www.fortinet.com Open in urlscan Pro
2600:1f18:1492:1702:852f:d87f:6683:b05a Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
Submission: On July 24 via api (July 24th 2024, 11:27:12 am UTC) from DE — Scanned from US

Summary HTTP 144 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 43 IPs in 2 countries across 36 domains to perform 144 HTTP transactions. The main IP is 2600:1f18:1492:1702:852f:d87f:6683:b05a, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is www.fortinet.com. The Cisco Umbrella rank of the primary domain is 221752.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on July 16th 2024. Valid for: a year.

This is the only time www.fortinet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
33	2600:1f18:149... 2600:1f18:1492:1702:852f:d87f:6683:b05a	14618 (AMAZON-AES) (AMAZON-AES)
6	2606:4700::68... 2606:4700::6813:b134	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::ac40:9b77	13335 (CLOUDFLAR...) (CLOUDFLARENET)
22	2600:1408:ac0... 2600:1408:ac00:192::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	34.193.67.242 34.193.67.242	14618 (AMAZON-AES) (AMAZON-AES)
1	52.200.107.114 52.200.107.114	14618 (AMAZON-AES) (AMAZON-AES)
1 1	44.230.204.58 44.230.204.58	16509 (AMAZON-02) (AMAZON-02)
1	63.140.39.35 63.140.39.35	14618 (AMAZON-AES) (AMAZON-AES)
7	23.222.79.235 23.222.79.235	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2606:4700::68... 2606:4700::6813:9308	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	23.45.193.200 23.45.193.200	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2400:52e0:1a0... 2400:52e0:1a00::1207:2	200325 (BUNNYCDN) (BUNNYCDN)
3	2620:1ec:c11:... 2620:1ec:c11::237	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
7	2607:f8b0:400... 2607:f8b0:400d:c04::61	15169 (GOOGLE) (GOOGLE)
2	70.42.32.191 70.42.32.191	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1	2600:1408:ec0... 2600:1408:ec00:2e::1735:ba8	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700:310... 2606:4700:3108::ac42:2af8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::ac40:973c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	52.32.164.86 52.32.164.86	16509 (AMAZON-02) (AMAZON-02)
2	2620:1ec:29:1... 2620:1ec:29:1::38	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	216.200.232.253 216.200.232.253	30419 (PAEDAE-INC) (PAEDAE-INC)
1	52.7.151.245 52.7.151.245	14618 (AMAZON-AES) (AMAZON-AES)
1	146.75.28.157 146.75.28.157	54113 (FASTLY) (FASTLY)
1	2600:9000:20e... 2600:9000:20ee:8400:12:dfa9:e200:93a1	16509 (AMAZON-02) (AMAZON-02)
2 4	68.67.181.211 68.67.181.211	29990 (ASN-APPNEX) (ASN-APPNEX)
2	13.248.142.121 13.248.142.121	16509 (AMAZON-02) (AMAZON-02)
1	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	2607:f8b0:400... 2607:f8b0:400d:c09::9c	15169 (GOOGLE) (GOOGLE)
3	72.21.81.130 72.21.81.130	15133 (EDGECAST) (EDGECAST)
3	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
1	173.194.175.149 173.194.175.149	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:400d:c07::64	15169 (GOOGLE) (GOOGLE)
1	18.210.229.244 18.210.229.244	14618 (AMAZON-AES) (AMAZON-AES)
1	2a04:4e42:600... 2a04:4e42:600::485	54113 (FASTLY) (FASTLY)
2	44.226.187.177 44.226.187.177	16509 (AMAZON-02) (AMAZON-02)
1	13.53.113.26 13.53.113.26	16509 (AMAZON-02) (AMAZON-02)
1 2	209.85.201.149 209.85.201.149	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f00... 2a03:2880:f003:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700:303... 2606:4700:3035::6815:3296	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2607:f8b0:400... 2607:f8b0:400d:c07::69	15169 (GOOGLE) (GOOGLE)
1	63.140.39.117 63.140.39.117	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:1408:c40... 2600:1408:c400:5::17c7:3719	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	34.117.77.79 34.117.77.79	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
144	43

33 2600:1f18:1492:1702:852f:d87f:6683:b05a (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

www.fortinet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6813:b134 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:9b77 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2600:1408:ac00:192::1e80 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.193.67.242 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-193-67-242.compute-1.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.200.107.114 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-200-107-114.compute-1.amazonaws.com

fortinet.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.230.204.58 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-44-230-204-58.us-west-2.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.140.39.35 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ip-63-140-39-35.data.adobedc.net

fortinet.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 23.222.79.235 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-222-79-235.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:9308 (United States)

ASN13335 (CLOUDFLARENET, US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.45.193.200 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-45-193-200.deploy.static.akamaitechnologies.com

amplify.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
wave.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2400:52e0:1a00::1207:2 (Chicago, United States)

ASN200325 (BUNNYCDN, SI)

a.opmnstr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::237 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2607:f8b0:400d:c04::61 (Morganton, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 70.42.32.191 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

tr.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1408:ec00:2e::1735:ba8 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3108::ac42:2af8 (United States)

ASN13335 (CLOUDFLARENET, US)

api.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:973c (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.32.164.86 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-32-164-86.us-west-2.compute.amazonaws.com

abm-tracking.demandscience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:29:1::38 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

tmp.argusplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixels.argusplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.200.232.253 (Frederick, United States)

ASN30419 (PAEDAE-INC, US)

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.7.151.245 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-7-151-245.compute-1.amazonaws.com

dx.mountain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.28.157 (Ashburn, United States)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:20ee:8400:12:dfa9:e200:93a1 (United States)

ASN16509 (AMAZON-02, US)

tags.inzynk.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 68.67.181.211 (North Bergen, United States) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 13.248.142.121 (United States)

ASN16509 (AMAZON-02, US)
PTR: ac3ff6aafb2cddae2.awsglobalaccelerator.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:400d:c09::9c (Morganton, United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 72.21.81.130 (United States)

ASN15133 (EDGECAST, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.194.175.149 (United States)

ASN15169 (GOOGLE, US)
PTR: qs-in-f149.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:400d:c07::64 (Morganton, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.210.229.244 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-210-229-244.compute-1.amazonaws.com

18.210.229.244	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.226.187.177 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-226-187-177.us-west-2.compute.amazonaws.com

intentstream.contanuity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.53.113.26 (Stockholm, Sweden)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-53-113-26.eu-north-1.compute.amazonaws.com

analytics.inzynk.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 209.85.201.149 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: qu-in-f149.1e100.net

10104846.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f003:100:face:b00c:0:3 (Ashburn, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3035::6815:3296 (United States)

ASN13335 (CLOUDFLARENET, US)

siteimproveanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:400d:c07::69 (Morganton, United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.140.39.117 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ip-63-140-39-117.data.adobedc.net

metrics.fortinet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1408:c400:5::17c7:3719 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.117.77.79 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 79.77.117.34.bc.googleusercontent.com

ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
34	fortinet.com www.fortinet.com — Cisco Umbrella Rank: 221752 metrics.fortinet.com — Cisco Umbrella Rank: 973993	6 MB
22	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 521	150 KB
8	6sc.co j.6sc.co — Cisco Umbrella Rank: 12402 c.6sc.co — Cisco Umbrella Rank: 16017 ipv6.6sc.co — Cisco Umbrella Rank: 12823 b.6sc.co — Cisco Umbrella Rank: 6896	20 KB
7	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	612 KB
6	doubleclick.net 1 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 77 ad.doubleclick.net — Cisco Umbrella Rank: 210 10104846.fls.doubleclick.net	4 KB
6	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 554	127 KB
5	outbrain.com amplify.outbrain.com — Cisco Umbrella Rank: 4363 tr.outbrain.com — Cisco Umbrella Rank: 4248 wave.outbrain.com — Cisco Umbrella Rank: 4246	10 KB
4	adnxs.com 2 redirects secure.adnxs.com — Cisco Umbrella Rank: 764 ib.adnxs.com — Cisco Umbrella Rank: 383	4 KB
3	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 1356	844 B
3	t.co t.co — Cisco Umbrella Rank: 979	896 B
3	bing.com bat.bing.com — Cisco Umbrella Rank: 534	15 KB
3	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 319 fortinet.demdex.net	2 KB
2	google.com www.google.com — Cisco Umbrella Rank: 10	128 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 236	72 KB
2	contanuity.com intentstream.contanuity.com — Cisco Umbrella Rank: 173029 tracking.contanuity.com Failed	374 B
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 18992	716 B
2	inzynk.io tags.inzynk.io — Cisco Umbrella Rank: 669379 analytics.inzynk.io — Cisco Umbrella Rank: 434735	22 KB
2	argusplatform.com tmp.argusplatform.com — Cisco Umbrella Rank: 859686 pixels.argusplatform.com — Cisco Umbrella Rank: 956759 webtracker.argusplatform.com Failed	3 KB
2	demandscience.com abm-tracking.demandscience.com — Cisco Umbrella Rank: 157542	3 KB
2	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 66995 ibc-flow.techtarget.com — Cisco Umbrella Rank: 63746 Failed	2 KB
2	omappapi.com a.omappapi.com — Cisco Umbrella Rank: 9699 api.omappapi.com — Cisco Umbrella Rank: 10036	3 KB
2	crazyegg.com script.crazyegg.com — Cisco Umbrella Rank: 4547	3 KB
1	ml314.com ml314.com — Cisco Umbrella Rank: 3108	12 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1884	969 B
1	siteimproveanalytics.com siteimproveanalytics.com — Cisco Umbrella Rank: 8455	12 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 410	15 KB
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 104
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 1253	15 KB
1	mountain.com dx.mountain.com — Cisco Umbrella Rank: 8539 px.mountain.com Failed	6 KB
1	mathtag.com pixel.mathtag.com — Cisco Umbrella Rank: 4337	712 B
1	opmnstr.com a.opmnstr.com — Cisco Umbrella Rank: 59906	18 KB
1	omtrdc.net fortinet.tt.omtrdc.net — Cisco Umbrella Rank: 990592	3 KB
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 2184	490 B
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 1019	314 B
0	facebook.com Failed www.facebook.com Failed
0	siteimproveanalytics.io Failed 6033413.global.siteimproveanalytics.io Failed
144	36

	Domain	Requested by
33	www.fortinet.com	www.fortinet.com
22	assets.adobedtm.com	cdn.cookielaw.org assets.adobedtm.com
7	www.googletagmanager.com	assets.adobedtm.com www.googletagmanager.com abm-tracking.demandscience.com
6	cdn.cookielaw.org	www.fortinet.com cdn.cookielaw.org
5	b.6sc.co
3	analytics.twitter.com
3	t.co
3	googleads.g.doubleclick.net	www.googletagmanager.com
3	bat.bing.com	assets.adobedtm.com bat.bing.com
2	www.google.com
2	connect.facebook.net	www.fortinet.com connect.facebook.net
2	10104846.fls.doubleclick.net	1 redirects assets.adobedtm.com
2	intentstream.contanuity.com	abm-tracking.demandscience.com
2	epsilon.6sense.com	j.6sc.co
2	ib.adnxs.com	1 redirects
2	secure.adnxs.com	1 redirects
2	abm-tracking.demandscience.com	www.fortinet.com abm-tracking.demandscience.com
2	tr.outbrain.com	amplify.outbrain.com
2	amplify.outbrain.com	www.fortinet.com amplify.outbrain.com
2	script.crazyegg.com	www.fortinet.com script.crazyegg.com
2	dpm.demdex.net	www.fortinet.com
1	ml314.com	www.fortinet.com ml314.com
1	snap.licdn.com	www.fortinet.com snap.licdn.com
1	metrics.fortinet.com
1	siteimproveanalytics.com	assets.adobedtm.com
1	analytics.inzynk.io	tags.inzynk.io
1	cdn.jsdelivr.net	abm-tracking.demandscience.com
1	pixels.argusplatform.com	tmp.argusplatform.com
1	www.google-analytics.com	www.googletagmanager.com
1	ad.doubleclick.net
1	ibc-flow.techtarget.com	trk.techtarget.com
1	tags.inzynk.io	assets.adobedtm.com
1	static.ads-twitter.com	www.fortinet.com
1	dx.mountain.com	www.fortinet.com
1	pixel.mathtag.com	www.fortinet.com
1	tmp.argusplatform.com	www.fortinet.com
1	trk.techtarget.com	www.fortinet.com
1	api.omappapi.com	a.opmnstr.com
1	a.omappapi.com	a.opmnstr.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	wave.outbrain.com	amplify.outbrain.com
1	a.opmnstr.com	assets.adobedtm.com
1	j.6sc.co	www.fortinet.com
1	fortinet.tt.omtrdc.net	www.fortinet.com
1	cm.everesttech.net	1 redirects
1	fortinet.demdex.net	www.fortinet.com
1	geolocation.onetrust.com	cdn.cookielaw.org
0	webtracker.argusplatform.com Failed	tmp.argusplatform.com
0	www.facebook.com Failed
0	tracking.contanuity.com Failed	abm-tracking.demandscience.com
0	6033413.global.siteimproveanalytics.io Failed
0	px.mountain.com Failed	dx.mountain.com
144	53

This site contains links to these domains. Also see Links.

Domain
www.linkedin.com
www.twitter.com
www.youtube.com
www.instagram.com
www.facebook.com
fortiguard.com
community.fortinet.com
investor.fortinet.com
onetrust.com

Subject Issuer	Validity	Valid
*.fortinet.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-16` - `2025-07-15`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2024-03-01` - `2024-12-31`	10 months	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh
assets.adobedtm.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-09` - `2025-08-09`	a year	crt.sh
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2024-10-26`	a year	crt.sh
*.tt.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2023-08-22` - `2024-09-21`	a year	crt.sh
6sc.co R11	`2024-07-03` - `2024-10-01`	3 months	crt.sh
script.crazyegg.com E1	`2024-06-03` - `2024-09-01`	3 months	crt.sh
*.outbrain.com DigiCert TLS RSA SHA256 2020 CA1	`2023-12-14` - `2024-12-14`	a year	crt.sh
a.opmnstr.com R11	`2024-06-25` - `2024-09-23`	3 months	crt.sh
www.bing.com Microsoft Azure RSA TLS Issuing CA 04	`2024-06-19` - `2024-12-16`	6 months	crt.sh
*.google-analytics.com WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
a.omappapi.com R11	`2024-06-25` - `2024-09-23`	3 months	crt.sh
omappapi.com WE1	`2024-06-16` - `2024-09-14`	3 months	crt.sh
trk.techtarget.com WE1	`2024-07-23` - `2024-10-21`	3 months	crt.sh
abm-tracking.demandscience.com R11	`2024-06-14` - `2024-09-12`	3 months	crt.sh
tmp.argusplatform.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2024-04-23` - `2024-10-23`	6 months	crt.sh
*.mathtag.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-04-23` - `2025-04-30`	a year	crt.sh
*.mountain.com Go Daddy Secure Certificate Authority - G2	`2024-05-23` - `2025-06-24`	a year	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-25` - `2025-06-24`	a year	crt.sh
*.inzynk.io Amazon RSA 2048 M02	`2024-01-07` - `2025-02-04`	a year	crt.sh
*.6sense.com Amazon RSA 2048 M03	`2024-04-23` - `2025-05-22`	a year	crt.sh
ibc-flow.techtarget.com WR3	`2024-07-02` - `2024-09-30`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-08` - `2025-05-07`	a year	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-07` - `2024-11-05`	a year	crt.sh
*.doubleclick.net WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
18.210.229.244 Sectigo RSA Domain Validation Secure Server CA	`2024-01-24` - `2025-02-13`	a year	crt.sh
pixels.argusplatform.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2024-04-22` - `2024-10-22`	6 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-09-27` - `2024-10-28`	a year	crt.sh
intentstream.contanuity.com E5	`2024-06-16` - `2024-09-14`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-05-02` - `2024-07-31`	3 months	crt.sh
siteimproveanalytics.com WE1	`2024-06-21` - `2024-09-19`	3 months	crt.sh
*.google.com WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
metrics.fortinet.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-26` - `2025-01-25`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
event-horizon.gcp.bomm.in WR3	`2024-06-23` - `2024-09-21`	3 months	crt.sh

This page contains 3 frames:

Primary Page: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
Frame ID: 1D87F9A02501B7627D25BF7974EDA28E
Requests: 141 HTTP requests in this frame

