urlscan.io logo urlscan.io
SecurityTrails logo

www.fortinet.com Open in urlscan Pro
3.91.211.14  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://apps.global.fortinet.com/e/bfs?s=3049749&lguid=fce48e02a40b4260a79e3a1a33f5efc2&elqTrackId=e7aa0c29b1b9459baa5ec4408e412e...
Effective URL: https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage
Submission: On February 25 via api from CA — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 63 IPs in 3 countries across 51 domains to perform 154 HTTP transactions. The main IP is 3.91.211.14, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is www.fortinet.com. The Cisco Umbrella rank of the primary domain is 107155.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on March 13th 2021. Valid for: a year.
This is the only time www.fortinet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 142.0.160.14 7160 (NETDYNAMICS)
9 3.91.211.14 14618 (AMAZON-AES)
6 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
19 2600:1400:d:5... 20940 (AKAMAI-ASN1)
2 5 54.160.28.254 14618 (AMAZON-AES)
1 23.221.200.229 16625 (AKAMAI-AS)
2 104.123.161.196 16625 (AKAMAI-AS)
1 23.195.108.126 16625 (AKAMAI-AS)
1 4 2620:1ec:c11:... 8068 (MICROSOFT...)
1 68.67.161.208 29990 (ASN-APPNEX)
8 23.59.105.202 16625 (AKAMAI-AS)
3 64.202.112.95 22075 (AS-OUTBRAIN)
1 3.217.99.187 14618 (AMAZON-AES)
3 3.216.131.23 14618 (AMAZON-AES)
1 1 52.73.19.237 14618 (AMAZON-AES)
1 23.52.163.40 16625 (AKAMAI-AS)
1 37.19.206.70 60068 (CDN77 ^_^)
4 40.76.174.66 8075 (MICROSOFT...)
1 2 20.36.253.92 8075 (MICROSOFT...)
2 34.196.60.121 14618 (AMAZON-AES)
1 52.85.61.11 16509 (AMAZON-02)
1 143.204.150.59 16509 (AMAZON-02)
1 2 54.154.189.86 16509 (AMAZON-02)
8 2607:f8b0:400... 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
2 195.181.168.47 60068 (CDN77 ^_^)
1 13.225.230.72 16509 (AMAZON-02)
1 143.204.150.34 16509 (AMAZON-02)
1 96.45.36.159 40934 (FORTINET)
1 34.251.139.24 16509 (AMAZON-02)
2 8 2600:9000:214... 16509 (AMAZON-02)
2 2600:141b:13:... 20940 (AKAMAI-ASN1)
2 6 52.21.103.83 14618 (AMAZON-AES)
1 146.75.28.157 54113 (FASTLY)
1 54.69.255.140 16509 (AMAZON-02)
3 2a03:2880:f01... 32934 (FACEBOOK)
1 3 142.250.80.38 15169 (GOOGLE)
1 142.250.65.226 15169 (GOOGLE)
3 104.244.42.195 13414 (TWITTER)
3 104.244.42.197 13414 (TWITTER)
6 6 2620:1ec:21::14 8068 (MICROSOFT...)
3 3 108.174.10.24 14413 (LINKEDIN)
2 5 104.18.101.194 13335 (CLOUDFLAR...)
4 2607:f8b0:400... 15169 (GOOGLE)
3 2a03:2880:f11... 32934 (FACEBOOK)
14 16 75.101.138.186 14618 (AMAZON-AES)
7 7 52.223.40.198 16509 (AMAZON-02)
2 2 107.20.181.84 14618 (AMAZON-AES)
2 3 52.3.138.212 14618 (AMAZON-AES)
1 2607:f8b0:400... 15169 (GOOGLE)
4 2607:f8b0:400... 15169 (GOOGLE)
4 2607:f8b0:400... 15169 (GOOGLE)
1 1 2607:f8b0:400... 15169 (GOOGLE)
1 2 23.52.162.21 16625 (AKAMAI-AS)
1 69.173.151.100 26667 (RUBICONPR...)
2 2 3.226.63.71 14618 (AMAZON-AES)
1 3 3.218.90.66 14618 (AMAZON-AES)
1 104.36.115.109 62713 (AS-PUBMATIC)
1 2001:4998:1c:... 14779 (YAHOO)
1 141.226.224.48 200478 (TABOOLA-AS)
1 2 35.71.139.29 16509 (AMAZON-02)
1 2 35.211.178.172 19527 (GOOGLE-2)
2 3 68.67.160.76 29990 (ASN-APPNEX)
2 3 35.190.60.146 15169 (GOOGLE)
2 2 107.178.254.65 15169 (GOOGLE)
3 3 142.250.80.66 15169 (GOOGLE)
1 1 34.98.67.3 15169 (GOOGLE)
1 2 35.244.159.8 15169 (GOOGLE)
2 35.81.173.170 16509 (AMAZON-02)
1 34.212.4.35 16509 (AMAZON-02)
1 52.10.121.135 16509 (AMAZON-02)
154 63
1    142.0.160.14 (United States)

ASN7160 (NETDYNAMICS, US)
apps.global.fortinet.com
9    3.91.211.14 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-91-211-14.compute-1.amazonaws.com
www.fortinet.com
6    2606:4700::6810:9440 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
1    2606:4700:10::6814:b844 (United States)

ASN13335 (CLOUDFLARENET, US)
geolocation.onetrust.com
19    2600:1400:d:586::1e80 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
assets.adobedtm.com
5    54.160.28.254 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-160-28-254.compute-1.amazonaws.com
dpm.demdex.net
1    23.221.200.229 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-221-200-229.deploy.static.akamaitechnologies.com
amplify.outbrain.com
2    104.123.161.196 (Piscataway, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-123-161-196.deploy.static.akamaitechnologies.com
j.6sc.co
1    23.195.108.126 (Edison, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-195-108-126.deploy.static.akamaitechnologies.com
s7.addthis.com
4    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
c.bing.com
1    68.67.161.208 (Brooklyn, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
secure.adnxs.com
8    23.59.105.202 (Atlanta, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-59-105-202.deploy.static.akamaitechnologies.com
c.6sc.co
b.6sc.co
3    64.202.112.95 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com
tr.outbrain.com
sync.outbrain.com
1    3.217.99.187 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-217-99-187.compute-1.amazonaws.com
fortinet.demdex.net
3    3.216.131.23 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-216-131-23.compute-1.amazonaws.com
metrics.fortinet.com
1    52.73.19.237 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-73-19-237.compute-1.amazonaws.com
cm.everesttech.net
1    23.52.163.40 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-163-40.deploy.static.akamaitechnologies.com
z.moatads.com
1    37.19.206.70 (United States)

ASN60068 (CDN77 ^_^, GB)
PTR: unn-37-19-206-70.datapacket.com
a.opmnstr.com
4    40.76.174.66 (Tappahannock, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
d.clarity.ms
2    20.36.253.92 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.clarity.ms
2    34.196.60.121 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-196-60-121.compute-1.amazonaws.com
epsilon.6sense.com
1    52.85.61.11 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-61-11.ewr53.r.cloudfront.net
api.omappapi.com
1    143.204.150.59 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-150-59.ewr52.r.cloudfront.net
static.hotjar.com
2    54.154.189.86 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-154-189-86.eu-west-1.compute.amazonaws.com
argusplatform.com
www.argusplatform.com
8    2607:f8b0:4006:80e::2008 (Queens, United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2607:f8b0:4006:816::200e (Queens, United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    195.181.168.47 (United States)

ASN60068 (CDN77 ^_^, GB)
PTR: edge-742.bunnyinfra.net
a.omappapi.com
1    13.225.230.72 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-230-72.jfk51.r.cloudfront.net
script.hotjar.com
1    143.204.150.34 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-150-34.ewr52.r.cloudfront.net
vars.hotjar.com
1    96.45.36.159 (Santa Clara, United States)

ASN40934 (FORTINET, US)
site.fortinet.com
1    34.251.139.24 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-251-139-24.eu-west-1.compute.amazonaws.com
pixels.argusplatform.com
8    2600:9000:2140:d600:6:9280:1080:93a1 (United States)

ASN16509 (AMAZON-02, US)
s.adroll.com
2    2600:141b:13::17d7:82d0 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
6    52.21.103.83 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-21-103-83.compute-1.amazonaws.com
ml314.com
1    146.75.28.157 (Ashburn, United States)

ASN54113 (FASTLY, US)
static.ads-twitter.com
1    54.69.255.140 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-69-255-140.us-west-2.compute.amazonaws.com
dx.mountain.com
3    2a03:2880:f012:8:face:b00c:0:1 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
connect.facebook.net
3    142.250.80.38 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s34-in-f6.1e100.net
10104846.fls.doubleclick.net
1    142.250.65.226 (United States)

ASN15169 (GOOGLE, US)
PTR: lga25s73-in-f2.1e100.net
www.googleadservices.com
3    104.244.42.195 (United States)

ASN13414 (TWITTER, US)
analytics.twitter.com
3    104.244.42.197 (United States)

ASN13414 (TWITTER, US)
t.co
6    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
www.linkedin.com
3    108.174.10.24 (United States)

ASN14413 (LINKEDIN, US)
PTR: 108-174-10-24.fwd.linkedin.com
px4.ads.linkedin.com
5    104.18.101.194 (None, )

ASN13335 (CLOUDFLARENET, US)
p.adsymptotic.com
4    2607:f8b0:4006:824::2002 (Queens, United States)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
3    2a03:2880:f112:83:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)
www.facebook.com
16    75.101.138.186 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-75-101-138-186.compute-1.amazonaws.com
d.adroll.com
7    52.223.40.198 (United States)

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com
match.adsrvr.org
insight.adsrvr.org
2    107.20.181.84 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-107-20-181-84.compute-1.amazonaws.com
sync.crwdcntrl.net
3    52.3.138.212 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-3-138-212.compute-1.amazonaws.com
ps.eyeota.net
1    2607:f8b0:4006:822::2002 (Queens, United States)

ASN15169 (GOOGLE, US)
adservice.google.com
4    2607:f8b0:4006:823::2004 (Queens, United States)

ASN15169 (GOOGLE, US)
www.google.com
4    2607:f8b0:4006:820::2003 (Queens, United States)

ASN15169 (GOOGLE, US)
www.google.ca
1    2607:f8b0:4006:821::2002 (Queens, United States)

ASN15169 (GOOGLE, US)
adservice.google.ca
2    23.52.162.21 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-162-21.deploy.static.akamaitechnologies.com
dsum-sec.casalemedia.com
1    69.173.151.100 (United States)

ASN26667 (RUBICONPROJECT, US)
pixel.rubiconproject.com
2    3.226.63.71 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-226-63-71.compute-1.amazonaws.com
pixel.advertising.com
3    3.218.90.66 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-218-90-66.compute-1.amazonaws.com
ups.analytics.yahoo.com
1    104.36.115.109 (United States)

ASN62713 (AS-PUBMATIC, US)
image2.pubmatic.com
1    2001:4998:1c:800::1000 (United States)

ASN14779 (YAHOO, US)
ads.yahoo.com
1    141.226.224.48 (United States)

ASN200478 (TABOOLA-AS, IL)
sync.taboola.com
2    35.71.139.29 (United States)

ASN16509 (AMAZON-02, US)
PTR: afb83dd09526a6517.awsglobalaccelerator.com
eb2.3lift.com
2    35.211.178.172 (North Charleston, United States)

ASN19527 (GOOGLE-2, US)
PTR: 172.178.211.35.bc.googleusercontent.com
x.bidswitch.net
3    68.67.160.76 (Brooklyn, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 678.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
ib.adnxs.com
3    35.190.60.146 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com
idsync.rlcdn.com
2    107.178.254.65 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 65.254.178.107.bc.googleusercontent.com
pippio.com
3    142.250.80.66 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s35-in-f2.1e100.net
cm.g.doubleclick.net
1    34.98.67.3 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 3.67.98.34.bc.googleusercontent.com
tags.rd.linksynergy.com
2    35.244.159.8 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 8.159.244.35.bc.googleusercontent.com
us-u.openx.net
2    35.81.173.170 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-81-173-170.us-west-2.compute.amazonaws.com
px.mountain.com
1    34.212.4.35 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-212-4-35.us-west-2.compute.amazonaws.com
gs.mountain.com
1    52.10.121.135 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-10-121-135.us-west-2.compute.amazonaws.com
px.steelhousemedia.com
Apex Domain
Subdomains		 Transfer
24 adroll.com
s.adroll.com — Cisco Umbrella Rank: 2263
d.adroll.com — Cisco Umbrella Rank: 1329
36 KB
19 adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 505
103 KB
14 fortinet.com
apps.global.fortinet.com — Cisco Umbrella Rank: 626205
www.fortinet.com — Cisco Umbrella Rank: 107155
metrics.fortinet.com — Cisco Umbrella Rank: 336278
site.fortinet.com — Cisco Umbrella Rank: 331435
713 KB
10 doubleclick.net
10104846.fls.doubleclick.net — Cisco Umbrella Rank: 405141
googleads.g.doubleclick.net — Cisco Umbrella Rank: 37
cm.g.doubleclick.net — Cisco Umbrella Rank: 175
8 KB
10 6sc.co
j.6sc.co — Cisco Umbrella Rank: 7147
c.6sc.co — Cisco Umbrella Rank: 10540
b.6sc.co — Cisco Umbrella Rank: 5621
24 KB
9 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 439
www.linkedin.com — Cisco Umbrella Rank: 602
px4.ads.linkedin.com — Cisco Umbrella Rank: 5087
7 KB
8 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 50
314 KB
7 adsrvr.org
match.adsrvr.org — Cisco Umbrella Rank: 295
insight.adsrvr.org — Cisco Umbrella Rank: 607
4 KB
6 ml314.com
ml314.com — Cisco Umbrella Rank: 1357
16 KB
6 clarity.ms
d.clarity.ms — Cisco Umbrella Rank: 2006
c.clarity.ms — Cisco Umbrella Rank: 693
24 KB
6 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 187
fortinet.demdex.net — Cisco Umbrella Rank: 323417
8 KB
6 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 443
117 KB
5 google.ca
www.google.ca — Cisco Umbrella Rank: 8810
adservice.google.ca — Cisco Umbrella Rank: 12901
2 KB
5 google.com
adservice.google.com — Cisco Umbrella Rank: 59
www.google.com — Cisco Umbrella Rank: 2
2 KB
5 adsymptotic.com
p.adsymptotic.com — Cisco Umbrella Rank: 497
1000 B
4 yahoo.com
ups.analytics.yahoo.com — Cisco Umbrella Rank: 269
ads.yahoo.com — Cisco Umbrella Rank: 835
1 KB
4 mountain.com
dx.mountain.com — Cisco Umbrella Rank: 10797
px.mountain.com — Cisco Umbrella Rank: 10639
gs.mountain.com — Cisco Umbrella Rank: 16036
7 KB
4 adnxs.com
secure.adnxs.com — Cisco Umbrella Rank: 350
ib.adnxs.com — Cisco Umbrella Rank: 210
4 KB
4 bing.com
bat.bing.com — Cisco Umbrella Rank: 331
c.bing.com — Cisco Umbrella Rank: 212
13 KB
4 outbrain.com
amplify.outbrain.com — Cisco Umbrella Rank: 2190
tr.outbrain.com — Cisco Umbrella Rank: 1993
sync.outbrain.com — Cisco Umbrella Rank: 717
4 KB
3 rlcdn.com
idsync.rlcdn.com — Cisco Umbrella Rank: 283
563 B
3 eyeota.net
ps.eyeota.net — Cisco Umbrella Rank: 845
2 KB
3 facebook.com
www.facebook.com — Cisco Umbrella Rank: 97
515 B
3 t.co
t.co — Cisco Umbrella Rank: 456
725 B
3 twitter.com
analytics.twitter.com — Cisco Umbrella Rank: 468
905 B
3 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 126
201 KB
3 argusplatform.com
argusplatform.com — Cisco Umbrella Rank: 196114
www.argusplatform.com — Cisco Umbrella Rank: 223854
pixels.argusplatform.com — Cisco Umbrella Rank: 286603
3 KB
3 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 574
script.hotjar.com — Cisco Umbrella Rank: 726
vars.hotjar.com — Cisco Umbrella Rank: 809
66 KB
3 omappapi.com
api.omappapi.com — Cisco Umbrella Rank: 4634
a.omappapi.com — Cisco Umbrella Rank: 4876
27 KB
2 openx.net
us-u.openx.net — Cisco Umbrella Rank: 322
392 B
2 pippio.com
pippio.com — Cisco Umbrella Rank: 692
850 B
2 bidswitch.net
x.bidswitch.net — Cisco Umbrella Rank: 265
1 KB
2 3lift.com
eb2.3lift.com — Cisco Umbrella Rank: 356
744 B
2 advertising.com
pixel.advertising.com — Cisco Umbrella Rank: 307
819 B
2 casalemedia.com
dsum-sec.casalemedia.com — Cisco Umbrella Rank: 488
2 KB
2 crwdcntrl.net
sync.crwdcntrl.net — Cisco Umbrella Rank: 662
863 B
2 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 830
3 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 31
20 KB
2 6sense.com
epsilon.6sense.com — Cisco Umbrella Rank: 12137
655 B
1 steelhousemedia.com
px.steelhousemedia.com — Cisco Umbrella Rank: 6841
303 B
1 linksynergy.com
tags.rd.linksynergy.com — Cisco Umbrella Rank: 3850
359 B
1 taboola.com
sync.taboola.com — Cisco Umbrella Rank: 725
221 B
1 pubmatic.com
image2.pubmatic.com — Cisco Umbrella Rank: 752
590 B
1 rubiconproject.com
pixel.rubiconproject.com — Cisco Umbrella Rank: 288
799 B
1 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 99
15 KB
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 539
6 KB
1 opmnstr.com
a.opmnstr.com — Cisco Umbrella Rank: 15504
57 KB
1 moatads.com
z.moatads.com — Cisco Umbrella Rank: 330
1 KB
1 everesttech.net
cm.everesttech.net — Cisco Umbrella Rank: 881
517 B
1 addthis.com
s7.addthis.com — Cisco Umbrella Rank: 1324
114 KB
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 709
434 B
154 51
Domain Requested by
19 assets.adobedtm.com cdn.cookielaw.org
assets.adobedtm.com
16 d.adroll.com 14 redirects s.adroll.com
9 www.fortinet.com apps.global.fortinet.com
www.fortinet.com
8 s.adroll.com 2 redirects apps.global.fortinet.com
s.adroll.com
d.adroll.com
8 www.googletagmanager.com apps.global.fortinet.com
www.googletagmanager.com
assets.adobedtm.com
7 b.6sc.co www.fortinet.com
6 match.adsrvr.org 6 redirects
6 ml314.com 2 redirects apps.global.fortinet.com
ml314.com
6 cdn.cookielaw.org www.fortinet.com
cdn.cookielaw.org
5 p.adsymptotic.com 2 redirects 10104846.fls.doubleclick.net
5 px.ads.linkedin.com 5 redirects
5 dpm.demdex.net 2 redirects www.fortinet.com
4 www.google.ca
4 www.google.com
4 googleads.g.doubleclick.net www.googleadservices.com
4 d.clarity.ms bat.bing.com
d.clarity.ms
3 cm.g.doubleclick.net 3 redirects
3 idsync.rlcdn.com 2 redirects
3 ib.adnxs.com 2 redirects
3 ups.analytics.yahoo.com 1 redirects
3 ps.eyeota.net 2 redirects
3 www.facebook.com
3 px4.ads.linkedin.com 3 redirects
3 t.co
3 analytics.twitter.com static.ads-twitter.com
3 10104846.fls.doubleclick.net 1 redirects assets.adobedtm.com
adservice.google.com
3 connect.facebook.net apps.global.fortinet.com
connect.facebook.net
3 metrics.fortinet.com assets.adobedtm.com
www.fortinet.com
3 bat.bing.com assets.adobedtm.com
bat.bing.com
www.fortinet.com
2 px.mountain.com dx.mountain.com
apps.global.fortinet.com
2 us-u.openx.net 1 redirects
2 pippio.com 2 redirects
2 x.bidswitch.net 1 redirects
2 eb2.3lift.com 1 redirects
2 pixel.advertising.com 2 redirects
2 dsum-sec.casalemedia.com 1 redirects
2 sync.crwdcntrl.net 2 redirects
2 snap.licdn.com apps.global.fortinet.com
snap.licdn.com
2 a.omappapi.com a.opmnstr.com
www.fortinet.com
2 www.google-analytics.com a.opmnstr.com
www.google-analytics.com
2 epsilon.6sense.com j.6sc.co
2 c.clarity.ms 1 redirects www.fortinet.com
2 tr.outbrain.com amplify.outbrain.com
www.fortinet.com
2 j.6sc.co apps.global.fortinet.com
1 insight.adsrvr.org 1 redirects
1 px.steelhousemedia.com
1 gs.mountain.com apps.global.fortinet.com
1 tags.rd.linksynergy.com 1 redirects
1 sync.taboola.com
1 ads.yahoo.com
1 image2.pubmatic.com
1 sync.outbrain.com
1 pixel.rubiconproject.com
1 adservice.google.ca 1 redirects
1 adservice.google.com 10104846.fls.doubleclick.net
1 www.linkedin.com 1 redirects
1 www.googleadservices.com www.googletagmanager.com
1 dx.mountain.com apps.global.fortinet.com
1 static.ads-twitter.com apps.global.fortinet.com
1 pixels.argusplatform.com www.fortinet.com
1 site.fortinet.com www.fortinet.com
1 vars.hotjar.com static.hotjar.com
1 script.hotjar.com static.hotjar.com
1 www.argusplatform.com www.fortinet.com
1 argusplatform.com 1 redirects
1 static.hotjar.com apps.global.fortinet.com
1 api.omappapi.com a.opmnstr.com
1 c.bing.com 1 redirects
1 a.opmnstr.com assets.adobedtm.com
1 z.moatads.com s7.addthis.com
1 cm.everesttech.net 1 redirects
1 fortinet.demdex.net assets.adobedtm.com
1 c.6sc.co j.6sc.co
1 secure.adnxs.com j.6sc.co
1 s7.addthis.com assets.adobedtm.com
1 amplify.outbrain.com apps.global.fortinet.com
1 geolocation.onetrust.com cdn.cookielaw.org
1 apps.global.fortinet.com
154 78
Subject Issuer Validity Valid
global.fortinet.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-07-16 -
2022-07-21		 a year crt.sh
*.fortinet.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-03-13 -
2022-04-13		 a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3		 2021-06-01 -
2022-05-31		 a year crt.sh
onetrust.com
Cloudflare Inc ECC CA-3		 2022-01-12 -
2023-01-12		 a year crt.sh
assets.adobedtm.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-09-10 -
2022-09-10		 a year crt.sh
*.outbrain.com
DigiCert SHA2 Secure Server CA		 2021-05-25 -
2022-06-01		 a year crt.sh
*.6sc.co
DigiCert SHA2 Secure Server CA		 2021-03-09 -
2022-03-16		 a year crt.sh
odc-addthis-prod-01.oracle.com
DigiCert SHA2 Secure Server CA		 2021-04-25 -
2022-04-27		 a year crt.sh
www.bing.com
Microsoft RSA TLS CA 01		 2021-12-22 -
2022-06-22		 6 months crt.sh
*.adnxs.com
GeoTrust ECC CA 2018		 2022-02-11 -
2023-03-14		 a year crt.sh
*.demdex.net
DigiCert TLS RSA SHA256 2020 CA1		 2021-10-19 -
2022-11-19		 a year crt.sh
moatads.com
DigiCert SHA2 Secure Server CA		 2021-11-27 -
2022-11-29		 a year crt.sh
a.opmnstr.com
R3		 2022-02-07 -
2022-05-08		 3 months crt.sh
a.clarity.ms
Microsoft RSA TLS CA 01		 2021-07-27 -
2022-07-27		 a year crt.sh
*.6sense.com
Amazon		 2021-06-09 -
2022-07-08		 a year crt.sh
api.opmnstr.com
Amazon		 2022-02-09 -
2023-03-10		 a year crt.sh
*.hotjar.com
Amazon		 2021-11-25 -
2022-12-23		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-02-17 -
2022-05-12		 3 months crt.sh
a.omappapi.com
R3		 2022-02-07 -
2022-05-08		 3 months crt.sh
pixels.argusplatform.com
R3		 2022-02-11 -
2022-05-12		 3 months crt.sh
s.adroll.com
Amazon		 2021-08-02 -
2022-08-31		 a year crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA		 2021-07-15 -
2022-07-20		 a year crt.sh
*.ml314.com
Amazon		 2021-12-17 -
2023-01-14		 a year crt.sh
ads-twitter.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-07-21 -
2022-07-26		 a year crt.sh
*.mountain.com
Go Daddy Secure Certificate Authority - G2		 2021-05-20 -
2022-06-21		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2021-12-05 -
2022-03-05		 3 months crt.sh
*.doubleclick.net
GTS CA 1C3		 2022-02-17 -
2022-05-12		 3 months crt.sh
www.googleadservices.com
GTS CA 1C3		 2022-02-17 -
2022-05-12		 3 months crt.sh
*.twitter.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-02-22 -
2023-02-22		 a year crt.sh
t.co
DigiCert TLS RSA SHA256 2020 CA1		 2022-02-22 -
2023-02-22		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-02-17 -
2022-05-12		 3 months crt.sh
adroll.mgr.consensu.org
Amazon		 2021-09-10 -
2022-10-09		 a year crt.sh
*.google.com
GTS CA 1C3		 2022-02-17 -
2022-05-12		 3 months crt.sh
www.google.com
GTS CA 1C3		 2022-02-17 -
2022-05-12		 3 months crt.sh
*.google.ca
GTS CA 1C3		 2022-02-17 -
2022-05-12		 3 months crt.sh

