URL: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer...
Submission: On April 03 via manual from IN

Summary

This website contacted 25 IPs in 6 countries across 24 domains to perform 52 HTTP transactions. The main IP is 52.52.208.2, located in San Jose, United States and belongs to AMAZON-02, US. The main domain is www.fortinet.com.
TLS certificate: Issued by DigiCert SHA2 High Assurance Server CA on January 22nd 2019. Valid for: 2 years.
This is the only time www.fortinet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
10 52.52.208.2 16509 (AMAZON-02)
6 23.210.248.45 16625 (AKAMAI-AS)
1 2a00:1450:400... 15169 (GOOGLE)
1 4 52.30.105.51 16509 (AMAZON-02)
3 23.210.248.44 16625 (AKAMAI-AS)
2 2a00:1450:400... 15169 (GOOGLE)
1 23.210.250.213 16625 (AKAMAI-AS)
1 52.30.201.43 16509 (AMAZON-02)
2 35.181.91.36 16509 (AMAZON-02)
1 1 66.117.28.86 15224 (OMNITURE)
1 5 95.100.196.159 16625 (AKAMAI-AS)
2 2a02:26f0:10c... 20940 (AKAMAI-ASN1)
1 23.111.9.217 33438 (HIGHWINDS2)
1 2 2a05:f500:11:... 14413 (LINKEDIN)
1 1 2a05:f500:10:... 14413 (LINKEDIN)
1 3 34.253.11.118 16509 (AMAZON-02)
2 50.19.60.226 14618 (AMAZON-AES)
1 2a00:1450:400... 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 52.216.139.139 16509 (AMAZON-02)
1 151.101.112.157 54113 (FASTLY)
2 2a03:2880:f02... 32934 (FACEBOOK)
1 2 2a03:2880:f12... 32934 (FACEBOOK)
1 104.244.42.67 13414 (TWITTER)
1 104.244.42.197 13414 (TWITTER)
1 2a03:2880:f02... 32934 (FACEBOOK)
52 25
Domain Requested by
10 www.fortinet.com www.fortinet.com
6 assets.adobedtm.com www.fortinet.com
assets.adobedtm.com
5 s.adroll.com 1 redirects www.googletagmanager.com
www.fortinet.com
s.adroll.com
4 dpm.demdex.net 1 redirects www.fortinet.com
2 www.facebook.com 1 redirects
2 connect.facebook.net www.fortinet.com
connect.facebook.net
2 optin-monster.s3.amazonaws.com a.optmnstr.com
2 api.omappapi.com a.optmnstr.com
2 d.adroll.com www.fortinet.com
2 px.ads.linkedin.com 1 redirects www.fortinet.com
2 snap.licdn.com www.googletagmanager.com
www.fortinet.com
2 metrics.fortinet.com assets.adobedtm.com
www.fortinet.com
2 www.google-analytics.com www.googletagmanager.com
www.fortinet.com
2 s7.addthis.com assets.adobedtm.com
s7.addthis.com
1 cx.atdmt.com
1 t.co
1 analytics.twitter.com static.ads-twitter.com
1 static.ads-twitter.com www.fortinet.com
1 cdnjs.cloudflare.com a.optmnstr.com
1 ajax.googleapis.com a.optmnstr.com
1 d.adroll.mgr.consensu.org 1 redirects
1 www.linkedin.com 1 redirects
1 a.optmnstr.com www.googletagmanager.com
1 v1.addthisedge.com s7.addthis.com
1 cm.everesttech.net 1 redirects
1 fortinet.demdex.net assets.adobedtm.com
1 z.moatads.com s7.addthis.com
1 www.googletagmanager.com www.fortinet.com
52 28
Subject Issuer Validity Valid
*.fortinet.com
DigiCert SHA2 High Assurance Server CA
2019-01-22 -
2021-03-31
2 years crt.sh
assets.adobedtm.com
DigiCert SHA2 High Assurance Server CA
2019-10-22 -
2021-10-01
2 years crt.sh
*.google-analytics.com
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months crt.sh
*.demdex.net
DigiCert SHA2 High Assurance Server CA
2018-01-09 -
2021-02-12
3 years crt.sh
odc-prod-01.oracle.com
DigiCert SHA2 Secure Server CA
2019-10-10 -
2020-09-04
a year crt.sh
moatads.com
DigiCert SHA2 Secure Server CA
2020-01-17 -
2021-03-17
a year crt.sh
metrics.fortinet.com
DigiCert SHA2 High Assurance Server CA
2019-01-29 -
2021-02-02
2 years crt.sh
*.adroll.com
DigiCert SHA2 Secure Server CA
2020-01-29 -
2021-04-29
a year crt.sh
*.licdn.com
DigiCert SHA2 Secure Server CA
2019-04-01 -
2021-05-07
2 years crt.sh
*.optmnstr.com
Go Daddy Secure Certificate Authority - G2
2018-07-10 -
2020-07-10
2 years crt.sh
px.ads.linkedin.com
DigiCert SHA2 Secure Server CA
2020-03-04 -
2020-09-04
6 months crt.sh
adroll.mgr.consensu.org
Amazon
2019-11-06 -
2020-12-06
a year crt.sh
*.omappapi.com
Go Daddy Secure Certificate Authority - G2
2020-03-16 -
2022-03-16
2 years crt.sh
*.storage.googleapis.com
GTS CA 1O1
2020-03-03 -
2020-05-26
3 months crt.sh
cloudflare.com
CloudFlare Inc ECC CA-2
2020-01-07 -
2020-10-09
9 months crt.sh
*.s3.amazonaws.com
DigiCert Baltimore CA-2 G2
2019-11-09 -
2021-03-12
a year crt.sh
ads-twitter.com
DigiCert SHA2 High Assurance Server CA
2019-08-14 -
2020-08-18
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2020-03-01 -
2020-05-30
3 months crt.sh
*.twitter.com
DigiCert SHA2 High Assurance Server CA
2020-03-05 -
2021-03-02
a year crt.sh
t.co
DigiCert SHA2 High Assurance Server CA
2020-03-05 -
2021-03-02
a year crt.sh
*.atlassolutions.com
DigiCert SHA2 High Assurance Server CA
2020-03-05 -
2020-06-03
3 months crt.sh

This page contains 2 frames:

Primary Page: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Frame ID: 55B626AD1A8776A32DA5E2378FC4BB30
Requests: 54 HTTP requests in this frame

Frame: https://fortinet.demdex.net/dest5.html?d_nsid=0
Frame ID: 9C938319CB53173D72AEA9FE6001EC84
Requests: 1 HTTP requests in this frame

Screenshot


Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Overall confidence: 100%
Detected patterns
  • script /(?:a|s)\.adroll\.com/i

Overall confidence: 100%
Detected patterns
  • script /\/\/assets.adobedtm.com\//i

Overall confidence: 100%
Detected patterns
  • script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Overall confidence: 100%
Detected patterns
  • script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Overall confidence: 100%
Detected patterns
  • html /<!-- (?:End )?Google Tag Manager -->/i