Frame: https://fortinet.demdex.net/dest5.html?d_nsid=0
Frame ID: DFF9675A31724CA0A7F35CE03893572A
Requests: 1 HTTP requests in this frame

Frame: https://10104846.fls.doubleclick.net/activityi;dc_pre=CL7diPnIv4cDFZjduAgd1pkDwg;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=5866535286600.183
Frame ID: 6746E6217B2B088DEF76D817A5F9163E
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Exploiting CVE-2024-21412: A Stealer Campaign Unleashed | FortiGuard Labs

Detected technologies

Adobe Experience Manager (CMS) Expand

Overall confidence: 100%
Detected patterns

/etc/designs/
/etc\.clientlibs/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Crazy Egg (Analytics) Expand

Overall confidence: 100%
Detected patterns

script\.crazyegg\.com/pages/scripts/\d+/\d+\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

FingerprintJS (JavaScript libraries) Expand

Overall confidence: 100%
Detected patterns

/fingerprintjs@(\d)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

TrackJs (Analytics) Expand

Overall confidence: 100%
Detected patterns

tracker\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

144
Requests

90 %
HTTPS

47 %
IPv6

36
Domains

53
Subdomains

43
IPs

2
Countries

7360 kB
Transfer

10817 kB
Size

45
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://www.linkedin.com/company/fortinet

Search URL Search Domain Scan URL

URL: https://www.twitter.com/fortinet

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCJHo4AuVomwMRzgkA5DQEOA?sub_confirmation=1

Search URL Search Domain Scan URL

URL: https://www.instagram.com/fortinet/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/fortinet

Search URL Search Domain Scan URL

URL: https://fortiguard.com/
Title: FortiGuard Labs

Search URL Search Domain Scan URL

URL: https://community.fortinet.com/
Title: Fortinet Community

Search URL Search Domain Scan URL

URL: https://investor.fortinet.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://onetrust.com/poweredbyonetrust

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 42

https://cm.everesttech.net/cm/dd?d_uuid=29795170077592954771292609856618407887 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZqDlDQAAAMXSHwOA

Request Chain 91

https://secure.adnxs.com/px?id=1773420&t=2 HTTP 307
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1773420%26t%3D2

Request Chain 92

https://ib.adnxs.com/seg?add=36113683 HTTP 307
https://ib.adnxs.com/bounce?%2Fseg%3Fadd%3D36113683

Request Chain 121

https://10104846.fls.doubleclick.net/activityi;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=5866535286600.183 HTTP 302
https://10104846.fls.doubleclick.net/activityi;dc_pre=CL7diPnIv4cDFZjduAgd1pkDwg;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=5866535286600.183

144 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request exploiting-cve-2024-21412-stealer-campaign-unleashed Show response
www.fortinet.com/blog/threat-research/ 70 KB
25 KB 578ms
104ms Document
text/html 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

b8bd6ae17f88486fa86c4acb7f2190d93bcbdd5e223e55b46273cb0eb0a05878

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Age: 66179
Cache-Control: max-age=600, public, s-maxage=10800
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 23684
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Type: text/html;charset=utf-8
Date: Wed, 24 Jul 2024 11:23:17 GMT
ETag: "118e6-61ded2657972b-gzip"
Last-Modified: Tue, 23 Jul 2024 17:04:07 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
Via: 1.1 21a5f0e24a694c040922a8766d75a2e0.cloudfront.net (CloudFront)
X-Amz-Cf-Id: XB3MYFhjiUQNIFojd6GyLpqeOa1vPnotJez099kXpPCs-jy84DI4rQ==
X-Amz-Cf-Pop: IAD61-P2
X-Cache: Hit from cloudfront
X-Content-Type-Options: nosniff
X-Dispatcher: dispatcher1uswest1-28559594
X-Frame-Options: SAMEORIGIN
X-Vhost: publish
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK visitorapi.min.js Show response
www.fortinet.com/etc/designs/fortinet/adb-target/ 64 KB
30 KB 241ms
93ms Script
application/javascript 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc/designs/fortinet/adb-target/visitorapi.min.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

0f03d4ff929986a3cde83681fd2560eae544f7138f59945ec6ec32c17800ca91

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Fri, 19 Jul 2024 19:32:47 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Encoding: gzip
Via: 1.1 21a5f0e24a694c040922a8766d75a2e0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
X-Vhost: publish
X-Cache: Hit from cloudfront
Age: 402859
Connection: keep-alive
Content-Length: 29532
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 15 Feb 2024 21:43:32 GMT
Server: Apache
ETag: "fe2d-6117284c96900-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: YKXkNlqhdamC3iGVzTTSTA_vwdYTYZjso35xi4QQUQl5wsCSwTUsAg==

GET
H/1.1 200
OK at.js Show response
www.fortinet.com/etc/designs/fortinet/adb-target/ 104 KB
48 KB 356ms
99ms Script
application/javascript 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc/designs/fortinet/adb-target/at.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

db058d72d7ba8ff6ed7209af23a4458c373cc78f72c81ec1df88bb5de72a0b0b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Fri, 19 Jul 2024 20:11:23 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Encoding: gzip
Via: 1.1 21a5f0e24a694c040922a8766d75a2e0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
X-Vhost: publish
X-Cache: Hit from cloudfront
Age: 400543
Connection: keep-alive
Content-Length: 47782
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 21 Mar 2024 20:59:39 GMT
Server: Apache
ETag: "19e83-61431fc4b24c0-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: milpX62KC-h6lcdxjX-xA39CQD0YbUJUbO0_CtT2qhNH6MOXJtV1dQ==

GET
H/1.1 200
OK clientlib-base.min.900b148ab7b87024003111a1245cca9c.css
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/ 540 KB
28 KB 131ms
93ms Stylesheet
text/css 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.900b148ab7b87024003111a1245cca9c.css

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

94633716497a85d800b6e573953942c4cfe483c0dbd68fa97fd01dd97ced5d66

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 18:50:22 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Encoding: gzip
Via: 1.1 21a5f0e24a694c040922a8766d75a2e0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
X-Vhost: publish
X-Cache: Hit from cloudfront
Age: 146306
Connection: keep-alive
Content-Length: 27478
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 20 Jun 2024 20:55:17 GMT
Server: Apache
ETag: "86e1b-61b58883c7740-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: text/css;charset=utf-8
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: uhIQfPF5_mXUbrMfnQ-BGjHscx8t7HKtEJDpFNUgATQGdZAFKTwvcg==

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 412ms
106ms Script
application/javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0c289faa80333eff728b8bdbbf10b11dec1a6e1938a444e1cc41be6744e96d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 24 Jul 2024 11:27:06 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: PzcU3Ivp6w0l3AsetHXgNw==
age: 71522
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6882
x-ms-lease-status: unlocked
last-modified: Mon, 22 Jul 2024 16:52:22 GMT
server: cloudflare
etag: 0x8DCAA6EA7FD79D6
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 84d5a425-501e-00d8-5667-dc345b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a838f225abf9e08-EWR

GET
H/1.1 200
OK fortinet-logo-white.svg
www.fortinet.com/content/dam/fortinet-blog/ 32 KB
3 KB 444ms
147ms Image
image/svg+xml 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/fortinet-logo-white.svg

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Wed, 24 Jul 2024 11:17:19 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Encoding: gzip
Via: 1.1 03c28758fe0abb70088fb45c6855d854.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
X-Vhost: publish
X-Cache: Hit from cloudfront
Age: 29024745
Content-Disposition: attachment; filename="fortinet-logo-white.svg"
Connection: keep-alive
Content-Length: 1998
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 22 Feb 2018 23:16:01 GMT
Server: Apache
ETag: "7ebb-565d53a1d6e40-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: 9ddmwJoLRPTNkde0635yvvAa3Kdo4x28Jfz3KkIPsxc4IuhgbrRd-g==

GET
H/1.1 200
OK toc-icon.jpg
www.fortinet.com/content/dam/fortinet/images/ 1 KB
3 KB 393ms
94ms Image
image/jpeg 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet/images/toc-icon.jpg

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

370df1cc8999c1e03fc1c5f7ced35334513d19233d1fc79d2c1c7f711361565d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Wed, 24 Jul 2024 11:23:58 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 1448cc53c16b560cf86c5348358d4682.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 21837162
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 1277
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 14 Nov 2023 17:34:13 GMT
Server: Apache
ETag: "4fd-60a2031eb4f40"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: 6PK98xf_Xh-zM00Otb_x6SG_3uPhqwU3_qiVhgvXEZiOu4JN6LFv9Q==

GET
H/1.1 200
OK clientlib-base.min.ba4f082a77dabb2c6baf715d9eb61c22.js Show response
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/ 160 KB
74 KB 94ms
94ms Script
application/javascript 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.ba4f082a77dabb2c6baf715d9eb61c22.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

7b1e74dd6970b56853dfd79e59ba73315051b0c59a69c6a9fd87e515650fdc80

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Mon, 22 Jul 2024 18:48:43 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Encoding: gzip
Via: 1.1 21a5f0e24a694c040922a8766d75a2e0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
X-Vhost: publish
X-Cache: Hit from cloudfront
Age: 146303
Connection: keep-alive
Content-Length: 74768
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 11 Jul 2024 21:01:58 GMT
Server: Apache
ETag: "28100-61cff12ce1d80-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript;charset=utf-8
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: KirlSEhxUMUrrGQ79WZV2IhOidsX4-83s53UzPoy62RMvT39wayXpQ==

GET
H2 200 f85f39fc-d7aa-467a-b762-fbb722748016.json Show response
cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/ 5 KB
2 KB 424ms
114ms XHR
application/x-javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/f85f39fc-d7aa-467a-b762-fbb722748016.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8998282f5a80fff5eaafdbd457dd7a81af0cd7c8696bfe032a6aeef8fe67f99f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 24 Jul 2024 11:27:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 62943
content-md5: Uj3iBUKm1Vl2g2NHq67V+w==
content-length: 1792
x-ms-lease-status: unlocked
last-modified: Thu, 28 Dec 2023 19:56:54 GMT
server: cloudflare
etag: 0x8DC07DF23DF5130
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 67257c4e-101e-0033-60c8-396628000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a838f254deb7c9c-EWR
expires: Thu, 25 Jul 2024 11:27:07 GMT

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK cve-2024-21412-hero.png
www.fortinet.com/content/dam/fortinet-blog/article-heros/ 429 KB
431 KB 91ms
91ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/article-heros/cve-2024-21412-hero.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

05b1d251b44fdd42bd27a73eb373440c9957297292c3f13a677eb908648486ee

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 13:09:56 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 03c28758fe0abb70088fb45c6855d854.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 80754
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 439634
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:40:28 GMT
Server: Apache
ETag: "6b552-61d8d43f52f00"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: qgsp40NLVxu5r0zuIKyij3lS19b1XSngYJX4sMm141poMDCgpvM4-A==

GET
H/1.1 200
OK UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
www.fortinet.com/etc/designs/fortinet/gfonts/ 37 KB
38 KB 89ms
89ms Font
application/octet-stream 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc/designs/fortinet/gfonts/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.900b148ab7b87024003111a1245cca9c.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

b97c99a69a6275c8f90703cd4c0864089a74fd08383a1cc75a8a4d0c2cb60cce

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.900b148ab7b87024003111a1245cca9c.css
Origin: https://www.fortinet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Thu, 11 Jul 2024 21:13:11 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 21a5f0e24a694c040922a8766d75a2e0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 1088035
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 37716
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 18 May 2022 21:08:06 GMT
Server: Apache
ETag: "9354-5df4fa74ff980"
X-Frame-Options: SAMEORIGIN
Content-Type: application/octet-stream
Cache-Control: max-age=2000000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: 5uxaGUgfh-YhH5CPK87V4jzWskr6sDbm09udpji4fDAqVd8p362a8A==

GET
H/1.1 200
OK stealer-1.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image.img.png/1721335821214/ 85 KB
86 KB 92ms
91ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image.img.png/1721335821214/stealer-1.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

855f75e3c59ecf05751e400ad7f8ef021ab050a882b7c4861a187c9475c16dbc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 1448cc53c16b560cf86c5348358d4682.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67175
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 86575
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 20:50:21 GMT
Server: Apache
ETag: "1522f-61d8bba265d40"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: 2iowsC5o-o3td6qXvi64coJoQd-4Yk6bTdMZLuHnLiUDj6bG6zxy3w==

GET
H/1.1 200
OK stealer-2.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy.img.png/1721340599411/ 62 KB
63 KB 96ms
95ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy.img.png/1721340599411/stealer-2.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

bf75adb4dce36bece1ce5451a9fb6d4fbd65ee72fc074b55ca676f2d8898da5b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 d907e6ff1d7c4efa4a8fcfcbb0b5531c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67171
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 63509
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:09:59 GMT
Server: Apache
ETag: "f815-61d8cd6f0dbc0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: lfWPMZKDsvhH_kYFKUAj3eMFeqM2GymxYgxArEKb--Z6ie8pgNTztQ==

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK stealer-3.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy.img.png/1721338963877/ 25 KB
26 KB 99ms
98ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy.img.png/1721338963877/stealer-3.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

1d7b331a045e0921f57a7aca33a2be27539027cc5b1ded6de5ad38263eddf8a3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 3a60765023a93f6346539d2ca40f0b12.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67175
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 25740
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 21:42:43 GMT
Server: Apache
ETag: "648c-61d8c756d7ac0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: qFPCL14vpjrEyNf__xoWYumhqqhmmbypaJ0dgrkciq4yl4LZkDy7YA==

GET
H/1.1 200
OK stealer-3-2.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_110863164.img.png/1721338977125/ 25 KB
26 KB 94ms
93ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

0e5f18649f61dd74f9caf157048d64c16ceb0fd2e8b54ed9e3c6ff1ebf22bd24

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 ff071fa99e74a44c6556cef90e125ca8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 66640
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 25595
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 21:42:57 GMT
Server: Apache
ETag: "63fb-61d8c76431a40"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: B5weaW6Q-y9Oj7vg0kIGcOY8OlqGpbBOshqOfgVaFsRKL1ZUB-Om2Q==

GET
H/1.1 200
OK stealer-4.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy.img.png/1721339893610/ 255 KB
256 KB 90ms
90ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

e3a54e557f40c9a8528562f5f9fe39cb3fce5ad1e3f4238ec791c17961645240

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 21a5f0e24a694c040922a8766d75a2e0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67175
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 260902
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 21:58:13 GMT
Server: Apache
ETag: "3fb26-61d8cacdc2740"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: 5ym5t8rYiyCRk-q8rUg18D0Rit9QClyOOQfuKxXdv4XxDlFxqwrH0A==

GET
H/1.1 200
OK stealer-5.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_967242649.img.png/1721339920989/ 736 KB
737 KB 91ms
91ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

bdfd8a95ffd68d8bc7149ea79a3ca8a1869fe507a42e4f7a368f626843346e89

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 ff071fa99e74a44c6556cef90e125ca8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67171
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 753246
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 21:58:40 GMT
Server: Apache
ETag: "b7e5e-61d8cae782400"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: 9BrAt4Q_E-c2FEUqByihqpbaYE9RjUDm7ZND1W2Seuk4CsxJYK4GKA==

GET
H/1.1 200
OK stealer-6.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_1215818884.img.png/1721340297519/ 226 KB
227 KB 91ms
91ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

895f6b9e5d37c494c7c8ebf30eade521c286b27001d256e3a37f5ac27684a57d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 3a60765023a93f6346539d2ca40f0b12.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67176
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 231447
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:04:57 GMT
Server: Apache
ETag: "38817-61d8cc4f0b440"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: z-WOH_bOdPjuYrpKSmLLkuroRfQ6Xsi6BCSunPZFqOFJ7NOMJn4HHA==

GET
H/1.1 200
OK stealer-6-2.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_386732739.img.png/1721340317097/ 251 KB
252 KB 91ms
90ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

e2d910265020b45a6878d4b62b104bc4cfbcf7554e7386d81aef7a0ae208048e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 1448cc53c16b560cf86c5348358d4682.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67176
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 257145
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:05:17 GMT
Server: Apache
ETag: "3ec79-61d8cc621e140"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: SrF0ItmxQ3i2v7JbZm9OqWQf67e1qtziiimdzbmTnnruzfMFuVqSbg==

GET
H/1.1 200
OK stealer-7.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_1175059951.img.png/1721340377992/ 485 KB
486 KB 93ms
93ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

