duo.com Open in urlscan Pro
3.161.82.84  Public Scan

9 Outgoing links

These are links going to different origins than the main page.

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Search URL Search Domain Scan URL

---

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 20

• https://dpm.demdex.net/id?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B8D07FF4520E94C10A490D4C%40AdobeOrg&d_nsid=0&ts=1718915371141 HTTP 302
• https://dpm.demdex.net/id/rd?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B8D07FF4520E94C10A490D4C%40AdobeOrg&d_nsid=0&ts=1718915371141

Request Chain 39

• https://cisco-tags.cisco.com/tag/auth/ntpagetag.gif?js=1&ts=1718915371184.598&lc=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&rs=1600x1200&cd=24&ln=de&tz=GMT%20%2B02%3A00&jv=0&ck=UnicaNIODID%3Dundefined&meta.viewport=width%3Ddevice-width%2C%20initial-scale%3D1.0%2C%20user-scalable%3Dyes&title=thousands%20of%20fortigate%20devices%20compromised%20in%20ongoing%20campaign%20%7C%20decipher&url=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&webdriver=false&tag=ut4.51.202406201946&locale=en-us&meta.country=us&meta.locale=us&breakpoint=unavailable&content_type=no%20contenttype&linktrack=linkpage&loc=http%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&cookie_length=500&meta.iapath=no%20iapath&hier1=no%20iapath&meta.wm_reporting_category=no%20iapath&sa_source=meta.iapath&t_profile=cisco.duo&t_load=ctm&suite=cisco-complete&returnVisit=false&cookies=true&localstorage=true&dnt=false&conversion=event1&adobeVersions=AppMeasurement%3Dna%2CVisitorJS%3Dna%2CMbox%3Dna&meta.msapplication-tilecolor=%23000000&meta.msapplication-config=%2Fassets%2Fimg%2Fdecipher%2Ffavicons%2Fbrowserconfig.xml&meta.theme-color=%23ffffff&meta.robots=index%2Cfollow%2Carchive&meta.fb:app_id=2090208394329663&meta.og:site_name=decipher&meta.og:type=website&meta.og:url=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&meta.twitter:card=summary_large_image&meta.twitter:site=%40deciphersec&meta.twitter:creator=%40deciphersec&meta.og:title=thousands%20of%20fortigate%20devices%20compromised%20in%20ongoing%20campaign&meta.twitter:title=thousands%20of%20fortigate%20devices%20compromised%20in%20ongoing%20campaign&meta.description=the%20dutch%20military%20intelligence%20and%20security%20service%20said%20it%20has%20identified%20more%20than%2020%2C000%20fortigate%20devices%20that%20have%20been%20compromised%20by%20a%20chinese%20state-sponsored%20threat%20group.&meta.og:description=the%20dutch%20military%20intelligence%20and%20security%20service%20said%20it%20has%20identified%20more%20than%2020%2C000%20fortigate%20devices%20that%20have%20been%20compromised%20by%20a%20chinese%20state-sponsored%20threat%20group.&meta.twitter:description=the%20dutch%20military%20intelligence%20and%20security%20service%20said%20it%20has%20identified%20more%20than%2020%2C000%20fortigate%20devices%20that%20have%20been%20compromised%20by%20a%20chinese%20state-sponsored%20threat%20group.&meta.twitter:image=https%3A%2F%2Fduo.com%2Fassets%2Fimg%2Fseo-images%2Fglobal-network-decipher.jpg&meta.og:image=https%3A%2F%2Fduo.com%2Fassets%2Fimg%2Fseo-images%2Fglobal-network-decipher.jpg&meta.og:image:width=1200&meta.og:image:height=630&meta.bitly-verification=040b99f315c6&meta.google-site-verification=svd8ahbyylsc2wljqdzwij1d2tnu8-u3fbldciehxdu&meta.twitter:widgets:csp=on&meta.msvalidate.01=27fb624dbd3f07315a4bf69f5d649c68&ets=1718915371187.441 HTTP 302
• https://id.cisco.com/oauth2/default/v1/authorize?response_type=code&scope=openid%20email&client_id=bf6c50dc-2843-4dab-aa45-9e994a90ea8c&state=dIKUfNo-I1nbiSUHECg2X6kKc90&redirect_uri=https%3A%2F%2Fcisco-tags.cisco.com%2Fcallback%2Faction.html&nonce=0eU1z4mexLx89WN2q3B8amSjwyl4kUS0vE2HNna8xSI&prompt=none HTTP 302
• https://cisco-tags.cisco.com/callback/action.html?state=dIKUfNo-I1nbiSUHECg2X6kKc90&error=login_required&error_description=The+client+specified+not+to+prompt%2C+but+the+user+is+not+logged+in.

Request Chain 53

• https://s.amazon-adsystem.com/iu3?pid=f808e024-acca-4e83-a13b-f65567e77575&event=Pageview&ts=1718915371262 HTTP 302
• https://s.amazon-adsystem.com/iu3?pid=f808e024-acca-4e83-a13b-f65567e77575&event=Pageview&ts=1718915371262&dcc=t

Request Chain 62

• https://s860818199.t.eloqua.com/visitor/v200/svrGP?pps=3&siteid=860818199&ref2=elqNone&tzo=-60&ms=393&optin=disabled HTTP 302
• https://s860818199.t.eloqua.com/visitor/v200/svrGP.aspx?pps=3&siteid=860818199&ref2=elqNone&tzo=-60&ms=393&optin=disabled&elqCookie=1

Request Chain 64

• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7540%2C5425&time=1718915371394&url=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7540%2C5425&time=1718915371394&url=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&cookiesTest=true HTTP 302
• https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7540%252C5425%26time%3D1718915371394%26url%3Dhttps%253A%252F%252Fduo.com%252Fdecipher%252Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
• https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7540%2C5425&time=1718915371394&url=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&cookiesTest=true&liSync=true HTTP 302
• https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=7540%2C5425&time=1718915371394&url=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&cookiesTest=true&liSync=true&e_ipv6=AQLfbGCxH3Q8eQAAAZA3VxN_noTJRtVExwyt23syYAzqxH0Kw-c-m_PZcfDpudMGDi4ZddhG

Request Chain 78

• https://unpkg.com/web-vitals HTTP 302
• https://unpkg.com/web-vitals@4.1.1 HTTP 302
• https://unpkg.com/web-vitals@4.1.1/dist/web-vitals.iife.js

