URL: https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Submission: On August 19 via api from CH

Summary

This website contacted 20 IPs in 4 countries across 13 domains to perform 37 HTTP transactions. The main IP is 52.9.90.207, located in San Jose, United States and belongs to AMAZON-02 - Amazon.com, Inc., US. The main domain is www.fortinet.com.
TLS certificate: Issued by DigiCert SHA2 High Assurance Server CA on April 27th 2016. Valid for: 3 years.
This is the only time www.fortinet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
8 52.9.90.207 16509 (AMAZON-02)
2 104.111.219.46 16625 (AKAMAI-AS)
4 2.18.232.23 16625 (AKAMAI-AS)
1 2a00:1450:400... 15169 (GOOGLE)
2 52.17.182.129 16509 (AMAZON-02)
1 151.101.12.134 54113 (FASTLY)
1 2.16.186.146 20940 (AKAMAI-ASN1)
1 2.18.233.40 16625 (AKAMAI-AS)
1 54.217.252.98 16509 (AMAZON-02)
4 2400:cb00:204... 13335 (CLOUDFLAR...)
2 151.101.128.134 54113 (FASTLY)
1 52.214.151.124 16509 (AMAZON-02)
2 172.82.228.19 15224 (OMNITURE)
1 1 66.117.28.86 15224 (OMNITURE)
1 66.117.29.4 15224 (OMNITURE)
1 3 18.196.241.5 16509 (AMAZON-02)
1 52.71.155.233 14618 (AMAZON-AES)
1 13.32.223.54 16509 (AMAZON-02)
1 151.101.112.64 54113 (FASTLY)
1 2a03:2880:f01... 32934 (FACEBOOK)
37 20
Domain Requested by
8 www.fortinet.com www.fortinet.com
4 c.disquscdn.com fortinetblog-1.disqus.com
4 assets.adobedtm.com www.fortinet.com
assets.adobedtm.com
3 l.sharethis.com 1 redirects www.fortinet.com
2 fortinetinc.sc.omtrdc.net assets.adobedtm.com
www.fortinet.com
2 disqus.com fortinetblog-1.disqus.com
2 dpm.demdex.net assets.adobedtm.com
www.fortinet.com
1 graph.facebook.com platform-api.sharethis.com
1 links.services.disqus.com c.disquscdn.com
1 vidassets.terminus.services www.googletagmanager.com
1 count-server.sharethis.com platform-api.sharethis.com
1 fortinet.tt.omtrdc.net assets.adobedtm.com
1 cm.everesttech.net 1 redirects
1 fortinet.demdex.net assets.adobedtm.com
1 d.adroll.com s.adroll.com
1 s.adroll.com www.googletagmanager.com
1 c.sharethis.mgr.consensu.org platform-api.sharethis.com
1 fortinetblog-1.disqus.com www.fortinet.com
1 www.googletagmanager.com www.fortinet.com
1 buttons-config.sharethis.com platform-api.sharethis.com
1 platform-api.sharethis.com www.fortinet.com
37 21
Subject Issuer Validity Valid
www.fortinet.com
DigiCert SHA2 High Assurance Server CA
2016-04-27 -
2019-05-02
3 years crt.sh
*.sharethis.com
DigiCert SHA2 Secure Server CA
2018-02-14 -
2019-02-14
a year crt.sh
assets.adobedtm.com
DigiCert SHA2 High Assurance Server CA
2018-04-06 -
2019-04-11
a year crt.sh
*.google-analytics.com
Google Internet Authority G3
2018-08-07 -
2018-10-16
2 months crt.sh
*.demdex.net
DigiCert SHA2 High Assurance Server CA
2018-01-09 -
2021-02-12
3 years crt.sh
*.disqus.com
DigiCert SHA2 Secure Server CA
2018-03-28 -
2020-04-27
2 years crt.sh
*.sharethis.mgr.consensu.org
DigiCert ECC Secure Server CA
2018-07-31 -
2019-07-31
a year crt.sh
*.adroll.com
DigiCert SHA2 Secure Server CA
2018-02-14 -
2019-02-14
a year crt.sh
ssl565697.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2
2018-04-29 -
2018-11-05
6 months crt.sh
*.sc.omtrdc.net
DigiCert SHA2 High Assurance Server CA
2016-05-04 -
2019-05-23
3 years crt.sh
*.tt.omtrdc.net
DigiCert SHA2 High Assurance Server CA
2017-10-19 -
2020-11-25
3 years crt.sh
*.terminus.services
Amazon
2018-01-17 -
2019-02-17
a year crt.sh
f.ssl.fastly.net
GlobalSign Organization Validation CA - SHA256 - G2
2017-10-27 -
2018-09-03
10 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2017-12-15 -
2019-03-22
a year crt.sh

This page contains 4 frames:

Primary Page: https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Frame ID: F7536E1C7CE8AEBEAABDCDEF5245A842
Requests: 36 HTTP requests in this frame

Frame: https://c.sharethis.mgr.consensu.org/v1.0/cmp/portal.html
Frame ID: 894790646BD22B20B873E1C94A3435F6
Requests: 1 HTTP requests in this frame

Frame: https://fortinet.demdex.net/dest5.html?d_nsid=0
Frame ID: 13917AC99C4CE7DDEBC21D12DBF3946B
Requests: 1 HTTP requests in this frame

Frame: https://disqus.com/embed/comments/?base=default&f=fortinetblog-1&t_i=%2Fcontent%2Ffortinet-blog%2Fus%2Fen%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines&t_u=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines.html&t_d=Hussarini%20%E2%80%93%20Targeted%20Cyber%20Attack%20in%20the%20Philippines&t_t=Hussarini%20%E2%80%93%20Targeted%20Cyber%20Attack%20in%20the%20Philippines&s_o=default
Frame ID: 6611CD5A540D4A23CF6C8805F572E85C
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

Overall confidence: 100%
Detected patterns
  • script /(?:a|s)\.adroll\.com/i
  • env /^adroll_/i

Overall confidence: 100%
Detected patterns
  • env /^DISQUS/i

Overall confidence: 100%
Detected patterns
  • env /^google_tag_manager$/i

Overall confidence: 100%
Detected patterns
  • script /\/s[_-]code.*\.js/i
  • env /^s_(?:account|objectID|code|INST)$/i


Overall confidence: 100%
Detected patterns
  • env /^jQuery$/i

Page Statistics

37
Requests

100 %
HTTPS

15 %
IPv6

13
Domains

21
Subdomains

20
IPs

4
Countries

773 kB
Transfer

2008 kB
Size

11
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 24
  • https://cm.everesttech.net/cm/dd?d_uuid=13315129411677250713862547455693533857 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=W3nW6wAABqWXkjx0
Request Chain 27
  • https://l.sharethis.com/pview?event=pview&version=st_sop.js&lang=en&fpc=4e8ce6e-16553ef85f8-63a07274-1&sessionID=1534711531000.93931&hostname=www.fortinet.com&location=%2Fblog%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines.html&product=sticky-share-buttons&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines.html&sharURL=&buttonType=&destination=&source=&st_optout=false&title=Hussarini%20%E2%80%93%20Targeted%20Cyber%20Attack%20in%20the%20Philippines&publisher=5977d47080bb1d0011ab6d8f&ts1534711531001=&sop=true HTTP 301
  • https://l.sharethis.com/sc?cm=ZGAO5Vt51usAAAATWNzCAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines.html