Page Statistics

52
Requests

100 %
HTTPS

38 %
IPv6

24
Domains

28
Subdomains

25
IPs

6
Countries

1381 kB
Transfer

3810 kB
Size

15
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6
  • https://dpm.demdex.net/id?d_visid_ver=4.5.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1585902244149 HTTP 302
  • https://dpm.demdex.net/id/rd?d_visid_ver=4.5.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1585902244149
Request Chain 19
  • https://cm.everesttech.net/cm/dd?d_uuid=66958654134655583333464077980969173210 HTTP 302
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=XobypAAAAxmf7lL0
Request Chain 29
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Flatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html%3Futm_source%3Dsocial%26utm_medium%3Dtwitter-org%26utm_campaign%3Dsprinklr&time=1585902244583 HTTP 302
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7120%26url%3Dhttps%253A%252F%252Fwww.fortinet.com%252Fblog%252Fthreat-research%252Flatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html%253Futm_source%253Dsocial%2526utm_medium%253Dtwitter-org%2526utm_campaign%253Dsprinklr%26time%3D1585902244583%26liSync%3Dtrue HTTP 302
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Flatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html%3Futm_source%3Dsocial%26utm_medium%3Dtwitter-org%26utm_campaign%3Dsprinklr&time=1585902244583&liSync=true
Request Chain 30
  • https://s.adroll.com/j/exp/7OBVBCAQE5FHDPFEAD5T4D/index.js HTTP 302
  • https://s.adroll.com/j/exp/index.js
Request Chain 32
  • https://d.adroll.mgr.consensu.org/consent/iabcheck/7OBVBCAQE5FHDPFEAD5T4D?_s=7c718e011393fd158fa1ccfd15290aa9&_b=2 HTTP 302
  • https://d.adroll.com/consent/check/7OBVBCAQE5FHDPFEAD5T4D/?_s=7c718e011393fd158fa1ccfd15290aa9&_b=2
Request Chain 52
  • https://www.facebook.com/tr/?id=559328277756725&ev=Microdata&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Flatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html%3Futm_source%3Dsocial%26utm_medium%3Dtwitter-org%26utm_campaign%3Dsprinklr&rl=&if=false&ts=1585902245913&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Latest%20Global%20COVID-19%2FCoronavirus%20Spearphishing%20Campaign%20Drops%20Infostealer%20%22%2C%22meta%3Akeywords%22%3A%22threat%20research%2CThreat%20Research%2CCOVID-19%20%2CCybersecurity%20Architect%22%2C%22meta%3Adescription%22%3A%22FortiGuard%20Labs%20recently%20discovered%20a%20new%20COVID-19%2FCoronavirus-themed%20spearphishing%20scam.%20Learn%20more.%22%7D&cd[OpenGraph]=%7B%22og%3Asite_name%22%3A%22Fortinet%20Blog%22%2C%22og%3Atitle%22%3A%22Latest%20Global%20COVID-19%2FCoronavirus%20Spearphishing%20Campaign%20Drops%20Infostealer%20%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Flatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html%22%2C%22og%3Atype%22%3A%22article%22%2C%22og%3Adescription%22%3A%22FortiGuard%20Labs%20recently%20discovered%20a%20new%20COVID-19%2FCoronavirus-themed%20spearphishing%20scam.%20Learn%20more.%E2%80%A6%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fwww.fortinet.com%2Fcontent%2Fdam%2Ffortinet-blog%2Farticle-images%2Fcovid-infostealer-val-blog%2FPicture5.png%22%2C%22twitter%3Acard%22%3A%22summary%22%2C%22twitter%3Asite%22%3A%22%40Fortinet%22%2C%22article%3Aauthor%22%3A%22Val%20Saengphaibul%20%22%2C%22article%3Asection%22%3A%22Threat%20Research%22%2C%22article%3Apublished_time%22%3A%222020-04-02T00%3A00%3A00.000-07%3A00%22%2C%22article%3Atag%22%3A%22Cybersecurity%20Architect%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.15&r=stable&ec=1&o=30&fbp=fb.1.1585902245404.1896703915&it=1585902245375&coo=false&es=automatic&tm=3&rqm=GET HTTP 302
  • https://cx.atdmt.com/?c=18216455641676499954&f=AYyanibAXHEM1daGTByaU2mZMHL_uxpEXyjwvHA991sq1rzdFV_oSpF-LOTzKeFQrcr8xJBvh6AXG2zl3DfUfHzI&id=559328277756725&l=3&v=0

52 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request Cookie set latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html
www.fortinet.com/blog/threat-research/
36 KB
14 KB
Document
General
Full URL
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
52.52.208.2 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-52-208-2.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
e9ab75506ddd29752bc8f3def52635b9838ab97759e0be9ee49f74e7d7b0c01d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Host
www.fortinet.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
document

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=600, public
Content-Encoding
gzip
Content-Type
text/html;charset=utf-8
Date
Fri, 03 Apr 2020 08:24:03 GMT
ETag
"90bd-5a25d9acb522d-gzip"
Last-Modified
Fri, 03 Apr 2020 07:09:56 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding,User-Agent
X-Content-Type-Options
nosniff
X-Dispatcher
dispatcher2uswest1
X-Frame-Options
SAMEORIGIN
X-Vhost
publish
Content-Length
14163
Connection
keep-alive
Set-Cookie
cookiesession1=594BFB5FENNGJT2FD9CBL4QJTGLQ0B20;Path=/;HttpOnly
clientlib-base.min.css
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/
212 KB
26 KB
Stylesheet
General
Full URL
https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.css
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
52.52.208.2 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-52-208-2.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
a55db6ce7f6660f8bd63293e801bf3ae471ca4335e5b465ec8c4b3116e3aa19d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
style

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Fri, 03 Apr 2020 08:24:04 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Vhost
publish
Connection
keep-alive
Vary
Accept-Encoding,User-Agent
Content-Length
25637
Last-Modified
Wed, 19 Feb 2020 19:25:59 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
ETag
"35154-59ef2c2153fc0-gzip"
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
text/css;charset=utf-8
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
assets.adobedtm.com/
203 KB
52 KB
Script
General
Full URL
https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.45 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-45.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
30fce5424db196d1c2802c5977134901447f89a5ed970697172ec17721aac77b

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 08:24:03 GMT
content-encoding
gzip
last-modified
Thu, 02 Apr 2020 17:47:48 GMT
server
AkamaiNetStorage
etag
"b729a14c3399e2cda1681c787933e581:1585849668.279987"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
expires
Fri, 03 Apr 2020 09:24:03 GMT
fortinet-logo-white.svg
www.fortinet.com/content/dam/fortinet-blog/
32 KB
3 KB
Image
General
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/fortinet-logo-white.svg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
52.52.208.2 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-52-208-2.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Fri, 03 Apr 2020 08:24:04 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Vhost
publish
Content-Disposition
attachment; filename="fortinet-logo-white.svg"
Connection
keep-alive
Vary
Accept-Encoding,User-Agent
Content-Length
1998
Last-Modified
Thu, 22 Feb 2018 23:16:01 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
ETag
"7ebb-565d53a1d6e40-gzip"
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/svg+xml
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
clientlib-base.min.js
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/
165 KB
75 KB
Script
General
Full URL
https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
52.52.208.2 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-52-208-2.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
ad979cd8209daf4934baefa31ec4dede21ae9cc233cf809da2ed5ed839f03a68
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Fri, 03 Apr 2020 08:24:04 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Vhost
publish
Connection
keep-alive
Vary
Accept-Encoding,User-Agent
content-length
76083
Last-Modified
Mon, 23 Sep 2019 20:57:02 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
ETag
"29256-5933ea9592380-gzip"
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
application/javascript;charset=utf-8
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
gtm.js
www.googletagmanager.com/
101 KB
35 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-NBSLLPJ
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e717cb376f9160bc32d1cff24effc117c256426184e0d55727ed04fd86f779d7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 08:24:04 GMT
content-encoding
br
status
200
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
35661
x-xss-protection
0
last-modified
Fri, 03 Apr 2020 06:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 03 Apr 2020 08:24:04 GMT
truncated
/
71 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
rd
dpm.demdex.net/id/
Redirect Chain
  • https://dpm.demdex.net/id?d_visid_ver=4.5.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1585902244149
  • https://dpm.demdex.net/id/rd?d_visid_ver=4.5.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1585902244149
0
-1 B
XHR
General
Full URL
https://dpm.demdex.net/id/rd?d_visid_ver=4.5.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1585902244149
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.30.105.51 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-30-105-51.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Location
https://dpm.demdex.net/id/rd?d_visid_ver=4.5.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1585902244149
X-TID
hv5cyHdoTSY=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://www.fortinet.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Access-Control-Allow-Origin
https://www.fortinet.com
X-TID
hv5cyHdoTSY=
Vary
Origin
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location
https://dpm.demdex.net/id/rd?d_visid_ver=4.5.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1585902244149
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
Expires
Thu, 01 Jan 1970 00:00:00 GMT
AppMeasurement.min.js
assets.adobedtm.com/extensions/EP308220a2a4c4403f97fc1960100db40f/
36 KB
13 KB
Script
General
Full URL
https://assets.adobedtm.com/extensions/EP308220a2a4c4403f97fc1960100db40f/AppMeasurement.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.45 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-45.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
adfcb165c69213b0aba3c64bc549f7ff156ec82110fb8ef144b1d16ebc13b04a

