www.fortinet.com Open in urlscan Pro
2a05:d014:f3c:6c01:8589:ad97:29df:f3e  Public Scan

URL: https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Submission: On April 05 via api from DE — Scanned from DE

Summary

This website contacted 10 IPs in 3 countries across 7 domains to perform 48 HTTP transactions. The main IP is 2a05:d014:f3c:6c01:8589:ad97:29df:f3e, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is www.fortinet.com. The Cisco Umbrella rank of the primary domain is 146140.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on July 5th 2023. Valid for: a year.
This is the only time www.fortinet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
29 2a05:d014:f3c... 16509 (AMAZON-02)
6 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:440... 13335 (CLOUDFLAR...)
5 2a02:26f0:350... 20940 (AKAMAI-ASN1)
2 2.17.100.184 20940 (AKAMAI-ASN1)
1 54.171.118.212 16509 (AMAZON-02)
1 2a02:26f0:ab0... 20940 (AKAMAI-ASN1)
2 52.59.114.103 16509 (AMAZON-02)
1 2 63.140.62.17 15224 (OMNITURE)
48 10
Apex Domain
Subdomains
Transfer
31 fortinet.com
www.fortinet.com — Cisco Umbrella Rank: 146140
metrics.fortinet.com — Cisco Umbrella Rank: 313065
3 MB
6 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 314
126 KB
5 adobedtm.com
assets.adobedtm.com — Cisco Umbrella Rank: 399
135 KB
3 6sc.co
j.6sc.co — Cisco Umbrella Rank: 5872
c.6sc.co — Cisco Umbrella Rank: 9222
ipv6.6sc.co — Cisco Umbrella Rank: 5999
18 KB
2 6sense.com
epsilon.6sense.com — Cisco Umbrella Rank: 9066
708 B
1 demdex.net
dpm.demdex.net — Cisco Umbrella Rank: 230
543 B
1 onetrust.com
geolocation.onetrust.com — Cisco Umbrella Rank: 552
295 B
48 7
Domain Requested by
29 www.fortinet.com www.fortinet.com
6 cdn.cookielaw.org www.fortinet.com
cdn.cookielaw.org
5 assets.adobedtm.com cdn.cookielaw.org
assets.adobedtm.com
2 metrics.fortinet.com 1 redirects
2 epsilon.6sense.com j.6sc.co
1 ipv6.6sc.co j.6sc.co
1 c.6sc.co j.6sc.co
1 dpm.demdex.net assets.adobedtm.com
1 j.6sc.co www.fortinet.com
1 geolocation.onetrust.com cdn.cookielaw.org
48 10
Subject Issuer Validity Valid
*.fortinet.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-07-05 -
2024-08-04
a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3
2024-03-01 -
2024-12-31
10 months crt.sh
onetrust.com
Cloudflare Inc ECC CA-3
2023-11-13 -
2024-11-12
a year crt.sh
assets.adobedtm.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-07-11 -
2024-08-10
a year crt.sh
6sc.co
R3
2024-01-29 -
2024-04-28
3 months crt.sh
*.demdex.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-09-26 -
2024-10-26
a year crt.sh
*.6sense.com
Amazon RSA 2048 M03
2024-03-31 -
2025-04-29
a year crt.sh

This page contains 1 frames:

Primary Page: https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Frame ID: F68F61912EA31B83D9C6CB101B69A7C3
Requests: 49 HTTP requests in this frame

Screenshot

Page Title

New Banking Trojan “CHAVECLOAK” Targets Brazil | FortiGuard Labs

Detected technologies

Overall confidence: 100%
Detected patterns
  • /etc/designs/
  • /etc\.clientlibs/

Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js

Page Statistics

48
Requests

98 %
HTTPS

56 %
IPv6

7
Domains

10
Subdomains

10
IPs

3
Countries

2904 kB
Transfer

4475 kB
Size

11
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 48
  • https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.26.0-LDQM/s71542629214268?AQB=1&ndh=1&pf=1&t=5%2F3%2F2024%2011%3A51%3A33%205%20-120&fid=4D76F0AF8311E31C-3FBED0F313EF048F&ce=UTF-8&pageName=en%3Ablog%3Athreat-research%3Abanking-trojan-chavecloak-targets-brazil&g=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fbanking-trojan-chavecloak-targets-brazil&c.&cm.&ssf=1&.cm&.c&cc=USD&v1=www.fortinet.com%2Fblog%2Fthreat-research%2Fbanking-trojan-chavecloak-targets-brazil&c7=Entire%20Site&c8=New&v27=BLOG&v33=en%3Ablog%3Athreat-research%3Abanking-trojan-chavecloak-targets-brazil&v35=Enabled&v92=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fbanking-trojan-chavecloak-targets-brazil&s=800x600&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1113&AQE=1 HTTP 302
  • https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.26.0-LDQM/s71542629214268?AQB=1&pccr=true&vidn=3307E4D2826E83D5-60000E6C41638B8C&ndh=1&pf=1&t=5%2F3%2F2024%2011%3A51%3A33%205%20-120&fid=4D76F0AF8311E31C-3FBED0F313EF048F&ce=UTF-8&pageName=en%3Ablog%3Athreat-research%3Abanking-trojan-chavecloak-targets-brazil&g=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fbanking-trojan-chavecloak-targets-brazil&c.&cm.&ssf=1&.cm&.c&cc=USD&v1=www.fortinet.com%2Fblog%2Fthreat-research%2Fbanking-trojan-chavecloak-targets-brazil&c7=Entire%20Site&c8=New&v27=BLOG&v33=en%3Ablog%3Athreat-research%3Abanking-trojan-chavecloak-targets-brazil&v35=Enabled&v92=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fbanking-trojan-chavecloak-targets-brazil&s=800x600&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1113&AQE=1

