urlscan.io logo urlscan.io
SecurityTrails logo

www.fortinet.com Open in urlscan Pro
18.192.220.216  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://beenverifiedmediacom.beenverifiedmedia.com/ls/click?upn=vLD55iA-2BgqWWo-2FYaOvSnsZz8i44-2FFVLGwaUXKqbBQnqT3gCqNF0NbiPuiVBNmZFPhzmjzkacY-2Bm...
Effective URL: https://www.fortinet.com/blog/threat-research/beware-of-emails-purporting-to-be-from-the-irs
Submission: On April 07 via api from US
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 7 IPs in 4 countries across 6 domains to perform 23 HTTP transactions. The main IP is 18.192.220.216, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is www.fortinet.com.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on March 13th 2021. Valid for: a year.
This is the only time www.fortinet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 167.89.118.83 11377 (SENDGRID)
9 18.192.220.216 16509 (AMAZON-02)
6 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:10:... 13335 (CLOUDFLAR...)
5 2a02:26f0:710... 20940 (AKAMAI-ASN1)
1 3.250.252.43 16509 (AMAZON-02)
1 2 35.181.18.61 16509 (AMAZON-02)
23 7
1    167.89.118.83 (Las Vegas, United States)

ASN11377 (SENDGRID, US)
PTR: o16789118x83.outbound-mail.sendgrid.net
beenverifiedmediacom.beenverifiedmedia.com
9    18.192.220.216 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-18-192-220-216.eu-central-1.compute.amazonaws.com
www.fortinet.com
6    2606:4700::6810:9540 (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
1    2606:4700:10::6814:b944 (United States)

ASN13335 (CLOUDFLARENET, US)
geolocation.onetrust.com
5    2a02:26f0:7100:1ab::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
assets.adobedtm.com
1    3.250.252.43 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-250-252-43.eu-west-1.compute.amazonaws.com
dpm.demdex.net
2    35.181.18.61 (Paris, France)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-181-18-61.eu-west-3.compute.amazonaws.com
metrics.fortinet.com
Domain Requested by
9 www.fortinet.com www.fortinet.com
6 cdn.cookielaw.org www.fortinet.com
cdn.cookielaw.org
5 assets.adobedtm.com cdn.cookielaw.org
assets.adobedtm.com
2 metrics.fortinet.com 1 redirects
1 dpm.demdex.net assets.adobedtm.com
1 geolocation.onetrust.com cdn.cookielaw.org
1 beenverifiedmediacom.beenverifiedmedia.com 1 redirects
23 7
Subject Issuer Validity Valid
*.fortinet.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-03-13 -
2022-04-13		 a year crt.sh
cookielaw.org
Cloudflare Inc ECC CA-3		 2020-07-01 -
2021-07-01		 a year crt.sh
onetrust.com
Cloudflare Inc ECC CA-3		 2021-02-12 -
2022-02-11		 a year crt.sh
assets.adobedtm.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-01-08 -
2021-09-30		 9 months crt.sh
*.demdex.net
DigiCert TLS RSA SHA256 2020 CA1		 2020-12-02 -
2022-01-02		 a year crt.sh
metrics.fortinet.com
DigiCert TLS RSA SHA256 2020 CA1		 2020-12-10 -
2022-01-10		 a year crt.sh

This page contains 1 frames:

Primary Page: https://www.fortinet.com/blog/threat-research/beware-of-emails-purporting-to-be-from-the-irs
Frame ID: 9C375432B451087B0EBF3A9D19570004
Requests: 25 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. http://beenverifiedmediacom.beenverifiedmedia.com/ls/click?upn=vLD55iA-2BgqWWo-2FYaOvSnsZz8i44-2FFVLGwaUXKqbBQnqT3gCqNF0NbiPui... HTTP 302
    https://www.fortinet.com/blog/threat-research/beware-of-emails-purporting-to-be-from-the-irs Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • headers server /(?:Apache(?:$|\/([\d.]+)|[^/-])|(?:^|\b)HTTPD)/i