This page contains 7 frames:

Primary Page: https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage
Frame ID: 2EE1A5D8C56DF4C54A34A8EC084112D6
Requests: 149 HTTP requests in this frame

Frame: https://fortinet.demdex.net/dest5.html?d_nsid=0
Frame ID: C3F5499AAC8BCE83885D439034662844
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-acca23410e696f2ca3087d947271c3d0.html
Frame ID: EEB748A1CC94695324F5CBC1D532861C
Requests: 1 HTTP requests in this frame

Frame: https://10104846.fls.doubleclick.net/activityi;dc_pre=CMifk6zXm_YCFRDN4QodHOECJg;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=6060061396814.56
Frame ID: 58962F2BAC393F116E56F9387B7A6ECF
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CMifk6zXm_YCFRDN4QodHOECJg;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=6060061396814.56;~oref=https://www.fortinet.com/
Frame ID: 6089B25F0B50DEA282BC988F4F849405
Requests: 1 HTTP requests in this frame

Frame: https://10104846.fls.doubleclick.net/ddm/fls/r/dc_pre=CMifk6zXm_YCFRDN4QodHOECJg;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=6060061396814.56;~oref=https://www.fortinet.com/
Frame ID: 672B0C610DB27A05406EE34E68AC7B9F
Requests: 2 HTTP requests in this frame

Frame: https://www.facebook.com/tr/
Frame ID: BCD743D327CD84763E3285E14AA09E5C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Nobelium Returns to the Political World Stage | FortiGuard Labs Back ButtonFilter Button

Page URL History Show full URLs

  1. https://apps.global.fortinet.com/e/bfs?s=3049749&lguid=fce48e02a40b4260a79e3a1a33f5efc2&elqTrackId=e7aa0c29b1... Page URL
  2. https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /etc\.clientlibs/
Overall confidence: 100%
Detected patterns
  • (?:a|s)\.adroll\.com
Overall confidence: 100%
Detected patterns
  • addthis\.com/js/
Overall confidence: 100%
Detected patterns
  • adnxs\.(?:net|com)
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js
Overall confidence: 100%
Detected patterns
  • moatads\.com
Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.openx\.net
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.pubmatic\.com
Overall confidence: 100%
Detected patterns
  • https?://[^/]*\.rubiconproject\.com
Overall confidence: 100%
Detected patterns
  • tracker\.js
Overall confidence: 100%
Detected patterns
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

154
Requests

82 %
HTTPS

24 %
IPv6

51
Domains

78
Subdomains

63
IPs

3
Countries

1897 kB
Transfer

4702 kB
Size

110
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://apps.global.fortinet.com/e/bfs?s=3049749&lguid=fce48e02a40b4260a79e3a1a33f5efc2&elqTrackId=e7aa0c29b1b9459baa5ec4408e412ea3&elq=0f091f635be94806a559761876f85a77&elqaid=3249&elqat=1&elqCampaignId=22218] Page URL
  2. https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 20
  • https://dpm.demdex.net/id?d_visid_ver=5.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1645820553556 HTTP 302
  • https://dpm.demdex.net/id/rd?d_visid_ver=5.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1645820553556
Request Chain 38
  • https://cm.everesttech.net/cm/dd?d_uuid=82299764022153901900036392187171918657 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yhk6iQAAAGnZ_APl
Request Chain 43
  • https://c.clarity.ms/c.gif HTTP 302
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=1A6409917E16489B9EFF2F4E0D099C87&RedC=c.clarity.ms&MXFR=20444B2E176E6CC008B35A78136E62E6 HTTP 302
  • https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=1A6409917E16489B9EFF2F4E0D099C87&MUID=366606E82BB16F79385517BE2A1B6EDB
Request Chain 49
  • https://argusplatform.com/js/wid.tracker.js HTTP 301
  • https://www.argusplatform.com/js/wid.tracker.js
Request Chain 87
  • https://10104846.fls.doubleclick.net/activityi;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=6060061396814.56 HTTP 302
  • https://10104846.fls.doubleclick.net/activityi;dc_pre=CMifk6zXm_YCFRDN4QodHOECJg;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=6060061396814.56
Request Chain 89
  • https://s.adroll.com/j/exp/7OBVBCAQE5FHDPFEAD5T4D/index.js HTTP 302
  • https://s.adroll.com/j/exp/index.js
Request Chain 90
  • https://s.adroll.com/j/pre/7OBVBCAQE5FHDPFEAD5T4D/GIVUJ77KRNF4LOPGYJ6RS5/fpconsent.js HTTP 302
  • https://s.adroll.com/j/pre/index.js
Request Chain 100
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&time=1645820554604&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&time=1645820554604&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&cookiesTest=true HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7120%26time%3D1645820554604%26url%3Dhttps%253A%252F%252Fwww.fortinet.com%252Fblog%252Fthreat-research%252Fnobelium-returns-to-the-political-world-stage%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&time=1645820554604&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&cookiesTest=true&liSync=true HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&time=1645820554604&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&cookiesTest=true&liSync=true&e_ipv6=AQKknISl4aAH6QAAAX8yjK8l9cMpYeCyOQI2-Yzb2GBJhTFP8JxWsrAkapY2_qhFpBGQRx89 HTTP 302
  • https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=af52f63d-46c8-4e3c-b3b8-5a9588ece57a HTTP 302
  • https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=af52f63d-46c8-4e3c-b3b8-5a9588ece57a&_expected_cookie=e95df9a26a71e8fffb344e12e7798127
Request Chain 110
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=d0tro1j&ttd_tpi=1 HTTP 302
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=d0tro1j&ttd_tpi=1 HTTP 302
  • https://ml314.com/utsync.ashx?eid=53819&et=0&fp=c7f4a49e-a510-4b66-9996-398193e0969c&gdpr=0&gdpr_consent=
Request Chain 111
  • https://sync.crwdcntrl.net/map/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3625396431451848734 HTTP 302
  • https://sync.crwdcntrl.net/map/ct=y/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3625396431451848734 HTTP 302
  • https://ml314.com/csync.ashx?fp=256e0ea636af5df5ef96faab8c665d72&eid=50146&person_id=3625396431451848734
Request Chain 112
  • https://ps.eyeota.net/pixel?pid=r8hrb20&t=gif HTTP 302
  • https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif HTTP 302
  • https://ml314.com/utsync.ashx?eid=50052&et=0&fp=2JtycSpeXckRriekBcYH0-mmm4J28LVKxxw_vmGRideA&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3Dr8hrb20%26uid%3Dnil%26referrer_pid%3Dr8hrb20 HTTP 302
  • https://ml314.com/csync.ashx?fp=2JtycSpeXckRriekBcYH0-mmm4J28LVKxxw_vmGRideA&person_id=3625396431451848734&eid=50052&return=https%3a%2f%2fps.eyeota.net%2fmatch%3fbid%3dr8hrb20%26uid%3dnil%26referrer_pid%3dr8hrb20 HTTP 302
  • https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20
Request Chain 122
  • https://d.adroll.com/pixel/7OBVBCAQE5FHDPFEAD5T4D/GIVUJ77KRNF4LOPGYJ6RS5?adroll_fpc=266e7974def0939376708dcbb167894f-1645820554842&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&pv=43947993933.81343&cookie=&adroll_s_ref=https%3A//apps.global.fortinet.com/&keyw= HTTP 302
  • https://s.adroll.com/pixel/7OBVBCAQE5FHDPFEAD5T4D/GIVUJ77KRNF4LOPGYJ6RS5/VGLVDYA6GRASZMUSTHUV5D.js
Request Chain 123
  • https://adservice.google.ca/ddm/fls/i/dc_pre=CMifk6zXm_YCFRDN4QodHOECJg;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=6060061396814.56;~oref=https://www.fortinet.com/ HTTP 302
  • https://10104846.fls.doubleclick.net/ddm/fls/r/dc_pre=CMifk6zXm_YCFRDN4QodHOECJg;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=6060061396814.56;~oref=https://www.fortinet.com/
Request Chain 126
  • https://px.ads.linkedin.com/collect/?pid=2148604&fmt=gif HTTP 302
  • https://px4.ads.linkedin.com/collect?pid=2148604&fmt=gif&e_ipv6=AQLsKHBWaKnZ_wAAAX8yjK7GVLsCzDY_txU9YdAkIfSpTDfGOvbndD-CS8W9FAP5zB69D-9y HTTP 302
  • https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=af52f63d-46c8-4e3c-b3b8-5a9588ece57a HTTP 302
  • https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=af52f63d-46c8-4e3c-b3b8-5a9588ece57a&_expected_cookie=aebbb6bfa8d9777db8357fb35a61188a
Request Chain 127
  • https://d.adroll.com/cm/index/out?adroll_fpc=266e7974def0939376708dcbb167894f-1645820554842&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&advertisable=7OBVBCAQE5FHDPFEAD5T4D HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk&expiration=1677356554 HTTP 302
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk&expiration=1677356554&C=1
Request Chain 128
  • https://d.adroll.com/cm/n/out?adroll_fpc=266e7974def0939376708dcbb167894f-1645820554842&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&advertisable=7OBVBCAQE5FHDPFEAD5T4D HTTP 302
  • https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk&expires=365
Request Chain 129
  • https://d.adroll.com/cm/onevideo/out?adroll_fpc=266e7974def0939376708dcbb167894f-1645820554842&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&advertisable=7OBVBCAQE5FHDPFEAD5T4D HTTP 302
  • https://pixel.advertising.com/ups/55980/sync?uid=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA HTTP 302
  • https://pixel.advertising.com/ups/55980/sync?uid=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true HTTP 302
  • https://ups.analytics.yahoo.com/ups/55980/sync?uid=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UPaaf35b57-9678-11ec-ac64-0e69f2ff719b HTTP 302
  • https://ups.analytics.yahoo.com/ups/55980/sync?uid=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UPaaf35b57-9678-11ec-ac64-0e69f2ff719b&verify=true
Request Chain 130
  • https://d.adroll.com/cm/outbrain/out?adroll_fpc=266e7974def0939376708dcbb167894f-1645820554842&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&advertisable=7OBVBCAQE5FHDPFEAD5T4D HTTP 302
  • https://sync.outbrain.com/cookie-sync?p=adroll&uid=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk
Request Chain 131
  • https://d.adroll.com/cm/pubmatic/out?adroll_fpc=266e7974def0939376708dcbb167894f-1645820554842&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&advertisable=7OBVBCAQE5FHDPFEAD5T4D HTTP 302
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Request Chain 132
  • https://d.adroll.com/cm/r/out?adroll_fpc=266e7974def0939376708dcbb167894f-1645820554842&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&advertisable=7OBVBCAQE5FHDPFEAD5T4D HTTP 302
  • https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Request Chain 133
  • https://d.adroll.com/cm/taboola/out?adroll_fpc=266e7974def0939376708dcbb167894f-1645820554842&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&advertisable=7OBVBCAQE5FHDPFEAD5T4D HTTP 302
  • https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk
Request Chain 134
  • https://d.adroll.com/cm/triplelift/out?adroll_fpc=266e7974def0939376708dcbb167894f-1645820554842&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&advertisable=7OBVBCAQE5FHDPFEAD5T4D HTTP 302
  • https://eb2.3lift.com/xuid?mid=4714&xuid=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk&dongle=c85e HTTP 302
  • https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk&dongle=c85e&gdpr=0&cmp_cs=&us_privacy=
Request Chain 135
  • https://d.adroll.com/cm/b/out?adroll_fpc=266e7974def0939376708dcbb167894f-1645820554842&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&advertisable=7OBVBCAQE5FHDPFEAD5T4D HTTP 302
  • https://x.bidswitch.net/sync?dsp_id=44&user_id=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk
Request Chain 136
  • https://d.adroll.com/cm/x/out?adroll_fpc=266e7974def0939376708dcbb167894f-1645820554842&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&advertisable=7OBVBCAQE5FHDPFEAD5T4D HTTP 302
  • https://ib.adnxs.com/setuid?entity=172&code=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk HTTP 307
  • https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DNmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk
Request Chain 137
  • https://d.adroll.com/cm/l/out?adroll_fpc=266e7974def0939376708dcbb167894f-1645820554842&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&advertisable=7OBVBCAQE5FHDPFEAD5T4D HTTP 302
  • https://idsync.rlcdn.com/377928.gif?partner_uid=6aae4b551642e3c68512fd7573145f79 HTTP 307
  • https://idsync.rlcdn.com/1000.gif?memo=CMiIFxIrCicIARDqIhogNmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzkQABoNCIv15JAGEgUI6AcQAEIASgA HTTP 307
  • https://pippio.com/api/sync?pid=5324&it=1&iv=b0344430619ff61fe81750f4276b8adc9e8a1a1f66d4cba42e38e513bd941f7e791426b5417dce21&_=2 HTTP 307
  • https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlBiMDM0NDQzMDYxOWZmNjFmZTgxNzUwZjQyNzZiOGFkYzllOGExYTFmNjZkNGNiYTQyZTM4ZTUxM2JkOTQxZjdlNzkxNDI2YjU0MTdkY2UyMRAAGgwIi_XkkAYSBAgCEABCAEoA HTTP 302
  • https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlBiMDM0NDQzMDYxOWZmNjFmZTgxNzUwZjQyNzZiOGFkYzllOGExYTFmNjZkNGNiYTQyZTM4ZTUxM2JkOTQxZjdlNzkxNDI2YjU0MTdkY2UyMRAAGgwIi_XkkAYSBAgCEABCAEoA&google_gid=CAESEC6TwkpV2hbQPHl5oppQpKM&google_cver=1 HTTP 307
  • https://tags.rd.linksynergy.com/rcs?ns=lr&uid3= HTTP 303
  • https://idsync.rlcdn.com/458249.gif?partner_uid=a6b47df9-ccd2-40f2-b896-66404a043dbd
Request Chain 138
  • https://d.adroll.com/cm/o/out?adroll_fpc=266e7974def0939376708dcbb167894f-1645820554842&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&advertisable=7OBVBCAQE5FHDPFEAD5T4D HTTP 302
  • https://us-u.openx.net/w/1.0/sd?id=537103138&val=6aae4b551642e3c68512fd7573145f79 HTTP 302
  • https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=6aae4b551642e3c68512fd7573145f79
Request Chain 139
  • https://d.adroll.com/cm/g/out?adroll_fpc=266e7974def0939376708dcbb167894f-1645820554842&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&advertisable=7OBVBCAQE5FHDPFEAD5T4D&google_nid=adroll5 HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=aq5LVRZC48aFEv11cxRfeQ HTTP 302
  • https://d.adroll.com/cm/g/in
Request Chain 143
  • https://px.ads.linkedin.com/collect/?pid=2159050&conversionId=6504418&fmt=gif HTTP 302
  • https://px4.ads.linkedin.com/collect?pid=2159050&conversionId=6504418&fmt=gif&e_ipv6=AQJKynRgLophegAAAX8yjK9sPMNuiCioiKFeOrsn1mP-UgD5-aqi9GRbHXCJ-vlBcGRId-RH HTTP 302
  • https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=af52f63d-46c8-4e3c-b3b8-5a9588ece57a
Request Chain 148
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=steelhouse&ttd_tpi=1&ttd_puid=ab17acbc-9678-11ec-8824-657b92135618&gdpr=&gdpr_consent= HTTP 302
  • https://px.steelhousemedia.com/tdsync?tdid=c7f4a49e-a510-4b66-9996-398193e0969c&shguid=ab17acbc-9678-11ec-8824-657b92135618
Request Chain 149
  • https://insight.adsrvr.org/track/evnt/?adv=6s0zaeu&ct=0:0bi0elf&fmt=3 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=903&dpuuid=c7f4a49e-a510-4b66-9996-398193e0969c&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Daam HTTP 302
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam HTTP 302
  • https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=c7f4a49e-a510-4b66-9996-398193e0969c HTTP 302
  • https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=8116888128478080276&ttd_tdid=c7f4a49e-a510-4b66-9996-398193e0969c HTTP 302
  • https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=YzdmNGE0OWUtYTUxMC00YjY2LTk5OTYtMzk4MTkzZTA5Njlj&gdpr=0&gdpr_consent=&ttd_tdid=c7f4a49e-a510-4b66-9996-398193e0969c HTTP 302
  • https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=c7f4a49e-a510-4b66-9996-398193e0969c&google_gid=CAESEJYPsGQEKP6jxoQClILGSDE&google_cver=1 HTTP 302
  • https://ups.analytics.yahoo.com/ups/55953/sync?uid=c7f4a49e-a510-4b66-9996-398193e0969c&_origin=1&gdpr=0&gdpr_consent=

154 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
bfs
apps.global.fortinet.com/e/ 		203 B
872 B 		Document
General
Check archive.org
Download Go to
Full URL
https://apps.global.fortinet.com/e/bfs?s=3049749&lguid=fce48e02a40b4260a79e3a1a33f5efc2&elqTrackId=e7aa0c29b1b9459baa5ec4408e412ea3&elq=0f091f635be94806a559761876f85a77&elqaid=3249&elqat=1&elqCampaignId=22218]
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
142.0.160.14 , United States, ASN7160 (NETDYNAMICS, US),
Reverse DNS
Software
/
Resource Hash
a5fcefaba919e6115c4d7ed76d1ea94529a8ca0c00e555ce93b075b290df99ff
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
en-CA,en;q=0.9

Response headers

Cache-Control
no-store
Pragma
no-cache
Transfer-Encoding
chunked
Content-Type
text/html;charset=UTF-8
Content-Encoding
identity
Expires
-1
X-Robots-Tag
noindex, nofollow
X-Xss-Protection
1; mode=block
Access-Control-Allow-Origin
*
P3P
CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA",
X-Content-Type-Options
nosniff
Date
Fri, 25 Feb 2022 20:22:32 GMT
Primary Request nobelium-returns-to-the-political-world-stage
www.fortinet.com/blog/threat-research/ 		43 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage
Requested by
Host: apps.global.fortinet.com
URL: https://apps.global.fortinet.com/e/bfs?s=3049749&lguid=fce48e02a40b4260a79e3a1a33f5efc2&elqTrackId=e7aa0c29b1b9459baa5ec4408e412ea3&elq=0f091f635be94806a559761876f85a77&elqaid=3249&elqat=1&elqCampaignId=22218]
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
3.91.211.14 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-91-211-14.compute-1.amazonaws.com
Software
Apache /
Resource Hash
7ec050c22e54c97b896f3196057dd010e45c580fe6ca44c91e2e3a513730494f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://apps.global.fortinet.com/

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=600, public
Content-Encoding
gzip
Content-Type
text/html;charset=utf-8
Date
Fri, 25 Feb 2022 20:22:32 GMT
ETag
"ac5f-5d8dc50b2bd99-gzip"
Last-Modified
Fri, 25 Feb 2022 19:00:41 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding,User-Agent
X-Content-Type-Options
nosniff
X-Dispatcher
dispatcher2uswest1
X-Frame-Options
SAMEORIGIN
X-Vhost
publish
Content-Length
14273
Connection
keep-alive
X-XSS-Protection
1; mode=block
clientlib-base.min.css
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/ 		216 KB
27 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.css
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
3.91.211.14 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-91-211-14.compute-1.amazonaws.com
Software
Apache /
Resource Hash
cc6d6ba4009e5b68c04afbbc9e0a8228a264e32047c2658a6d55d122072a8295
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

X-Dispatcher
dispatcher1uswest1
Date
Fri, 25 Feb 2022 20:22:32 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Vhost
publish
Connection
keep-alive
Vary
Accept-Encoding,User-Agent
Content-Length
26964
X-XSS-Protection
1; mode=block
Last-Modified
Tue, 05 Oct 2021 20:12:10 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
ETag
"3616e-5cda0a4fc1a80-gzip"
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
text/css;charset=utf-8
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
134482ec36c8980c2c7a3f2454c76546abcd612c9ae596d011251a7cd1d0fcbb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 25 Feb 2022 20:22:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
zadN1tnUFXNBOXe6vsJdDg==
age
11884
vary
Accept-Encoding
content-length
6456
x-ms-lease-status
unlocked
last-modified
Thu, 24 Feb 2022 07:16:58 GMT
server
cloudflare
etag
0x8D9F765A5099F89
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
570fb7f0-201e-0128-6d4f-29e90c000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6e33a5771ccb7139-YUL
fortinet-logo-white.svg
www.fortinet.com/content/dam/fortinet-blog/ 		32 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/fortinet-logo-white.svg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
3.91.211.14 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-91-211-14.compute-1.amazonaws.com
Software
Apache /
Resource Hash
d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Fri, 25 Feb 2022 20:22:32 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Vhost
publish
Content-Disposition
attachment; filename="fortinet-logo-white.svg"
Connection
keep-alive
Vary
Accept-Encoding,User-Agent
Content-Length
1998
X-XSS-Protection
1; mode=block
Last-Modified
Thu, 22 Feb 2018 23:16:01 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
ETag
"7ebb-565d53a1d6e40-gzip"
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/svg+xml
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
clientlib-base.min.js
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/ 		150 KB
69 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
3.91.211.14 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-91-211-14.compute-1.amazonaws.com
Software
Apache /
Resource Hash
1e1a42cb75ebd81eb31850e485ef4c6e3667a45f57f778f249bca1f2852a97e4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

X-Dispatcher
dispatcher1uswest1
Date
Fri, 25 Feb 2022 20:22:33 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Vhost
publish
Connection
keep-alive
Vary
Accept-Encoding,User-Agent
Content-Length
70015
X-XSS-Protection
1; mode=block
Last-Modified
Thu, 14 Jan 2021 20:18:39 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
ETag
"25644-5b8e1f610c5c0-gzip"
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
application/javascript;charset=utf-8
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
f85f39fc-d7aa-467a-b762-fbb722748016.json
cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/ 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/f85f39fc-d7aa-467a-b762-fbb722748016.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a334f368b502d68bcaafb174022cfe21775f1744f0a1cd520d0c57d094a8e66a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 25 Feb 2022 20:22:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
ypNp2Paf3c+p42YUXiXMnA==
age
87
vary
Accept-Encoding
content-length
1413
x-ms-lease-status
unlocked
last-modified
Fri, 12 Feb 2021 00:26:33 GMT
server
cloudflare
etag
0x8D8CEECD9FE5833
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
d57e5650-b01e-00c7-6a15-b6a427000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6e33a577ea457157-YUL
expires
Sat, 26 Feb 2022 00:22:32 GMT
truncated
/ 		71 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
image/png
nobelium-political-stage-hero.jpeg
www.fortinet.com/content/dam/fortinet-blog/article-images/ 		184 KB
185 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-images/nobelium-political-stage-hero.jpeg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
3.91.211.14 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-91-211-14.compute-1.amazonaws.com
Software
Apache /
Resource Hash
9213e89897982f211a9055c3337ac2f00726e2d64489ea99f5173fb572a946d5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

X-Dispatcher
dispatcher1uswest1
Date
Fri, 25 Feb 2022 20:22:33 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 24 Feb 2022 19:14:44 GMT
Server
Apache
ETag
"2e0e9-5d8c8650d9100"
X-Vhost
publish
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
image/jpeg
Cache-Control
max-age=684000, public
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
188649
X-XSS-Protection
1; mode=block
fglabs-ransomware-destructive-thumb.jpeg.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/ 		126 KB
127 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-images/fglabs-ransomware-destructive-thumb.jpeg.thumb.319.319.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
3.91.211.14 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-91-211-14.compute-1.amazonaws.com
Software
Apache /
Resource Hash
11816a0873ff77d255f6be4dceaede153ca3a3d4990100554dc1c5f61a934a06
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Fri, 25 Feb 2022 20:22:33 GMT
X-Content-Type-Options
nosniff
Last-Modified
Tue, 15 Feb 2022 23:08:30 GMT
Server
Apache
ETag
"1f9f3-5d8169c7ef780"
X-Vhost
publish
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
image/png
Cache-Control
max-age=684000, public
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
129523
X-XSS-Protection
1; mode=block
social-driveguard-blog-020222_thumb.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/ 		103 KB
103 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-images/social-driveguard-blog-020222_thumb.png.thumb.319.319.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
3.91.211.14 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-91-211-14.compute-1.amazonaws.com
Software
Apache /
Resource Hash
b399694d43775ea7757674996d3a5f466ea7afbe492ff90617595a12dadc4b58
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

