www.fortinet.com Open in urlscan Pro
52.52.208.2 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer...
Submission: On April 03 via manual (April 3rd 2020, 8:24:21 am UTC) from IN

Summary HTTP 52 Redirects Links 15 Behaviour Indicators

Summary

This website contacted 25 IPs in 6 countries across 24 domains to perform 52 HTTP transactions. The main IP is 52.52.208.2, located in San Jose, United States and belongs to AMAZON-02, US. The main domain is www.fortinet.com.
TLS certificate: Issued by DigiCert SHA2 High Assurance Server CA on January 22nd 2019. Valid for: 2 years.

This is the only time www.fortinet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
10	52.52.208.2 52.52.208.2	16509 (AMAZON-02) (AMAZON-02)
6	23.210.248.45 23.210.248.45	16625 (AKAMAI-AS) (AKAMAI-AS)
1	2a00:1450:400... 2a00:1450:4001:800::2008	15169 (GOOGLE) (GOOGLE)
1 4	52.30.105.51 52.30.105.51	16509 (AMAZON-02) (AMAZON-02)
3	23.210.248.44 23.210.248.44	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a00:1450:400... 2a00:1450:4001:81d::200e	15169 (GOOGLE) (GOOGLE)
1	23.210.250.213 23.210.250.213	16625 (AKAMAI-AS) (AKAMAI-AS)
1	52.30.201.43 52.30.201.43	16509 (AMAZON-02) (AMAZON-02)
2	35.181.91.36 35.181.91.36	16509 (AMAZON-02) (AMAZON-02)
1 1	66.117.28.86 66.117.28.86	15224 (OMNITURE) (OMNITURE)
1 5	95.100.196.159 95.100.196.159	16625 (AKAMAI-AS) (AKAMAI-AS)
2	2a02:26f0:10c... 2a02:26f0:10c:39e::25ea	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	23.111.9.217 23.111.9.217	33438 (HIGHWINDS2) (HIGHWINDS2)
1 2	2a05:f500:11:... 2a05:f500:11:101::b93f:9005	14413 (LINKEDIN) (LINKEDIN)
1 1	2a05:f500:10:... 2a05:f500:10:101::b93f:9101	14413 (LINKEDIN) (LINKEDIN)
1 3	34.253.11.118 34.253.11.118	16509 (AMAZON-02) (AMAZON-02)
2	50.19.60.226 50.19.60.226	14618 (AMAZON-AES) (AMAZON-AES)
1	2a00:1450:400... 2a00:1450:4001:81b::200a	15169 (GOOGLE) (GOOGLE)
1	2606:4700::68... 2606:4700::6811:4004	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	52.216.139.139 52.216.139.139	16509 (AMAZON-02) (AMAZON-02)
1	151.101.112.157 151.101.112.157	54113 (FASTLY) (FASTLY)
2	2a03:2880:f02... 2a03:2880:f02d:12:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1 2	2a03:2880:f12... 2a03:2880:f12d:83:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
1	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
1	104.244.42.197 104.244.42.197	13414 (TWITTER) (TWITTER)
1	2a03:2880:f02... 2a03:2880:f02d:5:face:b00c:0:8c	32934 (FACEBOOK) (FACEBOOK)
52	25

10 52.52.208.2 (San Jose, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-52-208-2.us-west-1.compute.amazonaws.com

www.fortinet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 23.210.248.45 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-45.deploy.static.akamaitechnologies.com

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:800::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.30.105.51 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-105-51.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.210.248.44 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-248-44.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
v1.addthisedge.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:81d::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.210.250.213 (Netherlands)

ASN16625 (AKAMAI-AS, US)
PTR: a23-210-250-213.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.30.201.43 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-30-201-43.eu-west-1.compute.amazonaws.com

fortinet.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.181.91.36 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-181-91-36.eu-west-3.compute.amazonaws.com

metrics.fortinet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.117.28.86 (United States) 1 redirects

ASN15224 (OMNITURE, US)

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 95.100.196.159 (Ascension Island) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a95-100-196-159.deploy.static.akamaitechnologies.com

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:10c:39e::25ea (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.111.9.217 (Phoenix, United States)

ASN33438 (HIGHWINDS2, US)

a.optmnstr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a05:f500:11:101::b93f:9005 (Ireland) 1 redirects

ASN14413 (LINKEDIN, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:f500:10:101::b93f:9101 (Ireland) 1 redirects

ASN14413 (LINKEDIN, US)

www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.253.11.118 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-34-253-11-118.eu-west-1.compute.amazonaws.com

d.adroll.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 50.19.60.226 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-19-60-226.compute-1.amazonaws.com

api.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:4004 (United States)

ASN13335 (CLOUDFLARENET, US)

cdnjs.cloudflare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.216.139.139 (Ashburn, United States)

ASN16509 (AMAZON-02, US)
PTR: s3-1-w.amazonaws.com

optin-monster.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.112.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f02d:12:face:b00c:0:3 (Ireland)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f12d:83:face:b00c:0:25de (Ireland) 1 redirects

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.197 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f02d:5:face:b00c:0:8c (Ireland)

ASN32934 (FACEBOOK, US)

cx.atdmt.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
12	fortinet.com www.fortinet.com metrics.fortinet.com	661 KB
7	adroll.com 1 redirects s.adroll.com d.adroll.com	47 KB
6	adobedtm.com assets.adobedtm.com	68 KB
5	demdex.net 1 redirects dpm.demdex.net fortinet.demdex.net	3 KB
3	linkedin.com 2 redirects px.ads.linkedin.com www.linkedin.com	1 KB
2	facebook.com 1 redirects www.facebook.com	548 B
2	facebook.net connect.facebook.net	142 KB
2	amazonaws.com optin-monster.s3.amazonaws.com	71 KB
2	omappapi.com api.omappapi.com	57 KB
2	licdn.com snap.licdn.com	4 KB
2	google-analytics.com www.google-analytics.com	18 KB
2	addthis.com s7.addthis.com	189 KB
1	atdmt.com cx.atdmt.com	433 B
1	t.co t.co	448 B
1	twitter.com analytics.twitter.com	651 B
1	ads-twitter.com static.ads-twitter.com	2 KB
1	cloudflare.com cdnjs.cloudflare.com	15 KB
1	googleapis.com ajax.googleapis.com	6 KB
1	consensu.org 1 redirects d.adroll.mgr.consensu.org	136 B
1	optmnstr.com a.optmnstr.com	59 KB
1	addthisedge.com v1.addthisedge.com	756 B
1	everesttech.net 1 redirects cm.everesttech.net	554 B
1	moatads.com z.moatads.com	1 KB
1	googletagmanager.com www.googletagmanager.com	35 KB
52	24

	Domain	Requested by
10	www.fortinet.com	www.fortinet.com
6	assets.adobedtm.com	www.fortinet.com assets.adobedtm.com
5	s.adroll.com	1 redirects www.googletagmanager.com www.fortinet.com s.adroll.com
4	dpm.demdex.net	1 redirects www.fortinet.com
2	www.facebook.com	1 redirects
2	connect.facebook.net	www.fortinet.com connect.facebook.net
2	optin-monster.s3.amazonaws.com	a.optmnstr.com
2	api.omappapi.com	a.optmnstr.com
2	d.adroll.com	www.fortinet.com
2	px.ads.linkedin.com	1 redirects www.fortinet.com
2	snap.licdn.com	www.googletagmanager.com www.fortinet.com
2	metrics.fortinet.com	assets.adobedtm.com www.fortinet.com
2	www.google-analytics.com	www.googletagmanager.com www.fortinet.com
2	s7.addthis.com	assets.adobedtm.com s7.addthis.com
1	cx.atdmt.com
1	t.co
1	analytics.twitter.com	static.ads-twitter.com
1	static.ads-twitter.com	www.fortinet.com
1	cdnjs.cloudflare.com	a.optmnstr.com
1	ajax.googleapis.com	a.optmnstr.com
1	d.adroll.mgr.consensu.org	1 redirects
1	www.linkedin.com	1 redirects
1	a.optmnstr.com	www.googletagmanager.com
1	v1.addthisedge.com	s7.addthis.com
1	cm.everesttech.net	1 redirects
1	fortinet.demdex.net	assets.adobedtm.com
1	z.moatads.com	s7.addthis.com
1	www.googletagmanager.com	www.fortinet.com
52	28

This site contains links to these domains. Also see Links.