37 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Cookie set hussarini---targeted-cyber-attack-in-the-philippines.html
www.fortinet.com/blog/threat-research/
44 KB
12 KB
Document
General
Full URL
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.9.90.207 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-9-90-207.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
229f750e90c5addc8fc2535e9d6f94b6c7311cdcdf625e7b8467f09a07aa3a01
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Host
www.fortinet.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
F7536E1C7CE8AEBEAABDCDEF5245A842

Response headers

Accept-Ranges
bytes
Cache-control
no-cache="set-cookie"
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Sun, 19 Aug 2018 20:45:30 GMT
ETag
"b0fb-573cf96ccd6e6-gzip"
Last-Modified
Sun, 19 Aug 2018 20:25:08 GMT
Server
Apache
Set-Cookie
AWSELB=ADCDE3710804DABF75CED0801727222EF3B4A37C023FF8BEFBFD987A1DBE1445802E10384550E929CF0EB3F36AE521B6558D88F20AE6B83F6A793D5811CBF02FABAD38FA4B;PATH=/;MAX-AGE=900
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Vary
Accept-Encoding,User-Agent
X-Frame-Options
SAMEORIGIN
Content-Length
11515
Connection
keep-alive
clientlib-base.min.css
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/
211 KB
17 KB
Stylesheet
General
Full URL
https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.css
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.9.90.207 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-9-90-207.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
31ad41eb429a056fb28e89d8c140e7c439ab1f4e72b79a6df23f73d8db433919
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.fortinet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/css,*/*;q=0.1
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Cookie
AWSELB=ADCDE3710804DABF75CED0801727222EF3B4A37C023FF8BEFBFD987A1DBE1445802E10384550E929CF0EB3F36AE521B6558D88F20AE6B83F6A793D5811CBF02FABAD38FA4B
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:45:30 GMT
Content-Encoding
gzip
Last-Modified
Wed, 15 Aug 2018 17:13:04 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
ETag
"34a57-5737c7083d1e9-gzip"
Vary
Accept-Encoding,User-Agent
Connection
keep-alive
Content-Type
text/css
Cache-Control
max-age=604800, public
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Accept-Ranges
bytes
Content-Length
16743
sharethis.js
platform-api.sharethis.com/js/
134 KB
49 KB
Script
General
Full URL
https://platform-api.sharethis.com/js/sharethis.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.219.46 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-219-46.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
9b371a8db8abe7f7f71cec6aa5aa013ceabe949d8ef311ae255debb4297a9c99

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:45:30 GMT
Content-Encoding
gzip
ETag
W/"217a3-h/YdvKciMy3vd/BkUGfREQ"
Vary
Accept-Encoding
Access-Control-Allow-Methods
DELETE, GET, HEAD, OPTIONS, POST, PUT
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=3600
Connection
keep-alive
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
Content-Length
49616
satelliteLib-32b0117a6a1b1e07ce775d6f834af5718192ddf1.js
assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/
135 KB
40 KB
Script
General
Full URL
https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/satelliteLib-32b0117a6a1b1e07ce775d6f834af5718192ddf1.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
d6722d70ee2eeecc81a1424a4a1a6ef145369162a6cf5285ecfc122f79e1af97

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:45:30 GMT
Content-Encoding
gzip
Last-Modified
Thu, 16 Aug 2018 21:17:40 GMT
Server
Apache
ETag
"44535ad2e5d8393acc9c64001139dde3:1534454260"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*, *
Content-Length
40080
Expires
Sun, 19 Aug 2018 21:45:30 GMT
fortinet-logo-white.svg
www.fortinet.com/content/dam/fortinet-blog/
32 KB
2 KB
Image
General
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/fortinet-logo-white.svg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.9.90.207 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-9-90-207.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.fortinet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Cookie
AWSELB=ADCDE3710804DABF75CED0801727222EF3B4A37C023FF8BEFBFD987A1DBE1445802E10384550E929CF0EB3F36AE521B6558D88F20AE6B83F6A793D5811CBF02FABAD38FA4B; __unam=4e8ce6e-16553ef85f8-63a07274-1; AMCV_ED8739F75677FE917F000101%40AdobeOrg=-330454231%7CMCIDTS%7C17763%7CvVersion%7C3.1.2; check=true; mbox=session#46f2c4e54cc94f0a86d60b00566aaea2#1534713392
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:45:31 GMT
Content-Encoding
gzip
Last-Modified
Wed, 15 Aug 2018 17:13:05 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
ETag
"7ebb-5737c70917627-gzip"
Vary
Accept-Encoding,User-Agent
Connection
keep-alive
Content-Type
image/svg+xml
Cache-Control
max-age=604800, public
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Accept-Ranges
bytes
Content-Length
1998
clientlib-base.min.js
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/
164 KB
53 KB
Script
General
Full URL
https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.9.90.207 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-9-90-207.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
0b6043877e5dd01857f2e94cb94b6c4b7157a088277d0f59a15a9ed9917c9c87
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.fortinet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
*/*
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Cookie
AWSELB=ADCDE3710804DABF75CED0801727222EF3B4A37C023FF8BEFBFD987A1DBE1445802E10384550E929CF0EB3F36AE521B6558D88F20AE6B83F6A793D5811CBF02FABAD38FA4B
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:45:31 GMT
Content-Encoding
gzip
Last-Modified
Wed, 15 Aug 2018 17:13:04 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
ETag
"28ff0-5737c7086bc04-gzip"
Vary
Accept-Encoding,User-Agent
Connection
keep-alive
Content-Type
application/javascript
Cache-Control
max-age=604800, public
transfer-encoding
chunked
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Accept-Ranges
bytes
5977d47080bb1d0011ab6d8f.js
buttons-config.sharethis.com/js/
444 B
865 B
Script
General
Full URL
https://buttons-config.sharethis.com/js/5977d47080bb1d0011ab6d8f.js
Requested by
Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
104.111.219.46 Amsterdam, Netherlands, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a104-111-219-46.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
7f0daa7591ef2b42b26dd9d39102440c242e7fd798e7898a620e5489d67ec73e