48 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request banking-trojan-chavecloak-targets-brazil
www.fortinet.com/blog/threat-research/
57 KB
18 KB
Document
General
Full URL
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c01:8589:ad97:29df:f3e Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
ce196defa5ec0381c4f5f387f335b6276c7f13f6fa43fa07f0d7444208716a8c
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
de-DE,de;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Accept-Ranges
bytes
Age
52548
Cache-Control
max-age=600, public, s-maxage=10800
Connection
keep-alive
Content-Encoding
gzip
Content-Length
17050
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Content-Type
text/html;charset=utf-8
Date
Fri, 05 Apr 2024 09:50:08 GMT
ETag
"e2cd-6154a2a520673-gzip"
Last-Modified
Thu, 04 Apr 2024 19:15:42 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding
Via
1.1 c43915e0cad14ee7685e5f74a99ce93c.cloudfront.net (CloudFront)
X-Amz-Cf-Id
WxcKat_8cuJVispqO3QTpom4vPRXUuH32086svpMnMxDbv8AsXncKw==
X-Amz-Cf-Pop
FRA60-P3
X-Cache
Hit from cloudfront
X-Content-Type-Options
nosniff
X-Dispatcher
dispatcher2uswest1
X-Frame-Options
SAMEORIGIN
X-Vhost
publish
X-XSS-Protection
1; mode=block
visitorapi.min.js
www.fortinet.com/etc/designs/fortinet/adb-target/
64 KB
30 KB
Script
General
Full URL
https://www.fortinet.com/etc/designs/fortinet/adb-target/visitorapi.min.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c01:8589:ad97:29df:f3e Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
0f03d4ff929986a3cde83681fd2560eae544f7138f59945ec6ec32c17800ca91
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Thu, 04 Apr 2024 21:17:43 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Content-Encoding
gzip
Via
1.1 2a44338adc8233e5b25aca28287a69c8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P3
X-Vhost
publish
X-Cache
Hit from cloudfront
Age
45237
Connection
keep-alive
Content-Length
29532
X-XSS-Protection
1; mode=block
Last-Modified
Thu, 15 Feb 2024 21:50:14 GMT
Server
Apache
ETag
"fe2d-611729cbf7180-gzip"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
X-Amz-Cf-Id
33fCQaJwiXtOlTSGzsN2Pexa8UTEMOMiopkXipY38JvnwRZr3imHDw==
at.js
www.fortinet.com/etc/designs/fortinet/adb-target/
104 KB
48 KB
Script
General
Full URL
https://www.fortinet.com/etc/designs/fortinet/adb-target/at.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c01:8589:ad97:29df:f3e Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
db058d72d7ba8ff6ed7209af23a4458c373cc78f72c81ec1df88bb5de72a0b0b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Thu, 04 Apr 2024 21:17:43 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Content-Encoding
gzip
Via
1.1 7251dede1ac94066b27bcd33919b30c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P3
X-Vhost
publish
X-Cache
Hit from cloudfront
Age
45237
Connection
keep-alive
Content-Length
47782
X-XSS-Protection
1; mode=block
Last-Modified
Thu, 21 Mar 2024 21:07:28 GMT
Server
Apache
ETag
"19e83-61432183f8400-gzip"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
X-Amz-Cf-Id
YOEWp_Ml4kBDw10p0lzfFKUHZNAfwRo3dZ9mBSkFyDNZx3bZe-Otgw==
clientlib-base.min.dd0a483149c256850fa49d2e21abf149.css
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/
540 KB
28 KB
Stylesheet
General
Full URL
https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.dd0a483149c256850fa49d2e21abf149.css
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c01:8589:ad97:29df:f3e Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
bf19e4cab46ebfd04a1438e21bc98c6f520c476918f71d44a96d2523fe0abec4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Thu, 04 Apr 2024 21:17:43 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Content-Encoding
gzip
Via
1.1 c43915e0cad14ee7685e5f74a99ce93c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P3
X-Vhost
publish
X-Cache
Hit from cloudfront
Age
45230
Connection
keep-alive
Content-Length
27479
X-XSS-Protection
1; mode=block
Last-Modified
Thu, 01 Feb 2024 21:59:22 GMT
Server
Apache
ETag
"86e18-610591ba20280-gzip"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
text/css;charset=utf-8
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
X-Amz-Cf-Id
vW3mL_a1XVT1ZYK2ch4PbyYNmxUwOmmpGrEFvSKStac-7ayefyyc7Q==
otSDKStub.js
cdn.cookielaw.org/scripttemplates/
21 KB
7 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
92e4588c227a58321a728574129e52ec244df30b90fc9a64a30ee65410104c41
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 05 Apr 2024 09:51:31 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
Pg1MHDpg+UGdovxhidM4Kg==
age
65897
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
6839
x-ms-lease-status
unlocked
last-modified
Wed, 03 Apr 2024 02:08:10 GMT
server
cloudflare
etag
0x8DC5382E914B008
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
232c4126-401e-0001-34e1-85665f000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
86f8a3e0ae213a6a-FRA
fortinet-logo-white.svg
www.fortinet.com/content/dam/fortinet-blog/
32 KB
3 KB
Image
General
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/fortinet-logo-white.svg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c01:8589:ad97:29df:f3e Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

X-Dispatcher
dispatcher1uswest1
Date
Sat, 30 Mar 2024 00:19:34 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Content-Encoding
gzip
Via
1.1 c43915e0cad14ee7685e5f74a99ce93c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P3
X-Vhost
publish
X-Cache
Hit from cloudfront
Age
552717
Content-Disposition
attachment; filename="fortinet-logo-white.svg"
Connection
keep-alive
Content-Length
1998
X-XSS-Protection
1; mode=block
Last-Modified
Thu, 22 Feb 2018 23:16:01 GMT
Server
Apache
ETag
"7ebb-565d53a1d6e40-gzip"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
image/svg+xml
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
X-Amz-Cf-Id
UObKYm8hBbP--fE3YOxDHpjdGvyUEPxeTNSfwhl2Itehtj6SvrmOxA==
toc-icon.jpg
www.fortinet.com/content/dam/fortinet/images/
1 KB
3 KB
Image
General
Full URL
https://www.fortinet.com/content/dam/fortinet/images/toc-icon.jpg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c01:8589:ad97:29df:f3e Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
370df1cc8999c1e03fc1c5f7ced35334513d19233d1fc79d2c1c7f711361565d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

X-Dispatcher
dispatcher1uswest1
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
X-Content-Type-Options
nosniff
Date
Fri, 05 Apr 2024 03:32:58 GMT
Via
1.1 0c792defeeaa18965559ad74895ea56a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P3
Age
22713
X-Vhost
publish
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
1277
X-XSS-Protection
1; mode=block
Last-Modified
Tue, 14 Nov 2023 17:34:13 GMT
Server
Apache
ETag
"4fd-60a2031eb4f40"
X-Frame-Options
SAMEORIGIN
Content-Type
image/jpeg
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
X-Amz-Cf-Id
IIpPT2hpFCd3gJsY0nqw6lg334GgIBhgOKRN-tTmQzrb-yETJWkd7Q==
clientlib-base.min.45f6c0bdb03736a410d54befc06568ae.js
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/
156 KB
73 KB
Script
General
Full URL
https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.45f6c0bdb03736a410d54befc06568ae.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c01:8589:ad97:29df:f3e Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
f95b62f026ed0d8161a753024fcd4e7c5f8677feb314645900ea53e1a832174b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Thu, 04 Apr 2024 21:17:43 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Content-Encoding
gzip
Via
1.1 c43915e0cad14ee7685e5f74a99ce93c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P3
X-Vhost
publish
X-Cache
Hit from cloudfront
Age
45227
Connection
keep-alive
Content-Length
72950
X-XSS-Protection
1; mode=block
Last-Modified
Thu, 01 Feb 2024 21:59:21 GMT
Server
Apache
ETag
"2709b-610591b92c040-gzip"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
application/javascript;charset=utf-8
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
X-Amz-Cf-Id
dy4036WjKRlX_TFPaqnleH9Lygn9OGhwnfTrNRrBDodh8yUrIcK7kg==
f85f39fc-d7aa-467a-b762-fbb722748016.json
cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/
5 KB
2 KB
XHR
General
Full URL
https://cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/f85f39fc-d7aa-467a-b762-fbb722748016.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8998282f5a80fff5eaafdbd457dd7a81af0cd7c8696bfe032a6aeef8fe67f99f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 05 Apr 2024 09:51:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
61395
content-md5
Uj3iBUKm1Vl2g2NHq67V+w==
content-length
1792
x-ms-lease-status
unlocked
last-modified
Thu, 28 Dec 2023 19:56:54 GMT
server
cloudflare
etag
0x8DC07DF23DF5130
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
67257c4e-101e-0033-60c8-396628000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
86f8a3e17c3e9b46-FRA
expires
Sat, 06 Apr 2024 09:51:32 GMT
truncated
/
71 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
chavecloak-hero.png
www.fortinet.com/content/dam/fortinet-blog/article-heros/
283 KB
285 KB
Image
General
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-heros/chavecloak-hero.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c01:8589:ad97:29df:f3e Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
3fa06c7308961207c4a1e8f0f743a6a3771729d4e8eec99b6bffab60a24e1f19
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