Domain
fortiguard.com
www.fortiguard.com
www.forticlient.com
www.cyberthreatalliance.org
secure.fortinet.com
www.facebook.com
www.twitter.com
www.youtube.com
www.linkedin.com
www.instagram.com
fusecommunity.fortinet.com
cookie-script.com
www.addthis.com

Subject Issuer	Validity	Valid
*.fortinet.com DigiCert SHA2 High Assurance Server CA	`2019-01-22` - `2021-03-31`	2 years	crt.sh
assets.adobedtm.com DigiCert SHA2 High Assurance Server CA	`2019-10-22` - `2021-10-01`	2 years	crt.sh
*.google-analytics.com GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh
odc-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2019-10-10` - `2020-09-04`	a year	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2020-01-17` - `2021-03-17`	a year	crt.sh
metrics.fortinet.com DigiCert SHA2 High Assurance Server CA	`2019-01-29` - `2021-02-02`	2 years	crt.sh
*.adroll.com DigiCert SHA2 Secure Server CA	`2020-01-29` - `2021-04-29`	a year	crt.sh
*.licdn.com DigiCert SHA2 Secure Server CA	`2019-04-01` - `2021-05-07`	2 years	crt.sh
*.optmnstr.com Go Daddy Secure Certificate Authority - G2	`2018-07-10` - `2020-07-10`	2 years	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2020-03-04` - `2020-09-04`	6 months	crt.sh
adroll.mgr.consensu.org Amazon	`2019-11-06` - `2020-12-06`	a year	crt.sh
*.omappapi.com Go Daddy Secure Certificate Authority - G2	`2020-03-16` - `2022-03-16`	2 years	crt.sh
*.storage.googleapis.com GTS CA 1O1	`2020-03-03` - `2020-05-26`	3 months	crt.sh
cloudflare.com CloudFlare Inc ECC CA-2	`2020-01-07` - `2020-10-09`	9 months	crt.sh
*.s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2019-11-09` - `2021-03-12`	a year	crt.sh
ads-twitter.com DigiCert SHA2 High Assurance Server CA	`2019-08-14` - `2020-08-18`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2020-03-01` - `2020-05-30`	3 months	crt.sh
*.twitter.com DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
t.co DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2021-03-02`	a year	crt.sh
*.atlassolutions.com DigiCert SHA2 High Assurance Server CA	`2020-03-05` - `2020-06-03`	3 months	crt.sh

This page contains 2 frames:

Primary Page: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Frame ID: 55B626AD1A8776A32DA5E2378FC4BB30
Requests: 54 HTTP requests in this frame

Frame: https://fortinet.demdex.net/dest5.html?d_nsid=0
Frame ID: 9C938319CB53173D72AEA9FE6001EC84
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /(?:a|s)\.adroll\.com/i

Adobe DTM (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

script /\/\/assets.adobedtm.com\//i

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

script /\/\/connect\.facebook\.net\/[^/]*\/[a-z]*\.js/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|analytics)\.js/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

html //i

Page Statistics

52
Requests

100 %
HTTPS

38 %
IPv6

24
Domains

28
Subdomains

25
IPs

6
Countries

1381 kB
Transfer

3810 kB
Size

15
Cookies

15 Outgoing links

These are links going to different origins than the main page.

URL: https://fortiguard.com/
Title: FortiGuard Labs

Search URL Search Domain Scan URL

URL: https://www.fortiguard.com/
Title: FortiGuard Labs

Search URL Search Domain Scan URL

URL: https://www.forticlient.com/
Title: FortiClient

Search URL Search Domain Scan URL

URL: https://www.cyberthreatalliance.org/
Title: cyberthreatalliance.org

Search URL Search Domain Scan URL

URL: https://secure.fortinet.com/FortiGuard
Title: sign up

Search URL Search Domain Scan URL

URL: https://fortiguard.com/security-best-practices
Title: Security Rating Service

Search URL Search Domain Scan URL

URL: https://www.facebook.com/fortinet
Title:

Search URL Search Domain Scan URL

URL: https://www.twitter.com/fortinet
Title:

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/SecureNetworks
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/fortinet
Title:

Search URL Search Domain Scan URL

URL: https://www.instagram.com/behindthefirewall/
Title:

Search URL Search Domain Scan URL

URL: https://secure.fortinet.com/fortiguard
Title: Threat Briefs

Search URL Search Domain Scan URL

URL: https://fusecommunity.fortinet.com/
Title: Fuse

Search URL Search Domain Scan URL

URL: https://cookie-script.com/
Title: Free cookie consent by cookie-script.com

Search URL Search Domain Scan URL

URL: https://www.addthis.com/website-tools/overview?utm_source=AddThis%20Tools&utm_medium=image
Title: AddThis

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 6

https://dpm.demdex.net/id?d_visid_ver=4.5.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1585902244149 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=4.5.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1585902244149

Request Chain 19

https://cm.everesttech.net/cm/dd?d_uuid=66958654134655583333464077980969173210 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XobypAAAAxmf7lL0

Request Chain 29

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Flatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html%3Futm_source%3Dsocial%26utm_medium%3Dtwitter-org%26utm_campaign%3Dsprinklr&time=1585902244583 HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7120%26url%3Dhttps%253A%252F%252Fwww.fortinet.com%252Fblog%252Fthreat-research%252Flatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html%253Futm_source%253Dsocial%2526utm_medium%253Dtwitter-org%2526utm_campaign%253Dsprinklr%26time%3D1585902244583%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Flatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html%3Futm_source%3Dsocial%26utm_medium%3Dtwitter-org%26utm_campaign%3Dsprinklr&time=1585902244583&liSync=true

Request Chain 30

https://s.adroll.com/j/exp/7OBVBCAQE5FHDPFEAD5T4D/index.js HTTP 302
https://s.adroll.com/j/exp/index.js

Request Chain 32

https://d.adroll.mgr.consensu.org/consent/iabcheck/7OBVBCAQE5FHDPFEAD5T4D?_s=7c718e011393fd158fa1ccfd15290aa9&_b=2 HTTP 302
https://d.adroll.com/consent/check/7OBVBCAQE5FHDPFEAD5T4D/?_s=7c718e011393fd158fa1ccfd15290aa9&_b=2

Request Chain 52

https://www.facebook.com/tr/?id=559328277756725&ev=Microdata&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Flatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html%3Futm_source%3Dsocial%26utm_medium%3Dtwitter-org%26utm_campaign%3Dsprinklr&rl=&if=false&ts=1585902245913&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Latest%20Global%20COVID-19%2FCoronavirus%20Spearphishing%20Campaign%20Drops%20Infostealer%20%22%2C%22meta%3Akeywords%22%3A%22threat%20research%2CThreat%20Research%2CCOVID-19%20%2CCybersecurity%20Architect%22%2C%22meta%3Adescription%22%3A%22FortiGuard%20Labs%20recently%20discovered%20a%20new%20COVID-19%2FCoronavirus-themed%20spearphishing%20scam.%20Learn%20more.%22%7D&cd[OpenGraph]=%7B%22og%3Asite_name%22%3A%22Fortinet%20Blog%22%2C%22og%3Atitle%22%3A%22Latest%20Global%20COVID-19%2FCoronavirus%20Spearphishing%20Campaign%20Drops%20Infostealer%20%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Flatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html%22%2C%22og%3Atype%22%3A%22article%22%2C%22og%3Adescription%22%3A%22FortiGuard%20Labs%20recently%20discovered%20a%20new%20COVID-19%2FCoronavirus-themed%20spearphishing%20scam.%20Learn%20more.%E2%80%A6%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fwww.fortinet.com%2Fcontent%2Fdam%2Ffortinet-blog%2Farticle-images%2Fcovid-infostealer-val-blog%2FPicture5.png%22%2C%22twitter%3Acard%22%3A%22summary%22%2C%22twitter%3Asite%22%3A%22%40Fortinet%22%2C%22article%3Aauthor%22%3A%22Val%20Saengphaibul%20%22%2C%22article%3Asection%22%3A%22Threat%20Research%22%2C%22article%3Apublished_time%22%3A%222020-04-02T00%3A00%3A00.000-07%3A00%22%2C%22article%3Atag%22%3A%22Cybersecurity%20Architect%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.15&r=stable&ec=1&o=30&fbp=fb.1.1585902245404.1896703915&it=1585902245375&coo=false&es=automatic&tm=3&rqm=GET HTTP 302
https://cx.atdmt.com/?c=18216455641676499954&f=AYyanibAXHEM1daGTByaU2mZMHL_uxpEXyjwvHA991sq1rzdFV_oSpF-LOTzKeFQrcr8xJBvh6AXG2zl3DfUfHzI&id=559328277756725&l=3&v=0

52 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request Cookie set latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html Show response
www.fortinet.com/blog/threat-research/ 36 KB
14 KB 830ms
171ms Document
text/html 52.52.208.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

52.52.208.2 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-52-208-2.us-west-1.compute.amazonaws.com

Software

Apache /

Resource Hash

e9ab75506ddd29752bc8f3def52635b9838ab97759e0be9ee49f74e7d7b0c01d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Host: www.fortinet.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: document
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-User: ?1
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: document

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=600, public
Content-Encoding: gzip
Content-Type: text/html;charset=utf-8
Date: Fri, 03 Apr 2020 08:24:03 GMT
ETag: "90bd-5a25d9acb522d-gzip"
Last-Modified: Fri, 03 Apr 2020 07:09:56 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding,User-Agent
X-Content-Type-Options: nosniff
X-Dispatcher: dispatcher2uswest1
X-Frame-Options: SAMEORIGIN
X-Vhost: publish
Content-Length: 14163
Connection: keep-alive
Set-Cookie: cookiesession1=594BFB5FENNGJT2FD9CBL4QJTGLQ0B20;Path=/;HttpOnly

GET
H/1.1 200
OK clientlib-base.min.css
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/ 212 KB
26 KB 306ms
170ms Stylesheet
text/css 52.52.208.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.css

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

52.52.208.2 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-52-208-2.us-west-1.compute.amazonaws.com

Software

Apache /

Resource Hash

a55db6ce7f6660f8bd63293e801bf3ae471ca4335e5b465ec8c4b3116e3aa19d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: style

Response headers

X-Dispatcher: dispatcher2uswest1
Date: Fri, 03 Apr 2020 08:24:04 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Vhost: publish
Connection: keep-alive
Vary: Accept-Encoding,User-Agent
Content-Length: 25637
Last-Modified: Wed, 19 Feb 2020 19:25:59 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "35154-59ef2c2153fc0-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css;charset=utf-8
Cache-Control: max-age=684000, public
Accept-Ranges: bytes