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:45:31 GMT
Last-Modified
Tue, 16 Jan 2018 20:14:52 GMT
Server
AmazonS3
x-amz-request-id
30389A7BEC8F4F13
ETag
"6167cc13570c31ffc1713616a6fb087d"
Content-Type
text/javascript
Cache-Control
public, max-age=60
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
444
x-amz-id-2
EEuYAjexJMW2wudV3DIl+nCjz3+EAqEDpw+ZXw7bT9fpNejB5vqxEwcm8nCdjRKpUjJWn3L8jgo=
gtm.js
www.googletagmanager.com/
67 KB
24 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-NBSLLPJ
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a00:1450:4001:81a::2008 , Ireland, ASN15169 (GOOGLE - Google LLC, US),
Reverse DNS
Software
Google Tag Manager (scaffolding) /
Resource Hash
4ce9ed609fccf877301edf2571eb3b7125706ed8f39e5f61ab8a794cd4a975de
Security Headers
Name Value
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 19 Aug 2018 20:45:31 GMT
content-encoding
gzip
server
Google Tag Manager (scaffolding)
access-control-allow-headers
Cache-Control
status
200
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
http://www.googletagmanager.com
cache-control
private, max-age=900
access-control-allow-credentials
true
alt-svc
quic=":443"; ma=2592000; v="44,43,39,35"
content-length
24151
x-xss-protection
1; mode=block
expires
Sun, 19 Aug 2018 20:45:31 GMT
id
dpm.demdex.net/
367 B
1 KB
XHR
General
Full URL
https://dpm.demdex.net/id?d_visid_ver=3.1.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1534711531056
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/satelliteLib-32b0117a6a1b1e07ce775d6f834af5718192ddf1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.17.182.129 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-17-182-129.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
19d0b4b1fd0dc7f07b2de35cbe470fa7d0be645b93f19b059f82410453fd0013

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Origin
https://www.fortinet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
irl1-prod-dcs-0c237e8bd.edge-irl1.demdex.com 5.36.2.20180809152735 4ms
Pragma
no-cache
Content-Encoding
gzip
X-TID
4DRWx+jBTyA=
Vary
Origin, Accept-Encoding, User-Agent
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://www.fortinet.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
305
Expires
Thu, 01 Jan 1970 00:00:00 GMT
mbox-contents-081c7224345c702ebcf6ef22d3b7449ec11ce42d.js
assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/
72 KB
26 KB
Script
General
Full URL
https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/mbox-contents-081c7224345c702ebcf6ef22d3b7449ec11ce42d.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/satelliteLib-32b0117a6a1b1e07ce775d6f834af5718192ddf1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
13f9871faf609461bb6206bfa6d9f987e80805137f54655e19177cb52fb3d016

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Intervention
<https://www.chromestatus.com/feature/5718547946799104>; level="warning"

Response headers

Date
Sun, 19 Aug 2018 20:45:31 GMT
Content-Encoding
gzip
Last-Modified
Thu, 16 Aug 2018 21:17:40 GMT
Server
Apache
ETag
"12042a5e77e5e1f1023020ffebee8b4b:1534454260"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*, *
Content-Length
26562
Expires
Sun, 19 Aug 2018 21:45:31 GMT
truncated
/
71 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/png
new-ransomware-follows-wannacry-exploits.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/individual-images/
132 KB
132 KB
Image
General
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-images/individual-images/new-ransomware-follows-wannacry-exploits.png.thumb.319.319.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.9.90.207 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-9-90-207.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
5d531df9b9835ac329dc5aad30daefe5ebb2b93ca912ab20b6e763bf77d888ba
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.fortinet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Cookie
AWSELB=ADCDE3710804DABF75CED0801727222EF3B4A37C023FF8BEFBFD987A1DBE1445802E10384550E929CF0EB3F36AE521B6558D88F20AE6B83F6A793D5811CBF02FABAD38FA4B; __unam=4e8ce6e-16553ef85f8-63a07274-1; AMCV_ED8739F75677FE917F000101%40AdobeOrg=-330454231%7CMCIDTS%7C17763%7CvVersion%7C3.1.2; check=true; mbox=session#46f2c4e54cc94f0a86d60b00566aaea2#1534713392
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:45:31 GMT
Last-Modified
Wed, 15 Aug 2018 19:06:21 GMT
Server
Apache
ETag
"21074-5737e05a656f8"
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
image/png
Cache-Control
max-age=604800, public
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Accept-Ranges
bytes
Content-Length
135284
a_deep_dive_analysis_of_fallchill_remote_admin_tool.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/individual-images/
12 KB
12 KB
Image
General
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-images/individual-images/a_deep_dive_analysis_of_fallchill_remote_admin_tool.png.thumb.319.319.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.9.90.207 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-9-90-207.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
910ab43f73b6073142379650feb6de6f77744c9a418754fab9e8c71b12065c10
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.fortinet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Cookie
AWSELB=ADCDE3710804DABF75CED0801727222EF3B4A37C023FF8BEFBFD987A1DBE1445802E10384550E929CF0EB3F36AE521B6558D88F20AE6B83F6A793D5811CBF02FABAD38FA4B; __unam=4e8ce6e-16553ef85f8-63a07274-1; AMCV_ED8739F75677FE917F000101%40AdobeOrg=-330454231%7CMCIDTS%7C17763%7CvVersion%7C3.1.2; check=true; mbox=session#46f2c4e54cc94f0a86d60b00566aaea2#1534713392
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:45:31 GMT
Last-Modified
Wed, 15 Aug 2018 17:34:11 GMT
Server
Apache
ETag
"3022-5737cbc0ebd93"
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
image/png
Cache-Control
max-age=604800, public
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Accept-Ranges
bytes
Content-Length
12322
rehashed-rat-in-apt-campaign-against-vietnamese-organizations.jpg.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/individual-images/
125 KB
126 KB
Image
General
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-images/individual-images/rehashed-rat-in-apt-campaign-against-vietnamese-organizations.jpg.thumb.319.319.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.9.90.207 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-9-90-207.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
9adb1961521d9a92ee99cbfc4031784b655a821931ebdfcb602e0c42ce3756af
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.fortinet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Cookie
AWSELB=ADCDE3710804DABF75CED0801727222EF3B4A37C023FF8BEFBFD987A1DBE1445802E10384550E929CF0EB3F36AE521B6558D88F20AE6B83F6A793D5811CBF02FABAD38FA4B; __unam=4e8ce6e-16553ef85f8-63a07274-1; AMCV_ED8739F75677FE917F000101%40AdobeOrg=-330454231%7CMCIDTS%7C17763%7CvVersion%7C3.1.2; check=true; mbox=session#46f2c4e54cc94f0a86d60b00566aaea2#1534713392
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:45:31 GMT
Last-Modified
Thu, 16 Aug 2018 01:36:23 GMT
Server
Apache
ETag
"1f4ad-573837887b9ef"
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
image/png
Cache-Control
max-age=604800, public
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Accept-Ranges
bytes
Content-Length
128173
huss_01.png
www.fortinet.com/content/dam/fortinet-blog/article-images/hussarini_targeted_cyber_attack-/
24 KB
25 KB
Image
General
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-images/hussarini_targeted_cyber_attack-/huss_01.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.9.90.207 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-9-90-207.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
7f6185c8b0e6ffe5a06775b931d75bdaabd830458ca41f58dddfafbc97c38185
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Request headers