663fcd2b41d75e07e72ea2622d80566bcf10f1951f7293217d5fd9c9e3e542d8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 d907e6ff1d7c4efa4a8fcfcbb0b5531c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67176
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 496746
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:06:17 GMT
Server: Apache
ETag: "7946a-61d8cc9b56840"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: pOwVBrajka_HrYXLwfGzy_3Mqyt7c6rlSrzfmKqF9Gl95UTW8GGrPw==

GET
H/1.1 200
OK stealer-8.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_1558477246.img.png/1721340431350/ 36 KB
38 KB 93ms
91ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

770be267abb4fe287bf67c2fdbdf4f14556632b8e07a6d464e58ca56e3e33474

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 03c28758fe0abb70088fb45c6855d854.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67176
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 37083
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:07:11 GMT
Server: Apache
ETag: "90db-61d8ccced61c0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: HRKSA540kSWSnGYltng6i9bWsvkVAIQbONZg6PVSWzxmPy6i7OOlJA==

GET
H/1.1 200
OK stealer-8-2.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_447561515.img.png/1721340453929/ 31 KB
32 KB 90ms
90ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

ebd0b0892d3b17adc658369a10ebfe9abcd4883fd08bb047fd66dd459edd4481

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 21a5f0e24a694c040922a8766d75a2e0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67176
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 31764
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:07:33 GMT
Server: Apache
ETag: "7c14-61d8cce3d1340"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: EstQut4pbW2tMszvs-aTNq1L52z5z1DSe_YUbTPDapdkp_LRw4Tq4w==

GET
H/1.1 200
OK stealer-9.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_299690718.img.png/1721340797851/ 548 KB
549 KB 90ms
89ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

bedf62e46e59fa272ad95971fb563c91a33501c2443058083872960861534da7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 03c28758fe0abb70088fb45c6855d854.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67176
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 561099
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:13:17 GMT
Server: Apache
ETag: "88fcb-61d8ce2be1940"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: mdrbntABkxWLBNPdd7w-KJOvqFdJrHRIeg1KBpVuXi1cbm-vZO4-Mg==

GET
H/1.1 200
OK stealer-10.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_486093180.img.png/1721341353108/ 536 KB
537 KB 102ms
102ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

bec82187bec72da82a4eed1c0c3624ac495ca960b7286da80815db9b5c43777e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 21a5f0e24a694c040922a8766d75a2e0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 66910
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 548887
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:22:33 GMT
Server: Apache
ETag: "86017-61d8d03e1fc40"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: MiHAHKfAKbCS_MysXIKT626SeSpE4PiN2hpNE2LUlm2aXkIg4kaE5Q==

GET
H/1.1 200
OK stealer-11.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_1792784929.img.png/1721341661455/ 495 KB
497 KB 93ms
92ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

114ed516604e98cd030c85d1be345541019326d2f32bb784626fb13ad57f8744

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 3a60765023a93f6346539d2ca40f0b12.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67174
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 507338
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:27:41 GMT
Server: Apache
ETag: "7bdca-61d8d163db140"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: B0cXob4mfrmMqn2rgOOmFaDuZDtr2GKxzI63jm_PPMW5OuCzW6RUcQ==

GET
H/1.1 200
OK stealer-12.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_125801863.img.png/1721341839402/ 54 KB
55 KB 91ms
91ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

30ddee8ebf0ffd7c415585a9e3a0e8023deb80ed05b857a4427dbb75790c43bd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 1448cc53c16b560cf86c5348358d4682.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67176
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 55265
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:30:39 GMT
Server: Apache
ETag: "d7e1-61d8d20d9c1c0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: fcdXuW-ByMRhzhCteH6DRaBVC0BHqFMo-RGcZnerKVic1MgbrBiUog==

GET
H/1.1 200
OK stealer-13.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_1354616904.img.png/1721341858282/ 508 KB
509 KB 93ms
93ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

3e63ed3b834f3a6961e1476a3dfadffb78212feac2bf804352a6926091b4c828

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 23 Jul 2024 17:52:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 d907e6ff1d7c4efa4a8fcfcbb0b5531c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 66640
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 520084
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:30:58 GMT
Server: Apache
ETag: "7ef94-61d8d21fbac80"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: ElyDsf2wxKFlT7lG1EB0pjAMPaFx7Db2TTKdq6J02fQjfVbUSMpzIA==

GET
H/1.1 200
OK stealer-14.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_210389830.img.png/1721341914790/ 287 KB
288 KB 95ms
94ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

b64cae93d3398a9d5da33d3728f714a222df73943f87b81b7f2c49d58e2794ef

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 23 Jul 2024 17:52:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 1448cc53c16b560cf86c5348358d4682.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 66909
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 293512
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:31:54 GMT
Server: Apache
ETag: "47a88-61d8d25522a80"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: EE53b8ZDCt2Mw-e7rXZitw5q6r8NrvuN2b13OMzQtFg1E6rxDTtL9g==

GET
H/1.1 200
OK stealer-15.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_1279974212.img.png/1721341938787/ 102 KB
103 KB 90ms
90ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

d1fe20aff60f91b78aabd65363112fbc84a8e7c8dd0c258bb1aae48cc4e4879c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 23 Jul 2024 17:52:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 ff071fa99e74a44c6556cef90e125ca8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 66909
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 104452
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:32:18 GMT
Server: Apache
ETag: "19804-61d8d26c06080"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: IdzzdJQqXFPwXyV-I_lMoxu12Gr6xsSfJXYqm8I1KiM1UbDKsmM3rw==

GET
H/1.1 200
OK stealer-16.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_398882795.img.png/1721341971772/ 270 KB
271 KB 92ms
91ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

8883bc0b8dd0d8b6e1f37046e643e3487484913aae5fedbb41b9c0c059ecf123

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 03c28758fe0abb70088fb45c6855d854.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67175
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 276602
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:32:51 GMT
Server: Apache
ETag: "4387a-61d8d28b7eac0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: 3_N2GXRrPnesc1-Rzal9gg_rZ9cZNrOMSenksDtI3o_TDlg05W_8mw==

GET
H/1.1 200
OK stealer-17.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_1313884336.img.png/1721342021064/ 192 KB
193 KB 95ms
94ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

93f1175b9eb9dcdf7cc89fb8a0049b1734aead76c4e9a71ce2e74c6659dfc7a2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 23 Jul 2024 17:52:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 21a5f0e24a694c040922a8766d75a2e0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 66908
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 196311
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:33:41 GMT
Server: Apache
ETag: "2fed7-61d8d2bb2db40"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: 9bM3hAj9zgYzw2oTyDsGAxGplpHuMU9ejtLP5hVMP60KUtBTQU9-Bg==

GET
H/1.1 200
OK stealer-18.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_991419676.img.png/1721342039151/ 230 KB
231 KB 98ms
98ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

9453297b8c031ffe12f292174750cabd95f6069010d7dfb77e3e840f462706e1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 23 Jul 2024 17:52:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 ff071fa99e74a44c6556cef90e125ca8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 66908
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 235191
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:33:59 GMT
Server: Apache
ETag: "396b7-61d8d2cc583c0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: ta3wwYCULRWMLkLbX7y3m_jv1QuY-k8p31WHzjbsNoERznJrXsWKzA==

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 69 B
314 B 458ms
158ms XHR
application/json 2606:4700:4400::ac40:9b77
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:9b77 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59e58524340cd7ad353be010374b124c242fdde10a0ed41047fe2fd4bb9e5a2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:07 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 8a838f27ddf84cac-PHL
access-control-allow-headers: Content-Type

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.10.0/ 356 KB
78 KB 104ms
103ms Script
application/javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a23e0e46e16f067271bc79c92a917c13769848457d16cdf109e4dc04c687e8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 24 Jul 2024 11:27:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Bh9exWOPGIwRshWljrtlEw==
age: 62692
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 79698
x-ms-lease-status: unlocked
last-modified: Thu, 03 Dec 2020 02:43:00 GMT
server: cloudflare
etag: 0x8D89735260901BC
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 196e3d49-701e-0078-0644-149a7b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a838f28df6e9e08-EWR

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/68cad325-7b77-4fcb-9f98-ba2e81aa9045/ 99 KB
24 KB 110ms
110ms Fetch
application/x-javascript 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/68cad325-7b77-4fcb-9f98-ba2e81aa9045/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7ad0607daba7c0ddecacb3c696099e761076f147549440a7b3c4baa8f67ddaac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 24 Jul 2024 11:27:07 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 52505
content-md5: SDJFQYswktbx6w5cJzzMRQ==
content-length: 24004
x-ms-lease-status: unlocked
last-modified: Thu, 28 Dec 2023 19:57:06 GMT
server: cloudflare
etag: 0x8DC07DF2B6F9C71
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 9f466969-301e-009d-1cc8-39cb39000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a838f2a0a5a7c9c-EWR
expires: Thu, 25 Jul 2024 11:27:07 GMT

GET
H/1.1 200
OK favicon.ico
www.fortinet.com/etc/designs/fortinet-blog/ 318 B
2 KB 92ms
91ms Other
image/vnd.microsoft.icon 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc/designs/fortinet-blog/favicon.ico

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

d18b3c9feb76c3c1cfdcc51c732f113327e3c33fb3f63b479951f7da6ed1216f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Fri, 12 Jul 2024 21:15:40 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Encoding: gzip
Via: 1.1 ff071fa99e74a44c6556cef90e125ca8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
X-Vhost: publish
X-Cache: Hit from cloudfront
Age: 1087963
Connection: keep-alive
Content-Length: 133
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 22 Feb 2018 05:17:28 GMT
Server: Apache
ETag: "13e-565c628eb6a00-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: image/vnd.microsoft.icon
Cache-Control: max-age=2000000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: J9uYwjccKUevp4T_0XTQ1mWXgId9EvUxQVPGNH-K5SBm_LxwSBVTUQ==

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/6.10.0/assets/ 13 KB
4 KB 96ms
96ms Fetch
application/json 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.10.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8cdca3b36914e8a3f56390da71389944579faaae82704e53bd66f9c0387502f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 24 Jul 2024 11:27:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: W9e0YobmEbvdB0V9OmpQkw==
age: 53727
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3329
x-ms-lease-status: unlocked
last-modified: Thu, 03 Dec 2020 02:42:50 GMT
server: cloudflare
etag: 0x8D89735209A34D6
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: e7ba9f8a-a01e-0009-5512-247c50000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a838f2b0b167c9c-EWR

GET
H2 200 otPcTab.json Show response
cdn.cookielaw.org/scripttemplates/6.10.0/assets/v2/ 45 KB
12 KB 121ms
121ms Fetch
application/json 2606:4700::6813:b134
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.10.0/assets/v2/otPcTab.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f9b2aaabab92d9c63930432351fa3f5aa634fcb5db31b039e23465f8b4bd5a68

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 24 Jul 2024 11:27:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: zNsRoM1FEmsEgJoYMCNTng==
age: 66606
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 11755
x-ms-lease-status: unlocked
last-modified: Thu, 03 Dec 2020 02:42:53 GMT
server: cloudflare
etag: 0x8D897352245C4EA
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 77f313b5-301e-0034-7eb4-210a4b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a838f2b2b677c9c-EWR

GET
H2 200 launch-EN23cb8375449840dc93b13f34d935b8b9.min.js Show response
assets.adobedtm.com/ 500 KB
120 KB 406ms
100ms Script
application/x-javascript 2600:1408:ac00:192::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Requested by: Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:192::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 3f36cb484213cafc798ef594c00ffdc27156f0106c63b539c3464bae355fb82a

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:08 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:18 GMT
server: AkamaiNetStorage
etag: "8a4c827a8473d3eaa82e456391d2db4b:1721688797.91308"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 123001
expires: Wed, 24 Jul 2024 12:27:08 GMT

GET
H2 200 id Show response
dpm.demdex.net/ 367 B
913 B 504ms
166ms XHR
application/json 34.193.67.242
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1721820428164

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/etc/designs/fortinet/adb-target/visitorapi.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.193.67.242 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-67-242.compute-1.amazonaws.com

Software

Resource Hash

3b44ca1c49a57c0891a934b6a4008735bf0e189883f21b49a92dbcd7b1035473

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

dcs: dcs-prod-va6-1-v062-0de286e2b.edge-va6.demdex.com 3 ms
pragma: no-cache
date: Wed, 24 Jul 2024 11:27:08 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-tid: osdus9rKScw=
vary: Origin
content-type: application/json;charset=utf-8
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
access-control-allow-credentials: true
content-length: 309
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 dest5.html
fortinet.demdex.net/ Frame DFF9 0
0 403ms
100ms Document
text/html 52.200.107.114
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://fortinet.demdex.net/dest5.html?d_nsid=0

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/etc/designs/fortinet/adb-target/visitorapi.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.200.107.114 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-52-200-107-114.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.fortinet.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Wed, 24 Jul 2024 11:27:09 GMT
dcs: dcs-prod-va6-1-v062-0e09ac8d3.edge-va6.demdex.com 0 ms
expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Thu, 18 Jul 2024 09:26:40 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains
vary: accept-encoding
x-tid: mlJrRx66Shg=

GET
H2

200

ibs:dpid=411&dpuuid=ZqDlDQAAAMXSHwOA
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=29795170077592954771292609856618407887
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZqDlDQAAAMXSHwOA

42 B
717 B

116ms
116ms

Image
image/gif

34.193.67.242
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZqDlDQAAAMXSHwOA

Protocol

Server

34.193.67.242 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-193-67-242.compute-1.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

dcs: dcs-prod-va6-1-v062-0d483d847.edge-va6.demdex.com 25 ms
pragma: no-cache
date: Wed, 24 Jul 2024 11:27:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: /fqjcVhiS3Q=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZqDlDQAAAMXSHwOA
Date: Wed, 24 Jul 2024 11:27:09 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

POST
H2 200 delivery Show response
fortinet.tt.omtrdc.net/rest/v1/ 7 KB
3 KB 487ms
107ms XHR
application/json 63.140.39.35
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://fortinet.tt.omtrdc.net/rest/v1/delivery?client=fortinet&sessionId=9c635a2f83c64ce9beb7f66dd1940068&version=2.10.0

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/etc/designs/fortinet/adb-target/at.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.39.35 , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ip-63-140-39-35.data.adobedc.net

Software

jag /

Resource Hash

9593a864c223dd82b1984bceca3b92a0622c90e6799b159131db2138f40240e0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 24 Jul 2024 11:27:09 GMT
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
server: jag
x-content-type-options: nosniff
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
timing-allow-origin: *
x-xss-protection: 1; mode=block
x-request-id: 7ecae23a-f362-4823-9d97-a35559b95585

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EPc7341b33570d4c988798fc9f0093d4b2/ 35 KB
13 KB 89ms
89ms Script
application/x-javascript 2600:1408:ac00:192::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPc7341b33570d4c988798fc9f0093d4b2/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:192::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: f012c00d43164a4de843ae80abefe500f8497e1123d11c965cd3b40600fe9720

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:08 GMT
content-encoding: gzip
last-modified: Mon, 04 Mar 2024 18:51:30 GMT
server: AkamaiNetStorage
etag: "964f8cb588092ac645368e7307eb73ac:1709578290.803919"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12938
expires: Wed, 24 Jul 2024 12:27:08 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EPc7341b33570d4c988798fc9f0093d4b2/ 3 KB
2 KB 99ms
99ms Script
application/x-javascript 2600:1408:ac00:192::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPc7341b33570d4c988798fc9f0093d4b2/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:192::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: b90b775b65c2623322caaa52d7acf6af709ca59bdd475a54043b6308d91828c4

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:08 GMT
content-encoding: gzip
last-modified: Mon, 04 Mar 2024 18:51:31 GMT
server: AkamaiNetStorage
etag: "9cf185793291692f744c78c75da01dd8:1709578291.795602"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1599
expires: Wed, 24 Jul 2024 12:27:08 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 68 KB
18 KB 403ms
100ms Script
application/javascript 23.222.79.235
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.222.79.235 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-222-79-235.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

4dba9e54570483a0624219ec53864f468c9cbdf4f9c1f23821e539de7cb0c9fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:27:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 12 Jul 2024 19:23:12 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "669182a0-10e5e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, proxy-revalidate, max-age=1800
accept-ranges: bytes
content-length: 18671
expires: Wed, 24 Jul 2024 11:57:09 GMT