Page Statistics

23
Requests

100 %
HTTPS

43 %
IPv6

6
Domains

7
Subdomains

7
IPs

4
Countries

705 kB
Transfer

1645 kB
Size

1
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://beenverifiedmediacom.beenverifiedmedia.com/ls/click?upn=vLD55iA-2BgqWWo-2FYaOvSnsZz8i44-2FFVLGwaUXKqbBQnqT3gCqNF0NbiPuiVBNmZFPhzmjzkacY-2Bm1-2B9-2FbRVR9k2TSMVK27zh9JSrTfhYPGR1Dj6vDZd-2BCGUF9N0df20f3InSb2K4CY-2BoZcfibgiayuQ-3D-3Dq-eX_MMI1mOinMV0XBoISFuoUt2kj4v9dqz-2F2D1Ea-2BqCX67hy8uLuPLHqKL-2FHGwmgMLVOmGWjtEGc8mI5-2FKlfkDQ5enflbdX7puRY0Xa30mAYy4cTZA-2FdlqxSw6l7R9wx6m4KhBosHp4haTwTOd54VP-2FEZM-2Fm-2BYLaKNWVmJKTCQINCNOxeK-2BGtJxxwl4QDptGCmzrMDJuRXizB2We8qeqhNyJKw-3D-3D HTTP 302
    https://www.fortinet.com/blog/threat-research/beware-of-emails-purporting-to-be-from-the-irs Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 23
  • https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.22.0-LBQ1/s79114014765796?AQB=1&ndh=1&pf=1&t=7%2F3%2F2021%2019%3A30%3A28%203%20-120&fid=30EB07A9EB0D5E4E-20885A53398E6A60&ce=UTF-8&pageName=en%3Ablog%3Athreat-research%3Abeware-of-emails-purporting-to-be-from-the-irs&g=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fbeware-of-emails-purporting-to-be-from-the-irs&c.&cm.&ssf=1&.cm&.c&cc=USD&v1=www.fortinet.com%2Fblog%2Fthreat-research%2Fbeware-of-emails-purporting-to-be-from-the-irs&c7=Entire%20Site&c8=New&v27=BLOG&v33=en%3Ablog%3Athreat-research%3Abeware-of-emails-purporting-to-be-from-the-irs&v35=Enabled&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1 HTTP 302
  • https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.22.0-LBQ1/s79114014765796?AQB=1&pccr=true&vidn=3036F61A73FBFCEF-40000DAE7B0D176F&ndh=1&pf=1&t=7%2F3%2F2021%2019%3A30%3A28%203%20-120&fid=30EB07A9EB0D5E4E-20885A53398E6A60&ce=UTF-8&pageName=en%3Ablog%3Athreat-research%3Abeware-of-emails-purporting-to-be-from-the-irs&g=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fbeware-of-emails-purporting-to-be-from-the-irs&c.&cm.&ssf=1&.cm&.c&cc=USD&v1=www.fortinet.com%2Fblog%2Fthreat-research%2Fbeware-of-emails-purporting-to-be-from-the-irs&c7=Entire%20Site&c8=New&v27=BLOG&v33=en%3Ablog%3Athreat-research%3Abeware-of-emails-purporting-to-be-from-the-irs&v35=Enabled&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1

23 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request Cookie set beware-of-emails-purporting-to-be-from-the-irs
www.fortinet.com/blog/threat-research/
Redirect Chain
  • http://beenverifiedmediacom.beenverifiedmedia.com/ls/click?upn=vLD55iA-2BgqWWo-2FYaOvSnsZz8i44-2FFVLGwaUXKqbBQnqT3gCqNF0NbiPuiVBNmZFPhzmjzkacY-2Bm1-2B9-2FbRVR9k2TSMVK27zh9JSrTfhYPGR1Dj6vDZd-2BCGUF9...
  • https://www.fortinet.com/blog/threat-research/beware-of-emails-purporting-to-be-from-the-irs
39 KB
15 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.fortinet.com/blog/threat-research/beware-of-emails-purporting-to-be-from-the-irs
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
18.192.220.216 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-192-220-216.eu-central-1.compute.amazonaws.com
Software
Apache /
Resource Hash
1b11581a814bb3ee9f885812de60fc4f7fa892927eb5598c073582acb6737d41
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Host
www.fortinet.com
Connection
keep-alive
Pragma
no-cache
Cache-Control
no-cache
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Accept
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site
none
Sec-Fetch-Mode
navigate
Sec-Fetch-User
?1
Sec-Fetch-Dest
document
Accept-Encoding
gzip, deflate, br
Accept-Language
en-US
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Accept-Ranges
bytes
Cache-Control
max-age=600, public
Content-Encoding
gzip
Content-Type
text/html;charset=utf-8
Date
Wed, 07 Apr 2021 17:30:26 GMT
ETag
W/"9c56-5bf654956d47a-gzip"
Last-Modified
Wed, 07 Apr 2021 17:30:26 GMT
Server
Apache
Strict-Transport-Security
max-age=31536000; includeSubDomains
Vary
Accept-Encoding,User-Agent
X-Content-Type-Options
nosniff
X-Dispatcher
dispatcher1uswest1
X-Frame-Options
SAMEORIGIN
X-Vhost
publish
Content-Length
14598
Connection
keep-alive
Set-Cookie
cookiesession1=33E9731FB3JWEJNMVT4CI4APD8SOD145;Path=/;HttpOnly