Pragma
no-cache
Accept-Encoding
gzip, deflate
Host
www.fortinet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
image/webp,image/apng,image/*,*/*;q=0.8
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Cookie
AWSELB=ADCDE3710804DABF75CED0801727222EF3B4A37C023FF8BEFBFD987A1DBE1445802E10384550E929CF0EB3F36AE521B6558D88F20AE6B83F6A793D5811CBF02FABAD38FA4B; __unam=4e8ce6e-16553ef85f8-63a07274-1; AMCV_ED8739F75677FE917F000101%40AdobeOrg=-330454231%7CMCIDTS%7C17763%7CvVersion%7C3.1.2; check=true; mbox=session#46f2c4e54cc94f0a86d60b00566aaea2#1534713392
Connection
keep-alive
Cache-Control
no-cache
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:45:31 GMT
Last-Modified
Wed, 15 Aug 2018 18:24:01 GMT
Server
Apache
ETag
"60b0-5737d6e49ac3b"
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
image/png
Cache-Control
max-age=604800, public
Strict-Transport-Security
max-age=63072000; includeSubDomains; preload
Accept-Ranges
bytes
Content-Length
24752
embed.js
fortinetblog-1.disqus.com/
63 KB
21 KB
Script
General
Full URL
https://fortinetblog-1.disqus.com/embed.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.12.134 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
openresty /
Resource Hash
4655dc60da8e82b5a0a66b47b525d452bf089cda73618322b456c2e9e9e36222
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:45:31 GMT
Content-Encoding
gzip
Server
openresty
Age
5
Vary
Accept-Encoding
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Cache-Control
private, max-age=60
X-Service
router
Strict-Transport-Security
max-age=300; includeSubdomains
Link
<https://disqus.com>; rel=preconnect, <https://c.disquscdn.com>; rel=preconnect
Content-Length
21328
portal.html
c.sharethis.mgr.consensu.org/v1.0/cmp/ Frame 8947
0
0
Document
General
Full URL
https://c.sharethis.mgr.consensu.org/v1.0/cmp/portal.html
Requested by
Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server
2.16.186.146 , European Union, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
a2-16-186-146.deploy.static.akamaitechnologies.com
Software
/
Resource Hash

Request headers

Host
c.sharethis.mgr.consensu.org
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
F7536E1C7CE8AEBEAABDCDEF5245A842
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html

Response headers

Accept-Ranges
bytes
Access-Control-Allow-Headers
Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Methods
DELETE, GET, HEAD, OPTIONS, POST, PUT
Access-Control-Allow-Origin
*
Content-Type
text/html; charset=UTF-8
ETag
W/"26b-4977387000"
Last-Modified
Tue, 01 Jan 1980 00:00:00 GMT
Vary
Accept-Encoding
Content-Length
619
Cache-Control
public, max-age=600
Date
Sun, 19 Aug 2018 20:45:31 GMT
Connection
keep-alive
roundtrip.js
s.adroll.com/j/
29 KB
10 KB
Script
General
Full URL
https://s.adroll.com/j/roundtrip.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NBSLLPJ
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.233.40 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-233-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
e65cf5108c80dca04640eb55670754edbda09df69d96b1c5308dd7aae16e5ae8

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

x-amz-version-id
3983yvQiUeJIC76cHdWZACuajrAAM2fQ
Content-Encoding
gzip
ETag
"3771366c85ecd7d661479d8467c1d272"
x-amz-request-id
19E007E4E2EAE795
x-amz-server-side-encryption
AES256
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
9469
x-amz-id-2
8nVI1PpwzJeec8aJgN+RINN9UirB6U966QNMZO8fbQGvW6lWTwpH4RcgC6kJG3BZbIeM+6KWFmo=
Last-Modified
Thu, 02 Aug 2018 22:24:55 GMT
Server
AmazonS3
Date
Sun, 19 Aug 2018 20:45:31 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=300, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
7OBVBCAQE5FHDPFEAD5T4D
d.adroll.com/consent/check/
35 B
195 B
Script
General
Full URL
https://d.adroll.com/consent/check/7OBVBCAQE5FHDPFEAD5T4D?_s=6cce33b261a4dff61342ad4188765e81
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.217.252.98 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-54-217-252-98.eu-west-1.compute.amazonaws.com
Software
nginx/1.12.1 /
Resource Hash
8e1e0966b4257e4b292f4a3f03bcb0e235daae15964a0ab22d1176fee2da1e73

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:45:31 GMT
Server
nginx/1.12.1
Connection
keep-alive
Content-Length
35
Content-Type
application/javascript
lounge.fda8427fde61b6f55d19bcd47d8c54b0.css
c.disquscdn.com/next/embed/styles/
99 KB
19 KB
Stylesheet
General
Full URL
https://c.disquscdn.com/next/embed/styles/lounge.fda8427fde61b6f55d19bcd47d8c54b0.css
Requested by
Host: fortinetblog-1.disqus.com
URL: https://fortinetblog-1.disqus.com/embed.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::6810:4fa6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
fbf5d901393f5552a007fe5e20ae88c5b8d09a5ae1b972a398d3218e9b013a09
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 19 Aug 2018 20:45:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
status
200
strict-transport-security
max-age=300; includeSubdomains
content-length
19061
x-xss-protection
1; mode=block
timing-allow-origin
*
last-modified
Fri, 10 Aug 2018 23:38:57 GMT
server
cloudflare
fastly-debug-digest
b0b057f5f589562c68db995740e80deb923167a1f09065d1396852e651436f1b
etag
"5b6e2211-4a75"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
cf-ray
44cf76ddeba796a0-FRA
expires
Mon, 12 Aug 2019 18:38:21 GMT
common.bundle.e63a160a6bfb2f2953b5059c50baaf15.js
c.disquscdn.com/next/embed/
242 KB
81 KB
Script
General
Full URL
https://c.disquscdn.com/next/embed/common.bundle.e63a160a6bfb2f2953b5059c50baaf15.js
Requested by
Host: fortinetblog-1.disqus.com
URL: https://fortinetblog-1.disqus.com/embed.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::6810:4fa6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
b58042b3caa084f224cc60cb8aa59b30b4219dbc797d2084ffe095e94d2a221a
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 19 Aug 2018 20:45:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
status
200
strict-transport-security
max-age=300; includeSubdomains
content-length
82692
x-xss-protection
1; mode=block
timing-allow-origin
*
last-modified
Tue, 31 Jul 2018 22:23:46 GMT
server
cloudflare
fastly-debug-digest
bd8ba0469cb199f6986186933efa1473af5ff288ff29039c1feb7332871058c9
etag
"5b60e172-14304"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
cf-ray
44cf76ddeba896a0-FRA
expires
Thu, 01 Aug 2019 00:05:08 GMT
lounge.bundle.d9de07e390c24c083ffd3c2c531d3ebf.js
c.disquscdn.com/next/embed/
360 KB
94 KB
Script
General
Full URL
https://c.disquscdn.com/next/embed/lounge.bundle.d9de07e390c24c083ffd3c2c531d3ebf.js
Requested by
Host: fortinetblog-1.disqus.com
URL: https://fortinetblog-1.disqus.com/embed.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::6810:4fa6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
e77d1cca37b1fdf7d24b674dab4a639286ef3f7ffe2d4b7a72e70d5d6bcc5bd7
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 19 Aug 2018 20:45:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
status
200
strict-transport-security
max-age=300; includeSubdomains
content-length
95587
x-xss-protection
1; mode=block
timing-allow-origin
*
last-modified
Tue, 14 Aug 2018 23:13:01 GMT
server
cloudflare
fastly-debug-digest
1ae910ba9efd9b4004323493e3629dde07f55420c7f4a29e23afa9f2288aa39b
etag
"5b7361fd-17563"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
cf-ray
44cf76ddeba996a0-FRA
expires
Thu, 15 Aug 2019 04:43:49 GMT
config.js
disqus.com/next/
5 KB
3 KB
Script
General
Full URL
https://disqus.com/next/config.js
Requested by
Host: fortinetblog-1.disqus.com
URL: https://fortinetblog-1.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.128.134 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
3eaf5886f85c6f2592611b9bb3d6fcff29e3cebad3af2846f2b157714c8e4e86
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:45:31 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Age
10
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
2375
X-XSS-Protection
1; mode=block
Server
nginx
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=300; includeSubdomains
Content-Type
application/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, stale-while-revalidate=300, s-stalewhilerevalidate=3600, max-age=60
Timing-Allow-Origin
*
Cookie set dest5.html
fortinet.demdex.net/ Frame 1391
0
0
Document
General
Full URL
https://fortinet.demdex.net/dest5.html?d_nsid=0
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/satelliteLib-32b0117a6a1b1e07ce775d6f834af5718192ddf1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.214.151.124 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-214-151-124.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash

Request headers

Host
fortinet.demdex.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Accept-Encoding
gzip, deflate
Cookie
demdex=13315129411677250713862547455693533857
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
F7536E1C7CE8AEBEAABDCDEF5245A842
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=21600
Content-Encoding
gzip
Content-Type
text/html
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified
Sun, 19 Aug 2018 20:38:43 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Set-Cookie
demdex=13315129411677250713862547455693533857;Path=/;Domain=.demdex.net;Expires=Fri, 15-Feb-2019 20:45:31 GMT;Max-Age=15552000
Vary
Accept-Encoding, User-Agent
X-TID
KWGWnE2cSqU=
Content-Length
2766
Connection
keep-alive
id
fortinetinc.sc.omtrdc.net/
3 B
530 B
XHR
General
Full URL
https://fortinetinc.sc.omtrdc.net/id?d_visid_ver=3.1.2&d_fieldgroup=A&mcorgid=ED8739F75677FE917F000101%40AdobeOrg&mid=13680672726687036233827114561900745513&ts=1534711531178
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/satelliteLib-32b0117a6a1b1e07ce775d6f834af5718192ddf1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
172.82.228.19 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
*.sc.omtrdc.net
Software
Omniture DC/2.0.0 /
Resource Hash
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Origin
https://www.fortinet.com
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Date
Sun, 19 Aug 2018 20:45:31 GMT
X-Content-Type-Options
nosniff
Server
Omniture DC/2.0.0
xserver
www268
Vary
Origin
Access-Control-Allow-Methods
GET, POST, DELETE
P3P
CP="This is not a P3P policy"
Access-Control-Allow-Origin
https://www.fortinet.com
Cache-Control
no-cache, no-store, max-age=0, no-transform, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/x-javascript
Content-Length
3
X-XSS-Protection
1; mode=block
X-C
ms-6.4.0
ibs:dpid=411&dpuuid=W3nW6wAABqWXkjx0
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=13315129411677250713862547455693533857
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=W3nW6wAABqWXkjx0
42 B
763 B
Image
General
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=W3nW6wAABqWXkjx0
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.17.182.129 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-52-17-182-129.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

DCS
irl1-prod-dcs-fae0076c.edge-irl1.demdex.com 5.36.2.20180809152735 3ms
Pragma
no-cache
X-TID
Wbf4DSrsTyM=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
42
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date
Sun, 19 Aug 2018 20:45:30 GMT
Server
AMO-cookiemap/1.1
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=W3nW6wAABqWXkjx0
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=15,max=100
Content-Length
0
json
fortinet.tt.omtrdc.net/m2/fortinet/mbox/
97 B
331 B
XHR
General
Full URL
https://fortinet.tt.omtrdc.net/m2/fortinet/mbox/json?mbox=target-global-mbox&mboxSession=46f2c4e54cc94f0a86d60b00566aaea2&mboxPC=&mboxPage=41881650a0fa470ba23745ed99cd3072&mboxRid=b1674baa460042f3b7bdda21501732d5&mboxVersion=1.3.0&mboxCount=1&mboxTime=1534711531084&mboxHost=www.fortinet.com&mboxURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines.html&mboxReferrer=&browserHeight=1200&browserWidth=1600&browserTimeOffset=0&screenHeight=1200&screenWidth=1600&colorDepth=24&mboxMCSDID=3D35F2B43546E52B-0B5746CF39A37D3E&vst.trk=fortinetinc.sc.omtrdc.net&vst.trks=fortinetinc.sc.omtrdc.net&mboxMCGVID=13680672726687036233827114561900745513&mboxAAMB=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/mbox-contents-081c7224345c702ebcf6ef22d3b7449ec11ce42d.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
66.117.29.4 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
Software
/
Resource Hash
790bad7983be1b09d41d62fdbb46da9293ac770eb41d1bf1009e54d4be2fe9b3

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Origin
https://www.fortinet.com

Response headers

pragma
no-cache
date
Sun, 19 Aug 2018 20:45:30 GMT
status
200
vary
Origin
content-type
application/json;charset=UTF-8
access-control-allow-origin
https://www.fortinet.com
cache-control
no-cache
access-control-allow-credentials
true
timing-allow-origin
*
content-length
97
x-application-context
edge:prod,prod-prod26,prod-prod26-app,prod26:11180
/
disqus.com/embed/comments/ Frame 6611
0
0
Document
General
Full URL
https://disqus.com/embed/comments/?base=default&f=fortinetblog-1&t_i=%2Fcontent%2Ffortinet-blog%2Fus%2Fen%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines&t_u=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines.html&t_d=Hussarini%20%E2%80%93%20Targeted%20Cyber%20Attack%20in%20the%20Philippines&t_t=Hussarini%20%E2%80%93%20Targeted%20Cyber%20Attack%20in%20the%20Philippines&s_o=default
Requested by
Host: fortinetblog-1.disqus.com
URL: https://fortinetblog-1.disqus.com/embed.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.128.134 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src https://*.twitter.com:* https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ 'unsafe-inline' https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ https://apis.google.com https://disqus.com
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Host
disqus.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Accept-Encoding
gzip, deflate
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
X-DevTools-Emulate-Network-Conditions-Client-Id
F7536E1C7CE8AEBEAABDCDEF5245A842
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html