X-Dispatcher
dispatcher1uswest1
Date
Fri, 25 Feb 2022 20:22:33 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 03 Feb 2022 00:49:43 GMT
Server
Apache
ETag
"19b15-5d7128289b7c0"
X-Vhost
publish
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
image/png
Cache-Control
max-age=684000, public
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
105237
X-XSS-Protection
1; mode=block
NFT-lure-bitrat-blog-thumb.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/ 		145 KB
146 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-images/NFT-lure-bitrat-blog-thumb.png.thumb.319.319.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
3.91.211.14 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-91-211-14.compute-1.amazonaws.com
Software
Apache /
Resource Hash
7a845344c57ceb50d3a4656048eac82130caded56be394b3d5bea83516775ac4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

X-Dispatcher
dispatcher1uswest1
Date
Fri, 25 Feb 2022 20:22:33 GMT
X-Content-Type-Options
nosniff
Last-Modified
Tue, 08 Feb 2022 18:29:22 GMT
Server
Apache
ETag
"2456c-5d785e5592480"
X-Vhost
publish
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
image/png
Cache-Control
max-age=684000, public
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
148844
X-XSS-Protection
1; mode=block
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		157 B
434 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b844 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
74b1612d1cb16d432cfd6542a7efe8f9297f1197025e044b9e0d9fa8e54befab
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept
application/json
Referer
https://www.fortinet.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:33 GMT
content-encoding
gzip
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
6e33a578591c7148-YUL
access-control-allow-headers
Content-Type
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/6.10.0/ 		356 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a23e0e46e16f067271bc79c92a917c13769848457d16cdf109e4dc04c687e8f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 25 Feb 2022 20:22:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
Bh9exWOPGIwRshWljrtlEw==
age
11225668
vary
Accept-Encoding
content-length
79698
x-ms-lease-status
unlocked
last-modified
Thu, 03 Dec 2020 02:43:00 GMT
server
cloudflare
etag
0x8D89735260901BC
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
28487d86-701e-0130-706c-c4c499000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6e33a5788ef47139-YUL
en.json
cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/21f81f97-7d7e-4ec0-a244-66254c286eb2/ 		62 KB
14 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/21f81f97-7d7e-4ec0-a244-66254c286eb2/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9ffb8f3aec546bb06d1c4635ba17d29bf85c06c952e153034dae313250cbb829
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 25 Feb 2022 20:22:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
N/aNhuT6TciP7knaMxQGgw==
age
3157
vary
Accept-Encoding
content-length
14408
x-ms-lease-status
unlocked
last-modified
Fri, 12 Feb 2021 00:26:38 GMT
server
cloudflare
etag
0x8D8CEECDCAD7A99
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
2f733433-c01e-0166-6215-b62ce9000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6e33a578cbaa7157-YUL
expires
Sat, 26 Feb 2022 00:22:33 GMT
otFlat.json
cdn.cookielaw.org/scripttemplates/6.10.0/assets/ 		13 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/6.10.0/assets/otFlat.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8cdca3b36914e8a3f56390da71389944579faaae82704e53bd66f9c0387502f6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 25 Feb 2022 20:22:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
W9e0YobmEbvdB0V9OmpQkw==
age
12088
vary
Accept-Encoding
content-length
3329
x-ms-lease-status
unlocked
last-modified
Thu, 03 Dec 2020 02:42:50 GMT
server
cloudflare
etag
0x8D89735209A34D6
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
a9d5ccba-301e-011e-7f6c-c4445e000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6e33a578fbf27157-YUL
otPcTab.json
cdn.cookielaw.org/scripttemplates/6.10.0/assets/v2/ 		45 KB
12 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/6.10.0/assets/v2/otPcTab.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9440 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f9b2aaabab92d9c63930432351fa3f5aa634fcb5db31b039e23465f8b4bd5a68
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 25 Feb 2022 20:22:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
zNsRoM1FEmsEgJoYMCNTng==
age
11225432
vary
Accept-Encoding
content-length
11755
x-ms-lease-status
unlocked
last-modified
Thu, 03 Dec 2020 02:42:53 GMT
server
cloudflare
etag
0x8D897352245C4EA
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
077a373d-a01e-00f1-7a6c-c40975000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
6e33a578fbf47157-YUL
img1.png
www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage/_jcr_content/root/responsivegrid/image.img.png/1645729548791/ 		36 KB
36 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage/_jcr_content/root/responsivegrid/image.img.png/1645729548791/img1.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
3.91.211.14 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-91-211-14.compute-1.amazonaws.com
Software
Apache /
Resource Hash
5131187204ce9efe08b945d15633d7d418fd692999f824f9a55524aa95559fea
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

X-Dispatcher
dispatcher1uswest1
Date
Fri, 25 Feb 2022 20:22:33 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 24 Feb 2022 19:05:48 GMT
Server
Apache
ETag
"8f2f-5d8c8451adb00"
X-Vhost
publish
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
image/png
Cache-Control
max-age=684000, public
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
36655
X-XSS-Protection
1; mode=block
truncated
/ 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
image/gif
truncated
/ 		817 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Type
image/svg+xml
launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
assets.adobedtm.com/ 		343 KB
76 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:586::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
bbf4d111477ba98c1f74a84ec0a2b7d5712f35bd6fbe2b388f5cb3f2f6c7a7d1

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:33 GMT
content-encoding
gzip
last-modified
Thu, 24 Feb 2022 23:18:17 GMT
server
AkamaiNetStorage
etag
"ef0db5b99313fdba1fff149c4a0359cb:1645744697.871161"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
76930
expires
Fri, 25 Feb 2022 21:22:33 GMT
rd
dpm.demdex.net/id/
Redirect Chain
  • https://dpm.demdex.net/id?d_visid_ver=5.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1645820553556
  • https://dpm.demdex.net/id/rd?d_visid_ver=5.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1645820553556
367 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/id/rd?d_visid_ver=5.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1645820553556
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage
Protocol
HTTP/1.1
Server
54.160.28.254 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-160-28-254.compute-1.amazonaws.com
Software
/
Resource Hash
81dc1c3b18049bcdf53e7d26dec3337984b94f1ad365c6920d0323fd28a3b494
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

DCS
dcs-prod-va6-2-v028-0121d9fda.edge-va6.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-TID
Mw+ZQ8GzTHY=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://www.fortinet.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
312
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS
dcs-prod-va6-2-v028-04eff261f.edge-va6.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Access-Control-Allow-Origin
https://www.fortinet.com
X-TID
lYsjhwPlTOU=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://dpm.demdex.net/id/rd?d_visid_ver=5.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1645820553556
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 UTC
AppMeasurement.min.js
assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/ 		33 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:586::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
055e467aa53a9c0272d805bbc009ade8c74df5a8c1255271d753ac78fe179873

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:33 GMT
content-encoding
gzip
last-modified
Wed, 19 Jan 2022 22:18:26 GMT
server
AkamaiNetStorage
etag
"85722a02b6a7feb74d08ac7875516bee:1642630706.903013"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
no-cache
accept-ranges
bytes
timing-allow-origin
*
content-length
12243
expires
Fri, 25 Feb 2022 21:22:33 GMT
AppMeasurement_Module_ActivityMap.min.js
assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement_Module_ActivityMap.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:586::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
d4e77c7411d1de6efebf4278b9c98aa77dc2e5186cee271ac256138f17bef9f4

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:33 GMT
content-encoding
gzip
last-modified
Wed, 19 Jan 2022 22:18:27 GMT
server
AkamaiNetStorage
etag
"9355415074dbdbd216a19b61ce931ab2:1642630707.219535"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
no-cache
accept-ranges
bytes
timing-allow-origin
*
content-length
1599
expires
Fri, 25 Feb 2022 21:22:33 GMT
obtp.js
amplify.outbrain.com/cp/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://amplify.outbrain.com/cp/obtp.js
Requested by
Host: apps.global.fortinet.com
URL: https://apps.global.fortinet.com/e/bfs?s=3049749&lguid=fce48e02a40b4260a79e3a1a33f5efc2&elqTrackId=e7aa0c29b1b9459baa5ec4408e412ea3&elq=0f091f635be94806a559761876f85a77&elqaid=3249&elqat=1&elqCampaignId=22218]
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
23.221.200.229 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-221-200-229.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
7e8ef05a55eafab5277e6449520107db94dfb01b497a52f283e7ffa6ee49363d

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 20:22:33 GMT
Content-Encoding
gzip
Last-Modified
Wed, 09 Feb 2022 12:30:38 GMT
Server
AkamaiNetStorage
ETag
"23b34d08f648c3f51b232443afced826:1644409863.170279"
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
max-age=1200
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
3150
Expires
Fri, 25 Feb 2022 20:42:33 GMT
6si.min.js
j.6sc.co/ 		27 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://j.6sc.co/6si.min.js
Requested by
Host: apps.global.fortinet.com
URL: https://apps.global.fortinet.com/e/bfs?s=3049749&lguid=fce48e02a40b4260a79e3a1a33f5efc2&elqTrackId=e7aa0c29b1b9459baa5ec4408e412ea3&elq=0f091f635be94806a559761876f85a77&elqaid=3249&elqat=1&elqCampaignId=22218]
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.123.161.196 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-123-161-196.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
2707e48726a3f7ec48a1d1aec9738f20b36bac1535cfa9de2e4d92310c4e7e7a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 20:22:33 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
8575
Pragma
no-cache
Last-Modified
Thu, 07 Oct 2021 17:17:43 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"615f2bb7-6a5f"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
application/javascript
Access-Control-Allow-Origin
Cache-Control
private, no-cache, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Fri, 25 Feb 2022 20:22:33 GMT
addthis_widget.js
s7.addthis.com/js/300/ 		353 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s7.addthis.com/js/300/addthis_widget.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.195.108.126 Edison, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-195-108-126.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Mon, 26 Oct 2020 18:11:48 GMT
server
nginx/1.15.8
etag
"5f971164-5834c"
vary
Accept-Encoding
x-distribution
99
content-type
application/javascript
cache-control
public, max-age=600
date
Fri, 25 Feb 2022 20:22:33 GMT
x-host
s7.addthis.com
content-length
116360
RC8b0bc4a0b33e4476a134b6c5193977e7-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/5d65da1ac8b5/ 		358 B
495 B 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/5d65da1ac8b5/RC8b0bc4a0b33e4476a134b6c5193977e7-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:586::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
2fa0eafa106eed3ad7922c6bc544582f2747ad19dd687fc649cda243a1cd360e

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:33 GMT
content-encoding
gzip
last-modified
Thu, 24 Feb 2022 23:18:18 GMT
server
AkamaiNetStorage
etag
"c38dd25e7e6786bdc4d8660bb030684e:1645744698.855816"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
229
expires
Fri, 25 Feb 2022 21:22:33 GMT
RC52075bdc49924bc1a58a4118ed15476d-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/5d65da1ac8b5/ 		1 KB
803 B 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/5d65da1ac8b5/RC52075bdc49924bc1a58a4118ed15476d-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:586::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
4925a85c1723e81894735b3c86dc169ed7fd10388ecf0f536a182336cfa660e8

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:33 GMT
content-encoding
gzip
last-modified
Thu, 24 Feb 2022 23:18:18 GMT
server
AkamaiNetStorage
etag
"c38dd25e7e6786bdc4d8660bb030684e:1645744698.855816"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
536
expires
Fri, 25 Feb 2022 21:22:33 GMT
bat.js
bat.bing.com/ 		38 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
8540c5e2d2e85cc6c5d46b1b06b7f6642dce39e0314299a08976cfe6053c7c52

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:32 GMT
content-encoding
gzip
last-modified
Wed, 09 Feb 2022 23:54:49 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 09B9A6E9A36342639DBCFBC1828C40F1 Ref B: YTO01EDGE0709 Ref C: 2022-02-25T20:22:33Z
etag
"806a236c101ed81:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
access-control-allow-origin
*
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
11333
RCc1cfec65776349c887b298772185fb67-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/5d65da1ac8b5/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/5d65da1ac8b5/RCc1cfec65776349c887b298772185fb67-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:586::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
430260c1e98c636f2a9d13d7d4e159083abe889eaf5a58530dd779862ca32404

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:33 GMT
content-encoding
gzip
last-modified
Thu, 24 Feb 2022 23:18:18 GMT
server
AkamaiNetStorage
etag
"c38dd25e7e6786bdc4d8660bb030684e:1645744698.855816"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
1341
expires
Fri, 25 Feb 2022 21:22:33 GMT
getuidj
secure.adnxs.com/ 		11 B
692 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://secure.adnxs.com/getuidj
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
68.67.161.208 Brooklyn, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
806.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 25 Feb 2022 20:22:33 GMT
X-Proxy-Origin
149.56.153.183; 149.56.153.183; 806.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
d19496b6-7457-48e3-84fc-e7cc7d7ed9fe
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
https://www.fortinet.com
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json; charset=utf-8
Content-Length
11
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
/
c.6sc.co/ 		47 B
372 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://c.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.59.105.202 Atlanta, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-59-105-202.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
132bb9ed08f5ffccc4f2ae1a4eff83b778b2ae3417947f63767d85b00028313b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 20:22:33 GMT
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
text/plain
Access-Control-Allow-Origin
https://www.fortinet.com
Access-Control-Allow-Credentials
true
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
47
17532650.js
bat.bing.com/p/action/ 		682 B
737 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/17532650.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
7020be4e3541c91f5c6eae33141472969e2af8975ff47d596dfbe7e9c5eff660

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 20:22:33 GMT
content-encoding
gzip
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: B6290B35F95D437185F43A9D232B782E Ref B: YTO01EDGE0709 Ref C: 2022-02-25T20:22:33Z
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
no-store,no-cache
content-length
585
0
bat.bing.com/action/ 		0
174 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.com/action/0?ti=17532650&tm=al001&Ver=2&mid=c77f380d-553d-4207-aeb3-406e13202943&sid=aa297000967811eca0f331d1ee08bb7c&vid=aa299210967811ecac823d841cc376f1&vids=1&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=Nobelium%20Returns%20to%20the%20Political%20World%20Stage%20%7C%20FortiGuard%20Labs%C2%A0&kw=Threat%20Research,cybercrime,Cybersecurity%20Architect&p=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&r=https%3A%2F%2Fapps.global.fortinet.com%2F&lt=983&pt=1645820552418,,,,,1,2,2,2,74,24,74,351,374,354,909,909,983,,,&pn=0,0&evt=pageLoad&msclkid=N&sv=1&rn=74042
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 20:22:33 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: D5479D185FD340E38E4412F23D8EC0AC Ref B: YTO01EDGE0709 Ref C: 2022-02-25T20:22:33Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
cachedClickId
tr.outbrain.com/ 		35 B
239 B 		Script
General
Check archive.org
Download Go to
Full URL
https://tr.outbrain.com/cachedClickId?marketerId=00ad3119690e692fd6990245f9741ea8f1
Requested by
Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
64.202.112.95 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 20:22:33 GMT
content-encoding
gzip
X-TraceId
8da5fde7d7279b58ee3f66efb8f71673
Content-Length
56
Content-Type
application/javascript
unifiedPixel
tr.outbrain.com/ 		43 B
256 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://tr.outbrain.com/unifiedPixel?marketerId=00ad3119690e692fd6990245f9741ea8f1&obApiVersion=1.1&obtpVersion=1.6.0&name=PAGE_VIEW&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&optOut=false&bust=06537834881244713
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
64.202.112.95 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
33ca751ed175a163bef530ebdcdbd0a2d15997ccbcbf8d50a6f504e8ffac5a5c

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 20:22:33 GMT
Cache-Control
no-cache
X-TraceId
400519be2265c86abd71c2e8d526a7db
content-encoding
gzip
Content-Length
60
Content-Type
image/gif;
dest5.html
fortinet.demdex.net/ Frame C3F5 		7 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://fortinet.demdex.net/dest5.html?d_nsid=0
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.217.99.187 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-217-99-187.compute-1.amazonaws.com
Software
/
Resource Hash
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/

Response headers

Accept-Ranges
bytes
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding
gzip
Content-Type
text/html;charset=UTF-8
date
Fri, 25 Feb 2022 20:22:33 GMT
DCS
dcs-prod-va6-2-v028-098cd2fe5.edge-va6.demdex.com UNKNOWN
Expires
Thu, 01 Jan 1970 00:00:00 UTC
last-modified
Mon, 14 Feb 2022 16:08:44 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
vary
accept-encoding
X-TID
noG/mKxRR74=
Content-Length
2791
Connection
keep-alive
id
metrics.fortinet.com/ 		48 B
509 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://metrics.fortinet.com/id?d_visid_ver=5.3.0&d_fieldgroup=A&mcorgid=ED8739F75677FE917F000101%40AdobeOrg&mid=82642789980506302460002085330448118473&ts=1645820553724
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.216.131.23 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-216-131-23.compute-1.amazonaws.com
Software
jag /
Resource Hash
d9d63aad9cf60b90448d51e766c4ea5a8bf49071ec627c9b329acefbc8bc8430
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fortinet.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Fri, 25 Feb 2022 20:22:33 GMT
x-content-type-options
nosniff
server
jag
xserver
anedge-678c9b78fd-rqtqk
vary
Origin
x-c
main-1585.I7afc85.M0-540
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://www.fortinet.com
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/x-javascript;charset=utf-8
content-length
48
x-xss-protection
1; mode=block
ibs:dpid=411&dpuuid=Yhk6iQAAAGnZ_APl
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=82299764022153901900036392187171918657
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yhk6iQAAAGnZ_APl
42 B
943 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yhk6iQAAAGnZ_APl
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage
Protocol
HTTP/1.1
Server
54.160.28.254 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-160-28-254.compute-1.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

DCS
dcs-prod-va6-1-v028-0490e599b.edge-va6.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
F76jcjkrRyA=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=Yhk6iQAAAGnZ_APl
Date
Fri, 25 Feb 2022 20:22:33 GMT
Cache-Control
no-cache
Server
AMO-cookiemap/1.1
Connection
keep-alive
Content-Length
0
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
moatframe.js
z.moatads.com/addthismoatframe568911941483/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.52.163.40 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-163-40.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:33 GMT
content-encoding
gzip
last-modified
Fri, 08 Nov 2019 20:13:52 GMT
server
AmazonS3
x-amz-request-id
3BDAE1FAB05E52F4
etag
"f14b4e1f799b14f798a195f43cf58376"
vary
Accept-Encoding
content-type
application/x-javascript
cache-control
max-age=41237
accept-ranges
bytes
content-length
948
x-amz-id-2
JQEtOEyiFCqCP1YLI1OIPGBGUg/WHgpDv22+z5rvn/G8szLTqEelRVwbxuu0H6mk2GphOf1hSec=
api.min.js
a.opmnstr.com/app/js/ 		205 KB
57 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://a.opmnstr.com/app/js/api.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
37.19.206.70 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
unn-37-19-206-70.datapacket.com
Software
BunnyCDN-ASB1-759 /
Resource Hash
507ce7426c190c3d954909e634c514914c57d3f311fc022b560260614b596196

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:33 GMT
content-encoding
br
cdn-edgestorageid
759
perma-cache
HIT
cdn-storageserver
DE-164
cdn-cachedat
02/25/2022 19:06:18
cdn-pullzone
293267
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode
200
server
BunnyCDN-ASB1-759
access-control-allow-origin
*
last-modified
Fri, 25 Feb 2022 19:06:14 GMT
cdn-proxyver
1.02
cdn-fileserver
300
etag
W/"621928a6-33287"
vary
Accept-Encoding, Accept-Encoding
content-type
application/javascript
cdn-cache
HIT
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
cdn-uid
efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid
d6becbd07941fd0306fc7b282c729af5
cdn-requestcountrycode
CA
cdn-status
200
cdn-requestpullsuccess
True
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&session=50245045-32e6-48cc-8e02-94a5abfc3874&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Fri%2C%2025%20Feb%202022%2020%3A22%3A33%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20discovered%20evidence%20that%20the%20Nobelium%20Group%20is%20impersonating%20someone%20associated%20with%20the%20Turkish%20embassy%20as%20a%20lure%20to%20introduce%20a%20Cobalt%20Strike%20beacon%20payload%20and%20gain%20access.%20Read%20our%20blog%20to%20learn%20more.%22%2C%22keywords%22%3A%22Threat%20Research%2Ccybercrime%2CCybersecurity%20Architect%22%2C%22title%22%3A%22Nobelium%20Returns%20to%20the%20Political%20World%20Stage%20%7C%20FortiGuard%20Labs%26nbsp%3B%22%7D&cb=&r=https%3A%2F%2Fapps.global.fortinet.com%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&pageViewId=24a2817e-0df0-4e15-82e0-37d471c0b550&an_uid=0
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.59.105.202 Atlanta, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-59-105-202.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 20:22:33 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Tue, 05 Oct 2021 22:17:52 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"615ccf10-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
clarity.js
d.clarity.ms/s/0.6.32/ 		53 KB
23 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://d.clarity.ms/s/0.6.32/clarity.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/p/action/17532650.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.76.174.66 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
3701cadc5fc84e8ad639f83a87e20d82575e3cc28d479d73a0e66e5230e71c65

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:32 GMT
content-encoding
br
etag
"1d8191fe855c690"
last-modified
Thu, 03 Feb 2022 17:03:04 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
cache-control
public,max-age=86400
accept-ranges
bytes
request-context
appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
c.gif
c.clarity.ms/
Redirect Chain
  • https://c.clarity.ms/c.gif
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=1A6409917E16489B9EFF2F4E0D099C87&RedC=c.clarity.ms&MXFR=20444B2E176E6CC008B35A78136E62E6
  • https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=1A6409917E16489B9EFF2F4E0D099C87&MUID=366606E82BB16F79385517BE2A1B6EDB
42 B
442 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=1A6409917E16489B9EFF2F4E0D099C87&MUID=366606E82BB16F79385517BE2A1B6EDB
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage
Protocol
H2
Server
20.36.253.92 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 20:22:33 GMT
last-modified
Fri, 18 Feb 2022 23:15:27 GMT
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
etag
"6afd196a1d25d81:0"
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-type
image/gif
content-length
42

Redirect headers

pragma
no-cache
date
Fri, 25 Feb 2022 20:22:33 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 50E6317ECEDA46D7AEF5A480CC4E7C8F Ref B: YTO01EDGE0709 Ref C: 2022-02-25T20:22:33Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=1A6409917E16489B9EFF2F4E0D099C87&MUID=366606E82BB16F79385517BE2A1B6EDB
cache-control
private, no-cache, proxy-revalidate, no-store
content-length
0
details
epsilon.6sense.com/v3/company/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://epsilon.6sense.com/v3/company/details
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.196.60.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-196-60-121.compute-1.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
GET
Access-Control-Request-Headers
authorization,epsiloncookie
Origin
https://www.fortinet.com
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Sec-Fetch-Mode
cors

Response headers

date
Fri, 25 Feb 2022 20:22:33 GMT
server
nginx
access-control-allow-origin
https://www.fortinet.com
access-control-allow-credentials
true
access-control-max-age
1800
access-control-allow-methods
OPTIONS,GET
access-control-allow-headers
authorization,epsiloncookie
details
epsilon.6sense.com/v3/company/ 		813 B
655 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://epsilon.6sense.com/v3/company/details
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.196.60.121 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-196-60-121.compute-1.amazonaws.com
Software
nginx /
Resource Hash
ea110358a3d9ed8f3e493e104b3e523e51b27653837899f2139762521ad1001c

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Referer
https://www.fortinet.com/
Accept-Language
en-CA,en;q=0.9
Authorization
Token 82f0c18bd0395219670f57108eb160f3273629b2
EpsilonCookie
4f78ce1795b80000893a1962710200008f520000

Response headers

date
Fri, 25 Feb 2022 20:22:33 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
https://www.fortinet.com
access-control-allow-credentials
true
content-length
469
s06642409049858
metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.22.4-LBWB/ 		43 B
329 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.22.4-LBWB/s06642409049858?AQB=1&ndh=1&pf=1&t=25%2F1%2F2022%2020%3A22%3A33%205%200&mid=82642789980506302460002085330448118473&aamlh=7&ce=UTF-8&pageName=en%3Ablog%3Athreat-research%3Anobelium-returns-to-the-political-world-stage&g=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&r=https%3A%2F%2Fapps.global.fortinet.com%2F&cc=USD&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&v1=www.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&c7=Entire%20Site&c8=New&v27=BLOG&v33=en%3Ablog%3Athreat-research%3Anobelium-returns-to-the-political-world-stage&v35=Enabled&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=ED8739F75677FE917F000101%40AdobeOrg&AQE=1
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.216.131.23 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-216-131-23.compute-1.amazonaws.com
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:33 GMT
x-content-type-options
nosniff
x-c
main-1585.I7afc85.M0-540
p3p
CP="This is not a P3P policy"
vary
*
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Sat, 26 Feb 2022 20:22:33 GMT
server
jag
xserver
anedge-678c9b78fd-c5v96
etag
3534372726682877952-4619453164762469115
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Thu, 24 Feb 2022 20:22:33 GMT
39852
api.omappapi.com/v2/embed/ 		12 KB
3 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.omappapi.com/v2/embed/39852?d=fortinet.com
Requested by
Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.85.61.11 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-52-85-61-11.ewr53.r.cloudfront.net
Software
Pagely Gateway/1.5.1 /
Resource Hash
9b3a768a0d2d23e86f3887b0b40ef0b35c39589dd4e9cac28adf957c045cfca3