GET
H2 200 0786.js Show response
script.crazyegg.com/pages/scripts/0117/ 7 KB
3 KB 457ms
99ms Script
text/javascript 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0117/0786.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8db92e7cdc1ad40168c42e93b05d842e056d8a5b83ae96b95d2b1c546f828196

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:09 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 97178
cf-polished: origSize=6998
ce-version: 11.5.248
cf-bgj: minify
last-modified: Tue, 23 Jul 2024 08:27:31 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
cf-ray: 8a838f320e0843a1-EWR

GET
H/1.1 200
OK obtp.js Show response
amplify.outbrain.com/cp/ 28 KB
9 KB 430ms
89ms Script
application/x-javascript 23.45.193.200
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://amplify.outbrain.com/cp/obtp.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.193.200 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-193-200.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 8489534bde4ad3c3cedebecd11b9babe653de6b413922ec2b877c5bfcb33ee3e

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Wed, 24 Jul 2024 11:27:09 GMT
Content-Encoding: gzip
Last-Modified: Mon, 22 Jul 2024 07:46:05 GMT
Server: AkamaiNetStorage
ETag: "7437febf15b08e005ac33eb9fc2707ae:1721634584.416148"
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-RG: NA
Cache-Control: max-age=1200
X-CC: US
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8614
Expires: Wed, 24 Jul 2024 11:47:09 GMT

GET
H2 200 api.min.js Show response
a.opmnstr.com/app/js/ 51 KB
18 KB 543ms
127ms Script
application/javascript 2400:52e0:1a00::1207:2
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.opmnstr.com/app/js/api.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1a00::1207:2 Chicago, United States, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-IL1-1207 /
Resource Hash: 13c309d0ebac3484b78106413ee31f46abfc690429c64ddf6ceb1b1838424ada

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:09 GMT
content-encoding: br
cdn-edgestorageid: 718
perma-cache: HIT
cdn-storageserver: NY-427
cdn-cachedat: 07/22/2024 20:03:24
cdn-pullzone: 293267
last-modified: Wed, 10 Jul 2024 18:36:03 GMT
server: BunnyCDN-IL1-1207
cdn-fileserver: 749
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"668ed493-cc71"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 7fdb8766b306f39defb13aff99699b58
cdn-requestcountrycode: US
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 bat.js Show response
bat.bing.com/ 49 KB
14 KB 481ms
100ms Script
application/javascript 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Wed, 24 Jul 2024 11:27:08 GMT
last-modified: Sat, 13 Jul 2024 20:42:16 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 132838236E5F438A80297137097AD6C0 Ref B: PHL30EDGE0218 Ref C: 2024-07-24T11:27:09Z
etag: "044982565d5da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 14183

GET
H2 200 RCac955f2e1e97429197e1e31aaec22e86-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 1 KB
942 B 94ms
93ms Script
application/x-javascript 2600:1408:ac00:192::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RCac955f2e1e97429197e1e31aaec22e86-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:192::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 7c951a4408b8eb47ecea22bc965c50addb9e027eed0d48b1248869d967967ceb

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:08 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 684
expires: Wed, 24 Jul 2024 12:27:08 GMT

GET
H2 200 RC41e16e9b16d1408cbf43b5b2e7378738-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 9 KB
2 KB 90ms
88ms Script
application/x-javascript 2600:1408:ac00:192::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC41e16e9b16d1408cbf43b5b2e7378738-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:192::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 9e127a551b1d872db037fb1c551f032ffb34217f160a6906918f720cae169575

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:08 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 1845
expires: Wed, 24 Jul 2024 12:27:08 GMT

GET
H2 200 RC448863e9e05a4b4880daa4a5fb7da328-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 358 B
485 B 98ms
97ms Script
application/x-javascript 2600:1408:ac00:192::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC448863e9e05a4b4880daa4a5fb7da328-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:192::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: c800888331e0e31f317acc8de442b6a71340d4f0d4f3db9dbb7f8e4b3172e84e

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:08 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 228
expires: Wed, 24 Jul 2024 12:27:08 GMT

GET
H2 200 RCa4add8b607f6404fbd2aba7ee4b9abad-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 703 B
684 B 92ms
90ms Script
application/x-javascript 2600:1408:ac00:192::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RCa4add8b607f6404fbd2aba7ee4b9abad-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:192::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a98a9441db98144c6e8c4ab37c72e26786065a15dfb36a9231be938f76984c4f

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:08 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 426
expires: Wed, 24 Jul 2024 12:27:08 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 354 KB
117 KB 756ms
127ms Script
application/javascript 2607:f8b0:400d:c04::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-748285774&l=dataLayer

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c04::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ad45521fa910468ce9027869bf89a08fc2d61aa1738902b17be4ebf409558ffb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:09 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 119039
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 24 Jul 2024 11:27:09 GMT

GET
H2 200 RC06cd6a06a307489f80febc787462cb12-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 635 B
642 B 102ms
102ms Script
application/x-javascript 2600:1408:ac00:192::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC06cd6a06a307489f80febc787462cb12-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:192::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 0b2969b20d4b33763f23481f2dc0f0626a93fdd567798412bf891890047398a3

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:08 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 384
expires: Wed, 24 Jul 2024 12:27:08 GMT

GET
H2 200 RC190d282f2b9c4848b2ea08ca5751fa40-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 2 KB
1013 B 102ms
98ms Script
application/x-javascript 2600:1408:ac00:192::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC190d282f2b9c4848b2ea08ca5751fa40-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:192::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 37fd820b496a40f0f5783b425ed0c873d7913a576c0f246e869c5a2be58f787e

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:08 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 755
expires: Wed, 24 Jul 2024 12:27:08 GMT

GET
H2 200 RC7be3d22b2fd6487ca9390477738587fe-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 819 B
758 B 105ms
101ms Script
application/x-javascript 2600:1408:ac00:192::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC7be3d22b2fd6487ca9390477738587fe-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:192::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: c1ccdda10c297d3aeedbe2fa72700c5f49bdf9e102090c2d62775ec3c964e078

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:08 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 501
expires: Wed, 24 Jul 2024 12:27:08 GMT

GET
H2 200 RC407b573180554ea6b11eecdc31ecbd3f-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 819 B
756 B 126ms
123ms Script
application/x-javascript 2600:1408:ac00:192::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC407b573180554ea6b11eecdc31ecbd3f-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:192::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 985071e89e5076c1b93d2b9ba507a2e890236ef8e3eaea519c7b2bc364cf84df

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:08 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 498
expires: Wed, 24 Jul 2024 12:27:08 GMT

GET
H2 200 RC1d92f04752ae42a38e54de48cb85adf4-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 661 B
649 B 100ms
96ms Script
application/x-javascript 2600:1408:ac00:192::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC1d92f04752ae42a38e54de48cb85adf4-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:192::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: f41e718277c296a77a6259da8cadd84b5f195d21ea0a6eb36442de9217613c2f

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:08 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 391
expires: Wed, 24 Jul 2024 12:27:08 GMT

GET
H2 200 RCf940460311f349b5af69d075bdef61d4-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 368 B
493 B 99ms
96ms Script
application/x-javascript 2600:1408:ac00:192::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RCf940460311f349b5af69d075bdef61d4-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:192::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: ec425cce7010294e5d2601a098dabc3e75536351f58e07ada250c8642934fb8d

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:08 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 235
expires: Wed, 24 Jul 2024 12:27:08 GMT

GET
H2 200 RCcb6e8e438d1741e6854bf3a039a2565a-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 754 B
705 B 101ms
98ms Script
application/x-javascript 2600:1408:ac00:192::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RCcb6e8e438d1741e6854bf3a039a2565a-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:192::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: b5b4fea0f2608d0f0cafdee0e2b00ae659b091c6d18eda7fe291e636ba3f353c

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:08 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 447
expires: Wed, 24 Jul 2024 12:27:08 GMT

GET
H2 200 RCbbd24be21a0f4115a18f29bb3fee2a7a-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 2 KB
971 B 98ms
95ms Script
application/x-javascript 2600:1408:ac00:192::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RCbbd24be21a0f4115a18f29bb3fee2a7a-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:192::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 4b1dfdf84f81ccef7d37fc96dfd2358c87a40a04b20f063179f2c87fc1d3d382

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:08 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 713
expires: Wed, 24 Jul 2024 12:27:08 GMT

GET
H2 200 RCf5bd1991cad84a7294a7b609189a1fa5-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 1021 B
857 B 124ms
122ms Script
application/x-javascript 2600:1408:ac00:192::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RCf5bd1991cad84a7294a7b609189a1fa5-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:192::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 59faeec7cd3ce8eba6b26823c7dd41512a380a8c3329aa0ae0270a72f4645d08

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:08 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 600
expires: Wed, 24 Jul 2024 12:27:08 GMT

GET
H2 200 RCcd84e40d19c24776bef77836ab2f8df6-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 819 B
758 B 139ms
137ms Script
application/x-javascript 2600:1408:ac00:192::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RCcd84e40d19c24776bef77836ab2f8df6-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:192::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 3f57193ed9b7928c36cb710ac6a4af1583023f928914c094db4995420f7e3a54

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:08 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 501
expires: Wed, 24 Jul 2024 12:27:08 GMT

GET
H2 200 RC4daaa3cd330f4ee2934602a98dab7c5f-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 388 B
499 B 119ms
117ms Script
application/x-javascript 2600:1408:ac00:192::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC4daaa3cd330f4ee2934602a98dab7c5f-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:192::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 09edcbeb6bb1f2361271a99cb3369ee93e55c21a4985d8f5cfed37af10d6729d

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:08 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 242
expires: Wed, 24 Jul 2024 12:27:08 GMT

GET
H2 200 RC17482cd8da9b4802a76d2f1e017d90ab-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 1 KB
779 B 121ms
120ms Script
application/x-javascript 2600:1408:ac00:192::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC17482cd8da9b4802a76d2f1e017d90ab-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:192::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: fcce7b7353be95b84f177e00cd497eb4e485606e88cf17a5d836ee6c0f1f0f20

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:08 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 522
expires: Wed, 24 Jul 2024 12:27:08 GMT

GET
H2 200 RC5c60a51709a94068afbf065e1448b617-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 664 B
657 B 121ms
120ms Script
application/x-javascript 2600:1408:ac00:192::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC5c60a51709a94068afbf065e1448b617-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:192::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 262c76a939f7c2d543b0f5669d8958b82954e14e17d79ced7848cd51a36e6b1d

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:08 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 400
expires: Wed, 24 Jul 2024 12:27:08 GMT

GET
H2 200 RC0ba76d5bbb984ea6a79cd6308c48dbff-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 2 KB
981 B 118ms
117ms Script
application/x-javascript 2600:1408:ac00:192::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC0ba76d5bbb984ea6a79cd6308c48dbff-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:192::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 404669b3d94f951d5e005752766d9f4e60dc4f44c7aeda8b491f204f71b760af

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:08 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 723
expires: Wed, 24 Jul 2024 12:27:08 GMT

GET
H2 200 RC0829ccf7bc5a44478ae2705d4c111c37-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 966 B
809 B 117ms
117ms Script
application/x-javascript 2600:1408:ac00:192::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC0829ccf7bc5a44478ae2705d4c111c37-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:192::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 3aec02b24881b79afb8d121953096fd5754b07c8d26a295bcd900b0833183933

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:08 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 551
expires: Wed, 24 Jul 2024 12:27:08 GMT

GET
H/1.1 200
OK unifiedPixel Show response
tr.outbrain.com/ 53 B
321 B 553ms
235ms Fetch
image/gif 70.42.32.191
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.outbrain.com/unifiedPixel?au=false&bust=05418216264606508&referrer=&cht=ot&marketerId=00ad3119690e692fd6990245f9741ea8f1&name=PAGE_VIEW&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&g=0&obApiVersion=1.1&obtpVersion=2.0.5

Requested by

Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

70.42.32.191 , United States, ASN22075 (AS-OUTBRAIN, US),

Reverse DNS

ny.outbrain.com

Software

Resource Hash

b51f3497b0a65f1e1e87e75f5e7e823d871c23bcf76a5ee4101783c8f939e553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:09 GMT
cache-control: no-cache
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-traceid: fd8b5b01e8a5d2332434c426e20083a8
content-length: 54
content-type: image/gif;

GET
H/1.1 200
OK cachedClickId Show response
tr.outbrain.com/ 35 B
293 B 491ms
173ms Script
application/javascript 70.42.32.191
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.outbrain.com/cachedClickId?marketerId=00ad3119690e692fd6990245f9741ea8f1

Requested by

Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

70.42.32.191 , United States, ASN22075 (AS-OUTBRAIN, US),

Reverse DNS

ny.outbrain.com

Software

Resource Hash

1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:09 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-traceid: cdffe1d83a2fb437154b5b3241c12f5c
content-length: 39
content-type: application/javascript

GET
H/1.1 200
OK 00ad3119690e692fd6990245f9741ea8f1 Show response
wave.outbrain.com/mtWavesBundler/handler/ 2 B
448 B 472ms
169ms Script
text/html 23.45.193.200
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://wave.outbrain.com/mtWavesBundler/handler/00ad3119690e692fd6990245f9741ea8f1

Requested by

Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.45.193.200 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-45-193-200.deploy.static.akamaitechnologies.com

Software

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
Date: Wed, 24 Jul 2024 11:27:09 GMT
ob-sent-time: 1721754683143
ETag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
X-RG: NA
Cache-Control: max-age=60
X-CC: US
Connection: keep-alive
x-traceid: 844bafeada9f0d6d6f90d1d86ed91615
Content-Length: 2
Expires: Wed, 24 Jul 2024 11:28:09 GMT

GET
H/1.1 200
OK topics Show response
amplify.outbrain.com/ 26 B
301 B 467ms
167ms Fetch
text/html 23.45.193.200
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://amplify.outbrain.com/topics
Requested by: Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.193.200 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-193-200.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6d0291f90718dc0537f65dc6a4f68d8e75f0a8a3a0b62836d9cf41350ecaf552

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Wed, 24 Jul 2024 11:27:09 GMT
Observe-Browsing-Topics: ?1
Content-Type: text/html
Access-Control-Allow-Origin: *
X-RG: NA
Cache-Control: max-age=1200
X-CC: US
Connection: keep-alive
Content-Length: 26
Expires: Wed, 24 Jul 2024 11:47:09 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
194 B 89ms
88ms XHR
text/html 23.222.79.235
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.222.79.235 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-222-79-235.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:09 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.fortinet.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 22 B
316 B 480ms
173ms XHR
text/html 2600:1408:ec00:2e::1735:ba8
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ec00:2e::1735:ba8 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 1e91c990301e6c54d07d12600708b25a5861c6da4256c63bcb22bf1f0c5d81b8

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:27:09 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2600:803:a88:3197::197
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1721820429432_389185960_1585546453_15_592_46_93_219";dur=1
content-length: 22
expires: Wed, 24 Jul 2024 11:27:09 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 175ms
174ms Image
image/gif 23.222.79.235
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=685ece1a-3a23-4f34-873a-ea672dcca715&session=6b361482-2187-4744-8e4e-1293227ce5d6&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A27%3A09%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20observed%20a%20stealer%20campaign%20spreading%20multiple%20files%20that%20exploit%20CVE-2024-21412%20to%20download%20malicious%20executable%20files.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&pageViewId=6a57649c-6ed8-421f-8493-25baafbf4271&v=1.1.22

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.222.79.235 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-222-79-235.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:27:09 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Jul 2024 11:27:09 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 175ms
175ms Image
image/gif 23.222.79.235
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=685ece1a-3a23-4f34-873a-ea672dcca715&session=6b361482-2187-4744-8e4e-1293227ce5d6&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2011%3A27%3A09%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%225eeecf22b2d12a77a14639dce97b7a36%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2011%3A27%3A09%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2011%3A27%3A09%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2011%3A27%3A09%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%227381d1d7c753fe2d8e217c3fdc44c0f17418dcc4%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2011%3A27%3A09%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20observed%20a%20stealer%20campaign%20spreading%20multiple%20files%20that%20exploit%20CVE-2024-21412%20to%20download%20malicious%20executable%20files.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&pageViewId=6a57649c-6ed8-421f-8493-25baafbf4271&v=1.1.22

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.222.79.235 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-222-79-235.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:27:09 GMT
x-content-type-options: nosniff
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Jul 2024 11:27:09 GMT