GET
H2 200 launch-EN23cb8375449840dc93b13f34d935b8b9.min.js Show response
assets.adobedtm.com/ 203 KB
52 KB 85ms
35ms Script
application/x-javascript 23.210.248.45
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.45 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-45.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 30fce5424db196d1c2802c5977134901447f89a5ed970697172ec17721aac77b

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 03 Apr 2020 08:24:03 GMT
content-encoding: gzip
last-modified: Thu, 02 Apr 2020 17:47:48 GMT
server: AkamaiNetStorage
etag: "b729a14c3399e2cda1681c787933e581:1585849668.279987"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
expires: Fri, 03 Apr 2020 09:24:03 GMT

GET
H/1.1 200
OK fortinet-logo-white.svg
www.fortinet.com/content/dam/fortinet-blog/ 32 KB
3 KB 664ms
174ms Image
image/svg+xml 52.52.208.2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/fortinet-logo-white.svg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

52.52.208.2 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-52-208-2.us-west-1.compute.amazonaws.com

Software

Apache /

Resource Hash

d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

X-Dispatcher: dispatcher2uswest1
Date: Fri, 03 Apr 2020 08:24:04 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Vhost: publish
Content-Disposition: attachment; filename="fortinet-logo-white.svg"
Connection: keep-alive
Vary: Accept-Encoding,User-Agent
Content-Length: 1998
Last-Modified: Thu, 22 Feb 2018 23:16:01 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "7ebb-565d53a1d6e40-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
Cache-Control: max-age=684000, public
Accept-Ranges: bytes

GET
H/1.1 200
OK clientlib-base.min.js Show response
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/ 165 KB
75 KB 355ms
177ms Script
application/javascript 52.52.208.2
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

52.52.208.2 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-52-208-2.us-west-1.compute.amazonaws.com

Software

Apache /

Resource Hash

ad979cd8209daf4934baefa31ec4dede21ae9cc233cf809da2ed5ed839f03a68

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

X-Dispatcher: dispatcher2uswest1
Date: Fri, 03 Apr 2020 08:24:04 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-Vhost: publish
Connection: keep-alive
Vary: Accept-Encoding,User-Agent
content-length: 76083
Last-Modified: Mon, 23 Sep 2019 20:57:02 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "29256-5933ea9592380-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/javascript;charset=utf-8
Cache-Control: max-age=684000, public
Accept-Ranges: bytes

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 101 KB
35 KB 14ms
13ms Script
application/javascript 2a00:1450:4001:800::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NBSLLPJ

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:800::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e717cb376f9160bc32d1cff24effc117c256426184e0d55727ed04fd86f779d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 03 Apr 2020 08:24:04 GMT
content-encoding: br
status: 200
strict-transport-security: max-age=31536000; includeSubDomains
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 35661
x-xss-protection: 0
last-modified: Fri, 03 Apr 2020 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 03 Apr 2020 08:24:04 GMT

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1

302
Found

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=4.5.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1585902244149
https://dpm.demdex.net/id/rd?d_visid_ver=4.5.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1585902244149

0
-1 B

148ms
38ms

XHR

52.30.105.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=4.5.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1585902244149

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.30.105.51 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-30-105-51.eu-west-1.compute.amazonaws.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Location: https://dpm.demdex.net/id/rd?d_visid_ver=4.5.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1585902244149
X-TID: hv5cyHdoTSY=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.fortinet.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: https://www.fortinet.com
X-TID: hv5cyHdoTSY=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/id/rd?d_visid_ver=4.5.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1585902244149
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EP308220a2a4c4403f97fc1960100db40f/ 36 KB
13 KB 25ms
25ms Script
application/x-javascript 23.210.248.45
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP308220a2a4c4403f97fc1960100db40f/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.45 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-45.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: adfcb165c69213b0aba3c64bc549f7ff156ec82110fb8ef144b1d16ebc13b04a

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 03 Apr 2020 08:24:04 GMT
content-encoding: gzip
last-modified: Tue, 10 Mar 2020 22:29:22 GMT
server: AkamaiNetStorage
etag: "42fa244f36955eedb3cd8ade6f492bf6:1583879362.816163"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 13342
expires: Fri, 03 Apr 2020 09:24:04 GMT

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 349 KB
113 KB 73ms
26ms Script
application/javascript 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-248-44.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

ab8ceea757a634f5ce5a9ed6f6b4bcdd555869b385d315854e16914a2f5a3bc7

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Tue, 21 Jan 2020 20:57:37 GMT
server: nginx/1.15.8
etag: "5e2765c1-57446"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
status: 200
cache-control: public, max-age=600
date: Fri, 03 Apr 2020 08:24:04 GMT
x-host: s7.addthis.com
content-length: 114924

GET
H/1.1 200
OK Picture5.png
www.fortinet.com/content/dam/fortinet-blog/article-images/covid-infostealer-val-blog/ 105 KB
106 KB 319ms
175ms Image
image/png 52.52.208.2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/article-images/covid-infostealer-val-blog/Picture5.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

52.52.208.2 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-52-208-2.us-west-1.compute.amazonaws.com

Software

Apache /

Resource Hash

3be19af41152df0a31ad542f94e84a64734b66079227821da645072659b39f7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

X-Dispatcher: dispatcher1uswest1
Date: Fri, 03 Apr 2020 08:24:04 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 02 Apr 2020 16:44:01 GMT
Server: Apache
ETag: "1a4c2-5a25182057640"
X-Vhost: publish
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
Content-Type: image/png
Cache-Control: max-age=684000, public
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 107714

GET
H/1.1 200
OK Picture6.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/coronavirus-media-frenzy-blog/ 39 KB
39 KB 453ms
173ms Image
image/png 52.52.208.2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/article-images/coronavirus-media-frenzy-blog/Picture6.png.thumb.319.319.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

52.52.208.2 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-52-208-2.us-west-1.compute.amazonaws.com

Software

Apache /

Resource Hash

142947583ee28b957236ea1a824451ceb3912bc157f16e29678d50b625c733f7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

X-Dispatcher: dispatcher2uswest1
Date: Fri, 03 Apr 2020 08:24:04 GMT
X-Content-Type-Options: nosniff
Last-Modified: Wed, 04 Mar 2020 19:47:48 GMT
Server: Apache
ETag: "9b52-5a00cb1e24100"
X-Vhost: publish
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
Content-Type: image/png
Cache-Control: max-age=684000, public
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 39762

GET
H/1.1 200
OK social-engineering-covid-img.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/social-engineering-covid/ 39 KB
39 KB 459ms
165ms Image
image/png 52.52.208.2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/article-images/social-engineering-covid/social-engineering-covid-img.png.thumb.319.319.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

52.52.208.2 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-52-208-2.us-west-1.compute.amazonaws.com

Software

Apache /

Resource Hash

b3f201c5989f4b55e18e8aee582aeea5dca829c25b4421170c70b49101dd3be2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

X-Dispatcher: dispatcher1uswest1
Date: Fri, 03 Apr 2020 08:24:04 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 23 Mar 2020 16:06:43 GMT
Server: Apache
ETag: "9a22-5a187d2368ac0"
X-Vhost: publish
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
Content-Type: image/png
Cache-Control: max-age=684000, public
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 39458

GET
H/1.1 200
OK microsoft-vuln-three.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/bluekeep-vulnerability/ 20 KB
21 KB 489ms
167ms Image
image/png 52.52.208.2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/article-images/bluekeep-vulnerability/microsoft-vuln-three.png.thumb.319.319.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

52.52.208.2 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-52-208-2.us-west-1.compute.amazonaws.com

Software

Apache /

Resource Hash

b2a69f81002746fb20a34679b10c764c2d5f664de10944230824289d55c38348

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

X-Dispatcher: dispatcher1uswest1
Date: Fri, 03 Apr 2020 08:24:04 GMT
X-Content-Type-Options: nosniff
Last-Modified: Mon, 10 Jun 2019 22:25:37 GMT
Server: Apache
ETag: "51ca-58affa8cf3a40"
X-Vhost: publish
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
Content-Type: image/png
Cache-Control: max-age=684000, public
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 20938

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 44 KB
18 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NBSLLPJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 06 Feb 2020 00:21:02 GMT
server: Golfe2
age: 6632
date: Fri, 03 Apr 2020 06:33:32 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 18174
expires: Fri, 03 Apr 2020 08:33:32 GMT

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
101 B 14ms
14ms Image
image/gif 2a00:1450:4001:81d::200e
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j81&a=1122078744&t=pageview&_s=1&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Flatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html%3Futm_source%3Dsocial%26utm_medium%3Dtwitter-org%26utm_campaign%3Dsprinklr&ul=en-us&de=UTF-8&dt=Latest%20Global%20COVID-19%2FCoronavirus%20Spearphishing%20Campaign%20Drops%20Infostealer&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=YEBAAAAB~&jid=866727913&gjid=2114198046&cid=1165062768.1585902244&tid=UA-767980-6&_gid=194922502.1585902244&_r=1&gtm=2wg3p1NBSLLPJ&z=1047533550