X-Dispatcher
dispatcher1uswest1
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
X-Content-Type-Options
nosniff
Date
Fri, 05 Apr 2024 09:46:29 GMT
Via
1.1 0c792defeeaa18965559ad74895ea56a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P3
Age
2742523
X-Vhost
publish
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
290268
X-XSS-Protection
1; mode=block
Last-Modified
Wed, 21 Feb 2024 04:32:01 GMT
Server
Apache
ETag
"46ddc-611dcced7f240"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
X-Amz-Cf-Id
c-lWFPBJpkFzkDYZxqneiNqS9gCwHTN2r92EP-VIPXTU716vrOc4Ew==
lumma-variant-thumbnail.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-heros/
46 KB
48 KB
Image
General
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-heros/lumma-variant-thumbnail.png.thumb.319.319.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c01:8589:ad97:29df:f3e Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
11c69167edad4aa2ac0c3def81f10e2caf7375ca37d9170e9277ac2cef39eb32
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

X-Dispatcher
dispatcher1uswest1
Date
Fri, 05 Apr 2024 09:50:09 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Via
1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P3
Age
7576487
X-Vhost
publish
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
47302
X-XSS-Protection
1; mode=block
Last-Modified
Tue, 02 Jan 2024 23:55:16 GMT
Server
Apache
ETag
"b8c6-60dff3ae26100"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
X-Amz-Cf-Id
zHhOIlUBH8LpCO6PQFoZpOw4dtF8pZSRPA8oGZoUnfxtl2MAI5fgXw==
phobos-thumbnail.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-heros/
54 KB
55 KB
Image
General
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-heros/phobos-thumbnail.png.thumb.319.319.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c01:8589:ad97:29df:f3e Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
212962880c8cc9866ea8fe2a4c40cbdaff1ae206b8a1b1c97534886e3a516838
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Fri, 05 Apr 2024 09:50:08 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Via
1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P3
Age
2742523
X-Vhost
publish
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
55081
X-XSS-Protection
1; mode=block
Last-Modified
Mon, 22 Jan 2024 22:22:52 GMT
Server
Apache
ETag
"d729-60f9045432700"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
X-Amz-Cf-Id
rNqH8mCGWvgFumDPVnnhxZLpeHwZn783x6dZa4itVwhQ7DO_i3nF-w==
xrat-fig-six.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/xrat-trojan-income-calculator/
67 KB
68 KB
Image
General
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-images/xrat-trojan-income-calculator/xrat-fig-six.png.thumb.319.319.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c01:8589:ad97:29df:f3e Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
c5b5f045359692b90952582d5a00b7d69fed8d8d37cd29037a997a71065e5742
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