Redirect headers

Server
nginx
Date
Wed, 07 Apr 2021 17:30:25 GMT
Content-Type
text/html; charset=utf-8
Content-Length
115
Connection
keep-alive
Location
https://www.fortinet.com/blog/threat-research/beware-of-emails-purporting-to-be-from-the-irs
X-Robots-Tag
noindex, nofollow
clientlib-base.min.css
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/ 		216 KB
27 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.css
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/beware-of-emails-purporting-to-be-from-the-irs
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
18.192.220.216 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-192-220-216.eu-central-1.compute.amazonaws.com
Software
Apache /
Resource Hash
0720dc4e1e637a51e60fb79db517e20cb8ba56c363389be620bdfed91ef599de
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.fortinet.com/blog/threat-research/beware-of-emails-purporting-to-be-from-the-irs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Wed, 07 Apr 2021 17:30:26 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Vhost
publish
Connection
keep-alive
Vary
Accept-Encoding,User-Agent
Content-Length
26930
Last-Modified
Sat, 09 Jan 2021 01:04:22 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
ETag
"360cc-5b86d40d1f180-gzip"
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
text/css;charset=utf-8
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		17 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/beware-of-emails-purporting-to-be-from-the-irs
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2e409af4e2cd960258ebce74a7af470632e2fa44a18cbc2e49da7f098a3c572c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 07 Apr 2021 17:30:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
JAEaYPmlzGBPWdORjSAaYw==
age
6519
vary
Accept-Encoding
content-length
5617
cf-request-id
094efbbea000001f39a628b000000001
x-ms-lease-status
unlocked
last-modified
Mon, 29 Mar 2021 02:12:23 GMT
server
cloudflare
etag
0x8D8F2581726E85D
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
0c6caa1d-301e-00dd-7e1e-278b48000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
63c4fbddcceb1f39-FRA
fortinet-logo-white.svg
www.fortinet.com/content/dam/fortinet-blog/ 		32 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/fortinet-logo-white.svg
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/beware-of-emails-purporting-to-be-from-the-irs
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
18.192.220.216 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-192-220-216.eu-central-1.compute.amazonaws.com
Software
Apache /
Resource Hash
d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.fortinet.com/blog/threat-research/beware-of-emails-purporting-to-be-from-the-irs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Wed, 07 Apr 2021 17:30:27 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Vhost
publish
Content-Disposition
attachment; filename="fortinet-logo-white.svg"
Connection
keep-alive
Vary
Accept-Encoding,User-Agent
Content-Length
1998
Last-Modified
Thu, 22 Feb 2018 23:16:01 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
ETag
"7ebb-565d53a1d6e40-gzip"
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/svg+xml
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
clientlib-base.min.js
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/ 		150 KB
69 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.js
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/beware-of-emails-purporting-to-be-from-the-irs
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
18.192.220.216 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-192-220-216.eu-central-1.compute.amazonaws.com
Software
Apache /
Resource Hash
1e1a42cb75ebd81eb31850e485ef4c6e3667a45f57f778f249bca1f2852a97e4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.fortinet.com/blog/threat-research/beware-of-emails-purporting-to-be-from-the-irs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-Dispatcher
dispatcher1uswest1
Date
Wed, 07 Apr 2021 17:30:27 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
X-Vhost
publish
Connection
keep-alive
Vary
Accept-Encoding,User-Agent
Content-Length
70015
Last-Modified
Thu, 14 Jan 2021 20:18:39 GMT
Server
Apache
X-Frame-Options
SAMEORIGIN
ETag
"25644-5b8e1f610c5c0-gzip"
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
application/javascript;charset=utf-8
Cache-Control
max-age=684000, public
Accept-Ranges
bytes
f85f39fc-d7aa-467a-b762-fbb722748016.json
cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/ 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/f85f39fc-d7aa-467a-b762-fbb722748016.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a334f368b502d68bcaafb174022cfe21775f1744f0a1cd520d0c57d094a8e66a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 07 Apr 2021 17:30:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
ypNp2Paf3c+p42YUXiXMnA==
age
2247
vary
Accept-Encoding
content-length
1413
cf-request-id
094efbbf4b00004e202b956000000001
x-ms-lease-status
unlocked
last-modified
Fri, 12 Feb 2021 00:26:33 GMT
server
cloudflare
etag