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81d::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

pragma: no-cache
date: Fri, 03 Apr 2020 08:24:04 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 71ms
24ms Script
application/x-javascript 23.210.250.213
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.250.213 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-250-213.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 03 Apr 2020 08:24:04 GMT
content-encoding: gzip
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
server: AmazonS3
x-amz-request-id: FBAF69B7861DE212
etag: "f14b4e1f799b14f798a195f43cf58376"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=19642
accept-ranges: bytes
content-length: 948
x-amz-id-2: mINJDBnKUfP83RzDJ6hQaYSGPvMPOM770jd+gXVSD8LFScfPdVPaVzI4W2IwmrtEKhDna93Nv9A=

GET
H/1.1 200
OK rd Show response
dpm.demdex.net/id/ 367 B
1 KB 39ms
39ms XHR
application/json 52.30.105.51
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=4.5.2&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1585902244149

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.30.105.51 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-30-105-51.eu-west-1.compute.amazonaws.com

Software

Resource Hash

846d83f1781c46b25884fc4f0a81c27b15c57da4854a2c1b8a67265bd9828b28

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Origin: https://www.fortinet.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-v064-0de81b0de.edge-irl1.demdex.com 5.66.0.20200310121811 2ms (+0ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-TID: InHK9WrcSR4=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.fortinet.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 300
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK Cookie set dest5.html
fortinet.demdex.net/ Frame 9C93 0
0 180ms
38ms Document
text/html 52.30.201.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://fortinet.demdex.net/dest5.html?d_nsid=0

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.30.201.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-30-201-43.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Host: fortinet.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: cross-site
Sec-Fetch-Mode: navigate
Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US
Cookie: demdex=66958654134655583333464077980969173210
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: iframe
Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=21600
Content-Encoding: gzip
Content-Type: text/html
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Wed, 18 Mar 2020 11:39:41 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Set-Cookie: demdex=66958654134655583333464077980969173210;Path=/;Domain=.demdex.net;Expires=Wed, 30-Sep-2020 08:24:04 GMT;Max-Age=15552000;Secure;SameSite=None
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding, User-Agent
X-TID: lTXzplAMT8o=
Content-Length: 2785
Connection: keep-alive

GET
H2 200 id Show response
metrics.fortinet.com/ 48 B
485 B 108ms
31ms XHR
application/x-javascript 35.181.91.36
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.fortinet.com/id?d_visid_ver=4.5.2&d_fieldgroup=A&mcorgid=ED8739F75677FE917F000101%40AdobeOrg&mid=66592361820257271573500636705944871250&ts=1585902244351

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.181.91.36 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-181-91-36.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

688a1355a6a60c19124bfd52ed82f714f9224beca720d486ae6805870ea0a842

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Origin: https://www.fortinet.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

status: 200
date: Fri, 03 Apr 2020 08:24:04 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-544845747d-czqqn
vary: Origin
x-c: master-1219.Ia2cf62.M0-374
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
content-type: application/x-javascript;charset=utf-8
content-length: 48
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=XobypAAAAxmf7lL0
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=66958654134655583333464077980969173210
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XobypAAAAxmf7lL0

42 B
915 B

39ms
38ms

Image
image/gif

52.30.105.51
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=XobypAAAAxmf7lL0

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.30.105.51 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-30-105-51.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v064-0a0b195c7.edge-irl1.demdex.com 5.66.0.20200310121811 1ms (+0ms)
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
X-TID: 4gWr/pQAQKk=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Fri, 03 Apr 2020 08:24:04 GMT
Server: AMO-cookiemap/1.1
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=XobypAAAAxmf7lL0
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=15,max=100
Content-Length: 0

GET
H2 200 s2106779255996
metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.20.0-LAR3/ 43 B
627 B 30ms
29ms Image
image/gif 35.181.91.36
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.20.0-LAR3/s2106779255996?AQB=1&ndh=1&pf=1&t=3%2F3%2F2020%2010%3A24%3A4%205%20-120&mid=66592361820257271573500636705944871250&aamlh=6&ce=UTF-8&pageName=en%3Ablog%3Athreat-research%3Alatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer%3Autm_source%3Dsocial%26utm_medium%3Dtwitter-org%26utm_campaign%3Dsprinklr&g=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Flatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html%3Futm_source%3Dsocial%26utm_medium%3Dtwitter-org%26utm_campaign%3Dsprinklr&cc=USD&v0=social%3Atwitter-org%3Asprinklr%3Anone%3Anone&events=event3&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&v1=www.fortinet.com%2Fblog%2Fthreat-research%2Flatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html%3Futm_source%3Dsocial%26utm_medium%3Dtwitter-org%26utm_campaign%3Dsprinklr&v3=%2B1&c7=Entire%20Site&c8=New&v27=BLOG&v33=en%3Ablog%3Athreat-research%3Alatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer%3Autm_source%3Dsocial%26utm_medium%3Dtwitter-org%26utm_campaign%3Dsprinklr&v35=Enabled&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=ED8739F75677FE917F000101%40AdobeOrg&AQE=1

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.181.91.36 Paris, France, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-35-181-91-36.eu-west-3.compute.amazonaws.com

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 03 Apr 2020 08:24:04 GMT
x-content-type-options: nosniff
x-c: master-1219.Ia2cf62.M0-374
p3p: CP="This is not a P3P policy"
status: 200
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Sat, 04 Apr 2020 08:24:04 GMT
server: jag
xserver: anedge-544845747d-56mvk
etag: 3405699136401801216-4613561552857357091
vary: *
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Thu, 02 Apr 2020 08:24:04 GMT

GET
H2 200 RCb652faf409a54c3db318899e2cbcc95c-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/3eb016d0743a/ 881 B
697 B 31ms
31ms Script
application/x-javascript 23.210.248.45
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/3eb016d0743a/RCb652faf409a54c3db318899e2cbcc95c-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.45 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-45.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 6cd730dc93590d7c4d1a32a0a6a472cd5f64cc5f9a80d0b792117f7bd3107f6e

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 03 Apr 2020 08:24:04 GMT
content-encoding: gzip
last-modified: Thu, 02 Apr 2020 17:47:49 GMT
server: AkamaiNetStorage
etag: "6371591fba0aa524090d1cca6592d531:1585849669.527165"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 452
expires: Fri, 03 Apr 2020 09:24:04 GMT

GET
H2 200 _ate.track.config_resp Show response
v1.addthisedge.com/live/boost/ra-5d48adfc650f1a9e/ 2 KB
756 B 116ms
115ms Script
application/javascript 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://v1.addthisedge.com/live/boost/ra-5d48adfc650f1a9e/_ate.track.config_resp
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-44.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 133debcec0026d79ced8d9d9504d6f95804410b4806b4b0b5f973f6ca529f5fb

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 03 Apr 2020 08:24:04 GMT
content-encoding: gzip
etag: 1861047380--gzip
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
status: 200
cache-control: public, max-age=28, s-maxage=86400
content-disposition: attachment; filename=1.txt
content-length: 580

GET
H/1.1 200
OK picture1.png
www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer/_jcr_content/root/responsivegrid/image_654800395.img.png/1585847269348/ 177 KB
178 KB 245ms
165ms Image
image/png 52.52.208.2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer/_jcr_content/root/responsivegrid/image_654800395.img.png/1585847269348/picture1.png

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

52.52.208.2 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-52-208-2.us-west-1.compute.amazonaws.com

Software

Apache /

Resource Hash

b4c4855e86d801870e1b603fd5d660aceafdd35286b1bb6f57675b0c953c0641

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

X-Dispatcher: dispatcher1uswest1
Date: Fri, 03 Apr 2020 08:24:04 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 02 Apr 2020 17:07:49 GMT
Server: Apache
ETag: "2c4a1-5a251d7230340"
X-Vhost: publish
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
Content-Type: image/png
Cache-Control: max-age=684000, public
Content-Disposition: inline; filename=picture1.png
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 181409

GET
H/1.1 200
OK picture2.png
www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer/_jcr_content/root/responsivegrid/image_595397333.img.png/1585847652032/ 159 KB
160 KB 274ms
170ms Image
image/png 52.52.208.2
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

52.52.208.2 San Jose, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-52-208-2.us-west-1.compute.amazonaws.com

Software

Apache /

Resource Hash

a38b7386b006094d4f5c04bb3647e05ff2c1b20e3b717039a5a1d3310f5eabff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

X-Dispatcher: dispatcher1uswest1
Date: Fri, 03 Apr 2020 08:24:04 GMT
X-Content-Type-Options: nosniff
Last-Modified: Thu, 02 Apr 2020 17:14:12 GMT
Server: Apache
ETag: "27cb0-5a251edf72100"
X-Vhost: publish
X-Frame-Options: SAMEORIGIN
Connection: keep-alive
Content-Type: image/png
Cache-Control: max-age=684000, public
Content-Disposition: inline; filename=picture2.png
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes
Content-Length: 162992

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 34 KB
11 KB 69ms
18ms Script
text/javascript 95.100.196.159
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NBSLLPJ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.100.196.159 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-196-159.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 19c904aaa555d91d75c5b3682e3f358ba5af4c302339d63c9e464f53d8708ff8