120 HTTP transactions Everything HTML Script AJAX CSS Image Expand all
0 data transactions

Method Protocol	Status	Resource Path	Size x-fer	Time Latency	Type MIME-Type	IP Location
GET H2	200	Primary Request thousands-of-fortigate-devices-compromised-in-ongoing-campaign Show response duo.com/decipher/	31 KB 12 KB	213ms 181ms	Document text/html	3.161.82.84 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.161.82.84 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-3-161-82-84.fra56.r.cloudfront.net Software Duo/1.0 / Resource Hash 18e95c696fbffa88fc380663f453880e1bd2c5c433b15e4e8621a5b52bd6ea8f Security Headers Name Value Content-Security-Policy frame-ancestors 'self' *.cisco.com; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers cache-control max-age=300 content-encoding gzip content-security-policy frame-ancestors 'self' *.cisco.com; content-type text/html; charset=utf-8 date Thu, 20 Jun 2024 20:29:29 GMT etag W/"66747d16-7bd5" expires Thu, 20 Jun 2024 20:34:29 GMT last-modified Thu, 20 Jun 2024 19:03:50 GMT referrer-policy no-referrer-when-downgrade server Duo/1.0 strict-transport-security max-age=63072000; includeSubDomains; preload vary Accept-Encoding via 1.1 9ceaac5e4cbf8702556b2c925b200af8.cloudfront.net (CloudFront) x-amz-cf-id x6tPPBHvLOzejlpN71LMdPO33eCI810_bPtGkNBQHFXS_V0U1ivbmg== x-amz-cf-pop FRA56-P10 x-cache Miss from cloudfront x-content-type-options nosniff x-ua-compatible IE=Edge,chrome=1 x-xss-protection 1; mode=block
GET H2	200	production-2021.css duo.com/css/	572 KB 111 KB	11ms 9ms	Stylesheet text/css	3.161.82.84 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://duo.com/css/production-2021.css?v=1718909231 Requested by Host: duo.com URL: https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.161.82.84 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-3-161-82-84.fra56.r.cloudfront.net Software Duo/1.0 / Resource Hash 4a0e7f6d49152b73f9c39dab841d2b1984019c933d91bf9f2feb3c2e8ee2d226 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 20 Jun 2024 19:11:51 GMT strict-transport-security max-age=63072000; includeSubDomains; preload content-encoding gzip via 1.1 9ceaac5e4cbf8702556b2c925b200af8.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P10 age 4658 x-cache Hit from cloudfront pragma public last-modified Thu, 20 Jun 2024 18:30:32 GMT server Duo/1.0 etag W/"66747548-8f071" vary Accept-Encoding content-type text/css cache-control max-age=31536000, public, must-revalidate, proxy-revalidate, max-age=31536000 x-amz-cf-id 27hIZZn0lU-78fWah8scc9-k51kdnZiSAQhHDwmpohJG4djetRxwJg== expires Fri, 20 Jun 2025 19:11:51 GMT
GET H2	200	d-logo--dark.svg duo.com/assets/img/decipher/logos/	4 KB 2 KB	17ms 16ms	Image image/svg+xml	3.161.82.84 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://duo.com/assets/img/decipher/logos/d-logo--dark.svg Requested by Host: duo.com URL: https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.161.82.84 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-3-161-82-84.fra56.r.cloudfront.net Software Duo/1.0 / Resource Hash 431a961732e7d25ade3585946346fb7851946a1d8f4f4270b0b988914ba01520 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 13 Jun 2024 05:56:26 GMT strict-transport-security max-age=63072000; includeSubDomains; preload content-encoding gzip via 1.1 9ceaac5e4cbf8702556b2c925b200af8.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P10 age 657183 x-cache Hit from cloudfront pragma public last-modified Tue, 30 Apr 2024 12:49:06 GMT server Duo/1.0 etag W/"6630e8c2-ff5" vary Accept-Encoding content-type image/svg+xml cache-control max-age=31536000, public, must-revalidate, proxy-revalidate, max-age=31536000 x-amz-cf-id thSp52CZJdz0FhhCea4yL7YP0f96haKjdnmyP6B5ftpc62rOUxGIRw== expires Fri, 13 Jun 2025 05:56:26 GMT
GET H2	200	aW1nL3Nlby1pbWFnZXMvZ2xvYmFsLW5ldHdvcmstZGVjaXBoZXIuanBn duo.com/img/asset/	193 KB 193 KB	900ms 900ms	Image image/jpeg	3.161.82.84 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://duo.com/img/asset/aW1nL3Nlby1pbWFnZXMvZ2xvYmFsLW5ldHdvcmstZGVjaXBoZXIuanBn?w=1000&h=470&fit=crop&s=bc6778fb66c6652c11cdcef14d48b8dc Requested by Host: duo.com URL: https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.161.82.84 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-3-161-82-84.fra56.r.cloudfront.net Software Duo/1.0 / Resource Hash 030933579700f0b4b2f869cb53bc8aea33d386d4ba0a344c777c1950914f1ee6 Security Headers Name Value Content-Security-Policy frame-ancestors 'self' *.cisco.com; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 20 Jun 2024 20:29:30 GMT strict-transport-security max-age=63072000; includeSubDomains; preload x-content-type-options nosniff content-security-policy frame-ancestors 'self' *.cisco.com; via 1.1 9ceaac5e4cbf8702556b2c925b200af8.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P10 x-cache Miss from cloudfront content-length 197190 x-xss-protection 1; mode=block x-ua-compatible IE=Edge,chrome=1 referrer-policy no-referrer-when-downgrade last-modified Thu, 20 Jun 2024 20:29:30 GMT server Duo/1.0 content-type image/jpeg cache-control max-age=300 permissions-policy interest-cohort=() x-amz-cf-id iEYdZtZ36eQ3DLVrnWz_zNK69iEEliK9O5xw2ncZqHnuN4OI5GdsxA== expires Thu, 20 Jun 2024 20:34:30 GMT
GET H2	200	d-logo--footer.svg duo.com/assets/img/decipher/logos/	3 KB 2 KB	10ms 10ms	Image image/svg+xml	3.161.82.84 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://duo.com/assets/img/decipher/logos/d-logo--footer.svg Requested by Host: duo.com URL: https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.161.82.84 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-3-161-82-84.fra56.r.cloudfront.net Software Duo/1.0 / Resource Hash c33592c7a249c98164b3d533c58fae62ced2b403deab8f2d0cce4c4f1cbb285d Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 12 Jun 2024 06:22:52 GMT strict-transport-security max-age=63072000; includeSubDomains; preload content-encoding gzip via 1.1 9ceaac5e4cbf8702556b2c925b200af8.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P10 age 741997 x-cache Hit from cloudfront pragma public last-modified Tue, 30 Apr 2024 12:49:06 GMT server Duo/1.0 etag W/"6630e8c2-b5f" vary Accept-Encoding content-type image/svg+xml cache-control max-age=31536000, public, must-revalidate, proxy-revalidate, max-age=31536000 x-amz-cf-id V0G0ejlyMQ2fCrLNYf9Le1pm_WoHlGW_wn6A2PKP8R7ZGeNJWuMHUw== expires Thu, 12 Jun 2025 06:22:52 GMT
GET H2	200	jquery.min.js Show response ajax.googleapis.com/ajax/libs/jquery/3.6.1/	88 KB 31 KB	122ms 36ms	Script text/javascript	2a00:1450:4001:812::200a GOOGLE
General Check archive.org Show headers Download Go to Full URL https://ajax.googleapis.com/ajax/libs/jquery/3.6.1/jquery.min.js Requested by Host: duo.com URL: https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software sffe / Resource Hash a3cf00c109d907e543bc4f6dbc85eb31068f94515251347e9e57509b52ee3d74 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 04:51:07 GMT content-encoding gzip x-content-type-options nosniff age 142702 content-security-policy-report-only require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 31100 x-xss-protection 0 last-modified Thu, 08 Sep 2022 18:15:00 GMT server sffe cross-origin-opener-policy same-origin; report-to="hosted-libraries-pushers" vary Accept-Encoding report-to {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]} content-type text/javascript; charset=UTF-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=2592000 accept-ranges bytes timing-allow-origin * expires Thu, 19 Jun 2025 04:51:07 GMT
GET H2	200	jquery-migrate-3.4.0.min.js Show response code.jquery.com/	13 KB 5 KB	29ms 7ms	Script application/javascript	2a04:4e42:600::649 FASTLY
General Check archive.org Show headers Download Go to Full URL https://code.jquery.com/jquery-migrate-3.4.0.min.js Requested by Host: duo.com URL: https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:600::649 , United States, ASN54113 (FASTLY, US), Reverse DNS Software nginx / Resource Hash 9810aee7e6d57d8cceaa96322b88e6df46710194689ae12b284149148cabc2f3 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 20 Jun 2024 20:29:29 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish age 24113164 x-cache HIT, HIT content-length 4792 x-served-by cache-lga21926-LGA, cache-fra-eddf8230143-FRA last-modified Fri, 18 Oct 1991 12:00:00 GMT server nginx x-timer S1718915370.860370,VS0,VE0 etag W/"28feccc0-3470" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000, stale-while-revalidate=604800 accept-ranges bytes x-cache-hits 6969, 568
GET H3	200	owl.carousel.min.js Show response cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/	43 KB 11 KB	51ms 25ms	Script application/javascript	104.17.24.14 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/owl.carousel.min.js Requested by Host: duo.com URL: https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash a53c43f834b32309b084ea9314df8307e9c78cee2202c6e07f216ae4ae5b704d Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer Origin https://duo.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 20 Jun 2024 20:29:29 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 15104 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 10158 last-modified Mon, 04 May 2020 16:04:00 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03cf0-ad36" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jlmDrgOPkh7UZAOB1kfXOvIxIAngiSu6lvFqJBxVdbEQfjvkzu4fHgcMz%2BtzXESA4fYVXtZPzf47OHINQd1pjf%2F%2Bh34N2sTJ98w7%2FJiF5Tv%2Fj8wOfFjRW3LJmwDJ67Q1NfHfGexc"}],"group":"cf-nel","max_age":604800} content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 896e82e5ab3e973c-FRA expires Tue, 10 Jun 2025 20:29:29 GMT
GET H3	200	owl.carousel.min.css cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/assets/	3 KB 1 KB	51ms 26ms	Stylesheet text/css	104.17.24.14 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://cdnjs.cloudflare.com/ajax/libs/OwlCarousel2/2.3.4/assets/owl.carousel.min.css Requested by Host: duo.com URL: https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Protocol H3 Security QUIC, , AES_128_GCM Server 104.17.24.14 -, , ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 521410e1fc44780061e09adc980275fb5ea277fd5d9e538454214ec4379ff4bc Security Headers Name Value Strict-Transport-Security max-age=15780000 X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer Origin https://duo.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 20 Jun 2024 20:29:29 GMT content-encoding br x-content-type-options nosniff cf-cache-status HIT nel {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} strict-transport-security max-age=15780000 age 19335 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 845 last-modified Mon, 04 May 2020 16:04:00 GMT server cloudflare cf-cdnjs-via cfworker/kv etag "5eb03cf0-d17" vary Accept-Encoding report-to {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K6YydHkoWlzPyowmNFz8wINc8i3Y45KYhOm%2BNFHvlFDX4Hjm5ZNWbyFC0rIE9ZCdc6UJH1IS8EDxDUmaNCYSyuRu%2FEeS1jBCdYCz0ogXaAYcQ834E3sET1hLaBWnQ4i0gdB8vJlg"}],"group":"cf-nel","max_age":604800} content-type text/css; charset=utf-8 access-control-allow-origin * cache-control public, max-age=30672000 accept-ranges bytes timing-allow-origin * cf-ray 896e82e5ab41973c-FRA expires Tue, 10 Jun 2025 20:29:29 GMT
GET H2	200	production-2021.min.js Show response duo.com/js/build/	821 KB 288 KB	10ms 9ms	Script application/javascript	3.161.82.84 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://duo.com/js/build/production-2021.min.js?v=1715280435 Requested by Host: duo.com URL: https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.161.82.84 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-3-161-82-84.fra56.r.cloudfront.net Software Duo/1.0 / Resource Hash 8f8f55e27c47c39b1f2fb0f90539f36921a1c2a9aba7c4ad37d25f238121c163 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 20 Jun 2024 19:11:51 GMT strict-transport-security max-age=63072000; includeSubDomains; preload content-encoding gzip via 1.1 9ceaac5e4cbf8702556b2c925b200af8.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P10 age 4657 x-cache Hit from cloudfront pragma public last-modified Thu, 09 May 2024 17:30:31 GMT server Duo/1.0 etag W/"663d0837-cd5b1" vary Accept-Encoding content-type application/javascript; charset=utf-8 cache-control max-age=31536000, public, must-revalidate, proxy-revalidate, max-age=31536000 x-amz-cf-id yCOtcQXT0DIqm0aIjY4grKXu8igm2Lfu7dHhEvk0iarf0xJXNYvkXQ== expires Fri, 20 Jun 2025 19:11:51 GMT
GET H2	200	ctm.js Show response www.cisco.com/c/dam/cdc/t/	111 KB 28 KB	134ms 18ms	Script application/x-javascript	2a02:26f0:7100:88a::b33 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www.cisco.com/c/dam/cdc/t/ctm.js Requested by Host: duo.com URL: https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:7100:88a::b33 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Apache / Resource Hash 53b6fd4debd3d371b1ce0623e17c98f14c5bb0b7df5a898a487aab403558e7eb Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com *.webex.com *.cdw.com *.cdwg.com *.cdw.ca *.meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com *.itquotes.ie dteonline.com ampito-cisco.com arkphire.com *.insight.com *.ccsmedia.com *.ebuyer.com *.lambda-tek.com *.storm-technologies.com *.vohkus.com *.bechtle.com *.rainfocus.com *.broadbandbuyer.com *.hardware.com shop.redpontem.com *.miro.com cisco.techdatavendors.be *.service-now.com *.thousandeyes.com *.duo.com duo.com *.umbrella.com *.pricespider.com *.mapbox.com cdnjs.cloudflare.com https://community.cisco.com/; Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 20 Jun 2024 20:29:29 GMT content-encoding gzip x-content-type-options nosniff content-security-policy upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com *.webex.com *.cdw.com *.cdwg.com *.cdw.ca *.meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com *.itquotes.ie dteonline.com ampito-cisco.com arkphire.com *.insight.com *.ccsmedia.com *.ebuyer.com *.lambda-tek.com *.storm-technologies.com *.vohkus.com *.bechtle.com *.rainfocus.com *.broadbandbuyer.com *.hardware.com shop.redpontem.com *.miro.com cisco.techdatavendors.be *.service-now.com *.thousandeyes.com *.duo.com duo.com *.umbrella.com *.pricespider.com *.mapbox.com cdnjs.cloudflare.com https://community.cisco.com/; strict-transport-security max-age=31536000 server-timing cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1718915369936_34603319_824291876_45_10790_6_16_182";dur=1 x-test-debug nURL=www.cisco.com,realm=0,isRealm=0,realmDomain=0,shortrealm=0,upgradeTest=1 x-xss-protection 1; mode=block content-length 27513 pragma no-cache cdchost wemxweb-publish-prod1-05 server Apache etag "1bbf7-61b538e1ac30d-gzip" x-frame-options SAMEORIGIN vary Accept-Encoding content-type application/x-javascript cache-control max-age=0, no-cache, no-store accept-ranges bytes expires Thu, 20 Jun 2024 20:29:29 GMT
GET H2	200	search-script.min.js Show response customer.cludo.com/scripts/bundles/	219 KB 48 KB	93ms 32ms	Script application/javascript	2606:4700:10::6816:1d60 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://customer.cludo.com/scripts/bundles/search-script.min.js Requested by Host: duo.com URL: https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700:10::6816:1d60 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash 5bb8548c9b1fe1a8b7b3af3f8bdc08b3c049fb5733d0f35683f9bf0c188122fa Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 20 Jun 2024 20:29:29 GMT content-encoding br cf-cache-status HIT last-modified Thu, 06 Jun 2024 08:12:24 GMT server cloudflare age 81 etag W/"024fd42e9b7da1:0" vary Accept-Encoding content-type application/javascript access-control-allow-origin * cache-control max-age=300 cf-ray 896e82e5eda401c7-CDG alt-svc h3=":443"; ma=86400 x-lb 2
GET H2	200	din1451alt-webfont.woff2 duo.com/fonts/din1451alt/	17 KB 18 KB	494ms 493ms	Font application/octet-stream	3.161.82.84 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://duo.com/fonts/din1451alt/din1451alt-webfont.woff2 Requested by Host: duo.com URL: https://duo.com/css/production-2021.css?v=1718909231 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.161.82.84 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-3-161-82-84.fra56.r.cloudfront.net Software Duo/1.0 / Resource Hash e9f76eabead93f85fc4dc190dca4b1419dcd76b57b1c22649856b01d3ac2536e Security Headers Name Value Content-Security-Policy frame-ancestors 'self' *.cisco.com; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/css/production-2021.css?v=1718909231 Origin https://duo.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=63072000; includeSubDomains; preload content-security-policy frame-ancestors 'self' *.cisco.com; x-content-type-options nosniff date Thu, 20 Jun 2024 20:29:30 GMT via 1.1 9ceaac5e4cbf8702556b2c925b200af8.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P10 x-cache RefreshHit from cloudfront content-length 17424 x-xss-protection 1; mode=block x-ua-compatible IE=Edge,chrome=1 referrer-policy no-referrer-when-downgrade last-modified Tue, 30 Apr 2024 12:49:35 GMT server Duo/1.0 etag "6630e8df-4410" vary Accept-Encoding content-type application/octet-stream cache-control max-age=300 accept-ranges bytes x-amz-cf-id S3lZXjtrcTAYljJDnzGafCX4Bmso1Uw8-ilEB26pmtzohoWz76Jm9g== expires Thu, 20 Jun 2024 20:34:30 GMT
GET H2	200	diamond.svg duo.com/assets/img/decipher/svg/	187 B 675 B	9ms 8ms	Image image/svg+xml	3.161.82.84 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://duo.com/assets/img/decipher/svg/diamond.svg Requested by Host: duo.com URL: https://duo.com/css/production-2021.css?v=1718909231 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.161.82.84 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-3-161-82-84.fra56.r.cloudfront.net Software Duo/1.0 / Resource Hash 45f9c9efb71fae4c333607520017c544fb9dc13100dd260f6148eb179b919d68 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/css/production-2021.css?v=1718909231 Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 13 Jun 2024 05:56:27 GMT strict-transport-security max-age=63072000; includeSubDomains; preload via 1.1 9ceaac5e4cbf8702556b2c925b200af8.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P10 age 657181 x-cache Hit from cloudfront content-length 187 pragma public last-modified Tue, 30 Apr 2024 12:49:06 GMT server Duo/1.0 etag "6630e8c2-bb" content-type image/svg+xml cache-control max-age=31536000, public, must-revalidate, proxy-revalidate, max-age=31536000 accept-ranges bytes x-amz-cf-id 10PgeVepLpo44jF5iP0J6G2BFADEGF4e1MFMpEjLB-mXfTcz5ibwrg== expires Fri, 13 Jun 2025 05:56:27 GMT
GET H2	200	din1451alt_g-webfont.woff2 duo.com/fonts/din1451alt/	22 KB 23 KB	492ms 492ms	Font application/octet-stream	3.161.82.84 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://duo.com/fonts/din1451alt/din1451alt_g-webfont.woff2 Requested by Host: duo.com URL: https://duo.com/css/production-2021.css?v=1718909231 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.161.82.84 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-3-161-82-84.fra56.r.cloudfront.net Software Duo/1.0 / Resource Hash ede067783c02098828dfe0bda385a9913ff79006eb2cd1a406bcc18e66cd7bad Security Headers Name Value Content-Security-Policy frame-ancestors 'self' *.cisco.com; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/css/production-2021.css?v=1718909231 Origin https://duo.com Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=63072000; includeSubDomains; preload content-security-policy frame-ancestors 'self' *.cisco.com; x-content-type-options nosniff date Thu, 20 Jun 2024 20:29:30 GMT via 1.1 9ceaac5e4cbf8702556b2c925b200af8.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P10 x-cache RefreshHit from cloudfront content-length 22668 x-xss-protection 1; mode=block x-ua-compatible IE=Edge,chrome=1 referrer-policy no-referrer-when-downgrade last-modified Tue, 30 Apr 2024 12:49:35 GMT server Duo/1.0 etag "6630e8df-588c" vary Accept-Encoding content-type application/octet-stream cache-control max-age=300 accept-ranges bytes x-amz-cf-id AwB8Et6iPsSDI1CsrEDevnpgAMGRsVynGUVPUvWsZ9_PfbLIBhkuDQ== expires Thu, 20 Jun 2024 20:34:30 GMT
GET H2	200	icon-sprite.svg Show response duo.com/fonts/	245 KB 82 KB	11ms 10ms	XHR image/svg+xml	3.161.82.84 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://duo.com/fonts/icon-sprite.svg Requested by Host: duo.com URL: https://duo.com/js/build/production-2021.min.js?v=1715280435 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.161.82.84 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-3-161-82-84.fra56.r.cloudfront.net Software Duo/1.0 / Resource Hash 21ae704f8c4bff2bd0b44da2b39e8162e732189fb7af402f07ea6c401760c343 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Mon, 03 Jun 2024 08:08:53 GMT strict-transport-security max-age=63072000; includeSubDomains; preload content-encoding gzip via 1.1 9ceaac5e4cbf8702556b2c925b200af8.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P10 age 1513237 x-cache Hit from cloudfront pragma public last-modified Tue, 30 Apr 2024 12:49:35 GMT server Duo/1.0 etag W/"6630e8df-3d2b5" vary Accept-Encoding content-type image/svg+xml cache-control max-age=31536000, public, must-revalidate, proxy-revalidate, max-age=31536000 x-amz-cf-id WYCzARmXut3KMJwaE5jaK0r3ADQ4bMxZk08qc-g130ekrocGc-8kow== expires Tue, 03 Jun 2025 08:08:53 GMT