0x8D8CEECD9FE5833
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
3d71cb37-801e-00c4-57d7-00a720000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
63c4fbded9354e20-FRA
truncated
/ 		71 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/png
tax_01.png
www.fortinet.com/content/dam/fortinet-blog/article-images/irs_tax_scam_blog/ 		115 KB
115 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-images/irs_tax_scam_blog/tax_01.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/beware-of-emails-purporting-to-be-from-the-irs
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
18.192.220.216 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-192-220-216.eu-central-1.compute.amazonaws.com
Software
Apache /
Resource Hash
b19e0a7e541ac5cb6f7f18c1b71964454ebf41179f051b2072ad787a12314684
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.fortinet.com/blog/threat-research/beware-of-emails-purporting-to-be-from-the-irs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-Dispatcher
dispatcher1uswest1
Date
Wed, 07 Apr 2021 17:30:27 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sun, 16 Sep 2018 01:44:09 GMT
Server
Apache
ETag
"1cbd7-575f331596c40"
X-Vhost
publish
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
image/png
Cache-Control
max-age=684000, public
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
117719
irs-notification-no-it-is-a-scam.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/individual-images/ 		62 KB
62 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-images/individual-images/irs-notification-no-it-is-a-scam.png.thumb.319.319.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/beware-of-emails-purporting-to-be-from-the-irs
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
18.192.220.216 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-192-220-216.eu-central-1.compute.amazonaws.com
Software
Apache /
Resource Hash
5ae3c1e0eb2918799557fbed5c846572842b3d8a8953ca81d2ebb156215cae22
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.fortinet.com/blog/threat-research/beware-of-emails-purporting-to-be-from-the-irs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Wed, 07 Apr 2021 17:30:27 GMT
X-Content-Type-Options
nosniff
Last-Modified
Fri, 16 Mar 2018 19:10:41 GMT
Server
Apache
ETag
"f722-5678c5d3e4e40"
X-Vhost
publish
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
image/png
Cache-Control
max-age=684000, public
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
63266
pdf1.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/individual-images/ 		14 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/content/dam/fortinet-blog/article-images/individual-images/pdf1.png.thumb.319.319.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/beware-of-emails-purporting-to-be-from-the-irs
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
18.192.220.216 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-192-220-216.eu-central-1.compute.amazonaws.com
Software
Apache /
Resource Hash
c1c2df1cde8c702cc4282cc1742c6390328e3ae78745edc6702c5fa3437237b9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.fortinet.com/blog/threat-research/beware-of-emails-purporting-to-be-from-the-irs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-Dispatcher
dispatcher1uswest1
Date
Wed, 07 Apr 2021 17:30:27 GMT
X-Content-Type-Options
nosniff
Last-Modified
Tue, 20 Mar 2018 23:22:22 GMT
Server
Apache
ETag
"38c8-567e058b2c780"
X-Vhost
publish
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
image/png
Cache-Control
max-age=684000, public
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
14536
location
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 		164 B
521 B 		Script
General
Check archive.org
Download Go to
Full URL
https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1b94f9074fc2ef1b63132fc70fe244cc5d5322e5982a80b6273a45a935ae335f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 07 Apr 2021 17:30:27 GMT
content-encoding
gzip
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
content-type
text/javascript
strict-transport-security
max-age=31536000; includeSubDomains; preload
cf-ray
63c4fbe1fed74d8a-FRA
cf-request-id
094efbc13d00004d8a6481b000000001
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/6.10.0/ 		356 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7a23e0e46e16f067271bc79c92a917c13769848457d16cdf109e4dc04c687e8f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 07 Apr 2021 17:30:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
Bh9exWOPGIwRshWljrtlEw==
age
11688393
vary
Accept-Encoding
content-length
79698
cf-request-id
094efbc18b00001f39a430c000000001
x-ms-lease-status
unlocked
last-modified
Mon, 23 Nov 2020 02:33:28 GMT
server
cloudflare
etag
0x8D88F582961DDDE
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/javascript
access-control-allow-origin
*
x-ms-request-id
1f098869-501e-00cd-4b85-c1bdae000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=691200
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
63c4fbe27fff1f39-FRA
expires
Thu, 15 Apr 2021 17:30:27 GMT
en.json
cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/2149c787-bccf-419d-b831-2a3ac6bafc66/ 		62 KB
14 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/2149c787-bccf-419d-b831-2a3ac6bafc66/en.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
047f3105c9c1c03b56fb255cbb8cbfbad3a41aeab4928d722f42be59e48175fb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 07 Apr 2021 17:30:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
PDee2klF9h+xwI77VTWe9Q==
age
5880
vary
Accept-Encoding
content-length
14507
cf-request-id
094efbc1ce00004e2041897000000001
x-ms-lease-status
unlocked
last-modified
Fri, 12 Feb 2021 00:26:39 GMT
server
cloudflare
etag
0x8D8CEECDD98A1AE
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
dd1c7e69-a01e-0132-5c32-04c663000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=14400
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
63c4fbe2ed174e20-FRA
otCenterRounded.json
cdn.cookielaw.org/scripttemplates/6.10.0/assets/ 		9 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/6.10.0/assets/otCenterRounded.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
452ee2471448cc6b716090a014cf7fc9cc515998bda9dcc334aa073a72a591e7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 07 Apr 2021 17:30:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
SH1nUCPouc1JVrHnvxpQbg==
age
5393899
vary
Accept-Encoding
content-length
2857
cf-request-id
094efbc20c00004e202b9a9000000001
x-ms-lease-status
unlocked
last-modified
Thu, 03 Dec 2020 02:42:51 GMT
server
cloudflare
etag
0x8D89735210A49EB
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
a253393a-701e-0016-0fc5-fa1978000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=691200
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
63c4fbe34e844e20-FRA
expires
Thu, 15 Apr 2021 17:30:27 GMT
otPcTab.json
cdn.cookielaw.org/scripttemplates/6.10.0/assets/v2/ 		45 KB
12 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/6.10.0/assets/v2/otPcTab.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f9b2aaabab92d9c63930432351fa3f5aa634fcb5db31b039e23465f8b4bd5a68
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Wed, 07 Apr 2021 17:30:27 GMT
content-encoding
gzip
x-content-type-options
nosniff
cf-cache-status
HIT
content-md5
zNsRoM1FEmsEgJoYMCNTng==
age
7661586
vary
Accept-Encoding
content-length
11755
cf-request-id
094efbc20f00004e20681a7000000001
x-ms-lease-status
unlocked
last-modified
Thu, 03 Dec 2020 02:42:53 GMT
server
cloudflare
etag
0x8D897352245C4EA
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=31536000; includeSubDomains; preload
content-type
application/json
access-control-allow-origin
*
x-ms-request-id
a8788521-101e-006b-2825-e685b0000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=691200
x-ms-version
2009-09-19
accept-ranges
bytes
cf-ray
63c4fbe34e8e4e20-FRA
expires
Thu, 15 Apr 2021 17:30:27 GMT
tax-01.png
www.fortinet.com/blog/threat-research/beware-of-emails-purporting-to-be-from-the-irs/_jcr_content/root/responsivegrid/image.img.png/1537062664870/ 		183 KB
184 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/beware-of-emails-purporting-to-be-from-the-irs/_jcr_content/root/responsivegrid/image.img.png/1537062664870/tax-01.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/beware-of-emails-purporting-to-be-from-the-irs
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
18.192.220.216 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-192-220-216.eu-central-1.compute.amazonaws.com
Software
Apache /
Resource Hash
f96fdbab23b453d4b04bf56b35c8946fb4c56962add8ceded797e4502bdb2afa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.fortinet.com/blog/threat-research/beware-of-emails-purporting-to-be-from-the-irs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-Dispatcher
dispatcher1uswest1
Date
Wed, 07 Apr 2021 17:30:28 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sun, 16 Sep 2018 01:51:04 GMT
Server
Apache
ETag
"2dd48-575f34a15d200"
X-Vhost
publish
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
image/png
Cache-Control
max-age=684000, public
Content-Disposition
inline; filename=tax-01.png
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
187720
screen-01.png
www.fortinet.com/blog/threat-research/beware-of-emails-purporting-to-be-from-the-irs/_jcr_content/root/responsivegrid/image_829530947.img.png/1537063110332/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.fortinet.com/blog/threat-research/beware-of-emails-purporting-to-be-from-the-irs/_jcr_content/root/responsivegrid/image_829530947.img.png/1537063110332/screen-01.png
Requested by
Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/beware-of-emails-purporting-to-be-from-the-irs
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
18.192.220.216 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-192-220-216.eu-central-1.compute.amazonaws.com
Software
Apache /
Resource Hash
d5508b589b728e85562349ba2524f68eef4a1272ccf3ea3f14279a8fb3733f5f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://www.fortinet.com/blog/threat-research/beware-of-emails-purporting-to-be-from-the-irs
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