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-amz-version-id: EEryoP57M4BXSHtGt9JFNoNG_YhGzXxp
Content-Encoding: gzip
x-amz-request-id: EA21926B77EA4001
x-amz-server-side-encryption: AES256
Access-Control-Max-Age: 600
Date: Fri, 03 Apr 2020 08:24:04 GMT
Connection: keep-alive
Content-Length: 10905
x-amz-id-2: S0dx9YZKi/42P6gHOd6VRj9NtvUJsJiwawSupEKCROb9T2VaCKJ74D6z+oIQPnSrPJL6nDYTZ3E=
Last-Modified: Wed, 01 Apr 2020 18:03:06 GMT
Server: AmazonS3
ETag: "9884704eb3fc99427eb5b90c4bbab62c"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 3 KB
2 KB 9ms
9ms Script
application/x-javascript 2a02:26f0:10c:39e::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NBSLLPJ
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:39e::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: 41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Fri, 03 Apr 2020 08:24:04 GMT
Content-Encoding: gzip
Last-Modified: Mon, 07 Oct 2019 16:41:31 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=13140
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1576

GET
H2 200 api.min.js Show response
a.optmnstr.com/app/js/ 198 KB
59 KB 70ms
22ms Script
application/javascript 23.111.9.217
HIGHWINDS2

General

Check archive.org

Show headers Download Go to

Full URL: https://a.optmnstr.com/app/js/api.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NBSLLPJ
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.111.9.217 Phoenix, United States, ASN33438 (HIGHWINDS2, US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: 2a8327a5567d5638f97e2fd377e6d938efd5c5c3792df9ee108b89c962e64674

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 03 Apr 2020 08:24:04 GMT
content-encoding: gzip
last-modified: Thu, 02 Apr 2020 21:47:10 GMT
server: NetDNA-cache/2.2
x-amz-request-id: 773AB8474220A847
etag: W/"ee5aa6fc8d8753804f3d4b30776949ac"
x-cache: HIT
content-type: application/javascript
status: 200
cache-control: max-age=31104000
access-control-allow-origin: *
x-amz-id-2: jsRx23jqKRg6kvHA2AfDt274K8m+/q+JKQvSj1UYDX7WpKLl6RHZIeeVbGGBt93pNmGZUmlMo5I=
expires: Mon, 29 Mar 2021 08:24:04 GMT

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Flatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.htm...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7120%26url%3Dhttps%253A%252F%252Fwww.fortinet.com%252Fblog%252Fthreat-research%25...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Flatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.htm...

0
63 B

166ms
166ms

Image
application/javascript

2a05:f500:11:101::b93f:9005
LINKEDIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Flatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html%3Futm_source%3Dsocial%26utm_medium%3Dtwitter-org%26utm_campaign%3Dsprinklr&time=1585902244583&liSync=true
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:11:101::b93f:9005 , Ireland, ASN14413 (LINKEDIN, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Fri, 03 Apr 2020 08:24:05 GMT
server: Play
linkedin-action: 1
x-li-fabric: prod-lor1
status: 200
x-li-proto: http/2
x-li-pop: prod-tln1
content-type: application/javascript
content-length: 0
x-li-uuid: zmOodrBBAhaQXUn32SoAAA==

Redirect headers

date: Fri, 03 Apr 2020 08:24:04 GMT
x-content-type-options: nosniff
linkedin-action: 1
status: 302
strict-transport-security: max-age=2592000
content-length: 0
x-li-uuid: IYwva7BBAhZwpYiYxSoAAA==
server: Play
pragma: no-cache
x-li-pop: prod-efr5
expect-ct: max-age=86400, report-uri="https://www.linkedin.com/platform-telemetry/ct"
x-frame-options: sameorigin
x-li-fabric: prod-lor1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Flatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html%3Futm_source%3Dsocial%26utm_medium%3Dtwitter-org%26utm_campaign%3Dsprinklr&time=1585902244583&liSync=true
x-xss-protection: 1; mode=block
cache-control: no-cache, no-store
content-security-policy: default-src *; connect-src 'self' https://media-src.linkedin.com/media/ www.linkedin.com s.c.lnkd.licdn.com m.c.lnkd.licdn.com s.c.exp1.licdn.com s.c.exp2.licdn.com m.c.exp1.licdn.com m.c.exp2.licdn.com wss://*.linkedin.com dms.licdn.com https://dpm.demdex.net/id https://lnkd.demdex.net/event blob: static.licdn.com static-exp1.licdn.com static-exp2.licdn.com static-exp3.licdn.com media.licdn.com media-exp1.licdn.com media-exp2.licdn.com media-exp3.licdn.com; img-src data: blob: *; font-src data: *; style-src 'unsafe-inline' 'self' static-src.linkedin.com *.licdn.com; script-src 'report-sample' 'unsafe-inline' 'unsafe-eval' 'self' spdy.linkedin.com static-src.linkedin.com *.ads.linkedin.com *.licdn.com static.chartbeat.com www.google-analytics.com ssl.google-analytics.com bcvipva02.rightnowtech.com www.bizographics.com sjs.bizographics.com js.bizographics.com d.la4-c1-was.salesforceliveagent.com slideshare.www.linkedin.com https://snap.licdn.com/li.lms-analytics/insight.min.js platform.linkedin.com platform-akam.linkedin.com platform-ecst.linkedin.com platform-azur.linkedin.com; object-src 'none'; media-src blob: *; child-src blob: lnkd-communities: voyager: *; frame-ancestors 'self'; report-uri https://www.linkedin.com/platform-telemetry/csp?f=l
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/exp/
Redirect Chain

https://s.adroll.com/j/exp/7OBVBCAQE5FHDPFEAD5T4D/index.js
https://s.adroll.com/j/exp/index.js

28 B
747 B

21ms
21ms

Script
application/javascript

95.100.196.159
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/index.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.100.196.159 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-196-159.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: oJIzvk_mmLAXF5iekxvT5NnrQtQSmq7M
Content-Encoding: gzip
x-amz-request-id: 8EF58DFF6022E509
x-amz-server-side-encryption: AES256
Access-Control-Max-Age: 600
Date: Fri, 03 Apr 2020 08:24:04 GMT
Connection: keep-alive
Content-Length: 48
x-amz-id-2: nRbO3sDbLhVuH9XRmliGROi5VMnWM15JYtBlfH96e+tuxiWX3fkjm0yBOHoWdbenF0xXBNy2Yok=
Last-Modified: Thu, 02 Apr 2020 22:43:50 GMT
Server: AmazonS3
ETag: "5816cced8568d223aa09d889f300692b"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

Redirect headers

Date: Fri, 03 Apr 2020 08:24:04 GMT
Server: AkamaiGHost
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Location: https://s.adroll.com/j/exp/index.js
Access-Control-Allow-Credentials: false
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 0

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/7OBVBCAQE5FHDPFEAD5T4D/GIVUJ77KRNF4LOPGYJ6RS5/ 1 KB
1 KB 54ms
18ms Script
text/javascript 95.100.196.159
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/7OBVBCAQE5FHDPFEAD5T4D/GIVUJ77KRNF4LOPGYJ6RS5/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.100.196.159 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-196-159.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: cbce85e96b7752208ce15a09ea4d5a58b792edc9e77f1c5ccf46c01935970f9d

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-amz-version-id: Oce9DjD7SwpAGzSNfnWexKW8QlpF_SFj
Content-Encoding: gzip
x-amz-request-id: 8FE4182D94F5FCF5
x-amz-server-side-encryption: AES256
Access-Control-Max-Age: 600
Date: Fri, 03 Apr 2020 08:24:04 GMT
Connection: keep-alive
Content-Length: 635
x-amz-id-2: SUg+aW2a5oaJKCb9HtaL779K+yBg6UIKdz6z75mDBVBQ+2vJb5uk5sa3L6KUh223rLZlF3jDMhE=
Last-Modified: Thu, 02 Apr 2020 09:44:17 GMT
Server: AmazonS3
ETag: "3996d65282dd996ee0d7d4c90c139158"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2

200

/ Show response
d.adroll.com/consent/check/7OBVBCAQE5FHDPFEAD5T4D/
Redirect Chain

https://d.adroll.mgr.consensu.org/consent/iabcheck/7OBVBCAQE5FHDPFEAD5T4D?_s=7c718e011393fd158fa1ccfd15290aa9&_b=2
https://d.adroll.com/consent/check/7OBVBCAQE5FHDPFEAD5T4D/?_s=7c718e011393fd158fa1ccfd15290aa9&_b=2

106 B
198 B

39ms
38ms

Script
application/javascript

34.253.11.118
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/7OBVBCAQE5FHDPFEAD5T4D/?_s=7c718e011393fd158fa1ccfd15290aa9&_b=2
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.11.118 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-253-11-118.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: dcc1cf9874c1298c5e39ce7cd0f1c4ad67ef805a4c0d6dbda250202d947dd755

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Fri, 03 Apr 2020 08:24:04 GMT
server: nginx/1.16.1
content-length: 106
content-type: application/javascript

Redirect headers

status: 302
date: Fri, 03 Apr 2020 08:24:04 GMT
server: nginx/1.16.1
content-length: 105
location: https://d.adroll.com/consent/check/7OBVBCAQE5FHDPFEAD5T4D/?_s=7c718e011393fd158fa1ccfd15290aa9&_b=2

GET
H2 200 layers.ab5cd98fe1b9a38a4a9f.js Show response
s7.addthis.com/static/ 263 KB
76 KB 27ms
27ms Script
application/javascript 23.210.248.44
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/static/layers.ab5cd98fe1b9a38a4a9f.js

