urlscan.io logo urlscan.io
SecurityTrails logo

help.fortinet.com Open in urlscan Pro
154.52.2.210  Public Scan

Go To Rescan Add Verdict Report
URL: https://help.fortinet.com/fsiem/Public_Resource_Access/7_1_0/rules/PH_RULE_Generic_Password_Dumper_Activity_on_LSASS.htm
Submission: On January 03 via manual from RU — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 2 IPs in 1 countries across 1 domains to perform 2 HTTP transactions. The main IP is 154.52.2.210, located in Frankfurt am Main, Germany and belongs to FORTINET, US. The main domain is help.fortinet.com. The Cisco Umbrella rank of the primary domain is 652414.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on March 15th 2023. Valid for: a year.
This is the only time help.fortinet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 154.52.2.210 40934 (FORTINET)
1 154.52.2.200 40934 (FORTINET)
2 2
Apex Domain
Subdomains		 Transfer
2 fortinet.com
help.fortinet.com — Cisco Umbrella Rank: 652414
docs.fortinet.com — Cisco Umbrella Rank: 402677
11 KB
2 1
Domain Requested by
1 docs.fortinet.com help.fortinet.com
1 help.fortinet.com
2 2

This site contains links to these domains. Also see Links.

Domain
attack.mitre.org
Subject Issuer Validity Valid
*.fortinet.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-03-15 -
2024-03-14		 a year crt.sh

This page contains 1 frames:

Primary Page: https://help.fortinet.com/fsiem/Public_Resource_Access/7_1_0/rules/PH_RULE_Generic_Password_Dumper_Activity_on_LSASS.htm
Frame ID: A606A06E5F269A5111D753A984937CB9
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Windows: Generic Password Dumper Activity on LSASS

Page Statistics

2
Requests

100 %
HTTPS

0 %
IPv6

1
Domains

2
Subdomains

2
IPs

1
Countries

11 kB
Transfer

10 kB
Size

2
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

2 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request PH_RULE_Generic_Password_Dumper_Activity_on_LSASS.htm
help.fortinet.com/fsiem/Public_Resource_Access/7_1_0/rules/ 		8 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://help.fortinet.com/fsiem/Public_Resource_Access/7_1_0/rules/PH_RULE_Generic_Password_Dumper_Activity_on_LSASS.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
154.52.2.210 Frankfurt am Main, Germany, ASN40934 (FORTINET, US),
Reverse DNS
Software
envoy /
Resource Hash
4049a56321a67b07779bcaced938a10ca7376e65e0d8ae09baa7a1eef04f2927
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
age
0
cache-control
max-age=3600,public, no-transform
content-length
8439
content-type
text/html
date
Wed, 03 Jan 2024 14:41:20 GMT
etag
"656694b1-20f7"
expires
Wed, 03 Jan 2024 15:41:20 GMT
last-modified
Wed, 29 Nov 2023 01:32:33 GMT
server
envoy
strict-transport-security
max-age=15552000
x-cache
MISS
x-cache-hits
0
x-cache-ttl
3600.000
x-envoy-upstream-service-time
147
x-retries
0
x-storage
default
fortinet-black.svg
docs.fortinet.com/img/ 		2 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://docs.fortinet.com/img/fortinet-black.svg
Requested by
Host: help.fortinet.com
URL: https://help.fortinet.com/fsiem/Public_Resource_Access/7_1_0/rules/PH_RULE_Generic_Password_Dumper_Activity_on_LSASS.htm
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
154.52.2.200 Frankfurt am Main, Germany, ASN40934 (FORTINET, US),
Reverse DNS
Software
envoy /
Resource Hash
1774c7583f0cffcd5a9ccd0dd2db7c5ea48aacb6382cde6e06a4899013ca5ab3
Security Headers
Name Value
Strict-Transport-Security max-age=15552000

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://help.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.129 Safari/537.36

Response headers

x-cache-ttl
415.710
date
Wed, 03 Jan 2024 14:38:16 GMT
strict-transport-security
max-age=15552000
x-cache-hits
20
age
184
x-cache
HIT
x-envoy-upstream-service-time
1
content-length
2107
x-retries
0
last-modified
Thu, 08 Dec 2022 22:18:32 GMT
server
envoy
etag
"639262b8-83b"
access-control-allow-methods
GET, POST, OPTIONS
content-type
image/svg+xml
access-control-allow-origin
*
cache-control
max-age=600,public, no-transform
accept-ranges
bytes
x-storage
default
expires
Wed, 03 Jan 2024 14:48:16 GMT

Verdicts & Comments Add Verdict or Comment

1 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| documentPictureInPicture

2 Cookies

Domain/Path Name / Value
help.fortinet.com/ Name: cookiesession1
Value: 678A3E197C4E592D99204F0439FD6AE7
docs.fortinet.com/ Name: cookiesession1
Value: 678A3E139691CE3AC295074F721495AC

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=15552000

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

docs.fortinet.com
help.fortinet.com
154.52.2.200
154.52.2.210
1774c7583f0cffcd5a9ccd0dd2db7c5ea48aacb6382cde6e06a4899013ca5ab3
4049a56321a67b07779bcaced938a10ca7376e65e0d8ae09baa7a1eef04f2927