X-Dispatcher
dispatcher1uswest1
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
X-Content-Type-Options
nosniff
Date
Fri, 05 Apr 2024 09:47:44 GMT
Via
1.1 c43915e0cad14ee7685e5f74a99ce93c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P3
Age
4090737
X-Vhost
publish
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
68170
X-XSS-Protection
1; mode=block
Last-Modified
Thu, 15 Aug 2019 05:05:39 GMT
Server
Apache
ETag
"10a4a-59020d3200ec0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
X-Amz-Cf-Id
dMh0FFc2QR_-tennhr8S8L02C1AgXboaAeoUULE89Mf_QT3gnfqYSQ==
UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
www.fortinet.com/etc/designs/fortinet/gfonts/
37 KB
38 KB
Font
General
Full URL
https://www.fortinet.com/etc/designs/fortinet/gfonts/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.dd0a483149c256850fa49d2e21abf149.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c01:8589:ad97:29df:f3e Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
b97c99a69a6275c8f90703cd4c0864089a74fd08383a1cc75a8a4d0c2cb60cce
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.dd0a483149c256850fa49d2e21abf149.css
Origin
https://www.fortinet.com
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Thu, 04 Apr 2024 21:20:21 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Via
1.1 2a44338adc8233e5b25aca28287a69c8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P3
Age
45237
X-Vhost
publish
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
37716
X-XSS-Protection
1; mode=block
Last-Modified
Wed, 18 May 2022 21:11:25 GMT
Server
Apache
ETag
"9354-5df4fb32c7940"
X-Frame-Options
SAMEORIGIN
Content-Type
application/octet-stream
Cache-Control
max-age=2000000, public
Accept-Ranges
bytes
X-Amz-Cf-Id
IX7BIWxatYniOHzJmiQHnAHJi6FQNhyV9lMwH_Pm1rJI5eotQnEXtg==
fig01-chavecloak-attack-flow.png
www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil/_jcr_content/root/responsivegrid/table_content/par/image.img.png/1708489434767/
31 KB
32 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil/_jcr_content/root/responsivegrid/table_content/par/image.img.png/1708489434767/fig01-chavecloak-attack-flow.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c01:8589:ad97:29df:f3e Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
74db5c94725d3aff70b5c3da48002c3760f00ede26fb2175b0d2bd152b67f70d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Fri, 05 Apr 2024 09:47:44 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Via
1.1 7251dede1ac94066b27bcd33919b30c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P3
Age
2742523
X-Vhost
publish
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
31466
X-XSS-Protection
1; mode=block
Last-Modified
Wed, 21 Feb 2024 04:23:54 GMT
Server
Apache
ETag
"7aea-611dcb1d0ea80"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
X-Amz-Cf-Id
TRlAGHQMbci2QudFMpcl3ebDShADMoYnL00TMvIToq-azuarrsTckQ==
fig02-chavecloak-telemetry.png
www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil/_jcr_content/root/responsivegrid/table_content/par/image_1455717084.img.png/1708489449507/
63 KB
64 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil/_jcr_content/root/responsivegrid/table_content/par/image_1455717084.img.png/1708489449507/fig02-chavecloak-telemetry.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c01:8589:ad97:29df:f3e Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
8cae31bc96004772d7dd22e635baa056e5d11f7b20c3dfc42b2d5fe2bff04fa8
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Fri, 05 Apr 2024 09:47:44 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Via
1.1 2a44338adc8233e5b25aca28287a69c8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P3
Age
2742523
X-Vhost
publish
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
64480
X-XSS-Protection
1; mode=block
Last-Modified
Wed, 21 Feb 2024 04:24:09 GMT
Server
Apache
ETag
"fbe0-611dcb2b5cc40"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
X-Amz-Cf-Id
janHbBLVaS26xMeoXz5H8i9hZzASubT_j1H3_Zh8_mNJR_ApS6nxLQ==
truncated
/
42 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/gif
fig03-chavecloak-malicious-pdf-file.png
www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil/_jcr_content/root/responsivegrid/table_content/par/image_216935753.img.png/1708489470471/
211 KB
213 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil/_jcr_content/root/responsivegrid/table_content/par/image_216935753.img.png/1708489470471/fig03-chavecloak-malicious-pdf-file.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c01:8589:ad97:29df:f3e Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
a724de2fc5d22b7a493b96fa339cdc1af278238a0bfad44619705c408396c82d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Fri, 05 Apr 2024 09:50:09 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Via
1.1 c43915e0cad14ee7685e5f74a99ce93c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P3
Age
2742523
X-Vhost
publish
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
216321
X-XSS-Protection
1; mode=block
Last-Modified
Wed, 21 Feb 2024 04:24:30 GMT
Server
Apache
ETag
"34d01-611dcb3f63b80"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
X-Amz-Cf-Id
93e1rTdPgMEAvRJfKMGrUfcSAVaHQzWD33Tv4btHyf9dRWNWFa87uA==
fig04-chavecloak-embedded-url.png
www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil/_jcr_content/root/responsivegrid/table_content/par/image_317318720.img.png/1708489493439/
47 KB
49 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil/_jcr_content/root/responsivegrid/table_content/par/image_317318720.img.png/1708489493439/fig04-chavecloak-embedded-url.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c01:8589:ad97:29df:f3e Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
1e6ae01a1087a0b2cde6fe1790fbf0eedbd20bb4bc8144f2f135f2ce696ce188
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Fri, 05 Apr 2024 09:50:09 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Via
1.1 7251dede1ac94066b27bcd33919b30c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P3
Age
2742523
X-Vhost
publish
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
48366
X-XSS-Protection
1; mode=block
Last-Modified
Wed, 21 Feb 2024 04:24:53 GMT
Server
Apache
ETag
"bcee-611dcb5552f40"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
X-Amz-Cf-Id
Qb4raoUkhe8-GH-cecgbfNvLarFaqrok9vrRmAi2OsN7EsAavm62hA==
fig05-chavecloak-decompressed-msi-file.png
www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil/_jcr_content/root/responsivegrid/table_content/par/image_1942095667.img.png/1708489512234/
89 KB
90 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil/_jcr_content/root/responsivegrid/table_content/par/image_1942095667.img.png/1708489512234/fig05-chavecloak-decompressed-msi-file.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c01:8589:ad97:29df:f3e Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
092e5f2adeb0d2835902f7f4c87ab8610db6d8ea0c0878ec62af3524a8c73a1b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Fri, 05 Apr 2024 09:50:09 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Via
1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P3
Age
2742523
X-Vhost
publish
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
90759
X-XSS-Protection
1; mode=block
Last-Modified
Wed, 21 Feb 2024 04:25:12 GMT
Server
Apache
ETag
"16287-611dcb6771a00"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
X-Amz-Cf-Id
sS6iVPBKYVay1c0_ylAN3yyzPqlTleHEOBRHXJZ6JPGSxq_voMXp6g==
fig06-chavecloak-actiontext-msi-file.png
www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil/_jcr_content/root/responsivegrid/table_content/par/image_88424216.img.png/1708489534261/
203 KB
204 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil/_jcr_content/root/responsivegrid/table_content/par/image_88424216.img.png/1708489534261/fig06-chavecloak-actiontext-msi-file.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c01:8589:ad97:29df:f3e Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
1b7f45813a2bb29b5d589575b8c5fef51560ca4952bd87595c7d457176f3efaf
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Fri, 05 Apr 2024 09:50:09 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Via
1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P3
Age
2742523
X-Vhost
publish
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
207381
X-XSS-Protection
1; mode=block
Last-Modified
Wed, 21 Feb 2024 04:25:34 GMT
Server
Apache
ETag
"32a15-611dcb7c6cb80"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
X-Amz-Cf-Id
iwBAI8y3XROWrpnTDGBn5tC-uhZFPQCbJAkutjDi7aZfnRkZOVlSzQ==
fig07-chavecloak-load-malicious-dll-lightshot.png
www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil/_jcr_content/root/responsivegrid/table_content/par/image_571107726.img.png/1708489558127/
66 KB
67 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil/_jcr_content/root/responsivegrid/table_content/par/image_571107726.img.png/1708489558127/fig07-chavecloak-load-malicious-dll-lightshot.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c01:8589:ad97:29df:f3e Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
e8ea0e4bc8dcf1b49c6a875211c0b9ece67c182c186d9ddd5328e3c5c6b1d717
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Fri, 05 Apr 2024 09:47:45 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Via
1.1 2a44338adc8233e5b25aca28287a69c8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P3
Age
2742523
X-Vhost
publish
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
67231
X-XSS-Protection
1; mode=block
Last-Modified
Wed, 21 Feb 2024 04:25:58 GMT
Server
Apache
ETag
"1069f-611dcb9350180"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
X-Amz-Cf-Id
dydPaKt3do8UhBZ5jWsHBFk949V03Jyrev3PfNXMtS8_l2u0fPO1Dw==
fig08-chavecloak-check-in-victim-list.png
www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil/_jcr_content/root/responsivegrid/table_content/par/image_2067664507.img.png/1708489583743/
237 KB
238 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil/_jcr_content/root/responsivegrid/table_content/par/image_2067664507.img.png/1708489583743/fig08-chavecloak-check-in-victim-list.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c01:8589:ad97:29df:f3e Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
0a12a62ce5640f55240ff8ff61acd83cac626e312cc46b3030f53e89f2bf8e35
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Fri, 05 Apr 2024 09:50:09 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Via
1.1 7251dede1ac94066b27bcd33919b30c6.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P3
Age
2742523
X-Vhost
publish
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
242329
X-XSS-Protection
1; mode=block
Last-Modified
Wed, 21 Feb 2024 04:26:23 GMT
Server
Apache
ETag
"3b299-611dcbab279c0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
X-Amz-Cf-Id
6_2pvHjYyqOivFW3wcTwbf8a7Y035RjsnswBdu9tsMz1EnbfLBmTlg==
fig09a-chavecloak-windows-text-target-string.png
www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil/_jcr_content/root/responsivegrid/table_content/par/image_987666277.img.png/1708977655977/
130 KB
132 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil/_jcr_content/root/responsivegrid/table_content/par/image_987666277.img.png/1708977655977/fig09a-chavecloak-windows-text-target-string.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c01:8589:ad97:29df:f3e Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
7f52cbe9092235dc5c3f51af2840f67ef19293273e9c3aaa678e22555f8809ff
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Fri, 05 Apr 2024 09:47:45 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Via
1.1 c43915e0cad14ee7685e5f74a99ce93c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P3
Age
2742523
X-Vhost
publish
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
133510
X-XSS-Protection
1; mode=block
Last-Modified
Mon, 26 Feb 2024 20:00:55 GMT
Server
Apache
ETag
"20986-6124e5e0e2bc0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
X-Amz-Cf-Id
S7jR_ZwzFmXBxlZPrgy-QE0mA6_7VSNk8m9Svv79LfzH8VirUSAs9Q==
fig10-chavecloak-deceptive-popup-windows.png
www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil/_jcr_content/root/responsivegrid/table_content/par/image_342862909.img.png/1708977777883/
157 KB
158 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil/_jcr_content/root/responsivegrid/table_content/par/image_342862909.img.png/1708977777883/fig10-chavecloak-deceptive-popup-windows.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c01:8589:ad97:29df:f3e Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
8dfccdbf28e85e0ac66d79cb79e8411644542d02b8ccafea0d2f9c7116046c27