GET H2	200	utag.js Show response tags.tiqcdn.com/utag/cisco/duo/prod/	244 KB 60 KB	46ms 9ms	Script application/javascript	2600:9000:235a:3600:7:2bfb:7c00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Requested by Host: www.cisco.com URL: https://www.cisco.com/c/dam/cdc/t/ctm.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:235a:3600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash c4cf814c84dccdc4961c5920737f393dc91713b374d4564b32000aa7a0b1f2ee Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-amz-version-id 4r1vS6dxnTEgLPdzmDAJJvE4SCHp.2qS content-encoding br via 1.1 45e3ccd889272a7e8732f0eda13e87ca.cloudfront.net (CloudFront) date Thu, 20 Jun 2024 20:27:55 GMT last-modified Thu, 20 Jun 2024 19:47:00 GMT server AmazonS3 x-amz-cf-pop FRA60-P9 age 219 x-amz-server-side-encryption AES256 etag W/"40ea44477a1170e1a45f51d4c9d3ab3a" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=300 x-amz-cf-id ItE9xY1TBOl6trUk-75eiKW0QLOA_ok97rHHm8j5v6RfNduoUZRStQ==
GET H2	200	data.json Show response duo.com/assets/data/d-logo-dark/	195 KB 23 KB	491ms 491ms	XHR application/json	3.161.82.84 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://duo.com/assets/data/d-logo-dark/data.json Requested by Host: duo.com URL: https://duo.com/js/build/production-2021.min.js?v=1715280435 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.161.82.84 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-3-161-82-84.fra56.r.cloudfront.net Software Duo/1.0 / Resource Hash 3876824c31a6ce8eb7d05c2e8c83ac54d557d91d32319903714ea5b9ec163a9c Security Headers Name Value Content-Security-Policy frame-ancestors 'self' *.cisco.com; Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=63072000; includeSubDomains; preload content-security-policy frame-ancestors 'self' *.cisco.com; x-content-type-options nosniff date Thu, 20 Jun 2024 20:29:30 GMT content-encoding gzip via 1.1 9ceaac5e4cbf8702556b2c925b200af8.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P10 x-cache RefreshHit from cloudfront x-xss-protection 1; mode=block x-ua-compatible IE=Edge,chrome=1 referrer-policy no-referrer-when-downgrade last-modified Tue, 30 Apr 2024 12:48:49 GMT server Duo/1.0 etag W/"6630e8b1-30b9d" vary Accept-Encoding content-type application/json cache-control max-age=300 x-amz-cf-id laDRRyejgFBVMGy8bXugZcxjS8PnBAmJJqwMK9tLxP8xeYrmtpJCMA== expires Thu, 20 Jun 2024 20:34:30 GMT
GET H2	200	qualified.js Show response js.qualified.com/	898 KB 206 KB	530ms 489ms	Script text/javascript	2606:4700::6812:1105 CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://js.qualified.com/qualified.js?token=QZjwGwGpcBiwkfRA&utv=ut4.51.202405311220 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2606:4700::6812:1105 , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash f14102f8290cc5bc870ece62744faccfd44b78e247d385a145ed3f1815c9a4d7 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 20 Jun 2024 20:29:30 GMT content-encoding gzip via 1.1 spaces-router (f664e1b0322c) strict-transport-security max-age=63072000; includeSubDomains cf-cache-status MISS x-content-type-options nosniff x-permitted-cross-domain-policies none x-xss-protection 1; mode=block x-request-id d2e61344-b269-00a1-8e0f-e857e05e5e3c pragma no-cache x-runtime 0.034757 referrer-policy strict-origin-when-cross-origin server cloudflare etag W/"f14102f8290cc5bc870ece62744faccf" x-download-options noopen vary Accept,Accept-Encoding x-frame-options SAMEORIGIN content-type text/javascript; charset=utf-8 cache-control public, max-age=14400 cf-ray 896e82e8b8d091d5-FRA expires Fri, 21 Jun 2024 00:29:30 GMT
GET H2	200	ga.js Show response ga.clearbit.com/v1/	11 KB 4 KB	234ms 204ms	Script application/javascript	3.127.196.46 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://ga.clearbit.com/v1/ga.js?authorization=pk_c1d84afacb2932ce323e73b444908d45&utv=ut4.51.202405311220 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.127.196.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US), Reverse DNS ec2-3-127-196-46.eu-central-1.compute.amazonaws.com Software Clearbit / Resource Hash 1f577c5a27fdd8c9fb9a8ebef8a4a6b9afa0a305539143a89ffccd3a805e83f0 Security Headers Name Value Strict-Transport-Security max-age=63072000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 20 Jun 2024 20:29:30 GMT content-encoding gzip x-content-type-options nosniff x-envoy-response-flags - server Clearbit x-api-version 2018-02-14 strict-transport-security max-age=63072000; includeSubDomains; preload vary Accept-Encoding content-type application/javascript;charset=utf-8 x-account-id 0b168c3a-7e98-434a-96e5-e211e5b08da1
GET H2	200	SmartForms.js Show response sfc.leadspace.com/	3 KB 3 KB	58ms 15ms	Script application/javascript	35.190.114.154 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://sfc.leadspace.com/SmartForms.js?utv=ut4.51.202405311220 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 35.190.114.154 Kansas City, United States, ASN15169 (GOOGLE, US), Reverse DNS 154.114.190.35.bc.googleusercontent.com Software UploadServer / Resource Hash 0645386b306fc6a2e7a59f44e38fb44e53c519a4ba0f0701e0caa07e9ab601d6 Security Headers Name Value Content-Security-Policy default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; Strict-Transport-Security max-age=31536000 X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 20 Jun 2024 20:28:02 GMT strict-transport-security max-age=31536000 content-security-policy default-src * 'unsafe-inline' 'unsafe-eval'; script-src * 'unsafe-inline' 'unsafe-eval'; connect-src * 'unsafe-inline'; img-src * data: blob: 'unsafe-inline'; frame-src *; style-src * 'unsafe-inline'; age 88 x-guploader-uploadid ACJd0Nq9IgBqZXVLBE307aH1BYcPG081uS4W9gwwk54QP3lWR12OCyM331gmLAw1Vj0sZQmzQajD2m07Bg x-goog-storage-class STANDARD x-goog-metageneration 1 x-goog-stored-content-encoding identity alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 2718 x-xss-protection 1; mode=block referrer-policy no-referrer last-modified Wed, 08 May 2024 06:05:08 GMT server UploadServer etag "557a04d61944100c7badd3f08c3e0fd3" x-frame-options SAMEORIGIN x-goog-generation 1715148308907994 x-goog-hash crc32c=6Pcn1A==, md5=VXoE1hlEEAx7rdPwjD4P0w== access-control-allow-origin * access-control-expose-headers Content-Type cache-control public, max-age=3600 feature-policy camera 'none';payment 'none'; usermedia 'none'; sync-xhr 'self' https://*.leadspace.com x-goog-stored-content-length 2718 accept-ranges bytes content-type application/javascript expires Thu, 20 Jun 2024 21:28:02 GMT
GET H2	200	rd Show response dpm.demdex.net/id/ Redirect Chain https://dpm.demdex.net/id?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B8D07FF4520E94C10A490D4C%40AdobeOrg&d_nsid=0&ts=1718915371141 https://dpm.demdex.net/id/rd?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B8D07FF4520E94C10A490D4C%40AdobeOrg&d_nsid=0&ts=1718915371141	973 B 1 KB	31ms 30ms	XHR application/json	52.212.196.90 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://dpm.demdex.net/id/rd?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B8D07FF4520E94C10A490D4C%40AdobeOrg&d_nsid=0&ts=1718915371141 Requested by Host: duo.com URL: https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Protocol H2 Server 52.212.196.90 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-212-196-90.eu-west-1.compute.amazonaws.com Software / Resource Hash cb5d82ec70b75971edd82400b08683ad32ff06fdbf91613282bc0a11c1f938c8 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers dcs dcs-prod-irl1-1-v061-02af82b64.edge-irl1.demdex.com 2 ms pragma no-cache date Thu, 20 Jun 2024 20:29:31 GMT strict-transport-security max-age=31536000; includeSubDomains content-encoding gzip x-tid TT6bXMnCR4Y= vary Origin content-type application/json;charset=utf-8 p3p policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" access-control-allow-origin https://duo.com cache-control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private access-control-allow-credentials true content-length 532 expires Thu, 01 Jan 1970 00:00:00 UTC Redirect headers dcs dcs-prod-irl1-2-v061-0bba5b8dc.edge-irl1.demdex.com 0 ms pragma no-cache date Thu, 20 Jun 2024 20:29:31 GMT strict-transport-security max-age=31536000; includeSubDomains x-tid FKT18nehSGU= vary Origin p3p policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" location https://dpm.demdex.net/id/rd?d_visid_ver=4.1.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=B8D07FF4520E94C10A490D4C%40AdobeOrg&d_nsid=0&ts=1718915371141 access-control-allow-origin https://duo.com cache-control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private access-control-allow-credentials true content-length 0 expires Thu, 01 Jan 1970 00:00:00 UTC
GET H2	200	utag.5.js Show response tags.tiqcdn.com/utag/cisco/duo/prod/	74 KB 25 KB	13ms 8ms	Script application/javascript	2600:9000:235a:3600:7:2bfb:7c00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.5.js?utv=ut4.51.202406201946 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:235a:3600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 3a1615eb12b869c32e5b1c01fbfe7c3315a29f51aa2fc495265c05f4d3eb5976 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-amz-version-id wdBqoOgbHPeR5WGOXE61PE55qQYEV4pA content-encoding br via 1.1 45e3ccd889272a7e8732f0eda13e87ca.cloudfront.net (CloudFront) date Thu, 20 Jun 2024 20:28:03 GMT last-modified Thu, 20 Jun 2024 19:46:56 GMT server AmazonS3 x-amz-cf-pop FRA60-P9 age 216 x-amz-server-side-encryption AES256 etag W/"9c366971420a2a7e89f5737eab990454" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=1296000 x-amz-cf-id O0SkU6_AVC3mCsjzgN4CDPAZBfM309titUsz9hryVrw1rL5tcAr7Jg==
GET H2	200	utag.52.js Show response tags.tiqcdn.com/utag/cisco/duo/prod/	20 KB 7 KB	15ms 10ms	Script application/javascript	2600:9000:235a:3600:7:2bfb:7c00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.52.js?utv=ut4.51.202406201946 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:235a:3600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 0cf34e36bfccf2e9bf29d563899460f93b61d2e259fad4c98f0b12f58d2455cc Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-amz-version-id cgbLglajMQbm4700kfi43H6XvAc.60K4 content-encoding br via 1.1 45e3ccd889272a7e8732f0eda13e87ca.cloudfront.net (CloudFront) date Thu, 20 Jun 2024 20:28:03 GMT last-modified Thu, 20 Jun 2024 19:46:58 GMT server AmazonS3 x-amz-cf-pop FRA60-P9 age 216 x-amz-server-side-encryption AES256 etag W/"935296863f7accb903626a38150fe2c3" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=1296000 x-amz-cf-id A9jS9T131kqBX-vfsUAjcur38A2DlbHsNt5LVDD6Se7Pj8KQGmi01w==
GET H2	200	utag.28.js Show response tags.tiqcdn.com/utag/cisco/duo/prod/	2 KB 1 KB	22ms 17ms	Script application/javascript	2600:9000:235a:3600:7:2bfb:7c00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.28.js?utv=ut4.51.202405311220 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:235a:3600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 7f937f20fdff34a7658ee5c13868e4b0d390ace76fa17641bfe2d2775d1f0342 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-amz-version-id 4CQSXae0lL8a2b06ngj6xtoilrizGt5F content-encoding br via 1.1 45e3ccd889272a7e8732f0eda13e87ca.cloudfront.net (CloudFront) date Thu, 20 Jun 2024 20:28:03 GMT last-modified Thu, 20 Jun 2024 19:46:59 GMT server AmazonS3 x-amz-cf-pop FRA60-P9 age 185 x-amz-server-side-encryption AES256 etag W/"62e6fdc47fe8f3ac01a7712b913451b2" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=1296000 x-amz-cf-id 7cFULh7WQcsL0BDbaZA-SIccfSzr3YrLmysOwQEscE8AHXSoLA08eA==
GET H2	200	utag.60.js Show response tags.tiqcdn.com/utag/cisco/duo/prod/	3 KB 2 KB	22ms 17ms	Script application/javascript	2600:9000:235a:3600:7:2bfb:7c00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.60.js?utv=ut4.51.202405311220 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:235a:3600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash c369d9342fef279c21f8cfff088ba8a1022c4d54be82eefa3b80b6acb120f9bf Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-amz-version-id 1rxYj0P7Cyp_sjKYlIp9Vy9goTurJwyF content-encoding br via 1.1 45e3ccd889272a7e8732f0eda13e87ca.cloudfront.net (CloudFront) date Thu, 20 Jun 2024 20:28:03 GMT last-modified Thu, 20 Jun 2024 19:46:55 GMT server AmazonS3 x-amz-cf-pop FRA60-P9 age 185 x-amz-server-side-encryption AES256 etag W/"ed18d494ac921a7deab2fbf8d7986b2f" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=1296000 x-amz-cf-id fi63eAamsL5rwXnNjJWwX0u4rz_e0us_EfMkeO2Qm8xIDGRYtu4sXg==
GET H2	200	utag.83.js Show response tags.tiqcdn.com/utag/cisco/duo/prod/	3 KB 2 KB	22ms 18ms	Script application/javascript	2600:9000:235a:3600:7:2bfb:7c00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.83.js?utv=ut4.51.202405311220 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:235a:3600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 9ac9c4d8aad730fbded3e8be52396fc3cb2be3ae4a256b481ac98a9c88036302 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-amz-version-id jvt4QyU926XPlhFclmdgQ6Fe4H5XfVzA content-encoding br via 1.1 45e3ccd889272a7e8732f0eda13e87ca.cloudfront.net (CloudFront) date Thu, 20 Jun 2024 20:28:03 GMT last-modified Thu, 20 Jun 2024 19:46:58 GMT server AmazonS3 x-amz-cf-pop FRA60-P9 age 185 x-amz-server-side-encryption AES256 etag W/"845a2261a83256f49113d7f42f3d8534" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=1296000 x-amz-cf-id 2E0AMzDEmK52jH5TupSuX8K129MhaJkbgD6TClowLzAr9wtkBcPaRw==
GET H2	200	utag.87.js Show response tags.tiqcdn.com/utag/cisco/duo/prod/	2 KB 1 KB	22ms 18ms	Script application/javascript	2600:9000:235a:3600:7:2bfb:7c00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.87.js?utv=ut4.51.202405311220 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:235a:3600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash c003f54076305cc2a84eb02d65a12075d1fe011794e814c1294c2d9db8a597ae Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-amz-version-id 4p8xBFR__eqgTGb5hQHRlM7CNtJSAJs1 content-encoding br via 1.1 45e3ccd889272a7e8732f0eda13e87ca.cloudfront.net (CloudFront) date Thu, 20 Jun 2024 20:28:03 GMT last-modified Thu, 20 Jun 2024 19:47:00 GMT server AmazonS3 x-amz-cf-pop FRA60-P9 age 185 x-amz-server-side-encryption AES256 etag W/"07d62ef212c989119804b4f1b2052bf2" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=1296000 x-amz-cf-id 5zbjXE_zHNP5jLQXsewf6HtQnXVxUzGAzH3qgU0AXnY9RCsn8NEumw==
GET H2	200	utag.89.js Show response tags.tiqcdn.com/utag/cisco/duo/prod/	8 KB 3 KB	22ms 18ms	Script application/javascript	2600:9000:235a:3600:7:2bfb:7c00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.89.js?utv=ut4.51.202405311220 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:235a:3600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash a5c1a9d2a2ad6bd0563fce197f951421d5eb1b1f4f3d768f04e2e3bc2401328f Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-amz-version-id ceRkItVXUAR8DJxljpRI0YD8VARZpsMW content-encoding br via 1.1 45e3ccd889272a7e8732f0eda13e87ca.cloudfront.net (CloudFront) date Thu, 20 Jun 2024 20:28:03 GMT last-modified Thu, 20 Jun 2024 19:46:56 GMT server AmazonS3 x-amz-cf-pop FRA60-P9 age 185 x-amz-server-side-encryption AES256 etag W/"83f2537b90e4aba03ce1ff81eb227521" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=1296000 x-amz-cf-id Qz3xqQhvdYDOOQiGOEtppTljgs4gYkTXYL7Eno9ODYD5sAYf05BJpQ==
GET H2	200	utag.94.js Show response tags.tiqcdn.com/utag/cisco/duo/prod/	6 KB 2 KB	22ms 18ms	Script application/javascript	2600:9000:235a:3600:7:2bfb:7c00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.94.js?utv=ut4.51.202405310034 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:235a:3600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash e407e43adfc3ed7cf361f8afa57c1f9050fe27465b2516c6289704fc4c371a5d Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-amz-version-id oN3I3RU1HPimKR7QRMN6USaJaFIBHF3i content-encoding br via 1.1 45e3ccd889272a7e8732f0eda13e87ca.cloudfront.net (CloudFront) date Thu, 20 Jun 2024 20:28:03 GMT last-modified Thu, 20 Jun 2024 19:46:59 GMT server AmazonS3 x-amz-cf-pop FRA60-P9 age 185 x-amz-server-side-encryption AES256 etag W/"e05d41aae466cef186b49daa9649e76e" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=1296000 x-amz-cf-id EqBIc0r5M73gEzXxHO2hfinKOVoT63vvBHgYmjMBWjjwAGBkImKYlQ==
GET H2	200	utag.95.js Show response tags.tiqcdn.com/utag/cisco/duo/prod/	5 KB 2 KB	23ms 19ms	Script application/javascript	2600:9000:235a:3600:7:2bfb:7c00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.95.js?utv=ut4.51.202405311220 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:235a:3600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 72a070b776bdf4c92a15fd3e8cf4c27e0f4adf7e45c0b976f57f341da09de857 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-amz-version-id bF14obvHuuRcsfso5h9WNs7vedOQTu6T content-encoding br via 1.1 45e3ccd889272a7e8732f0eda13e87ca.cloudfront.net (CloudFront) date Thu, 20 Jun 2024 20:28:03 GMT last-modified Thu, 20 Jun 2024 19:46:58 GMT server AmazonS3 x-amz-cf-pop FRA60-P9 age 185 x-amz-server-side-encryption AES256 etag W/"d961485f2c8cf74df7d8dd4d127e13f3" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=1296000 x-amz-cf-id YhlLp9DckZgXmYTa881rvOFrgsRuqpn42jFOq_aHhm0JqcM543z09A==
GET H2	200	utag.96.js Show response tags.tiqcdn.com/utag/cisco/duo/prod/	2 KB 1 KB	22ms 18ms	Script application/javascript	2600:9000:235a:3600:7:2bfb:7c00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.96.js?utv=ut4.51.202405311220 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:235a:3600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash fa41e77c486a73126ce0bd7c11a9d0fcfdbede1400af4df000d3a6ccd10fa063 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-amz-version-id nnwLKSV8tlKuTOEHhZiwEnKSUoGwJ5tG content-encoding br via 1.1 45e3ccd889272a7e8732f0eda13e87ca.cloudfront.net (CloudFront) date Thu, 20 Jun 2024 20:28:03 GMT last-modified Thu, 20 Jun 2024 19:46:56 GMT server AmazonS3 x-amz-cf-pop FRA60-P9 age 185 x-amz-server-side-encryption AES256 etag W/"1b0ffdd4c25acf1be91d9bfa9110865e" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=1296000 x-amz-cf-id pw7EyL58poxE17k_QuGL80HsKfTWWFL1h4FCQ2AiY8BmH-dXm6FFpg==
GET H2	200	utag.128.js Show response tags.tiqcdn.com/utag/cisco/duo/prod/	2 KB 1 KB	29ms 25ms	Script application/javascript	2600:9000:235a:3600:7:2bfb:7c00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.128.js?utv=ut4.51.202405311220 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:235a:3600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash e00ec638671c19639983aaf249b7d17b72a021fad5b582cb9f0457b53653e129 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-amz-version-id FOIDOT4utl7my2caVV3wipMWNNjwu_Zx content-encoding br via 1.1 45e3ccd889272a7e8732f0eda13e87ca.cloudfront.net (CloudFront) date Thu, 20 Jun 2024 20:28:03 GMT last-modified Thu, 20 Jun 2024 19:46:57 GMT server AmazonS3 x-amz-cf-pop FRA60-P9 age 185 x-amz-server-side-encryption AES256 etag W/"a87e00e385966b56cc3ba3a3db3d427c" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=1296000 x-amz-cf-id 5Wxefagb9pJEfc7bP0oFiNjTlz0dj2xLjuxNW8hdvLCTkFn_o56lVw==
GET H2	200	utag.97.js Show response tags.tiqcdn.com/utag/cisco/duo/prod/	2 KB 1 KB	23ms 19ms	Script application/javascript	2600:9000:235a:3600:7:2bfb:7c00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.97.js?utv=ut4.51.202405311220 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:235a:3600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 4be7f2b36d6ee3a39896bf25550adfca444a4716839a57483cebb9e62699df7f Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-amz-version-id fKLzoVcnrTxufRp1cZlBjsCdQBbaeGqC content-encoding br via 1.1 45e3ccd889272a7e8732f0eda13e87ca.cloudfront.net (CloudFront) date Thu, 20 Jun 2024 20:28:03 GMT last-modified Thu, 20 Jun 2024 19:46:58 GMT server AmazonS3 x-amz-cf-pop FRA60-P9 age 185 x-amz-server-side-encryption AES256 etag W/"96ef641321552a3f3a374defc4484436" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=1296000 x-amz-cf-id n-PITYWNS1MRw1qbxkEipc0jlq8Gq9G-UTj7wUJ4FtcDBJn88VPLPw==
GET H2	200	utag.99.js Show response tags.tiqcdn.com/utag/cisco/duo/prod/	3 KB 2 KB	23ms 19ms	Script application/javascript	2600:9000:235a:3600:7:2bfb:7c00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.99.js?utv=ut4.51.202405311220 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:235a:3600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash f3a1ee52835e81bb1024d47f0eb892f417c15ad9ae725dee46c6a752395ef433 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-amz-version-id 1bU.eI_gEhdBgNt7C0F7DlykkL6.T3xe content-encoding br via 1.1 45e3ccd889272a7e8732f0eda13e87ca.cloudfront.net (CloudFront) date Thu, 20 Jun 2024 20:28:03 GMT last-modified Thu, 20 Jun 2024 19:46:57 GMT server AmazonS3 x-amz-cf-pop FRA60-P9 age 186 x-amz-server-side-encryption AES256 etag W/"836d95c29d897c80a246402ec417c0d2" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=1296000 x-amz-cf-id WMXMPHBlguWlULAJycmk123TkgoCB_Z6kxhuob8mKq1IfmFcb_zbcA==
