.omtrdc.net/b/ss/fortinetincproduction/1/JS-2.9.0-D7QN/s25876251551307?AQB=1&ndh=1&pf=1&t=19%2F7%2F2018%2020%3A25%3A9%200%200&sdid=5D748CB100DD6824-53BD040BF8A0556D&D=D%3D&mid=64721873467910646821466231062176681071&aamlh=6&ce=UTF-8&g=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines.html&events=event3&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&v1=www.fortinet.com%2Fblog%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines.html&v3=%2B1&c7=Entire%20Site&v27=BLOG&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=ED8739F75677FE917F000101%40AdobeOrg&AQE=1
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
172.82.228.19 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
*.sc.omtrdc.net
Software
Omniture DC /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:25:09 GMT
X-Content-Type-Options
nosniff
X-C
ms-6.4.0
P3P
CP="This is not a P3P policy"
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
Pragma
no-cache
Last-Modified
Mon, 20 Aug 2018 20:25:09 GMT
Server
Omniture DC
xserver
www289
ETag
"3295765293081624576-5457097395710016181"
Vary
*
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, max-age=0, no-transform, private
Expires
Sat, 18 Aug 2018 20:25:09 GMT
roundtrip.js
s.adroll.com/j/ 		29 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/roundtrip.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NBSLLPJ
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
e65cf5108c80dca04640eb55670754edbda09df69d96b1c5308dd7aae16e5ae8

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id
3983yvQiUeJIC76cHdWZACuajrAAM2fQ
Content-Encoding
gzip
ETag
"3771366c85ecd7d661479d8467c1d272"
x-amz-request-id
19E007E4E2EAE795
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
9469
x-amz-id-2
8nVI1PpwzJeec8aJgN+RINN9UirB6U966QNMZO8fbQGvW6lWTwpH4RcgC6kJG3BZbIeM+6KWFmo=
Last-Modified
Thu, 02 Aug 2018 22:24:55 GMT
Server
AmazonS3
Date
Sun, 19 Aug 2018 20:25:09 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=300, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
t.js
vidassets.terminus.services/a01961d7-dcca-4b51-8e61-d0a209a6967f/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://vidassets.terminus.services/a01961d7-dcca-4b51-8e61-d0a209a6967f/t.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NBSLLPJ
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.32.223.9 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-32-223-9.fra56.r.cloudfront.net
Software
/
Resource Hash

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

cache-control
public, s-maxage=900
content-type
application/json
7OBVBCAQE5FHDPFEAD5T4D
d.adroll.com/consent/check/ 		35 B
195 B 		Script
General
Check archive.org
Download Go to
Full URL
https://d.adroll.com/consent/check/7OBVBCAQE5FHDPFEAD5T4D?_s=110e1dcb104cc20178107fee5b9faea4
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.228.207.12 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-228-207-12.eu-west-1.compute.amazonaws.com
Software
nginx/1.12.1 /
Resource Hash
8e1e0966b4257e4b292f4a3f03bcb0e235daae15964a0ab22d1176fee2da1e73

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:25:09 GMT
Server
nginx/1.12.1
Connection
keep-alive
Content-Length
35
Content-Type
application/javascript
/
disqus.com/embed/comments/ Frame 6B12 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://disqus.com/embed/comments/?base=default&f=fortinetblog-1&t_i=%2Fcontent%2Ffortinet-blog%2Fus%2Fen%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines&t_u=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines.html&t_d=Hussarini%20%E2%80%93%20Targeted%20Cyber%20Attack%20in%20the%20Philippines&t_t=Hussarini%20%E2%80%93%20Targeted%20Cyber%20Attack%20in%20the%20Philippines&s_o=default
Requested by
Host: fortinetblog-1.disqus.com
URL: https://fortinetblog-1.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.192.134 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src https://*.twitter.com:* https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ 'unsafe-inline' https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ https://apis.google.com https://disqus.com
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
disqus.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
81D4A825B9B0120791E322969110C368
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html