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Fri, 05 Apr 2024 09:50:10 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Via
1.1 2a44338adc8233e5b25aca28287a69c8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P3
Age
2742523
X-Vhost
publish
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
160564
X-XSS-Protection
1; mode=block
Last-Modified
Mon, 26 Feb 2024 20:02:57 GMT
Server
Apache
ETag
"27334-6124e6553be40"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
X-Amz-Cf-Id
NbZ4vHSQmTwmxOQkueR-eZ5zC2REKIWp_MH5geRDzbABpOfRWuuyPQ==
fig11-chavecloak-assembly-code-uploads-stolen-data.png
www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil/_jcr_content/root/responsivegrid/table_content/par/image_604548819.img.png/1708489629368/
46 KB
47 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil/_jcr_content/root/responsivegrid/table_content/par/image_604548819.img.png/1708489629368/fig11-chavecloak-assembly-code-uploads-stolen-data.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c01:8589:ad97:29df:f3e Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
09fcca8e0c3ea722e40ad04c2a77433fc0f212a56de08eb7d465427406a7a402
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Fri, 05 Apr 2024 09:50:09 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Via
1.1 0c792defeeaa18965559ad74895ea56a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P3
Age
2742522
X-Vhost
publish
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
47219
X-XSS-Protection
1; mode=block
Last-Modified
Wed, 21 Feb 2024 04:27:09 GMT
Server
Apache
ETag
"b873-611dcbd706140"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
X-Amz-Cf-Id
TaB0PRr63toHj5yrAwqy4xIcfFCKgCPiEiUbj_MxCiO35TesGB9MtA==
fig12-chavecloak-http-post-data-for-banco-bradesco.png
www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil/_jcr_content/root/responsivegrid/table_content/par/image_1436880423.img.png/1708977812891/
75 KB
77 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil/_jcr_content/root/responsivegrid/table_content/par/image_1436880423.img.png/1708977812891/fig12-chavecloak-http-post-data-for-banco-bradesco.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c01:8589:ad97:29df:f3e Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
2dbc6813df3c3b914d87440e0679235b59f4753f94209a9b1fccf04e29c4385d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Fri, 05 Apr 2024 09:50:10 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Via
1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P3
Age
2742522
X-Vhost
publish
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
77083
X-XSS-Protection
1; mode=block
Last-Modified
Mon, 26 Feb 2024 20:03:32 GMT
Server
Apache
ETag
"12d1b-6124e6769cd00"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
X-Amz-Cf-Id
E0xIgica1ZW-p3J1wYTueuFCJG2BLxFSjSM3JEy0Tz9UX4P660I3uw==
fig13-chavecloak-payload-tform1.png
www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil/_jcr_content/root/responsivegrid/table_content/par/image_360237635.img.png/1708489655152/
80 KB
81 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil/_jcr_content/root/responsivegrid/table_content/par/image_360237635.img.png/1708489655152/fig13-chavecloak-payload-tform1.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c01:8589:ad97:29df:f3e Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
c32e7741dfbc444046cf846cbddad8e34369f56b0326437bcb12644702c07629
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Fri, 05 Apr 2024 09:50:09 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Via
1.1 c43915e0cad14ee7685e5f74a99ce93c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P3
Age
2742521
X-Vhost
publish
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
81702
X-XSS-Protection
1; mode=block
Last-Modified
Wed, 21 Feb 2024 04:27:35 GMT
Server
Apache
ETag
"13f26-611dcbefd1bc0"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
X-Amz-Cf-Id
8oZEnghy0QTmBqBjXc_ddy9gmbwZ2mbQdKs5rYMAAr_TQXvvxMrGtg==
fig14-chavecloak-add-registry.png
www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil/_jcr_content/root/responsivegrid/table_content/par/image_2091935791.img.png/1708489670553/
17 KB
18 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil/_jcr_content/root/responsivegrid/table_content/par/image_2091935791.img.png/1708489670553/fig14-chavecloak-add-registry.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c01:8589:ad97:29df:f3e Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
051af2d585f30b1a5b8227c0d24a7b91dcfc71d55a561d05f87128e28ec52c23
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Fri, 05 Apr 2024 09:47:46 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Via
1.1 544814e402956ba93c0a2d2b923e94c2.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P3
Age
2742522
X-Vhost
publish
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
17328
X-XSS-Protection
1; mode=block
Last-Modified
Wed, 21 Feb 2024 04:27:50 GMT
Server
Apache
ETag
"43b0-611dcbfe1fd80"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
X-Amz-Cf-Id
YpWDzJZEszHNPHo7K5DNZdm0V2ksuulNwYfkPz_CfITJqSWdHEzzVQ==
fig15-chavecloak-check-in-user-list.png
www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil/_jcr_content/root/responsivegrid/table_content/par/image_584751552.img.png/1708489684730/
225 KB
226 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil/_jcr_content/root/responsivegrid/table_content/par/image_584751552.img.png/1708489684730/fig15-chavecloak-check-in-user-list.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c01:8589:ad97:29df:f3e Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
955bc40e2deb6b3e2fa1173cef1056d6df636651b617d69ab770c37883147880
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Fri, 05 Apr 2024 09:50:10 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Via
1.1 0c792defeeaa18965559ad74895ea56a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P3
Age
2742522
X-Vhost
publish
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
230544
X-XSS-Protection
1; mode=block
Last-Modified
Wed, 21 Feb 2024 04:28:04 GMT
Server
Apache
ETag
"38490-611dcc0b79d00"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
X-Amz-Cf-Id
QRj-TF-UoSDeCkoVnX2aZM90buraaQBrkVoGMUL5fB3uS2lAFRr0oQ==
fig16a-chavecloak-http-data-account-info.png
www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil/_jcr_content/root/responsivegrid/table_content/par/image_1260395496.img.png/1708977908301/
227 KB
229 KB
Image
General
Full URL
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil/_jcr_content/root/responsivegrid/table_content/par/image_1260395496.img.png/1708977908301/fig16a-chavecloak-http-data-account-info.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c01:8589:ad97:29df:f3e Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
4a72d289037cca62f88722af90f8eea27b6d12ebd40aa2b581f2994a5c5e3ef0
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Fri, 05 Apr 2024 09:50:10 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Via
1.1 c43915e0cad14ee7685e5f74a99ce93c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P3
Age
2742522
X-Vhost
publish
X-Cache
Hit from cloudfront
Connection
keep-alive
Content-Length
232841
X-XSS-Protection
1; mode=block
Last-Modified
Mon, 26 Feb 2024 20:05:08 GMT
Server
Apache
ETag
"38d89-6124e6d22a500"
X-Frame-Options
SAMEORIGIN
Content-Type
image/png
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
X-Amz-Cf-Id
GBS8TlwILEHXTPHc_7v0HZDvAK9iEKQcYVwJ2x7dfN13CrqGzyT5ew==
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/
59 B
295 B
XHR
General
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept
application/json
Referer
https://www.fortinet.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 09:51:32 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
server
cloudflare
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cf-ray
86f8a3e2c89837fe-FRA
access-control-allow-headers
Content-Type
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/6.10.0/
356 KB
78 KB
Script
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a23e0e46e16f067271bc79c92a917c13769848457d16cdf109e4dc04c687e8f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 05 Apr 2024 09:51:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
Bh9exWOPGIwRshWljrtlEw==
age
57037
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
79698
x-ms-lease-status
unlocked
last-modified
Thu, 03 Dec 2020 02:43:00 GMT
server
cloudflare
etag
0x8D89735260901BC
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
196e3d49-701e-0078-0644-149a7b000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
86f8a3e328823a6a-FRA
en.json
cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/4ee482d4-0cd8-4c59-918a-90483d5b8131/
100 KB
24 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/4ee482d4-0cd8-4c59-918a-90483d5b8131/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
46ef912a5bf1fec350dc9d14102bcf1965471f16a57a890bdc5fc06bc4404370
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 05 Apr 2024 09:51:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
strict-transport-security
max-age=31536000; includeSubDomains; preload
age
60451
content-md5
0twb7zWjuAt4bYR0sykmNQ==
content-length
24175
x-ms-lease-status
unlocked
last-modified
Thu, 28 Dec 2023 19:57:10 GMT
server
cloudflare
etag
0x8DC07DF2D729AA1
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
63201da5-e01e-006a-57c8-39e1ab000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
86f8a3e3cdf19b46-FRA
expires
Sat, 06 Apr 2024 09:51:32 GMT
favicon.ico
www.fortinet.com/etc/designs/fortinet-blog/
318 B
2 KB
Other
General
Full URL
https://www.fortinet.com/etc/designs/fortinet-blog/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2a05:d014:f3c:6c01:8589:ad97:29df:f3e Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Apache /
Resource Hash
d18b3c9feb76c3c1cfdcc51c732f113327e3c33fb3f63b479951f7da6ed1216f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Thu, 04 Apr 2024 21:17:45 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-Content-Type-Options
nosniff
Content-Security-Policy
frame-ancestors 'self' https://www.fortinet.com
Content-Encoding
gzip
Via
1.1 c43915e0cad14ee7685e5f74a99ce93c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop
FRA60-P3
X-Vhost
publish
X-Cache
Hit from cloudfront
Age
45226
Connection
keep-alive
Content-Length
133
X-XSS-Protection
1; mode=block
Last-Modified
Thu, 22 Feb 2018 05:17:28 GMT
Server
Apache
ETag
"13e-565c628eb6a00-gzip"
X-Frame-Options
SAMEORIGIN
Vary
Accept-Encoding
Content-Type
image/vnd.microsoft.icon
Accept-Ranges
bytes
X-Amz-Cf-Id
feCwCLD5GaL21Kq7ttSzNtYFLludauXXFfBAPYP3mxTsXD1QmKfrKQ==
otCenterRounded.json
cdn.cookielaw.org/scripttemplates/6.10.0/assets/
9 KB
3 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.10.0/assets/otCenterRounded.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
452ee2471448cc6b716090a014cf7fc9cc515998bda9dcc334aa073a72a591e7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 05 Apr 2024 09:51:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
SH1nUCPouc1JVrHnvxpQbg==
age
51067
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
2857
x-ms-lease-status
unlocked
last-modified
Thu, 03 Dec 2020 02:42:51 GMT
server
cloudflare
etag
0x8D89735210A49EB
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
df6352b5-e01e-0018-22d2-21e6e4000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
86f8a3e43e329b46-FRA
otPcTab.json
cdn.cookielaw.org/scripttemplates/6.10.0/assets/v2/
45 KB
12 KB
Fetch
General
Full URL
https://cdn.cookielaw.org/scripttemplates/6.10.0/assets/v2/otPcTab.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:b134 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f9b2aaabab92d9c63930432351fa3f5aa634fcb5db31b039e23465f8b4bd5a68
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 05 Apr 2024 09:51:32 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
zNsRoM1FEmsEgJoYMCNTng==
age
65330
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-length
11755
x-ms-lease-status
unlocked
last-modified
Thu, 03 Dec 2020 02:42:53 GMT
server
cloudflare
etag
0x8D897352245C4EA
vary
Accept-Encoding
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
77f313b5-301e-0034-7eb4-210a4b000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=86400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
86f8a3e43e349b46-FRA
launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
assets.adobedtm.com/
489 KB
119 KB
Script
General
Full URL
https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
ab3fce3837e8552364ab964479bac1e328bdb9c7d579a09f01f5411665d0bd89