Response headers

Server
nginx
Content-Security-Policy
script-src https://*.twitter.com:* https://a.disquscdn.com https://c.disquscdn.com c.disquscdn.com https://*.services.disqus.com:* https://cdn.boomtrain.com/p13n/ 'unsafe-inline' https://cdn.syndication.twimg.com/tweets.json https://connect.facebook.net/en_US/sdk.js https://referrer.disqus.com/juggler/ https://apis.google.com https://disqus.com
Link
<https://c.disquscdn.com>;rel=preconnect,<https://c.disquscdn.com>;rel=dns-prefetch
Cache-Control
stale-if-error=3600, s-stalewhilerevalidate=3600, stale-while-revalidate=30, no-cache, must-revalidate, public, s-maxage=5
p3p
CP="DSP IDC CUR ADM DELi STP NAV COM UNI INT PHY DEM"
Timing-Allow-Origin
*
X-Content-Type-Options
nosniff
X-XSS-Protection
1; mode=block
Content-Type
text/html; charset=utf-8
Last-Modified
Mon, 09 Jul 2018 08:47:13 GMT
ETag
W/"lounge:view:6780376612.f8d0d365a09a8403f2d678a4460466b0.2"
Content-Encoding
gzip
Content-Length
2796
Date
Sun, 19 Aug 2018 20:45:31 GMT
Age
0
Connection
keep-alive
Vary
Accept-Encoding
Strict-Transport-Security
max-age=300; includeSubdomains
sc
l.sharethis.com/
Redirect Chain
  • https://l.sharethis.com/pview?event=pview&version=st_sop.js&lang=en&fpc=4e8ce6e-16553ef85f8-63a07274-1&sessionID=1534711531000.93931&hostname=www.fortinet.com&location=%2Fblog%2Fthreat-research%2Fh...
  • https://l.sharethis.com/sc?cm=ZGAO5Vt51usAAAATWNzCAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines.html
0
-1 B
XHR
General
Full URL
https://l.sharethis.com/sc?cm=ZGAO5Vt51usAAAATWNzCAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines.html
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.196.241.5 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-196-241-5.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:45:31 GMT
Access-Control-Allow-Origin
https://www.fortinet.com
Access-Control-Max-Age
1728000
P3p
policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Location
/sc?cm=ZGAO5Vt51usAAAATWNzCAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines.html
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Headers
*
Content-Length
207
Stid
ZGAO5Vt51usAAAATWNzCAw==

Redirect headers

Date
Sun, 19 Aug 2018 20:45:31 GMT
Access-Control-Allow-Origin
https://www.fortinet.com
Access-Control-Max-Age
1728000
P3p
policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Location
/sc?cm=ZGAO5Vt51usAAAATWNzCAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines.html
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Access-Control-Allow-Headers
*
Content-Length
207
Stid
ZGAO5Vt51usAAAATWNzCAw==
sc
l.sharethis.com/
51 B
474 B
XHR
General
Full URL
https://l.sharethis.com/sc?cm=ZGAO5Vt51usAAAATWNzCAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines.html
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.196.241.5 Cambridge, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
ec2-18-196-241-5.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
b9daa994e0e9c48c88897f4a4c2fc2de47f41f23c1af7cfeb666e58cb72af36f

Request headers

X-DevTools-Emulate-Network-Conditions-Client-Id
F7536E1C7CE8AEBEAABDCDEF5245A842
Origin
https://www.fortinet.com
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:45:31 GMT
Access-Control-Max-Age
1728000
Content-Type
text/plain; charset=utf-8
Access-Control-Allow-Origin
https://www.fortinet.com
Access-Control-Expose-Headers
stid
Cache-Control
no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials
true
Connection
keep-alive
Stid
ZGAO5Vt51usAAAATWNzCAw==
Access-Control-Allow-Headers
*
Content-Length
51
s-code-contents-678d604999b9203058dbe982c7a7ddbf795bb1f4.js
assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/
34 KB
13 KB
Script
General
Full URL
https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/s-code-contents-678d604999b9203058dbe982c7a7ddbf795bb1f4.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/satelliteLib-32b0117a6a1b1e07ce775d6f834af5718192ddf1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
e6f6d66459cdaf4ccd8b6a49546f78a77215acef509b0c771738e5c93ddfc2e9

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:45:31 GMT
Content-Encoding
gzip
Last-Modified
Thu, 16 Aug 2018 21:17:40 GMT
Server
Apache
ETag
"ac82a81e88b9df1be1b1053ef751f92e:1534454260"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*, *, *
Content-Length
13207
Expires
Sun, 19 Aug 2018 21:45:31 GMT
satellite-59ceae2064746d21fe0037dd.js
assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/scripts/
1 KB
901 B
Script
General
Full URL
https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/scripts/satellite-59ceae2064746d21fe0037dd.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/satelliteLib-32b0117a6a1b1e07ce775d6f834af5718192ddf1.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2.18.232.23 , European Union, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS
a2-18-232-23.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
24038492cb3d19fef34ce0a9bc55033f3030c04eeea97a93c22b2ec8914c1316

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:45:31 GMT
Content-Encoding
gzip
Last-Modified
Thu, 16 Aug 2018 21:17:40 GMT
Server
Apache
ETag
"d8619d86a5e27900726ec96a76ead3cc:1534454260"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=3600
Connection
keep-alive
Accept-Ranges
bytes
Timing-Allow-Origin
*, *
Content-Length
459
Expires
Sun, 19 Aug 2018 21:45:31 GMT
get_counts
count-server.sharethis.com/v2.0/
373 B
429 B
Script
General
Full URL
https://count-server.sharethis.com/v2.0/get_counts?cb=window.__sharethis__.cb3&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines.html&refDomain=www.fortinet.com&sop=true
Requested by
Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.71.155.233 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS
ec2-52-71-155-233.compute-1.amazonaws.com
Software
/
Resource Hash
ecde1397bf9f358424cf678f9031166acf9580070945b1ab1dd692aa87b715f0

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:45:31 GMT
Content-Encoding
gzip
Connection
keep-alive
Content-Length
272
Content-Type
application/json
truncated
/
42 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Response headers

Access-Control-Allow-Origin
*
Content-Type
image/gif
t.js
vidassets.terminus.services/a01961d7-dcca-4b51-8e61-d0a209a6967f/
0
0
Script
General
Full URL
https://vidassets.terminus.services/a01961d7-dcca-4b51-8e61-d0a209a6967f/t.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NBSLLPJ
Protocol
SPDY
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.32.223.54 Seattle, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS
server-13-32-223-54.fra56.r.cloudfront.net
Software
/
Resource Hash