GET H2	200	utag.100.js Show response tags.tiqcdn.com/utag/cisco/duo/prod/	22 KB 7 KB	23ms 20ms	Script application/javascript	2600:9000:235a:3600:7:2bfb:7c00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.100.js?utv=ut4.51.202405311220 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:235a:3600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 695bd80b394c304ab68bdf97f7269957536f356f2402d9168b437e132bff0433 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-amz-version-id 0uQKHxa8W9oWA1y.n.LhCuHUOyWzijeo content-encoding br via 1.1 45e3ccd889272a7e8732f0eda13e87ca.cloudfront.net (CloudFront) date Thu, 20 Jun 2024 20:28:03 GMT last-modified Thu, 20 Jun 2024 19:46:57 GMT server AmazonS3 x-amz-cf-pop FRA60-P9 age 185 x-amz-server-side-encryption AES256 etag W/"77d1ba53a6acd9504de167da45fce004" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=1296000 x-amz-cf-id HcD2VTN2ruttB3w29lxzJAC4sFK6zk0UIS5drAG8DOBBPlUVSJYaWw==
GET H2	200	utag.102.js Show response tags.tiqcdn.com/utag/cisco/duo/prod/	12 KB 5 KB	23ms 20ms	Script application/javascript	2600:9000:235a:3600:7:2bfb:7c00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.102.js?utv=ut4.51.202405311220 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:235a:3600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 1bbcdef8d21b1262c6eb2abfa1519e84df9db05da599e2a7ef299c19f2a7b30c Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-amz-version-id HgurUnW2eVe2btB5vA4S88XDDFSzHA5v content-encoding br via 1.1 45e3ccd889272a7e8732f0eda13e87ca.cloudfront.net (CloudFront) date Thu, 20 Jun 2024 20:28:03 GMT last-modified Thu, 20 Jun 2024 19:46:59 GMT server AmazonS3 x-amz-cf-pop FRA60-P9 age 185 x-amz-server-side-encryption AES256 etag W/"11292b9ec0357466e6d21365b0624014" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=1296000 x-amz-cf-id zDf4e7xUKLY8zNwjyRHkD1TLNiC1TMIsgGWTRsxXD4EgKXvztdhDeg==
GET H2	200	utag.104.js Show response tags.tiqcdn.com/utag/cisco/duo/prod/	17 KB 6 KB	27ms 25ms	Script application/javascript	2600:9000:235a:3600:7:2bfb:7c00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.104.js?utv=ut4.51.202405311220 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:235a:3600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 5b562126ab7c181c487294397ac34be291bf1d438b3348057bd39cf2acee94c9 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-amz-version-id gfJAlFPnTiT0JRyt2w.JlB0vTDwVywxL content-encoding br via 1.1 45e3ccd889272a7e8732f0eda13e87ca.cloudfront.net (CloudFront) date Thu, 20 Jun 2024 20:28:03 GMT last-modified Thu, 20 Jun 2024 19:46:56 GMT server AmazonS3 x-amz-cf-pop FRA60-P9 age 186 x-amz-server-side-encryption AES256 etag W/"00ce25cef254f1b1c0704d8daee18f8c" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=1296000 x-amz-cf-id 0frfrmMbKBOUPHTnKt_2GpYDsmsZfXPrfXAJXq9J6DAF4xfyNys1sA==
GET H2	200	utag.107.js Show response tags.tiqcdn.com/utag/cisco/duo/prod/	2 KB 1 KB	22ms 20ms	Script application/javascript	2600:9000:235a:3600:7:2bfb:7c00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.107.js?utv=ut4.51.202405311220 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:235a:3600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 60e5b301f9926870e55e444d0f45f4eed2ef38d819d2db24caeec79cb1473d1f Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-amz-version-id k9MbAi0FTljTw5Am2jlKOG7CE7nJWKjc content-encoding br via 1.1 45e3ccd889272a7e8732f0eda13e87ca.cloudfront.net (CloudFront) date Thu, 20 Jun 2024 20:28:03 GMT last-modified Thu, 20 Jun 2024 19:47:00 GMT server AmazonS3 x-amz-cf-pop FRA60-P9 age 185 x-amz-server-side-encryption AES256 etag W/"f31f7928a86a213c5ee9325c6b86db48" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=1296000 x-amz-cf-id gNOmk1V1MbfPHFXAkiYOvhs0eoyFqZ505eJu3_7OCDAWu9A03D9UGA==
GET H2	200	utag.129.js Show response tags.tiqcdn.com/utag/cisco/duo/prod/	14 KB 5 KB	23ms 22ms	Script application/javascript	2600:9000:235a:3600:7:2bfb:7c00:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.129.js?utv=ut4.51.202405291734 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:235a:3600:7:2bfb:7c00:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 19a64cc731ab985dbfe6b6fb4a8aaa24d8d617cb6192810495154bba7676d564 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-amz-version-id kK1rQR0TAj0aphUr1xl9VsOd2wy0HioF content-encoding br via 1.1 45e3ccd889272a7e8732f0eda13e87ca.cloudfront.net (CloudFront) date Thu, 20 Jun 2024 20:28:03 GMT last-modified Thu, 20 Jun 2024 19:47:00 GMT server AmazonS3 x-amz-cf-pop FRA60-P9 age 185 x-amz-server-side-encryption AES256 etag W/"34a0d46b6b20291263c64b143c57391d" vary Accept-Encoding x-cache Hit from cloudfront content-type application/javascript cache-control max-age=1296000 x-amz-cf-id mvUQlebRXOLRyH4542n291Jd6g6BWlr836pIqXoRUTz3LqSq3mh2eA==
GET		action.html cisco-tags.cisco.com/callback/ Redirect Chain https://cisco-tags.cisco.com/tag/auth/ntpagetag.gif?js=1&ts=1718915371184.598&lc=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&rs=1600x1200&cd=24... https://id.cisco.com/oauth2/default/v1/authorize?response_type=code&scope=openid%20email&client_id=bf6c50dc-2843-4dab-aa45-9e994a90ea8c&state=dIKUfNo-I1nbiSUHECg2X6kKc90&redirect_uri=https%3A%2F%2F... https://cisco-tags.cisco.com/callback/action.html?state=dIKUfNo-I1nbiSUHECg2X6kKc90&error=login_required&error_description=The+client+specified+not+to+prompt%2C+but+the+user+is+not+logged+in.	0 0
GET H2	200	gtm.js Show response www.googletagmanager.com/	434 KB 125 KB	163ms 79ms	Script application/javascript	2a00:1450:4001:80b::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D&l=dataLayer Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 8559c8c1224fa8cc73d2750071a786ce7178fcc77296827a13bd8f86e3df2a8b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 20 Jun 2024 20:29:31 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 127233 x-xss-protection 0 last-modified Thu, 20 Jun 2024 19:25:12 GMT server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true access-control-allow-headers Cache-Control expires Thu, 20 Jun 2024 20:29:31 GMT
GET H/1.1	200 OK	up_loader.1.1.0.js Show response js.adsrvr.org/	12 KB 13 KB	49ms 7ms	Script application/x-javascript	18.172.103.101 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://js.adsrvr.org/up_loader.1.1.0.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 18.172.103.101 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-172-103-101.fra60.r.cloudfront.net Software AmazonS3 / Resource Hash f4d1e641d47b4af1b6cb7936c59626f4dbab3933473009b447406034c34facb5 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Date Thu, 20 Jun 2024 05:44:22 GMT Via 1.1 24c73aa8cdc4e254694e2ac7073f8aea.cloudfront.net (CloudFront) Last-Modified Fri, 07 Jun 2024 09:20:53 GMT Server AmazonS3 X-Amz-Cf-Pop FRA60-P8 Age 53110 x-amz-server-side-encryption AES256 ETag "a7eb6794e868fe870db350518165c868" Vary Accept-Encoding X-Cache Hit from cloudfront Content-Type application/x-javascript Connection keep-alive Accept-Ranges bytes Content-Length 12320 X-Amz-Cf-Id ZqccXzYRNdij_qY9QQ3v1p2XfibuY5NDTYbQFP0iIFi-jMAZeBPwqw==
GET H2	200	amzn.js Show response c.amazon-adsystem.com/aat/	15 KB 5 KB	39ms 10ms	Script application/javascript	13.224.186.120 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://c.amazon-adsystem.com/aat/amzn.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 13.224.186.120 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-13-224-186-120.fra2.r.cloudfront.net Software AmazonS3 / Resource Hash 91c61204ae64f5a470816000a55ef6c3c9653b390e903021d7cf6c7c962d757d Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-amz-version-id P46fZgqit8AAYS0AhBjm0aFl60.Le_Nr content-encoding gzip via 1.1 6ae82cc0c8a39c993134c2be90b4d120.cloudfront.net (CloudFront), 1.1 34f50889bc574f1edeb41dd758962a5a.cloudfront.net (CloudFront) date Thu, 20 Jun 2024 16:37:35 GMT last-modified Wed, 19 Jun 2024 16:34:32 GMT server AmazonS3 x-amz-cf-pop FRA60-P3, FRA2-C1 x-amz-server-side-encryption AES256 etag W/"9e14744fe5a519d524164253e77934cc" vary Accept-Encoding x-cache RefreshHit from cloudfront content-type application/javascript x-amz-cf-id sQ1BbHfRi6l9J8jsw0k3f-6EhW_GRJbiJmGasneOqwQC3UDGg_33lw==
GET H2	200	bat.js Show response bat.bing.com/	45 KB 13 KB	73ms 33ms	Script application/javascript	2620:1ec:c11::237 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/bat.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.96.js?utv=ut4.51.202405311220 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip date Thu, 20 Jun 2024 20:29:31 GMT last-modified Thu, 29 Feb 2024 19:58:06 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: D4BA2B36B1B04C67AD798132E0F723B2 Ref B: FRAEDGE1309 Ref C: 2024-06-20T20:29:31Z etag "01b4e9c496bda1:0" vary Accept-Encoding x-cache CONFIG_NOCACHE content-type application/javascript cache-control private,max-age=1800 accept-ranges bytes content-length 13261
GET H2	200	ebdaa317731b0.js Show response t.contentsquare.net/uxa/	339 KB 81 KB	45ms 9ms	Script application/javascript	18.244.18.112 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://t.contentsquare.net/uxa/ebdaa317731b0.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 18.244.18.112 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-18-244-18-112.fra56.r.cloudfront.net Software AmazonS3 / Resource Hash 7bdcd81ce46b97e36d0215d9850b8a293c9fb710b3b381ec8eac498096ff68e7 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 07:39:04 GMT content-encoding br via 1.1 354c49ee216d1b8ed995ee7b94d96f10.cloudfront.net (CloudFront) x-amz-cf-pop FRA56-P11 age 0 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 82627 last-modified Wed, 19 Jun 2024 07:38:12 GMT server AmazonS3 etag "dbb23c018e07bf36806097df88083ac8" vary Origin content-type application/javascript;charset=utf-8 cache-control max-age=900 accept-ranges bytes timing-allow-origin * x-amz-cf-id _7dA6dZse2ZOZ2J7eprV7EIwh88cielChgybqkeUdCY6mY6khnst4g==
GET H2	200	6si.min.js Show response j.6sc.co/	66 KB 18 KB	37ms 8ms	Script application/javascript	2.17.100.193 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://j.6sc.co/6si.min.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-193.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash 4d3dab569c7b9e24ba3484873769a6b4a34bd3ab4ef6ff53b1c5a5c60f7d5663 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 20 Jun 2024 20:29:31 GMT content-encoding gzip x-content-type-options nosniff last-modified Fri, 14 Jun 2024 00:42:44 GMT server nginx/1.14.0 (Ubuntu) etag "666b9204-10980" vary Accept-Encoding content-type application/javascript cache-control private, no-cache, proxy-revalidate accept-ranges bytes content-length 18315 expires Thu, 20 Jun 2024 20:29:31 GMT
GET H2	200	bizible.js Show response cdn.bizible.com/scripts/	67 KB 25 KB	84ms 17ms	Script application/x-javascript	152.195.15.58 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://cdn.bizible.com/scripts/bizible.js?account=duo.com Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.15.58 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/67D4) / Resource Hash 2423c36666060a11ae7a7bc76fd25db6f7cb003beb5a5d1f6076e01edd9dd000 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSub Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 20 Jun 2024 20:29:31 GMT content-encoding gzip strict-transport-security max-age=31536000; includeSub last-modified Sun, 16 Jun 2024 16:27:29 GMT server ECS (frb/67D4) age 83646 etag "bf17d15ac0da1:0" vary Accept-Encoding x-cache HIT content-type application/x-javascript cache-control max-age=86400 accept-ranges bytes content-length 25394
GET H/1.1	200 OK	elqCfg.min.js Show response img.en25.com/i/	6 KB 3 KB	53ms 15ms	Script application/x-javascript	184.25.216.9 AKAMAI-AS
General Check archive.org Show headers Download Go to Full URL https://img.en25.com/i/elqCfg.min.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol HTTP/1.1 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 184.25.216.9 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US), Reverse DNS a184-25-216-9.deploy.static.akamaitechnologies.com Software / Resource Hash 3346de8e2ae1bfde250c7ac5c06f79a0a60c7faef8e5e08a2c9e8fbf5ec2c9e8 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers Strict-Transport-Security max-age=31536000; includeSubDomains; preload Content-Encoding gzip X-Content-Type-Options nosniff Date Thu, 20 Jun 2024 20:29:31 GMT P3P CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA", Connection keep-alive Content-Length 2183 X-XSS-Protection 1; mode=block Pragma no-cache Last-Modified Tue, 02 Apr 2024 11:52:51 GMT ETag "4e81734af484da1:0" Vary Accept-Encoding Content-Type application/x-javascript Cache-Control no-store Accept-Ranges bytes X-Robots-Tag noindex, nofollow Expires Thu, 20 Jun 2024 20:29:31 GMT
GET H2	200	site-script.js Show response cdn.metadata.io/	8 KB 3 KB	56ms 7ms	Script application/javascript	2600:9000:223c:1600:9:d7d4:1380:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cdn.metadata.io/site-script.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.107.js?utv=ut4.51.202405311220 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:223c:1600:9:d7d4:1380:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash 5802ed3fbc14809835a679954070d666df21bcc6e9e8f5330e2b61af5de87d08 Security Headers Name Value Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-amz-version-id 2gBfyfaxB3fqKDB22TRp1x_OR_dQWkeC content-encoding gzip via 1.1 985c0b2ec44bdebc7f24f26d1e427d30.cloudfront.net (CloudFront) date Thu, 20 Jun 2024 11:45:36 GMT x-content-type-options nosniff strict-transport-security max-age=31536000 x-amz-cf-pop FRA56-P2 age 53285 x-amz-server-side-encryption AES256 x-cache Hit from cloudfront x-xss-protection 1; mode=block referrer-policy strict-origin-when-cross-origin last-modified Thu, 06 Jun 2024 17:28:53 GMT server AmazonS3 etag W/"f5b0e390c41325729288339b59a46ae1" vary Accept-Encoding, Origin x-frame-options SAMEORIGIN content-type application/javascript x-amz-cf-id _hN4BHi95EGEBf26uirP4itTgEDgs3XfRU2UYc6imQFR2p7a6fgwIg==
GET H2	200	insight.min.js Show response snap.licdn.com/li.lms-analytics/	38 KB 14 KB	47ms 11ms	Script application/javascript	2a02:26f0:7100::213:c60b AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://snap.licdn.com/li.lms-analytics/insight.min.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:7100::213:c60b Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash 942a9ba1fe78b402e8b52b83058dbbabde8db6b4d1debf960d6d5afe5192db52 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 20 Jun 2024 20:29:31 GMT content-encoding gzip x-content-type-options nosniff last-modified Tue, 18 Jun 2024 16:46:52 GMT x-cdn AKAM x-amz-server-side-encryption AES256 vary Accept-Encoding content-type application/javascript;charset=utf-8 cache-control max-age=69443 accept-ranges bytes content-length 14004
GET H2	200	fbevents.js Show response connect.facebook.net/en_US/	219 KB 59 KB	33ms 6ms	Script application/x-javascript	2a03:2880:f084:105:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/en_US/fbevents.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 0313b0d078dfe6c7ab517c11404b0c01458469006fbf1a0d4d4c5e90517e54f8 Security Headers Name Value Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers content-security-policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Thu, 20 Jun 2024 20:29:31 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 58024 x-xss-protection 0 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality EXCELLENT; q=0.9, rtt=5, rtx=0, c=12, mss=1368, tbw=2795, tp=-1, tpl=-1, uplat=0, ullat=-1 pragma public x-fb-debug /uOI86rEnjdUI6GzMOiWwnvPeF6WPe9nRBwHGlQADE3Z7PEFWX9utGuLF7kASeH+hqNN0Knf6c9swR+D57tOEw== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type application/x-javascript; charset=utf-8 x-frame-options DENY origin-agent-cluster ?0 cache-control public, max-age=1200 permissions-policy accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy" timing-allow-origin * expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	pixel.js Show response www.redditstatic.com/ads/	42 KB 13 KB	39ms 6ms	Script application/javascript	2a04:4e42:200::396 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.redditstatic.com/ads/pixel.js Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:200::396 , United States, ASN54113 (FASTLY, US), Reverse DNS Software snooserv / Resource Hash 6755508f95a14ac65d6d5123ce9db08f5b0fc2921dd713a6ae8d6369a0020da9 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 20 Jun 2024 20:29:31 GMT content-encoding gzip via 1.1 varnish, 1.1 varnish last-modified Thu, 20 Jun 2024 19:23:03 GMT server snooserv nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02} etag "71b328aff914ada8b774bfa8fff542c4" x-amz-server-side-encryption AES256 vary Accept-Encoding,Origin report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} content-type application/javascript cache-control public, max-age=60 accept-ranges bytes content-length 12116
GET H2	200	events.js Show response analytics.tiktok.com/i18n/pixel/	5 KB 3 KB	154ms 109ms	Script application/javascript	23.36.162.201 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CKAV1QJC77U2JMMIPBFG&lib=ttq Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.36.162.201 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-36-162-201.deploy.static.akamaitechnologies.com Software nginx / Resource Hash 4a7d0201ca29b740580b7860e03e0e37a3a9cb0ba883fcdfc46d31176c921651 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-akamai-request-id 163bd233.6616f89 date Thu, 20 Jun 2024 20:29:31 GMT content-encoding gzip x-tt-trace-tag id=16;cdn-cache=miss;type=dyn x-tt-trace-id 00-240620202931985C782D4C3EF9A01576-2E0D9F54B9BA8790-00 x-cache TCP_MISS from a23-206-213-201.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-) x-parent-response-time 94,23.206.213.201 server-timing cdn-cache; desc=MISS, edge; dur=83, origin; dur=12, inner; dur=3 content-length 1748 pragma no-cache server nginx x-tt-logid 20240620202931985C782D4C3EF9A01576 x-cache-remote TCP_MISS from a184-28-190-7.deploy.akamaitechnologies.com (AkamaiGHost/11.5.2-56372494) (-) vary Accept-Encoding content-type application/javascript; charset=UTF-8 cache-control max-age=0, no-cache, no-store x-origin-response-time 14,184.28.190.7 x-tt-trace-host 0182666b72bd0f36c7404233a29f25a793e223d45ce8b92844e812699831e7d2a03964806ee6237744a69ed90c2e236b30e10c9724e362f4b56ae1b9aee41a68e08286c75616ee962cdc9864a0961474696d32d1cb30d5ddec68d384b5782f009e3fd0f377959c8f3abcc9e194896e06ee expires Thu, 20 Jun 2024 20:29:31 GMT
GET H/1.1	200 OK	iu3 s.amazon-adsystem.com/ Redirect Chain https://s.amazon-adsystem.com/iu3?pid=f808e024-acca-4e83-a13b-f65567e77575&event=Pageview&ts=1718915371262 https://s.amazon-adsystem.com/iu3?pid=f808e024-acca-4e83-a13b-f65567e77575&event=Pageview&ts=1718915371262&dcc=t	0 0	133ms 133ms	Fetch text/html	52.46.151.131 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://s.amazon-adsystem.com/iu3?pid=f808e024-acca-4e83-a13b-f65567e77575&event=Pageview&ts=1718915371262&dcc=t Requested by Host: duo.com URL: https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Protocol HTTP/1.1 Server 52.46.151.131 Ashburn, United States, ASN16509 (AMAZON-02, US), Reverse DNS Software / Resource Hash Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Redirect headers Pragma no-cache Date Thu, 20 Jun 2024 20:29:31 GMT Strict-Transport-Security max-age=47474747; includeSubDomains; preload Server Server x-amz-rid 70T3H1QYMAQEKTWMCQVS Vary Content-Type,Accept-Encoding,User-Agent p3p policyref="https://www.amazon.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR DSP COR" Location https://s.amazon-adsystem.com/iu3?pid=f808e024-acca-4e83-a13b-f65567e77575&event=Pageview&ts=1718915371262&dcc=t Cache-Control max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0 Connection keep-alive Content-Length 0 Expires Thu, 01 Jan 1970 00:00:00 GMT
GET H2	204	4006052.js Show response bat.bing.com/p/action/	0 117 B	38ms 36ms	Script text/plain	2620:1ec:c11::237 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://bat.bing.com/p/action/4006052.js Requested by Host: bat.bing.com URL: https://bat.bing.com/bat.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000; includeSubDomains; preload cache-control private,max-age=1800 date Thu, 20 Jun 2024 20:29:31 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: AECE8EEA35684B48AB2DDBD7B3278DF2 Ref B: FRAEDGE1309 Ref C: 2024-06-20T20:29:31Z x-cache CONFIG_NOCACHE