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 09:51:32 GMT
content-encoding
gzip
last-modified
Tue, 26 Mar 2024 21:25:54 GMT
server
AkamaiNetStorage
etag
"6463c739c3fa77234bf0e9ead96fcbcb:1711488354.325906"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
121122
expires
Fri, 05 Apr 2024 10:51:32 GMT
AppMeasurement.min.js
assets.adobedtm.com/extensions/EPc7341b33570d4c988798fc9f0093d4b2/
35 KB
13 KB
Script
General
Full URL
https://assets.adobedtm.com/extensions/EPc7341b33570d4c988798fc9f0093d4b2/AppMeasurement.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
f012c00d43164a4de843ae80abefe500f8497e1123d11c965cd3b40600fe9720

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 09:51:32 GMT
content-encoding
gzip
last-modified
Mon, 04 Mar 2024 18:51:30 GMT
server
AkamaiNetStorage
etag
"964f8cb588092ac645368e7307eb73ac:1709578290.803919"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
no-cache
accept-ranges
bytes
timing-allow-origin
*
content-length
12938
expires
Fri, 05 Apr 2024 10:51:32 GMT
AppMeasurement_Module_ActivityMap.min.js
assets.adobedtm.com/extensions/EPc7341b33570d4c988798fc9f0093d4b2/
3 KB
2 KB
Script
General
Full URL
https://assets.adobedtm.com/extensions/EPc7341b33570d4c988798fc9f0093d4b2/AppMeasurement_Module_ActivityMap.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
b90b775b65c2623322caaa52d7acf6af709ca59bdd475a54043b6308d91828c4

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 09:51:32 GMT
content-encoding
gzip
last-modified
Mon, 04 Mar 2024 18:51:31 GMT
server
AkamaiNetStorage
etag
"9cf185793291692f744c78c75da01dd8:1709578291.795602"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
no-cache
accept-ranges
bytes
timing-allow-origin
*
content-length
1599
expires
Fri, 05 Apr 2024 10:51:32 GMT
6si.min.js
j.6sc.co/
64 KB
18 KB
Script
General
Full URL
https://j.6sc.co/6si.min.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-184.deploy.static.akamaitechnologies.com
Software
nginx/1.14.0 (Ubuntu) /
Resource Hash
8c1781ec4483c6fb3bd9ad005d312800eaf24e232c12976624bff84f8ab908b3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Fri, 05 Apr 2024 09:51:33 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 22 Feb 2024 19:00:41 GMT
server
nginx/1.14.0 (Ubuntu)
etag
"65d799d9-101dd"
vary
Accept-Encoding
content-type
application/javascript
cache-control
private, no-cache, proxy-revalidate
accept-ranges
bytes
content-length
17693
expires
Fri, 05 Apr 2024 09:51:33 GMT
RC448863e9e05a4b4880daa4a5fb7da328-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/a4214948ffcb/
358 B
485 B
Script
General
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/a4214948ffcb/RC448863e9e05a4b4880daa4a5fb7da328-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
91dc26bc3ccca870535534b0a04195b1a3ed97f6ca8d9e992c65919014c2af65

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 09:51:32 GMT
content-encoding
gzip
last-modified
Tue, 26 Mar 2024 21:25:56 GMT
server
AkamaiNetStorage
etag
"681c461982a616823c5c9dcf469474d7:1711488356.105678"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
228
expires
Fri, 05 Apr 2024 10:51:32 GMT
RC0ba76d5bbb984ea6a79cd6308c48dbff-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/a4214948ffcb/
2 KB
981 B
Script
General
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/a4214948ffcb/RC0ba76d5bbb984ea6a79cd6308c48dbff-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:591::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
1452b6c812065240da9d99d3dde1639fe59d10fbcc235506b82ed9d7e5d7c535

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 09:51:32 GMT
content-encoding
gzip
last-modified
Tue, 26 Mar 2024 21:25:56 GMT
server
AkamaiNetStorage
etag
"681c461982a616823c5c9dcf469474d7:1711488356.105678"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
723
expires
Fri, 05 Apr 2024 10:51:32 GMT
optOutStatus
dpm.demdex.net/
41 B
543 B
XHR
General
Full URL
https://dpm.demdex.net/optOutStatus?d_visid_ver=5.5.0&d_rtbd=json&d_ver=2&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1712310693055
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.171.118.212 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-171-118-212.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e5873dbdaa376d924cfa4b2ba4b1622d4e6e483866e2b7bc24ef3007ff5960e7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://www.fortinet.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

dcs
dcs-prod-irl1-1-v059-0d3a32ffd.edge-irl1.demdex.com 2 ms
pragma
no-cache
date
Fri, 05 Apr 2024 09:51:33 GMT
strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
x-tid
kIPCZqjjS7A=
vary
Origin
content-type
application/json;charset=utf-8
p3p
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
access-control-allow-origin
https://www.fortinet.com
cache-control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
access-control-allow-credentials
true
content-length
60
expires
Thu, 01 Jan 1970 00:00:00 UTC
/
c.6sc.co/
7 B
194 B
XHR
General
Full URL
https://c.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.100.184 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-100-184.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 09:51:33 GMT
access-control-max-age
86400
access-control-allow-methods
GET,POST
content-type
text/html
access-control-allow-origin
https://www.fortinet.com
access-control-allow-credentials
true
access-control-allow-headers
*
content-length
7
/
ipv6.6sc.co/
19 B
309 B
XHR
General
Full URL
https://ipv6.6sc.co/
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:ab00::214:8e41 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
8912320737e38147499c4a1e19c30ca5ba1bdc092378f86d6d18952ec1f61bd7