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

cache-control
public, s-maxage=900
content-type
application/json
s22236289013217
fortinetinc.sc.omtrdc.net/b/ss/fortinetincproduction/1/JS-2.9.0-D7QN/
43 B
592 B
Image
General
Full URL
https://fortinetinc.sc.omtrdc.net/b/ss/fortinetincproduction/1/JS-2.9.0-D7QN/s22236289013217?AQB=1&ndh=1&pf=1&t=19%2F7%2F2018%2020%3A45%3A31%200%200&sdid=3D35F2B43546E52B-0B5746CF39A37D3E&D=D%3D&mid=13680672726687036233827114561900745513&aamlh=6&ce=UTF-8&g=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines.html&events=event3&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&v1=www.fortinet.com%2Fblog%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines.html&v3=%2B1&c7=Entire%20Site&v27=BLOG&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=ED8739F75677FE917F000101%40AdobeOrg&AQE=1
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
172.82.228.19 Lehi, United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
*.sc.omtrdc.net
Software
Omniture DC/2.0.0 /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

Date
Sun, 19 Aug 2018 20:45:31 GMT
X-Content-Type-Options
nosniff
X-C
ms-6.4.0
P3P
CP="This is not a P3P policy"
Connection
keep-alive
Content-Length
43
X-XSS-Protection
1; mode=block
Pragma
no-cache
Last-Modified
Mon, 20 Aug 2018 20:45:31 GMT
Server
Omniture DC/2.0.0
xserver
www243
ETag
"3295767917306642432-5575457598720812869"
Vary
*
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
no-cache, no-store, max-age=0, no-transform, private
Expires
Sat, 18 Aug 2018 20:45:31 GMT
alfie.f51946af45e0b561c60f768335c9eb79.js
c.disquscdn.com/next/embed/
19 KB
7 KB
Script
General
Full URL
https://c.disquscdn.com/next/embed/alfie.f51946af45e0b561c60f768335c9eb79.js
Requested by
Host: fortinetblog-1.disqus.com
URL: https://fortinetblog-1.disqus.com/embed.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2400:cb00:2048:1::6810:4fa6 , United States, ASN13335 (CLOUDFLARENET - Cloudflare, Inc., US),
Reverse DNS
Software
cloudflare /
Resource Hash
eda8f00e9255746e7620848227aca122053845c9b4a90f1b3e26b4cd99af9e25
Security Headers
Name Value
Strict-Transport-Security max-age=300; includeSubdomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

date
Sun, 19 Aug 2018 20:45:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
status
200
strict-transport-security
max-age=300; includeSubdomains
content-length
6605
x-xss-protection
1; mode=block
timing-allow-origin
*
last-modified
Wed, 07 Mar 2018 01:19:31 GMT
server
cloudflare
fastly-debug-digest
baac760ca1e6f62ea6380d62d4f07b5dfbb97755c19df0448623d4ede950e2e4
etag
"5a9f3e23-19cd"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000, public, immutable, no-transform
cf-ray
44cf76e0ae4796a0-FRA
expires
Thu, 07 Mar 2019 10:59:25 GMT
ping
links.services.disqus.com/api/
294 B
920 B
XHR
General
Full URL
https://links.services.disqus.com/api/ping?format=jsonp&key=cfdfcf52dffd0a702a61bad27507376d&loc=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines.html&subId=5412148&v=1&jsonp=vglnk_jsonp_15347115316360
Requested by
Host: c.disquscdn.com
URL: https://c.disquscdn.com/next/embed/alfie.f51946af45e0b561c60f768335c9eb79.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.64 San Francisco, United States, ASN54113 (FASTLY - Fastly, US),
Reverse DNS
Software
Apache-Coyote/1.1 /
Resource Hash
afbfcc165f15ba92224a2ed67276c9ae6d502c044af05969e59189dfc476fd08

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36
Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Origin
https://www.fortinet.com

Response headers

Pragma
no-cache
Date
Sun, 19 Aug 2018 20:45:31 GMT
Server
Apache-Coyote/1.1
P3P
CP="ALL IND DSP COR CUR ADM TAIo PSDo OUR COM INT NAV PUR STA UNI"
Access-Control-Allow-Origin
https://www.fortinet.com
Cache-Control
no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/javascript;charset=UTF-8
Content-Length
294
Expires
Thu, 01 Jan 1970 00:00:00 GMT
/
graph.facebook.com/
664 B
850 B
Script
General
Full URL
https://graph.facebook.com/?id=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines.html&callback=window.__sharethis__.cb4
Requested by
Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol
SPDY
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
2a03:2880:f01c:800e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),
Reverse DNS
Software
/
Resource Hash
0bbd1d4ce5b88cfd17a79ab434439c2c341dd7730741f781daed18238ba79254
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload

Request headers

Referer
https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.87 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
content-encoding
gzip
etag
"05aeeac2ca96b2535a42f6ee07afe11c218c821d"
x-app-usage
{"call_count":0,"total_cputime":0,"total_time":0}
status
200
x-fb-rev
4226611
content-length
436
pragma
no-cache
x-fb-debug
NDr0GTS96lVYrwRMxrzN7sHwRUJ16QBJwu1dzWT6aIUeHw+vfx6Rfwek+Aj016Bwn6oH/BFANoQH9z9RHyXmEQ==
x-fb-trace-id
FV5y7xUEB3f
date
Sun, 19 Aug 2018 20:45:31 GMT
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, no-cache, no-store, must-revalidate
facebook-api-version
v2.7
expires
Sat, 01 Jan 2000 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

112 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| __stdos__ boolean| tpcCookiesEnableCheckingDone boolean| tpcCookiesEnabledStatus function| __sharethis__docReady object| __sharethis__ boolean| opt_out object| dataLayer function| Visitor object| _satellite object| s_c_il number| s_c_in function| targetPageParams object| adobe object| ___target_traces function| mboxCreate function| mboxDefine function| mboxUpdate function| disqus_config function| postscribe object| google_tag_manager string| adroll_adv_id string| adroll_pix_id boolean| __adroll_loaded string| adroll_sid object| __adroll boolean| adroll_optout object| adroll_ext_network object| adroll_callbacks function| adroll_tpc_callback object| DISQUS boolean| __adroll_consent object| fortinet_blog object| EasyAutocomplete object| search_config object| keywords object| siteId object| lang object| options boolean| searchFired boolean| blogFilter string| documentsQuery string| blogCategories string| authorsList string| yearsList object| lastQuery number| totalReturn number| lastRow object| lastWordsForCounting function| htmlEncode function| hideAutoComplete function| sitesearch_init function| sitesearch_search_callback function| sitesearch_countall_callback function| sitesearch_do_search function| sitesearch_do_force_search function| sitesearch_spellcheck_callback function| sitesearch_do_spellcheck function| sitesearch_do_suggest_search function| sitesearch_query_searchresult_callback function| sitesearch_do_query_searchresult function| sitesearch_click_page_callback function| sitesearch_click_page function| search_action function| sitesearch_search_fortiguard function| count_facets_type function| shuffle_facets function| csCookies object| cookieScriptWindow object| cookieScripts string| cookieScriptSrc function| cookieQuery string| cookieScriptPosition string| cookieScriptSource string| cookieScriptDomain string| cookieScriptReadMore string| cookieId number| cookieScriptDebug boolean| cookieScriptShowBadge string| cookieScriptCurrentUrl string| pagePath string| cookieScriptTitle string| cookieScriptDesc string| cookieScriptAccept string| cookieScriptMore string| cookieScriptCopyrights string| cookieBackground function| setImmediate function| clearImmediate function| $ function| jQuery undefined| Cookies string| cookieScriptReject function| cookieScriptLoadJavaScript function| InjectCookieScript string| cookieScriptStatsDomain function| cookieScriptCreateCookie function| cookieScriptReadCookie function| cookieScriptAddBox object| cookieScriptCurrentValue function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq object| t object| s_i_fortinetincproduction string| vglnk_self function| vl_cB function| vl_disable undefined| vglnk_jsonp_15347115316360 object| vglnk