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 08:24:04 GMT
content-encoding
gzip
last-modified
Tue, 10 Mar 2020 22:29:22 GMT
server
AkamaiNetStorage
etag
"42fa244f36955eedb3cd8ade6f492bf6:1583879362.816163"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
no-cache
accept-ranges
bytes
timing-allow-origin
*
content-length
13342
expires
Fri, 03 Apr 2020 09:24:04 GMT
addthis_widget.js
s7.addthis.com/js/300/
349 KB
113 KB
Script
General
Full URL
https://s7.addthis.com/js/300/addthis_widget.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
ab8ceea757a634f5ce5a9ed6f6b4bcdd555869b385d315854e16914a2f5a3bc7
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Tue, 21 Jan 2020 20:57:37 GMT
server
nginx/1.15.8
etag
"5e2765c1-57446"
vary
Accept-Encoding
x-distribution
99
content-type
application/javascript
status
200
cache-control
public, max-age=600
date
Fri, 03 Apr 2020 08:24:04 GMT
x-host
s7.addthis.com
content-length
114924
Picture5.png
www.fortinet.com/content/dam/fortinet-blog/article-images/covid-infostealer-val-blog/
105 KB
106 KB
Image
General
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-images/covid-infostealer-val-blog/Picture5.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
52.52.208.2 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-52-208-2.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
3be19af41152df0a31ad542f94e84a64734b66079227821da645072659b39f7a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

X-Dispatcher
dispatcher1uswest1
Date
Fri, 03 Apr 2020 08:24:04 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 02 Apr 2020 16:44:01 GMT
Server
Apache
ETag
"1a4c2-5a25182057640"
X-Vhost
publish
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
image/png
Cache-Control
max-age=684000, public
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
107714
Picture6.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/coronavirus-media-frenzy-blog/
39 KB
39 KB
Image
General
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-images/coronavirus-media-frenzy-blog/Picture6.png.thumb.319.319.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
52.52.208.2 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-52-208-2.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
142947583ee28b957236ea1a824451ceb3912bc157f16e29678d50b625c733f7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Fri, 03 Apr 2020 08:24:04 GMT
X-Content-Type-Options
nosniff
Last-Modified
Wed, 04 Mar 2020 19:47:48 GMT
Server
Apache
ETag
"9b52-5a00cb1e24100"
X-Vhost
publish
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
image/png
Cache-Control
max-age=684000, public
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
39762
social-engineering-covid-img.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/social-engineering-covid/
39 KB
39 KB
Image
General
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-images/social-engineering-covid/social-engineering-covid-img.png.thumb.319.319.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
52.52.208.2 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-52-208-2.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
b3f201c5989f4b55e18e8aee582aeea5dca829c25b4421170c70b49101dd3be2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

X-Dispatcher
dispatcher1uswest1
Date
Fri, 03 Apr 2020 08:24:04 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 23 Mar 2020 16:06:43 GMT
Server
Apache
ETag
"9a22-5a187d2368ac0"
X-Vhost
publish
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
image/png
Cache-Control
max-age=684000, public
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
39458
microsoft-vuln-three.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/bluekeep-vulnerability/
20 KB
21 KB
Image
General
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-images/bluekeep-vulnerability/microsoft-vuln-three.png.thumb.319.319.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
52.52.208.2 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-52-208-2.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
b2a69f81002746fb20a34679b10c764c2d5f664de10944230824289d55c38348
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

X-Dispatcher
dispatcher1uswest1
Date
Fri, 03 Apr 2020 08:24:04 GMT
X-Content-Type-Options
nosniff
Last-Modified
Mon, 10 Jun 2019 22:25:37 GMT
Server
Apache
ETag
"51ca-58affa8cf3a40"
X-Vhost
publish
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
image/png
Cache-Control
max-age=684000, public
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
20938
analytics.js
www.google-analytics.com/
44 KB
18 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NBSLLPJ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 06 Feb 2020 00:21:02 GMT
server
Golfe2
age
6632
date
Fri, 03 Apr 2020 06:33:32 GMT
vary
Accept-Encoding
content-type
text/javascript
status
200
cache-control
public, max-age=7200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
18174
expires
Fri, 03 Apr 2020 08:33:32 GMT
collect
www.google-analytics.com/r/
35 B
101 B
Image
General
Full URL
https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1122078744&t=pageview&_s=1&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Flatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html%3Futm_source%3Dsocial%26utm_medium%3Dtwitter-org%26utm_campaign%3Dsprinklr&ul=en-us&de=UTF-8&dt=Latest%20Global%20COVID-19%2FCoronavirus%20Spearphishing%20Campaign%20Drops%20Infostealer&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=YEBAAAAB~&jid=866727913&gjid=2114198046&cid=1165062768.1585902244&tid=UA-767980-6&_gid=194922502.1585902244&_r=1&gtm=2wg3p1NBSLLPJ&z=1047533550
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

pragma
no-cache
date
Fri, 03 Apr 2020 08:24:04 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
access-control-allow-origin
*
content-type
image/gif
status
200
cache-control
no-cache, no-store, must-revalidate
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
35
expires
Fri, 01 Jan 1990 00:00:00 GMT
moatframe.js
z.moatads.com/addthismoatframe568911941483/
2 KB
1 KB
Script
General
Full URL
https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-250-213.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 08:24:04 GMT
content-encoding
gzip
last-modified
Fri, 08 Nov 2019 20:13:52 GMT
server
AmazonS3
x-amz-request-id
FBAF69B7861DE212
etag
"f14b4e1f799b14f798a195f43cf58376"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=19642
accept-ranges
bytes
content-length
948
x-amz-id-2
mINJDBnKUfP83RzDJ6hQaYSGPvMPOM770jd+gXVSD8LFScfPdVPaVzI4W2IwmrtEKhDna93Nv9A=
rd
dpm.demdex.net/id/
367 B
1 KB
XHR
General
Full URL
https://dpm.demdex.net/id/rd?d_visid_ver=4.5.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1585902244149
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.30.105.51 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-30-105-51.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
846d83f1781c46b25884fc4f0a81c27b15c57da4854a2c1b8a67265bd9828b28
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Origin
https://www.fortinet.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-irl1-v064-0de81b0de.edge-irl1.demdex.com 5.66.0.20200310121811 2ms (+0ms)
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Encoding
gzip
X-TID
InHK9WrcSR4=
Vary
Origin, Accept-Encoding, User-Agent
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://www.fortinet.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
300
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Cookie set dest5.html
fortinet.demdex.net/ Frame 9C93
0
0
Document
General
Full URL
https://fortinet.demdex.net/dest5.html?d_nsid=0
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.30.201.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-30-201-43.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Host
fortinet.demdex.net
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
cross-site
Sec-Fetch-Mode
navigate
Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Cookie
demdex=66958654134655583333464077980969173210
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
iframe
Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=21600
Content-Encoding
gzip
Content-Type
text/html
Expires
Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified
Wed, 18 Mar 2020 11:39:41 GMT
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma
no-cache
Set-Cookie
demdex=66958654134655583333464077980969173210;Path=/;Domain=.demdex.net;Expires=Wed, 30-Sep-2020 08:24:04 GMT;Max-Age=15552000;Secure;SameSite=None
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding, User-Agent
X-TID
lTXzplAMT8o=
Content-Length
2785
Connection
keep-alive
id
metrics.fortinet.com/
48 B
485 B
XHR
General
Full URL
https://metrics.fortinet.com/id?d_visid_ver=4.5.2&d_fieldgroup=A&mcorgid=ED8739F75677FE917F000101%40AdobeOrg&mid=66592361820257271573500636705944871250&ts=1585902244351
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.181.91.36 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-181-91-36.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
688a1355a6a60c19124bfd52ed82f714f9224beca720d486ae6805870ea0a842
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Origin
https://www.fortinet.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

status
200
date
Fri, 03 Apr 2020 08:24:04 GMT
x-content-type-options
nosniff
server
jag
xserver
anedge-544845747d-czqqn
vary
Origin
x-c
master-1219.Ia2cf62.M0-374
p3p
CP="This is not a P3P policy"
access-control-allow-origin
https://www.fortinet.com
cache-control
no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials
true
content-type
application/x-javascript;charset=utf-8
content-length
48
x-xss-protection
1; mode=block
ibs:dpid=411&dpuuid=XobypAAAAxmf7lL0
dpm.demdex.net/
Redirect Chain
  • https://cm.everesttech.net/cm/dd?d_uuid=66958654134655583333464077980969173210
  • https://dpm.demdex.net/ibs:dpid=411&dpuuid=XobypAAAAxmf7lL0
42 B
915 B
Image
General
Full URL
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XobypAAAAxmf7lL0
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.30.105.51 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-30-105-51.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