GET
H2 200 www.fortinet.com.json Show response
script.crazyegg.com/pages/data-scripts/0117/0786/site/ 1 KB
746 B 459ms
163ms XHR
application/json 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0117/0786/site/www.fortinet.com.json?t=1
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0117/0786.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6741b10dd5b1580642a0aa204377a8fb50c2dd86c38fd4cd07e2319eefaa93d7

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:09 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 97177
ce-version: 11.5.248
content-length: 474
last-modified: Tue, 23 Jul 2024 08:27:32 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8a838f34db004239-EWR

GET
H/1.1 200
OK flyin-fortiguard-labs-outbreak-alerts-346x172.png
www.fortinet.com/content/dam/fortinet/images/promos/pzn/ 35 KB
37 KB 141ms
140ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet/images/promos/pzn/flyin-fortiguard-labs-outbreak-alerts-346x172.png

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

480e3b349655b6f17b20ec546c300957cad9ffd98b2d29be29db79422ededc52

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Wed, 24 Jul 2024 11:23:59 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 ff071fa99e74a44c6556cef90e125ca8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 20429428
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 36133
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 30 Nov 2023 00:50:15 GMT
Server: Apache
ETag: "8d25-60b5408ea5fc0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: G1fXA-ceT4McGbQu-LtFI5Mp4i9ZSFYuYoWOQUqR5wTGis1HNYKMTQ==

GET
H2 200 17532650.js Show response
bat.bing.com/p/action/ 335 B
403 B 94ms
94ms Script
application/javascript 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/17532650.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e0f9a49b3445df93031ef8414eab4c9266e8e6aefc9594c8b3f49376f57ee97c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
date: Wed, 24 Jul 2024 11:27:08 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EE4332CF4E244BAAACF0C69F992A1888 Ref B: PHL30EDGE0218 Ref C: 2024-07-24T11:27:09Z
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
cache-control: private,max-age=1800

GET
H2 200 api.min.css
a.omappapi.com/app/js/ 10 KB
3 KB 452ms
124ms Stylesheet
text/css 2400:52e0:1a00::1207:2
BUNNYCDN

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.css
Requested by: Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2400:52e0:1a00::1207:2 Chicago, United States, ASN200325 (BUNNYCDN, SI),
Reverse DNS
Software: BunnyCDN-IL1-1207 /
Resource Hash: d97ea24841d9881b6b38caf9174e468db2c6a133cc325320d5720b0783a37d06

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:09 GMT
content-encoding: br
cdn-edgestorageid: 1070
perma-cache: HIT
cdn-storageserver: NY-346
cdn-cachedat: 07/22/2024 20:03:24
cdn-pullzone: 293267
last-modified: Wed, 10 Jul 2024 18:34:15 GMT
server: BunnyCDN-IL1-1207
cdn-fileserver: 388
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"668ed427-2644"
vary: Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 559b05cf601ef7ecfc63c0970f39579f
cdn-requestcountrycode: US
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 401 39852 Show response
api.omappapi.com/v2/embed/ 165 B
592 B 494ms
158ms XHR
application/json 2606:4700:3108::ac42:2af8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v2/embed/39852?d=fortinet.com
Requested by: Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3108::ac42:2af8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b934ce9883949e7bceb88fa78a354125eefc85715f7e54da8ff529c94ebab0fe

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:09 GMT
via: 1.1 7b2c97c3ba7e37bdd32ec314e5554c74.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
x-cache-config: 0 0
x-amz-cf-pop: PHL51-P1
x-cache: Error from cloudfront
content-length: 165
x-user-agent: standard--
server: cloudflare
vary: Accept-Encoding, User-Agent
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=120, stale-while-revalidate=1800
cf-ray: 8a838f35bb3032cc-PHL
access-control-allow-headers: X-CSRF-Token
x-amz-cf-id: 3C533CGl9VqttAc-u6supX13YG_eYMx9oIozpiMEpis1pZXthDoHXA==
expires: Wed, 24 Jul 2024 11:27:32 GMT

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 406ms
108ms Script
text/javascript 2606:4700:4400::ac40:973c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trk.techtarget.com/tracking.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:973c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:09 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
age: 70191
server: cloudflare
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=1200
cf-ray: 8a838f357fe24cb6-PHL
expires: Wed, 24 Jul 2024 11:47:09 GMT

GET
H/1.1 200
OK tag.js Show response
abm-tracking.demandscience.com/ 2 KB
2 KB 717ms
221ms Script
application/javascript 52.32.164.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://abm-tracking.demandscience.com/tag.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.32.164.86 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-32-164-86.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: 701769ec99138974c12369fd4acf65a7f99e9a1becbab1e16a89be9859aafc9f

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Wed, 24 Jul 2024 11:27:09 GMT
Last-Modified: Thu, 09 May 2024 12:00:49 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"82b-18f5d3a3d78"
Content-Type: application/javascript; charset=UTF-8
Cache-Control: public, max-age=0
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2091

GET
H2 200 wid.tracker.js Show response
tmp.argusplatform.com/js/ 8 KB
3 KB 633ms
146ms Script
text/javascript 2620:1ec:29:1::38
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://tmp.argusplatform.com/js/wid.tracker.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:29:1::38 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

b697c4c8e7c22fa7e18ccef66c1bda6610f19ec8c7d1c60fb3696db54ea5362e

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preloadmax-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:09 GMT
content-encoding: br
referrer-policy: same-origin
strict-transport-security: max-age=10886400; includeSubDomains; preloadmax-age=31536000
last-modified: Sat, 08 Jun 2024 11:51:22 GMT
x-content-type-options: nosniff
etag: "28476869"
vary: Accept-Encoding
x-dns-prefetch-control: off
content-type: text/javascript
x-azure-ref: 20240724T112709Z-17f67b96dd5nf9l4c84kr47v5s0000000p30000000004g5n
x-cache: CONFIG_NOCACHE
cache-control: public, must-revalidate, max-age=30
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK js Show response
pixel.mathtag.com/event/ 161 B
712 B 495ms
131ms Script
text/javascript 216.200.232.253
PAEDAE-INC

General

Check archive.org

Show headers Download Go to

Full URL

https://pixel.mathtag.com/event/js?mt_id=1629896&mt_adid=260855&mt_exem=&mt_excl=&v2=&v3=&s1=&s2=&s3=&v1=en:blog:threat-research:exploiting-cve-2024-21412-stealer-campaign-unleashed

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

216.200.232.253 Frederick, United States, ASN30419 (PAEDAE-INC, US),

Reverse DNS

Software

MT3 1637 26565ec master ord ord-pixel-x25 config_version:"1994" /

Resource Hash

98192c2b3bfd0e66cff07b8ba31ff42de9182144d3e21b9ca258f13da96ee457

Security Headers

Name	Value
Strict-Transport-Security	31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Wed, 24 Jul 2024 11:27:09 GMT
Strict-Transport-Security: 31536000
Referrer-Policy: strict-origin
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: MT3 1637 26565ec master ord ord-pixel-x25 config_version:"1994"
X-Permitted-Cross-Domain-Policies: all
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: text/javascript
Cache-Control: no-cache
Cross-Origin-Resource-Policy: cross-origin
Connection: close
X-XSS-Protection: 0

GET
H/1.1 200
OK spx Show response
dx.mountain.com/ 23 KB
6 KB 578ms
96ms Script
application/javascript 52.7.151.245
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=32336&tdr=&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&cb=93328235259062580term=value
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.7.151.245 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-7-151-245.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: 4f0469454e9c8c033bef56af7ef5b4b71f995de298bee83705d8abc4ee5f6698

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:09 GMT
content-encoding: gzip
server: istio-envoy
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
transfer-encoding: chunked
content-type: application/javascript;charset=utf-8
x-envoy-upstream-service-time: 2
be: spx-prod
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 399ms
96ms Script
application/javascript 146.75.28.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.28.157 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:09 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2024 20:58:07 GMT
x-amz-server-side-encryption: AES256
etag: "bbbcf811d8437a575d796a4c1e5d4fad+gzip"
vary: Accept-Encoding,Host
x-cache: HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15412
x-served-by: cache-iad-kiad7000101-IAD

GET
H2 200 iztag.js Show response
tags.inzynk.io/0ulh3gex/ 21 KB
21 KB 528ms
125ms Script
application/octet-stream 2600:9000:20ee:8400:12:dfa9:e200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.inzynk.io/0ulh3gex/iztag.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:20ee:8400:12:dfa9:e200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 178ec5d6c8298d4e308c4b7674042667ecafdbffcb5331b621985a2b11539f0e

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: null
date: Tue, 23 Jul 2024 13:47:10 GMT
via: 1.1 337ca2c1f0c98d8fc6d4b167878fe4c2.cloudfront.net (CloudFront)
last-modified: Wed, 22 Nov 2023 13:20:07 GMT
server: AmazonS3
x-amz-cf-pop: BOS50-C2
age: 78079
x-amz-server-side-encryption: AES256
etag: "605a29cc08159ad81b95e2ceac549300"
x-cache: Hit from cloudfront
content-type: application/octet-stream
accept-ranges: bytes
content-length: 21193
x-amz-cf-id: 5Ae2Ksz5cqC2AzmJFgLLkrq7VCt03A_zaQDEq9mqTLPE_P7KJJG5qw==

GET
H2

200

bounce
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/px?id=1773420&t=2
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1773420%26t%3D2

43 B
1 KB

153ms
152ms

Image
image/gif

68.67.181.211
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1773420%26t%3D2

Protocol

Server

68.67.181.211 North Bergen, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:27:10 GMT
an-x-request-uuid: 72690ab9-e797-4009-8cc2-52c47cae0b6a
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 208.252.80.197; 208.252.80.197; 584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:27:10 GMT
an-x-request-uuid: 2bc51988-828c-4356-9e4d-da35f06f24ed
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1773420%26t%3D2
cache-control: no-store, no-cache, private
x-proxy-origin: 208.252.80.197; 208.252.80.197; 584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/
Redirect Chain

https://ib.adnxs.com/seg?add=36113683
https://ib.adnxs.com/bounce?%2Fseg%3Fadd%3D36113683

43 B
1 KB

92ms
91ms

Image
image/gif

68.67.181.211
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fseg%3Fadd%3D36113683

Protocol

Server

68.67.181.211 North Bergen, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:27:10 GMT
an-x-request-uuid: 48303726-3e58-41dc-9cb4-e463cd03ba8b
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 208.252.80.197; 208.252.80.197; 584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:27:09 GMT
an-x-request-uuid: b24e01f1-cb81-46ca-8914-c007f824239f
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://ib.adnxs.com/bounce?%2Fseg%3Fadd%3D36113683
x-proxy-origin: 208.252.80.197; 208.252.80.197; 584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK footer-links.json Show response
www.fortinet.com/content/dam/fortinet-blog/ 310 KB
36 KB 93ms
93ms XHR
application/json 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/footer-links.json

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.ba4f082a77dabb2c6baf715d9eb61c22.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

9c2bfadf1fe546bd3872bf81e8477e95faff0104f3b9b888bc47cff4ffe88a36

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 19:13:24 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Encoding: gzip
Via: 1.1 21a5f0e24a694c040922a8766d75a2e0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
X-Vhost: publish
X-Cache: Hit from cloudfront
Age: 493321
Connection: keep-alive
Content-Length: 35378
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 18:24:37 GMT
Server: Apache
ETag: "4d8dc-61d89b0f78340-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/json
Accept-Ranges: bytes
X-Amz-Cf-Id: VtP5stAuoWX9uI5bJv0zyz2MVZp-58YJJzmD6H5OX_gr8BnxnngvCQ==

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 749 B
716 B 460ms
164ms XHR
application/json 13.248.142.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.142.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash: 0b96862343ccfcd32b52ec6e80927c6c986e2e8270816d7e5cf729d4883b3793

Request headers

Referer: https://www.fortinet.com/
Authorization: Token 7381d1d7c753fe2d8e217c3fdc44c0f17418dcc4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
X-6s-CustomID: WebTag1.0 5eeecf22b2d12a77a14639dce97b7a36

Response headers

x-trace-id: 1819212168226138874
date: Wed, 24 Jul 2024 11:27:10 GMT
content-encoding: gzip
server: nginx
vary: Origin, Accept-Encoding
content-type: application/json
x-6si-region: us-east-1a
access-control-allow-origin: https://www.fortinet.com
access-control-expose-headers: X-6si-Region
access-control-allow-credentials: true
timing-allow-origin: https://6sense.com, https://www.ssga.com
content-length: 397

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 463ms
163ms Preflight 13.248.142.121
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.248.142.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.fortinet.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.fortinet.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
date: Wed, 24 Jul 2024 11:27:09 GMT
server: nginx
timing-allow-origin: https://6sense.com, https://www.ssga.com
x-6si-region: us-east-1a
x-trace-id: 8167458447732209680

GET
H2 204 0
bat.bing.com/action/ 0
361 B 95ms
95ms Image
text/plain 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=17532650&tm=al001&Ver=2&mid=dcc5fc97-4be2-4cfb-b83f-296e5ec0c181&sid=aa18a35049af11efb41f3dad06347094&vid=aa18eea049af11efa642ff2c43692108&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1600&sh=1200&sc=24&tl=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&p=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&r=&lt=2128&pt=1721820425678,,,,,1,128,128,128,476,162,476,579,625,585,1142,1142,1151,2128,2128,2128&pn=0,0&evt=pageLoad&sv=1&cdb=AQET&rn=553064

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 24 Jul 2024 11:27:09 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 84241CF6536C44748857C739D52DA719 Ref B: PHL30EDGE0218 Ref C: 2024-07-24T11:27:09Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 245 KB
87 KB 108ms
106ms Script
application/javascript 2607:f8b0:400d:c04::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-662878185&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-748285774&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c04::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

42ef6666f85c1579f988253ec1fc68e71a15cb9293209d9a64f6c27bc05be03b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:09 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 88549
x-xss-protection: 0
last-modified: Wed, 24 Jul 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 24 Jul 2024 11:27:09 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 210 KB
76 KB 128ms
127ms Script
application/javascript 2607:f8b0:400d:c04::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-10050195&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-748285774&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c04::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9d0ea8ac1c7933b9e81af7eb23abf1abc0467b87abe2d190d48e5b96a33bccf7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:09 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 77293
x-xss-protection: 0
last-modified: Wed, 24 Jul 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 24 Jul 2024 11:27:09 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 226 KB
82 KB 159ms
158ms Script
application/javascript 2607:f8b0:400d:c04::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-609297413&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-748285774&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c04::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ea4d365b9f9f08d9bf0e54e36b6611e5901ac5f01fd2af09400b094621d3b5da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:09 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 83345
x-xss-protection: 0
last-modified: Wed, 24 Jul 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 24 Jul 2024 11:27:09 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 237 KB
84 KB 175ms
175ms Script
application/javascript 2607:f8b0:400d:c04::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-729495989&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-748285774&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c04::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e2b4b7eaf76617a8f47db607865ab132c22d516430511504a902c88e632b0f96

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:09 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 86159
x-xss-protection: 0
last-modified: Wed, 24 Jul 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 24 Jul 2024 11:27:09 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 312 KB
103 KB 166ms
165ms Script
application/javascript 2607:f8b0:400d:c04::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-JH142QCQCJ&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-748285774&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c04::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

d8c36bfe3ca671f0d22301c56ec2e5b6d8109af18ca306c6cb355f34d6dc6e5b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:09 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 105557
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 24 Jul 2024 11:27:09 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 92ms
92ms Image
image/gif 23.222.79.235
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=685ece1a-3a23-4f34-873a-ea672dcca715&session=6b361482-2187-4744-8e4e-1293227ce5d6&event=ipv6&q=%7B%22address%22%3A%222600%3A803%3Aa88%3A3197%3A%3A197%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20observed%20a%20stealer%20campaign%20spreading%20multiple%20files%20that%20exploit%20CVE-2024-21412%20to%20download%20malicious%20executable%20files.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&pageViewId=6a57649c-6ed8-421f-8493-25baafbf4271&ipv6=2600%3A803%3Aa88%3A3197%3A%3A197&v=1.1.22

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.222.79.235 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-222-79-235.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:27:09 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Jul 2024 11:27:09 GMT

GET gif.gif
ibc-flow.techtarget.com/a/ 0
0

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 505ms
161ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1247773&r=1721820429780&ref=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://www.fortinet.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 24 Jul 2024 11:27:10 GMT
expires: Wed, 24 Jul 2024 11:27:10 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: AHxI1nOEw8UCnyPweU3VviPjTUJdj1KNMqNPpvKO5yQL6XPUGono8ywmD5dICF4ySknJDLln7Uo