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:33 GMT
content-encoding
gzip
x-cache-config
0 0
x-amz-cf-pop
EWR53-P1
x-cache-status
HIT
x-cache
Miss from cloudfront
access-control-allow-headers
X-CSRF-Token
x-optinmonster-account
45602
x-user-agent
standard--
last-modified
Mon, 10 Jan 2022 23:26:02 GMT
server
Pagely Gateway/1.5.1
etag
W/"19044d83d9231dcbb9221d7815d20c00"
vary
Accept-Encoding, User-Agent
content-type
application/json
via
1.1 bf49d89d8a3c52a5998a7b465717a00e.cloudfront.net (CloudFront)
access-control-expose-headers
X-OptinMonster-Account, X-User-Agent
cache-control
public, max-age=30, stale-while-revalidate=1800
access-control-allow-origin
*
x-amz-cf-id
Ahs2lW1F3UPlda91hZWxPRXeQs3iWz0fQuktJcjsyRWrZjt8Pv_fpg==
expires
Fri, 25 Feb 2022 20:12:43 GMT
hotjar-1178304.js
static.hotjar.com/c/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-1178304.js?sv=6
Requested by
Host: apps.global.fortinet.com
URL: https://apps.global.fortinet.com/e/bfs?s=3049749&lguid=fce48e02a40b4260a79e3a1a33f5efc2&elqTrackId=e7aa0c29b1b9459baa5ec4408e412ea3&elq=0f091f635be94806a559761876f85a77&elqaid=3249&elqat=1&elqCampaignId=22218]
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.150.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-150-59.ewr52.r.cloudfront.net
Software
/
Resource Hash
7312355d6b976a3fcc9fbc7e04dafd9516f7ea0a0ccd22aaf6c12bca65ff6a82
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:33 GMT
content-encoding
br
x-content-type-options
nosniff
age
15
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
1958
access-control-allow-origin
*
cache-control
max-age=60
etag
W/ac4c74871f84399e17813f48d676d243
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
via
1.1 833189e24f3e31812a47b595ff310a14.cloudfront.net (CloudFront)
x-cache-hit
1
x-amz-cf-pop
EWR52-C2
x-amz-cf-id
CxgTLVn5ACor9Sud4HgH4qFVR_ohKanh6N3XYtjh4vTecABrcP3FWw==
wid.tracker.js
www.argusplatform.com/js/
Redirect Chain
  • https://argusplatform.com/js/wid.tracker.js
  • https://www.argusplatform.com/js/wid.tracker.js
7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.argusplatform.com/js/wid.tracker.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage
Protocol
H2
Server
54.154.189.86 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-154-189-86.eu-west-1.compute.amazonaws.com
Software
Kestrel /
Resource Hash
72cca376440f971e2d99e3f8b7a50432517e8a75327360d35a3df8b896c3962d

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:34 GMT
content-encoding
gzip
last-modified
Fri, 25 Feb 2022 11:46:51 GMT
server
Kestrel
etag
"1d82a3d60a19c6d-gzip"
vary
Accept-Encoding
content-type
application/javascript
accept-ranges
bytes
content-length
2395

Redirect headers

location
https://www.argusplatform.com/js/wid.tracker.js
date
Fri, 25 Feb 2022 20:22:34 GMT
server
Apache/2.4.29 (Ubuntu)
content-length
338
content-type
text/html; charset=iso-8859-1
js
www.googletagmanager.com/gtag/ 		94 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-767980-1
Requested by
Host: apps.global.fortinet.com
URL: https://apps.global.fortinet.com/e/bfs?s=3049749&lguid=fce48e02a40b4260a79e3a1a33f5efc2&elqTrackId=e7aa0c29b1b9459baa5ec4408e412ea3&elq=0f091f635be94806a559761876f85a77&elqaid=3249&elqat=1&elqCampaignId=22218]
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80e::2008 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1ad1bc201badad52b9cfe16df478ba99053aef36ba4b5d457943a45bd6bb1d8e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:33 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37477
x-xss-protection
0
last-modified
Fri, 25 Feb 2022 18:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 25 Feb 2022 20:22:33 GMT
s09529598615158
metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.22.4-LBWB/ 		43 B
247 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.22.4-LBWB/s09529598615158?AQB=1&ndh=1&pf=1&t=25%2F1%2F2022%2020%3A22%3A33%205%200&mid=82642789980506302460002085330448118473&aamlh=7&ce=UTF-8&pageName=en%3Ablog%3Athreat-research%3Anobelium-returns-to-the-political-world-stage&g=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&cc=USD&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&v1=www.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&c4=www.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&c7=Entire%20Site&c8=New&v27=BLOG&v33=en%3Ablog%3Athreat-research%3Anobelium-returns-to-the-political-world-stage&v35=Enabled&v101=pnfp.com&v102=Pinnacle%20Financial%20Partners&v103=%24500M%20-%20%241B&v104=1%2C000%20-%204%2C999&v105=Financial%20Services&v106=Montreal&v107=Quebec&v108=Canada&v109=Northern%20America&v110=52311&v111=Investment%20Banking%20and%20Securities%20Dealing&v112=2600&v113=645543000&v126=Very%20High&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=ED8739F75677FE917F000101%40AdobeOrg&lrt=30&AQE=1
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.216.131.23 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-216-131-23.compute-1.amazonaws.com
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:33 GMT
x-content-type-options
nosniff
x-c
main-1585.I7afc85.M0-540
p3p
CP="This is not a P3P policy"
vary
*
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Sat, 26 Feb 2022 20:22:33 GMT
server
jag
xserver
anedge-678c9b78fd-6tvfx
etag
3534372725820391424-4619837517850369300
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Thu, 24 Feb 2022 20:22:33 GMT
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::200e Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Tue, 02 Nov 2021 17:39:06 GMT
server
Golfe2
age
6095
date
Fri, 25 Feb 2022 18:40:59 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
20006
expires
Fri, 25 Feb 2022 20:40:59 GMT
0c5486a500a70ec79a100d1d8e375278-optin.json
a.omappapi.com/app/campaign-views/df0603609574/qxx1b0gslklfu2kjckea/ 		20 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://a.omappapi.com/app/campaign-views/df0603609574/qxx1b0gslklfu2kjckea/0c5486a500a70ec79a100d1d8e375278-optin.json
Requested by
Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.181.168.47 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
edge-742.bunnyinfra.net
Software
BunnyCDN-NY1-742 /
Resource Hash
6bdeca02f38306151b71374cfbbbe73506a9af54f4e3a5d9f6c04a969ada3e1a

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:34 GMT
content-encoding
br
cdn-edgestorageid
742
perma-cache
HIT
cdn-storageserver
DE-199
cdn-cachedat
01/19/2022 07:50:03
cdn-pullzone
293267
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode
200
server
BunnyCDN-NY1-742
access-control-allow-origin
*
last-modified
Fri, 07 Jan 2022 04:12:07 GMT
cdn-proxyver
1.02
cdn-fileserver
291
etag
W/"61d7bd97-4fa6"
vary
Accept-Encoding
content-type
application/json
cdn-cache
HIT
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control
public, max-age=31919000
cdn-uid
efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid
407feabb2393d9d56fce3b16c8f94804
cdn-requestcountrycode
CA
cdn-status
200
cdn-requestpullsuccess
True
modules.f9262b22b79803e6feba.js
script.hotjar.com/ 		236 KB
62 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.f9262b22b79803e6feba.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1178304.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.225.230.72 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-225-230-72.jfk51.r.cloudfront.net
Software
/
Resource Hash
1bded02879e2df34de7df88fc7dd7b325a01a4fbc5af6d0877d5e3364c23ce49
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 09:20:07 GMT
content-encoding
br
x-content-type-options
nosniff
age
39747
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
62920
access-control-allow-origin
*
last-modified
Fri, 25 Feb 2022 09:20:06 GMT
etag
"735da755ffe3d238685995ce935edbcb"
vary
Accept-Encoding
content-type
application/javascript
via
1.1 4ffd9afb636b7eb92e42cf2534136d50.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
JFK51-C1
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
5EUvLKeH6DqDwTbbiaKpAhYeVb8Bm6G7sz6-45MA3EcQv6LfVYwuIg==
collect
d.clarity.ms/ 		0
94 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://d.clarity.ms/collect
Requested by
Host: d.clarity.ms
URL: https://d.clarity.ms/s/0.6.32/clarity.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.76.174.66 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
https://www.fortinet.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

access-control-allow-origin
https://www.fortinet.com
date
Fri, 25 Feb 2022 20:22:33 GMT
access-control-allow-credentials
true
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
request-context
appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
box-acca23410e696f2ca3087d947271c3d0.html
vars.hotjar.com/ Frame EEB7 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://vars.hotjar.com/box-acca23410e696f2ca3087d947271c3d0.html
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1178304.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.150.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-150-34.ewr52.r.cloudfront.net
Software
/
Resource Hash
e0f23d16bb40b894855d19e097cc0b9f4695b98a7db1fed18625cfb1ce8bda35

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/

Response headers

content-type
text/html
content-length
1044
date
Fri, 04 Feb 2022 08:52:06 GMT
accept-ranges
bytes
cache-control
max-age=31536000
content-encoding
br
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
etag
"6f65fac4e8efe167ff5132c0c54c5729"
last-modified
Fri, 04 Feb 2022 08:51:39 GMT
x-robots-tag
none
vary
Accept-Encoding
x-cache
Hit from cloudfront
via
1.1 f912c5a5865a58aaaad9710240b6d2f2.cloudfront.net (CloudFront)
x-amz-cf-pop
EWR52-C2
x-amz-cf-id
iuUROAmaknVlQnH2ifoh5ZoEW9pHhjOLoTPq98LO55rIsEPtAIOXHw==
age
1855828
collect
www.google-analytics.com/j/ 		1 B
207 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j96&a=392773889&t=pageview&_s=1&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&dr=https%3A%2F%2Fapps.global.fortinet.com%2F&ul=en-us&de=UTF-8&dt=Nobelium%20Returns%20to%20the%20Political%20World%20Stage%20%7C%20FortiGuard%20Labs%C2%A0&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=1608887128&gjid=518309549&cid=2005283585.1645820554&tid=UA-767980-1&_gid=1616856493.1645820554&_r=1&gtm=2ou2n0&z=2086253475
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:816::200e Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.fortinet.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 20:22:34 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.fortinet.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
b4f2f7dbd4061616098231-social-img-banner-secure-cybersec-training_1024x160.jpg
a.omappapi.com/users/df0603609574/images/ 		19 KB
20 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://a.omappapi.com/users/df0603609574/images/b4f2f7dbd4061616098231-social-img-banner-secure-cybersec-training_1024x160.jpg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
195.181.168.47 , United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS
edge-742.bunnyinfra.net
Software
BunnyCDN-NY1-742 /
Resource Hash
484894648719027fc265a9fad98eddfe18cee179cde0e98b780af731e6b30a4a

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:34 GMT
cdn-edgestorageid
742
perma-cache
HIT
cdn-storageserver
NY-95
access-control-expose-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat
2021-06-04 00:16:45
cdn-pullzone
293267
access-control-allow-headers
Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
content-length
19336
access-control-allow-origin
*
last-modified
Thu, 27 May 2021 18:44:53 GMT
server
BunnyCDN-NY1-742
cdn-requestpullcode
200
etag
"60afe8a5-4b88"
content-type
image/webp
cdn-cache
HIT
cdn-uid
efcab737-66db-4b75-ab55-ed485d5a01dd
cache-control
public, max-age=31919000
cdn-requestid
c17f61a132a191deb0c41c91169f2a75
accept-ranges
bytes
cdn-requestcountrycode
CA
cdn-status
200
cdn-requestpullsuccess
True
RC966743b5fdb047df849b9aa2c6faad9e-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/5d65da1ac8b5/ 		922 B
794 B 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/5d65da1ac8b5/RC966743b5fdb047df849b9aa2c6faad9e-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:586::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
6b6c67f54c9cae9226b2251489f4604e72a15890c09e4cab3f7686fbc6c42ace

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:34 GMT
content-encoding
gzip
last-modified
Thu, 24 Feb 2022 23:18:18 GMT
server
AkamaiNetStorage
etag
"c38dd25e7e6786bdc4d8660bb030684e:1645744698.855816"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
527
expires
Fri, 25 Feb 2022 21:22:34 GMT
RC2ef20bc449244a1a985b07cb1ef5059a-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/5d65da1ac8b5/ 		847 B
743 B 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/5d65da1ac8b5/RC2ef20bc449244a1a985b07cb1ef5059a-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:586::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
d3f7b36acf8eb6845a2eb64c1cd115acf2c4c73cb81b64d968873d52528a6c66

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:34 GMT
content-encoding
gzip
last-modified
Thu, 24 Feb 2022 23:18:18 GMT
server
AkamaiNetStorage
etag
"c38dd25e7e6786bdc4d8660bb030684e:1645744698.855816"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
476
expires
Fri, 25 Feb 2022 21:22:34 GMT
RC5cf00b5cc6354b20a80b61bc2f128836-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/5d65da1ac8b5/ 		664 B
666 B 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/5d65da1ac8b5/RC5cf00b5cc6354b20a80b61bc2f128836-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:586::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
9ca6e1bd00d52bdaa9899a8c8c87af7ebc4b65528cca3f4e200672814d5bf75f

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:34 GMT
content-encoding
gzip
last-modified
Thu, 24 Feb 2022 23:18:18 GMT
server
AkamaiNetStorage
etag
"c38dd25e7e6786bdc4d8660bb030684e:1645744698.855816"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
400
expires
Fri, 25 Feb 2022 21:22:34 GMT
RC359e0cac2a6442a48c2afb7b95464755-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/5d65da1ac8b5/ 		819 B
764 B 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/5d65da1ac8b5/RC359e0cac2a6442a48c2afb7b95464755-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:586::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
b0c70f9d21afd60b58ce1fea2625adbfa52135ea789949426309bd1defec5872

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:34 GMT
content-encoding
gzip
last-modified
Thu, 24 Feb 2022 23:18:18 GMT
server
AkamaiNetStorage
etag
"c38dd25e7e6786bdc4d8660bb030684e:1645744698.855816"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
497
expires
Fri, 25 Feb 2022 21:22:34 GMT
RCf2367c4c413a4edba3e733df0f5fd0b2-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/5d65da1ac8b5/ 		2 KB
1021 B 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/5d65da1ac8b5/RCf2367c4c413a4edba3e733df0f5fd0b2-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:586::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
6a18b3c0a15fab8498292821e96772658557a7812cd0d2c34f2f73e0081f8c09

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:34 GMT
content-encoding
gzip
last-modified
Thu, 24 Feb 2022 23:18:18 GMT
server
AkamaiNetStorage
etag
"c38dd25e7e6786bdc4d8660bb030684e:1645744698.855816"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
754
expires
Fri, 25 Feb 2022 21:22:34 GMT
js
www.googletagmanager.com/gtag/ 		101 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-662878185&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-767980-1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80e::2008 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
96ffea4a5765dfbb25dc66d9b53fea99dc5503135270939f3efeea874949ff10
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:34 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40934
x-xss-protection
0
last-modified
Fri, 25 Feb 2022 18:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 25 Feb 2022 20:22:34 GMT
js
www.googletagmanager.com/gtag/ 		91 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-10050195&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-767980-1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80e::2008 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
a4c5e7d2373f036eaaa10f38d126e2e1578d00af13fd6497b93c78d64949aef9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:34 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
37247
x-xss-protection
0
last-modified
Fri, 25 Feb 2022 18:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 25 Feb 2022 20:22:34 GMT
js
www.googletagmanager.com/gtag/ 		101 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-609297413&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-767980-1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80e::2008 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b0e1947befc4e20bcebf8625bb288e020a7347705aa457f438f6a0afd2fefd27
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:34 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40936
x-xss-protection
0
last-modified
Fri, 25 Feb 2022 18:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 25 Feb 2022 20:22:34 GMT
js
www.googletagmanager.com/gtag/ 		101 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-729495989&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-767980-1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80e::2008 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
06fd2e08c52d2e3fcac2b6a8dd64fe2d70c1d06ac09cbb50d53abd6accbb7a91
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:34 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40939
x-xss-protection
0
last-modified
Fri, 25 Feb 2022 18:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 25 Feb 2022 20:22:34 GMT
js
www.googletagmanager.com/gtag/ 		101 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-748285774&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-767980-1
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80e::2008 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
9fc340f3124536c401070981407bf671cd21dbed9ecd311bc9ad6e03715848f1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:34 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40935
x-xss-protection
0
last-modified
Fri, 25 Feb 2022 18:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 25 Feb 2022 20:22:34 GMT
js
www.googletagmanager.com/gtag/ 		101 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-748285774&l=dataLayer
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80e::2008 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
24ea814a6a9b6e17a0754d72c4e0c923c8475012711af53464ba775a5184d34e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:34 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40926
x-xss-protection
0
last-modified
Fri, 25 Feb 2022 18:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 25 Feb 2022 20:22:34 GMT
RCa120729e8aac4d6eb9006c8249638d3d-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/5d65da1ac8b5/ 		766 B
714 B 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/5d65da1ac8b5/RCa120729e8aac4d6eb9006c8249638d3d-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:586::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
4f828cdeddc7cc8061dfb2bed5d92c0cca701df32f7b1bc0273c01cbde623314

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:34 GMT
content-encoding
gzip
last-modified
Thu, 24 Feb 2022 23:18:18 GMT
server
AkamaiNetStorage
etag
"c38dd25e7e6786bdc4d8660bb030684e:1645744698.855816"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
447
expires
Fri, 25 Feb 2022 21:22:34 GMT
RCcd84e40d19c24776bef77836ab2f8df6-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/5d65da1ac8b5/ 		819 B
767 B 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/5d65da1ac8b5/RCcd84e40d19c24776bef77836ab2f8df6-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:586::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
175f90d7fb29bcf11a50b8555345fda4068908c88c5c55e33f6a52e18184a774

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:34 GMT
content-encoding
gzip
last-modified
Thu, 24 Feb 2022 23:18:18 GMT
server
AkamaiNetStorage
etag
"c38dd25e7e6786bdc4d8660bb030684e:1645744698.855816"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
501
expires
Fri, 25 Feb 2022 21:22:34 GMT
RCf5bd1991cad84a7294a7b609189a1fa5-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/5d65da1ac8b5/ 		1021 B
866 B 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/5d65da1ac8b5/RCf5bd1991cad84a7294a7b609189a1fa5-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:586::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
39308a396e97df42bc3699b37ef93a00e6458765ba4e43291eb320e8bf24ed01

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:34 GMT
content-encoding
gzip
last-modified
Thu, 24 Feb 2022 23:18:18 GMT
server
AkamaiNetStorage
etag
"c38dd25e7e6786bdc4d8660bb030684e:1645744698.855816"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
600
expires
Fri, 25 Feb 2022 21:22:34 GMT
RC1c3aed62846445afb6e8fe95756d2c91-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/5d65da1ac8b5/ 		754 B
713 B 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/5d65da1ac8b5/RC1c3aed62846445afb6e8fe95756d2c91-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:586::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
366ceeddfa3f83d84507dae95e949f01db7164d10b0f6cd23790816fb5861ad6

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:34 GMT
content-encoding
gzip
last-modified
Thu, 24 Feb 2022 23:18:18 GMT
server
AkamaiNetStorage
etag
"c38dd25e7e6786bdc4d8660bb030684e:1645744698.855816"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
446
expires
Fri, 25 Feb 2022 21:22:34 GMT
RC27acd4fab2ae40a2a6dc921e88ee3ac3-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/5d65da1ac8b5/ 		1 KB
938 B 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/5d65da1ac8b5/RC27acd4fab2ae40a2a6dc921e88ee3ac3-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:586::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
7caf8b3b05dece083ff18c992c35b56ce60d853758ecd4ff805e1614233e1248

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:34 GMT
content-encoding
gzip
last-modified
Thu, 24 Feb 2022 23:18:18 GMT
server
AkamaiNetStorage
etag
"c38dd25e7e6786bdc4d8660bb030684e:1645744698.855816"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
671
expires
Fri, 25 Feb 2022 21:22:34 GMT
RCfd72a596db204601a195886ad6f74b58-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/5d65da1ac8b5/ 		819 B
767 B 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/5d65da1ac8b5/RCfd72a596db204601a195886ad6f74b58-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:586::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
f83ca3e8299ce52ab2282f283eccd64729dda06b0f32a47959a4f10ff14ef9a1

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:34 GMT
content-encoding
gzip
last-modified
Thu, 24 Feb 2022 23:18:18 GMT
server
AkamaiNetStorage
etag
"c38dd25e7e6786bdc4d8660bb030684e:1645744698.855816"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
501
expires
Fri, 25 Feb 2022 21:22:34 GMT
RC54f5e6f339414e6282feb1bfd5110df3-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/5d65da1ac8b5/ 		1 KB
814 B 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/5d65da1ac8b5/RC54f5e6f339414e6282feb1bfd5110df3-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:586::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
1646e8a67bdf74190ba70cce752d0949795b2aab98336953114405e2f60e2ffb

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:34 GMT
content-encoding
gzip
last-modified
Thu, 24 Feb 2022 23:18:18 GMT
server
AkamaiNetStorage
etag
"c38dd25e7e6786bdc4d8660bb030684e:1645744698.855816"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
547
expires
Fri, 25 Feb 2022 21:22:34 GMT
RCaf301bf390eb49f29672733c2389885b-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/5d65da1ac8b5/ 		966 B
818 B 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/5d65da1ac8b5/RCaf301bf390eb49f29672733c2389885b-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:586::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
27a477c91992ade903773347f50b15bea9d3d6b540b50362dbdebe371f3ba879

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:34 GMT
content-encoding
gzip
last-modified
Thu, 24 Feb 2022 23:18:18 GMT
server
AkamaiNetStorage
etag
"c38dd25e7e6786bdc4d8660bb030684e:1645744698.855816"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
551
expires
Fri, 25 Feb 2022 21:22:34 GMT
ipinfo
site.fortinet.com/utilservice/ 		201 B
771 B 		Script
General
Check archive.org
Download Go to
Full URL
https://site.fortinet.com/utilservice/ipinfo?site=fortinet.com&callback=jQuery22006334217261465367_1645820553326&_=1645820553327
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
96.45.36.159 Santa Clara, United States, ASN40934 (FORTINET, US),
Reverse DNS
Software
nginx/1.20.2 /
Resource Hash
92105b4e1a303ab557adbe71d5dfc036c696eac5ccc39fa9efa87f6abe987dbe
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' *.fortinet.com *.myfortinet.com fortinet.my.salesforce.com;
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Content-Security-Policy
frame-ancestors 'self' *.fortinet.com *.myfortinet.com fortinet.my.salesforce.com;
Server
nginx/1.20.2
Date
Fri, 25 Feb 2022 20:22:35 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
application/json;charset=UTF-8
Connection
keep-alive
Content-Length
201
Front-End-Https
on
/
pixels.argusplatform.com/wh/track/ 		0
0 		Script
General
Check archive.org
Download Go to
Full URL
https://pixels.argusplatform.com/wh/track/?site_id=C6AC00C8269540D0ABFF19F1B5558B6D&visitor_id=1645820554406533518&event_type=page_request&timestamp=1645820554&page_title=Nobelium+Returns+to+the+Political+World+Stage+%7C+FortiGuard+Labs%C2%A0&page_url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&page_url_referer=https%3A%2F%2Fapps.global.fortinet.com%2F&callback=jQuery22006334217261465367_1645820553328&_=1645820553329
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
34.251.139.24 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-251-139-24.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers
js
www.googletagmanager.com/gtag/ 		101 KB
40 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-631698094
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:80e::2008 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
09b8e25d8cb3cefc967aa2d7026ca52211875c9d02a3051dc7a9383442003a26
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:34 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
40927
x-xss-protection
0
last-modified
Fri, 25 Feb 2022 18:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 25 Feb 2022 20:22:34 GMT
roundtrip.js
s.adroll.com/j/ 		46 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/roundtrip.js
Requested by
Host: apps.global.fortinet.com
URL: https://apps.global.fortinet.com/e/bfs?s=3049749&lguid=fce48e02a40b4260a79e3a1a33f5efc2&elqTrackId=e7aa0c29b1b9459baa5ec4408e412ea3&elq=0f091f635be94806a559761876f85a77&elqaid=3249&elqat=1&elqCampaignId=22218]
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2140:d600:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d62a3b924d49cc3909d8c7e7d66c6fda8780c357fae0f927993f424928401b20