DCS
dcs-prod-irl1-v064-0a0b195c7.edge-irl1.demdex.com 5.66.0.20200310121811 1ms (+0ms)
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
X-TID
4gWr/pQAQKk=
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection
keep-alive
Content-Type
image/gif
Content-Length
42
Expires
Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date
Fri, 03 Apr 2020 08:24:04 GMT
Server
AMO-cookiemap/1.1
P3P
CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Location
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XobypAAAAxmf7lL0
Cache-Control
no-cache
Connection
Keep-Alive
Keep-Alive
timeout=15,max=100
Content-Length
0
s2106779255996
metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.20.0-LAR3/
43 B
627 B
Image
General
Full URL
https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.20.0-LAR3/s2106779255996?AQB=1&ndh=1&pf=1&t=3%2F3%2F2020%2010%3A24%3A4%205%20-120&mid=66592361820257271573500636705944871250&aamlh=6&ce=UTF-8&pageName=en%3Ablog%3Athreat-research%3Alatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer%3Autm_source%3Dsocial%26utm_medium%3Dtwitter-org%26utm_campaign%3Dsprinklr&g=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Flatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html%3Futm_source%3Dsocial%26utm_medium%3Dtwitter-org%26utm_campaign%3Dsprinklr&cc=USD&v0=social%3Atwitter-org%3Asprinklr%3Anone%3Anone&events=event3&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&v1=www.fortinet.com%2Fblog%2Fthreat-research%2Flatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html%3Futm_source%3Dsocial%26utm_medium%3Dtwitter-org%26utm_campaign%3Dsprinklr&v3=%2B1&c7=Entire%20Site&c8=New&v27=BLOG&v33=en%3Ablog%3Athreat-research%3Alatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer%3Autm_source%3Dsocial%26utm_medium%3Dtwitter-org%26utm_campaign%3Dsprinklr&v35=Enabled&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=ED8739F75677FE917F000101%40AdobeOrg&AQE=1
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.181.91.36 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-181-91-36.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 03 Apr 2020 08:24:04 GMT
x-content-type-options
nosniff
x-c
master-1219.Ia2cf62.M0-374
p3p
CP="This is not a P3P policy"
status
200
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Sat, 04 Apr 2020 08:24:04 GMT
server
jag
xserver
anedge-544845747d-56mvk
etag
3405699136401801216-4613561552857357091
vary
*
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Thu, 02 Apr 2020 08:24:04 GMT
RCb652faf409a54c3db318899e2cbcc95c-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/3eb016d0743a/
881 B
697 B
Script
General
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/3eb016d0743a/RCb652faf409a54c3db318899e2cbcc95c-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.45 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-45.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
6cd730dc93590d7c4d1a32a0a6a472cd5f64cc5f9a80d0b792117f7bd3107f6e

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 08:24:04 GMT
content-encoding
gzip
last-modified
Thu, 02 Apr 2020 17:47:49 GMT
server
AkamaiNetStorage
etag
"6371591fba0aa524090d1cca6592d531:1585849669.527165"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
452
expires
Fri, 03 Apr 2020 09:24:04 GMT
_ate.track.config_resp
v1.addthisedge.com/live/boost/ra-5d48adfc650f1a9e/
2 KB
756 B
Script
General
Full URL
https://v1.addthisedge.com/live/boost/ra-5d48adfc650f1a9e/_ate.track.config_resp
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
133debcec0026d79ced8d9d9504d6f95804410b4806b4b0b5f973f6ca529f5fb

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 08:24:04 GMT
content-encoding
gzip
etag
1861047380--gzip
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
status
200
cache-control
public, max-age=28, s-maxage=86400
content-disposition
attachment; filename=1.txt
content-length
580
picture1.png
www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer/_jcr_content/root/responsivegrid/image_654800395.img.png/1585847269348/
177 KB
178 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer/_jcr_content/root/responsivegrid/image_654800395.img.png/1585847269348/picture1.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
52.52.208.2 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-52-208-2.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
b4c4855e86d801870e1b603fd5d660aceafdd35286b1bb6f57675b0c953c0641
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

X-Dispatcher
dispatcher1uswest1
Date
Fri, 03 Apr 2020 08:24:04 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 02 Apr 2020 17:07:49 GMT
Server
Apache
ETag
"2c4a1-5a251d7230340"
X-Vhost
publish
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
image/png
Cache-Control
max-age=684000, public
Content-Disposition
inline; filename=picture1.png
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
181409
picture2.png
www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer/_jcr_content/root/responsivegrid/image_595397333.img.png/1585847652032/
159 KB
160 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer/_jcr_content/root/responsivegrid/image_595397333.img.png/1585847652032/picture2.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
52.52.208.2 San Jose, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-52-208-2.us-west-1.compute.amazonaws.com
Software
Apache /
Resource Hash
a38b7386b006094d4f5c04bb3647e05ff2c1b20e3b717039a5a1d3310f5eabff
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

X-Dispatcher
dispatcher1uswest1
Date
Fri, 03 Apr 2020 08:24:04 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 02 Apr 2020 17:14:12 GMT
Server
Apache
ETag
"27cb0-5a251edf72100"
X-Vhost
publish
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
image/png
Cache-Control
max-age=684000, public
Content-Disposition
inline; filename=picture2.png
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
162992
truncated
/
42 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/gif
roundtrip.js
s.adroll.com/j/
34 KB
11 KB
Script
General
Full URL
https://s.adroll.com/j/roundtrip.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NBSLLPJ
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.100.196.159 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-100-196-159.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
19c904aaa555d91d75c5b3682e3f358ba5af4c302339d63c9e464f53d8708ff8

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

x-amz-version-id
EEryoP57M4BXSHtGt9JFNoNG_YhGzXxp
Content-Encoding
gzip
x-amz-request-id
EA21926B77EA4001
x-amz-server-side-encryption
AES256
Access-Control-Max-Age
600
Date
Fri, 03 Apr 2020 08:24:04 GMT
Connection
keep-alive
Content-Length
10905
x-amz-id-2
S0dx9YZKi/42P6gHOd6VRj9NtvUJsJiwawSupEKCROb9T2VaCKJ74D6z+oIQPnSrPJL6nDYTZ3E=
Last-Modified
Wed, 01 Apr 2020 18:03:06 GMT
Server
AmazonS3
ETag
"9884704eb3fc99427eb5b90c4bbab62c"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
insight.min.js
snap.licdn.com/li.lms-analytics/
3 KB
2 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NBSLLPJ
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:10c:39e::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Fri, 03 Apr 2020 08:24:04 GMT
Content-Encoding
gzip
Last-Modified
Mon, 07 Oct 2019 16:41:31 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=13140
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1576
api.min.js
a.optmnstr.com/app/js/
198 KB
59 KB
Script
General
Full URL
https://a.optmnstr.com/app/js/api.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NBSLLPJ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
23.111.9.217 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software
NetDNA-cache/2.2 /
Resource Hash
2a8327a5567d5638f97e2fd377e6d938efd5c5c3792df9ee108b89c962e64674

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 08:24:04 GMT
content-encoding
gzip
last-modified
Thu, 02 Apr 2020 21:47:10 GMT
server
NetDNA-cache/2.2
x-amz-request-id
773AB8474220A847
etag
W/"ee5aa6fc8d8753804f3d4b30776949ac"
x-cache
HIT
content-type
application/javascript
status
200
cache-control
max-age=31104000
access-control-allow-origin
*
x-amz-id-2
jsRx23jqKRg6kvHA2AfDt274K8m+/q+JKQvSj1UYDX7WpKLl6RHZIeeVbGGBt93pNmGZUmlMo5I=
expires
Mon, 29 Mar 2021 08:24:04 GMT
collect
px.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Flatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.htm...
  • https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7120%26url%3Dhttps%253A%252F%252Fwww.fortinet.com%252Fblog%252Fthreat-research%25...
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Flatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.htm...
0
63 B
Image
General
Full URL
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Flatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html%3Futm_source%3Dsocial%26utm_medium%3Dtwitter-org%26utm_campaign%3Dsprinklr&time=1585902244583&liSync=true
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software
Play /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date
Fri, 03 Apr 2020 08:24:05 GMT
server
Play
linkedin-action
1
x-li-fabric
prod-lor1
status
200
x-li-proto
http/2
x-li-pop
prod-tln1
content-type
application/javascript
content-length
0
x-li-uuid
zmOodrBBAhaQXUn32SoAAA==