Response headers

Server
nginx
Content-Security-Policy
script-src https://*.twitter.com:* https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ 'unsafe-inline' https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ https://apis.google.com https://disqus.com
Link
<https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control
stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Timing-Allow-Origin
*
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Content-Type
text/html; charset=utf-8
Last-Modified
Mon, 09 Jul 2018 08:47:13 GMT
ETag
W/"lounge:view:6780376612.f8d0d365a09a8403f2d678a4460466b0.2"
Content-Encoding
gzip
Content-Length
2796
Date
Sun, 19 Aug 2018 20:25:09 GMT
Age
0
Connection
keep-alive
Vary
Accept-Encoding
Strict-Transport-Security
max-age=300; includeSubdomains
/
graph.facebook.com/ 		664 B
622 B 		Script
General
Check archive.org
Download Go to
Full URL
https://graph.facebook.com/?id=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines.html&callback=window.__sharethis__.cb4
Requested by
Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f02d:e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
0bbd1d4ce5b88cfd17a79ab434439c2c341dd7730741f781daed18238ba79254
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
content-encoding
gzip
etag
"05aeeac2ca96b2535a42f6ee07afe11c218c821d"
x-app-usage
{"call_count":0,"total_cputime":0,"total_time":0}
status
200
x-fb-rev
4226578
content-length
436
pragma
no-cache
x-fb-debug
igiZ8O5CgYnn6TLtVaIRM22K1oJ1v2UyUm/UHQR+VKjn9WyFaK/dkvkGsWoDMY4vhLwgM9idcsTxuOSrOJV0LA==
x-fb-trace-id
BySAHQIJtGo
date
Sun, 19 Aug 2018 20:25:09 GMT
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, no-cache, no-store, must-revalidate
facebook-api-version
v2.7
expires
Sat, 01 Jan 2000 00:00:00 GMT
sc
l.sharethis.com/
Redirect Chain
  • https://l.sharethis.com/pview?event=pview&version=st_sop.js&lang=en&fpc=4e8ce6e-16553dce10e-42b9ecf-1&sessionID=1534710309134.33674&hostname=www.fortinet.com&location=%2Fblog%2Fthreat-research%2Fhu...
  • https://l.sharethis.com/sc?cm=ZGAMJ1t50iUAAAATXAQoAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines.html
0
-1 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://l.sharethis.com/sc?cm=ZGAMJ1t50iUAAAATXAQoAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines.html
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.196.241.5 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-196-241-5.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:25:09 GMT
Access-Control-Allow-Origin
https://www.fortinet.com
Access-Control-Max-Age
1728000
P3p
policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Location
/sc?cm=ZGAMJ1t50iUAAAATXAQoAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines.html
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Headers
*
Content-Length
207
Stid
ZGAMJ1t50iUAAAATXAQoAw==

Redirect headers

Date
Sun, 19 Aug 2018 20:25:09 GMT
Access-Control-Allow-Origin
https://www.fortinet.com
Access-Control-Max-Age
1728000
P3p
policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Location
/sc?cm=ZGAMJ1t50iUAAAATXAQoAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines.html
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Headers
*
Content-Length
207
Stid
ZGAMJ1t50iUAAAATXAQoAw==
sc
l.sharethis.com/ 		51 B
474 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://l.sharethis.com/sc?cm=ZGAMJ1t50iUAAAATXAQoAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines.html
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.196.241.5 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-196-241-5.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
1293b962b24fef3fc1228ca19eaf08fb41d11bc9913c0113d50ca9a17b29273d

Request headers

X-DevTools-Emulate-Network-Conditions-Client-Id
81D4A825B9B0120791E322969110C368
Origin
https://www.fortinet.com
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:25:09 GMT
Access-Control-Max-Age
1728000
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
https://www.fortinet.com
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Stid
ZGAMJ1t50iUAAAATXAQoAw==
Access-Control-Allow-Headers
*
Content-Length
51
alfie.f51946af45e0b561c60f768335c9eb79.js
c.disquscdn.com/next/embed/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://c.disquscdn.com/next/embed/alfie.f51946af45e0b561c60f768335c9eb79.js
Requested by
Host: fortinetblog-1.disqus.com
URL: https://fortinetblog-1.disqus.com/embed.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::6810:4ca6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
eda8f00e9255746e7620848227aca122053845c9b4a90f1b3e26b4cd99af9e25
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 19 Aug 2018 20:25:09 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
status
200
strict-transport-security
max-age=300; includeSubdomains
content-length
6605
x-xss-protection
1; mode=block
timing-allow-origin
*
last-modified
Wed, 07 Mar 2018 01:19:31 GMT
server
cloudflare
fastly-debug-digest
baac760ca1e6f62ea6380d62d4f07b5dfbb97755c19df0448623d4ede950e2e4
etag
"5a9f3e23-19cd"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
cf-ray
44cf590bfd7a641b-FRA
expires
Thu, 07 Mar 2019 10:59:25 GMT
ping
links.services.disqus.com/api/ 		294 B
920 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://links.services.disqus.com/api/ping?format=jsonp&key=cfdfcf52dffd0a702a61bad27507376d&loc=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines.html&subId=5412148&v=1&jsonp=vglnk_jsonp_15347103097620
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/alfie.f51946af45e0b561c60f768335c9eb79.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.12.64 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
df0000f110edd926beace599734da28459ebddff5f8ae85a79a5e8b17bda4bf1

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Origin
https://www.fortinet.com