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

X-Amz-Version-Id
mLgRV7jYHDvB6wDphJKX5Q2F5vg5l49f
Content-Encoding
gzip
Etag
W/"b8caabe626e64605e61edd5174246bf4"
Age
2258
X-Amz-Server-Side-Encryption
AES256
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Connection
keep-alive
Vary
Accept-Encoding
Via
1.1 a1b9c0f574e30dae7536945f59627868.cloudfront.net (CloudFront)
Last-Modified
Mon, 07 Feb 2022 16:47:41 GMT
Server
AmazonS3
Date
Fri, 25 Feb 2022 19:44:57 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
X-Amz-Cf-Pop
EWR52-C1
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
Vk_a6zDIJAqp-Q_O3aPBG2KuAxkpkvCL9rtYpUoLiojZal9OpMPqNQ==
insight.min.js
snap.licdn.com/li.lms-analytics/ 		1006 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: apps.global.fortinet.com
URL: https://apps.global.fortinet.com/e/bfs?s=3049749&lguid=fce48e02a40b4260a79e3a1a33f5efc2&elqTrackId=e7aa0c29b1b9459baa5ec4408e412ea3&elq=0f091f635be94806a559761876f85a77&elqaid=3249&elqat=1&elqCampaignId=22218]
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:13::17d7:82d0 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
0055b9d0429e9c194b4aa6b5f49cbc2ec31a7220ee7c8c186a9ee951feabd482

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 20:22:34 GMT
Content-Encoding
gzip
Last-Modified
Thu, 17 Feb 2022 18:48:07 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=11628
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
479
tag.aspx
ml314.com/ 		31 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ml314.com/tag.aspx?251
Requested by
Host: apps.global.fortinet.com
URL: https://apps.global.fortinet.com/e/bfs?s=3049749&lguid=fce48e02a40b4260a79e3a1a33f5efc2&elqTrackId=e7aa0c29b1b9459baa5ec4408e412ea3&elq=0f091f635be94806a559761876f85a77&elqaid=3249&elqat=1&elqCampaignId=22218]
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.21.103.83 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-21-103-83.compute-1.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
cd5489dc88fd8e9e9ea9cacf8077f8b20446d10fab97186491fe62079051a10d

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 20:22:34 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
public, max-age=86400
Connection
keep-alive
Content-Length
12675
uwt.js
static.ads-twitter.com/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: apps.global.fortinet.com
URL: https://apps.global.fortinet.com/e/bfs?s=3049749&lguid=fce48e02a40b4260a79e3a1a33f5efc2&elqTrackId=e7aa0c29b1b9459baa5ec4408e412ea3&elq=0f091f635be94806a559761876f85a77&elqaid=3249&elqat=1&elqCampaignId=22218]
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.28.157 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:34 GMT
content-encoding
gzip
last-modified
Sat, 05 Feb 2022 00:34:56 GMT
etag
"8dc11b7ca1d5ed9ec3b1ab1beb621c75+gzip"
vary
Accept-Encoding,Host
x-tw-cdn
FT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache
x-cache
HIT
accept-ranges
bytes
content-type
application/javascript; charset=utf-8
content-length
5410
x-served-by
cache-iad-kiad7000126-IAD
spx
dx.mountain.com/ 		13 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dx.mountain.com/spx?dxver=4.0.0&shaid=32336&tdr=https%3A%2F%2Fapps.global.fortinet.com%2F&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&cb=87995281681412200term=value
Requested by
Host: apps.global.fortinet.com
URL: https://apps.global.fortinet.com/e/bfs?s=3049749&lguid=fce48e02a40b4260a79e3a1a33f5efc2&elqTrackId=e7aa0c29b1b9459baa5ec4408e412ea3&elq=0f091f635be94806a559761876f85a77&elqaid=3249&elqat=1&elqCampaignId=22218]
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
54.69.255.140 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-69-255-140.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
45e69d406dc1e7ced43a9e847a0acc78812030455a35c894c2a1546cac9f9926

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:33 GMT
content-encoding
gzip
connection
close
content-type
application/javascript;charset=utf-8
vary
accept-encoding,origin,access-control-request-headers,access-control-request-method,accept-encoding
expires
Thu, 01 Jan 1970 00:00:00 GMT
fbevents.js
connect.facebook.net/en_US/ 		99 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: apps.global.fortinet.com
URL: https://apps.global.fortinet.com/e/bfs?s=3049749&lguid=fce48e02a40b4260a79e3a1a33f5efc2&elqTrackId=e7aa0c29b1b9459baa5ec4408e412ea3&elq=0f091f635be94806a559761876f85a77&elqaid=3249&elqat=1&elqCampaignId=22218]
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
27bcdc67e32fef9bdd86b785b1bafadd7f6915c49f6b49bed86bfbddf414b2f8
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
26236
x-xss-protection
0
pragma
public
x-fb-debug
6tC7sIEyRMNOn2JoxrCM++fs/oOBF7EMpXzeCc1773gpiiGtAEbz9kM4p+8w+qFwJuE5YTzxDuCLZSkGkt9jGg==
x-fb-trip-id
1512268381
x-frame-options
DENY
date
Fri, 25 Feb 2022 20:22:34 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
nobelium-returns-to-the-political-world-stage;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=6060061396814.56
10104846.fls.doubleclick.net/activityi;dc_pre=CMifk6zXm_YCFRDN4QodHOECJg;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/ Frame 5896
Redirect Chain
  • https://10104846.fls.doubleclick.net/activityi;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage;dc_lat=;dc_rdid=;t...
  • https://10104846.fls.doubleclick.net/activityi;dc_pre=CMifk6zXm_YCFRDN4QodHOECJg;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-politi...
649 B
493 B 		Document
General
Check archive.org
Download Go to
Full URL
https://10104846.fls.doubleclick.net/activityi;dc_pre=CMifk6zXm_YCFRDN4QodHOECJg;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=6060061396814.56?
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.38 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f6.1e100.net
Software
cafe /
Resource Hash
b4bfe900cd8dd91bfbdca99a6c077b002e6ead5cce2caefdfe41c01e68b9ace0
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Fri, 25 Feb 2022 20:22:34 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
strict-transport-security
max-age=21600
content-type
text/html; charset=UTF-8
pragma
no-cache
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
468
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Fri, 25 Feb 2022 20:22:34 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
strict-transport-security
max-age=21600
location
https://10104846.fls.doubleclick.net/activityi;dc_pre=CMifk6zXm_YCFRDN4QodHOECJg;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=6060061396814.56?
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
conversion_async.js
www.googleadservices.com/pagead/ 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-662878185&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.65.226 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga25s73-in-f2.1e100.net
Software
cafe /
Resource Hash
cae0ae2d67aac89367108586ebd25e00afc5d0f8110e6eb71b8d274037f7a5d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14884
x-xss-protection
0
server
cafe
etag
16747055602125368176
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 25 Feb 2022 20:22:34 GMT
index.js
s.adroll.com/j/exp/
Redirect Chain
  • https://s.adroll.com/j/exp/7OBVBCAQE5FHDPFEAD5T4D/index.js
  • https://s.adroll.com/j/exp/index.js
28 B
762 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/exp/index.js
Protocol
HTTP/1.1
Server
2600:9000:2140:d600:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

X-Amz-Version-Id
VxC0v7SN4NsT_sJxZYoy27yA4ALlRfhC
Via
1.1 66114286e54efb82c700272100713f2e.cloudfront.net (CloudFront)
Etag
"5816cced8568d223aa09d889f300692b"
Age
43255
X-Amz-Server-Side-Encryption
AES256
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
28
Last-Modified
Mon, 18 Oct 2021 21:07:54 GMT
Server
AmazonS3
Date
Fri, 25 Feb 2022 08:21:43 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
X-Amz-Cf-Pop
EWR52-C1
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
gUQWnlzQbaG374QSYMDt0t6r8184XnRGevymeK_6AmgYtypxLc6Fog==

Redirect headers

Date
Fri, 25 Feb 2022 04:47:51 GMT
Via
1.1 a1b9c0f574e30dae7536945f59627868.cloudfront.net (CloudFront)
Age
56082
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
0
Server
AmazonS3
Location
https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
application/xml
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
X-Amz-Cf-Pop
EWR52-C1
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
SjzVL8RK0rEf23KSJkc5_r0FE61YiU6xQBDQc5iui_MjiZK2k6Mbkg==
index.js
s.adroll.com/j/pre/
Redirect Chain
  • https://s.adroll.com/j/pre/7OBVBCAQE5FHDPFEAD5T4D/GIVUJ77KRNF4LOPGYJ6RS5/fpconsent.js
  • https://s.adroll.com/j/pre/index.js
0
733 B 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/pre/index.js
Protocol
HTTP/1.1
Server
2600:9000:2140:d600:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

X-Amz-Version-Id
nQEe8wQ7h0ROt7P4GJfDfstto6x684Hy
Via
1.1 a1b9c0f574e30dae7536945f59627868.cloudfront.net (CloudFront)
Etag
"d41d8cd98f00b204e9800998ecf8427e"
Age
30265
X-Amz-Server-Side-Encryption
AES256
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
0
Last-Modified
Wed, 15 Jan 2020 23:54:18 GMT
Server
AmazonS3
Date
Fri, 25 Feb 2022 12:05:16 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
X-Amz-Cf-Pop
EWR52-C1
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
7gfQZ5L7QqKTw0aYjnem6HZAyZyShue3aCCG9pxYCj65Wv-do46llA==

Redirect headers

Date
Fri, 25 Feb 2022 19:54:38 GMT
Via
1.1 a1b9c0f574e30dae7536945f59627868.cloudfront.net (CloudFront)
Age
1675
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
0
Server
AmazonS3
Location
https://s.adroll.com/j/pre/index.js
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
application/xml
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
X-Amz-Cf-Pop
EWR52-C1
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
hcfM8-t6pLCcCNAayF4cnYeClcmXtt1fjD_Iz5smFb93jFtus-oXdg==
index.js
s.adroll.com/j/pre/7OBVBCAQE5FHDPFEAD5T4D/GIVUJ77KRNF4LOPGYJ6RS5/ 		4 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/pre/7OBVBCAQE5FHDPFEAD5T4D/GIVUJ77KRNF4LOPGYJ6RS5/index.js
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2140:d600:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
41f1e9970b646aadac0f40543bb08b21e49990bf1b09392d1ef4d71b275069ea

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

X-Amz-Version-Id
thJYEU9EsNxMvMOPSGF6GJLXpPQuRI3M
Content-Encoding
gzip
Etag
W/"33ed216ef4569e95a97e55fb39d91d38"
Age
744
X-Amz-Server-Side-Encryption
AES256
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Connection
keep-alive
Vary
Accept-Encoding
Via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
Last-Modified
Thu, 24 Feb 2022 19:03:16 GMT
Server
AmazonS3
Date
Fri, 25 Feb 2022 20:10:53 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
X-Amz-Cf-Pop
EWR52-C1
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
UQ_RgGicejLRfaPN8zOGtZA6qIPUIUqwyuIA0g78zKtnewSypYZU0w==
insight.old.min.js
snap.licdn.com/li.lms-analytics/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.old.min.js
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:13::17d7:82d0 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 20:22:34 GMT
Content-Encoding
gzip
Last-Modified
Wed, 16 Feb 2022 23:50:54 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=21249
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
2036
177020962864941
connect.facebook.net/signals/config/ 		307 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/177020962864941?v=2.9.52&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
7dd370e6f3c7479b2e8b0c4e2e4965fb0dc2ca9ce2a541cc0624b069b062471a
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
89169
x-xss-protection
0
pragma
public
x-fb-debug
9jjHqjZO9uefOf4bXM8fzEGUpQJA/Ais3sY/jMXGpvzE8qGDwBqyw4QxZWyQWfMBO5uVDM+HNVHOubXUt1887g==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 25 Feb 2022 20:22:34 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
adsct
analytics.twitter.com/i/ 		31 B
236 B 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o6ezf&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=14f7bf98-ea60-44f5-b2e9-424ed6cbb0e9&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&tpx_cb=twttr.conversion.loadPixels
Requested by
Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.195 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_b /
Resource Hash
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-response-time
7
date
Fri, 25 Feb 2022 20:22:34 GMT
content-encoding
gzip
server
tsa_b
strict-transport-security
max-age=631138519
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache, no-store, max-age=0
x-connection-hash
ca4ad12389c08d0b6064afe695da7d96e22554635e93b62b79c821e8df178445
content-type
application/javascript;charset=utf-8
content-length
57
adsct
analytics.twitter.com/i/ 		31 B
211 B 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nxlzj&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=fefb5499-0649-485a-bdf5-ba1abd7fdc97&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&tpx_cb=twttr.conversion.loadPixels
Requested by
Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.195 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_b /
Resource Hash
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-response-time
7
date
Fri, 25 Feb 2022 20:22:34 GMT
content-encoding
gzip
server
tsa_b
strict-transport-security
max-age=631138519
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache, no-store, max-age=0
x-connection-hash
ca4ad12389c08d0b6064afe695da7d96e22554635e93b62b79c821e8df178445
content-type
application/javascript;charset=utf-8
content-length
57
adsct
analytics.twitter.com/i/ 		31 B
458 B 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.twitter.com/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o72wb&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=40ab0617-5d87-4621-866b-1af9312cd001&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&tpx_cb=twttr.conversion.loadPixels
Requested by
Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.195 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_b /
Resource Hash
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-response-time
6
date
Fri, 25 Feb 2022 20:22:33 GMT
content-encoding
gzip
server
tsa_b
strict-transport-security
max-age=631138519
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control
no-cache, no-store, max-age=0
x-connection-hash
ca4ad12389c08d0b6064afe695da7d96e22554635e93b62b79c821e8df178445
content-type
application/javascript;charset=utf-8
content-length
57
adsct
t.co/i/ 		43 B
336 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o6ezf&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=14f7bf98-ea60-44f5-b2e9-424ed6cbb0e9&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.197 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_b /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-response-time
7
date
Fri, 25 Feb 2022 20:22:33 GMT
server
tsa_b
strict-transport-security
max-age=0
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, max-age=0
x-connection-hash
ee403a61cdf8fbd9bfebb398524ad6009207d22f70dd408627710a8c0c570008
content-length
43
adsct
t.co/i/ 		43 B
206 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=nxlzj&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=fefb5499-0649-485a-bdf5-ba1abd7fdc97&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.197 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_b /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-response-time
7
date
Fri, 25 Feb 2022 20:22:34 GMT
server
tsa_b
strict-transport-security
max-age=0
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, max-age=0
x-connection-hash
ee403a61cdf8fbd9bfebb398524ad6009207d22f70dd408627710a8c0c570008
content-length
43
adsct
t.co/i/ 		43 B
183 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/i/adsct?type=javascript&version=2.0.4&p_id=Twitter&p_user_id=0&txn_id=o72wb&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&event_id=40ab0617-5d87-4621-866b-1af9312cd001&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.197 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_b /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

x-response-time
7
date
Fri, 25 Feb 2022 20:22:34 GMT
server
tsa_b
strict-transport-security
max-age=0
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, max-age=0
x-connection-hash
ee403a61cdf8fbd9bfebb398524ad6009207d22f70dd408627710a8c0c570008
content-length
43
/
p.adsymptotic.com/d/px/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&time=1645820554604&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&time=1645820554604&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&cookiesTest=true
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7120%26time%3D1645820554604%26url%3Dhttps%253A%252F%252Fwww.fortinet.com%252Fblog...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&time=1645820554604&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&cookiesTest=tr...
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&time=1645820554604&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&cookiesTest=t...
  • https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=af52f63d-46c8-4e3c-b3b8-5a9588ece57a
  • https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=af52f63d-46c8-4e3c-b3b8-5a9588ece57a&_expected_cookie=e95df9a26a71e8fffb344e12...
43 B
97 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=af52f63d-46c8-4e3c-b3b8-5a9588ece57a&_expected_cookie=e95df9a26a71e8fffb344e12e7798127
Protocol
H2
Server
104.18.101.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:35 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
6e33a585e8965407-YYZ
p3p
CP='NON DSP COR CONi OUR BUS CNT'
content-type
image/gif
content-length
43

Redirect headers

location
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=af52f63d-46c8-4e3c-b3b8-5a9588ece57a&_expected_cookie=e95df9a26a71e8fffb344e12e7798127
date
Fri, 25 Feb 2022 20:22:35 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
6e33a5858f8f5407-YYZ
content-length
0
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
utsync.ashx
ml314.com/ 		535 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=54820&ct=js&pi=&fp=&clid=&if=0&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&pv=1645820554631_dq4wdbicx&bl=en-us&cb=326123&return=&ht=&d=&dc=&si=1645820554631_dq4wdbicx&cid=&s=1600x1200&rp=https%3A%2F%2Fapps.global.fortinet.com%2F
Requested by
Host: ml314.com
URL: https://ml314.com/tag.aspx?251
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.21.103.83 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-21-103-83.compute-1.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
ad85e9da356eccfa47445834e8918f1b255045e536e4498e085d4891f748e97e

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 25 Feb 2022 20:22:33 GMT
Content-Encoding
gzip
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Vary
Accept-Encoding
p3P
CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
Cache-Control
private
Connection
keep-alive
Content-Type
application/javascript; charset=utf-8
Content-Length
436
Expires
0
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/631698094/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/631698094/?random=1645820554639&cv=9&fst=1645820554639&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2n0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&ref=https%3A%2F%2Fapps.global.fortinet.com%2F&tiba=Nobelium%20Returns%20to%20the%20Political%20World%20Stage%20%7C%20FortiGuard%20Labs%C2%A0&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::2002 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
fd79ec8f2914776080fdd7e4988815bd3451f0bfba5cc1b4e6274f5a1aa39d65
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 20:22:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1124
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/729495989/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/729495989/?random=1645820554643&cv=9&fst=1645820554643&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2n0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&ref=https%3A%2F%2Fapps.global.fortinet.com%2F&tiba=Nobelium%20Returns%20to%20the%20Political%20World%20Stage%20%7C%20FortiGuard%20Labs%C2%A0&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::2002 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
390a05ad36a12fa3f6319f5561f4c3fc63257f5d5822924bde25f907371db64d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 20:22:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1123
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/609297413/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/609297413/?random=1645820554644&cv=9&fst=1645820554644&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2n0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&ref=https%3A%2F%2Fapps.global.fortinet.com%2F&tiba=Nobelium%20Returns%20to%20the%20Political%20World%20Stage%20%7C%20FortiGuard%20Labs%C2%A0&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::2002 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
dc0f97104293756c4f347cbbe23067ef81a011e1a9eb5be1ee3fb5376186941d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 20:22:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1123
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/662878185/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/662878185/?random=1645820554645&cv=9&fst=1645820554645&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2n0&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&ref=https%3A%2F%2Fapps.global.fortinet.com%2F&tiba=Nobelium%20Returns%20to%20the%20Political%20World%20Stage%20%7C%20FortiGuard%20Labs%C2%A0&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:824::2002 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b40b24c5e05f1f9eb3ae5f458f39d38999cc7f0a4180af7c49b0c945ceb510d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 20:22:34 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1121
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=4f78ce1795b80000893a1962710200008f520000&session=50245045-32e6-48cc-8e02-94a5abfc3874&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2025%20Feb%202022%2020%3A22%3A34%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2025%20Feb%202022%2020%3A22%3A33%20GMT%22%2C%22timeSpent%22%3A%221018%22%2C%22totalTimeSpent%22%3A%221018%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20discovered%20evidence%20that%20the%20Nobelium%20Group%20is%20impersonating%20someone%20associated%20with%20the%20Turkish%20embassy%20as%20a%20lure%20to%20introduce%20a%20Cobalt%20Strike%20beacon%20payload%20and%20gain%20access.%20Read%20our%20blog%20to%20learn%20more.%22%2C%22keywords%22%3A%22Threat%20Research%2Ccybercrime%2CCybersecurity%20Architect%22%2C%22title%22%3A%22Nobelium%20Returns%20to%20the%20Political%20World%20Stage%20%7C%20FortiGuard%20Labs%26nbsp%3B%22%7D&cb=&r=https%3A%2F%2Fapps.global.fortinet.com%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&pageViewId=24a2817e-0df0-4e15-82e0-37d471c0b550&an_uid=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.59.105.202 Atlanta, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-59-105-202.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 20:22:34 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Tue, 05 Oct 2021 22:17:52 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"615ccf10-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
/
www.facebook.com/tr/ 		44 B
409 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=177020962864941&ev=PageView&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&rl=https%3A%2F%2Fapps.global.fortinet.com%2F&if=false&ts=1645820554686&sw=1600&sh=1200&v=2.9.52&r=stable&ec=0&o=30&fbp=fb.1.1645820554684.126565325&it=1645820554591&coo=false&exp=p1&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:34 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
44
expires
Fri, 25 Feb 2022 20:22:34 GMT
7OBVBCAQE5FHDPFEAD5T4D
d.adroll.com/consent/check/ 		387 B
856 B 		Script
General
Check archive.org
Download Go to
Full URL
https://d.adroll.com/consent/check/7OBVBCAQE5FHDPFEAD5T4D?arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&_s=eab4f15a5378623ae9fbaff8161aba24&_b=2
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
75.101.138.186 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-75-101-138-186.compute-1.amazonaws.com
Software
nginx/1.20.0 /
Resource Hash
c73f24ae3ba3968a628f797e9f78ea2694531ff2bde63a116d9ea1ffc58e4597

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 20:22:34 GMT
cache-control
no-store, no-cache, must-revalidate
server
nginx/1.20.0
content-type
application/javascript
content-length
387
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
ibs:dpid=22052&dpuuid=3625396431451848734&redir=
dpm.demdex.net/ 		42 B
943 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3625396431451848734&redir=
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.160.28.254 , United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-160-28-254.compute-1.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

DCS
dcs-prod-va6-2-v028-06a579d73.edge-va6.demdex.com UNKNOWN
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
content-encoding
gzip
X-Content-Type-Options
nosniff
X-TID
WGhPf3QsQOE=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
59
Expires
Thu, 01 Jan 1970 00:00:00 UTC
utsync.ashx
ml314.com/
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=d0tro1j&ttd_tpi=1
  • https://match.adsrvr.org/track/cmb/generic?ttd_pid=d0tro1j&ttd_tpi=1
  • https://ml314.com/utsync.ashx?eid=53819&et=0&fp=c7f4a49e-a510-4b66-9996-398193e0969c&gdpr=0&gdpr_consent=
43 B
656 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ml314.com/utsync.ashx?eid=53819&et=0&fp=c7f4a49e-a510-4b66-9996-398193e0969c&gdpr=0&gdpr_consent=
Protocol
HTTP/1.1
Server
52.21.103.83 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-21-103-83.compute-1.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 25 Feb 2022 20:22:34 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
p3P
CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
Cache-Control
private
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
0,Sat, 26 Feb 2022 15:22:34 GMT

Redirect headers

pragma
no-cache
date
Fri, 25 Feb 2022 20:22:34 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://ml314.com/utsync.ashx?eid=53819&et=0&fp=c7f4a49e-a510-4b66-9996-398193e0969c&gdpr=0&gdpr_consent=
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
241
csync.ashx
ml314.com/
Redirect Chain
  • https://sync.crwdcntrl.net/map/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3625396431451848734
  • https://sync.crwdcntrl.net/map/ct=y/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3625396431451848734
  • https://ml314.com/csync.ashx?fp=256e0ea636af5df5ef96faab8c665d72&eid=50146&person_id=3625396431451848734
43 B
312 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ml314.com/csync.ashx?fp=256e0ea636af5df5ef96faab8c665d72&eid=50146&person_id=3625396431451848734
Protocol
HTTP/1.1
Server
52.21.103.83 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-21-103-83.compute-1.amazonaws.com
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 20:22:34 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Content-Type
image/gif
Cache-Control
private
Connection
keep-alive
Content-Length
43
Expires
Sat, 26 Feb 2022 15:22:34 GMT

Redirect headers

pragma
no-cache
date
Fri, 25 Feb 2022 20:22:34 GMT
server
Jetty(9.4.38.v20210224)
p3p
CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location
https://ml314.com/csync.ashx?fp=256e0ea636af5df5ef96faab8c665d72&eid=50146&person_id=3625396431451848734
cache-control
no-cache
x-server
10.40.12.95
content-length
0
expires
0
match
ps.eyeota.net/
Redirect Chain
  • https://ps.eyeota.net/pixel?pid=r8hrb20&t=gif
  • https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif
  • https://ml314.com/utsync.ashx?eid=50052&et=0&fp=2JtycSpeXckRriekBcYH0-mmm4J28LVKxxw_vmGRideA&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3Dr8hrb20%26uid%3Dnil%26referrer_p...
  • https://ml314.com/csync.ashx?fp=2JtycSpeXckRriekBcYH0-mmm4J28LVKxxw_vmGRideA&person_id=3625396431451848734&eid=50052&return=https%3a%2f%2fps.eyeota.net%2fmatch%3fbid%3dr8hrb20%26uid%3dnil%26referre...
  • https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20
70 B
440 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20
Protocol
HTTP/1.1
Server
52.3.138.212 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-3-138-212.compute-1.amazonaws.com
Software
/
Resource Hash
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 20:22:35 GMT
Content-Type
image/gif
Content-Length
70
P3P
CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