GET H2	204	0 bat.bing.com/action/	0 284 B	81ms 80ms	Image text/plain	2620:1ec:c11::237 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://bat.bing.com/action/0?ti=4006052&Ver=2&mid=41e75657-c0de-4c1c-b31c-d948ed3f1b27&sid=cc8ca4802f4311efa2e3359ebfe6b8f4&vid=cc8cb8402f4311ef8672697c2cd6a9b1&vids=1&msclkid=N&pi=918639831&lg=de-DE&sw=1600&sh=1200&sc=24&tl=Thousands%20of%20FortiGate%20Devices%20Compromised%20in%20Ongoing%20Campaign%20%7C%20Decipher&p=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&r=&lt=567&evt=pageLoad&sv=1&rn=975338 Requested by Host: duo.com URL: https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache strict-transport-security max-age=31536000; includeSubDomains; preload date Thu, 20 Jun 2024 20:29:31 GMT accept-ch Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version x-msedge-ref Ref A: A1BAA35915814356A8441A5DDDC2062B Ref B: FRAEDGE1309 Ref C: 2024-06-20T20:29:31Z x-cache CONFIG_NOCACHE access-control-allow-origin * cache-control no-cache, must-revalidate expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	/ Show response c.6sc.co/	7 B 187 B	35ms 27ms	XHR text/html	2.17.100.193 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://c.6sc.co/ Requested by Host: j.6sc.co URL: https://j.6sc.co/6si.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-193.deploy.static.akamaitechnologies.com Software / Resource Hash fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 20 Jun 2024 20:29:31 GMT access-control-max-age 86400 access-control-allow-methods GET,POST content-type text/html access-control-allow-origin https://duo.com access-control-allow-credentials true access-control-allow-headers * content-length 7
GET H2	200	/ Show response ipv6.6sc.co/	20 B 303 B	59ms 20ms	XHR text/html	2a02:26f0:7100::210:172 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://ipv6.6sc.co/ Requested by Host: j.6sc.co URL: https://j.6sc.co/6si.min.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:7100::210:172 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software / Resource Hash d8f4f7589e5ecac8f3938b7c06d4496f218a7e0c6ab4eb15596d9c6a3c351367 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 20 Jun 2024 20:29:31 GMT vary Origin content-type text/html access-control-allow-origin https://duo.com cache-control max-age=0, no-cache, no-store 6si-ipv6 2a03:1b20:6:f011::4e server-timing cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1718915371324_34603374_859302180_20_1089_6_27_219";dur=1 content-length 20 expires Thu, 20 Jun 2024 20:29:31 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 258 B	115ms 105ms	Image image/gif	2.17.100.193 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=839eaa5e959ad938f179bd0fe4450965&svisitor=null&visitor=7de91c72-bd11-4272-8020-67d4b9157256&session=e7c188b0-078d-45cc-87e9-3ef365bc38dc&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Thu%2C%2020%20Jun%202024%2020%3A29%3A31%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Dutch%20Military%20Intelligence%20and%20Security%20Service%20said%20it%20has%20identified%20more%20than%2020%2C000%20FortiGate%20devices%20that%20have%20been%20compromised%20by%20a%20Chinese%20state-sponsored%20threat%20group.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Thousands%20of%20FortiGate%20Devices%20Compromised%20in%20Ongoing%20Campaign%20%7C%20Decipher%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&pageViewId=b6b261ba-d953-47fc-8fb3-f13cf659be72&v=1.1.21 Requested by Host: duo.com URL: https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-193.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 20 Jun 2024 20:29:31 GMT x-content-type-options nosniff last-modified Sat, 05 Jun 2021 07:56:05 GMT server nginx/1.14.0 (Ubuntu) etag "60bb2e15-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Thu, 20 Jun 2024 20:29:31 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 258 B	112ms 104ms	Image image/gif	2.17.100.193 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=839eaa5e959ad938f179bd0fe4450965&svisitor=null&visitor=7de91c72-bd11-4272-8020-67d4b9157256&session=e7c188b0-078d-45cc-87e9-3ef365bc38dc&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%22839eaa5e959ad938f179bd0fe4450965%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2020%20Jun%202024%2020%3A29%3A31%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2020%20Jun%202024%2020%3A29%3A31%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2020%20Jun%202024%2020%3A29%3A31%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Dutch%20Military%20Intelligence%20and%20Security%20Service%20said%20it%20has%20identified%20more%20than%2020%2C000%20FortiGate%20devices%20that%20have%20been%20compromised%20by%20a%20Chinese%20state-sponsored%20threat%20group.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Thousands%20of%20FortiGate%20Devices%20Compromised%20in%20Ongoing%20Campaign%20%7C%20Decipher%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&pageViewId=b6b261ba-d953-47fc-8fb3-f13cf659be72&v=1.1.21 Requested by Host: duo.com URL: https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-193.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 20 Jun 2024 20:29:31 GMT x-content-type-options nosniff last-modified Sat, 18 Feb 2023 01:45:17 GMT server nginx/1.14.0 (Ubuntu) etag "63f02dad-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Thu, 20 Jun 2024 20:29:31 GMT
GET H2	200	dest5.html cisco.demdex.net/ Frame 7C5F	0 0	186ms 29ms	Document text/html	54.72.172.22 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://cisco.demdex.net/dest5.html?d_nsid=0 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 54.72.172.22 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-54-72-172-22.eu-west-1.compute.amazonaws.com Software / Resource Hash Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers accept-ranges bytes cache-control no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private content-encoding gzip content-type text/html;charset=UTF-8 date Thu, 20 Jun 2024 20:29:31 GMT dcs dcs-prod-irl1-1-v061-0bf4e3509.edge-irl1.demdex.com 0 ms expires Thu, 01 Jan 1970 00:00:00 UTC last-modified Thu, 9 May 2024 11:56:06 GMT p3p policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT" pragma no-cache strict-transport-security max-age=31536000; includeSubDomains vary accept-encoding x-tid li0YQE9nT58=
GET H2	200	id Show response smetrics.cisco.com/	48 B 450 B	753ms 27ms	XHR application/x-javascript	63.140.62.222 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://smetrics.cisco.com/id?d_visid_ver=4.1.0&d_fieldgroup=A&mcorgid=B8D07FF4520E94C10A490D4C%40AdobeOrg&mid=19352461753431726180511620120588315202&ts=1718915371324 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 63.140.62.222 , United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-63-140-62-222.data.adobedc.net Software jag / Resource Hash 47422ddd22c56ee7861ed0feb3d53e6d8ee130a0c67d4ab6f4acb7a0130ff796 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-platform "Win32" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-Type application/x-www-form-urlencoded Response headers date Thu, 20 Jun 2024 20:29:32 GMT strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff server jag vary Origin content-type application/x-javascript;charset=utf-8 access-control-allow-origin https://duo.com p3p CP="This is not a P3P policy" cache-control no-cache, no-store, max-age=0, no-transform, private access-control-allow-credentials true content-length 48 x-xss-protection 1; mode=block
GET H/1.1	200 OK	svrGP.aspx s860818199.t.eloqua.com/visitor/v200/ Redirect Chain https://s860818199.t.eloqua.com/visitor/v200/svrGP?pps=3&siteid=860818199&ref2=elqNone&tzo=-60&ms=393&optin=disabled https://s860818199.t.eloqua.com/visitor/v200/svrGP.aspx?pps=3&siteid=860818199&ref2=elqNone&tzo=-60&ms=393&optin=disabled&elqCookie=1	49 B 448 B	138ms 138ms	Image image/gif	147.154.54.13 ORACLE-BMC-31898
General Check archive.org Show headers Download Go to Show image Full URL https://s860818199.t.eloqua.com/visitor/v200/svrGP.aspx?pps=3&siteid=860818199&ref2=elqNone&tzo=-60&ms=393&optin=disabled&elqCookie=1 Requested by Host: duo.com URL: https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Protocol HTTP/1.1 Server 147.154.54.13 Ashburn, United States, ASN31898 (ORACLE-BMC-31898, US), Reverse DNS Software / Resource Hash f1ccea6b7204d9f7913ab45e1afa51d79f83bd4f0319de937b0132e6e02b1aab Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains; preload Date Thu, 20 Jun 2024 20:29:31 GMT X-Content-Type-Options nosniff Content-Type image/gif P3P CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA", Cache-Control no-store X-Robots-Tag noindex, nofollow Content-Length 49 X-Xss-Protection 1; mode=block Expires -1 Redirect headers Pragma no-cache Strict-Transport-Security max-age=31536000; includeSubDomains; preload Date Thu, 20 Jun 2024 20:29:30 GMT X-Content-Type-Options nosniff Content-Type text/html; charset=utf-8 Location https://s860818199.t.eloqua.com/visitor/v200/svrGP.aspx?pps=3&siteid=860818199&ref2=elqNone&tzo=-60&ms=393&optin=disabled&elqCookie=1 P3P CP="IDC DSP COR DEVa TAIa OUR BUS PHY ONL UNI COM NAV CNT STA", Cache-Control no-store X-Robots-Tag noindex, nofollow Content-Length 274 X-Xss-Protection 1; mode=block Expires -1
GET H2	200	attribution_trigger Show response px.ads.linkedin.com/	2 B 813 B	209ms 132ms	XHR application/json	2620:1ec:21::14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://px.ads.linkedin.com/attribution_trigger?pid=7540%2C5425&time=1718915371394&url=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign Requested by Host: snap.licdn.com URL: https://snap.licdn.com/li.lms-analytics/insight.min.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Accept * Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 20 Jun 2024 20:29:31 GMT content-encoding gzip x-li-pop afd-prod-lva1-x x-msedge-ref Ref A: 4598D562A6E846ACB1C214F9D91AE575 Ref B: FRAEDGE1913 Ref C: 2024-06-20T20:29:31Z access-control-allow-methods GET, OPTIONS x-li-fabric prod-lva1 access-control-allow-origin * x-cache CONFIG_NOCACHE content-type application/json x-li-proto http/2 x-restli-protocol-version 1.0.0 access-control-allow-headers * x-li-uuid AAYbWCweU4FUOVNZunT7Nw== x-fs-uuid 00061b582c1e538154395359ba74fb37
GET H2	200	collect px4.ads.linkedin.com/ Redirect Chain https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7540%2C5425&time=1718915371394&url=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7540%2C5425&time=1718915371394&url=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&cookiesTest=true https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7540%252C5425%26time%3D1718915371394%26url%3Dhttps%253A%252F%252Fduo.com%252Fdeci... https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7540%2C5425&time=1718915371394&url=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&cookiesTest=t... https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=7540%2C5425&time=1718915371394&url=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&cookiesTest=...	0 265 B	142ms 109ms	Image application/javascript	13.107.42.14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Show image Full URL https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=7540%2C5425&time=1718915371394&url=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&cookiesTest=true&liSync=true&e_ipv6=AQLfbGCxH3Q8eQAAAZA3VxN_noTJRtVExwyt23syYAzqxH0Kw-c-m_PZcfDpudMGDi4ZddhG Requested by Host: duo.com URL: https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Protocol H2 Server 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 20 Jun 2024 20:29:31 GMT x-li-pop afd-prod-lva1-x x-msedge-ref Ref A: 174715D74E1D4E8D994E68299F56E096 Ref B: FRAEDGE2017 Ref C: 2024-06-20T20:29:31Z linkedin-action 1 x-cache CONFIG_NOCACHE content-type application/javascript x-li-fabric prod-lva1 x-li-proto http/2 content-length 0 x-li-uuid AAYbWCwmPQtZhGEoF71PMg== Redirect headers date Thu, 20 Jun 2024 20:29:31 GMT x-li-pop afd-prod-lva1-x x-msedge-ref Ref A: F12A0D3F0CCF46B89146BE9157A9721F Ref B: FRAEDGE1310 Ref C: 2024-06-20T20:29:31Z linkedin-action 1 x-cache CONFIG_NOCACHE x-li-fabric prod-lva1 location https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=7540%2C5425&time=1718915371394&url=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&cookiesTest=true&liSync=true&e_ipv6=AQLfbGCxH3Q8eQAAAZA3VxN_noTJRtVExwyt23syYAzqxH0Kw-c-m_PZcfDpudMGDi4ZddhG x-li-proto http/2 content-length 0 x-li-uuid AAYbWCwkBcE0tM3vhhgPPg==
GET H2	200	config Show response pixel-config.reddit.com/pixels/a2_f2fwx4occ2fv/	3 B 124 B	72ms 8ms	XHR application/json	151.101.65.140 FASTLY
General Check archive.org Show headers Download Go to Full URL https://pixel-config.reddit.com/pixels/a2_f2fwx4occ2fv/config Requested by Host: www.redditstatic.com URL: https://www.redditstatic.com/ads/pixel.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.65.140 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software / Resource Hash ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 20 Jun 2024 20:29:31 GMT content-encoding gzip via 1.1 varnish content-type application/json access-control-allow-origin * cache-control max-age=14400 accept-ranges bytes content-length 27
GET H2	200	a2_f2fwx4occ2fv_telemetry Show response www.redditstatic.com/ads/conversions-config/v1/pixel/config/	86 B 699 B	37ms 18ms	XHR application/json	2a04:4e42:200::396 FASTLY
General Check archive.org Show headers Download Go to Full URL https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/a2_f2fwx4occ2fv_telemetry Requested by Host: www.redditstatic.com URL: https://www.redditstatic.com/ads/pixel.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a04:4e42:200::396 , United States, ASN54113 (FASTLY, US), Reverse DNS Software snooserv / Resource Hash 45da241a91c843b268ada7481cdece1aa679f2720931effea28d83e1398d66a9 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 20 Jun 2024 20:29:31 GMT content-encoding gzip via 1.1 varnish nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02} server snooserv vary Accept-Encoding,Origin report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} content-type application/json access-control-allow-origin * cache-control max-age=300 accept-ranges bytes content-length 97
GET H2	200	rp.gif alb.reddit.com/	42 B 637 B	73ms 7ms	Image image/gif	151.101.1.140 FASTLY
General Check archive.org Show headers Download Go to Show image Full URL https://alb.reddit.com/rp.gif?ts=1718915371405&id=a2_f2fwx4occ2fv&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=1e5608a1-20e3-482f-821a-368642d441bf&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1600&sw=1200&v=rdt_e9773deb&dpm=&dpcc=&dprc= Requested by Host: duo.com URL: https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 151.101.1.140 San Francisco, United States, ASN54113 (FASTLY, US), Reverse DNS Software Varnish / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 20 Jun 2024 20:29:31 GMT via 1.1 varnish nel {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3} server Varnish report-to {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]} content-type image/gif cross-origin-resource-policy cross-origin accept-ranges bytes content-length 42 retry-after 0
GET H2	200	216127175396154 Show response connect.facebook.net/signals/config/	68 KB 14 KB	191ms 190ms	Script application/x-javascript	2a03:2880:f084:105:face:b00c:0:3 FACEBOOK
General Check archive.org Show headers Download Go to Full URL https://connect.facebook.net/signals/config/216127175396154?v=2.9.158&r=stable&domain=duo.com&hme=446fb981c8c3baeb03730fe3cbd404f7f15f64c693f24c7fe75da498bc2c95d8&ex_m=67%2C113%2C100%2C104%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C160%2C163%2C174%2C170%2C171%2C173%2C28%2C94%2C50%2C73%2C172%2C155%2C158%2C167%2C168%2C175%2C122%2C14%2C48%2C180%2C179%2C124%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C101%2C103%2C37%2C102%2C29%2C25%2C156%2C159%2C131%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C98%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C99%2C43%2C75%2C65%2C105%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C106 Requested by Host: connect.facebook.net URL: https://connect.facebook.net/en_US/fbevents.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f084:105:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash 8defc7f9ce12dd6c1e4727b7d96370cceb1b84b1e0efcef81f8b3dbf45c003e7 Security Headers Name Value Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; Strict-Transport-Security max-age=31536000; preload; includeSubDomains X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers content-security-policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; content-encoding gzip x-content-type-options nosniff strict-transport-security max-age=31536000; preload; includeSubDomains date Thu, 20 Jun 2024 20:29:31 GMT document-policy force-load-at-top cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-xss-protection 0 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality EXCELLENT; q=0.9, rtt=6, rtx=0, c=63, mss=1368, tbw=63575, tp=-1, tpl=-1, uplat=182, ullat=0 pragma public x-fb-debug 4sC8GB9SrA4iWi7wlvYmNhORKiyf/ZVswWYwC3frDtRmNJGncW/OvzmlH5cx6/jE7022iIGwr4H5LKnp8tVkCw== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type application/x-javascript; charset=utf-8 x-frame-options DENY origin-agent-cluster ?0 cache-control public, max-age=1200 permissions-policy accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy" timing-allow-origin * expires Sat, 01 Jan 2000 00:00:00 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 257 B	105ms 105ms	Image image/gif	2.17.100.193 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=839eaa5e959ad938f179bd0fe4450965&svisitor=null&visitor=7de91c72-bd11-4272-8020-67d4b9157256&session=e7c188b0-078d-45cc-87e9-3ef365bc38dc&event=ipv6&q=%7B%22address%22%3A%222a03%3A1b20%3A6%3Af011%3A%3A4e%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Dutch%20Military%20Intelligence%20and%20Security%20Service%20said%20it%20has%20identified%20more%20than%2020%2C000%20FortiGate%20devices%20that%20have%20been%20compromised%20by%20a%20Chinese%20state-sponsored%20threat%20group.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Thousands%20of%20FortiGate%20Devices%20Compromised%20in%20Ongoing%20Campaign%20%7C%20Decipher%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&pageViewId=b6b261ba-d953-47fc-8fb3-f13cf659be72&v=1.1.21 Requested by Host: duo.com URL: https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-193.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 20 Jun 2024 20:29:31 GMT x-content-type-options nosniff last-modified Fri, 21 Feb 2020 18:57:20 GMT server nginx/1.14.0 (Ubuntu) etag "5e502810-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Thu, 20 Jun 2024 20:29:31 GMT
GET H2	200	ipv cdn.bizible.com/	43 B 304 B	17ms 16ms	Image image/gif	152.195.15.58 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.bizible.com/ipv?_biz_r=&_biz_h=-1906410348&_biz_u=e0c7eaeabcb84e00c0fb44e0be619bac&_biz_l=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&_biz_t=1718915371475&_biz_i=Thousands%20of%20FortiGate%20Devices%20Compromised%20in%20Ongoing%20Campaign%20%7C%20Decipher&_biz_n=0&rnd=993465&cdn_o=a&_biz_z=1718915371475 Requested by Host: duo.com URL: https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.15.58 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/67BA) / Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSub Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 20 Jun 2024 20:29:31 GMT strict-transport-security max-age=31536000; includeSub last-modified Fri, 14 Jun 2024 21:15:25 GMT server ECS (frb/67BA) age 515646 x-cache HIT p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-type image/gif cache-control no-cache, no-store accept-ranges bytes content-length 43 expires -1
GET H2	200	u cdn.bizibly.com/	43 B 205 B	18ms 16ms	Image image/gif	152.195.15.58 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.bizibly.com/u?_biz_u=e0c7eaeabcb84e00c0fb44e0be619bac&_biz_l=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&_biz_t=1718915371478&_biz_i=Thousands%20of%20FortiGate%20Devices%20Compromised%20in%20Ongoing%20Campaign%20%7C%20Decipher&rnd=432063&cdn_o=a&_biz_z=1718915371478 Requested by Host: duo.com URL: https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.15.58 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/6752) / Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSub Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 20 Jun 2024 20:29:31 GMT strict-transport-security max-age=31536000; includeSub last-modified Fri, 14 Jun 2024 21:15:27 GMT server ECS (frb/6752) age 515644 x-cache HIT p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-type image/gif cache-control no-cache, no-store accept-ranges bytes content-length 43 expires -1
GET H2	200	xdframe-single-domain-1.2.0.html csxd.contentsquare.net/uxa/ Frame 650C	0 0	58ms 6ms	Document text/html	2600:9000:2057:1200:1b:ed91:4680:93a1 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://csxd.contentsquare.net/uxa/xdframe-single-domain-1.2.0.html?pid=5637 Requested by Host: t.contentsquare.net URL: https://t.contentsquare.net/uxa/ebdaa317731b0.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2600:9000:2057:1200:1b:ed91:4680:93a1 , United States, ASN16509 (AMAZON-02, US), Reverse DNS Software AmazonS3 / Resource Hash Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers age 13426278 cache-control max-age=31536000 content-encoding gzip content-type text/html date Wed, 17 Jan 2024 10:58:14 GMT etag W/"17303eed7f8afe41b1523ca58723426b" last-modified Fri, 04 Aug 2023 17:04:45 GMT server AmazonS3 vary Accept-Encoding via 1.1 d5fb859c39a16d7f218b4c7fb1528ad6.cloudfront.net (CloudFront) x-amz-cf-id FvSRkQQ07v_EtPXMX5oX7BewsSpcskkE8-W9x78gYcubhnguzFy6YQ== x-amz-cf-pop FRA6-C1 x-amz-server-side-encryption AES256 x-amz-version-id null x-cache Hit from cloudfront