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/662878185/ 43 B
571 B 474ms
124ms Script
text/javascript 2607:f8b0:400d:c09::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/662878185/?random=1721820429829&cv=11&fst=1721820429829&bg=ffffff&guid=ON&async=1&gtm=45be47h0v887005625za200zb9123037237&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&hn=www.googleadservices.com&frm=0&tiba=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=1890236535.1721820430&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-662878185&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c09::9c Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:27:10 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
272 B 689ms
299ms Image
image/gif 72.21.81.130
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=d851605d-6d38-41ed-8f94-894c2c0cd825&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=d08eaa1f-024c-4e1f-8804-40806ac59439&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o6ezf&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.21.81.130 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-response-time: 84
date: Wed, 24 Jul 2024 11:27:10 GMT
strict-transport-security: max-age=0
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: cf60e858f8d7d687
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 1d897b30051814ac01ad4d83b1af12ccc1c1f0b1aad3a598abec752c0f814453
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
215 B 571ms
240ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=d851605d-6d38-41ed-8f94-894c2c0cd825&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=d08eaa1f-024c-4e1f-8804-40806ac59439&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o6ezf&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-response-time: 93
date: Wed, 24 Jul 2024 11:27:09 GMT
strict-transport-security: max-age=631138519
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: a8fa96c36803972d
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: a162b5ad8757f218d06937a4ee09fa32f35c11f9ef2ccf24b50caa568911b963
content-length: 43

GET
H2 200 adsct
t.co/i/ 43 B
375 B 606ms
217ms Image
image/gif 72.21.81.130
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=14b4c622-09a9-4410-8213-68cc2f9797a8&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=d08eaa1f-024c-4e1f-8804-40806ac59439&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o72wb&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.21.81.130 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-response-time: 82
date: Wed, 24 Jul 2024 11:27:09 GMT
strict-transport-security: max-age=0
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 3e3863904bacff51
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: f19916a0cc2682a5290626f9e2347400bee136019ca41a75fb228e6425eda59b
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
392 B 394ms
174ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=14b4c622-09a9-4410-8213-68cc2f9797a8&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=d08eaa1f-024c-4e1f-8804-40806ac59439&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o72wb&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-response-time: 6
date: Wed, 24 Jul 2024 11:27:09 GMT
strict-transport-security: max-age=631138519
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: f81584cffa0a5529
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: a162b5ad8757f218d06937a4ee09fa32f35c11f9ef2ccf24b50caa568911b963
content-length: 43

GET
H3 200 activity;src=10050195;npa=0;auiddc=1890236535.1721820430;ps=1;pcor=459839757;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe47h0v9185241837za200zb9123037237;gcd=13l3l3l3l1;...
ad.doubleclick.net/ 42 B
65 B 746ms
469ms Image
image/gif 173.194.175.149
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/activity;src=10050195;npa=0;auiddc=1890236535.1721820430;ps=1;pcor=459839757;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe47h0v9185241837za200zb9123037237;gcd=13l3l3l3l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed?

Protocol

Security

QUIC, , AES_128_GCM

Server

173.194.175.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qs-in-f149.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:27:10 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET activity;register_conversion=1;src=10050195;npa=0;auiddc=1890236535.1721820430;ps=1;pcor=459839757;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe47h0v9185241837za200zb9123...
ad.doubleclick.net/ 0
0

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/609297413/ 3 KB
2 KB 168ms
126ms Script
text/javascript 2607:f8b0:400d:c09::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/609297413/?random=1721820429906&cv=11&fst=1721820429906&bg=ffffff&guid=ON&async=1&gtm=45be47h0za200zb9123037237&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&hn=www.googleadservices.com&frm=0&tiba=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=1890236535.1721820430&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-609297413&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c09::9c Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

701060dad4079867e3c45f41d0a8b2199ec3515cad7c3a22e2b81727bdaac605

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:27:10 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1431
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/729495989/ 3 KB
2 KB 111ms
109ms Script
text/javascript 2607:f8b0:400d:c09::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/729495989/?random=1721820429936&cv=11&fst=1721820429936&bg=ffffff&guid=ON&async=1&gtm=45be47h0za200zb9123037237&gcd=13l3l3l3l1&dma=0&tag_exp=95250752&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&hn=www.googleadservices.com&frm=0&tiba=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=1890236535.1721820430&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-729495989&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c09::9c Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

040d993fe132a37b54fedd349f35fbc8aa20464fbd7c683889b48fdc7e18a886

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:27:10 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1444
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
www.google-analytics.com/g/ 0
0 537ms
172ms Fetch
text/plain 2607:f8b0:400d:c07::64
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-JH142QCQCJ&gtm=45je47h0v893708426za200zb9123037237&_p=1721820428742&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=1823299582.1721820430&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1721820429&sct=1&seg=0&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&dt=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=4310&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JH142QCQCJ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:400d:c07::64 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:27:10 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK is Show response
18.210.229.244/ 32 B
437 B 537ms
92ms Fetch
text/plain 18.210.229.244
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://18.210.229.244/is
Requested by: Host: dx.mountain.com
URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=32336&tdr=&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&cb=93328235259062580term=value
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 18.210.229.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-210-229-244.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: a109c0b7d5a8dcdef344dece35859c0ad04f7f1f0fbf03c668321b94d31c19be

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:10 GMT
server: istio-envoy
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain;charset=utf-8
access-control-allow-origin: *
x-envoy-upstream-service-time: 1
connection: close
access-control-allow-headers: Accept, Content-Type, x-requested-with, X-Custom-Header
content-length: 32
x-application-context: application:prod:8080

GET
H2 401 / Show response
pixels.argusplatform.com/wh/track/ 205 B
468 B 819ms
372ms XHR
application/json 2620:1ec:29:1::38
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://pixels.argusplatform.com/wh/track/?site_id=C6AC00C8269540D0ABFF19F1B5558B6D&visitor_id=1721820430177850751&event_type=page_request&timestamp=1721820430&page_title=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&page_url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&page_url_referer=

Requested by

Host: tmp.argusplatform.com
URL: https://tmp.argusplatform.com/js/wid.tracker.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:29:1::38 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

2ed114345dab0a74e1c81b100e3db108ff86464854f3159d005fac67413454b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 24 Jul 2024 11:27:10 GMT
strict-transport-security: max-age=31536000
request-context: appId=cid-v1:ead16ead-3a47-42dd-aec9-91a1bbb42ff5
x-azure-ref: 20240724T112710Z-17f67b96dd5kns6grc5zfxq03000000000g000000000ckg3
x-cache: CONFIG_NOCACHE
content-type: application/json; charset=utf-8

GET
H2 200 fp.min.js Show response
cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/ 33 KB
15 KB 406ms
94ms Script
application/javascript 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js

Requested by

Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

99dc3803d1f19c8103f79f834044b2afd4c8af5b7927efbd36b1052d528b40ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 24 Jul 2024 11:27:10 GMT
x-content-type-options: nosniff
content-encoding: br
age: 41689
x-jsd-version: 3.4.2
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 15023
x-served-by: cache-fra-etou8220049-FRA, cache-ewr18176-EWR
x-jsd-version-type: version
etag: W/"83f4-k1lBXMQZh0ZUAAhwylRSOHXBLBY"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 site-visitors Show response
intentstream.contanuity.com/api/ 115 B
374 B 189ms
189ms Fetch
application/json 44.226.187.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://intentstream.contanuity.com/api/site-visitors?pageIdentifier=fortinet_2712

Requested by

Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.226.187.177 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-226-187-177.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

930494fef37c0c702073ceeddd12da067bba2824f8eba39e1f9a3c5332bec6b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubdomains

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
x-pixel-auth: true

Response headers

date: Wed, 24 Jul 2024 11:24:48 GMT
strict-transport-security: max-age=15724800; includeSubdomains
server: nginx
vary: origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.fortinet.com
access-control-expose-headers: WWW-Authenticate,Server-Authorization
cache-control: no-cache
accept-ranges: bytes
content-length: 115

OPTIONS
H2 200 site-visitors
intentstream.contanuity.com/api/ Frame 0
0 652ms
223ms Preflight 44.226.187.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://intentstream.contanuity.com/api/site-visitors?pageIdentifier=fortinet_2712

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.226.187.177 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-226-187-177.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: x-pixel-auth
Access-Control-Request-Method: GET
Origin: https://www.fortinet.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Accept,Authorization,Content-Type,If-None-Match,x-pixel-auth
access-control-allow-methods: GET
access-control-allow-origin: https://www.fortinet.com
access-control-expose-headers: WWW-Authenticate,Server-Authorization
access-control-max-age: 86400
cache-control: no-cache
content-length: 0
date: Wed, 24 Jul 2024 11:24:48 GMT
server: nginx
strict-transport-security: max-age=15724800; includeSubdomains

GET
H2 200 0ulh3gex Show response
analytics.inzynk.io/collect/ 171 B
436 B 892ms
308ms Script
text/plain 13.53.113.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.inzynk.io/collect/0ulh3gex?izcid=&iztid=&u=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&t=Exploiting+CVE-2024-21412%3A+A+Stealer+Campaign+Unleashed+%7C+FortiGuard+Labs&p=%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&d=www.fortinet.com&r=&inzynk_c=
Requested by: Host: tags.inzynk.io
URL: https://tags.inzynk.io/0ulh3gex/iztag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.53.113.26 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-53-113-26.eu-north-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 6af2160cdcfbaf3124a656903e7a6a648b6f6e5329c37479945c88770b0ee2d4

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:11 GMT
server: nginx
content-length: 171
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: text/plain;charset=ISO-8859-1

GET
H2

200

exploiting-cve-2024-21412-stealer-campaign-unleashed;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=5866535286600.183
10104846.fls.doubleclick.net/activityi;dc_pre=CL7diPnIv4cDFZjduAgd1pkDwg;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/ Frame 6746
Redirect Chain

https://10104846.fls.doubleclick.net/activityi;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed;dc_lat=;d...
https://10104846.fls.doubleclick.net/activityi;dc_pre=CL7diPnIv4cDFZjduAgd1pkDwg;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-st...

0
0

237ms
235ms

Document
text/html

209.85.201.149
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10104846.fls.doubleclick.net/activityi;dc_pre=CL7diPnIv4cDFZjduAgd1pkDwg;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=5866535286600.183?

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

209.85.201.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qu-in-f149.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 2314
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 24 Jul 2024 11:27:10 GMT
expires: Wed, 24 Jul 2024 11:27:10 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 24 Jul 2024 11:27:10 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://10104846.fls.doubleclick.net/activityi;dc_pre=CL7diPnIv4cDFZjduAgd1pkDwg;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=5866535286600.183?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 224 KB
60 KB 393ms
88ms Script
application/x-javascript 2a03:2880:f003:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f003:100:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

eaa003d85cb77f94fcae98396e583ce01d0c375b57235402c884ef8a792b951e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 24 Jul 2024 11:27:10 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58677
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=9, rtx=0, c=12, mss=1392, tbw=2784, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: iLY4Dvp8MWfWe3YacfaNC3Kx0T3EV7BOvcNHGMD6QKBFXM6YTrEdSzz19/E7lhLugiOfYlGQ5xY76lHvGjTVZg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 siteanalyze_6033413.js Show response
siteimproveanalytics.com/js/ 36 KB
12 KB 360ms
96ms Script
application/javascript 2606:4700:3035::6815:3296
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://siteimproveanalytics.com/js/siteanalyze_6033413.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:3296 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e171f597c12bd7813408cabb76395c783e04c8aa8a0a57416a120ac026e5acf5

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:10 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 7YNC0BGZ0BR84DJM
age: 2509
alt-svc: h3=":443"; ma=86400
content-length: 11242
x-amz-id-2: M71Ka/ADdlqlD7+8iH2bcZvNBemHIkoK6laVpg3OiAbOS+L1Txu9xnlljtfYZMkQl+2mv1/2twE=
last-modified: Sat, 29 Jun 2024 00:03:14 GMT
server: cloudflare
etag: "60402ae40e703f919eeaab313f154e6a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t%2BlbzvZ0lBgAUGrdLZboH6SHvflPume7SpnJLsKsoRfV5CQzMl8nFo2WKeyTatMUlbQqJCuZC3mmNJQllXpmR%2FzJbPTaklotIzA4%2BxIZwANcqgfUTeJ8OWYHRMm1YIi%2BjuQwqZ4%2BBWJE5ph548DdupfkqQ4zYkY%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=86400, no-transform
accept-ranges: bytes
cf-ray: 8a838f3b98a27cb4-EWR

GET
H2 200 adsct
t.co/i/ 43 B
249 B 140ms
138ms Image
image/gif 72.21.81.130
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=d0b71cc3-983e-4d8a-8ead-1808bce7e125&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=d08eaa1f-024c-4e1f-8804-40806ac59439&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxlzj&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.21.81.130 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-response-time: 7
date: Wed, 24 Jul 2024 11:27:09 GMT
strict-transport-security: max-age=0
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 3f2386ba1558447f
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 796f3ef158b5cf256111f7f0e4aa50e52f12a3bea260a780f2212975af1607fd
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
237 B 178ms
176ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=d0b71cc3-983e-4d8a-8ead-1808bce7e125&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=d08eaa1f-024c-4e1f-8804-40806ac59439&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxlzj&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-response-time: 76
date: Wed, 24 Jul 2024 11:27:10 GMT
strict-transport-security: max-age=631138519
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 5c1aaf5ce5751950
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: a162b5ad8757f218d06937a4ee09fa32f35c11f9ef2ccf24b50caa568911b963
content-length: 43

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 91ms
90ms Image
image/gif 23.222.79.235
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=685ece1a-3a23-4f34-873a-ea672dcca715&session=6b361482-2187-4744-8e4e-1293227ce5d6&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A27%3A10%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A27%3A09%20GMT%22%2C%22timeSpent%22%3A%221004%22%2C%22totalTimeSpent%22%3A%221004%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20observed%20a%20stealer%20campaign%20spreading%20multiple%20files%20that%20exploit%20CVE-2024-21412%20to%20download%20malicious%20executable%20files.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&pageViewId=6a57649c-6ed8-421f-8493-25baafbf4271&ipv6=2600%3A803%3Aa88%3A3197%3A%3A197&v=1.1.22

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.222.79.235 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-222-79-235.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:27:10 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Jul 2024 11:27:10 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/729495989/ 42 B
64 B 486ms
107ms Image
image/gif 2607:f8b0:400d:c07::69
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/729495989/?random=1721820429936&cv=11&fst=1721818800000&bg=ffffff&guid=ON&async=1&gtm=45be47h0za200zb9123037237&gcd=13l3l3l3l1&dma=0&tag_exp=95250752&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&hn=www.googleadservices.com&frm=0&tiba=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=1890236535.1721820430&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDaQooLoItWBFzYktfwetb7Cz2FJEcRDpDFCA&random=1047766224&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c07::69 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:27:10 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 s79885590873949
metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.26.0-LDQM/ 43 B
372 B 562ms
167ms Image
image/gif 63.140.39.117
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.26.0-LDQM/s79885590873949?AQB=1&ndh=1&pf=1&t=24%2F6%2F2024%201%3A27%3A10%203%20600&sdid=7718C80EB0DAED09-2D99B39FFF7B1C83&mid=30172676723358030051258307256207443527&aamlh=7&ce=UTF-8&pageName=en%3Ablog%3Athreat-research%3Aexploiting-cve-2024-21412-stealer-campaign-unleashed&g=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&cc=USD&events=event3&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&v1=www.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&v3=%2B1&c7=Entire%20Site&c8=New&v25=30172676723358030051258307256207443527&v27=BLOG&v33=en%3Ablog%3Athreat-research%3Aexploiting-cve-2024-21412-stealer-campaign-unleashed&v35=Enabled&v92=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=ED8739F75677FE917F000101%40AdobeOrg&AQE=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.39.117 , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ip-63-140-39-117.data.adobedc.net