X-Dispatcher
dispatcher2uswest1
Date
Wed, 07 Apr 2021 17:30:28 GMT
X-Content-Type-Options
nosniff
Last-Modified
Sun, 16 Sep 2018 01:58:30 GMT
Server
Apache
ETag
"46f9-575f364ab3d80"
X-Vhost
publish
X-Frame-Options
SAMEORIGIN
Connection
keep-alive
Content-Type
image/png
Cache-Control
max-age=684000, public
Strict-Transport-Security
max-age=31536000; includeSubDomains
Accept-Ranges
bytes
Content-Length
18169
truncated
/ 		42 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

Content-Type
image/gif
launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
assets.adobedtm.com/ 		286 KB
65 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100:1ab::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
8045cb18a58120f4f12a09b2d462c53aaf50672d76fd15426411213d68f0a73b

Request headers

Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 07 Apr 2021 17:30:28 GMT
content-encoding
gzip
last-modified
Sun, 04 Apr 2021 22:31:05 GMT
server
AkamaiNetStorage
etag
"8380b44719412621d00627704f469ee5:1617575465.659656"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
66627
expires
Wed, 07 Apr 2021 18:30:28 GMT
AppMeasurement.min.js
assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/ 		33 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100:1ab::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
d6b423c91328eec9c218dd8b21ae1e676987d574e5432411a32806e5dd2bde32

Request headers

Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 07 Apr 2021 17:30:28 GMT
content-encoding
gzip
last-modified
Wed, 12 Aug 2020 22:09:52 GMT
server
AkamaiNetStorage
etag
"f259ee6445c19c2ce3c64a1b117a4f35:1597270192.577101"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
no-cache
accept-ranges
bytes
timing-allow-origin
*
content-length
12184
expires
Wed, 07 Apr 2021 18:30:28 GMT
AppMeasurement_Module_ActivityMap.min.js
assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/extensions/EPbde2f7ca14e540399dcc1f8208860b7b/AppMeasurement_Module_ActivityMap.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100:1ab::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
0486530f1e98818865754a08e1b5442ac5a6a36a6bf6042e3b3338a532e998d2

Request headers

Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 07 Apr 2021 17:30:28 GMT
content-encoding
gzip
last-modified
Wed, 12 Aug 2020 22:09:52 GMT
server
AkamaiNetStorage
etag
"5dedcda2c8a6c3a51fd419d306427010:1597270192.857753"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
no-cache
accept-ranges
bytes
timing-allow-origin
*
content-length
1594
expires
Wed, 07 Apr 2021 18:30:28 GMT
RCb652faf409a54c3db318899e2cbcc95c-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9f76f7c2fe57/ 		881 B
718 B 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9f76f7c2fe57/RCb652faf409a54c3db318899e2cbcc95c-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100:1ab::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
787e239063b492ee703296108dd123e4bba82ef7bc7a61d5f821359e906f3377

Request headers

Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 07 Apr 2021 17:30:28 GMT
content-encoding
gzip
last-modified
Sun, 04 Apr 2021 22:31:08 GMT
server
AkamaiNetStorage
etag
"59e20a4413fe02aec69207c290633991:1617575468.045124"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
452
expires
Wed, 07 Apr 2021 18:30:28 GMT
RC8b0bc4a0b33e4476a134b6c5193977e7-source.min.js
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9f76f7c2fe57/ 		358 B
493 B 		Script
General
Check archive.org
Download Go to
Full URL
https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9f76f7c2fe57/RC8b0bc4a0b33e4476a134b6c5193977e7-source.min.js
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:7100:1ab::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AkamaiNetStorage /
Resource Hash
923092562858996d226107404d67faf8510e7610e514813f7458265b1df21d6b

Request headers

Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 07 Apr 2021 17:30:28 GMT
content-encoding
gzip
last-modified
Sun, 04 Apr 2021 22:31:08 GMT
server
AkamaiNetStorage
etag
"59e20a4413fe02aec69207c290633991:1617575468.045124"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
https://www.fortinet.com
cache-control
max-age=3600
accept-ranges
bytes
timing-allow-origin
*
content-length
228
expires
Wed, 07 Apr 2021 18:30:28 GMT
optOutStatus
dpm.demdex.net/ 		41 B
723 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dpm.demdex.net/optOutStatus?d_visid_ver=5.2.0&d_rtbd=json&d_ver=2&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1617816628741
Requested by
Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.250.252.43 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-250-252-43.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
e5873dbdaa376d924cfa4b2ba4b1622d4e6e483866e2b7bc24ef3007ff5960e7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