GET BLOB	200 OK	0797eb39-e5a0-4eb6-8645-caa835de4520 https://duo.com/	7 KB 0		Other application/javascript
General Check archive.org Show headers Download Go to Full URL blob:https://duo.com/0797eb39-e5a0-4eb6-8645-caa835de4520 Requested by Host: duo.com URL: https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Protocol BLOB Server -, , ASN (), Reverse DNS Software / Resource Hash 667f05c2f877b45578f807319b969b19f69763d3138f457ba5609b52ffecbfa6 Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers Content-Length 7329 Content-Type application/javascript
GET H2	200	main.MTU0NDc1MDUxNA.js Show response analytics.tiktok.com/i18n/pixel/static/	347 KB 100 KB	13ms 12ms	Script application/javascript	23.36.162.201 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js Requested by Host: analytics.tiktok.com URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CKAV1QJC77U2JMMIPBFG&lib=ttq Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.36.162.201 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-36-162-201.deploy.static.akamaitechnologies.com Software nginx / Resource Hash dcc03e67388fc47df733e0933ecb66bce3915b494a7ab920776ebbbfbebde84a Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-akamai-request-id 66171ed date Thu, 20 Jun 2024 20:29:31 GMT content-encoding gzip x-tt-trace-tag id=16;cdn-cache=hit;type=static server nginx x-tt-logid 20240620151402A5CA3725F4FA4E61A6DD x-tt-trace-id 00-240620151402A5CA3725F4FA4E61A6DD-2DBF3952BE63CDC9-00 vary Accept-Encoding x-cache TCP_MEM_HIT from a23-206-213-201.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-) content-type application/javascript; charset=UTF-8 cache-control public, max-age=31536000, immutable x-tt-trace-host 012a2f6a11d228609e3b9495443fb59edacee96a881cbcbab559b974cfb2a511f10ca80e661fb4b433247affd799c73add43808402b511c4d5a1acf7d9d3f1954ceda7498fb1ec161587f1d729260d1594e2c181b571d46b9b598d55873670376a server-timing cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=17 content-length 101454
GET H2	200	js Show response www.googletagmanager.com/gtag/	300 KB 101 KB	71ms 68ms	Script application/javascript	2a00:1450:4001:80b::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-95Z7P6PE75&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D&l=dataLayer Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 9f457352fc2a14be7a9fa465b665ce6b47027708d4c40a7f6d5580e7831b10ee Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 20 Jun 2024 20:29:31 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 103658 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Thu, 20 Jun 2024 20:29:31 GMT
GET H2	200	js Show response www.googletagmanager.com/gtag/	310 KB 104 KB	91ms 89ms	Script application/javascript	2a00:1450:4001:80b::2008 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.googletagmanager.com/gtag/js?id=G-KP8QEFW4ML&l=dataLayer&cx=c Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D&l=dataLayer Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:80b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Google Tag Manager / Resource Hash 961c607b4b92a684668f58def6aef0aee40dbc84e619ccb4e52c8dc2c572c2ac Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 20 Jun 2024 20:29:31 GMT content-encoding br strict-transport-security max-age=31536000; includeSubDomains server Google Tag Manager vary Accept-Encoding content-type application/javascript; charset=UTF-8 access-control-allow-origin * cache-control private, max-age=900 access-control-allow-credentials true cross-origin-resource-policy cross-origin access-control-allow-headers Cache-Control content-length 106278 x-xss-protection 0 alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 expires Thu, 20 Jun 2024 20:29:31 GMT
GET H2	200	analytics.js Show response www.google-analytics.com/	52 KB 21 KB	242ms 35ms	Script text/javascript	2a00:1450:4001:812::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/analytics.js Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtm.js?id=GTM-MFPB9D&l=dataLayer Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers strict-transport-security max-age=31536000; includeSubDomains; preload content-encoding gzip x-content-type-options nosniff date Thu, 20 Jun 2024 19:41:03 GMT last-modified Tue, 12 Dec 2023 18:09:08 GMT server Golfe2 age 2908 vary Accept-Encoding content-type text/javascript cache-control public, max-age=7200 cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 20994 expires Thu, 20 Jun 2024 21:41:03 GMT
GET H2	200	web-vitals.iife.js Show response unpkg.com/web-vitals@4.1.1/dist/ Redirect Chain https://unpkg.com/web-vitals https://unpkg.com/web-vitals@4.1.1 https://unpkg.com/web-vitals@4.1.1/dist/web-vitals.iife.js	7 KB 3 KB	21ms 20ms	Script application/javascript	2606:4700::6811:f6cb CLOUDFLARENET
General Check archive.org Show headers Download Go to Full URL https://unpkg.com/web-vitals@4.1.1/dist/web-vitals.iife.js Requested by Host: duo.com URL: https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Protocol H2 Server 2606:4700::6811:f6cb , United States, ASN13335 (CLOUDFLARENET, US), Reverse DNS Software cloudflare / Resource Hash adf7f9b0dd938575c72ff1592ea18e7ab9bc53ff8838a38c8484c10f5d9be7fd Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Response headers date Thu, 20 Jun 2024 20:29:31 GMT content-encoding br via 1.1 fly.io cf-cache-status HIT x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains; preload age 841207 last-modified Sat, 26 Oct 1985 08:15:00 GMT fly-request-id 01J02K6H2G2F2K00RVSZHRGF92-fra server cloudflare etag "1c0c-hOpjVE2mSiNVJWsLrpc64ergTOY" vary Accept-Encoding content-type application/javascript; charset=utf-8 access-control-allow-origin * cache-control public, max-age=31536000 cf-ray 896e82f13fa21951-FRA Redirect headers date Thu, 20 Jun 2024 20:29:31 GMT content-encoding br via 1.1 fly.io cf-cache-status HIT fly-request-id 01J02S0ABTMY2C2TJB7T40NS8Z-fra x-content-type-options nosniff strict-transport-security max-age=31536000; includeSubDomains; preload age 835119 server cloudflare vary Accept, Accept-Encoding content-type text/plain; charset=utf-8 access-control-allow-origin * location /web-vitals@4.1.1/dist/web-vitals.iife.js cache-control public, max-age=31536000 cf-ray 896e82f0cf051951-FRA
GET H2	200	xdc.js Show response cdn.bizible.com/	116 B 321 B	124ms 124ms	Script text/javascript	152.195.15.58 EDGECAST
General Check archive.org Show headers Download Go to Full URL https://cdn.bizible.com/xdc.js?_biz_u=e0c7eaeabcb84e00c0fb44e0be619bac&_biz_h=-1906410348&cdn_o=a&jsVer=4.24.06.13 Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=duo.com Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.15.58 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/6711) / Resource Hash ec2b8e548eecce3145766558db772a29ed54a5e411a6848532e740850a630e7f Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSub Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Thu, 20 Jun 2024 20:29:31 GMT content-encoding gzip strict-transport-security max-age=31536000; includeSub server ECS (frb/6711) etag 6835A4AB vary Accept-Encoding p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-type text/javascript; charset=utf-8 cache-control private, must-revalidate, max-age=21600 content-length 214
GET H2	200	u cdn.bizible.com/	43 B 86 B	16ms 16ms	Image image/gif	152.195.15.58 EDGECAST
General Check archive.org Show headers Download Go to Show image Full URL https://cdn.bizible.com/u?mapType=ecid&mapValue=B8D07FF4520E94C10A490D4C%40AdobeOrg_19352461753431726180511620120588315202&_biz_u=e0c7eaeabcb84e00c0fb44e0be619bac&_biz_l=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&_biz_t=1718915371479&_biz_i=Thousands%20of%20FortiGate%20Devices%20Compromised%20in%20Ongoing%20Campaign%20%7C%20Decipher&_biz_n=1&rnd=118880&cdn_o=a&_biz_z=1718915371595 Requested by Host: duo.com URL: https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Protocol H2 Security TLS 1.3, , AES_256_GCM Server 152.195.15.58 , United States, ASN15133 (EDGECAST, US), Reverse DNS Software ECS (frb/6752) / Resource Hash afe0dcfca292a0fae8bce08a48c14d3e59c9d82c6052ab6d48a22ecc6c48f277 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSub Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 20 Jun 2024 20:29:31 GMT strict-transport-security max-age=31536000; includeSub last-modified Fri, 14 Jun 2024 21:15:27 GMT server ECS (frb/6752) age 515644 x-cache HIT p3p CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT" content-type image/gif cache-control no-cache, no-store accept-ranges bytes content-length 43 expires -1
GET H2	204	pageview c.contentsquare.net/	0 320 B	159ms 29ms	Image text/plain	52.212.62.146 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://c.contentsquare.net/pageview?ex=&dt=54&pvt=n&la=de-DE&uc=0&url=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&dr=&dw=1600&dh=3132&ww=1600&wh=1200&sw=1600&sh=1200&uu=d5cf98be-34b8-a6c5-8d08-6007d01f5fba&sn=1&hd=1718915371&v=14.19.1&pid=5637&pn=1&r=201236 Requested by Host: duo.com URL: https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.212.62.146 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-212-62-146.eu-west-1.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 20 Jun 2024 20:29:31 GMT access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin * cache-control no-cache, no-store, must-revalidate, pre-check=0, post-check=0 content-disposition inline timing-allow-origin * access-control-allow-headers Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With expires Sun, 24 Oct 1982 23:00:00 GMT
GET H2	200	identify_ce1d8843.js Show response analytics.tiktok.com/i18n/pixel/static/	146 KB 39 KB	39ms 39ms	Script application/javascript	23.36.162.201 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://analytics.tiktok.com/i18n/pixel/static/identify_ce1d8843.js Requested by Host: analytics.tiktok.com URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.36.162.201 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-36-162-201.deploy.static.akamaitechnologies.com Software nginx / Resource Hash d891e16dbaf81b89f017b6516afdeffe602f8df1d5e269429e7b6eaf63726a03 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-akamai-request-id 66173a4 date Thu, 20 Jun 2024 20:29:31 GMT content-encoding gzip x-tt-trace-tag id=16;cdn-cache=hit;type=static server nginx x-tt-logid 20240521140000FC83D93A8071F83FC8C4 x-tt-trace-id 00-240521140000FC83D93A8071F83FC8C4-07B747694DA357C2-00 vary Accept-Encoding x-cache TCP_MEM_HIT from a23-206-213-201.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-) content-type application/javascript; charset=UTF-8 cache-control public, max-age=31536000, immutable x-tt-trace-host 01c0bc22f0d6a99735a11542c2c1290b858ae580b5fc9af04e6ca4cdd2e7de63d34bff34b4b4a32bf4399578b9d92fec54e12a54e34286c4defbdfdba97f64e3a3cec6ee4bf3e847d4bf0a7040eae1e476b80eb90046cce469583e3af9f490f6f1 server-timing cdn-cache; desc=HIT, edge; dur=1, origin; dur=0, inner; dur=3 content-length 39835
POST H2	200	monitor analytics.tiktok.com/api/v2/	0 842 B	156ms 154ms	Ping text/plain	23.36.162.201 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://analytics.tiktok.com/api/v2/monitor Requested by Host: analytics.tiktok.com URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.36.162.201 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-36-162-201.deploy.static.akamaitechnologies.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-platform "Win32" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers x-akamai-request-id 27d76ec5.66173a5 date Thu, 20 Jun 2024 20:29:31 GMT x-tt-trace-tag id=16;cdn-cache=miss;type=dyn x-tt-trace-id 00-240620202931B972056F8F93119FBFDF-6E946E273C71C984-00 x-cache TCP_MISS from a23-206-213-201.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-) x-parent-response-time 118,23.206.213.201 server-timing cdn-cache; desc=MISS, edge; dur=97, origin; dur=29, inner; dur=25 content-length 0 pragma no-cache server nginx x-tt-logid 20240620202931B972056F8F93119FBFDF x-cache-remote TCP_MISS from a23-48-200-42.deploy.akamaitechnologies.com (AkamaiGHost/11.5.2-56372494) (-) access-control-allow-methods GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE access-control-allow-origin * cache-control max-age=0, no-cache, no-store x-origin-response-time 29,23.48.200.42 x-tt-trace-host 0182666b72bd0f36c7404233a29f25a793e223d45ce8b92844e812699831e7d2a02282ad43fffacff1ce3e1c6b85a07d84667b55d33167e6a0b919c3b639783c52d35c031e42a9f604dc71d864428570a0390e36fc1c65df0454434ef5457a2a9c49e9e628936e8a1c51a325a3974ea643 access-control-allow-headers Authorization,* expires Thu, 20 Jun 2024 20:29:31 GMT
POST H2	200	monitor analytics.tiktok.com/api/v2/	0 844 B	215ms 213ms	Ping text/plain	23.36.162.201 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://analytics.tiktok.com/api/v2/monitor Requested by Host: analytics.tiktok.com URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.36.162.201 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-36-162-201.deploy.static.akamaitechnologies.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-platform "Win32" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers x-akamai-request-id 110bad4.66173a6 date Thu, 20 Jun 2024 20:29:31 GMT x-tt-trace-tag id=16;cdn-cache=miss;type=dyn x-tt-trace-id 00-240620202931D1AD2D3D00C6BF9D8D63-1167CE1F31A98647-00 x-cache TCP_MISS from a23-206-213-201.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-) x-parent-response-time 163,23.206.213.201 server-timing cdn-cache; desc=MISS, edge; dur=136, origin; dur=36, inner; dur=11 content-length 0 pragma no-cache server nginx x-tt-logid 20240620202931D1AD2D3D00C6BF9D8D63 x-cache-remote TCP_MISS from a184-28-190-54.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-) access-control-allow-methods GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE access-control-allow-origin * cache-control max-age=0, no-cache, no-store x-origin-response-time 37,184.28.190.54 x-tt-trace-host 0182666b72bd0f36c7404233a29f25a793e223d45ce8b92844e812699831e7d2a0c69372b9852fbb9754050a7d6873ce5633164e24f2720a3868e27905931d766d16027e21a8971799df52a5798f4b97113a9019df4850542cb02680d99c01516eb4e617ffa2e7d9b29cf1223bbe269243 access-control-allow-headers Authorization,* expires Thu, 20 Jun 2024 20:29:31 GMT
POST H2	200	monitor analytics.tiktok.com/api/v2/	0 842 B	137ms 136ms	Ping text/plain	23.36.162.201 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://analytics.tiktok.com/api/v2/monitor Requested by Host: analytics.tiktok.com URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.36.162.201 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-36-162-201.deploy.static.akamaitechnologies.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-platform "Win32" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers x-akamai-request-id 15d9884f.66173a7 date Thu, 20 Jun 2024 20:29:31 GMT x-tt-trace-tag id=16;cdn-cache=miss;type=dyn x-tt-trace-id 00-240620202931D1BD7FA33E772D80E230-0964757E285F7185-00 x-cache TCP_MISS from a23-206-213-201.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-) x-parent-response-time 102,23.206.213.201 server-timing cdn-cache; desc=MISS, edge; dur=95, origin; dur=15, inner; dur=12 content-length 0 pragma no-cache server nginx x-tt-logid 20240620202931D1BD7FA33E772D80E230 x-cache-remote TCP_MISS from a23-48-200-209.deploy.akamaitechnologies.com (AkamaiGHost/11.5.2-56372494) (-) access-control-allow-methods GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE access-control-allow-origin * cache-control max-age=0, no-cache, no-store x-origin-response-time 15,23.48.200.209 x-tt-trace-host 0182666b72bd0f36c7404233a29f25a793e223d45ce8b92844e812699831e7d2a0beeb0aabc47cbbda1e4ee9d9defc3ce9c021ea4316350e9e9ce93c41d29f39e4a94db5b5f02e92b775b3a906069be74daaa42d58df8fc00efc0bdc741dc12c6ca435ee369ae31725df6e52e1b8c71a9d access-control-allow-headers Authorization,* expires Thu, 20 Jun 2024 20:29:31 GMT
POST H2	200	monitor analytics.tiktok.com/api/v2/	0 845 B	237ms 236ms	Ping text/plain	23.36.162.201 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://analytics.tiktok.com/api/v2/monitor Requested by Host: analytics.tiktok.com URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.36.162.201 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-36-162-201.deploy.static.akamaitechnologies.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-platform "Win32" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers x-akamai-request-id 4a7ab05.66173a8 date Thu, 20 Jun 2024 20:29:31 GMT x-tt-trace-tag id=16;cdn-cache=miss;type=dyn x-tt-trace-id 00-2406202029319B8F1FDD9816DF7C23D9-322EEBF5068469D5-00 x-cache TCP_MISS from a23-206-213-201.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-) x-parent-response-time 196,23.206.213.201 server-timing cdn-cache; desc=MISS, edge; dur=110, origin; dur=100, inner; dur=92 content-length 0 pragma no-cache server nginx x-tt-logid 202406202029319B8F1FDD9816DF7C23D9 x-cache-remote TCP_MISS from a23-220-105-70.deploy.akamaitechnologies.com (AkamaiGHost/11.5.2-56372494) (-) access-control-allow-methods GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE access-control-allow-origin * cache-control max-age=0, no-cache, no-store x-origin-response-time 100,23.220.105.70 x-tt-trace-host 0182666b72bd0f36c7404233a29f25a793e223d45ce8b92844e812699831e7d2a0e00775cb434f7d55e43addf7cfa3274103c899af6502008a4cf0a43b85ff7cc0556b2a12ef6ddb598fe58f666d56869339e754c13b6ce0b270c82458ffa82982bbe709233db224928f52697877c812d0 access-control-allow-headers Authorization,* expires Thu, 20 Jun 2024 20:29:31 GMT
POST H2	200	monitor analytics.tiktok.com/api/v2/	0 842 B	155ms 154ms	Ping text/plain	23.36.162.201 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://analytics.tiktok.com/api/v2/monitor Requested by Host: analytics.tiktok.com URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.36.162.201 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-36-162-201.deploy.static.akamaitechnologies.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-platform "Win32" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers x-akamai-request-id 4e09623.66173a9 date Thu, 20 Jun 2024 20:29:31 GMT x-tt-trace-tag id=16;cdn-cache=miss;type=dyn x-tt-trace-id 00-240620202931B824AAFAEDD78BA3E123-00282E1BE0A35C7B-00 x-cache TCP_MISS from a23-206-213-201.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-) x-parent-response-time 115,23.206.213.201 server-timing cdn-cache; desc=MISS, edge; dur=111, origin; dur=22, inner; dur=12 content-length 0 pragma no-cache server nginx x-tt-logid 20240620202931B824AAFAEDD78BA3E123 x-cache-remote TCP_MISS from a23-208-166-73.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-) access-control-allow-methods GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE access-control-allow-origin * cache-control max-age=0, no-cache, no-store x-origin-response-time 22,23.208.166.73 x-tt-trace-host 0182666b72bd0f36c7404233a29f25a793e223d45ce8b92844e812699831e7d2a034d418ff7a3c2a1d4c8e0671cc70e1e0bfa383d3f638dbf386f222ca14aa9f1070a8aa5d06019447a32a8eabe1246a6eacd3051d06fb9ec6ab05f7954f1201341ace0adb4b499bc9ac739555a5c44821 access-control-allow-headers Authorization,* expires Thu, 20 Jun 2024 20:29:31 GMT
POST H2	200	monitor analytics.tiktok.com/api/v2/	0 842 B	168ms 167ms	Ping text/plain	23.36.162.201 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://analytics.tiktok.com/api/v2/monitor Requested by Host: analytics.tiktok.com URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.36.162.201 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-36-162-201.deploy.static.akamaitechnologies.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-platform "Win32" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers x-akamai-request-id 163bd07b.66173aa date Thu, 20 Jun 2024 20:29:31 GMT x-tt-trace-tag id=16;cdn-cache=miss;type=dyn x-tt-trace-id 00-2406202029311E9AC83C90B0A5A2E32F-7DE910B2C5853BFE-00 x-cache TCP_MISS from a23-206-213-201.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-) x-parent-response-time 127,23.206.213.201 server-timing cdn-cache; desc=MISS, edge; dur=119, origin; dur=26, inner; dur=16 content-length 0 pragma no-cache server nginx x-tt-logid 202406202029311E9AC83C90B0A5A2E32F x-cache-remote TCP_MISS from a184-28-190-7.deploy.akamaitechnologies.com (AkamaiGHost/11.5.2-56372494) (-) access-control-allow-methods GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE access-control-allow-origin * cache-control max-age=0, no-cache, no-store x-origin-response-time 26,184.28.190.7 x-tt-trace-host 0182666b72bd0f36c7404233a29f25a793e223d45ce8b92844e812699831e7d2a03964806ee6237744a69ed90c2e236b30e73bc7940051fca74fff02979309eb33dd0587f67a0153152dc3f7d1bbe3dd7c1d2e2df788aee4da45f704f8b3ea569230d77c5f16c16398ffcc4a20eae43f76 access-control-allow-headers Authorization,* expires Thu, 20 Jun 2024 20:29:31 GMT