11 Cookies

Domain/Path Name / Value
.demdex.net/ Name: demdex
Value: 13315129411677250713862547455693533857
.fortinet.com/ Name: s_cc
Value: true
.fortinet.com/ Name: gpv_pn
Value: www.fortinet.com%2Fblog%2Fthreat-research%2Fhussarini---targeted-cyber-attack-in-the-philippines.html
.fortinet.com/ Name: mbox
Value: session#46f2c4e54cc94f0a86d60b00566aaea2#1534713392|PC#46f2c4e54cc94f0a86d60b00566aaea2.26_27#1597956332
.fortinet.com/ Name: AMCV_ED8739F75677FE917F000101%40AdobeOrg
Value: -330454231%7CMCIDTS%7C17763%7CMCMID%7C13680672726687036233827114561900745513%7CMCAAMLH-1535316331%7C6%7CMCAAMB-1535316331%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1534718731s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-17770%7CvVersion%7C3.1.2
www.fortinet.com/ Name: st_shares_https://www.fortinet.com/blog/threat-research/hussarini---targeted-cyber-attack-in-the-philippines.html
Value: [object Object]
www.fortinet.com/blog/threat-research Name: __sharethis_cookie_test__
Value: 1
.fortinet.com/ Name: __unam
Value: 4e8ce6e-16553ef85f8-63a07274-1
.fortinet.com/ Name: AMCVS_ED8739F75677FE917F000101%40AdobeOrg
Value: 1
.fortinet.com/ Name: check
Value: true
www.fortinet.com/ Name: AWSELB
Value: ADCDE3710804DABF75CED0801727222EF3B4A37C023FF8BEFBFD987A1DBE1445802E10384550E929CF0EB3F36AE521B6558D88F20AE6B83F6A793D5811CBF02FABAD38FA4B

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.adobedtm.com
buttons-config.sharethis.com
c.disquscdn.com
c.sharethis.mgr.consensu.org
cm.everesttech.net
count-server.sharethis.com
d.adroll.com
disqus.com
dpm.demdex.net
fortinet.demdex.net
fortinet.tt.omtrdc.net
fortinetblog-1.disqus.com
fortinetinc.sc.omtrdc.net
graph.facebook.com
l.sharethis.com
links.services.disqus.com
platform-api.sharethis.com
s.adroll.com
vidassets.terminus.services
www.fortinet.com
www.googletagmanager.com
104.111.219.46
13.32.223.54
151.101.112.64
151.101.12.134
151.101.128.134
172.82.228.19
18.196.241.5
2.16.186.146
2.18.232.23
2.18.233.40
2400:cb00:2048:1::6810:4fa6
2a00:1450:4001:81a::2008
2a03:2880:f01c:800e:face:b00c:0:2
52.17.182.129
52.214.151.124
52.71.155.233
52.9.90.207
54.217.252.98
66.117.28.86
66.117.29.4
0b6043877e5dd01857f2e94cb94b6c4b7157a088277d0f59a15a9ed9917c9c87
0bbd1d4ce5b88cfd17a79ab434439c2c341dd7730741f781daed18238ba79254
13f9871faf609461bb6206bfa6d9f987e80805137f54655e19177cb52fb3d016
19d0b4b1fd0dc7f07b2de35cbe470fa7d0be645b93f19b059f82410453fd0013
229f750e90c5addc8fc2535e9d6f94b6c7311cdcdf625e7b8467f09a07aa3a01
24038492cb3d19fef34ce0a9bc55033f3030c04eeea97a93c22b2ec8914c1316
31ad41eb429a056fb28e89d8c140e7c439ab1f4e72b79a6df23f73d8db433919
3eaf5886f85c6f2592611b9bb3d6fcff29e3cebad3af2846f2b157714c8e4e86
4655dc60da8e82b5a0a66b47b525d452bf089cda73618322b456c2e9e9e36222
4ce9ed609fccf877301edf2571eb3b7125706ed8f39e5f61ab8a794cd4a975de
5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d
5d531df9b9835ac329dc5aad30daefe5ebb2b93ca912ab20b6e763bf77d888ba
790bad7983be1b09d41d62fdbb46da9293ac770eb41d1bf1009e54d4be2fe9b3
7f0daa7591ef2b42b26dd9d39102440c242e7fd798e7898a620e5489d67ec73e
7f6185c8b0e6ffe5a06775b931d75bdaabd830458ca41f58dddfafbc97c38185
8e1e0966b4257e4b292f4a3f03bcb0e235daae15964a0ab22d1176fee2da1e73
910ab43f73b6073142379650feb6de6f77744c9a418754fab9e8c71b12065c10
9adb1961521d9a92ee99cbfc4031784b655a821931ebdfcb602e0c42ce3756af
9b371a8db8abe7f7f71cec6aa5aa013ceabe949d8ef311ae255debb4297a9c99
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
afbfcc165f15ba92224a2ed67276c9ae6d502c044af05969e59189dfc476fd08
b58042b3caa084f224cc60cb8aa59b30b4219dbc797d2084ffe095e94d2a221a
b9daa994e0e9c48c88897f4a4c2fc2de47f41f23c1af7cfeb666e58cb72af36f
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17
d6722d70ee2eeecc81a1424a4a1a6ef145369162a6cf5285ecfc122f79e1af97
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e65cf5108c80dca04640eb55670754edbda09df69d96b1c5308dd7aae16e5ae8
e6f6d66459cdaf4ccd8b6a49546f78a77215acef509b0c771738e5c93ddfc2e9
e77d1cca37b1fdf7d24b674dab4a639286ef3f7ffe2d4b7a72e70d5d6bcc5bd7
ecde1397bf9f358424cf678f9031166acf9580070945b1ab1dd692aa87b715f0
eda8f00e9255746e7620848227aca122053845c9b4a90f1b3e26b4cd99af9e25
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fbf5d901393f5552a007fe5e20ae88c5b8d09a5ae1b972a398d3218e9b013a09