DCS
dcs-prod-irl1-v090-08d2050f8.edge-irl1.demdex.com 5.80.7.20210304103356 1ms (+1ms)
Pragma
no-cache
Strict-Transport-Security
max-age=31536000; includeSubDomains
X-TID
0KtIQd1ZTjw=
Vary
Origin, Accept-Encoding, User-Agent
P3P
policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin
https://www.fortinet.com
Cache-Control
no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
application/json;charset=utf-8
Content-Length
41
Expires
Thu, 01 Jan 1970 00:00:00 GMT
s79114014765796
metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.22.0-LBQ1/
Redirect Chain
  • https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.22.0-LBQ1/s79114014765796?AQB=1&ndh=1&pf=1&t=7%2F3%2F2021%2019%3A30%3A28%203%20-120&fid=30EB07A9EB0D5E4E-20885A53398E6A60&ce=UTF-8&pag...
  • https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.22.0-LBQ1/s79114014765796?AQB=1&pccr=true&vidn=3036F61A73FBFCEF-40000DAE7B0D176F&ndh=1&pf=1&t=7%2F3%2F2021%2019%3A30%3A28%203%20-120&f...
43 B
322 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.22.0-LBQ1/s79114014765796?AQB=1&pccr=true&vidn=3036F61A73FBFCEF-40000DAE7B0D176F&ndh=1&pf=1&t=7%2F3%2F2021%2019%3A30%3A28%203%20-120&fid=30EB07A9EB0D5E4E-20885A53398E6A60&ce=UTF-8&pageName=en%3Ablog%3Athreat-research%3Abeware-of-emails-purporting-to-be-from-the-irs&g=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fbeware-of-emails-purporting-to-be-from-the-irs&c.&cm.&ssf=1&.cm&.c&cc=USD&v1=www.fortinet.com%2Fblog%2Fthreat-research%2Fbeware-of-emails-purporting-to-be-from-the-irs&c7=Entire%20Site&c8=New&v27=BLOG&v33=en%3Ablog%3Athreat-research%3Abeware-of-emails-purporting-to-be-from-the-irs&v35=Enabled&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.181.18.61 Paris, France, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-181-18-61.eu-west-3.compute.amazonaws.com
Software
jag /
Resource Hash
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.fortinet.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36

Response headers

date
Wed, 07 Apr 2021 17:30:29 GMT
x-content-type-options
nosniff
x-c
main-1451.Ibee288.M0-486
p3p
CP="This is not a P3P policy"
vary
*
content-length
43
x-xss-protection
1; mode=block
pragma
no-cache
last-modified
Thu, 08 Apr 2021 17:30:29 GMT
server
jag
xserver
anedge-fd4497967-2xkxf
etag
3474234758185844736-4621623054396364664
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Tue, 06 Apr 2021 17:30:29 GMT

Redirect headers

date
Wed, 07 Apr 2021 17:30:28 GMT
x-content-type-options
nosniff
x-c
main-1451.Ibee288.M0-486
p3p
CP="This is not a P3P policy"
content-length
0
x-xss-protection
1; mode=block
pragma
no-cache
location
https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.22.0-LBQ1/s79114014765796?AQB=1&pccr=true&vidn=3036F61A73FBFCEF-40000DAE7B0D176F&ndh=1&pf=1&t=7%2F3%2F2021%2019%3A30%3A28%203%20-120&fid=30EB07A9EB0D5E4E-20885A53398E6A60&ce=UTF-8&pageName=en%3Ablog%3Athreat-research%3Abeware-of-emails-purporting-to-be-from-the-irs&g=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fbeware-of-emails-purporting-to-be-from-the-irs&c.&cm.&ssf=1&.cm&.c&cc=USD&v1=www.fortinet.com%2Fblog%2Fthreat-research%2Fbeware-of-emails-purporting-to-be-from-the-irs&c7=Entire%20Site&c8=New&v27=BLOG&v33=en%3Ablog%3Athreat-research%3Abeware-of-emails-purporting-to-be-from-the-irs&v35=Enabled&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&AQE=1
last-modified
Thu, 08 Apr 2021 17:30:28 GMT
server
jag
xserver
anedge-fd4497967-2xkxf
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/plain;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, no-transform, private
expires
Tue, 06 Apr 2021 17:30:28 GMT