POST H2	200	monitor analytics.tiktok.com/api/v2/	0 842 B	174ms 173ms	Ping text/plain	23.36.162.201 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://analytics.tiktok.com/api/v2/monitor Requested by Host: analytics.tiktok.com URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.36.162.201 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-36-162-201.deploy.static.akamaitechnologies.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-platform "Win32" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers x-akamai-request-id 9ab0441.66173d0 date Thu, 20 Jun 2024 20:29:31 GMT x-tt-trace-tag id=16;cdn-cache=miss;type=dyn x-tt-trace-id 00-240620202931FE7565BA9849F1A36BE4-69BD9EA157D38419-00 x-cache TCP_MISS from a23-206-213-201.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-) x-parent-response-time 136,23.206.213.201 server-timing cdn-cache; desc=MISS, edge; dur=92, origin; dur=50, inner; dur=21 content-length 0 pragma no-cache server nginx x-tt-logid 20240620202931FE7565BA9849F1A36BE4 x-cache-remote TCP_MISS from a184-28-190-47.deploy.akamaitechnologies.com (AkamaiGHost/11.5.2-56372494) (-) access-control-allow-methods GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE access-control-allow-origin * cache-control max-age=0, no-cache, no-store x-origin-response-time 50,184.28.190.47 x-tt-trace-host 0182666b72bd0f36c7404233a29f25a793e223d45ce8b92844e812699831e7d2a0fca3e473c059fca40629f260fbd7f23f6f2a47120ce50a69040c0ae21abc89c42b3e45a58d7b9cbef3e12cc597c4d12da32deaf508b5e732b91b3be7cd33c108752dd9a7d3048f6925b465a0a1bc407c access-control-allow-headers Authorization,* expires Thu, 20 Jun 2024 20:29:31 GMT
POST H2	200	pixel analytics.tiktok.com/api/v2/	0 845 B	187ms 187ms	Ping text/plain	23.36.162.201 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://analytics.tiktok.com/api/v2/pixel Requested by Host: analytics.tiktok.com URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.36.162.201 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-36-162-201.deploy.static.akamaitechnologies.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-platform "Win32" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers x-akamai-request-id 110807d.66173d1 date Thu, 20 Jun 2024 20:29:31 GMT x-tt-trace-tag id=16;cdn-cache=miss;type=dyn x-tt-trace-id 00-2406202029315271711F146CCCA7EC83-26E859EFDEC87A41-00 x-cache TCP_MISS from a23-206-213-201.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-) x-parent-response-time 147,23.206.213.201 server-timing cdn-cache; desc=MISS, edge; dur=114, origin; dur=43, inner; dur=30 content-length 0 pragma no-cache server nginx x-tt-logid 202406202029315271711F146CCCA7EC83 x-cache-remote TCP_MISS from a184-28-190-54.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-) access-control-allow-methods GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE access-control-allow-origin * cache-control max-age=0, no-cache, no-store x-origin-response-time 43,184.28.190.54 x-tt-trace-host 0182666b72bd0f36c7404233a29f25a793e223d45ce8b92844e812699831e7d2a0c69372b9852fbb9754050a7d6873ce569d682c7c175334739cee99e8d5244b5391f36c13bfeabc9938d6802d7ed3aae140dca8f9a73cc1f407f305e92d846643e6d6743fcaba516e2c8b238d2677d02b access-control-allow-headers Authorization,* expires Thu, 20 Jun 2024 20:29:31 GMT
GET H2	204	dvar c.contentsquare.net/	0 319 B	83ms 30ms	Image text/plain	52.212.62.146 AMAZON-02
General Check archive.org Show headers Download Go to Show image Full URL https://c.contentsquare.net/dvar?v=14.19.1&pid=5637&pn=1&sn=1&uu=d5cf98be-34b8-a6c5-8d08-6007d01f5fba&dv=H4sIAAAAAAAAA6tWSi72TSxJzsjMS%2FdOrVSyUjLQMzY2NzI1MDUwNDayNDE0M403NDe0sDQ0NTY3NDa2UKoFAK2R%2FH40AAAA&ct=2&r=384609 Requested by Host: duo.com URL: https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.212.62.146 Dublin, Ireland, ASN16509 (AMAZON-02, US), Reverse DNS ec2-52-212-62-146.eu-west-1.compute.amazonaws.com Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 20 Jun 2024 20:29:31 GMT access-control-allow-methods GET, POST, OPTIONS access-control-allow-origin * cache-control no-cache, no-store, must-revalidate, pre-check=0, post-check=0 content-disposition inline timing-allow-origin * access-control-allow-headers Access-Control-Expose-Headers, Content-Type, Content-Compression, X-Requested-With expires Sun, 24 Oct 1982 23:00:00 GMT
GET H2	200	/ www.facebook.com/tr/	0 273 B	30ms 7ms	Image text/plain	2a03:2880:f177:185:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/tr/?id=216127175396154&ev=PageView&dl=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&rl=&if=false&ts=1718915371722&sw=1600&sh=1200&v=2.9.158&r=stable&a=tmtealium&ec=0&o=4126&fbp=fb.1.1718915371720.682197572506964361&cs_est=true&ler=empty&cdl=API_unavailable&it=1718915371420&coo=false&eid=4709f17167dde427c647c4597d372afb&tm=1&rqm=GET Requested by Host: duo.com URL: https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software proxygen-bolt / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-fb-connection-quality EXCELLENT; q=0.9, rtt=5, rtx=0, c=10, mss=1368, tbw=2800, tp=-1, tpl=-1, uplat=0, ullat=0 strict-transport-security max-age=31536000; includeSubDomains date Thu, 20 Jun 2024 20:29:31 GMT server proxygen-bolt content-type text/plain access-control-allow-origin access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 content-length 0
GET H2	200	/ www.facebook.com/privacy_sandbox/pixel/register/trigger/	67 B 4 KB	213ms 191ms	Image image/png	2a03:2880:f177:185:face:b00c:0:25de FACEBOOK
General Check archive.org Show headers Download Go to Show image Full URL https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=216127175396154&ev=PageView&dl=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&rl=&if=false&ts=1718915371722&sw=1600&sh=1200&v=2.9.158&r=stable&a=tmtealium&ec=0&o=4126&fbp=fb.1.1718915371720.682197572506964361&cs_est=true&ler=empty&cdl=API_unavailable&it=1718915371420&coo=false&eid=4709f17167dde427c647c4597d372afb&tm=1&rqm=FGET Requested by Host: duo.com URL: https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a03:2880:f177:185:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US), Reverse DNS Software / Resource Hash aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a Security Headers Name Value Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; Strict-Transport-Security max-age=15552000; preload X-Content-Type-Options nosniff X-Frame-Options DENY X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers attribution-reporting-register-trigger {"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x7853f27e329db82e","source_keys":["1","2"]},{"key_piece":"0x141d9cd52e9c817c","source_keys":["1","2"]}],"aggregatable_values":{"1":1}} content-encoding zstd x-content-type-options nosniff content-security-policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests; strict-transport-security max-age=15552000; preload document-policy force-load-at-top date Thu, 20 Jun 2024 20:29:31 GMT cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=86400 x-xss-protection 0 reporting-endpoints coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7382685303389382510", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" x-fb-connection-quality EXCELLENT; q=0.9, rtt=5, rtx=0, c=12, mss=1368, tbw=3117, tp=-1, tpl=-1, uplat=183, ullat=0 pragma no-cache x-fb-debug 87ZGvlunj+b+YJZvp0yigZV9yUi3FIxtdQclqbIs958fr48+cf80TboLHP3q36+iVVHpFWH3WxZAabnsNS099g== cross-origin-embedder-policy-report-only require-corp;report-to="coep_report" cross-origin-opener-policy same-origin-allow-popups;report-to="coop_report" vary Accept-Encoding report-to {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7382685303389382510"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} content-type image/png x-frame-options DENY origin-agent-cluster ?0 cache-control private, no-store, no-cache, must-revalidate permissions-policy accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy" expires Sat, 01 Jan 2000 00:00:00 GMT
POST H2	204	collect region1.analytics.google.com/g/	0 0	66ms 18ms	Fetch text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.analytics.google.com/g/collect?v=2&tid=G-95Z7P6PE75&gtm=45je46j0v884482885z871885818za200zb71885818&_p=1718915371193&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&cid=1224150143.1718915372&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.114%7CGoogle%2520Chrome%3B126.0.6478.114&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1718915371&sct=1&seg=0&dl=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&dt=Thousands%20of%20FortiGate%20Devices%20Compromised%20in%20Ongoing%20Campaign%20%7C%20Decipher&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=2189&_z=fetch Requested by Host: analytics.tiktok.com URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 20 Jun 2024 20:29:31 GMT server Golfe2 content-type text/plain access-control-allow-origin https://duo.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect stats.g.doubleclick.net/g/	0 45 B	173ms 20ms	Ping text/plain	2a00:1450:400c:c0a::9d GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/g/collect?v=2&tid=G-95Z7P6PE75&cid=1224150143.1718915372&gtm=45je46j0v884482885z871885818za200zb71885818&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-95Z7P6PE75&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c0a::9d Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 20 Jun 2024 20:29:31 GMT server Golfe2 content-type text/plain access-control-allow-origin https://duo.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	ga-audiences www.google.de/ads/	42 B 63 B	238ms 86ms	Image image/gif	142.250.184.195 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-95Z7P6PE75&cid=1224150143.1718915372&gtm=45je46j0v884482885z871885818za200zb71885818&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=1277357620 Requested by Host: duo.com URL: https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.184.195 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s11-in-f3.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 20 Jun 2024 20:29:31 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect region1.analytics.google.com/g/	0 54 B	19ms 18ms	Ping text/plain	2001:4860:4802:32::36 GOOGLE
General Check archive.org Show headers Download Go to Full URL https://region1.analytics.google.com/g/collect?v=2&tid=G-KP8QEFW4ML&gtm=45je46j0v880413333z871885818za200zb71885818&_p=1718915371193&_gaz=1&gcd=13l3lPl2l1&npa=1&dma_cps=sypham&dma=1&tag_exp=0&cid=1224150143.1718915372&ul=de-de&sr=1600x1200&uaa=x86&uab=64&uafvl=Not%252FA)Brand%3B8.0.0.0%7CChromium%3B126.0.6478.114%7CGoogle%2520Chrome%3B126.0.6478.114&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1718915371&sct=1&seg=0&dl=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&dt=Thousands%20of%20FortiGate%20Devices%20Compromised%20in%20Ongoing%20Campaign%20%7C%20Decipher&en=page_view&_fv=1&_ss=1&tfd=2251&_z=sendBeacon Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-KP8QEFW4ML&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 20 Jun 2024 20:29:31 GMT server Golfe2 content-type text/plain access-control-allow-origin https://duo.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	204	collect stats.g.doubleclick.net/g/	0 56 B	115ms 19ms	Ping text/plain	2a00:1450:400c:c0a::9d GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/g/collect?v=2&tid=G-KP8QEFW4ML&cid=1224150143.1718915372&gtm=45je46j0v880413333z871885818za200zb71885818&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0 Requested by Host: www.googletagmanager.com URL: https://www.googletagmanager.com/gtag/js?id=G-KP8QEFW4ML&l=dataLayer&cx=c Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c0a::9d Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 20 Jun 2024 20:29:31 GMT server Golfe2 content-type text/plain access-control-allow-origin https://duo.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H3	200	ga-audiences www.google.de/ads/	42 B 63 B	153ms 59ms	Image image/gif	142.250.184.195 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-KP8QEFW4ML&cid=1224150143.1718915372&gtm=45je46j0v880413333z871885818za200zb71885818&aip=1&dma=1&dma_cps=sypham&gcd=13l3lPl2l1&npa=1&frm=0&z=532683463 Requested by Host: duo.com URL: https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Protocol H3 Security QUIC, , AES_128_GCM Server 142.250.184.195 , United States, ASN15169 (GOOGLE, US), Reverse DNS fra24s11-in-f3.1e100.net Software cafe / Resource Hash ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629 Security Headers Name Value X-Content-Type-Options nosniff X-Xss-Protection 0 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 20 Jun 2024 20:29:31 GMT x-content-type-options nosniff server cafe content-type image/gif p3p policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC" cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin timing-allow-origin * alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 42 x-xss-protection 0 expires Fri, 01 Jan 1990 00:00:00 GMT
GET		aat ara.paa-reporting-advertising.amazon/	0 0
GET H/1.1	200 OK	messenger app.qualified.com/w/1/QZjwGwGpcBiwkfRA/ Frame 64C9	0 0	359ms 119ms	Document text/html	52.55.66.38 AMAZON-AES
General Check archive.org Show headers Download Go to Full URL https://app.qualified.com/w/1/QZjwGwGpcBiwkfRA/messenger?uuid=c64842fd-43bf-4b9b-a3b7-434668969826 Requested by Host: js.qualified.com URL: https://js.qualified.com/qualified.js?token=QZjwGwGpcBiwkfRA&utv=ut4.51.202405311220 Protocol HTTP/1.1 Security TLS 1.3, , AES_128_GCM Server 52.55.66.38 Ashburn, United States, ASN14618 (AMAZON-AES, US), Reverse DNS ec2-52-55-66-38.compute-1.amazonaws.com Software / Resource Hash Security Headers Name Value Content-Security-Policy Strict-Transport-Security max-age=63072000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers Cache-Control max-age=0, private, must-revalidate Content-Encoding gzip Content-Security-Policy Content-Type text/html; charset=utf-8 Date Thu, 20 Jun 2024 20:29:32 GMT Etag W/"dcadcb247b211b1427797b47037cc570" Link <https://assets.qualified.com/packs/css/vendors~widget/sandboxed/messenger-94e6eccc.chunk.css>; rel=preload; as=style; nopush,<https://assets.qualified.com/packs/css/widget/sandboxed/messenger-ea37ea0f.chunk.css>; rel=preload; as=style; nopush Referrer-Policy strict-origin-when-cross-origin Strict-Transport-Security max-age=63072000; includeSubDomains Transfer-Encoding chunked Vary Accept-Encoding Via 1.1 spaces-router (f664e1b0322c) X-Content-Type-Options nosniff X-Download-Options noopen X-Permitted-Cross-Domain-Policies none X-Request-Id f7bca0b3-8ef5-4ef8-6899-23ea38ce42c4 X-Runtime 0.014111 X-Xss-Protection 1; mode=block
POST H2	200	monitor analytics.tiktok.com/api/v2/	0 843 B	142ms 142ms	Ping text/plain	23.36.162.201 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://analytics.tiktok.com/api/v2/monitor Requested by Host: analytics.tiktok.com URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.36.162.201 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-36-162-201.deploy.static.akamaitechnologies.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-platform "Win32" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers x-akamai-request-id 40295f1.66176f6 date Thu, 20 Jun 2024 20:29:32 GMT x-tt-trace-tag id=16;cdn-cache=miss;type=dyn x-tt-trace-id 00-2406202029313B7BA4607FB9B5A0B96D-6DF5B991F22D21B3-00 x-cache TCP_MISS from a23-206-213-201.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-) x-parent-response-time 102,23.206.213.201 server-timing cdn-cache; desc=MISS, edge; dur=88, origin; dur=21, inner; dur=12 content-length 0 pragma no-cache server nginx x-tt-logid 202406202029313B7BA4607FB9B5A0B96D x-cache-remote TCP_MISS from a23-208-166-74.deploy.akamaitechnologies.com (AkamaiGHost/11.5.2-56372494) (-) access-control-allow-methods GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE access-control-allow-origin * cache-control max-age=0, no-cache, no-store x-origin-response-time 21,23.208.166.74 x-tt-trace-host 0182666b72bd0f36c7404233a29f25a793e223d45ce8b92844e812699831e7d2a0f4c7893110311c0e0537cf8d621339af48dde8e7a15c283f9da1e8c50fdf61ce4009b039177c37a579daceaa9740bbcdf94c4bfae7b04540027ae6d16f45d09da3b8827550ee2d21b7a92564873e8b75 access-control-allow-headers Authorization,* expires Thu, 20 Jun 2024 20:29:32 GMT
POST H2	200	monitor analytics.tiktok.com/api/v2/	0 842 B	142ms 141ms	Ping text/plain	23.36.162.201 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://analytics.tiktok.com/api/v2/monitor Requested by Host: analytics.tiktok.com URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.36.162.201 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-36-162-201.deploy.static.akamaitechnologies.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-platform "Win32" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers x-akamai-request-id 163bd4a5.66176f7 date Thu, 20 Jun 2024 20:29:32 GMT x-tt-trace-tag id=16;cdn-cache=miss;type=dyn x-tt-trace-id 00-240620202931314BFF4BAD59DBA41447-1327C1FE16D94A85-00 x-cache TCP_MISS from a23-206-213-201.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-) x-parent-response-time 105,23.206.213.201 server-timing cdn-cache; desc=MISS, edge; dur=94, origin; dur=19, inner; dur=8 content-length 0 pragma no-cache server nginx x-tt-logid 20240620202931314BFF4BAD59DBA41447 x-cache-remote TCP_MISS from a184-28-190-7.deploy.akamaitechnologies.com (AkamaiGHost/11.5.2-56372494) (-) access-control-allow-methods GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE access-control-allow-origin * cache-control max-age=0, no-cache, no-store x-origin-response-time 19,184.28.190.7 x-tt-trace-host 0182666b72bd0f36c7404233a29f25a793e223d45ce8b92844e812699831e7d2a03964806ee6237744a69ed90c2e236b300ebdb3c4e414e4998865565dc4632fe33d1a4efc71018a62458aac7b7e737881b4475433288a4dd29452e8a399486646e3fdeecd6ca16cb10ed67a70d80884c4 access-control-allow-headers Authorization,* expires Thu, 20 Jun 2024 20:29:32 GMT
POST H2	200	act analytics.tiktok.com/api/v2/pixel/	0 842 B	157ms 157ms	Ping text/plain	23.36.162.201 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://analytics.tiktok.com/api/v2/pixel/act Requested by Host: analytics.tiktok.com URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTU0NDc1MDUxNA.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 23.36.162.201 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a23-36-162-201.deploy.static.akamaitechnologies.com Software nginx / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-platform "Win32" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Response headers x-akamai-request-id 9ab08d6.66176f8 date Thu, 20 Jun 2024 20:29:32 GMT x-tt-trace-tag id=16;cdn-cache=miss;type=dyn x-tt-trace-id 00-240620202931FE7565BA9849F1A36C01-35D96D76E8A393AD-00 x-cache TCP_MISS from a23-206-213-201.deploy.akamaitechnologies.com (AkamaiGHost/11.5.3-56943929) (-) x-parent-response-time 116,23.206.213.201 server-timing cdn-cache; desc=MISS, edge; dur=94, origin; dur=35, inner; dur=25 content-length 0 pragma no-cache server nginx x-tt-logid 20240620202931FE7565BA9849F1A36C01 x-cache-remote TCP_MISS from a184-28-190-47.deploy.akamaitechnologies.com (AkamaiGHost/11.5.2-56372494) (-) access-control-allow-methods GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE access-control-allow-origin * cache-control max-age=0, no-cache, no-store x-origin-response-time 35,184.28.190.47 x-tt-trace-host 0182666b72bd0f36c7404233a29f25a793e223d45ce8b92844e812699831e7d2a0fca3e473c059fca40629f260fbd7f23f6f2a47120ce50a69040c0ae21abc89c40e4b2c689b45b8c88e0719693b83d1a4ac257e30295de2f3f65d9af40b7d9ce40cbb9ddcaf10ebb693c3ad55d7f7eea8 access-control-allow-headers Authorization,* expires Thu, 20 Jun 2024 20:29:32 GMT
POST H2	200	collect Show response www.google-analytics.com/j/	3 B 140 B	50ms 46ms	XHR text/plain	2a00:1450:4001:812::200e GOOGLE
General Check archive.org Show headers Download Go to Full URL https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1683830832&t=pageview&_s=1&dl=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&ul=de-de&de=UTF-8&dt=Thousands%20of%20FortiGate%20Devices%20Compromised%20in%20Ongoing%20Campaign%20%7C%20Decipher&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAAABAAAAAC~&jid=1048191888&gjid=1613591411&cid=1224150143.1718915372&tid=UA-20141016-1&_gid=506140595.1718915372&_r=1&_slc=1&gtm=45He46h0h1n71MFPB9Dv71885818za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&tag_exp=0&npa=1&z=269336470 Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=duo.com Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-platform "Win32" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-Type text/plain Response headers pragma no-cache date Thu, 20 Jun 2024 20:29:31 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://duo.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 3 expires Fri, 01 Jan 1990 00:00:00 GMT