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://www.fortinet.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Fri, 05 Apr 2024 09:51:33 GMT
vary
Origin
content-type
text/html
access-control-allow-origin
https://www.fortinet.com
cache-control
max-age=0, no-cache, no-store
6si-ipv6
2a01:4a0:1338:92::3
server-timing
cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1712310693261_34901565_279969349_26_914_38_110_219";dur=1
content-length
19
expires
Fri, 05 Apr 2024 09:51:33 GMT
details
epsilon.6sense.com/v3/company/
725 B
708 B
XHR
General
Full URL
https://epsilon.6sense.com/v3/company/details
Requested by
Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.59.114.103 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-59-114-103.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
d454566fbbab8fcbc70a1c3139be25be5205712442564fe24a5e0258e3337a98

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
Authorization
Token 7381d1d7c753fe2d8e217c3fdc44c0f17418dcc4
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
X-6s-CustomID
WebTag1.0 5eeecf22b2d12a77a14639dce97b7a36
Referer
https://www.fortinet.com/
sec-ch-ua-platform
"Win32"

Response headers

x-trace-id
5355817809280545167
date
Fri, 05 Apr 2024 09:51:33 GMT
content-encoding
gzip
server
nginx
vary
Origin, Accept-Encoding
content-type
application/json
x-6si-region
eu-central-1a
access-control-allow-origin
https://www.fortinet.com
access-control-expose-headers
X-6si-Region
access-control-allow-credentials
true
timing-allow-origin
https://6sense.com, https://www.ssga.com
content-length
387
details
epsilon.6sense.com/v3/company/
0
0
Preflight
General
Full URL
https://epsilon.6sense.com/v3/company/details
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.59.114.103 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-59-114-103.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,x-6s-customid
Access-Control-Request-Method
GET
Origin
https://www.fortinet.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
authorization,x-6s-customid
access-control-allow-methods
OPTIONS,GET
access-control-allow-origin
https://www.fortinet.com
access-control-expose-headers
X-6si-Region
access-control-max-age
1800
date
Fri, 05 Apr 2024 09:51:33 GMT
server
nginx
timing-allow-origin
https://6sense.com, https://www.ssga.com
x-6si-region
eu-central-1a
x-trace-id
8161450525298609237
s71542629214268
metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.26.0-LDQM/
Redirect Chain
  • https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.26.0-LDQM/s71542629214268?AQB=1&ndh=1&pf=1&t=5%2F3%2F2024%2011%3A51%3A33%205%20-120&fid=4D76F0AF8311E31C-3FBED0F313EF048F&ce=UTF-8&pag...
  • https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.26.0-LDQM/s71542629214268?AQB=1&pccr=true&vidn=3307E4D2826E83D5-60000E6C41638B8C&ndh=1&pf=1&t=5%2F3%2F2024%2011%3A51%3A33%205%20-120&f...
43 B
249 B
Image
General
Full URL
https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.26.0-LDQM/s71542629214268?AQB=1&pccr=true&vidn=3307E4D2826E83D5-60000E6C41638B8C&ndh=1&pf=1&t=5%2F3%2F2024%2011%3A51%3A33%205%20-120&fid=4D76F0AF8311E31C-3FBED0F313EF048F&ce=UTF-8&pageName=en%3Ablog%3Athreat-research%3Abanking-trojan-chavecloak-targets-brazil&g=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fbanking-trojan-chavecloak-targets-brazil&c.&cm.&ssf=1&.cm&.c&cc=USD&v1=www.fortinet.com%2Fblog%2Fthreat-research%2Fbanking-trojan-chavecloak-targets-brazil&c7=Entire%20Site&c8=New&v27=BLOG&v33=en%3Ablog%3Athreat-research%3Abanking-trojan-chavecloak-targets-brazil&v35=Enabled&v92=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fbanking-trojan-chavecloak-targets-brazil&s=800x600&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1113&AQE=1
Protocol
H2
Server
63.140.62.17 , United States, ASN15224 (OMNITURE, US),
Reverse DNS
ip-63-140-62-17.data.adobedc.net
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 05 Apr 2024 09:51:33 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Sat, 06 Apr 2024 09:51:33 GMT
server
jag
etag
3677159214217428992-4618641190230154947
vary
*
p3p
CP="This is not a P3P policy"
access-control-allow-origin
*
content-type
image/gif;charset=utf-8
cache-control
no-cache, no-store, max-age=0, no-transform, private
content-length
43
x-xss-protection
1; mode=block
expires
Thu, 04 Apr 2024 09:51:33 GMT

Redirect headers

pragma
no-cache
date
Fri, 05 Apr 2024 09:51:33 GMT
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
last-modified
Sat, 06 Apr 2024 09:51:33 GMT
server
jag
vary
Origin
p3p
CP="This is not a P3P policy"
access-control-allow-origin
*
location
https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.26.0-LDQM/s71542629214268?AQB=1&pccr=true&vidn=3307E4D2826E83D5-60000E6C41638B8C&ndh=1&pf=1&t=5%2F3%2F2024%2011%3A51%3A33%205%20-120&fid=4D76F0AF8311E31C-3FBED0F313EF048F&ce=UTF-8&pageName=en%3Ablog%3Athreat-research%3Abanking-trojan-chavecloak-targets-brazil&g=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fbanking-trojan-chavecloak-targets-brazil&c.&cm.&ssf=1&.cm&.c&cc=USD&v1=www.fortinet.com%2Fblog%2Fthreat-research%2Fbanking-trojan-chavecloak-targets-brazil&c7=Entire%20Site&c8=New&v27=BLOG&v33=en%3Ablog%3Athreat-research%3Abanking-trojan-chavecloak-targets-brazil&v35=Enabled&v92=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fbanking-trojan-chavecloak-targets-brazil&s=800x600&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1113&AQE=1
content-type
text/plain;charset=utf-8
cache-control
no-cache, no-store, max-age=0, no-transform, private
content-length
0
x-xss-protection
1; mode=block
expires
Thu, 04 Apr 2024 09:51:33 GMT

Verdicts & Comments Add Verdict or Comment

68 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| OneTrustStub function| OptanonWrapper object| fortinet_blog object| EasyAutocomplete object| search_config object| keywords object| siteId object| lang object| options boolean| searchFired boolean| blogFilter string| documentsQuery string| blogCategories string| authorsList string| yearsList object| lastQuery number| totalReturn number| lastRow object| lastWordsForCounting function| htmlEncode function| hideAutoComplete function| sitesearch_init function| sitesearch_search_callback function| sitesearch_countall_callback function| sitesearch_do_search function| sitesearch_do_force_search function| sitesearch_spellcheck_callback function| sitesearch_do_spellcheck function| sitesearch_do_suggest_search function| sitesearch_query_searchresult_callback function| sitesearch_do_query_searchresult function| sitesearch_click_page_callback function| sitesearch_click_page function| search_action function| sitesearch_search_fortiguard function| count_facets_type function| shuffle_facets function| setImmediate function| clearImmediate function| $ function| jQuery string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer object| otStubData object| Optanon object| OneTrust object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in number| timer_e object| _6si function| AppMeasurement_Module_ActivityMap function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq object| Sixsct object| t function| liberatedGetOptOut boolean| _storagePopulated object| s_i_fortinetincproduction object| targetGlobalSettings