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:27:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Thu, 25 Jul 2024 11:27:10 GMT
server: jag
etag: 3697581220054171648-4618440801715483369
vary: *
p3p: CP="This is not a P3P policy"
access-control-allow-origin: *
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0, no-transform, private
content-length: 43
x-xss-protection: 1; mode=block
expires: Tue, 23 Jul 2024 11:27:10 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/609297413/ 42 B
64 B 451ms
108ms Image
image/gif 2607:f8b0:400d:c07::69
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/609297413/?random=1721820429906&cv=11&fst=1721818800000&bg=ffffff&guid=ON&async=1&gtm=45be47h0za200zb9123037237&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&hn=www.googleadservices.com&frm=0&tiba=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=1890236535.1721820430&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDaQooLqlXHflD9yJCIO7__ClOvp2vOXayZ7w&random=2430865191&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c07::69 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:27:10 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET st
px.mountain.com/ 0
0

GET
H/1.1 200
OK https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed Show response
abm-tracking.demandscience.com/page-tracking/fortinet_2712/ 2 B
665 B 149ms
149ms Script
application/json 52.32.164.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://abm-tracking.demandscience.com/page-tracking/fortinet_2712/https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed?visitorId=406563d9626bcf2fead8b317a0d3497c_1721820430744&&clientId=undefined&&cookieEnabled=true
Requested by: Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.32.164.86 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-32-164-86.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 24 Jul 2024 11:27:10 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Content-Length: 2
Expires: -1

GET
H2 200 177020962864941 Show response
connect.facebook.net/signals/config/ 60 KB
12 KB 90ms
88ms Script
application/x-javascript 2a03:2880:f003:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/177020962864941?v=2.9.162&r=stable&domain=www.fortinet.com&hme=e67e7d148043b3a377ad0eb1c82669792a67ba5e3bb5734b69e611ae38f939ca&ex_m=68%2C115%2C102%2C106%2C59%2C3%2C95%2C67%2C15%2C92%2C85%2C49%2C52%2C163%2C166%2C178%2C174%2C175%2C177%2C28%2C96%2C51%2C74%2C176%2C158%2C161%2C171%2C172%2C179%2C124%2C39%2C33%2C136%2C14%2C48%2C184%2C183%2C126%2C17%2C38%2C1%2C41%2C63%2C64%2C65%2C69%2C89%2C16%2C13%2C91%2C88%2C87%2C103%2C50%2C105%2C37%2C104%2C29%2C25%2C159%2C162%2C133%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C55%2C60%2C62%2C72%2C97%2C26%2C73%2C8%2C7%2C77%2C46%2C20%2C99%2C98%2C100%2C93%2C9%2C19%2C18%2C82%2C54%2C80%2C32%2C71%2C0%2C90%2C31%2C79%2C84%2C45%2C44%2C83%2C36%2C4%2C86%2C78%2C42%2C34%2C81%2C2%2C35%2C61%2C40%2C101%2C43%2C76%2C66%2C107%2C58%2C57%2C30%2C94%2C56%2C53%2C47%2C75%2C70%2C23%2C108

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f003:100:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8faa00fe604f9f30cef70e7242445d28716037d505d4b46c68768c0a3913068f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 24 Jul 2024 11:27:10 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 12430
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=9, rtx=0, c=61, mss=1392, tbw=64173, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: nlf+GzZERIqzEQgKWXWTI/xkX4trVOPVhl7zV7pXXPTHntM24ny36q6GWJxtQxzS7GK4z3wLa+XHwDZnvw8FkQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 1 KB
969 B 490ms
173ms Script
application/javascript 2600:1408:c400:5::17c7:3719
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1408:c400:5::17c7:3719 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

89333b6a52d61646b071d1dec1a49c6a5a734096eb5ec9183ef08b42c9cfbe50

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2024 05:21:40 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=65182
accept-ranges: bytes
content-length: 759

GET
H2 200 tag.aspx Show response
ml314.com/ 37 KB
12 KB 413ms
96ms Script
application/javascript 34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/tag.aspx?246
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 773a28cc9ac8062b38482769d1f03d92a6487d5775d439cff1c8b5be61fdd6d7

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:03 GMT
via: 1.1 google
content-encoding: br
age: 188
x-guploader-uploadid: AHxI1nOndHtzmtLuoNU9GMxlGQqEyiwC6_5Bq1-nXFkbkF3MUGbFPpommCXqT2ffkD-At1WnGvI
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12140
last-modified: Wed, 12 Jun 2024 23:47:10 GMT
server: UploadServer
vary: Accept-Encoding
x-goog-generation: 1718236030191817
x-goog-hash: crc32c=jdP4zA==, md5=YRx2m1aKFpugF5vA5Ps9ng==
content-type: application/javascript
cache-id: LGA-12baf686
cache-control: public,max-age=3600
x-cache-hit: hit
x-goog-stored-content-length: 37568
accept-ranges: bytes

GET image.aspx
6033413.global.siteimproveanalytics.io/ 0
0

GET tracking
tracking.contanuity.com/ 0
0

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 178 KB
64 KB 107ms
107ms Script
application/javascript 2607:f8b0:400d:c04::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-M4NSPPXN

Requested by

Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c04::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

026f5f38c99872fe202946c516747873beb04e27cc56ee8620116659cf94f1d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:27:10 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65971
x-xss-protection: 0
last-modified: Wed, 24 Jul 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 24 Jul 2024 11:27:10 GMT

GET /
www.facebook.com/tr/ 0
0

GET /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 0
0

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 91ms
90ms Image
image/gif 23.222.79.235
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=685ece1a-3a23-4f34-873a-ea672dcca715&session=6b361482-2187-4744-8e4e-1293227ce5d6&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A27%3A11%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A27%3A10%20GMT%22%2C%22timeSpent%22%3A%221004%22%2C%22totalTimeSpent%22%3A%222008%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20observed%20a%20stealer%20campaign%20spreading%20multiple%20files%20that%20exploit%20CVE-2024-21412%20to%20download%20malicious%20executable%20files.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&pageViewId=6a57649c-6ed8-421f-8493-25baafbf4271&ipv6=2600%3A803%3Aa88%3A3197%3A%3A197&v=1.1.22

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.222.79.235 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-222-79-235.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:27:11 GMT
x-content-type-options: nosniff
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Jul 2024 11:27:11 GMT

GET utsync.ashx
ml314.com/ 0
0

GET insight.beta.min.js
snap.licdn.com/li.lms-analytics/ 0
0

GET /
webtracker.argusplatform.com/wh/track/ 0
0

GET img.gif
b.6sc.co/v1/beacon/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ibc-flow.techtarget.com
URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1247773&r=1721820429780&ref=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&version=2.4

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=10050195;npa=0;auiddc=1890236535.1721820430;ps=1;pcor=459839757;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe47h0v9185241837za200zb9123037237;gcd=13l3l3l3l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed?

Domain: px.mountain.com
URL: https://px.mountain.com/st?ga_tracking_id=G-JH142QCQCJ&ga_client_id=1823299582.1721820430&shpt=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&ga_info=%7B%22status%22%3A%22OK%22%2C%22ga_tracking_id%22%3A%22G-JH142QCQCJ%22%2C%22ga_client_id%22%3A%221823299582.1721820430%22%2C%22shpt%22%3A%22Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs%22%2C%22dcm_cid%22%3A%221721820429.1%22%2C%22mntnis%22%3A%22mxeWEQyMEVtTyQbDDUbVPfyPUHwCElr0%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A6%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%7D%7D&dcm_cid=1721820429.1&available_ga=%5B%7B%22id%22%3A%22G-JH142QCQCJ%22%2C%22sess_id%22%3A%221721820429%22%7D%5D&hardcoded_ga=&dxver=4.0.0&shaid=32336&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&cb=93328235259062580term%3Dvalue&shadditional=sh_conversion%3DSHBLOCK%2Cgoogletagmanager%3Dtrue%2Cga4%3Dtrue%2Cmediamath%3Dtrue%2Cappnexus%3Dtrue

Domain: 6033413.global.siteimproveanalytics.io
URL: https://6033413.global.siteimproveanalytics.io/image.aspx?url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&title=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&res=1600x1200&accountid=6033413&rt=5196&prev=b50b4123-4fe9-9d66-e8fc-836946664d8d&luid=c584a847-ca34-3694-3060-0d2691d1f6aa&rnd=29654

Domain: tracking.contanuity.com
URL: https://tracking.contanuity.com/tracking?visitorId=406563d9626bcf2fead8b317a0d3497c_1721820430744&&clientId=undefined&&cookieEnabled=true

Domain: www.facebook.com
URL: https://www.facebook.com/tr/?id=177020962864941&ev=PageView&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&rl=&if=false&ts=1721820430958&sw=1600&sh=1200&v=2.9.162&r=stable&ec=0&o=4126&fbp=fb.1.1721820430957.217620710315002411&ler=empty&cdl=API_unavailable&it=1721820430812&coo=false&rqm=GET

Domain: www.facebook.com
URL: https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=177020962864941&ev=PageView&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&rl=&if=false&ts=1721820430958&sw=1600&sh=1200&v=2.9.162&r=stable&ec=0&o=4126&fbp=fb.1.1721820430957.217620710315002411&ler=empty&cdl=API_unavailable&it=1721820430812&coo=false&rqm=FGET

Domain: ml314.com
URL: https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=54820&ct=js&pi=&fp=&clid=&if=0&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&pv=1721820431244_l3kqb2t0h&bl=en-us&cb=5073846&return=&ht=&d=&dc=&si=1721820431244_l3kqb2t0h&cid=&s=1600x1200&rp=&v=2.7.3.180

Domain: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.beta.min.js

Domain: webtracker.argusplatform.com
URL: https://webtracker.argusplatform.com/wh/track/?site_id=C6AC00C8269540D0ABFF19F1B5558B6D&visitor_id=1721820430177850751&event_type=page_request&timestamp=1721820431&page_title=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&page_url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&page_url_referer=

Domain: b.6sc.co
URL: https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=685ece1a-3a23-4f34-873a-ea672dcca715&session=6b361482-2187-4744-8e4e-1293227ce5d6&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A27%3A12%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A27%3A11%20GMT%22%2C%22timeSpent%22%3A%221004%22%2C%22totalTimeSpent%22%3A%223012%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20observed%20a%20stealer%20campaign%20spreading%20multiple%20files%20that%20exploit%20CVE-2024-21412%20to%20download%20malicious%20executable%20files.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&pageViewId=6a57649c-6ed8-421f-8493-25baafbf4271&ipv6=2600%3A803%3Aa88%3A3197%3A%3A197&v=1.1.22

Verdicts & Comments Add Verdict or Comment

144 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

45 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.fortinet.com/	1970-01-21 07:02:36	Name: cookiesession1 Value: 678A3E61906881AD4523CFD0982A6A4F
.fortinet.com/	1970-01-21 07:02:36	Name: OptanonConsent Value: isIABGlobal=false&datestamp=Wed+Jul+24+2024+01%3A27%3A08+GMT-1000+(Hawaii-Aleutian+Standard+Time)&version=6.10.0&hosts=&consentId=e56e11a2-d1aa-44ce-a4d6-8e69eb996915&interactionCount=0&landingPath=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&groups=C0001%3A1%2CC0002%3A1%2CC0003%3A1%2CC0004%3A1
.fortinet.com/	1969-12-31 23:59:59	Name: at_check Value: true
.demdex.net/	1970-01-21 02:36:12	Name: demdex Value: 29795170077592954771292609856618407887
.fortinet.com/	1969-12-31 23:59:59	Name: AMCVS_ED8739F75677FE917F000101%40AdobeOrg Value: 1
www.fortinet.com/	1970-01-21 07:53:00	Name: _gd_visitor Value: 685ece1a-3a23-4f34-873a-ea672dcca715
www.fortinet.com/	1970-01-20 22:17:14	Name: _gd_session Value: 6b361482-2187-4744-8e4e-1293227ce5d6
.fortinet.com/	1970-01-20 22:17:02	Name: mboxEdgeCluster Value: 34
.fortinet.com/	1970-01-21 07:53:00	Name: mbox Value: session#9c635a2f83c64ce9beb7f66dd1940068#1721822290\|PC#9c635a2f83c64ce9beb7f66dd1940068.34_0#1785065230
www.fortinet.com/	1970-01-21 07:53:00	Name: _omappvp Value: D63XYv1ZIwWfF7Gi2YUdoW3f31Hwi3yY7iLsrnfuF2vMPWDn1pmfcCBVdj4BJuQPXLmUoiaZ9qpYPmA2z6MPHT6fAmDtxdpC
www.fortinet.com/	1970-01-20 22:17:01	Name: _omappvs Value: 1721820429330
.fortinet.com/	1970-01-20 22:18:26	Name: _uetsid Value: aa18a35049af11efb41f3dad06347094
.fortinet.com/	1970-01-21 07:38:36	Name: _uetvid Value: aa18eea049af11efa642ff2c43692108
www.fortinet.com/	1970-01-20 22:27:05	Name: AWSALB Value: eZkuwM80tdrAEl9n8zmcpd/IsAYe5uTPEvvHoWV/2AqaTNPO3Q3lF2yvf4G2RjO8Vwnn5rupWUCszEVC84Ki0Bak8D/DSvhv6Mpjm8nB/kLz9bb2UHzj2eR6+YOj1c7d5mB4XCVvYHO46KEMH4ZhCsGmBbAHUOdDDoWb32aq30M7ouQ4T5RSPxE6d0mJeCXF1nevmeBDANnYaQU2FszcOeBRfffxY3Iy
www.fortinet.com/	1970-01-20 22:27:05	Name: AWSALBCORS Value: c0qOVxJGSCDeUCMH96RI/1NdDwrWBJePu1r7dQO5c4msreHYCNvJLoblD8xpmN0XZyIpmbzbe4qtROjWMDUUDi2Uyd55la+TTTinpV2lTMw5C7yqGIgSfgEMGUTCc6lc6QUuLaifKpz9xRe6ZCdkU/h6wqWGChbLnnMcd0I4szBFjBwPNkyo+WVeukdtBmMjC47z6ED004G+VK4EtyiEXX8ES6+9xp/j
.bing.com/	1970-01-21 07:38:36	Name: MUID Value: 3EFB1F4D0B3A6CCB17A00B8B0A556D3B
.bat.bing.com/	1970-01-20 22:27:05	Name: MR Value: 0
.dpm.demdex.net/	1970-01-21 02:36:12	Name: dpm Value: 29795170077592954771292609856618407887
.fortinet.com/	1970-01-21 07:53:00	Name: AMCV_ED8739F75677FE917F000101%40AdobeOrg Value: 179643557%7CMCIDTS%7C19929%7CMCMID%7C30172676723358030051258307256207443527%7CMCAAMLH-1722425228%7C7%7CMCAAMB-1722425228%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1721827628s%7CNONE%7CMCSYNCSOP%7C411-19936%7CvVersion%7C5.5.0
.fortinet.com/	1970-01-21 00:26:36	Name: _gcl_au Value: 1.1.1890236535.1721820430
www.fortinet.com/	1970-01-20 22:17:00	Name: dicbo_id Value: %7B%22dicbo_fetch%22%3A1721820429692%7D
.techtarget.com/	1970-01-20 22:17:02	Name: __cf_bm Value: EfYjCuiF2eTA_xbyj4z.bk_9myPIAB1LaQ2AdqkW8.A-1721820429-1.0.1.1-gkI0yeKpbg.tp9HY5qR4Oq3NbBDmWLxnn7Mmc055tIBHSXMt_ILc82J_dzDftGlBfOx20IAt3R0QfvVIlBeIMg
.fortinet.com/	1970-01-21 07:53:00	Name: _ga_JH142QCQCJ Value: GS1.1.1721820429.1.0.1721820429.0.0.0
.fortinet.com/	1970-01-21 07:53:00	Name: _ga Value: GA1.1.1823299582.1721820430
.www.fortinet.com/	1970-01-21 07:02:36	Name: WID_VISITOR_ID Value: 1721820430177850751
.adnxs.com/	1970-01-21 07:53:00	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-21 00:26:36	Name: anj Value: dTM7k!M4/8CxrEQF']wIg2C$M=+G.`!@wnf-Te9(>wL5L!!'0D$VYT6
.adnxs.com/	1970-01-21 00:26:36	Name: XANDR_PANID Value: 74qfjjph6aEvmASKgEmTP0_dwYaf8hsmoJokvCQNPUkDmumeWX12dhhDDGMhbXFTAzY984p25fVX41KlrpyNmOG5qpBzHUNcFGCnj9czaf4.
.adnxs.com/	1970-01-21 00:26:36	Name: uuid2 Value: 3596158167688054740
.fortinet.com/	1970-01-20 22:17:02	Name: gpv_pn Value: www.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed
.fortinet.com/	1970-01-21 00:26:36	Name: s_getNewRepeat Value: 1721820430339-New
.fortinet.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.twitter.com/	1970-01-21 07:53:00	Name: personalization_id Value: "v1_Cu6RIGfjTril5Ousqim9gw=="
.t.co/	1970-01-21 07:53:00	Name: muc_ads Value: ee91fab4-5fc4-4551-b7a2-cd783b11b30a
.doubleclick.net/	1970-01-21 02:36:12	Name: receive-cookie-deprecation Value: 1
www.fortinet.com/	1970-01-20 22:18:28	Name: aa_cc Value: US
www.fortinet.com/	1970-01-20 22:18:28	Name: aa_cn Value: United%20States
www.fortinet.com/	1970-01-20 22:18:28	Name: 6scexist Value: true
.fortinet.com/	1970-01-21 07:53:00	Name: nmstat Value: b50b4123-4fe9-9d66-e8fc-836946664d8d
abm-tracking.demandscience.com/	1970-01-21 07:53:00	Name: userId Value: 406563d9626bcf2fead8b317a0d3497c_1721820430744
.doubleclick.net/	1970-01-21 07:53:00	Name: IDE Value: AHWqTUk7DI6voWFPZt0zoubaXDF7dOXv-ag5Ywnerr4TI8ymiEhsTD5vf2hxBvv4r8o
.fortinet.com/	1970-01-21 00:26:36	Name: _fbp Value: fb.1.1721820430957.217620710315002411
.inzynk.io/	1970-01-21 07:02:36	Name: iztid Value: 1721820431830
www.fortinet.com/	1970-01-21 07:02:36	Name: izcid Value: 1721820433341
www.fortinet.com/	1970-01-21 07:02:36	Name: iztid Value: 1721820431830