Response headers

Pragma
no-cache
Date
Sun, 19 Aug 2018 20:25:09 GMT
Server
Apache-Coyote/1.1
P3P
CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin
https://www.fortinet.com
Cache-Control
no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/javascript;charset=UTF-8
Content-Length
294
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
fortinet.tt.omtrdc.net
URL
https://fortinet.tt.omtrdc.net/m2/fortinet/mbox/json?mbox=target-global-mbox&mboxSession=5ad56834b11a4ac0a861a99b02cc4dd4&mboxPC=&mboxPage=ff9e2c0e0b014d338a9bd860b81934f9&mboxRid=b3048462aa924781bcec40ce3c71ad2c&mboxVersion=1.3.0&mboxCount=1&mboxTime=1534710309311&mboxHost=www.fortinet.com&mboxURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines.html&mboxReferrer=&browserHeight=1200&browserWidth=1600&browserTimeOffset=0&screenHeight=1200&screenWidth=1600&colorDepth=24&mboxMCSDID=5D748CB100DD6824-53BD040BF8A0556D&vst.trk=fortinetinc.sc.omtrdc.net&vst.trks=fortinetinc.sc.omtrdc.net&mboxMCGVID=64721873467910646821466231062176681071&mboxAAMB=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y

Verdicts & Comments Add Verdict or Comment

112 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| __stdos__ boolean| tpcCookiesEnableCheckingDone boolean| tpcCookiesEnabledStatus function| __sharethis__docReady object| __sharethis__ boolean| opt_out object| dataLayer function| Visitor object| _satellite object| s_c_il number| s_c_in function| targetPageParams object| adobe object| ___target_traces function| mboxCreate function| mboxDefine function| mboxUpdate function| disqus_config object| DISQUS object| fortinet_blog object| EasyAutocomplete object| search_config object| keywords object| siteId object| lang object| options boolean| searchFired boolean| blogFilter string| documentsQuery string| blogCategories string| authorsList string| yearsList object| lastQuery number| totalReturn number| lastRow object| lastWordsForCounting function| htmlEncode function| hideAutoComplete function| sitesearch_init function| sitesearch_search_callback function| sitesearch_countall_callback function| sitesearch_do_search function| sitesearch_do_force_search function| sitesearch_spellcheck_callback function| sitesearch_do_spellcheck function| sitesearch_do_suggest_search function| sitesearch_query_searchresult_callback function| sitesearch_do_query_searchresult function| sitesearch_click_page_callback function| sitesearch_click_page function| search_action function| sitesearch_search_fortiguard function| count_facets_type function| shuffle_facets function| csCookies object| cookieScriptWindow object| cookieScripts string| cookieScriptSrc function| cookieQuery string| cookieScriptPosition string| cookieScriptSource string| cookieScriptDomain string| cookieScriptReadMore string| cookieId number| cookieScriptDebug boolean| cookieScriptShowBadge string| cookieScriptCurrentUrl string| pagePath string| cookieScriptTitle string| cookieScriptDesc string| cookieScriptAccept string| cookieScriptMore string| cookieScriptCopyrights string| cookieBackground function| setImmediate function| clearImmediate function| $ function| jQuery undefined| Cookies string| cookieScriptReject function| cookieScriptLoadJavaScript function| InjectCookieScript string| cookieScriptStatsDomain function| cookieScriptCreateCookie function| cookieScriptReadCookie function| cookieScriptAddBox object| cookieScriptCurrentValue function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq object| t object| s_i_fortinetincproduction function| postscribe object| google_tag_manager string| adroll_adv_id string| adroll_pix_id boolean| __adroll_loaded string| adroll_sid object| __adroll boolean| adroll_optout object| adroll_ext_network object| adroll_callbacks function| adroll_tpc_callback boolean| __adroll_consent string| vglnk_self function| vl_cB function| vl_disable undefined| vglnk_jsonp_15347103097620 object| vglnk

11 Cookies

Domain/Path Name / Value
.demdex.net/ Name: demdex
Value: 64378846776645565141503986193519177191
.fortinet.com/ Name: s_cc
Value: true
.fortinet.com/ Name: gpv_pn
Value: www.fortinet.com%2Fblog%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines.html
.fortinet.com/ Name: AMCV_ED8739F75677FE917F000101%40AdobeOrg
Value: -330454231%7CMCIDTS%7C17763%7CMCMID%7C64721873467910646821466231062176681071%7CMCAAMLH-1535315109%7C6%7CMCAAMB-1535315109%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1534717509s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-17770%7CvVersion%7C3.1.2
.fortinet.com/ Name: AMCVS_ED8739F75677FE917F000101%40AdobeOrg
Value: 1
.fortinet.com/ Name: mbox
Value: session#5ad56834b11a4ac0a861a99b02cc4dd4#1534712170
www.fortinet.com/ Name: st_shares_https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Value: [object Object]
www.fortinet.com/blog/threat-research Name: __sharethis_cookie_test__
Value: 1
.fortinet.com/ Name: __unam
Value: 4e8ce6e-16553dce10e-42b9ecf-1
.fortinet.com/ Name: check
Value: true
www.fortinet.com/ Name: AWSELB
Value: ADCDE3710804DABF75CED0801727222EF3B4A37C026E095A83DA52A26D27CF7F0160DD600D50E929CF0EB3F36AE521B6558D88F20AE6B83F6A793D5811CBF02FABAD38FA4B