Verdicts & Comments Add Verdict or Comment

72 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| ontransitionrun object| ontransitionstart object| ontransitioncancel object| cookieStore function| showDirectoryPicker function| showOpenFilePicker function| showSaveFilePicker object| trustedTypes boolean| crossOriginIsolated object| OneTrustStub string| OnetrustActiveGroups string| OptanonActiveGroups object| dataLayer function| OptanonWrapper function| jsonFeed object| otStubData object| Optanon object| OneTrust object| fortinet_blog object| EasyAutocomplete object| search_config object| keywords object| siteId object| lang object| options boolean| searchFired boolean| blogFilter string| documentsQuery string| blogCategories string| authorsList string| yearsList object| lastQuery number| totalReturn number| lastRow object| lastWordsForCounting function| htmlEncode function| hideAutoComplete function| sitesearch_init function| sitesearch_search_callback function| sitesearch_countall_callback function| sitesearch_do_search function| sitesearch_do_force_search function| sitesearch_spellcheck_callback function| sitesearch_do_spellcheck function| sitesearch_do_suggest_search function| sitesearch_query_searchresult_callback function| sitesearch_do_query_searchresult function| sitesearch_click_page_callback function| sitesearch_click_page function| search_action function| sitesearch_search_fortiguard function| count_facets_type function| shuffle_facets function| setImmediate function| clearImmediate function| $ function| jQuery object| _satellite boolean| __satelliteLoaded object| adobe function| Visitor object| s_c_il number| s_c_in function| AppMeasurement function| s_gi function| s_pgicq number| s_objectID number| s_giq function| AppMeasurement_Module_ActivityMap function| liberatedGetOptOut object| s_i_fortinetincproduction

1 Cookies

Domain/Path Name / Value
.fortinet.com/ Name: OptanonConsent
Value: hosts=&datestamp=Wed+Apr+07+2021+19%3A30%3A28+GMT%2B0200+(Central+European+Summer+Time)&version=6.10.0&isIABGlobal=false&consentId=1c71115f-a950-4cba-843a-84eb7dfe582e&interactionCount=0&groups=C0001%3A1%2CC0002%3A0%2CC0003%3A0%2CC0004%3A0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

assets.adobedtm.com
beenverifiedmediacom.beenverifiedmedia.com
cdn.cookielaw.org
dpm.demdex.net
geolocation.onetrust.com
metrics.fortinet.com
www.fortinet.com
167.89.118.83
18.192.220.216
2606:4700:10::6814:b944
2606:4700::6810:9540
2a02:26f0:7100:1ab::1e80
3.250.252.43
35.181.18.61
047f3105c9c1c03b56fb255cbb8cbfbad3a41aeab4928d722f42be59e48175fb
0486530f1e98818865754a08e1b5442ac5a6a36a6bf6042e3b3338a532e998d2
0720dc4e1e637a51e60fb79db517e20cb8ba56c363389be620bdfed91ef599de
1b11581a814bb3ee9f885812de60fc4f7fa892927eb5598c073582acb6737d41
1b94f9074fc2ef1b63132fc70fe244cc5d5322e5982a80b6273a45a935ae335f
1e1a42cb75ebd81eb31850e485ef4c6e3667a45f57f778f249bca1f2852a97e4
2e409af4e2cd960258ebce74a7af470632e2fa44a18cbc2e49da7f098a3c572c
452ee2471448cc6b716090a014cf7fc9cc515998bda9dcc334aa073a72a591e7
5ae3c1e0eb2918799557fbed5c846572842b3d8a8953ca81d2ebb156215cae22
5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d
787e239063b492ee703296108dd123e4bba82ef7bc7a61d5f821359e906f3377
7a23e0e46e16f067271bc79c92a917c13769848457d16cdf109e4dc04c687e8f
8045cb18a58120f4f12a09b2d462c53aaf50672d76fd15426411213d68f0a73b
923092562858996d226107404d67faf8510e7610e514813f7458265b1df21d6b
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a334f368b502d68bcaafb174022cfe21775f1744f0a1cd520d0c57d094a8e66a
b19e0a7e541ac5cb6f7f18c1b71964454ebf41179f051b2072ad787a12314684
c1c2df1cde8c702cc4282cc1742c6390328e3ae78745edc6702c5fa3437237b9
d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17
d5508b589b728e85562349ba2524f68eef4a1272ccf3ea3f14279a8fb3733f5f
d6b423c91328eec9c218dd8b21ae1e676987d574e5432411a32806e5dd2bde32
e5873dbdaa376d924cfa4b2ba4b1622d4e6e483866e2b7bc24ef3007ff5960e7
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f96fdbab23b453d4b04bf56b35c8946fb4c56962add8ceded797e4502bdb2afa
f9b2aaabab92d9c63930432351fa3f5aa634fcb5db31b039e23465f8b4bd5a68