Date
Fri, 25 Feb 2022 20:22:34 GMT
Server
Microsoft-IIS/10.0
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Content-Type
text/html; charset=utf-8
Location
https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20
Cache-Control
private
Connection
keep-alive
Content-Length
193
Expires
Sat, 26 Feb 2022 15:22:34 GMT
/
adservice.google.com/ddm/fls/i/dc_pre=CMifk6zXm_YCFRDN4QodHOECJg;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage;... Frame 6089 		648 B
937 B 		Document
General
Check archive.org
Download Go to
Full URL
https://adservice.google.com/ddm/fls/i/dc_pre=CMifk6zXm_YCFRDN4QodHOECJg;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=6060061396814.56;~oref=https://www.fortinet.com/
Requested by
Host: 10104846.fls.doubleclick.net
URL: https://10104846.fls.doubleclick.net/activityi;dc_pre=CMifk6zXm_YCFRDN4QodHOECJg;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=6060061396814.56?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:822::2002 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
eaa44345626432058a5e13a91ca37c6dcd8149ab4a951ba9a3a3b1a3f19fe767
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://10104846.fls.doubleclick.net/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Fri, 25 Feb 2022 20:22:34 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
pragma
no-cache
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
468
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
/
www.google.com/pagead/1p-user-list/729495989/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/729495989/?random=1645820554643&cv=9&fst=1645819200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2n0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&ref=https%3A%2F%2Fapps.global.fortinet.com%2F&tiba=Nobelium%20Returns%20to%20the%20Political%20World%20Stage%20%7C%20FortiGuard%20Labs%C2%A0&async=1&fmt=3&is_vtc=1&random=3792689161&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::2004 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 20:22:34 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.ca/pagead/1p-user-list/729495989/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/pagead/1p-user-list/729495989/?random=1645820554643&cv=9&fst=1645819200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2n0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&ref=https%3A%2F%2Fapps.global.fortinet.com%2F&tiba=Nobelium%20Returns%20to%20the%20Political%20World%20Stage%20%7C%20FortiGuard%20Labs%C2%A0&async=1&fmt=3&is_vtc=1&random=3792689161&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::2003 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 20:22:34 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/609297413/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/609297413/?random=1645820554644&cv=9&fst=1645819200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2n0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&ref=https%3A%2F%2Fapps.global.fortinet.com%2F&tiba=Nobelium%20Returns%20to%20the%20Political%20World%20Stage%20%7C%20FortiGuard%20Labs%C2%A0&async=1&fmt=3&is_vtc=1&random=1770354037&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::2004 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 20:22:34 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.ca/pagead/1p-user-list/609297413/ 		42 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/pagead/1p-user-list/609297413/?random=1645820554644&cv=9&fst=1645819200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2n0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&ref=https%3A%2F%2Fapps.global.fortinet.com%2F&tiba=Nobelium%20Returns%20to%20the%20Political%20World%20Stage%20%7C%20FortiGuard%20Labs%C2%A0&async=1&fmt=3&is_vtc=1&random=1770354037&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::2003 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 20:22:34 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/631698094/ 		42 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/631698094/?random=1645820554639&cv=9&fst=1645819200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2n0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&ref=https%3A%2F%2Fapps.global.fortinet.com%2F&tiba=Nobelium%20Returns%20to%20the%20Political%20World%20Stage%20%7C%20FortiGuard%20Labs%C2%A0&async=1&fmt=3&is_vtc=1&random=1705683208&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::2004 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 20:22:34 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.ca/pagead/1p-user-list/631698094/ 		42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/pagead/1p-user-list/631698094/?random=1645820554639&cv=9&fst=1645819200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2n0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&ref=https%3A%2F%2Fapps.global.fortinet.com%2F&tiba=Nobelium%20Returns%20to%20the%20Political%20World%20Stage%20%7C%20FortiGuard%20Labs%C2%A0&async=1&fmt=3&is_vtc=1&random=1705683208&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::2003 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 20:22:34 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/662878185/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/662878185/?random=1645820554645&cv=9&fst=1645819200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2n0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&ref=https%3A%2F%2Fapps.global.fortinet.com%2F&tiba=Nobelium%20Returns%20to%20the%20Political%20World%20Stage%20%7C%20FortiGuard%20Labs%C2%A0&async=1&fmt=3&is_vtc=1&random=2382186613&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:823::2004 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 20:22:34 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.ca/pagead/1p-user-list/662878185/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/pagead/1p-user-list/662878185/?random=1645820554645&cv=9&fst=1645819200000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa2n0&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&ref=https%3A%2F%2Fapps.global.fortinet.com%2F&tiba=Nobelium%20Returns%20to%20the%20Political%20World%20Stage%20%7C%20FortiGuard%20Labs%C2%A0&async=1&fmt=3&is_vtc=1&random=2382186613&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2607:f8b0:4006:820::2003 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 20:22:34 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
VGLVDYA6GRASZMUSTHUV5D.js
s.adroll.com/pixel/7OBVBCAQE5FHDPFEAD5T4D/GIVUJ77KRNF4LOPGYJ6RS5/
Redirect Chain
  • https://d.adroll.com/pixel/7OBVBCAQE5FHDPFEAD5T4D/GIVUJ77KRNF4LOPGYJ6RS5?adroll_fpc=266e7974def0939376708dcbb167894f-1645820554842&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fn...
  • https://s.adroll.com/pixel/7OBVBCAQE5FHDPFEAD5T4D/GIVUJ77KRNF4LOPGYJ6RS5/VGLVDYA6GRASZMUSTHUV5D.js
9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/pixel/7OBVBCAQE5FHDPFEAD5T4D/GIVUJ77KRNF4LOPGYJ6RS5/VGLVDYA6GRASZMUSTHUV5D.js
Protocol
HTTP/1.1
Server
2600:9000:2140:d600:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
b175564106ad5e553a2e98b8e44e8c10c8d7bf8e48886001d85d6a6583763439

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

X-Amz-Version-Id
YD0wdDT.TQ6fHk2Kg80TGXltjmRqr.zm
Content-Encoding
gzip
Etag
W/"008ce3c04b5e435ec5c1a09979caa8f4"
Age
570
X-Amz-Server-Side-Encryption
AES256
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Connection
keep-alive
Vary
Accept-Encoding
Via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
Last-Modified
Wed, 02 Feb 2022 19:13:58 GMT
Server
AmazonS3
Date
Fri, 25 Feb 2022 20:13:36 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
X-Amz-Cf-Pop
EWR52-C1
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
Hpq_YiOFu_BdQOwSsTnYoKvnHAxE5hnTS1dvYuZ-CMh8zvVKbxAVjA==

Redirect headers

date
Fri, 25 Feb 2022 20:22:34 GMT
x-segment-display-name
Visitors to Unsegmented Pages
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
x-rule-type
p
content-length
0
pragma
no-cache
x-conversion-value
0.00
server
nginx/1.20.0
x-rule
*
x-segment-eid
VGLVDYA6GRASZMUSTHUV5D
location
https://s.adroll.com/pixel/7OBVBCAQE5FHDPFEAD5T4D/GIVUJ77KRNF4LOPGYJ6RS5/VGLVDYA6GRASZMUSTHUV5D.js
cache-control
no-store, no-cache, must-revalidate
x-pixel-eid
GIVUJ77KRNF4LOPGYJ6RS5
x-segment-name
*
x-advertisable-eid
7OBVBCAQE5FHDPFEAD5T4D
x-conversion-currency
/
10104846.fls.doubleclick.net/ddm/fls/r/dc_pre=CMifk6zXm_YCFRDN4QodHOECJg;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-worl... Frame 672B
Redirect Chain
  • https://adservice.google.ca/ddm/fls/i/dc_pre=CMifk6zXm_YCFRDN4QodHOECJg;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world...
  • https://10104846.fls.doubleclick.net/ddm/fls/r/dc_pre=CMifk6zXm_YCFRDN4QodHOECJg;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-politi...
335 B
300 B 		Document
General
Check archive.org
Download Go to
Full URL
https://10104846.fls.doubleclick.net/ddm/fls/r/dc_pre=CMifk6zXm_YCFRDN4QodHOECJg;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=6060061396814.56;~oref=https://www.fortinet.com/
Requested by
Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CMifk6zXm_YCFRDN4QodHOECJg;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=6060061396814.56;~oref=https://www.fortinet.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.80.38 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
lga34s34-in-f6.1e100.net
Software
cafe /
Resource Hash
c6cebb694e1b4a62ee0ddcf1d387ed1b92b755ff2294460f4757498eaff1a749
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://adservice.google.com/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Fri, 25 Feb 2022 20:22:35 GMT
expires
Fri, 25 Feb 2022 20:22:35 GMT
cache-control
private, max-age=0
strict-transport-security
max-age=21600
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
277
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Fri, 25 Feb 2022 20:22:34 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
location
https://10104846.fls.doubleclick.net/ddm/fls/r/dc_pre=CMifk6zXm_YCFRDN4QodHOECJg;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=6060061396814.56;~oref=https://www.fortinet.com/
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
sendrolling.js
s.adroll.com/j/ 		11 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://s.adroll.com/j/sendrolling.js
Requested by
Host: d.adroll.com
URL: https://d.adroll.com/pixel/7OBVBCAQE5FHDPFEAD5T4D/GIVUJ77KRNF4LOPGYJ6RS5?adroll_fpc=266e7974def0939376708dcbb167894f-1645820554842&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&pv=43947993933.81343&cookie=&adroll_s_ref=https%3A//apps.global.fortinet.com/&keyw=
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2140:d600:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
134568be83d33ab28a55e78e8e8ac638ac6a57ff1bfc62bb5bc4e93fee39e20f

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

X-Amz-Version-Id
yH9p8OcF1.2NI9onG5Drlshp9moCS5Gx
Content-Encoding
gzip
Etag
W/"c317a5be7d65fa0c4d68d9735af020e4"
Age
763
X-Amz-Server-Side-Encryption
AES256
Transfer-Encoding
chunked
X-Cache
Hit from cloudfront
Connection
keep-alive
Vary
Accept-Encoding
Via
1.1 b3866c48e4cb6dc0d3dbbcbdc1d92d00.cloudfront.net (CloudFront)
Last-Modified
Tue, 15 Feb 2022 19:17:31 GMT
Server
AmazonS3
Date
Fri, 25 Feb 2022 20:09:52 GMT
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600
Access-Control-Allow-Credentials
false
X-Amz-Cf-Pop
EWR52-C1
Access-Control-Allow-Headers
*
X-Amz-Cf-Id
gnajA4w6YTUtdCRM-2LLgn6y8ZUENHlyNFwWHpDsShGFvIZHRvjSzQ==
719861091558308
connect.facebook.net/signals/config/ 		307 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/719861091558308?v=2.9.52&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f012:8:face:b00c:0:1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
f87c3386ed26d681a833078b5a6f3fcf5e7495dc57d70aba7be783a0fc2f70a1
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
89111
x-xss-protection
0
pragma
public
x-fb-debug
cNHhBy9ws8tQeNRqwi96+wrU7jKBXoqFH3noGRRjljwalxyK8PP21jxdJppZKiEtDs2eor/tefaKYQxfBVX0Gw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 25 Feb 2022 20:22:34 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
p.adsymptotic.com/d/px/
Redirect Chain
  • https://px.ads.linkedin.com/collect/?pid=2148604&fmt=gif
  • https://px4.ads.linkedin.com/collect?pid=2148604&fmt=gif&e_ipv6=AQLsKHBWaKnZ_wAAAX8yjK7GVLsCzDY_txU9YdAkIfSpTDfGOvbndD-CS8W9FAP5zB69D-9y
  • https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=af52f63d-46c8-4e3c-b3b8-5a9588ece57a
  • https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=af52f63d-46c8-4e3c-b3b8-5a9588ece57a&_expected_cookie=aebbb6bfa8d9777db8357fb3...
43 B
142 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=af52f63d-46c8-4e3c-b3b8-5a9588ece57a&_expected_cookie=aebbb6bfa8d9777db8357fb35a61188a
Protocol
H2
Server
104.18.101.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:35 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
6e33a585e89b5407-YYZ
p3p
CP='NON DSP COR CONi OUR BUS CNT'
content-type
image/gif
content-length
43

Redirect headers

location
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=af52f63d-46c8-4e3c-b3b8-5a9588ece57a&_expected_cookie=aebbb6bfa8d9777db8357fb35a61188a
date
Fri, 25 Feb 2022 20:22:35 GMT
cf-cache-status
DYNAMIC
server
cloudflare
cf-ray
6e33a5858f8c5407-YYZ
content-length
0
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
rum
dsum-sec.casalemedia.com/
Redirect Chain
  • https://d.adroll.com/cm/index/out?adroll_fpc=266e7974def0939376708dcbb167894f-1645820554842&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-...
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk&expiration=1677356554
  • https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk&expiration=1677356554&C=1
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk&expiration=1677356554&C=1
Protocol
HTTP/1.1
Server
23.52.162.21 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-52-162-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 25 Feb 2022 20:22:35 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Fri, 25 Feb 2022 20:22:35 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 25 Feb 2022 20:22:35 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk&expiration=1677356554&C=1
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
333
Expires
Fri, 25 Feb 2022 20:22:35 GMT
tap.php
pixel.rubiconproject.com/
Redirect Chain
  • https://d.adroll.com/cm/n/out?adroll_fpc=266e7974def0939376708dcbb167894f-1645820554842&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stag...
  • https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk&expires=365
42 B
799 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk&expires=365
Protocol
HTTP/1.1
Server
69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length
42
X-RPHost
19c1ac3b9706c83a73951eba4d239689
Content-Type
image/gif

Redirect headers

location
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk&expires=365
pragma
no-cache
date
Fri, 25 Feb 2022 20:22:34 GMT
cache-control
no-store, no-cache, must-revalidate
server
nginx/1.20.0
content-length
124
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
sync
ups.analytics.yahoo.com/ups/55980/
Redirect Chain
  • https://d.adroll.com/cm/onevideo/out?adroll_fpc=266e7974def0939376708dcbb167894f-1645820554842&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-wor...
  • https://pixel.advertising.com/ups/55980/sync?uid=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
  • https://pixel.advertising.com/ups/55980/sync?uid=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&verify=true
  • https://ups.analytics.yahoo.com/ups/55980/sync?uid=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UPaaf35b57-9678-11ec-ac64-0e...
  • https://ups.analytics.yahoo.com/ups/55980/sync?uid=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UPaaf35b57-9678-11ec-ac64-0e...
0
122 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/55980/sync?uid=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UPaaf35b57-9678-11ec-ac64-0e69f2ff719b&verify=true
Protocol
H2
Server
3.218.90.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-218-90-66.compute-1.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:35 GMT
server
ATS/9.1.0.33
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location
https://ups.analytics.yahoo.com/ups/55980/sync?uid=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk&_origin=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA&apid=UPaaf35b57-9678-11ec-ac64-0e69f2ff719b&verify=true
date
Fri, 25 Feb 2022 20:22:35 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
cookie-sync
sync.outbrain.com/
Redirect Chain
  • https://d.adroll.com/cm/outbrain/out?adroll_fpc=266e7974def0939376708dcbb167894f-1645820554842&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-wor...
  • https://sync.outbrain.com/cookie-sync?p=adroll&uid=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk
0
477 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.outbrain.com/cookie-sync?p=adroll&uid=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk
Protocol
HTTP/1.1
Server
64.202.112.95 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 20:22:35 GMT
Cache-Control
no-cache
X-TraceId
73e6b61af8b40836e8f922b166e65f5a
Content-Length
0

Redirect headers

location
https://sync.outbrain.com/cookie-sync?p=adroll&uid=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk
pragma
no-cache
date
Fri, 25 Feb 2022 20:22:34 GMT
cache-control
no-store, no-cache, must-revalidate
server
nginx/1.20.0
content-length
100
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Pug
image2.pubmatic.com/AdServer/
Redirect Chain
  • https://d.adroll.com/cm/pubmatic/out?adroll_fpc=266e7974def0939376708dcbb167894f-1645820554842&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-wor...
  • https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXy...
42 B
590 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Protocol
H2
Server
104.36.115.109 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 16:24:44 GMT
cache-control
no-store, no-cache, private
x-lat
njrpug022:0:403
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
pragma
no-cache
date
Fri, 25 Feb 2022 20:22:34 GMT
cache-control
no-store, no-cache, must-revalidate
server
nginx/1.20.0
content-length
212
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
v1
ads.yahoo.com/cms/
Redirect Chain
  • https://d.adroll.com/cm/r/out?adroll_fpc=266e7974def0939376708dcbb167894f-1645820554842&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stag...
  • https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
0
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
Protocol
H2
Server
2001:4998:1c:800::1000 , United States, ASN14779 (YAHOO, US),
Reverse DNS
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:35 GMT
cache-control
no-store
x-content-type-options
nosniff
server
ATS
strict-transport-security
max-age=15552000
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection
1; mode=block

Redirect headers

location
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
pragma
no-cache
date
Fri, 25 Feb 2022 20:22:34 GMT
cache-control
no-store, no-cache, must-revalidate
server
nginx/1.20.0
content-length
165
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
rtb-h
sync.taboola.com/sg/adroll-network/1/
Redirect Chain
  • https://d.adroll.com/cm/taboola/out?adroll_fpc=266e7974def0939376708dcbb167894f-1645820554842&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-worl...
  • https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk
0
221 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk
Protocol
H2
Server
141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:34 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
17582

Redirect headers

location
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk
pragma
no-cache
date
Fri, 25 Feb 2022 20:22:34 GMT
cache-control
no-store, no-cache, must-revalidate
server
nginx/1.20.0
content-length
111
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
xuid
eb2.3lift.com/
Redirect Chain
  • https://d.adroll.com/cm/triplelift/out?adroll_fpc=266e7974def0939376708dcbb167894f-1645820554842&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-w...
  • https://eb2.3lift.com/xuid?mid=4714&xuid=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk&dongle=c85e
  • https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk&dongle=c85e&gdpr=0&cmp_cs=&us_privacy=
37 B
355 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk&dongle=c85e&gdpr=0&cmp_cs=&us_privacy=
Protocol
H2
Server
35.71.139.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
afb83dd09526a6517.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:35 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
/xuid?ld=1&mid=4714&xuid=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk&dongle=c85e&gdpr=0&cmp_cs=&us_privacy=
date
Fri, 25 Feb 2022 20:22:35 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
sync
x.bidswitch.net/ul_cb/
Redirect Chain
  • https://d.adroll.com/cm/b/out?adroll_fpc=266e7974def0939376708dcbb167894f-1645820554842&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stag...
  • https://x.bidswitch.net/sync?dsp_id=44&user_id=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk
  • https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk
43 B
510 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk
Protocol
HTTP/1.1
Server
35.211.178.172 North Charleston, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS
172.178.211.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 20:22:35 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
43
Content-Type
image/gif

Redirect headers

Location
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk
Date
Fri, 25 Feb 2022 20:22:35 GMT
Cache-Control
no-cache, no-store, must-revalidate
Server
nginx
Connection
keep-alive
Content-Length
0
bounce
ib.adnxs.com/
Redirect Chain
  • https://d.adroll.com/cm/x/out?adroll_fpc=266e7974def0939376708dcbb167894f-1645820554842&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stag...
  • https://ib.adnxs.com/setuid?entity=172&code=NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk
  • https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DNmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk
43 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DNmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk
Protocol
HTTP/1.1
Server
68.67.160.76 Brooklyn, United States, ASN29990 (ASN-APPNEX, US),
Reverse DNS
678.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Pragma
no-cache
Date
Fri, 25 Feb 2022 20:22:35 GMT
X-Proxy-Origin
149.56.153.183; 149.56.153.183; 678.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
c679266c-3b31-4506-9bde-3423f70a6706
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Fri, 25 Feb 2022 20:22:35 GMT
X-Proxy-Origin
149.56.153.183; 149.56.153.183; 678.bm-nginx-loadbalancer.mgmt.nym2; adnxs.com
AN-X-Request-Uuid
910678d7-d062-4549-a318-14377d788ce8
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DNmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
458249.gif
idsync.rlcdn.com/
Redirect Chain
  • https://d.adroll.com/cm/l/out?adroll_fpc=266e7974def0939376708dcbb167894f-1645820554842&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stag...
  • https://idsync.rlcdn.com/377928.gif?partner_uid=6aae4b551642e3c68512fd7573145f79
  • https://idsync.rlcdn.com/1000.gif?memo=CMiIFxIrCicIARDqIhogNmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzkQABoNCIv15JAGEgUI6AcQAEIASgA
  • https://pippio.com/api/sync?pid=5324&it=1&iv=b0344430619ff61fe81750f4276b8adc9e8a1a1f66d4cba42e38e513bd941f7e791426b5417dce21&_=2
  • https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlBiMDM0NDQzMDYxOWZmNjFmZTgxNzUwZjQyNzZiOGFkYzllOGExYTFmNjZkNGNiYTQyZTM4ZTUxM2JkOTQxZjdlNzkxNDI2YjU...
  • https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlBiMDM0NDQzMDYxOWZmNjFmZTgxNzUwZjQyNzZiOGFkYzllOGExYTFmNjZkNGNiYTQyZTM4ZTUxM2JkOTQxZjdlNzkxNDI2YjU0MTdkY2UyMRAAGgwIi_XkkAYSBAgCEABCAEoA&goog...
  • https://tags.rd.linksynergy.com/rcs?ns=lr&uid3=
  • https://idsync.rlcdn.com/458249.gif?partner_uid=a6b47df9-ccd2-40f2-b896-66404a043dbd
42 B
60 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://idsync.rlcdn.com/458249.gif?partner_uid=a6b47df9-ccd2-40f2-b896-66404a043dbd
Protocol
H3
Server
35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
146.60.190.35.bc.googleusercontent.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

timing-allow-origin
*
date
Fri, 25 Feb 2022 20:22:35 GMT
via
1.1 google
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control
no-cache, no-store
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42

Redirect headers

location
https://idsync.rlcdn.com/458249.gif?partner_uid=a6b47df9-ccd2-40f2-b896-66404a043dbd
date
Fri, 25 Feb 2022 20:22:35 GMT
via
1.1 google
x-samesite
secure
alt-svc
clear
content-length
111
content-type
text/html; charset=utf-8
sd
us-u.openx.net/w/1.0/
Redirect Chain
  • https://d.adroll.com/cm/o/out?adroll_fpc=266e7974def0939376708dcbb167894f-1645820554842&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stag...
  • https://us-u.openx.net/w/1.0/sd?id=537103138&val=6aae4b551642e3c68512fd7573145f79
  • https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=6aae4b551642e3c68512fd7573145f79
43 B
61 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=6aae4b551642e3c68512fd7573145f79
Protocol
H3
Server
35.244.159.8 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
8.159.244.35.bc.googleusercontent.com
Software
OXGW/17.1.0 /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 20:22:35 GMT
via
1.1 google
server
OXGW/17.1.0
vary
Accept
p3p
CP="CUR ADM OUR NOR STA NID"
cache-control
private, max-age=0, no-cache
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=6aae4b551642e3c68512fd7573145f79
date
Fri, 25 Feb 2022 20:22:34 GMT
via
1.1 google
server
OXGW/17.1.0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
p3p
CP="CUR ADM OUR NOR STA NID"
in
d.adroll.com/cm/g/
Redirect Chain
  • https://d.adroll.com/cm/g/out?adroll_fpc=266e7974def0939376708dcbb167894f-1645820554842&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stag...
  • https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=aq5LVRZC48aFEv11cxRfeQ
  • https://d.adroll.com/cm/g/in
42 B
537 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://d.adroll.com/cm/g/in
Protocol
H2
Server
75.101.138.186 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-75-101-138-186.compute-1.amazonaws.com
Software
nginx/1.20.0 /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 25 Feb 2022 20:22:35 GMT
server
nginx/1.20.0
p3p
CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control
no-store, no-cache, must-revalidate
content-type
image/gif
content-length
42
x-result
g.-1.-1.-1