Redirect headers

date
Fri, 03 Apr 2020 08:24:04 GMT
x-content-type-options
nosniff
linkedin-action
1
status
302
strict-transport-security
max-age=2592000
content-length
0
x-li-uuid
IYwva7BBAhZwpYiYxSoAAA==
server
Play
pragma
no-cache
x-li-pop
prod-efr5
expect-ct
max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-frame-options
sameorigin
x-li-fabric
prod-lor1
location
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Flatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html%3Futm_source%3Dsocial%26utm_medium%3Dtwitter-org%26utm_campaign%3Dsprinklr&time=1585902244583&liSync=true
x-xss-protection
1; mode=block
cache-control
no-cache, no-store
content-security-policy
default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-li-proto
http/2
expires
Thu, 01 Jan 1970 00:00:00 GMT
index.js
s.adroll.com/j/exp/
Redirect Chain
  • https://s.adroll.com/j/exp/7OBVBCAQE5FHDPFEAD5T4D/index.js
  • https://s.adroll.com/j/exp/index.js
28 B
747 B
Script
General
Full URL
https://s.adroll.com/j/exp/index.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.100.196.159 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-100-196-159.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id
oJIzvk_mmLAXF5iekxvT5NnrQtQSmq7M
Content-Encoding
gzip
x-amz-request-id
8EF58DFF6022E509
x-amz-server-side-encryption
AES256
Access-Control-Max-Age
600
Date
Fri, 03 Apr 2020 08:24:04 GMT
Connection
keep-alive
Content-Length
48
x-amz-id-2
nRbO3sDbLhVuH9XRmliGROi5VMnWM15JYtBlfH96e+tuxiWX3fkjm0yBOHoWdbenF0xXBNy2Yok=
Last-Modified
Thu, 02 Apr 2020 22:43:50 GMT
Server
AmazonS3
ETag
"5816cced8568d223aa09d889f300692b"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*

Redirect headers

Date
Fri, 03 Apr 2020 08:24:04 GMT
Server
AkamaiGHost
Access-Control-Allow-Origin
*
Access-Control-Max-Age
600
Access-Control-Allow-Methods
GET
Location
https://s.adroll.com/j/exp/index.js
Access-Control-Allow-Credentials
false
Connection
keep-alive
Access-Control-Allow-Headers
*
Content-Length
0
index.js
s.adroll.com/j/pre/7OBVBCAQE5FHDPFEAD5T4D/GIVUJ77KRNF4LOPGYJ6RS5/
1 KB
1 KB
Script
General
Full URL
https://s.adroll.com/j/pre/7OBVBCAQE5FHDPFEAD5T4D/GIVUJ77KRNF4LOPGYJ6RS5/index.js
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.100.196.159 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-100-196-159.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
cbce85e96b7752208ce15a09ea4d5a58b792edc9e77f1c5ccf46c01935970f9d

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

x-amz-version-id
Oce9DjD7SwpAGzSNfnWexKW8QlpF_SFj
Content-Encoding
gzip
x-amz-request-id
8FE4182D94F5FCF5
x-amz-server-side-encryption
AES256
Access-Control-Max-Age
600
Date
Fri, 03 Apr 2020 08:24:04 GMT
Connection
keep-alive
Content-Length
635
x-amz-id-2
SUg+aW2a5oaJKCb9HtaL779K+yBg6UIKdz6z75mDBVBQ+2vJb5uk5sa3L6KUh223rLZlF3jDMhE=
Last-Modified
Thu, 02 Apr 2020 09:44:17 GMT
Server
AmazonS3
ETag
"3996d65282dd996ee0d7d4c90c139158"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
text/javascript; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=3600, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
/
d.adroll.com/consent/check/7OBVBCAQE5FHDPFEAD5T4D/
Redirect Chain
  • https://d.adroll.mgr.consensu.org/consent/iabcheck/7OBVBCAQE5FHDPFEAD5T4D?_s=7c718e011393fd158fa1ccfd15290aa9&_b=2
  • https://d.adroll.com/consent/check/7OBVBCAQE5FHDPFEAD5T4D/?_s=7c718e011393fd158fa1ccfd15290aa9&_b=2
106 B
198 B
Script
General
Full URL
https://d.adroll.com/consent/check/7OBVBCAQE5FHDPFEAD5T4D/?_s=7c718e011393fd158fa1ccfd15290aa9&_b=2
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.253.11.118 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-253-11-118.eu-west-1.compute.amazonaws.com
Software
nginx/1.16.1 /
Resource Hash
dcc1cf9874c1298c5e39ce7cd0f1c4ad67ef805a4c0d6dbda250202d947dd755

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Fri, 03 Apr 2020 08:24:04 GMT
server
nginx/1.16.1
content-length
106
content-type
application/javascript

Redirect headers

status
302
date
Fri, 03 Apr 2020 08:24:04 GMT
server
nginx/1.16.1
content-length
105
location
https://d.adroll.com/consent/check/7OBVBCAQE5FHDPFEAD5T4D/?_s=7c718e011393fd158fa1ccfd15290aa9&_b=2
layers.ab5cd98fe1b9a38a4a9f.js
s7.addthis.com/static/
263 KB
76 KB
Script
General
Full URL
https://s7.addthis.com/static/layers.ab5cd98fe1b9a38a4a9f.js
Requested by
Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-44.deploy.static.akamaitechnologies.com
Software
nginx/1.15.8 /
Resource Hash
ecc0c4a707efeb061b7de57440221feb21ab08022938aaacee779e98fe809235
Security Headers
Name Value
Strict-Transport-Security max-age=15724800; includeSubDomains

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=15724800; includeSubDomains
content-encoding
gzip
last-modified
Wed, 18 Sep 2019 14:16:17 GMT
server
nginx/1.15.8
etag
W/"5d823c31-41b9f"
vary
Accept-Encoding
content-type
application/javascript
status
200
cache-control
public, max-age=86313600
date
Fri, 03 Apr 2020 08:24:04 GMT
x-host
s7.addthis.com
timing-allow-origin
*
content-length
77528
39852
api.omappapi.com/v2/embed/
637 KB
57 KB
XHR
General
Full URL
https://api.omappapi.com/v2/embed/39852
Requested by
Host: a.optmnstr.com
URL: https://a.optmnstr.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
50.19.60.226 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-50-19-60-226.compute-1.amazonaws.com
Software
Pagely Gateway/1.5.1 /
Resource Hash
b3adb5fcff9ce2309e51e2127945d36a9ae607c70d1c92192a70cfadeda9b523

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Origin
https://www.fortinet.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-user-agent
standard
content-encoding
gzip
x-cache-config
0 0
server
Pagely Gateway/1.5.1
status
200
date
Fri, 03 Apr 2020 08:24:04 GMT
x-cache-status
HIT
vary
Accept-Encoding, User-Agent
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-OptinMonster-Account
access-control-allow-headers
X-CSRF-Token
x-optinmonster-account
45602
consent.js
s.adroll.com/j/
243 KB
33 KB
Script
General
Full URL
https://s.adroll.com/j/consent.js
Requested by
Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
95.100.196.159 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a95-100-196-159.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
f82c9f099656346f543c66ba009bd5f18010c7b41ad43d47a7f762121ad4496d

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

x-amz-version-id
W7pJTDq0578OcjyRZxtRH_BjDuWCGgRc
Content-Encoding
gzip
x-amz-request-id
BFDDD219E02D63AA
x-amz-server-side-encryption
AES256
Access-Control-Max-Age
600
Date
Fri, 03 Apr 2020 08:24:04 GMT
Connection
keep-alive
Content-Length
33195
x-amz-id-2
0vEYWSNr8BIWIFx+Vt855bKM9PGQi1O3TTl+RSbaQgK2eZJeo3lhhvwHGpfanAseKG0Oz2obOWc=
Last-Modified
Tue, 19 Nov 2019 20:42:26 GMT
Server
AmazonS3
ETag
"2f9f76c2d377be42af05cdf34c632618"
Vary
Accept-Encoding
Access-Control-Allow-Methods
GET
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Cache-Control
max-age=300, must-revalidate
Access-Control-Allow-Credentials
false
Accept-Ranges
bytes
Access-Control-Allow-Headers
*
hod
d.adroll.com/consent/
42 B
180 B
Image
General
Full URL
https://d.adroll.com/consent/hod?_e=view_banner&_s=7c718e011393fd158fa1ccfd15290aa9&_b=2.1&_a=7OBVBCAQE5FHDPFEAD5T4D
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.253.11.118 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-253-11-118.eu-west-1.compute.amazonaws.com
Software
nginx/1.16.1 /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

status
200
date
Fri, 03 Apr 2020 08:24:04 GMT
cache-control
no-transform,public,max-age=300,s-maxage=900
server
nginx/1.16.1
content-length
42
vary
Cookie
content-type
image/gif
RC4a2e638109b443d5b84d8f2e2216b80e-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/3eb016d0743a/
819 B
746 B
Script
General
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/3eb016d0743a/RC4a2e638109b443d5b84d8f2e2216b80e-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.45 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-45.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
2e6b1425eab1b01059760559671b06642e0f15423e4ae8ae29467dd56f9020f1