POST H2	200	collect Show response stats.g.doubleclick.net/j/	1 B 340 B	32ms 19ms	XHR text/plain	2a00:1450:400c:c0a::9d GOOGLE
General Check archive.org Show headers Download Go to Full URL https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-20141016-1&cid=1224150143.1718915372&jid=1694103698&gjid=1836804982&_gid=506140595.1718915372&npa=1&_u=YCDAgAABAAAAAG~&z=1936385781 Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=duo.com Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:400c:c0a::9d Brussels, Belgium, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains; preload X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-platform "Win32" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-Type text/plain Response headers pragma no-cache strict-transport-security max-age=31536000; includeSubDomains; preload date Thu, 20 Jun 2024 20:29:31 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 content-type text/plain access-control-allow-origin https://duo.com cache-control no-cache, no-store, must-revalidate access-control-allow-credentials true cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 1 expires Fri, 01 Jan 1990 00:00:00 GMT
GET H2	200	collect www.google-analytics.com/	35 B 194 B	37ms 37ms	Image image/gif	2a00:1450:4001:812::200e GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/collect?v=1&_v=j101&a=1683830832&t=pageview&_s=1&dl=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&ul=de-de&de=UTF-8&dt=Thousands%20of%20FortiGate%20Devices%20Compromised%20in%20Ongoing%20Campaign%20%7C%20Decipher&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDAgAABAAAAAC~&jid=1694103698&gjid=1836804982&cid=1224150143.1718915372&tid=UA-20141016-1&_gid=506140595.1718915372&gtm=45He46h0h1n71MFPB9Dv71885818za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&tag_exp=0&cg3=Decipher%20Traffic%20Only&npa=1&z=1583243262 Requested by Host: duo.com URL: https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Protocol H2 Security TLS 1.3, , AES_128_GCM Server 2a00:1450:4001:812::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US), Reverse DNS Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 20 Jun 2024 15:01:43 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 age 19668 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 35 expires Mon, 01 Jan 1990 00:00:00 GMT
GET H2	200	s8387222731840 Show response smetrics.cisco.com/b/ss/cisco-complete/10/JS-2.12.0/	927 B 1 KB	48ms 47ms	Script application/x-javascript	63.140.62.222 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://smetrics.cisco.com/b/ss/cisco-complete/10/JS-2.12.0/s8387222731840?AQB=1&ndh=1&pf=1&callback=s_c_il[1].doPostbacks&et=1&t=20%2F5%2F2024%2022%3A29%3A32%204%20-120&d.&nsid=0&jsonv=1&.d&sdid=231015522FDD2DB0-297889391FC5217B&mid=19352461753431726180511620120588315202&aamlh=6&ce=UTF-8&ns=cisco&pageName=duo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&g=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&cc=USD&events=event1&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&c1=thousands%20of%20fortigate%20devices%20compromised%20in%20ongoing%20campaign%20%7C%20decipher&h1=duo.com%3Adecipher%3Athousands-of-fortigate-devices-compromised-in-ongoing-campaign&c2=undefined%3Ano%20iapath%3Athousands-of-fortigate-devices-compromised-in-ongoing-campaign&c3=duo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&h3=no%20iapath&c10=12%3A29%20PM%7CThursday&v10=12%3A29%20PM%7CThursday&v25=duo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&v26=no%20contenttype&c28=no%20iapath&v28=no%20iapath&c33=en-us&v33=en-us&c41=duo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&c46=ut4.51.202406201946&c50=cisco-complete&c51=unavailable&c53=no%20contenttype&v63=unavailable&v77=AppMeasurement%3D2.12.0%2CVisitorJS%3D4.1.0%2CMbox%3Dna&v78=dnt%3Dfalse%2Ccookies%3Dtrue%2Clocalstorage%3Dtrue&v92=0.3372505013294165_1718915371338&v98=cisco.duo&v106=19352461753431726180511620120588315202&v177=false&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=B8D07FF4520E94C10A490D4C%40AdobeOrg&AQE=1 Requested by Host: tags.tiqcdn.com URL: https://tags.tiqcdn.com/utag/cisco/duo/prod/utag.5.js?utv=ut4.51.202406201946 Protocol H2 Security TLS 1.3, , AES_128_GCM Server 63.140.62.222 , United States, ASN16509 (AMAZON-02, US), Reverse DNS ip-63-140-62-222.data.adobedc.net Software jag / Resource Hash 17366a6119f0f6342c396440526daffe03a8055724fc03f7b1d8e19443d40bd1 Security Headers Name Value Strict-Transport-Security max-age=31536000; includeSubDomains X-Content-Type-Options nosniff X-Xss-Protection 1; mode=block Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers x-aam-tid 6Kn6/xqhTIM= date Thu, 20 Jun 2024 20:29:32 GMT strict-transport-security max-age=31536000; includeSubDomains x-content-type-options nosniff p3p CP="This is not a P3P policy" content-length 927 x-xss-protection 1; mode=block dcs dcs-prod-irl1-2-v061-0bba5b8dc.edge-irl1.demdex.com 3 ms pragma no-cache last-modified Fri, 21 Jun 2024 20:29:32 GMT server jag etag 3691342654686625792-4618687415961354922 vary * content-type application/x-javascript;charset=utf-8 access-control-allow-origin * cache-control no-cache, no-store, max-age=0, no-transform, private expires Wed, 19 Jun 2024 20:29:32 GMT
POST H2	204	/ Show response px.ads.linkedin.com/wa/	0 190 B	107ms 107ms	XHR text/plain	2620:1ec:21::14 MICROSOFT-CORP-MS...
General Check archive.org Show headers Download Go to Full URL https://px.ads.linkedin.com/wa/ Requested by Host: cdn.bizible.com URL: https://cdn.bizible.com/scripts/bizible.js?account=duo.com Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_256_GCM Server 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US), Reverse DNS Software / Resource Hash e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 Content-Type text/plain;charset=UTF-8 Accept * Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign sec-ch-ua-platform "Win32" Response headers date Thu, 20 Jun 2024 20:29:32 GMT x-li-pop afd-prod-lva1-x x-msedge-ref Ref A: 38E86C8DF7B74EED953E3E9DE6BC5C3F Ref B: FRAEDGE1310 Ref C: 2024-06-20T20:29:32Z linkedin-action 1 vary Origin x-cache CONFIG_NOCACHE x-li-fabric prod-lva1 access-control-allow-origin https://duo.com x-li-proto http/2 access-control-allow-credentials true x-li-uuid AAYbWCwoIIOF2YlOKMAvGA==
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 257 B	100ms 100ms	Image image/gif	2.17.100.193 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=839eaa5e959ad938f179bd0fe4450965&svisitor=null&visitor=7de91c72-bd11-4272-8020-67d4b9157256&session=e7c188b0-078d-45cc-87e9-3ef365bc38dc&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2020%20Jun%202024%2020%3A29%3A32%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2020%20Jun%202024%2020%3A29%3A31%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%221002%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Dutch%20Military%20Intelligence%20and%20Security%20Service%20said%20it%20has%20identified%20more%20than%2020%2C000%20FortiGate%20devices%20that%20have%20been%20compromised%20by%20a%20Chinese%20state-sponsored%20threat%20group.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Thousands%20of%20FortiGate%20Devices%20Compromised%20in%20Ongoing%20Campaign%20%7C%20Decipher%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&pageViewId=b6b261ba-d953-47fc-8fb3-f13cf659be72&v=1.1.21 Requested by Host: duo.com URL: https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-193.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 20 Jun 2024 20:29:32 GMT x-content-type-options nosniff last-modified Tue, 05 Oct 2021 22:17:52 GMT server nginx/1.14.0 (Ubuntu) etag "615ccf10-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Thu, 20 Jun 2024 20:29:32 GMT
GET H2	200	xdcLsFrame.html www.cisco.com/assets/ctm/xdc/ Frame 446D	0 0	50ms 23ms	Document text/html	2a02:26f0:7100:89b::b33 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Full URL https://www.cisco.com/assets/ctm/xdc/xdcLsFrame.html Requested by Host: www.cisco.com URL: https://www.cisco.com/c/dam/cdc/t/ctm.js Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2a02:26f0:7100:89b::b33 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS Software Apache / Resource Hash Security Headers Name Value Content-Security-Policy upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com *.webex.com *.cdw.com *.cdwg.com *.cdw.ca *.meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com *.itquotes.ie dteonline.com ampito-cisco.com arkphire.com *.insight.com *.ccsmedia.com *.ebuyer.com *.lambda-tek.com *.storm-technologies.com *.vohkus.com *.bechtle.com *.rainfocus.com *.broadbandbuyer.com *.hardware.com shop.redpontem.com *.miro.com cisco.techdatavendors.be *.service-now.com *.thousandeyes.com *.duo.com duo.com *.umbrella.com *.pricespider.com *.mapbox.com cdnjs.cloudflare.com https://community.cisco.com/; Strict-Transport-Security max-age=31536000 X-Content-Type-Options nosniff X-Frame-Options SAMEORIGIN X-Xss-Protection 1; mode=block Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers accept-ranges bytes cache-control max-age=28272 cdchost wemxweb-publish-prod1-04 content-encoding gzip content-length 2183 content-security-policy upgrade-insecure-requests; frame-ancestors *.cisco.com *.jasper.com *.ciscospark.com *.ciscolive.com http://cisco.lookbookhq.com https://cisco.lookbookhq.com testcisco.marketing.adobe.com cisco.marketing.adobe.com ciscosales.my.salesforce.com test.salesforce.com zedo.com hindustantimes.com economictimes.indiatimes.com *.webex.com *.cdw.com *.cdwg.com *.cdw.ca *.meraki-go.com http://ciscopartners.lookbookhq.com https://ciscopartners.lookbookhq.com ciscolearningsystem.com ciscocustomer.lookbookhq.com cisco.lookbookhq.com ccsmedia.com *.itquotes.ie dteonline.com ampito-cisco.com arkphire.com *.insight.com *.ccsmedia.com *.ebuyer.com *.lambda-tek.com *.storm-technologies.com *.vohkus.com *.bechtle.com *.rainfocus.com *.broadbandbuyer.com *.hardware.com shop.redpontem.com *.miro.com cisco.techdatavendors.be *.service-now.com *.thousandeyes.com *.duo.com duo.com *.umbrella.com *.pricespider.com *.mapbox.com cdnjs.cloudflare.com https://community.cisco.com/; content-type text/html;charset=utf-8 date Thu, 20 Jun 2024 20:29:32 GMT expires Fri, 21 Jun 2024 04:20:44 GMT server Apache server-timing cdn-cache; desc=HIT edge; dur=1 ak_p; desc="1718915372738_34603319_824296372_39_12295_9_12_255";dur=1 strict-transport-security max-age=31536000 vary Accept-Encoding x-akamai-transformed 9 - 0 pmb=mRUM,1 x-content-type-options nosniff x-edgeconnect-midmile-rtt 1 x-edgeconnect-origin-mex-latency 31 x-frame-options SAMEORIGIN x-test-debug nURL=www.cisco.com,realm=0,isRealm=0,realmDomain=0,shortrealm=0,upgradeTest=1 x-xss-protection 1; mode=block
GET H2	200	up insight.adsrvr.org/track/ Frame 9CA0	0 0	110ms 33ms	Document text/html	52.223.40.198 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://insight.adsrvr.org/track/up?adv=rshxraz&ref=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&upid=hpvhlc2&upv=1.1.0 Requested by Host: js.adsrvr.org URL: https://js.adsrvr.org/up_loader.1.1.0.js Protocol H2 Security TLS 1.2, ECDHE_RSA, AES_128_GCM Server 52.223.40.198 , United States, ASN16509 (AMAZON-02, US), Reverse DNS a6370ebea231e0c9a.awsglobalaccelerator.com Software Kestrel / Resource Hash Request headers Accept-Language de-DE,de;q=0.9;q=0.9 Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Upgrade-Insecure-Requests 1 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" sec-ch-ua-mobile ?0 sec-ch-ua-platform "Win32" Response headers content-length 0 content-type text/html date Thu, 20 Jun 2024 20:29:32 GMT server Kestrel
GET H3	200	collect www.google-analytics.com/	35 B 55 B	37ms 37ms	Image image/gif	216.58.212.142 GOOGLE
General Check archive.org Show headers Download Go to Show image Full URL https://www.google-analytics.com/collect?v=1&_v=j101&a=1683830832&t=event&ni=1&_s=1&dl=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&ul=de-de&de=UTF-8&dt=Thousands%20of%20FortiGate%20Devices%20Compromised%20in%20Ongoing%20Campaign%20%7C%20Decipher&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=undefined&ea=undefined&_u=6DDAAEABAAAAAGAAI~&jid=&gjid=&cid=1224150143.1718915372&tid=UA-20141016-1&_gid=506140595.1718915372&gtm=45He46h0h1n71MFPB9Dv71885818za200&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&tag_exp=0&cd2=1224150143.1718915372&npa=1&z=2088315074 Protocol H3 Security QUIC, , AES_128_GCM Server 216.58.212.142 , United States, ASN15169 (GOOGLE, US), Reverse DNS ams15s21-in-f14.1e100.net Software Golfe2 / Resource Hash 8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015 Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 20 Jun 2024 17:02:12 GMT x-content-type-options nosniff last-modified Sun, 17 May 1998 03:00:00 GMT server Golfe2 age 12440 content-type image/gif access-control-allow-origin * cache-control no-cache, no-store, must-revalidate cross-origin-resource-policy cross-origin alt-svc h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 content-length 35 expires Mon, 01 Jan 1990 00:00:00 GMT
GET H2	200	favicon.ico duo.com/assets/img/decipher/favicons/	15 KB 15 KB	11ms 10ms	Other image/x-icon	3.161.82.84 AMAZON-02
General Check archive.org Show headers Download Go to Full URL https://duo.com/assets/img/decipher/favicons/favicon.ico Protocol H2 Security TLS 1.3, , AES_128_GCM Server 3.161.82.84 , United States, ASN16509 (AMAZON-02, US), Reverse DNS server-3-161-82-84.fra56.r.cloudfront.net Software Duo/1.0 / Resource Hash 9d6b9e7229a0467d88ce36717a7520074d6bb78b4194223d46157eefcb597d78 Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers date Wed, 19 Jun 2024 07:46:58 GMT via 1.1 9ceaac5e4cbf8702556b2c925b200af8.cloudfront.net (CloudFront) last-modified Tue, 30 Apr 2024 12:49:06 GMT server Duo/1.0 x-amz-cf-pop FRA56-P10 age 132154 etag "6630e8c2-3aee" vary Accept-Encoding x-cache Hit from cloudfront content-type image/x-icon cache-control max-age=604800, public, max-age=604800 accept-ranges bytes content-length 15086 x-amz-cf-id pJmyAFzgIoIaduq4CFyySquTHUTjNcRtg7nZrOqxRvf6uA2_X6yxGQ== expires Wed, 26 Jun 2024 07:46:58 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 257 B	112ms 112ms	Image image/gif	2.17.100.193 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=839eaa5e959ad938f179bd0fe4450965&svisitor=null&visitor=7de91c72-bd11-4272-8020-67d4b9157256&session=e7c188b0-078d-45cc-87e9-3ef365bc38dc&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2020%20Jun%202024%2020%3A29%3A33%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2020%20Jun%202024%2020%3A29%3A32%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%222004%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Dutch%20Military%20Intelligence%20and%20Security%20Service%20said%20it%20has%20identified%20more%20than%2020%2C000%20FortiGate%20devices%20that%20have%20been%20compromised%20by%20a%20Chinese%20state-sponsored%20threat%20group.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Thousands%20of%20FortiGate%20Devices%20Compromised%20in%20Ongoing%20Campaign%20%7C%20Decipher%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&pageViewId=b6b261ba-d953-47fc-8fb3-f13cf659be72&v=1.1.21 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-193.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 20 Jun 2024 20:29:33 GMT x-content-type-options nosniff last-modified Fri, 21 Feb 2020 18:57:20 GMT server nginx/1.14.0 (Ubuntu) etag "5e502810-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Thu, 20 Jun 2024 20:29:33 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 257 B	100ms 100ms	Image image/gif	2.17.100.193 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=839eaa5e959ad938f179bd0fe4450965&svisitor=null&visitor=7de91c72-bd11-4272-8020-67d4b9157256&session=e7c188b0-078d-45cc-87e9-3ef365bc38dc&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2020%20Jun%202024%2020%3A29%3A34%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2020%20Jun%202024%2020%3A29%3A33%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223005%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Dutch%20Military%20Intelligence%20and%20Security%20Service%20said%20it%20has%20identified%20more%20than%2020%2C000%20FortiGate%20devices%20that%20have%20been%20compromised%20by%20a%20Chinese%20state-sponsored%20threat%20group.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Thousands%20of%20FortiGate%20Devices%20Compromised%20in%20Ongoing%20Campaign%20%7C%20Decipher%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&pageViewId=b6b261ba-d953-47fc-8fb3-f13cf659be72&v=1.1.21 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-193.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 20 Jun 2024 20:29:34 GMT x-content-type-options nosniff last-modified Sat, 18 Feb 2023 00:49:36 GMT server nginx/1.14.0 (Ubuntu) etag "63f020a0-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Thu, 20 Jun 2024 20:29:34 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 258 B	109ms 108ms	Image image/gif	2.17.100.193 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=839eaa5e959ad938f179bd0fe4450965&svisitor=null&visitor=7de91c72-bd11-4272-8020-67d4b9157256&session=e7c188b0-078d-45cc-87e9-3ef365bc38dc&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2020%20Jun%202024%2020%3A29%3A35%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2020%20Jun%202024%2020%3A29%3A34%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%224007%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Dutch%20Military%20Intelligence%20and%20Security%20Service%20said%20it%20has%20identified%20more%20than%2020%2C000%20FortiGate%20devices%20that%20have%20been%20compromised%20by%20a%20Chinese%20state-sponsored%20threat%20group.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Thousands%20of%20FortiGate%20Devices%20Compromised%20in%20Ongoing%20Campaign%20%7C%20Decipher%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&pageViewId=b6b261ba-d953-47fc-8fb3-f13cf659be72&v=1.1.21 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-193.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 20 Jun 2024 20:29:35 GMT x-content-type-options nosniff last-modified Sat, 18 Feb 2023 02:04:22 GMT server nginx/1.14.0 (Ubuntu) etag "63f03226-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Thu, 20 Jun 2024 20:29:35 GMT
GET H2	200	img.gif b.6sc.co/v1/beacon/	43 B 257 B	107ms 107ms	Image image/gif	2.17.100.193 AKAMAI-ASN1
General Check archive.org Show headers Download Go to Show image Full URL https://b.6sc.co/v1/beacon/img.gif?token=839eaa5e959ad938f179bd0fe4450965&svisitor=null&visitor=7de91c72-bd11-4272-8020-67d4b9157256&session=e7c188b0-078d-45cc-87e9-3ef365bc38dc&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2020%20Jun%202024%2020%3A29%3A36%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2020%20Jun%202024%2020%3A29%3A35%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%225008%22%7D&isIframe=false&m=%7B%22description%22%3A%22The%20Dutch%20Military%20Intelligence%20and%20Security%20Service%20said%20it%20has%20identified%20more%20than%2020%2C000%20FortiGate%20devices%20that%20have%20been%20compromised%20by%20a%20Chinese%20state-sponsored%20threat%20group.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Thousands%20of%20FortiGate%20Devices%20Compromised%20in%20Ongoing%20Campaign%20%7C%20Decipher%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fduo.com%2Fdecipher%2Fthousands-of-fortigate-devices-compromised-in-ongoing-campaign&pageViewId=b6b261ba-d953-47fc-8fb3-f13cf659be72&v=1.1.21 Protocol H2 Security TLS 1.3, , AES_256_GCM Server 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL), Reverse DNS a2-17-100-193.deploy.static.akamaitechnologies.com Software nginx/1.14.0 (Ubuntu) / Resource Hash dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b Security Headers Name Value X-Content-Type-Options nosniff Request headers sec-ch-ua "Google Chrome";v="126", "Not:A-Brand";v="8", "Chromium";v="126" Referer https://duo.com/decipher/thousands-of-fortigate-devices-compromised-in-ongoing-campaign Accept-Language de-DE,de;q=0.9;q=0.9 sec-ch-ua-mobile ?0 User-Agent Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 sec-ch-ua-platform "Win32" Response headers pragma no-cache date Thu, 20 Jun 2024 20:29:36 GMT x-content-type-options nosniff last-modified Fri, 21 Feb 2020 18:57:20 GMT server nginx/1.14.0 (Ubuntu) etag "5e502810-2b" content-type image/gif cache-control max-age=0, no-cache, no-store accept-ranges bytes content-length 43 expires Thu, 20 Jun 2024 20:29:36 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain

cisco-tags.cisco.com

URL

https://cisco-tags.cisco.com/callback/action.html?state=dIKUfNo-I1nbiSUHECg2X6kKc90&error=login_required&error_description=The+client+specified+not+to+prompt%2C+but+the+user+is+not+logged+in.

Domain

ara.paa-reporting-advertising.amazon

URL

https://ara.paa-reporting-advertising.amazon/aat?pid=f808e024-acca-4e83-a13b-f65567e77575&event=Pageview&ts=1718915371262