Requested by

Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.210.248.44 , Netherlands, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-210-248-44.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

ecc0c4a707efeb061b7de57440221feb21ab08022938aaacee779e98fe809235

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Wed, 18 Sep 2019 14:16:17 GMT
server: nginx/1.15.8
etag: W/"5d823c31-41b9f"
vary: Accept-Encoding
content-type: application/javascript
status: 200
cache-control: public, max-age=86313600
date: Fri, 03 Apr 2020 08:24:04 GMT
x-host: s7.addthis.com
timing-allow-origin: *
content-length: 77528

GET
H2 200 39852 Show response
api.omappapi.com/v2/embed/ 637 KB
57 KB 488ms
237ms XHR
application/json 50.19.60.226
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v2/embed/39852
Requested by: Host: a.optmnstr.com
URL: https://a.optmnstr.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 50.19.60.226 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-50-19-60-226.compute-1.amazonaws.com
Software: Pagely Gateway/1.5.1 /
Resource Hash: b3adb5fcff9ce2309e51e2127945d36a9ae607c70d1c92192a70cfadeda9b523

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Origin: https://www.fortinet.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-user-agent: standard
content-encoding: gzip
x-cache-config: 0 0
server: Pagely Gateway/1.5.1
status: 200
date: Fri, 03 Apr 2020 08:24:04 GMT
x-cache-status: HIT
vary: Accept-Encoding, User-Agent
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-OptinMonster-Account
access-control-allow-headers: X-CSRF-Token
x-optinmonster-account: 45602

GET
H/1.1 200
OK consent.js Show response
s.adroll.com/j/ 243 KB
33 KB 24ms
24ms Script
application/javascript 95.100.196.159
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/consent.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 95.100.196.159 , Ascension Island, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a95-100-196-159.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: f82c9f099656346f543c66ba009bd5f18010c7b41ad43d47a7f762121ad4496d

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

x-amz-version-id: W7pJTDq0578OcjyRZxtRH_BjDuWCGgRc
Content-Encoding: gzip
x-amz-request-id: BFDDD219E02D63AA
x-amz-server-side-encryption: AES256
Access-Control-Max-Age: 600
Date: Fri, 03 Apr 2020 08:24:04 GMT
Connection: keep-alive
Content-Length: 33195
x-amz-id-2: 0vEYWSNr8BIWIFx+Vt855bKM9PGQi1O3TTl+RSbaQgK2eZJeo3lhhvwHGpfanAseKG0Oz2obOWc=
Last-Modified: Tue, 19 Nov 2019 20:42:26 GMT
Server: AmazonS3
ETag: "2f9f76c2d377be42af05cdf34c632618"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H2 200 hod
d.adroll.com/consent/ 42 B
180 B 38ms
38ms Image
image/gif 34.253.11.118
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/consent/hod?_e=view_banner&_s=7c718e011393fd158fa1ccfd15290aa9&_b=2.1&_a=7OBVBCAQE5FHDPFEAD5T4D
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.253.11.118 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-253-11-118.eu-west-1.compute.amazonaws.com
Software: nginx/1.16.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

status: 200
date: Fri, 03 Apr 2020 08:24:04 GMT
cache-control: no-transform,public,max-age=300,s-maxage=900
server: nginx/1.16.1
content-length: 42
vary: Cookie
content-type: image/gif

GET
H2 200 RC4a2e638109b443d5b84d8f2e2216b80e-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/3eb016d0743a/ 819 B
746 B 25ms
24ms Script
application/x-javascript 23.210.248.45
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/3eb016d0743a/RC4a2e638109b443d5b84d8f2e2216b80e-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.45 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-45.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 2e6b1425eab1b01059760559671b06642e0f15423e4ae8ae29467dd56f9020f1

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 03 Apr 2020 08:24:05 GMT
content-encoding: gzip
last-modified: Thu, 02 Apr 2020 17:47:49 GMT
server: AkamaiNetStorage
etag: "6371591fba0aa524090d1cca6592d531:1585849669.527165"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 502
expires: Fri, 03 Apr 2020 09:24:05 GMT

GET
H2 200 RC0b6c219cefad47a7856f990eee551ad6-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/3eb016d0743a/ 847 B
721 B 24ms
23ms Script
application/x-javascript 23.210.248.45
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/3eb016d0743a/RC0b6c219cefad47a7856f990eee551ad6-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.45 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-45.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 19d93d95e74a0dfb9cafe96039ea04aec2e1a776bf9a715fce25812db110908a

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 03 Apr 2020 08:24:05 GMT
content-encoding: gzip
last-modified: Thu, 02 Apr 2020 17:47:49 GMT
server: AkamaiNetStorage
etag: "6371591fba0aa524090d1cca6592d531:1585849669.527165"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 476
expires: Fri, 03 Apr 2020 09:24:05 GMT

GET
H2 200 RC4da2046cb6a74ff89eee84fdeadc51af-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/3eb016d0743a/ 1005 B
834 B 24ms
23ms Script
application/x-javascript 23.210.248.45
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/3eb016d0743a/RC4da2046cb6a74ff89eee84fdeadc51af-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.210.248.45 , Netherlands, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-210-248-45.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 08b047fc61cd752a042a882f13acded3a656b90c01b761d32a6fb86bd18fe6bd

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 03 Apr 2020 08:24:05 GMT
content-encoding: gzip
last-modified: Thu, 02 Apr 2020 17:47:49 GMT
server: AkamaiNetStorage
etag: "6371591fba0aa524090d1cca6592d531:1585849669.527165"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 589
expires: Fri, 03 Apr 2020 09:24:05 GMT

GET
H2 200 / Show response
api.omappapi.com/v2/geolocate/json/ 242 B
555 B 131ms
130ms XHR
application/json 50.19.60.226
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v2/geolocate/json/
Requested by: Host: a.optmnstr.com
URL: https://a.optmnstr.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 50.19.60.226 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-50-19-60-226.compute-1.amazonaws.com
Software: Pagely Gateway/1.5.1 /
Resource Hash: 1a7b3e905b55de1d29b86b09c3c6f5d2056b040d495609479dd486ac6e7bc9ca

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Origin: https://www.fortinet.com
Sec-Fetch-Dest: empty
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-user-agent: standard
x-cache-config: 0 0
server: Pagely Gateway/1.5.1
status: 200
date: Fri, 03 Apr 2020 08:24:05 GMT
x-cache-status: BYPASS
vary: Origin
content-type: application/json
access-control-allow-origin: https://www.fortinet.com
x-ratelimit-remaining: 999
access-control-allow-credentials: true
x-ratelimit-reset: 1585902305
x-ratelimit-limit: 1000
x-database-date: Wed, 01 Apr 2020 20:31:14 GMT
content-length: 242

GET
H2 200 webfont.js Show response
ajax.googleapis.com/ajax/libs/webfont/1.5.18/ 16 KB
6 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:81b::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/webfont/1.5.18/webfont.js

Requested by

Host: a.optmnstr.com
URL: https://a.optmnstr.com/app/js/api.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 06 Mar 2020 06:26:48 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 2426237
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,43",h3-Q050=":443"; ma=2592000,h3-Q049=":443"; ma=2592000,h3-Q048=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,h3-T050=":443"; ma=2592000
content-length: 6490
x-xss-protection: 0
last-modified: Tue, 20 Dec 2016 18:17:03 GMT
server: sffe
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 06 Mar 2021 06:26:48 GMT

GET
H2 200 mobile-detect.min.js Show response
cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.4.3/ 38 KB
15 KB 18ms
17ms Script
application/javascript 2606:4700::6811:4004
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdnjs.cloudflare.com/ajax/libs/mobile-detect/1.4.3/mobile-detect.min.js

Requested by

Host: a.optmnstr.com
URL: https://a.optmnstr.com/app/js/api.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:4004 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

363a80d367e6658e72d918cd33f9481ce7929199a9858122b0dcc61dffa62fde

Security Headers

Name	Value
Strict-Transport-Security	max-age=15780000; includeSubDomains

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 03 Apr 2020 08:24:05 GMT
content-encoding: br
cf-cache-status: HIT
age: 4838769
cf-ray: 57e164292d9cdfd3-FRA
status: 200
strict-transport-security: max-age=15780000; includeSubDomains
alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400
last-modified: Sat, 08 Sep 2018 10:00:50 GMT
server: cloudflare
etag: W/"5b939dd2-9624"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
expires: Wed, 24 Mar 2021 08:24:05 GMT
cache-control: public, max-age=30672000
timing-allow-origin: *
served-in-seconds: 0.002

GET
H/1.1 200
OK bf9b60c3e96b1585247218-threat-report-banner.jpg
optin-monster.s3.amazonaws.com/users/df0603609574/images/ 35 KB
36 KB 566ms
154ms Image
image/jpeg 52.216.139.139
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://optin-monster.s3.amazonaws.com/users/df0603609574/images/bf9b60c3e96b1585247218-threat-report-banner.jpg
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.139.139 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: d96d8bb5de5c3c7d077b9a04db8edc60331510291bc09c684324b184423d4581