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 08:24:05 GMT
content-encoding
gzip
last-modified
Thu, 02 Apr 2020 17:47:49 GMT
server
AkamaiNetStorage
etag
"6371591fba0aa524090d1cca6592d531:1585849669.527165"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
502
expires
Fri, 03 Apr 2020 09:24:05 GMT
RC0b6c219cefad47a7856f990eee551ad6-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/3eb016d0743a/
847 B
721 B
Script
General
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/3eb016d0743a/RC0b6c219cefad47a7856f990eee551ad6-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.45 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-45.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
19d93d95e74a0dfb9cafe96039ea04aec2e1a776bf9a715fce25812db110908a

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 08:24:05 GMT
content-encoding
gzip
last-modified
Thu, 02 Apr 2020 17:47:49 GMT
server
AkamaiNetStorage
etag
"6371591fba0aa524090d1cca6592d531:1585849669.527165"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
476
expires
Fri, 03 Apr 2020 09:24:05 GMT
RC4da2046cb6a74ff89eee84fdeadc51af-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/3eb016d0743a/
1005 B
834 B
Script
General
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/3eb016d0743a/RC4da2046cb6a74ff89eee84fdeadc51af-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.210.248.45 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-210-248-45.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
08b047fc61cd752a042a882f13acded3a656b90c01b761d32a6fb86bd18fe6bd

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 08:24:05 GMT
content-encoding
gzip
last-modified
Thu, 02 Apr 2020 17:47:49 GMT
server
AkamaiNetStorage
etag
"6371591fba0aa524090d1cca6592d531:1585849669.527165"
vary
Accept-Encoding
content-type
application/x-javascript
status
200
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
589
expires
Fri, 03 Apr 2020 09:24:05 GMT
/
api.omappapi.com/v2/geolocate/json/
242 B
555 B
XHR
General
Full URL
https://api.omappapi.com/v2/geolocate/json/
Requested by
Host: a.optmnstr.com
URL: https://a.optmnstr.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
50.19.60.226 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-50-19-60-226.compute-1.amazonaws.com
Software
Pagely Gateway/1.5.1 /
Resource Hash
1a7b3e905b55de1d29b86b09c3c6f5d2056b040d495609479dd486ac6e7bc9ca

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Origin
https://www.fortinet.com
Sec-Fetch-Dest
empty
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-user-agent
standard
x-cache-config
0 0
server
Pagely Gateway/1.5.1
status
200
date
Fri, 03 Apr 2020 08:24:05 GMT
x-cache-status
BYPASS
vary
Origin
content-type
application/json
access-control-allow-origin
https://www.fortinet.com
x-ratelimit-remaining
999
access-control-allow-credentials
true
x-ratelimit-reset
1585902305
x-ratelimit-limit
1000
x-database-date
Wed, 01 Apr 2020 20:31:14 GMT
content-length
242
webfont.js
ajax.googleapis.com/ajax/libs/webfont/1.5.18/
16 KB
6 KB
Script
General
Full URL
https://ajax.googleapis.com/ajax/libs/webfont/1.5.18/webfont.js
Requested by
Host: a.optmnstr.com
URL: https://a.optmnstr.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 06 Mar 2020 06:26:48 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2426237
status
200
alt-svc
quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length
6490
x-xss-protection
0
last-modified
Tue, 20 Dec 2016 18:17:03 GMT
server
sffe
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges
bytes
timing-allow-origin
*
expires
Sat, 06 Mar 2021 06:26:48 GMT
mobile-detect.min.js
cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.4.3/
38 KB
15 KB
Script
General
Full URL
https://cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.4.3/mobile-detect.min.js
Requested by
Host: a.optmnstr.com
URL: https://a.optmnstr.com/app/js/api.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:4004 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
363a80d367e6658e72d918cd33f9481ce7929199a9858122b0dcc61dffa62fde
Security Headers
Name Value
Strict-Transport-Security max-age=15780000; includeSubDomains

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 08:24:05 GMT
content-encoding
br
cf-cache-status
HIT
age
4838769
cf-ray
57e164292d9cdfd3-FRA
status
200
strict-transport-security
max-age=15780000; includeSubDomains
alt-svc
h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified
Sat, 08 Sep 2018 10:00:50 GMT
server
cloudflare
etag
W/"5b939dd2-9624"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
expires
Wed, 24 Mar 2021 08:24:05 GMT
cache-control
public, max-age=30672000
timing-allow-origin
*
served-in-seconds
0.002
bf9b60c3e96b1585247218-threat-report-banner.jpg
optin-monster.s3.amazonaws.com/users/df0603609574/images/
35 KB
36 KB
Image
General
Full URL
https://optin-monster.s3.amazonaws.com/users/df0603609574/images/bf9b60c3e96b1585247218-threat-report-banner.jpg
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.139.139 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
d96d8bb5de5c3c7d077b9a04db8edc60331510291bc09c684324b184423d4581

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Fri, 03 Apr 2020 08:24:06 GMT
x-amz-request-id
0EC5689D35A98371
x-amz-meta-date
1585247218
Content-Length
35900
x-amz-id-2
r4jmLNCx8i1r6Ct4otgGyoG+eK1P+T7pIffBeL8vAHg/O8qUOhHTUKFZOkv+wlu+aLZbYmIkD+E=
x-amz-meta-level
pro
x-amz-meta-dimensions
1024 x 160
Last-Modified
Thu, 26 Mar 2020 18:26:59 GMT
Server
AmazonS3
x-amz-meta-accountid
45602
ETag
"82bb8793b2035d46f8a850a8bceb53d8"
Content-Type
image/jpeg
x-amz-meta-userid
39852
x-amz-meta-title
bf9b60c3e96b1585247218-threat-report-banner.jpg
Cache-Control
31104000
Accept-Ranges
bytes
Expires
Fri, 26 Mar 2021 18:26:58 GMT
uwt.js
static.ads-twitter.com/
5 KB
2 KB
Script
General
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 08:24:05 GMT
content-encoding
gzip
age
604
x-cache
HIT
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200
content-length
1954
x-served-by
cache-hhn4024-HHN
last-modified
Tue, 23 Jan 2018 20:09:00 GMT
x-timer
S1585902245.394394,VS0,VE0
etag
"b7b33882a4f3ffd5cbf07434f3137166+gzip"
vary
Accept-Encoding,Host
content-type
application/javascript; charset=utf-8
via
1.1 varnish
cache-control
no-cache
accept-ranges
bytes
insight.min.js
snap.licdn.com/li.lms-analytics/
3 KB
2 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:10c:39e::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software
/
Resource Hash
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

Date
Fri, 03 Apr 2020 08:24:05 GMT
Content-Encoding
gzip
Last-Modified
Mon, 07 Oct 2019 16:41:31 GMT
X-CDN
AKAM
Vary
Accept-Encoding
Content-Type
application/x-javascript;charset=utf-8
Cache-Control
max-age=13139
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
1576
fbevents.js
connect.facebook.net/en_US/
126 KB
30 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
5a91c6d3e635c0bd1551a53cf0769328132151a7732039170280d500dbcb4685
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-27=":443"; ma=3600
content-length
30466
x-xss-protection
0
pragma
public
x-fb-debug
8dOinVWSJUgakKtNndVuqHZV/aUpn2ACJC6Ot+f+n4rNoxR9TcYsJ8rn/p8J2bXsLNhSz2UxJvaC26jhbIppSA==
x-fb-trip-id
1850256238
date
Fri, 03 Apr 2020 08:24:05 GMT, Fri, 03 Apr 2020 08:24:05 GMT
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
truncated
/
443 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba

Request headers

User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type
image/png
559328277756725
connect.facebook.net/signals/config/
447 KB
112 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/559328277756725?v=2.9.15&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
42fbdf2993092cb323cbad85cdb15192ce4e7f5f9c8c776ffadf7e4e48c14fd2
Security Headers
Name Value
Content-Security-Policy default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
status
200
alt-svc
h3-27=":443"; ma=3600
content-length
114918
x-xss-protection
0
pragma
public
x-fb-debug
JnP/nmNdTtJCqNMfDaNQ5Q4J28r0GItE8Mqv0JdGCJ9CoGEpKcNJciDWIH88I4nluLGFg+ZsNqq/dYDgTFW1eg==
x-fb-trip-id
1850256238
date
Fri, 03 Apr 2020 08:24:05 GMT, Fri, 03 Apr 2020 08:24:05 GMT
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
content-security-policy
default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/
44 B
249 B
Image
General
Full URL
https://www.facebook.com/tr/?id=559328277756725&ev=PageView&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Flatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html%3Futm_source%3Dsocial%26utm_medium%3Dtwitter-org%26utm_campaign%3Dsprinklr&rl=&if=false&ts=1585902245405&sw=1600&sh=1200&v=2.9.15&r=stable&ec=0&o=30&fbp=fb.1.1585902245404.1896703915&it=1585902245375&coo=false&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 03 Apr 2020 08:24:05 GMT, Fri, 03 Apr 2020 08:24:05 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
status
200
cache-control
no-cache, must-revalidate, max-age=0
alt-svc
h3-27=":443"; ma=3600
content-length
44
expires
Fri, 03 Apr 2020 08:24:05 GMT
adsct
analytics.twitter.com/i/
31 B
651 B
Script
General
Full URL
https://analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nxlzj&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Flatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html%3Futm_source%3Dsocial%26utm_medium%3Dtwitter-org%26utm_campaign%3Dsprinklr
Requested by
Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.67 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
Security Headers
Name Value
Strict-Transport-Security max-age=631138519
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
script

Response headers

date
Fri, 03 Apr 2020 08:24:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
content-length
57
x-xss-protection
0
x-response-time
113
pragma
no-cache
last-modified
Fri, 03 Apr 2020 08:24:05 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=631138519
content-type
application/javascript;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
71d0302c102109978801d8cdd63872ab
x-transaction
00d0ab98006a8c25
expires
Tue, 31 Mar 1981 05:00:00 GMT
adsct
t.co/i/
43 B
448 B
Image
General
Full URL
https://t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nxlzj&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
104.244.42.197 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

date
Fri, 03 Apr 2020 08:24:05 GMT
content-encoding
gzip
x-content-type-options
nosniff
status
200, 200 OK
x-twitter-response-tags
BouncerCompliant
strict-transport-security
max-age=0
content-length
65
x-xss-protection
0
x-response-time
117
pragma
no-cache
last-modified
Fri, 03 Apr 2020 08:24:05 GMT
server
tsa_o
x-frame-options
SAMEORIGIN
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash
4016744ec5a77eae288d7226f2dc9fd2
x-transaction
0056efc100f6ab11
expires
Tue, 31 Mar 1981 05:00:00 GMT
/
cx.atdmt.com/
Redirect Chain
  • https://www.facebook.com/tr/?id=559328277756725&ev=Microdata&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Flatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer...
  • https://cx.atdmt.com/?c=18216455641676499954&f=AYyanibAXHEM1daGTByaU2mZMHL_uxpEXyjwvHA991sq1rzdFV_oSpF-LOTzKeFQrcr8xJBvh6AXG2zl3DfUfHzI&id=559328277756725&l=3&v=0
42 B
433 B
Image
General
Full URL
https://cx.atdmt.com/?c=18216455641676499954&f=AYyanibAXHEM1daGTByaU2mZMHL_uxpEXyjwvHA991sq1rzdFV_oSpF-LOTzKeFQrcr8xJBvh6AXG2zl3DfUfHzI&id=559328277756725&l=3&v=0
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:5:face:b00c:0:8c , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status
200
date
Fri, 03 Apr 2020 08:24:05 GMT, Fri, 03 Apr 2020 08:24:05 GMT, Fri, 03 Apr 2020 08:24:05 GMT
p3p
CP="NOI DSP COR CUR ADM DEV TAIo PSAo PSDo OUR BUS UNI PUR COM NAV INT DEM STA PRE OTC"
alt-svc
h3-27=":443"; ma=3600
content-length
42
content-type
image/gif

Redirect headers

pragma
no-cache
date
Fri, 03 Apr 2020 08:24:05 GMT, Fri, 03 Apr 2020 08:24:05 GMT
server
proxygen-bolt
location
https://cx.atdmt.com/?c=18216455641676499954&f=AYyanibAXHEM1daGTByaU2mZMHL_uxpEXyjwvHA991sq1rzdFV_oSpF-LOTzKeFQrcr8xJBvh6AXG2zl3DfUfHzI&id=559328277756725&l=3&v=0
content-type
text/plain
status
302
cache-control
no-cache, no-store, must-revalidate
alt-svc
h3-27=":443"; ma=3600
content-length
0
expires
0
bf9b60c3e96b1585247218-threat-report-banner.jpg
optin-monster.s3.amazonaws.com/users/df0603609574/images/
35 KB
36 KB
Image
General
Full URL
https://optin-monster.s3.amazonaws.com/users/df0603609574/images/bf9b60c3e96b1585247218-threat-report-banner.jpg
Requested by
Host: a.optmnstr.com
URL: https://a.optmnstr.com/app/js/api.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.216.139.139 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
s3-1-w.amazonaws.com
Software
AmazonS3 /
Resource Hash
d96d8bb5de5c3c7d077b9a04db8edc60331510291bc09c684324b184423d4581

Request headers

Referer
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest
image

Response headers

Date
Fri, 03 Apr 2020 08:24:07 GMT
x-amz-request-id
4CCDBF40CECBFBB2
x-amz-meta-date
1585247218
Content-Length
35900
x-amz-id-2
iovymv+NAS0ONCzckJWNHkYhQ7J18UUrlvjSb0YJfuooeE2Esjnjxk0fGADnWtAJYNGjN4SOjpU=
x-amz-meta-level
pro
x-amz-meta-dimensions
1024 x 160
Last-Modified
Thu, 26 Mar 2020 18:26:59 GMT
Server
AmazonS3
x-amz-meta-accountid
45602
ETag
"82bb8793b2035d46f8a850a8bceb53d8"
Content-Type
image/jpeg
x-amz-meta-userid
39852
x-amz-meta-title
bf9b60c3e96b1585247218-threat-report-banner.jpg
Cache-Control
31104000
Accept-Ranges
bytes
Expires
Fri, 26 Mar 2021 18:26:58 GMT

Verdicts & Comments Add Verdict or Comment

167 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onformdata object| onpointerrawupdate object| dataLayer object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq object| t function| postscribe object| google_tag_manager string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData function| atwpjp string| _atd function| _euc function| _duc object| _atc string| _atr object| addthis string| addthis_pub function| emdot object| _ate object| _adr object| addthis_conf function| addthis_open function| addthis_close function| addthis_sendto boolean| __@@##MUH object| s_i_fortinetincproduction object| fortinet_blog object| EasyAutocomplete object| search_config object| keywords object| siteId object| lang object| options boolean| searchFired boolean| blogFilter string| documentsQuery string| blogCategories string| authorsList string| yearsList object| lastQuery number| totalReturn number| lastRow object| lastWordsForCounting function| htmlEncode function| hideAutoComplete function| sitesearch_init function| sitesearch_search_callback function| sitesearch_countall_callback function| sitesearch_do_search function| sitesearch_do_force_search function| sitesearch_spellcheck_callback function| sitesearch_do_spellcheck function| sitesearch_do_suggest_search function| sitesearch_query_searchresult_callback function| sitesearch_do_query_searchresult function| sitesearch_click_page_callback function| sitesearch_click_page function| search_action function| sitesearch_search_fortiguard function| count_facets_type function| shuffle_facets function| csCookies object| cookieScriptWindow object| cookieScripts string| cookieScriptSrc function| cookieQuery string| cookieScriptPosition string| cookieScriptSource string| cookieScriptDomain string| cookieScriptReadMore string| cookieId number| cookieScriptDebug boolean| cookieScriptShowBadge string| cookieScriptCurrentUrl string| pagePath string| cookieScriptTitle string| cookieScriptDesc string| cookieScriptAccept string| cookieScriptMore string| cookieScriptCopyrights string| cookieBackground function| setImmediate function| clearImmediate function| $ function| jQuery undefined| Cookies string| cookieScriptReject function| cookieScriptLoadJavaScript function| InjectCookieScript string| cookieScriptStatsDomain function| cookieScriptCreateCookie function| cookieScriptReadCookie object| addthis_config object| addthis_share function| cookieScriptAddBox object| cookieScriptCurrentValue string| adroll_adv_id string| adroll_pix_id boolean| __adroll_loaded string| _linkedin_data_partner_id function| lintrk boolean| _already_called_lintrk string| adroll_sid object| __adroll boolean| adroll_optout object| adroll_ext_network object| adroll_callbacks function| adroll_tpc_callback function| OptinMonsterApp boolean| om_loaded object| om45602_39852 object| _atw function| __cmp object| __adroll_consent boolean| __adroll_consent_is_gdpr object| __adroll_consent_data string| __adroll_consent_user_country string| __adroll_consent_adv_country object| adroll_exp_list object| $jscomp string| BANNER_VERSION object| __adroll_consent_banner object| _omapp object| omblgmacolv1mmou3zu41z object| omqbkzwxxbiv83f0ol5a2d object| omtd4yyupw30z3kaz7uhys object| omxpwpvp06n9shcggft6kf object| omjrdemyevn0aa7npndpl7 object| omjlpvlm0gfulpof6n5te9 object| omfv7axwkwnyj0mt6xt5zf object| omudg10nsmuro4wpv1uww8 object| omkacivmzbl2alucz7gccw object| omzum0cmob2jjkj0przyzd object| ompe1mb0dpaygltuhp5k4t object| ombs6hw8oho0l8z5lmhzmv object| omqxx1b0gslklfu2kjckea object| omtaoi2gud8wo2ip9kbnpv string| addthis_exclude boolean| addthis_use_personalization string| addthis_options_default string| addthis_options_rank string| addthis_options object| __callbacks function| twq function| fbq function| _fbq number| len object| WebFont function| MobileDetect object| twttr function| fbAsyncInit object| _omns