Redirect headers

pragma
no-cache
date
Fri, 25 Feb 2022 20:22:35 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://d.adroll.com/cm/g/in
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
225
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
st
px.mountain.com/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://px.mountain.com/st?ga_tracking_id=UA-767980-1&ga_client_id=2005283585.1645820554&shpt=Nobelium%20Returns%20to%20the%20Political%20World%20Stage%20%7C%20FortiGuard%20Labs&ga_info=%7B%22status%22%3A%22OK%22%2C%22ga_tracking_id%22%3A%22UA-767980-1%22%2C%22ga_client_id%22%3A%222005283585.1645820554%22%2C%22shpt%22%3A%22Nobelium%20Returns%20to%20the%20Political%20World%20Stage%20%7C%20FortiGuard%20Labs%22%2C%22dcm_cid%22%3A%222005283585.1645820554%22%2C%22dcm_gid%22%3A%221616856493.1645820554%22%2C%22ga_gclid%22%3A%222005283585.1645820554%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A1%2C%22getClientIdByGA%22%3A%22OK%22%2C%22ga_gclid%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%2C%22dcm_gid%22%3A%22OK%22%7D%7D&dcm_cid=2005283585.1645820554&dcm_gid=1616856493.1645820554&dxver=4.0.0&shaid=32336&tdr=https%3A%2F%2Fapps.global.fortinet.com%2F&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&cb=87995281681412200term%3Dvalue&shadditional=adroll%3Dtrue%2Cgoogletagmanager%3Dtrue%2C
Requested by
Host: dx.mountain.com
URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=32336&tdr=https%3A%2F%2Fapps.global.fortinet.com%2F&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&cb=87995281681412200term=value
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.81.173.170 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-81-173-170.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
ba4b44d60409fa4fec0c60719383f9ed80ee1948d470fe05ed9ed281d77fd592

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 25 Feb 2022 20:22:35 GMT
content-encoding
gzip
connection
close
p3p
CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
content-type
application/javascript;charset=utf-8
/
www.facebook.com/tr/ 		44 B
91 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=719861091558308&ev=PageView&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&rl=https%3A%2F%2Fapps.global.fortinet.com%2F&if=false&ts=1645820554939&cd[segment_eid]=VGLVDYA6GRASZMUSTHUV5D&sw=1600&sh=1200&v=2.9.52&r=stable&ec=0&o=29&fbp=fb.1.1645820554684.126565325&it=1645820554591&coo=false&dpo=LDU&dpoco=0&dpost=0&exp=p1&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:34 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Fri, 25 Feb 2022 20:22:34 GMT
collect
d.clarity.ms/ 		0
48 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://d.clarity.ms/collect
Requested by
Host: d.clarity.ms
URL: https://d.clarity.ms/s/0.6.32/clarity.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.76.174.66 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
https://www.fortinet.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

access-control-allow-origin
https://www.fortinet.com
date
Fri, 25 Feb 2022 20:22:34 GMT
access-control-allow-credentials
true
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
request-context
appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
/
p.adsymptotic.com/d/px/ Frame 672B
Redirect Chain
  • https://px.ads.linkedin.com/collect/?pid=2159050&conversionId=6504418&fmt=gif
  • https://px4.ads.linkedin.com/collect?pid=2159050&conversionId=6504418&fmt=gif&e_ipv6=AQJKynRgLophegAAAX8yjK9sPMNuiCioiKFeOrsn1mP-UgD5-aqi9GRbHXCJ-vlBcGRId-RH
  • https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=af52f63d-46c8-4e3c-b3b8-5a9588ece57a
43 B
97 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=af52f63d-46c8-4e3c-b3b8-5a9588ece57a
Requested by
Host: 10104846.fls.doubleclick.net
URL: https://10104846.fls.doubleclick.net/ddm/fls/r/dc_pre=CMifk6zXm_YCFRDN4QodHOECJg;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/nobelium-returns-to-the-political-world-stage;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=6060061396814.56;~oref=https://www.fortinet.com/
Protocol
H2
Server
104.18.101.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://10104846.fls.doubleclick.net/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:35 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray
6e33a585f8c05407-YYZ
p3p
CP='NON DSP COR CONi OUR BUS CNT'
content-type
image/gif
content-length
43

Redirect headers

Date
Fri, 25 Feb 2022 20:22:35 GMT
NEL
{"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
Server
Play
LinkedIn-Action
1
Report-To
{"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
X-Li-Fabric
prod-lva1
Location
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=af52f63d-46c8-4e3c-b3b8-5a9588ece57a
X-LI-Proto
http/1.1
Connection
keep-alive
X-Li-Pop
prod-lva1-x
content-length
0
X-LI-UUID
AAXY3XWN6qbgqp6nkk0qzg==
/
www.facebook.com/tr/ Frame BCD7 		0
15 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.facebook.com/tr/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f112:83:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests
1
Origin
https://www.fortinet.com
Content-Type
application/x-www-form-urlencoded
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36
Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/

Response headers

content-type
text/plain
access-control-allow-origin
https://www.fortinet.com
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
content-length
0
server
proxygen-bolt
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=0
date
Fri, 25 Feb 2022 20:22:35 GMT
gs
gs.mountain.com/ 		144 B
733 B 		Script
General
Check archive.org
Download Go to
Full URL
https://gs.mountain.com/gs
Requested by
Host: apps.global.fortinet.com
URL: https://apps.global.fortinet.com/e/bfs?s=3049749&lguid=fce48e02a40b4260a79e3a1a33f5efc2&elqTrackId=e7aa0c29b1b9459baa5ec4408e412ea3&elq=0f091f635be94806a559761876f85a77&elqaid=3249&elqat=1&elqCampaignId=22218]
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
34.212.4.35 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-212-4-35.us-west-2.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
9cf08c176c263ba5d5e9efde97a8445c119f978a42dac695612fbdf73615aa8a

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:35 GMT
last-modified
Thu, 01 Jan 1970 00:00:00 GMT
server
istio-envoy
access-control-allow-methods
GET, POST, OPTIONS
p3p
CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
access-control-allow-origin
*
cache-control
public, max-age=31536000
x-envoy-upstream-service-time
0
connection
close
content-type
application/javascript;charset=utf-8
access-control-allow-headers
Accept, Content-Type, x-requested-with, X-Custom-Header
content-length
144
x-application-context
application:prod:8080
st
px.mountain.com/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://px.mountain.com/st?ga_tracking_id=UA-767980-1&ga_client_id=2005283585.1645820554&shpt=Nobelium%20Returns%20to%20the%20Political%20World%20Stage%20%7C%20FortiGuard%20Labs&ga_info=%7B%22status%22%3A%22OK%22%2C%22ga_tracking_id%22%3A%22UA-767980-1%22%2C%22ga_client_id%22%3A%222005283585.1645820554%22%2C%22shpt%22%3A%22Nobelium%20Returns%20to%20the%20Political%20World%20Stage%20%7C%20FortiGuard%20Labs%22%2C%22dcm_cid%22%3A%222005283585.1645820554%22%2C%22dcm_gid%22%3A%221616856493.1645820554%22%2C%22ga_gclid%22%3A%222005283585.1645820554%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A1%2C%22getClientIdByGA%22%3A%22OK%22%2C%22ga_gclid%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%2C%22dcm_gid%22%3A%22OK%22%7D%7D&dcm_cid=2005283585.1645820554&dcm_gid=1616856493.1645820554&dxver=4.0.0&shaid=32336&tdr=https%3A%2F%2Fapps.global.fortinet.com%2F&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&shadditional=adroll%3Dtrue%2Cgoogletagmanager%3Dtrue%2C&cb=1645820555234237&shguid=4ca044c7-ae5c-30e2-8cb4-7961331124ea&shgts=1645820555550
Requested by
Host: apps.global.fortinet.com
URL: https://apps.global.fortinet.com/e/bfs?s=3049749&lguid=fce48e02a40b4260a79e3a1a33f5efc2&elqTrackId=e7aa0c29b1b9459baa5ec4408e412ea3&elq=0f091f635be94806a559761876f85a77&elqaid=3249&elqat=1&elqCampaignId=22218]
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.81.173.170 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-81-173-170.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
57a0a2fc8cd76c79ebaa3b2585da194f93338262c228c1fb1a866b2dda6c1549

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 25 Feb 2022 20:22:35 GMT
content-encoding
gzip
connection
close
p3p
CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
content-type
application/javascript;charset=utf-8
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=4f78ce1795b80000893a1962710200008f520000&session=50245045-32e6-48cc-8e02-94a5abfc3874&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2025%20Feb%202022%2020%3A22%3A35%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2025%20Feb%202022%2020%3A22%3A34%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%222020%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20discovered%20evidence%20that%20the%20Nobelium%20Group%20is%20impersonating%20someone%20associated%20with%20the%20Turkish%20embassy%20as%20a%20lure%20to%20introduce%20a%20Cobalt%20Strike%20beacon%20payload%20and%20gain%20access.%20Read%20our%20blog%20to%20learn%20more.%22%2C%22keywords%22%3A%22Threat%20Research%2Ccybercrime%2CCybersecurity%20Architect%22%2C%22title%22%3A%22Nobelium%20Returns%20to%20the%20Political%20World%20Stage%20%7C%20FortiGuard%20Labs%26nbsp%3B%22%7D&cb=&r=https%3A%2F%2Fapps.global.fortinet.com%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&pageViewId=24a2817e-0df0-4e15-82e0-37d471c0b550&an_uid=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.59.105.202 Atlanta, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-59-105-202.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 20:22:35 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Sat, 05 Jun 2021 07:56:05 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60bb2e15-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
tdsync
px.steelhousemedia.com/
Redirect Chain
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=steelhouse&ttd_tpi=1&ttd_puid=ab17acbc-9678-11ec-8824-657b92135618&gdpr=&gdpr_consent=
  • https://px.steelhousemedia.com/tdsync?tdid=c7f4a49e-a510-4b66-9996-398193e0969c&shguid=ab17acbc-9678-11ec-8824-657b92135618
0
303 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px.steelhousemedia.com/tdsync?tdid=c7f4a49e-a510-4b66-9996-398193e0969c&shguid=ab17acbc-9678-11ec-8824-657b92135618
Protocol
HTTP/1.1
Server
52.10.121.135 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-10-121-135.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

access-control-allow-origin
*
date
Fri, 25 Feb 2022 20:22:36 GMT
connection
close
access-control-allow-headers
Accept, Content-Type, x-requested-with, X-Custom-Header
access-control-allow-methods
GET, POST, OPTIONS
x-application-context
application:awsprod,confluent:9025

Redirect headers

pragma
no-cache
date
Fri, 25 Feb 2022 20:22:35 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://px.steelhousemedia.com/tdsync?tdid=c7f4a49e-a510-4b66-9996-398193e0969c&shguid=ab17acbc-9678-11ec-8824-657b92135618
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
277
sync
ups.analytics.yahoo.com/ups/55953/
Redirect Chain
  • https://insight.adsrvr.org/track/evnt/?adv=6s0zaeu&ct=0:0bi0elf&fmt=3
  • https://dpm.demdex.net/ibs:dpid=903&dpuuid=c7f4a49e-a510-4b66-9996-398193e0969c&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Daam
  • https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam
  • https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=c7f4a49e-a510-4b66-9996-398193e0969c
  • https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=8116888128478080276&ttd_tdid=c7f4a49e-a510-4b66-9996-398193e0969c
  • https://cm.g.doubleclick.net/pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=YzdmNGE0OWUtYTUxMC00YjY2LTk5OTYtMzk4MTkzZTA5Njlj&gdpr=0&gdpr_consent=&ttd_tdid=c7f4a49e-a510-4b66-9996-39819...
  • https://match.adsrvr.org/track/cmf/google?g_uuid=&gdpr=0&gdpr_consent=&ttd_tdid=c7f4a49e-a510-4b66-9996-398193e0969c&google_gid=CAESEJYPsGQEKP6jxoQClILGSDE&google_cver=1
  • https://ups.analytics.yahoo.com/ups/55953/sync?uid=c7f4a49e-a510-4b66-9996-398193e0969c&_origin=1&gdpr=0&gdpr_consent=
0
406 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://ups.analytics.yahoo.com/ups/55953/sync?uid=c7f4a49e-a510-4b66-9996-398193e0969c&_origin=1&gdpr=0&gdpr_consent=
Protocol
H2
Server
3.218.90.66 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-218-90-66.compute-1.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

date
Fri, 25 Feb 2022 20:22:36 GMT
server
ATS/9.1.0.33
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

pragma
no-cache
date
Fri, 25 Feb 2022 20:22:36 GMT
x-aspnet-version
4.0.30319
p3p
CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location
https://ups.analytics.yahoo.com/ups/55953/sync?uid=c7f4a49e-a510-4b66-9996-398193e0969c&_origin=1&gdpr=0&gdpr_consent=
cache-control
private,no-cache, must-revalidate
content-type
text/html
content-length
267
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=4f78ce1795b80000893a1962710200008f520000&session=50245045-32e6-48cc-8e02-94a5abfc3874&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2025%20Feb%202022%2020%3A22%3A36%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2025%20Feb%202022%2020%3A22%3A35%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%223022%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20discovered%20evidence%20that%20the%20Nobelium%20Group%20is%20impersonating%20someone%20associated%20with%20the%20Turkish%20embassy%20as%20a%20lure%20to%20introduce%20a%20Cobalt%20Strike%20beacon%20payload%20and%20gain%20access.%20Read%20our%20blog%20to%20learn%20more.%22%2C%22keywords%22%3A%22Threat%20Research%2Ccybercrime%2CCybersecurity%20Architect%22%2C%22title%22%3A%22Nobelium%20Returns%20to%20the%20Political%20World%20Stage%20%7C%20FortiGuard%20Labs%26nbsp%3B%22%7D&cb=&r=https%3A%2F%2Fapps.global.fortinet.com%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&pageViewId=24a2817e-0df0-4e15-82e0-37d471c0b550&an_uid=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.59.105.202 Atlanta, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-59-105-202.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 20:22:36 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Sat, 05 Jun 2021 07:56:05 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60bb2e15-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
collect
d.clarity.ms/ 		0
48 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://d.clarity.ms/collect
Requested by
Host: d.clarity.ms
URL: https://d.clarity.ms/s/0.6.32/clarity.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.76.174.66 Tappahannock, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
https://www.fortinet.com/
Accept-Language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

access-control-allow-origin
https://www.fortinet.com
date
Fri, 25 Feb 2022 20:22:36 GMT
access-control-allow-credentials
true
server
Microsoft-IIS/10.0
x-powered-by
ASP.NET
request-context
appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=4f78ce1795b80000893a1962710200008f520000&session=50245045-32e6-48cc-8e02-94a5abfc3874&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2025%20Feb%202022%2020%3A22%3A37%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2025%20Feb%202022%2020%3A22%3A36%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%224024%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20discovered%20evidence%20that%20the%20Nobelium%20Group%20is%20impersonating%20someone%20associated%20with%20the%20Turkish%20embassy%20as%20a%20lure%20to%20introduce%20a%20Cobalt%20Strike%20beacon%20payload%20and%20gain%20access.%20Read%20our%20blog%20to%20learn%20more.%22%2C%22keywords%22%3A%22Threat%20Research%2Ccybercrime%2CCybersecurity%20Architect%22%2C%22title%22%3A%22Nobelium%20Returns%20to%20the%20Political%20World%20Stage%20%7C%20FortiGuard%20Labs%26nbsp%3B%22%7D&cb=&r=https%3A%2F%2Fapps.global.fortinet.com%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&pageViewId=24a2817e-0df0-4e15-82e0-37d471c0b550&an_uid=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.59.105.202 Atlanta, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-59-105-202.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 20:22:37 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Sat, 05 Jun 2021 07:56:05 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"60bb2e15-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
6si.min.js
j.6sc.co/ 		27 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://j.6sc.co/6si.min.js
Requested by
Host: apps.global.fortinet.com
URL: https://apps.global.fortinet.com/e/bfs?s=3049749&lguid=fce48e02a40b4260a79e3a1a33f5efc2&elqTrackId=e7aa0c29b1b9459baa5ec4408e412ea3&elq=0f091f635be94806a559761876f85a77&elqaid=3249&elqat=1&elqCampaignId=22218]
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.123.161.196 Piscataway, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-123-161-196.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
2707e48726a3f7ec48a1d1aec9738f20b36bac1535cfa9de2e4d92310c4e7e7a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 20:22:38 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Connection
keep-alive
Vary
Accept-Encoding
Content-Length
8575
Pragma
no-cache
Last-Modified
Thu, 07 Oct 2021 17:17:43 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"615f2bb7-6a5f"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
application/javascript
Access-Control-Allow-Origin
Cache-Control
private, no-cache, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Fri, 25 Feb 2022 20:22:38 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=4f78ce1795b80000893a1962710200008f520000&session=50245045-32e6-48cc-8e02-94a5abfc3874&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2025%20Feb%202022%2020%3A22%3A38%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2025%20Feb%202022%2020%3A22%3A37%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%225026%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20discovered%20evidence%20that%20the%20Nobelium%20Group%20is%20impersonating%20someone%20associated%20with%20the%20Turkish%20embassy%20as%20a%20lure%20to%20introduce%20a%20Cobalt%20Strike%20beacon%20payload%20and%20gain%20access.%20Read%20our%20blog%20to%20learn%20more.%22%2C%22keywords%22%3A%22Threat%20Research%2Ccybercrime%2CCybersecurity%20Architect%22%2C%22title%22%3A%22Nobelium%20Returns%20to%20the%20Political%20World%20Stage%20%7C%20FortiGuard%20Labs%26nbsp%3B%22%7D&cb=&r=https%3A%2F%2Fapps.global.fortinet.com%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&pageViewId=24a2817e-0df0-4e15-82e0-37d471c0b550&an_uid=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.59.105.202 Atlanta, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-59-105-202.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 20:22:38 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Fri, 21 Feb 2020 18:57:20 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5e502810-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT
img.gif
b.6sc.co/v1/beacon/ 		43 B
774 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=4f78ce1795b80000893a1962710200008f520000&session=50245045-32e6-48cc-8e02-94a5abfc3874&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2025%20Feb%202022%2020%3A22%3A39%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2025%20Feb%202022%2020%3A22%3A38%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%226028%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20discovered%20evidence%20that%20the%20Nobelium%20Group%20is%20impersonating%20someone%20associated%20with%20the%20Turkish%20embassy%20as%20a%20lure%20to%20introduce%20a%20Cobalt%20Strike%20beacon%20payload%20and%20gain%20access.%20Read%20our%20blog%20to%20learn%20more.%22%2C%22keywords%22%3A%22Threat%20Research%2Ccybercrime%2CCybersecurity%20Architect%22%2C%22title%22%3A%22Nobelium%20Returns%20to%20the%20Political%20World%20Stage%20%7C%20FortiGuard%20Labs%26nbsp%3B%22%7D&cb=&r=https%3A%2F%2Fapps.global.fortinet.com%2F&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&pageViewId=24a2817e-0df0-4e15-82e0-37d471c0b550&an_uid=0
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.59.105.202 Atlanta, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-59-105-202.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
en-CA,en;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.80 Safari/537.36

Response headers

Date
Fri, 25 Feb 2022 20:22:39 GMT
X-Content-Type-Options
nosniff
Connection
keep-alive
Content-Length
43
Pragma
no-cache
Last-Modified
Fri, 21 Feb 2020 18:57:20 GMT
Server
nginx/1.14.0 (Ubuntu)
ETag
"5e502810-2b"
Access-Control-Max-Age
86400
Access-Control-Allow-Methods
GET,POST
Content-Type
image/gif
Access-Control-Allow-Origin
Cache-Control
private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials
true
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
Expires
Wed, 19 Apr 2000 11:43:00 GMT

Verdicts & Comments Add Verdict or Comment

198 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 function| structuredClone object| OneTrustStub string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer function| OptanonWrapper object| otStubData object| Optanon object| OneTrust object| fortinet_blog object| EasyAutocomplete object| search_config object| keywords object| siteId object| lang object| options boolean| searchFired boolean| blogFilter string| documentsQuery string| blogCategories string| authorsList string| yearsList object| lastQuery number| totalReturn number| lastRow object| lastWordsForCounting function| htmlEncode function| hideAutoComplete function| sitesearch_init function| sitesearch_search_callback function| sitesearch_countall_callback function| sitesearch_do_search function| sitesearch_do_force_search function| sitesearch_spellcheck_callback function| sitesearch_do_spellcheck function| sitesearch_do_suggest_search function| sitesearch_query_searchresult_callback function| sitesearch_do_query_searchresult function| sitesearch_click_page_callback function| sitesearch_click_page function| search_action function| sitesearch_search_fortiguard function| count_facets_type function| shuffle_facets function| setImmediate function| clearImmediate function| $ function| jQuery object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in number| timer_e function| obApi object| _6si object| uetq function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq function| AppMeasurement_Module_ActivityMap function| UET function| UET_init function| UET_push object| ueto_2313f89ae4 function| atwpjp string| _atd function| _euc function| _duc object| _atc string| _atr object| addthis string| addthis_pub function| emdot object| _ate object| _adr object| addthis_conf function| addthis_open function| addthis_close function| addthis_sendto function| clarity boolean| _storagePopulated object| s_i_fortinetincproduction boolean| __@@##MUH function| OptinMonsterApp boolean| om_loaded object| om45602_39852 boolean| _omvisitsadded function| omq string| adroll_adv_id string| adroll_pix_id function| hj object| _hjSettings string| wid_baseUrl object| wid_cmds function| gtag object| cookieScriptWindow object| cookieScripts string| cookieScriptDomain number| cookieScriptDebug boolean| cookieScriptShowBadge string| cookieScriptCurrentUrl string| pagePath string| ftntCampaign function| updateCampaignCookie function| ftntInjectCookieScript function| ftntCookieScriptCreateCookie function| ftntCookieScriptReadCookie object| _omapp object| omb2dxtopzidsdt3fkzfsv object| omqbkzwxxbiv83f0ol5a2d object| omtd4yyupw30z3kaz7uhys object| ombs6hw8oho0l8z5lmhzmv object| omqxx1b0gslklfu2kjckea object| omtaoi2gud8wo2ip9kbnpv object| hjSiteSettings function| hjBootstrap object| hjBootstrapCalled object| hjLazyModules object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| gaplugins object| gaGlobal object| gaData function| fbAsyncInit object| _omns string| WID_VISITOR_ID string| WID_EVENT_TYPES string| WID_PAGE_TITLE string| WID_PAGE_URL string| WID_PAGE_REFERAL_URL number| WID_INTERVAL number| WID_IDLE_INTERVAL undefined| po undefined| s function| wid_initAgain function| wid_handleAnchorClick function| wid_bundleParams function| wid_handleApiRequest function| wid_handleButtonClick function| wid_findParentByTagName function| wid_getCurrentUnixTimestamp function| wid_getCookie function| wid_setCookie function| wid_deleteCookie function| wid_generateRandomGuid function| wid_zeroFill function| wid_str_pad function| wid_rand object| t boolean| __adroll_loaded string| _linkedin_data_partner_id object| _ml function| twq function| fbq function| _fbq string| mlId string| axel number| a string| adroll_sid object| __adroll boolean| adroll_optout object| adroll_ext_network object| adroll_callbacks undefined| adroll_tpc_callback object| twttr function| lintrk boolean| _already_called_lintrk function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO object| adroll_exp_list function| __cmp function| __tcfapi object| __adroll_consent_data string| dcm_cid undefined| dcm_tid undefined| dcm_gid boolean| __adroll_consent boolean| __adroll_consent_is_gdpr string| __adroll_consent_user_country string| __adroll_consent_adv_country object| adroll_currency object| adroll_conversion_value object| adroll_conversion_value_in_dollars string| adroll_seg_eid string| adroll_rule_type object| irongate