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Fri, 03 Apr 2020 08:24:06 GMT
x-amz-request-id: 0EC5689D35A98371
x-amz-meta-date: 1585247218
Content-Length: 35900
x-amz-id-2: r4jmLNCx8i1r6Ct4otgGyoG+eK1P+T7pIffBeL8vAHg/O8qUOhHTUKFZOkv+wlu+aLZbYmIkD+E=
x-amz-meta-level: pro
x-amz-meta-dimensions: 1024 x 160
Last-Modified: Thu, 26 Mar 2020 18:26:59 GMT
Server: AmazonS3
x-amz-meta-accountid: 45602
ETag: "82bb8793b2035d46f8a850a8bceb53d8"
Content-Type: image/jpeg
x-amz-meta-userid: 39852
x-amz-meta-title: bf9b60c3e96b1585247218-threat-report-banner.jpg
Cache-Control: 31104000
Accept-Ranges: bytes
Expires: Fri, 26 Mar 2021 18:26:58 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 5 KB
2 KB 62ms
20ms Script
application/javascript 151.101.112.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 151.101.112.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 03 Apr 2020 08:24:05 GMT
content-encoding: gzip
age: 604
x-cache: HIT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200
content-length: 1954
x-served-by: cache-hhn4024-HHN
last-modified: Tue, 23 Jan 2018 20:09:00 GMT
x-timer: S1585902245.394394,VS0,VE0
etag: "b7b33882a4f3ffd5cbf07434f3137166+gzip"
vary: Accept-Encoding,Host
content-type: application/javascript; charset=utf-8
via: 1.1 varnish
cache-control: no-cache
accept-ranges: bytes

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 3 KB
2 KB 9ms
9ms Script
application/x-javascript 2a02:26f0:10c:39e::25ea
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:10c:39e::25ea , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: 41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

Date: Fri, 03 Apr 2020 08:24:05 GMT
Content-Encoding: gzip
Last-Modified: Mon, 07 Oct 2019 16:41:31 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=13139
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 1576

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 126 KB
30 KB 6ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

5a91c6d3e635c0bd1551a53cf0769328132151a7732039170280d500dbcb4685

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=3600
content-length: 30466
x-xss-protection: 0
pragma: public
x-fb-debug: 8dOinVWSJUgakKtNndVuqHZV/aUpn2ACJC6Ot+f+n4rNoxR9TcYsJ8rn/p8J2bXsLNhSz2UxJvaC26jhbIppSA==
x-fb-trip-id: 1850256238
date: Fri, 03 Apr 2020 08:24:05 GMT, Fri, 03 Apr 2020 08:24:05 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
DATA 200
OK truncated
/ 443 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 559328277756725 Show response
connect.facebook.net/signals/config/ 447 KB
112 KB 7ms
6ms Script
application/x-javascript 2a03:2880:f02d:12:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/559328277756725?v=2.9.15&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:12:face:b00c:0:3 , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

42fbdf2993092cb323cbad85cdb15192ce4e7f5f9c8c776ffadf7e4e48c14fd2

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob:;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .virtualearth.net .google.com 127.0.0.1:* .spotilocal.com: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net .spotilocal.com: wss://.facebook.com: https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

strict-transport-security: max-age=31536000; preload; includeSubDomains
content-encoding: gzip
x-content-type-options: nosniff
status: 200
alt-svc: h3-27=":443"; ma=3600
content-length: 114918
x-xss-protection: 0
pragma: public
x-fb-debug: JnP/nmNdTtJCqNMfDaNQ5Q4J28r0GItE8Mqv0JdGCJ9CoGEpKcNJciDWIH88I4nluLGFg+ZsNqq/dYDgTFW1eg==
x-fb-trip-id: 1850256238
date: Fri, 03 Apr 2020 08:24:05 GMT, Fri, 03 Apr 2020 08:24:05 GMT
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
content-security-policy: default-src * data: blob:;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net *.spotilocal.com:* wss://*.facebook.com:* https://fb.scanandcleanlocal.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' chrome-extension://boadgeojelhgndaghljhdicfkmllpafd chrome-extension://dliochdbjfkdbacpmhlcpmleaejidimm;
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 44 B
249 B 6ms
6ms Image
image/gif 2a03:2880:f12d:83:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=559328277756725&ev=PageView&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Flatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html%3Futm_source%3Dsocial%26utm_medium%3Dtwitter-org%26utm_campaign%3Dsprinklr&rl=&if=false&ts=1585902245405&sw=1600&sh=1200&v=2.9.15&r=stable&ec=0&o=30&fbp=fb.1.1585902245404.1896703915&it=1585902245375&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f12d:83:face:b00c:0:25de , Ireland, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 03 Apr 2020 08:24:05 GMT, Fri, 03 Apr 2020 08:24:05 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
status: 200
cache-control: no-cache, must-revalidate, max-age=0
alt-svc: h3-27=":443"; ma=3600
content-length: 44
expires: Fri, 03 Apr 2020 08:24:05 GMT

GET
H2 200 adsct Show response
analytics.twitter.com/i/ 31 B
651 B 191ms
137ms Script
application/javascript 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to

Full URL

https://analytics.twitter.com/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nxlzj&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0&tpx_cb=twttr.conversion.loadPixels&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Flatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html%3Futm_source%3Dsocial%26utm_medium%3Dtwitter-org%26utm_campaign%3Dsprinklr

Requested by

Host: static.ads-twitter.com
URL: https://static.ads-twitter.com/uwt.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: script

Response headers

date: Fri, 03 Apr 2020 08:24:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
content-length: 57
x-xss-protection: 0
x-response-time: 113
pragma: no-cache
last-modified: Fri, 03 Apr 2020 08:24:05 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=631138519
content-type: application/javascript;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 71d0302c102109978801d8cdd63872ab
x-transaction: 00d0ab98006a8c25
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2 200 adsct
t.co/i/ 43 B
448 B 194ms
141ms Image
image/gif 104.244.42.197
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?p_id=Twitter&p_user_id=0&txn_id=nxlzj&events=%5B%5B%22pageview%22%2Cnull%5D%5D&tw_sale_amount=0&tw_order_quantity=0&tw_iframe_status=0

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

104.244.42.197 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

date: Fri, 03 Apr 2020 08:24:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
status: 200, 200 OK
x-twitter-response-tags: BouncerCompliant
strict-transport-security: max-age=0
content-length: 65
x-xss-protection: 0
x-response-time: 117
pragma: no-cache
last-modified: Fri, 03 Apr 2020 08:24:05 GMT
server: tsa_o
x-frame-options: SAMEORIGIN
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
x-connection-hash: 4016744ec5a77eae288d7226f2dc9fd2
x-transaction: 0056efc100f6ab11
expires: Tue, 31 Mar 1981 05:00:00 GMT

GET
H2

200

/
cx.atdmt.com/
Redirect Chain

https://www.facebook.com/tr/?id=559328277756725&ev=Microdata&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Flatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer...
https://cx.atdmt.com/?c=18216455641676499954&f=AYyanibAXHEM1daGTByaU2mZMHL_uxpEXyjwvHA991sq1rzdFV_oSpF-LOTzKeFQrcr8xJBvh6AXG2zl3DfUfHzI&id=559328277756725&l=3&v=0

42 B
433 B

58ms
38ms

Image
image/gif

2a03:2880:f02d:5:face:b00c:0:8c
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://cx.atdmt.com/?c=18216455641676499954&f=AYyanibAXHEM1daGTByaU2mZMHL_uxpEXyjwvHA991sq1rzdFV_oSpF-LOTzKeFQrcr8xJBvh6AXG2zl3DfUfHzI&id=559328277756725&l=3&v=0
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a03:2880:f02d:5:face:b00c:0:8c , Ireland, ASN32934 (FACEBOOK, US),
Reverse DNS
Software: /
Resource Hash: 6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

status: 200
date: Fri, 03 Apr 2020 08:24:05 GMT, Fri, 03 Apr 2020 08:24:05 GMT, Fri, 03 Apr 2020 08:24:05 GMT
p3p: CP="NOI DSP COR CUR ADM DEV TAIo PSAo PSDo OUR BUS UNI PUR COM NAV INT DEM STA PRE OTC"
alt-svc: h3-27=":443"; ma=3600
content-length: 42
content-type: image/gif

Redirect headers

pragma: no-cache
date: Fri, 03 Apr 2020 08:24:05 GMT, Fri, 03 Apr 2020 08:24:05 GMT
server: proxygen-bolt
location: https://cx.atdmt.com/?c=18216455641676499954&f=AYyanibAXHEM1daGTByaU2mZMHL_uxpEXyjwvHA991sq1rzdFV_oSpF-LOTzKeFQrcr8xJBvh6AXG2zl3DfUfHzI&id=559328277756725&l=3&v=0
content-type: text/plain
status: 302
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3-27=":443"; ma=3600
content-length: 0
expires: 0

GET
H/1.1 200
OK bf9b60c3e96b1585247218-threat-report-banner.jpg
optin-monster.s3.amazonaws.com/users/df0603609574/images/ 35 KB
36 KB 150ms
150ms Image
image/jpeg 52.216.139.139
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://optin-monster.s3.amazonaws.com/users/df0603609574/images/bf9b60c3e96b1585247218-threat-report-banner.jpg
Requested by: Host: a.optmnstr.com
URL: https://a.optmnstr.com/app/js/api.min.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.139.139 Ashburn, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: d96d8bb5de5c3c7d077b9a04db8edc60331510291bc09c684324b184423d4581

Request headers

Referer: https://www.fortinet.com/blog/threat-research/latest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html?utm_source=social&utm_medium=twitter-org&utm_campaign=sprinklr
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Sec-Fetch-Dest: image