15 Cookies

Domain/Path Name / Value
www.fortinet.com/ Name: _omappvp
Value: ReSQPn1ib0oibaFV6IzeD0XKMrvdvbu16dggpisnSGgKAGcsZxvY6W1fKRGsRkZ2eZKzrQ2PR57kqehKBnsTEz9320QX6r4B
.fortinet.com/ Name: AMCV_ED8739F75677FE917F000101%40AdobeOrg
Value: -432600572%7CMCIDTS%7C18356%7CMCMID%7C66592361820257271573500636705944871250%7CMCAAMLH-1586507044%7C6%7CMCAAMB-1586507044%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1585909444s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18363%7CvVersion%7C4.5.2
www.fortinet.com/ Name: __atuvc
Value: 1%7C14
.fortinet.com/ Name: s_cc
Value: true
.fortinet.com/ Name: s_ecid
Value: MCMID%7C66592361820257271573500636705944871250
.fortinet.com/ Name: gpv_pn
Value: www.fortinet.com%2Fblog%2Fthreat-research%2Flatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html%3Futm_source%3Dsocial%26utm_medium%3Dtwitter-org%26utm_campaign%3Dsprinklr
.fortinet.com/ Name: s_getNewRepeat
Value: 1585902244483-New
www.fortinet.com/ Name: _omappvs
Value: 1585902244683
www.fortinet.com/ Name: cookiesession1
Value: 594BFB5FENNGJT2FD9CBL4QJTGLQ0B20
.fortinet.com/ Name: _gid
Value: GA1.2.194922502.1585902244
.fortinet.com/ Name: _gat_UA-767980-6
Value: 1
.demdex.net/ Name: demdex
Value: 66958654134655583333464077980969173210
.fortinet.com/ Name: _ga
Value: GA1.2.1165062768.1585902244
www.fortinet.com/ Name: __atuvs
Value: 5e86f2a411a5a290000
.fortinet.com/ Name: AMCVS_ED8739F75677FE917F000101%40AdobeOrg
Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.optmnstr.com
ajax.googleapis.com
analytics.twitter.com
api.omappapi.com
assets.adobedtm.com
cdnjs.cloudflare.com
cm.everesttech.net
connect.facebook.net
cx.atdmt.com
d.adroll.com
d.adroll.mgr.consensu.org
dpm.demdex.net
fortinet.demdex.net
metrics.fortinet.com
optin-monster.s3.amazonaws.com
px.ads.linkedin.com
s.adroll.com
s7.addthis.com
snap.licdn.com
static.ads-twitter.com
t.co
v1.addthisedge.com
www.facebook.com
www.fortinet.com
www.google-analytics.com
www.googletagmanager.com
www.linkedin.com
z.moatads.com
104.244.42.197
104.244.42.67
151.101.112.157
23.111.9.217
23.210.248.44
23.210.248.45
23.210.250.213
2606:4700::6811:4004
2a00:1450:4001:800::2008
2a00:1450:4001:81b::200a
2a00:1450:4001:81d::200e
2a02:26f0:10c:39e::25ea
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f02d:5:face:b00c:0:8c
2a03:2880:f12d:83:face:b00c:0:25de
2a05:f500:10:101::b93f:9101
2a05:f500:11:101::b93f:9005
34.253.11.118
35.181.91.36
50.19.60.226
52.216.139.139
52.30.105.51
52.30.201.43
52.52.208.2
66.117.28.86
95.100.196.159
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
08b047fc61cd752a042a882f13acded3a656b90c01b761d32a6fb86bd18fe6bd
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
133debcec0026d79ced8d9d9504d6f95804410b4806b4b0b5f973f6ca529f5fb
142947583ee28b957236ea1a824451ceb3912bc157f16e29678d50b625c733f7
19c904aaa555d91d75c5b3682e3f358ba5af4c302339d63c9e464f53d8708ff8
19d93d95e74a0dfb9cafe96039ea04aec2e1a776bf9a715fce25812db110908a
1a7b3e905b55de1d29b86b09c3c6f5d2056b040d495609479dd486ac6e7bc9ca
2a8327a5567d5638f97e2fd377e6d938efd5c5c3792df9ee108b89c962e64674
2e6b1425eab1b01059760559671b06642e0f15423e4ae8ae29467dd56f9020f1
30fce5424db196d1c2802c5977134901447f89a5ed970697172ec17721aac77b
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5
363a80d367e6658e72d918cd33f9481ce7929199a9858122b0dcc61dffa62fde
3be19af41152df0a31ad542f94e84a64734b66079227821da645072659b39f7a
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
42fbdf2993092cb323cbad85cdb15192ce4e7f5f9c8c776ffadf7e4e48c14fd2
5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba
5a91c6d3e635c0bd1551a53cf0769328132151a7732039170280d500dbcb4685
5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d
688a1355a6a60c19124bfd52ed82f714f9224beca720d486ae6805870ea0a842
6cd730dc93590d7c4d1a32a0a6a472cd5f64cc5f9a80d0b792117f7bd3107f6e
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
846d83f1781c46b25884fc4f0a81c27b15c57da4854a2c1b8a67265bd9828b28
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a38b7386b006094d4f5c04bb3647e05ff2c1b20e3b717039a5a1d3310f5eabff
a55db6ce7f6660f8bd63293e801bf3ae471ca4335e5b465ec8c4b3116e3aa19d
ab8ceea757a634f5ce5a9ed6f6b4bcdd555869b385d315854e16914a2f5a3bc7
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad979cd8209daf4934baefa31ec4dede21ae9cc233cf809da2ed5ed839f03a68
adfcb165c69213b0aba3c64bc549f7ff156ec82110fb8ef144b1d16ebc13b04a
b2a69f81002746fb20a34679b10c764c2d5f664de10944230824289d55c38348
b3adb5fcff9ce2309e51e2127945d36a9ae607c70d1c92192a70cfadeda9b523
b3f201c5989f4b55e18e8aee582aeea5dca829c25b4421170c70b49101dd3be2
b4c4855e86d801870e1b603fd5d660aceafdd35286b1bb6f57675b0c953c0641
cbce85e96b7752208ce15a09ea4d5a58b792edc9e77f1c5ccf46c01935970f9d
ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4
d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17
d96d8bb5de5c3c7d077b9a04db8edc60331510291bc09c684324b184423d4581
dcc1cf9874c1298c5e39ce7cd0f1c4ad67ef805a4c0d6dbda250202d947dd755
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e717cb376f9160bc32d1cff24effc117c256426184e0d55727ed04fd86f779d7
e9ab75506ddd29752bc8f3def52635b9838ab97759e0be9ee49f74e7d7b0c01d
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
ecc0c4a707efeb061b7de57440221feb21ab08022938aaacee779e98fe809235
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f82c9f099656346f543c66ba009bd5f18010c7b41ad43d47a7f762121ad4496d