110 Cookies

Domain/Path Name / Value
site.fortinet.com/utilservice Name: JSESSIONID
Value: A42F072DFF9F2E3519C28440B9952480
.fortinet.com/ Name: ELOQUA
Value: GUID=E1724F29B67E497AA61A11B67BA264E2
.fortinet.com/ Name: ELQSTATUS
Value: OK
www.fortinet.com/ Name: cookiesession1
Value: 678A3E9AB724C1F1286ACFDEFA230B48
.fortinet.com/ Name: OptanonConsent
Value: isIABGlobal=false&datestamp=Fri+Feb+25+2022+20%3A22%3A33+GMT%2B0000+(GMT)&version=6.10.0&hosts=&consentId=62f5dde1-6272-49e7-b4de-ee39fa4534b5&interactionCount=0&landingPath=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage&groups=C0001%3A1%2CC0002%3A1%2CC0003%3A1%2CC0004%3A1
.6sc.co/ Name: 6suuid
Value: 4f78ce1795b80000893a1962710200008f520000
.bing.com/ Name: MUID
Value: 366606E82BB16F79385517BE2A1B6EDB
.bat.bing.com/ Name: MR
Value: 0
.demdex.net/ Name: demdex
Value: 82299764022153901900036392187171918657
.fortinet.com/ Name: _uetsid
Value: aa297000967811eca0f331d1ee08bb7c
.fortinet.com/ Name: _uetvid
Value: aa299210967811ecac823d841cc376f1
.fortinet.com/ Name: AMCVS_ED8739F75677FE917F000101%40AdobeOrg
Value: 1
www.fortinet.com/ Name: _an_uid
Value: 0
www.fortinet.com/ Name: _gd_visitor
Value: d9282018-d37c-49fd-8b4d-b6a6cbf54d18
www.fortinet.com/ Name: _gd_session
Value: 50245045-32e6-48cc-8e02-94a5abfc3874
www.fortinet.com/ Name: outbrain_cid_fetch
Value: true
www.fortinet.com/ Name: _gd_svisitor
Value: 4f78ce1795b80000893a1962710200008f520000
.fortinet.com/ Name: s_ecid
Value: MCMID%7C82642789980506302460002085330448118473
.everesttech.net/ Name: everest_g_v2
Value: g_surferid~Yhk6iQAAAGnZ_APl
.fortinet.com/ Name: gpv_pn
Value: www.fortinet.com%2Fblog%2Fthreat-research%2Fnobelium-returns-to-the-political-world-stage
.fortinet.com/ Name: s_cc
Value: true
.dpm.demdex.net/ Name: dpm
Value: 82299764022153901900036392187171918657
.fortinet.com/ Name: AMCV_ED8739F75677FE917F000101%40AdobeOrg
Value: -2121179033%7CMCIDTS%7C19049%7CMCMID%7C82642789980506302460002085330448118473%7CMCAAMLH-1646425353%7C7%7CMCAAMB-1646425353%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1645827753s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19056%7CvVersion%7C5.3.0
www.fortinet.com/ Name: _omappvp
Value: uVUgS3wkv9pkvXhEabLhRZZjgFY5erti6ABZbLT4Q1yoslPOZndGuzDEdvhxgrDpi5JbWDlml9DCFKIwOZhnfqZ4oOQDbHrx
www.fortinet.com/ Name: _omappvs
Value: 1645820553914
.c.bing.com/ Name: MR
Value: 0
.c.bing.com/ Name: SRM_B
Value: 366606E82BB16F79385517BE2A1B6EDB
.fortinet.com/ Name: _clck
Value: hmp80v|1|eza|0
.c.clarity.ms/ Name: SM
Value: C
.clarity.ms/ Name: MUID
Value: 366606E82BB16F79385517BE2A1B6EDB
.c.clarity.ms/ Name: MR
Value: 0
.c.clarity.ms/ Name: ANONCHK
Value: 0
.fortinet.com/ Name: s_getNewRepeat
Value: 1645820553976-New
.fortinet.com/ Name: _ga
Value: GA1.2.2005283585.1645820554
.fortinet.com/ Name: _gid
Value: GA1.2.1616856493.1645820554
.fortinet.com/ Name: _gat_gtag_UA_767980_1
Value: 1
.fortinet.com/ Name: _hjSessionUser_1178304
Value: eyJpZCI6IjQwN2JiNDc5LTdhMjAtNWUzMS04MTlmLTA0ZTdhOTljNTZmOCIsImNyZWF0ZWQiOjE2NDU4MjA1NTQxMDAsImV4aXN0aW5nIjpmYWxzZX0=
.fortinet.com/ Name: _hjFirstSeen
Value: 1
www.fortinet.com/ Name: _hjIncludedInSessionSample
Value: 0
.fortinet.com/ Name: _hjSession_1178304
Value: eyJpZCI6ImE4YTI0YjU1LWJmNmItNDUzOC04OGQ0LWIxNGQ1NmM3YmRjYiIsImNyZWF0ZWQiOjE2NDU4MjA1NTQxMzAsImluU2FtcGxlIjpmYWxzZX0=
.fortinet.com/ Name: _hjAbsoluteSessionInProgress
Value: 0
.fortinet.com/ Name: _clsk
Value: 1u0pgn0|1645820554140|1|1|d.clarity.ms/collect
www.fortinet.com/ Name: omSeen-qxx1b0gslklfu2kjckea
Value: 1645820554280
.fortinet.com/ Name: cus_ref_1
Value: apps.global.fortinet.com%2F
www.fortinet.com/ Name: WID_VISITOR_ID
Value: 1645820554406533518
.fortinet.com/ Name: _gcl_au
Value: 1.1.1375757343.1645820555
.ml314.com/ Name: pi
Value: 3625396431451848734
.ml314.com/ Name: tp
Value: 4%3b2%2f25%2f2022+3%3a22%3a34+PM%3b0
.fortinet.com/ Name: _fbp
Value: fb.1.1645820554684.126565325
site.fortinet.com/ Name: cookiesession1
Value: 678B2875GHIJKLMOPQRSTUVWYZABD5C5
.fortinet.com/ Name: aa_cc
Value: CA
.fortinet.com/ Name: aa_cn
Value: Canada
.twitter.com/ Name: personalization_id
Value: "v1_Khfm4uz5GReh+sFzTgIhog=="
.linkedin.com/ Name: li_sugr
Value: af52f63d-46c8-4e3c-b3b8-5a9588ece57a
.ads.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.linkedin.com/ Name: bcookie
Value: "v=2&76a58e41-eff0-426c-846c-a6f8eb809a27"
.t.co/ Name: muc_ads
Value: 4965577e-46f8-4a9d-8aaa-2c48ce8105c2
.doubleclick.net/ Name: IDE
Value: AHWqTUlXx_nM9ApE-0qbchIyDm5sqMEknyJt6If6ZLedkmfBavLzko72Iq-pRBTQ
.facebook.com/ Name: fr
Value: 0CMAbqVQFBOSXlQhk..BiGTqK...1.0.BiGTqK.
.linkedin.com/ Name: UserMatchHistory
Value: AQKY5XlzaoOlSwAAAX8yjK4ys5KqBHYlDd7fvisvTqqcTMxbF3bAmVnl68leUIk7q7OHG0ExX8U-Ew
.linkedin.com/ Name: AnalyticsSyncHistory
Value: AQKa75RGUrSUxwAAAX8yjK4ya9kWrB8wey0xy_rfLzk0gbg8YSnNt0aYxXsHC4Aqs5aOZnbClW9FwuQrPV86GQ
.www.fortinet.com/ Name: __adroll_fpc
Value: 266e7974def0939376708dcbb167894f-1645820554842
.adsrvr.org/ Name: TDID
Value: c7f4a49e-a510-4b66-9996-398193e0969c
.eyeota.net/ Name: mako_uid
Value: 17f328cae7b-4a390000010a5222
.eyeota.net/ Name: SERVERID
Value: 21026~DM
.www.fortinet.com/ Name: __ar_v4
Value: %7C7OBVBCAQE5FHDPFEAD5T4D%3A20220227%3A1%7CGIVUJ77KRNF4LOPGYJ6RS5%3A20220227%3A1%7CVGLVDYA6GRASZMUSTHUV5D%3A20220227%3A1
.crwdcntrl.net/ Name: _cc_dc
Value: 0
.crwdcntrl.net/ Name: _cc_id
Value: 256e0ea636af5df5ef96faab8c665d72
.ml314.com/ Name: u
Value: aHR0cHM6Ly93d3cuZm9ydGluZXQuY29tLw==
.linkedin.com/ Name: lang
Value: v=2&lang=en-us
.www.linkedin.com/ Name: bscookie
Value: "v=1&202202252022348e615eb6-8194-45a4-8300-5cfa99cc874aAQE_XQxyJaJ-XEB5khTco8Z_88kC_woy"
.taboola.com/ Name: t_gid
Value: 7620437a-2f15-45e4-acfa-eccd07d966e1-tuct912c00a
.advertising.com/ Name: APID
Value: UPaaf35b57-9678-11ec-ac64-0e69f2ff719b
.openx.net/ Name: i
Value: e6e8765e-0edf-4688-9f97-7ed8e7356533|1645820554
.outbrain.com/ Name: obuid
Value: a3e20aa3-6816-4ee1-b00a-ede37ca22e75
.outbrain.com/ Name: adrl
Value: NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk
.pubmatic.com/ Name: KRTBCOOKIE_10
Value: 22808-NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk&KRTB&22883-NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk
.pubmatic.com/ Name: PugT
Value: 1645806284
.pubmatic.com/ Name: PUBMDCID
Value: 2
.3lift.com/ Name: tluid
Value: 4539874284634336432296
.rlcdn.com/ Name: rlas3
Value: Ewz7Mwii/XnEmc2BcokGQjLySGhkxtonlGP0uVHWG/s=
.casalemedia.com/ Name: CMID
Value: Yhk6i3j4DS79IhWG0SqhqwAA
.casalemedia.com/ Name: CMPS
Value: 465
.rubiconproject.com/ Name: khaos
Value: L02V2BRG-27-EAQT
.rubiconproject.com/ Name: audit
Value: 1|GlxA7uFBjUqbR+5qE4NXR14FMLshlT6jyCNZlMmAoMAeECEUBMheipJZCPEA+1Alnjv1AucA9hEwHTRO1/p4iGlty70eE65yR164mUDQhphJnKuoXdYGNhk31/RuzEGs4epwt2h4MXPXm3stWfVUKLSGK8LRoSrzNRa8bAq0XSJ19yHTHKf7vSbyzRQDbtqQCwfRAfYnv8yyqVI1k5poNA==
.adnxs.com/ Name: uuid2
Value: 8116888128478080276
.bidswitch.net/ Name: tuuid
Value: 91961088-f528-4650-b6d8-a57f2851eeb8
.bidswitch.net/ Name: c
Value: 1645820555
.bidswitch.net/ Name: tuuid_lu
Value: 1645820555
d.adroll.com/ Name: __adroll
Value: 6aae4b551642e3c68512fd7573145f79-g_1645820555-a_1645820554
.adroll.com/ Name: __adroll_shared
Value: 6aae4b551642e3c68512fd7573145f79-g_1645820555-a_1645820554
.casalemedia.com/ Name: CMPRO
Value: 523
.casalemedia.com/ Name: CMRUM3
Value: 6962193a8b2760NmFhZTRiNTUxNjQyZTNjNjg1MTJmZDc1NzMxNDVmNzk
.casalemedia.com/ Name: CMST
Value: Yhk6i2IZOosA
.linkedin.com/ Name: lidc
Value: "b=VGST01:s=V:r=V:a=V:p=V:g=2547:u=1:x=1:i=1645820555:t=1645906955:v=2:sig=AQGaSBn-Ehk8GrB1ekBWNe9GniBbA5Qv"
.rlcdn.com/ Name: pxrc
Value: CIv15JAGEgUI6AcQABIFCOhHEAA=
.yahoo.com/ Name: A3
Value: d=AQABBIs6GWICEGSN02QwI5kGDJVtlpbgNUAFEgEBAQGMGmIjYgAAAAAA_eMAAA&S=AQAAAjuw1hqvWsvEQdBkQ3I8Up8
.adnxs.com/ Name: anj
Value: dTM7k!M4/rD>6NRF']wIg2C''jbIQ0!]tbPl@/@8$-^=$UfY<*BAQVd>t:WoFWFjtCyI?sCcB(#ayS'zA+S9v_Gy[oHm]kZAO_#5`UxXA0TT/]*bpRz*qF1`*b^Ie->-^-
.pippio.com/ Name: did
Value: JxcV796r_85dTkx3
.pippio.com/ Name: didts
Value: 1645820555
.pippio.com/ Name: nnls
Value:
.adsymptotic.com/ Name: U
Value: aebbb6bfa8d9777db8357fb35a61188a
.pippio.com/ Name: pxrc
Value: CIv15JAGEgQIAhAAEgYI7OsBEAA=
.mountain.com/ Name: guid
Value: ab17acbc-9678-11ec-8824-657b92135618
.linksynergy.com/ Name: rmuid
Value: a6b47df9-ccd2-40f2-b896-66404a043dbd
.linksynergy.com/ Name: icts
Value: 2022-02-25T20:22:35Z
.px.mountain.com/ Name: tt
Value: "H4sIAAAAAAAAAKtW8guKNzYyNjaLNzK3NFayMtBRgnItjC2UrAzNTEwtjAxMTU0tDIFSZUpWRjpIWsBqDGoBY8G1i0YAAAA="
.mountain.com/ Name: rt
Value: "MzIzMzY6MTY0NTgyMDU1NQ=="
.adsrvr.org/ Name: TDCPM
Value: CAESFgoHZDB0cm8xahILCMi3z_XSqbw6EAUSEgoDYWFtEgsIwuK7n5n3sDoQBRIXCghhcHBuZXh1cxILCKSj5P_Sqbw6EAUSFQoGZ29vZ2xlEgsIqK3hgNOpvDoQBRIZCgpyaWdodG1lZGlhEgsIqK3hgNOpvDoQBRgFIAMoATILCMLalKzpqbw6EAVCFSITCAESDwoLTk8gVHJ1T3B0aWsQAVoHNnMwemFldWABcgpyaWdodG1lZGlh
.analytics.yahoo.com/ Name: IDSYNC
Value: "1770~23fw:1769~23fw"

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10104846.fls.doubleclick.net
a.omappapi.com
a.opmnstr.com
ads.yahoo.com
adservice.google.ca
adservice.google.com
amplify.outbrain.com
analytics.twitter.com
api.omappapi.com
apps.global.fortinet.com
argusplatform.com
assets.adobedtm.com
b.6sc.co
bat.bing.com
c.6sc.co
c.bing.com
c.clarity.ms
cdn.cookielaw.org
cm.everesttech.net
cm.g.doubleclick.net
connect.facebook.net
d.adroll.com
d.clarity.ms
dpm.demdex.net
dsum-sec.casalemedia.com
dx.mountain.com
eb2.3lift.com
epsilon.6sense.com
fortinet.demdex.net
geolocation.onetrust.com
googleads.g.doubleclick.net
gs.mountain.com
ib.adnxs.com
idsync.rlcdn.com
image2.pubmatic.com
insight.adsrvr.org
j.6sc.co
match.adsrvr.org
metrics.fortinet.com
ml314.com
p.adsymptotic.com
pippio.com
pixel.advertising.com
pixel.rubiconproject.com
pixels.argusplatform.com
ps.eyeota.net
px.ads.linkedin.com
px.mountain.com
px.steelhousemedia.com
px4.ads.linkedin.com
s.adroll.com
s7.addthis.com
script.hotjar.com
secure.adnxs.com
site.fortinet.com
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
sync.crwdcntrl.net
sync.outbrain.com
sync.taboola.com
t.co
tags.rd.linksynergy.com
tr.outbrain.com
ups.analytics.yahoo.com
us-u.openx.net
vars.hotjar.com
www.argusplatform.com
www.facebook.com
www.fortinet.com
www.google-analytics.com
www.google.ca
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
x.bidswitch.net
z.moatads.com
104.123.161.196
104.18.101.194
104.244.42.195
104.244.42.197
104.36.115.109
107.178.254.65
107.20.181.84
108.174.10.24
13.225.230.72
141.226.224.48
142.0.160.14
142.250.65.226
142.250.80.38
142.250.80.66
143.204.150.34
143.204.150.59
146.75.28.157
195.181.168.47
20.36.253.92
2001:4998:1c:800::1000
23.195.108.126
23.221.200.229
23.52.162.21
23.52.163.40
23.59.105.202
2600:1400:d:586::1e80
2600:141b:13::17d7:82d0
2600:9000:2140:d600:6:9280:1080:93a1
2606:4700:10::6814:b844
2606:4700::6810:9440
2607:f8b0:4006:80e::2008
2607:f8b0:4006:816::200e
2607:f8b0:4006:820::2003
2607:f8b0:4006:821::2002
2607:f8b0:4006:822::2002
2607:f8b0:4006:823::2004
2607:f8b0:4006:824::2002
2620:1ec:21::14
2620:1ec:c11::200
2a03:2880:f012:8:face:b00c:0:1
2a03:2880:f112:83:face:b00c:0:25de
3.216.131.23
3.217.99.187
3.218.90.66
3.226.63.71
3.91.211.14
34.196.60.121
34.212.4.35
34.251.139.24
34.98.67.3
35.190.60.146
35.211.178.172
35.244.159.8
35.71.139.29
35.81.173.170
37.19.206.70
40.76.174.66
52.10.121.135
52.21.103.83
52.223.40.198
52.3.138.212
52.73.19.237
52.85.61.11
54.154.189.86
54.160.28.254
54.69.255.140
64.202.112.95
68.67.160.76
68.67.161.208
69.173.151.100
75.101.138.186
96.45.36.159
0055b9d0429e9c194b4aa6b5f49cbc2ec31a7220ee7c8c186a9ee951feabd482
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
055e467aa53a9c0272d805bbc009ade8c74df5a8c1255271d753ac78fe179873
06fd2e08c52d2e3fcac2b6a8dd64fe2d70c1d06ac09cbb50d53abd6accbb7a91
09b8e25d8cb3cefc967aa2d7026ca52211875c9d02a3051dc7a9383442003a26
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
11816a0873ff77d255f6be4dceaede153ca3a3d4990100554dc1c5f61a934a06
132bb9ed08f5ffccc4f2ae1a4eff83b778b2ae3417947f63767d85b00028313b
134482ec36c8980c2c7a3f2454c76546abcd612c9ae596d011251a7cd1d0fcbb
134568be83d33ab28a55e78e8e8ac638ac6a57ff1bfc62bb5bc4e93fee39e20f
1646e8a67bdf74190ba70cce752d0949795b2aab98336953114405e2f60e2ffb
175f90d7fb29bcf11a50b8555345fda4068908c88c5c55e33f6a52e18184a774
1ad1bc201badad52b9cfe16df478ba99053aef36ba4b5d457943a45bd6bb1d8e
1bded02879e2df34de7df88fc7dd7b325a01a4fbc5af6d0877d5e3364c23ce49
1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580
1e1a42cb75ebd81eb31850e485ef4c6e3667a45f57f778f249bca1f2852a97e4
24ea814a6a9b6e17a0754d72c4e0c923c8475012711af53464ba775a5184d34e
2707e48726a3f7ec48a1d1aec9738f20b36bac1535cfa9de2e4d92310c4e7e7a
27a477c91992ade903773347f50b15bea9d3d6b540b50362dbdebe371f3ba879
27bcdc67e32fef9bdd86b785b1bafadd7f6915c49f6b49bed86bfbddf414b2f8
2fa0eafa106eed3ad7922c6bc544582f2747ad19dd687fc649cda243a1cd360e
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
33ca751ed175a163bef530ebdcdbd0a2d15997ccbcbf8d50a6f504e8ffac5a5c
366ceeddfa3f83d84507dae95e949f01db7164d10b0f6cd23790816fb5861ad6
3701cadc5fc84e8ad639f83a87e20d82575e3cc28d479d73a0e66e5230e71c65
390a05ad36a12fa3f6319f5561f4c3fc63257f5d5822924bde25f907371db64d
39308a396e97df42bc3699b37ef93a00e6458765ba4e43291eb320e8bf24ed01
41f1e9970b646aadac0f40543bb08b21e49990bf1b09392d1ef4d71b275069ea
430260c1e98c636f2a9d13d7d4e159083abe889eaf5a58530dd779862ca32404
45e69d406dc1e7ced43a9e847a0acc78812030455a35c894c2a1546cac9f9926
484894648719027fc265a9fad98eddfe18cee179cde0e98b780af731e6b30a4a
4925a85c1723e81894735b3c86dc169ed7fd10388ecf0f536a182336cfa660e8
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4da3e3aa30b5b06390d7e7e3fcfb16d648909eb429d161c2748bd6d79a7ec5fb
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f828cdeddc7cc8061dfb2bed5d92c0cca701df32f7b1bc0273c01cbde623314
507ce7426c190c3d954909e634c514914c57d3f311fc022b560260614b596196
5131187204ce9efe08b945d15633d7d418fd692999f824f9a55524aa95559fea
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
57a0a2fc8cd76c79ebaa3b2585da194f93338262c228c1fb1a866b2dda6c1549
5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d
6a18b3c0a15fab8498292821e96772658557a7812cd0d2c34f2f73e0081f8c09
6b6c67f54c9cae9226b2251489f4604e72a15890c09e4cab3f7686fbc6c42ace
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6bdeca02f38306151b71374cfbbbe73506a9af54f4e3a5d9f6c04a969ada3e1a
7020be4e3541c91f5c6eae33141472969e2af8975ff47d596dfbe7e9c5eff660
72cca376440f971e2d99e3f8b7a50432517e8a75327360d35a3df8b896c3962d
7312355d6b976a3fcc9fbc7e04dafd9516f7ea0a0ccd22aaf6c12bca65ff6a82
74b1612d1cb16d432cfd6542a7efe8f9297f1197025e044b9e0d9fa8e54befab
7a23e0e46e16f067271bc79c92a917c13769848457d16cdf109e4dc04c687e8f
7a845344c57ceb50d3a4656048eac82130caded56be394b3d5bea83516775ac4
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7caf8b3b05dece083ff18c992c35b56ce60d853758ecd4ff805e1614233e1248
7dd370e6f3c7479b2e8b0c4e2e4965fb0dc2ca9ce2a541cc0624b069b062471a
7e8ef05a55eafab5277e6449520107db94dfb01b497a52f283e7ffa6ee49363d
7ec050c22e54c97b896f3196057dd010e45c580fe6ca44c91e2e3a513730494f
81dc1c3b18049bcdf53e7d26dec3337984b94f1ad365c6920d0323fd28a3b494
8540c5e2d2e85cc6c5d46b1b06b7f6642dce39e0314299a08976cfe6053c7c52
8cdca3b36914e8a3f56390da71389944579faaae82704e53bd66f9c0387502f6
92105b4e1a303ab557adbe71d5dfc036c696eac5ccc39fa9efa87f6abe987dbe
9213e89897982f211a9055c3337ac2f00726e2d64489ea99f5173fb572a946d5
96ffea4a5765dfbb25dc66d9b53fea99dc5503135270939f3efeea874949ff10
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9b3a768a0d2d23e86f3887b0b40ef0b35c39589dd4e9cac28adf957c045cfca3
9ca6e1bd00d52bdaa9899a8c8c87af7ebc4b65528cca3f4e200672814d5bf75f
9cf08c176c263ba5d5e9efde97a8445c119f978a42dac695612fbdf73615aa8a
9fc340f3124536c401070981407bf671cd21dbed9ecd311bc9ad6e03715848f1
9ffb8f3aec546bb06d1c4635ba17d29bf85c06c952e153034dae313250cbb829
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a334f368b502d68bcaafb174022cfe21775f1744f0a1cd520d0c57d094a8e66a
a4c5e7d2373f036eaaa10f38d126e2e1578d00af13fd6497b93c78d64949aef9
a5fcefaba919e6115c4d7ed76d1ea94529a8ca0c00e555ce93b075b290df99ff
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
ad85e9da356eccfa47445834e8918f1b255045e536e4498e085d4891f748e97e
b0c70f9d21afd60b58ce1fea2625adbfa52135ea789949426309bd1defec5872
b0e1947befc4e20bcebf8625bb288e020a7347705aa457f438f6a0afd2fefd27
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b175564106ad5e553a2e98b8e44e8c10c8d7bf8e48886001d85d6a6583763439
b399694d43775ea7757674996d3a5f466ea7afbe492ff90617595a12dadc4b58
b40b24c5e05f1f9eb3ae5f458f39d38999cc7f0a4180af7c49b0c945ceb510d8
b4bfe900cd8dd91bfbdca99a6c077b002e6ead5cce2caefdfe41c01e68b9ace0
ba4b44d60409fa4fec0c60719383f9ed80ee1948d470fe05ed9ed281d77fd592
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bbf4d111477ba98c1f74a84ec0a2b7d5712f35bd6fbe2b388f5cb3f2f6c7a7d1
c6cebb694e1b4a62ee0ddcf1d387ed1b92b755ff2294460f4757498eaff1a749
c73f24ae3ba3968a628f797e9f78ea2694531ff2bde63a116d9ea1ffc58e4597
cae0ae2d67aac89367108586ebd25e00afc5d0f8110e6eb71b8d274037f7a5d8
cc6d6ba4009e5b68c04afbbc9e0a8228a264e32047c2658a6d55d122072a8295
cd5489dc88fd8e9e9ea9cacf8077f8b20446d10fab97186491fe62079051a10d
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17
d3f7b36acf8eb6845a2eb64c1cd115acf2c4c73cb81b64d968873d52528a6c66
d4e77c7411d1de6efebf4278b9c98aa77dc2e5186cee271ac256138f17bef9f4
d62a3b924d49cc3909d8c7e7d66c6fda8780c357fae0f927993f424928401b20
d9d63aad9cf60b90448d51e766c4ea5a8bf49071ec627c9b329acefbc8bc8430
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
dc0f97104293756c4f347cbbe23067ef81a011e1a9eb5be1ee3fb5376186941d
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e0f23d16bb40b894855d19e097cc0b9f4695b98a7db1fed18625cfb1ce8bda35
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea110358a3d9ed8f3e493e104b3e523e51b27653837899f2139762521ad1001c
eaa44345626432058a5e13a91ca37c6dcd8149ab4a951ba9a3a3b1a3f19fe767
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f83ca3e8299ce52ab2282f283eccd64729dda06b0f32a47959a4f10ff14ef9a1
f87c3386ed26d681a833078b5a6f3fcf5e7495dc57d70aba7be783a0fc2f70a1
f9b2aaabab92d9c63930432351fa3f5aa634fcb5db31b039e23465f8b4bd5a68
fd79ec8f2914776080fdd7e4988815bd3451f0bfba5cc1b4e6274f5a1aa39d65
fed785a6a8ca96fb67230fec5d85f9c508db49f4075aa0ef284af56cd89813e3