Response headers

Date: Fri, 03 Apr 2020 08:24:07 GMT
x-amz-request-id: 4CCDBF40CECBFBB2
x-amz-meta-date: 1585247218
Content-Length: 35900
x-amz-id-2: iovymv+NAS0ONCzckJWNHkYhQ7J18UUrlvjSb0YJfuooeE2Esjnjxk0fGADnWtAJYNGjN4SOjpU=
x-amz-meta-level: pro
x-amz-meta-dimensions: 1024 x 160
Last-Modified: Thu, 26 Mar 2020 18:26:59 GMT
Server: AmazonS3
x-amz-meta-accountid: 45602
ETag: "82bb8793b2035d46f8a850a8bceb53d8"
Content-Type: image/jpeg
x-amz-meta-userid: 39852
x-amz-meta-title: bf9b60c3e96b1585247218-threat-report-banner.jpg
Cache-Control: 31104000
Accept-Ranges: bytes
Expires: Fri, 26 Mar 2021 18:26:58 GMT

Verdicts & Comments Add Verdict or Comment

167 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

15 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.fortinet.com/	1970-01-23 08:30:15	Name: _omappvp Value: ReSQPn1ib0oibaFV6IzeD0XKMrvdvbu16dggpisnSGgKAGcsZxvY6W1fKRGsRkZ2eZKzrQ2PR57kqehKBnsTEz9320QX6r4B
.fortinet.com/	1970-01-20 02:02:54	Name: AMCV_ED8739F75677FE917F000101%40AdobeOrg Value: -432600572%7CMCIDTS%7C18356%7CMCMID%7C66592361820257271573500636705944871250%7CMCAAMLH-1586507044%7C6%7CMCAAMB-1586507044%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1585909444s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18363%7CvVersion%7C4.5.2
www.fortinet.com/	1970-01-19 18:00:30	Name: __atuvc Value: 1%7C14
.fortinet.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.fortinet.com/	1970-01-20 02:02:54	Name: s_ecid Value: MCMID%7C66592361820257271573500636705944871250
.fortinet.com/	1970-01-19 08:31:44	Name: gpv_pn Value: www.fortinet.com%2Fblog%2Fthreat-research%2Flatest-global-covid-19-coronavirus-spearphishing-campaign-drops-infostealer.html%3Futm_source%3Dsocial%26utm_medium%3Dtwitter-org%26utm_campaign%3Dsprinklr
.fortinet.com/	1970-01-19 10:41:18	Name: s_getNewRepeat Value: 1585902244483-New
www.fortinet.com/	1970-01-19 08:31:42	Name: _omappvs Value: 1585902244683
www.fortinet.com/	1969-12-31 23:59:59	Name: cookiesession1 Value: 594BFB5FENNGJT2FD9CBL4QJTGLQ0B20
.fortinet.com/	1970-01-19 08:33:08	Name: _gid Value: GA1.2.194922502.1585902244
.fortinet.com/	1970-01-19 08:31:42	Name: _gat_UA-767980-6 Value: 1
.demdex.net/	1970-01-19 12:50:54	Name: demdex Value: 66958654134655583333464077980969173210
.fortinet.com/	1970-01-20 02:02:54	Name: _ga Value: GA1.2.1165062768.1585902244
www.fortinet.com/	1970-01-19 08:31:44	Name: __atuvs Value: 5e86f2a411a5a290000
.fortinet.com/	1969-12-31 23:59:59	Name: AMCVS_ED8739F75677FE917F000101%40AdobeOrg Value: 1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.optmnstr.com
ajax.googleapis.com
analytics.twitter.com
api.omappapi.com
assets.adobedtm.com
cdnjs.cloudflare.com
cm.everesttech.net
connect.facebook.net
cx.atdmt.com
d.adroll.com
d.adroll.mgr.consensu.org
dpm.demdex.net
fortinet.demdex.net
metrics.fortinet.com
optin-monster.s3.amazonaws.com
px.ads.linkedin.com
s.adroll.com
s7.addthis.com
snap.licdn.com
static.ads-twitter.com
t.co
v1.addthisedge.com
www.facebook.com
www.fortinet.com
www.google-analytics.com
www.googletagmanager.com
www.linkedin.com
z.moatads.com
104.244.42.197
104.244.42.67
151.101.112.157
23.111.9.217
23.210.248.44
23.210.248.45
23.210.250.213
2606:4700::6811:4004
2a00:1450:4001:800::2008
2a00:1450:4001:81b::200a
2a00:1450:4001:81d::200e
2a02:26f0:10c:39e::25ea
2a03:2880:f02d:12:face:b00c:0:3
2a03:2880:f02d:5:face:b00c:0:8c
2a03:2880:f12d:83:face:b00c:0:25de
2a05:f500:10:101::b93f:9101
2a05:f500:11:101::b93f:9005
34.253.11.118
35.181.91.36
50.19.60.226
52.216.139.139
52.30.105.51
52.30.201.43
52.52.208.2
66.117.28.86
95.100.196.159
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
08b047fc61cd752a042a882f13acded3a656b90c01b761d32a6fb86bd18fe6bd
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
133debcec0026d79ced8d9d9504d6f95804410b4806b4b0b5f973f6ca529f5fb
142947583ee28b957236ea1a824451ceb3912bc157f16e29678d50b625c733f7
19c904aaa555d91d75c5b3682e3f358ba5af4c302339d63c9e464f53d8708ff8
19d93d95e74a0dfb9cafe96039ea04aec2e1a776bf9a715fce25812db110908a
1a7b3e905b55de1d29b86b09c3c6f5d2056b040d495609479dd486ac6e7bc9ca
2a8327a5567d5638f97e2fd377e6d938efd5c5c3792df9ee108b89c962e64674
2e6b1425eab1b01059760559671b06642e0f15423e4ae8ae29467dd56f9020f1
30fce5424db196d1c2802c5977134901447f89a5ed970697172ec17721aac77b
319949c8c08b86e9c35ea542c0dc0c30cedaa9b8d3d3c3327a36c91aefbd8af5
363a80d367e6658e72d918cd33f9481ce7929199a9858122b0dcc61dffa62fde
3be19af41152df0a31ad542f94e84a64734b66079227821da645072659b39f7a
41dd5e421fe221a7d2921d6fa2b36e8b01a9f2c054aaef5fad866fe896c1d1e0
42fbdf2993092cb323cbad85cdb15192ce4e7f5f9c8c776ffadf7e4e48c14fd2
5876d235b697479a9e5f476a33115aea1ddc21fd4b4740dd7180398c6224fdba
5a91c6d3e635c0bd1551a53cf0769328132151a7732039170280d500dbcb4685
5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d
688a1355a6a60c19124bfd52ed82f714f9224beca720d486ae6805870ea0a842
6cd730dc93590d7c4d1a32a0a6a472cd5f64cc5f9a80d0b792117f7bd3107f6e
6d8ba81d1b60a18707722a1f2b62dad48a6acced95a1933f49a68b5016620b93
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
846d83f1781c46b25884fc4f0a81c27b15c57da4854a2c1b8a67265bd9828b28
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a38b7386b006094d4f5c04bb3647e05ff2c1b20e3b717039a5a1d3310f5eabff
a55db6ce7f6660f8bd63293e801bf3ae471ca4335e5b465ec8c4b3116e3aa19d
ab8ceea757a634f5ce5a9ed6f6b4bcdd555869b385d315854e16914a2f5a3bc7
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
ad979cd8209daf4934baefa31ec4dede21ae9cc233cf809da2ed5ed839f03a68
adfcb165c69213b0aba3c64bc549f7ff156ec82110fb8ef144b1d16ebc13b04a
b2a69f81002746fb20a34679b10c764c2d5f664de10944230824289d55c38348
b3adb5fcff9ce2309e51e2127945d36a9ae607c70d1c92192a70cfadeda9b523
b3f201c5989f4b55e18e8aee582aeea5dca829c25b4421170c70b49101dd3be2
b4c4855e86d801870e1b603fd5d660aceafdd35286b1bb6f57675b0c953c0641
cbce85e96b7752208ce15a09ea4d5a58b792edc9e77f1c5ccf46c01935970f9d
ce261eb163fcaee6953cedc35059732a133766ab824dc512bbdf9424d48601e4
d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17
d96d8bb5de5c3c7d077b9a04db8edc60331510291bc09c684324b184423d4581
dcc1cf9874c1298c5e39ce7cd0f1c4ad67ef805a4c0d6dbda250202d947dd755
df3e003cc30e9bdd0313100e8ee5d468070b4b34d11ad355f276a356d4b9c7bf
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e717cb376f9160bc32d1cff24effc117c256426184e0d55727ed04fd86f779d7
e9ab75506ddd29752bc8f3def52635b9838ab97759e0be9ee49f74e7d7b0c01d
eaf1b128b927ac2868755cb7366d35554255c8af362235afe270f9614f8c806d
ecc0c4a707efeb061b7de57440221feb21ab08022938aaacee779e98fe809235
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f82c9f099656346f543c66ba009bd5f18010c7b41ad43d47a7f762121ad4496d

www.fortinet.com Open in urlscan Pro 52.52.208.2 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

52 Requests

100 %HTTPS

38 %IPv6

24 Domains

28 Subdomains

25 IPs

6 Countries

1381 kBTransfer

3810 kBSize

15 Cookies

15 Outgoing links

Redirected requests

52 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.fortinet.com Open in urlscan Pro
52.52.208.2 Public Scan

Screenshot
Live screenshot

Full Image

52
Requests

100 %
HTTPS

38 %
IPv6

24
Domains

28
Subdomains

25
IPs

6
Countries

1381 kB
Transfer

3810 kB
Size

15
Cookies

52 HTTP transactions
3 data transactions