1 Console Messages

Source Level URL
Text
console-api warning URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/mbox-contents-081c7224345c702ebcf6ef22d3b7449ec11ce42d.js(Line 7)
Message:
AT:

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.adobedtm.com
buttons-config.sharethis.com
c.disquscdn.com
c.sharethis.mgr.consensu.org
cm.everesttech.net
count-server.sharethis.com
d.adroll.com
disqus.com
dpm.demdex.net
fortinet.demdex.net
fortinet.tt.omtrdc.net
fortinetblog-1.disqus.com
fortinetinc.sc.omtrdc.net
graph.facebook.com
l.sharethis.com
links.services.disqus.com
platform-api.sharethis.com
s.adroll.com
vidassets.terminus.services
www.fortinet.com
www.googletagmanager.com
fortinet.tt.omtrdc.net
104.111.219.46
13.32.223.9
151.101.12.134
151.101.12.64
151.101.192.134
172.82.228.19
18.196.241.5
2.16.186.243
2.18.232.23
2.18.233.40
2400:cb00:2048:1::6810:4ca6
2a00:1450:4001:81a::2008
2a03:2880:f02d:e:face:b00c:0:2
52.17.226.250
52.207.42.149
52.49.41.66
52.9.7.17
54.228.207.12
66.117.28.86
0b6043877e5dd01857f2e94cb94b6c4b7157a088277d0f59a15a9ed9917c9c87
0bbd1d4ce5b88cfd17a79ab434439c2c341dd7730741f781daed18238ba79254
1293b962b24fef3fc1228ca19eaf08fb41d11bc9913c0113d50ca9a17b29273d
13f9871faf609461bb6206bfa6d9f987e80805137f54655e19177cb52fb3d016
229f750e90c5addc8fc2535e9d6f94b6c7311cdcdf625e7b8467f09a07aa3a01
24038492cb3d19fef34ce0a9bc55033f3030c04eeea97a93c22b2ec8914c1316
2db8b8060eb4328b596b5d3662718e968eb4dc544c9ca33eff7611d19c98337a
31ad41eb429a056fb28e89d8c140e7c439ab1f4e72b79a6df23f73d8db433919
3eaf5886f85c6f2592611b9bb3d6fcff29e3cebad3af2846f2b157714c8e4e86
4ce9ed609fccf877301edf2571eb3b7125706ed8f39e5f61ab8a794cd4a975de
5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d
5d531df9b9835ac329dc5aad30daefe5ebb2b93ca912ab20b6e763bf77d888ba
6747aaf1ef6b02fec0f93f87b1952e45cbded30c47ac5b0a6faff9062dd690c4
7f0daa7591ef2b42b26dd9d39102440c242e7fd798e7898a620e5489d67ec73e
7f6185c8b0e6ffe5a06775b931d75bdaabd830458ca41f58dddfafbc97c38185
8e1e0966b4257e4b292f4a3f03bcb0e235daae15964a0ab22d1176fee2da1e73
910ab43f73b6073142379650feb6de6f77744c9a418754fab9e8c71b12065c10
9adb1961521d9a92ee99cbfc4031784b655a821931ebdfcb602e0c42ce3756af
9b371a8db8abe7f7f71cec6aa5aa013ceabe949d8ef311ae255debb4297a9c99
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
b58042b3caa084f224cc60cb8aa59b30b4219dbc797d2084ffe095e94d2a221a
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17
d6722d70ee2eeecc81a1424a4a1a6ef145369162a6cf5285ecfc122f79e1af97
df0000f110edd926beace599734da28459ebddff5f8ae85a79a5e8b17bda4bf1
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e65cf5108c80dca04640eb55670754edbda09df69d96b1c5308dd7aae16e5ae8
e6f6d66459cdaf4ccd8b6a49546f78a77215acef509b0c771738e5c93ddfc2e9
e77d1cca37b1fdf7d24b674dab4a639286ef3f7ffe2d4b7a72e70d5d6bcc5bd7
ecde1397bf9f358424cf678f9031166acf9580070945b1ab1dd692aa87b715f0
eda8f00e9255746e7620848227aca122053845c9b4a90f1b3e26b4cd99af9e25
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fbf5d901393f5552a007fe5e20ae88c5b8d09a5ae1b972a398d3218e9b013a09