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://api.omappapi.com/v2/embed/39852?d=fortinet.com Message: Failed to load resource: the server responded with a status of 401 ()
javascript	error	URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed Message: Access to XMLHttpRequest at 'https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1247773&r=1721820429780&ref=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&version=2.4' from origin 'https://www.fortinet.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1247773&r=1721820429780&ref=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&version=2.4 Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://pixels.argusplatform.com/wh/track/?site_id=C6AC00C8269540D0ABFF19F1B5558B6D&visitor_id=1721820430177850751&event_type=page_request&timestamp=1721820430&page_title=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&page_url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&page_url_referer= Message: Failed to load resource: the server responded with a status of 401 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10104846.fls.doubleclick.net
6033413.global.siteimproveanalytics.io
a.omappapi.com
a.opmnstr.com
abm-tracking.demandscience.com
ad.doubleclick.net
amplify.outbrain.com
analytics.inzynk.io
analytics.twitter.com
api.omappapi.com
assets.adobedtm.com
b.6sc.co
bat.bing.com
c.6sc.co
cdn.cookielaw.org
cdn.jsdelivr.net
cm.everesttech.net
connect.facebook.net
dpm.demdex.net
dx.mountain.com
epsilon.6sense.com
fortinet.demdex.net
fortinet.tt.omtrdc.net
geolocation.onetrust.com
googleads.g.doubleclick.net
ib.adnxs.com
ibc-flow.techtarget.com
intentstream.contanuity.com
ipv6.6sc.co
j.6sc.co
metrics.fortinet.com
ml314.com
pixel.mathtag.com
pixels.argusplatform.com
px.mountain.com
script.crazyegg.com
secure.adnxs.com
siteimproveanalytics.com
snap.licdn.com
static.ads-twitter.com
t.co
tags.inzynk.io
tmp.argusplatform.com
tr.outbrain.com
tracking.contanuity.com
trk.techtarget.com
wave.outbrain.com
webtracker.argusplatform.com
www.facebook.com
www.fortinet.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
6033413.global.siteimproveanalytics.io
ad.doubleclick.net
b.6sc.co
ibc-flow.techtarget.com
ml314.com
px.mountain.com
snap.licdn.com
tracking.contanuity.com
webtracker.argusplatform.com
www.facebook.com
104.244.42.131
13.248.142.121
13.53.113.26
146.75.28.157
173.194.175.149
18.210.229.244
209.85.201.149
216.200.232.253
23.222.79.235
23.45.193.200
2400:52e0:1a00::1207:2
2600:1408:ac00:192::1e80
2600:1408:c400:5::17c7:3719
2600:1408:ec00:2e::1735:ba8
2600:1f18:1492:1702:852f:d87f:6683:b05a
2600:9000:20ee:8400:12:dfa9:e200:93a1
2606:4700:3035::6815:3296
2606:4700:3108::ac42:2af8
2606:4700:4400::ac40:973c
2606:4700:4400::ac40:9b77
2606:4700::6813:9308
2606:4700::6813:b134
2607:f8b0:400d:c04::61
2607:f8b0:400d:c07::64
2607:f8b0:400d:c07::69
2607:f8b0:400d:c09::9c
2620:1ec:29:1::38
2620:1ec:c11::237
2a03:2880:f003:100:face:b00c:0:3
2a04:4e42:600::485
34.111.208.231
34.117.77.79
34.193.67.242
44.226.187.177
44.230.204.58
52.200.107.114
52.32.164.86
52.7.151.245
63.140.39.117
63.140.39.35
68.67.181.211
70.42.32.191
72.21.81.130
026f5f38c99872fe202946c516747873beb04e27cc56ee8620116659cf94f1d2
040d993fe132a37b54fedd349f35fbc8aa20464fbd7c683889b48fdc7e18a886
05b1d251b44fdd42bd27a73eb373440c9957297292c3f13a677eb908648486ee
09edcbeb6bb1f2361271a99cb3369ee93e55c21a4985d8f5cfed37af10d6729d
0b2969b20d4b33763f23481f2dc0f0626a93fdd567798412bf891890047398a3
0b96862343ccfcd32b52ec6e80927c6c986e2e8270816d7e5cf729d4883b3793
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0e5f18649f61dd74f9caf157048d64c16ceb0fd2e8b54ed9e3c6ff1ebf22bd24
0f03d4ff929986a3cde83681fd2560eae544f7138f59945ec6ec32c17800ca91
114ed516604e98cd030c85d1be345541019326d2f32bb784626fb13ad57f8744
13c309d0ebac3484b78106413ee31f46abfc690429c64ddf6ceb1b1838424ada
178ec5d6c8298d4e308c4b7674042667ecafdbffcb5331b621985a2b11539f0e
1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580
1d7b331a045e0921f57a7aca33a2be27539027cc5b1ded6de5ad38263eddf8a3
1e91c990301e6c54d07d12600708b25a5861c6da4256c63bcb22bf1f0c5d81b8
262c76a939f7c2d543b0f5669d8958b82954e14e17d79ced7848cd51a36e6b1d
2ed114345dab0a74e1c81b100e3db108ff86464854f3159d005fac67413454b7
30ddee8ebf0ffd7c415585a9e3a0e8023deb80ed05b857a4427dbb75790c43bd
370df1cc8999c1e03fc1c5f7ced35334513d19233d1fc79d2c1c7f711361565d
37fd820b496a40f0f5783b425ed0c873d7913a576c0f246e869c5a2be58f787e
3aec02b24881b79afb8d121953096fd5754b07c8d26a295bcd900b0833183933
3b44ca1c49a57c0891a934b6a4008735bf0e189883f21b49a92dbcd7b1035473
3e63ed3b834f3a6961e1476a3dfadffb78212feac2bf804352a6926091b4c828
3f36cb484213cafc798ef594c00ffdc27156f0106c63b539c3464bae355fb82a
3f57193ed9b7928c36cb710ac6a4af1583023f928914c094db4995420f7e3a54
404669b3d94f951d5e005752766d9f4e60dc4f44c7aeda8b491f204f71b760af
42ef6666f85c1579f988253ec1fc68e71a15cb9293209d9a64f6c27bc05be03b
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
480e3b349655b6f17b20ec546c300957cad9ffd98b2d29be29db79422ededc52
4b1dfdf84f81ccef7d37fc96dfd2358c87a40a04b20f063179f2c87fc1d3d382
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
4dba9e54570483a0624219ec53864f468c9cbdf4f9c1f23821e539de7cb0c9fc
4f0469454e9c8c033bef56af7ef5b4b71f995de298bee83705d8abc4ee5f6698
59e58524340cd7ad353be010374b124c242fdde10a0ed41047fe2fd4bb9e5a2e
59faeec7cd3ce8eba6b26823c7dd41512a380a8c3329aa0ae0270a72f4645d08
5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d
663fcd2b41d75e07e72ea2622d80566bcf10f1951f7293217d5fd9c9e3e542d8
6741b10dd5b1580642a0aa204377a8fb50c2dd86c38fd4cd07e2319eefaa93d7
6af2160cdcfbaf3124a656903e7a6a648b6f6e5329c37479945c88770b0ee2d4
6d0291f90718dc0537f65dc6a4f68d8e75f0a8a3a0b62836d9cf41350ecaf552
701060dad4079867e3c45f41d0a8b2199ec3515cad7c3a22e2b81727bdaac605
701769ec99138974c12369fd4acf65a7f99e9a1becbab1e16a89be9859aafc9f
770be267abb4fe287bf67c2fdbdf4f14556632b8e07a6d464e58ca56e3e33474
773a28cc9ac8062b38482769d1f03d92a6487d5775d439cff1c8b5be61fdd6d7
77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6
7a23e0e46e16f067271bc79c92a917c13769848457d16cdf109e4dc04c687e8f
7ad0607daba7c0ddecacb3c696099e761076f147549440a7b3c4baa8f67ddaac
7b1e74dd6970b56853dfd79e59ba73315051b0c59a69c6a9fd87e515650fdc80
7c951a4408b8eb47ecea22bc965c50addb9e027eed0d48b1248869d967967ceb
8489534bde4ad3c3cedebecd11b9babe653de6b413922ec2b877c5bfcb33ee3e
855f75e3c59ecf05751e400ad7f8ef021ab050a882b7c4861a187c9475c16dbc
8883bc0b8dd0d8b6e1f37046e643e3487484913aae5fedbb41b9c0c059ecf123
89333b6a52d61646b071d1dec1a49c6a5a734096eb5ec9183ef08b42c9cfbe50
895f6b9e5d37c494c7c8ebf30eade521c286b27001d256e3a37f5ac27684a57d
8998282f5a80fff5eaafdbd457dd7a81af0cd7c8696bfe032a6aeef8fe67f99f
8cdca3b36914e8a3f56390da71389944579faaae82704e53bd66f9c0387502f6
8db92e7cdc1ad40168c42e93b05d842e056d8a5b83ae96b95d2b1c546f828196
8faa00fe604f9f30cef70e7242445d28716037d505d4b46c68768c0a3913068f
930494fef37c0c702073ceeddd12da067bba2824f8eba39e1f9a3c5332bec6b6
93f1175b9eb9dcdf7cc89fb8a0049b1734aead76c4e9a71ce2e74c6659dfc7a2
9453297b8c031ffe12f292174750cabd95f6069010d7dfb77e3e840f462706e1
94633716497a85d800b6e573953942c4cfe483c0dbd68fa97fd01dd97ced5d66
9593a864c223dd82b1984bceca3b92a0622c90e6799b159131db2138f40240e0
98192c2b3bfd0e66cff07b8ba31ff42de9182144d3e21b9ca258f13da96ee457
985071e89e5076c1b93d2b9ba507a2e890236ef8e3eaea519c7b2bc364cf84df
99dc3803d1f19c8103f79f834044b2afd4c8af5b7927efbd36b1052d528b40ae
9c2bfadf1fe546bd3872bf81e8477e95faff0104f3b9b888bc47cff4ffe88a36
9d0ea8ac1c7933b9e81af7eb23abf1abc0467b87abe2d190d48e5b96a33bccf7
9e127a551b1d872db037fb1c551f032ffb34217f160a6906918f720cae169575
a109c0b7d5a8dcdef344dece35859c0ad04f7f1f0fbf03c668321b94d31c19be
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a98a9441db98144c6e8c4ab37c72e26786065a15dfb36a9231be938f76984c4f
abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad45521fa910468ce9027869bf89a08fc2d61aa1738902b17be4ebf409558ffb
b51f3497b0a65f1e1e87e75f5e7e823d871c23bcf76a5ee4101783c8f939e553
b5b4fea0f2608d0f0cafdee0e2b00ae659b091c6d18eda7fe291e636ba3f353c
b64cae93d3398a9d5da33d3728f714a222df73943f87b81b7f2c49d58e2794ef
b697c4c8e7c22fa7e18ccef66c1bda6610f19ec8c7d1c60fb3696db54ea5362e
b8bd6ae17f88486fa86c4acb7f2190d93bcbdd5e223e55b46273cb0eb0a05878
b90b775b65c2623322caaa52d7acf6af709ca59bdd475a54043b6308d91828c4
b934ce9883949e7bceb88fa78a354125eefc85715f7e54da8ff529c94ebab0fe
b97c99a69a6275c8f90703cd4c0864089a74fd08383a1cc75a8a4d0c2cb60cce
bdfd8a95ffd68d8bc7149ea79a3ca8a1869fe507a42e4f7a368f626843346e89
bec82187bec72da82a4eed1c0c3624ac495ca960b7286da80815db9b5c43777e
bedf62e46e59fa272ad95971fb563c91a33501c2443058083872960861534da7
bf75adb4dce36bece1ce5451a9fb6d4fbd65ee72fc074b55ca676f2d8898da5b
c1ccdda10c297d3aeedbe2fa72700c5f49bdf9e102090c2d62775ec3c964e078
c800888331e0e31f317acc8de442b6a71340d4f0d4f3db9dbb7f8e4b3172e84e
d18b3c9feb76c3c1cfdcc51c732f113327e3c33fb3f63b479951f7da6ed1216f
d1fe20aff60f91b78aabd65363112fbc84a8e7c8dd0c258bb1aae48cc4e4879c
d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17
d8c36bfe3ca671f0d22301c56ec2e5b6d8109af18ca306c6cb355f34d6dc6e5b
d97ea24841d9881b6b38caf9174e468db2c6a133cc325320d5720b0783a37d06
db058d72d7ba8ff6ed7209af23a4458c373cc78f72c81ec1df88bb5de72a0b0b
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
e0c289faa80333eff728b8bdbbf10b11dec1a6e1938a444e1cc41be6744e96d2
e0f9a49b3445df93031ef8414eab4c9266e8e6aefc9594c8b3f49376f57ee97c
e171f597c12bd7813408cabb76395c783e04c8aa8a0a57416a120ac026e5acf5
e2b4b7eaf76617a8f47db607865ab132c22d516430511504a902c88e632b0f96
e2d910265020b45a6878d4b62b104bc4cfbcf7554e7386d81aef7a0ae208048e
e3a54e557f40c9a8528562f5f9fe39cb3fce5ad1e3f4238ec791c17961645240
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea4d365b9f9f08d9bf0e54e36b6611e5901ac5f01fd2af09400b094621d3b5da
eaa003d85cb77f94fcae98396e583ce01d0c375b57235402c884ef8a792b951e
ebd0b0892d3b17adc658369a10ebfe9abcd4883fd08bb047fd66dd459edd4481
ec425cce7010294e5d2601a098dabc3e75536351f58e07ada250c8642934fb8d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f012c00d43164a4de843ae80abefe500f8497e1123d11c965cd3b40600fe9720
f41e718277c296a77a6259da8cadd84b5f195d21ea0a6eb36442de9217613c2f
f9b2aaabab92d9c63930432351fa3f5aa634fcb5db31b039e23465f8b4bd5a68
fcce7b7353be95b84f177e00cd497eb4e485606e88cf17a5d836ee6c0f1f0f20
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

www.fortinet.com Open in urlscan Pro 2600:1f18:1492:1702:852f:d87f:6683:b05a Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

144 Requests

90 %HTTPS

47 %IPv6

36 Domains

53 Subdomains

43 IPs

2 Countries

7360 kBTransfer

10817 kBSize

45 Cookies

9 Outgoing links

Redirected requests

144 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.fortinet.com Open in urlscan Pro
2600:1f18:1492:1702:852f:d87f:6683:b05a Public Scan

Screenshot
Live screenshot

Full Image

144
Requests

90 %
HTTPS

47 %
IPv6

36
Domains

53
Subdomains

43
IPs

2
Countries

7360 kB
Transfer

10817 kB
Size

45
Cookies

144 HTTP transactions
2 data transactions