11 Cookies

Domain/Path Name / Value
www.fortinet.com/ Name: cookiesession1
Value: 678A3E2229CF1F70126C43E980F2F054
www.fortinet.com/ Name: AWSALB
Value: 8Skb9p/gt1MlBvus/jgtd1nhuoIzY0eDl+6f3ZYc7B+tiJTAL5BchiT0nB3MqdFxQr4NNhvaT3pr3xcXuu9iuyR+AA8lk9P08mf7eNm87K/tT5lmbHkx+9rQCHwCMIAyS8EzEygOLuXssRRjrefXirL7els1gP1YKL/fzkBLp1KEphzjwvjmNdjtYS00N+nJvZtKk39Bgx4n5vsep3z45b4X9QTrAWyS
www.fortinet.com/ Name: AWSALBCORS
Value: bcVyVdhvOW1ETzNGuyswAfZ6nTmLeSANGOTeKfcmAn/5YOVAbtr9F6Ke4IJQvWNskcpW6/Xd2Sr6vDmtJUOUK8bH6GXOXVBJ/0/YDdj4t95bRyLsKytsaDJey/z82/3667bKhFLesJf/h+jGQwSTjWwbkmk8wbo3MUC3a1oAz1IrjutnPhmJw7BoNT7uJqMv3UrEp3aRN0syZ5W9YlwGnhTuTm4R4/Mp
.fortinet.com/ Name: OptanonConsent
Value: isIABGlobal=false&datestamp=Fri+Apr+05+2024+11%3A51%3A32+GMT%2B0200+(Central+European+Summer+Time)&version=6.10.0&hosts=&consentId=2cd435de-466a-402b-ad60-11217e4f9d8e&interactionCount=0&landingPath=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fbanking-trojan-chavecloak-targets-brazil&groups=C0001%3A1%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0
www.fortinet.com/ Name: aa_cc
Value: DE
www.fortinet.com/ Name: aa_cn
Value: DE
.fortinet.com/ Name: s_fid
Value: 4D76F0AF8311E31C-3FBED0F313EF048F
.fortinet.com/ Name: gpv_pn
Value: www.fortinet.com%2Fblog%2Fthreat-research%2Fbanking-trojan-chavecloak-targets-brazil
.fortinet.com/ Name: s_getNewRepeat
Value: 1712310693407-New
.fortinet.com/ Name: s_cc
Value: true
.fortinet.com/ Name: s_vi
Value: [CS]v1|3307E4D2826E83D5-60000E6C41638B8C[CE]

2 Console Messages

Source Level URL
Text
javascript warning URL: https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Message:
The resource https://www.fortinet.com/etc/designs/fortinet/adb-target/at.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.fortinet.com/blog/threat-research/banking-trojan-chavecloak-targets-brazil
Message:
The resource https://www.fortinet.com/etc/designs/fortinet/adb-target/visitorapi.min.js was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.adobedtm.com
c.6sc.co
cdn.cookielaw.org
dpm.demdex.net
epsilon.6sense.com
geolocation.onetrust.com
ipv6.6sc.co
j.6sc.co
metrics.fortinet.com
www.fortinet.com
2.17.100.184
2606:4700:4400::6812:2089
2606:4700::6813:b134
2a02:26f0:3500:591::1e80
2a02:26f0:ab00::214:8e41
2a05:d014:f3c:6c01:8589:ad97:29df:f3e
52.59.114.103
54.171.118.212
63.140.62.17
051af2d585f30b1a5b8227c0d24a7b91dcfc71d55a561d05f87128e28ec52c23
092e5f2adeb0d2835902f7f4c87ab8610db6d8ea0c0878ec62af3524a8c73a1b
09fcca8e0c3ea722e40ad04c2a77433fc0f212a56de08eb7d465427406a7a402
0a12a62ce5640f55240ff8ff61acd83cac626e312cc46b3030f53e89f2bf8e35
0f03d4ff929986a3cde83681fd2560eae544f7138f59945ec6ec32c17800ca91
11c69167edad4aa2ac0c3def81f10e2caf7375ca37d9170e9277ac2cef39eb32
1452b6c812065240da9d99d3dde1639fe59d10fbcc235506b82ed9d7e5d7c535
1b7f45813a2bb29b5d589575b8c5fef51560ca4952bd87595c7d457176f3efaf
1e6ae01a1087a0b2cde6fe1790fbf0eedbd20bb4bc8144f2f135f2ce696ce188
212962880c8cc9866ea8fe2a4c40cbdaff1ae206b8a1b1c97534886e3a516838
2157361193375a79ade3559e960f982daa8d599cf7f4a92d36e3eef257738f16
2dbc6813df3c3b914d87440e0679235b59f4753f94209a9b1fccf04e29c4385d
370df1cc8999c1e03fc1c5f7ced35334513d19233d1fc79d2c1c7f711361565d
3fa06c7308961207c4a1e8f0f743a6a3771729d4e8eec99b6bffab60a24e1f19
452ee2471448cc6b716090a014cf7fc9cc515998bda9dcc334aa073a72a591e7
46ef912a5bf1fec350dc9d14102bcf1965471f16a57a890bdc5fc06bc4404370
4a72d289037cca62f88722af90f8eea27b6d12ebd40aa2b581f2994a5c5e3ef0
5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d
74db5c94725d3aff70b5c3da48002c3760f00ede26fb2175b0d2bd152b67f70d
7a23e0e46e16f067271bc79c92a917c13769848457d16cdf109e4dc04c687e8f
7f52cbe9092235dc5c3f51af2840f67ef19293273e9c3aaa678e22555f8809ff
8912320737e38147499c4a1e19c30ca5ba1bdc092378f86d6d18952ec1f61bd7
8998282f5a80fff5eaafdbd457dd7a81af0cd7c8696bfe032a6aeef8fe67f99f
8c1781ec4483c6fb3bd9ad005d312800eaf24e232c12976624bff84f8ab908b3
8cae31bc96004772d7dd22e635baa056e5d11f7b20c3dfc42b2d5fe2bff04fa8
8dfccdbf28e85e0ac66d79cb79e8411644542d02b8ccafea0d2f9c7116046c27
91dc26bc3ccca870535534b0a04195b1a3ed97f6ca8d9e992c65919014c2af65
92e4588c227a58321a728574129e52ec244df30b90fc9a64a30ee65410104c41
955bc40e2deb6b3e2fa1173cef1056d6df636651b617d69ab770c37883147880
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a724de2fc5d22b7a493b96fa339cdc1af278238a0bfad44619705c408396c82d
ab3fce3837e8552364ab964479bac1e328bdb9c7d579a09f01f5411665d0bd89
b90b775b65c2623322caaa52d7acf6af709ca59bdd475a54043b6308d91828c4
b97c99a69a6275c8f90703cd4c0864089a74fd08383a1cc75a8a4d0c2cb60cce
bf19e4cab46ebfd04a1438e21bc98c6f520c476918f71d44a96d2523fe0abec4
c32e7741dfbc444046cf846cbddad8e34369f56b0326437bcb12644702c07629
c5b5f045359692b90952582d5a00b7d69fed8d8d37cd29037a997a71065e5742
ce196defa5ec0381c4f5f387f335b6276c7f13f6fa43fa07f0d7444208716a8c
d18b3c9feb76c3c1cfdcc51c732f113327e3c33fb3f63b479951f7da6ed1216f
d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17
d454566fbbab8fcbc70a1c3139be25be5205712442564fe24a5e0258e3337a98
db058d72d7ba8ff6ed7209af23a4458c373cc78f72c81ec1df88bb5de72a0b0b
e5873dbdaa376d924cfa4b2ba4b1622d4e6e483866e2b7bc24ef3007ff5960e7
e8ea0e4bc8dcf1b49c6a875211c0b9ece67c182c186d9ddd5328e3c5c6b1d717
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f012c00d43164a4de843ae80abefe500f8497e1123d11c965cd3b40600fe9720
f95b62f026ed0d8161a753024fcd4e7c5f8677feb314645900ea53e1a832174b
f9b2aaabab92d9c63930432351fa3f5aa634fcb5db31b039e23465f8b4bd5a68
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a