www.fortinet.com Open in urlscan Pro
44.199.160.6 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
Submission: On September 05 via api (September 5th 2024, 8:23:45 am UTC) from IN — Scanned from US

Summary HTTP 201 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 72 IPs in 3 countries across 63 domains to perform 201 HTTP transactions. The main IP is 44.199.160.6, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is www.fortinet.com. The Cisco Umbrella rank of the primary domain is 221752.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on July 16th 2024. Valid for: a year.

This is the only time www.fortinet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
31	44.199.160.6 44.199.160.6	14618 (AMAZON-AES) (AMAZON-AES)
6	104.18.86.42 104.18.86.42	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.64.155.119 172.64.155.119	13335 (CLOUDFLAR...) (CLOUDFLARENET)
22	23.45.193.57 23.45.193.57	16625 (AKAMAI-AS) (AKAMAI-AS)
3	52.12.178.187 52.12.178.187	16509 (AMAZON-02) (AMAZON-02)
1	44.232.177.153 44.232.177.153	16509 (AMAZON-02) (AMAZON-02)
1 1	3.209.1.129 3.209.1.129	14618 (AMAZON-AES) (AMAZON-AES)
1	63.140.36.145 63.140.36.145	16509 (AMAZON-02) (AMAZON-02)
4	104.19.147.8 104.19.147.8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
13	23.34.59.33 23.34.59.33	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	23.45.193.200 23.45.193.200	16625 (AKAMAI-AS) (AKAMAI-AS)
2	34.171.47.125 34.171.47.125	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	150.171.28.10 150.171.28.10	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
9	142.251.40.168 142.251.40.168	15169 (GOOGLE) (GOOGLE)
2	70.42.32.31 70.42.32.31	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
20 23	34.171.234.26 34.171.234.26	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	69.194.240.13 69.194.240.13	26120 (RHYTHMONE) (RHYTHMONE)
1 2	52.223.22.214 52.223.22.214	16509 (AMAZON-02) (AMAZON-02)
1	44.197.150.112 44.197.150.112	14618 (AMAZON-AES) (AMAZON-AES)
1 2	34.111.113.62 34.111.113.62	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	108.138.128.14 108.138.128.14	16509 (AMAZON-02) (AMAZON-02)
1 1	18.173.219.73 18.173.219.73	16509 (AMAZON-02) (AMAZON-02)
1 2	18.164.116.64 18.164.116.64	16509 (AMAZON-02) (AMAZON-02)
1	8.28.7.83 8.28.7.83	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	63.251.28.231 63.251.28.231	13789 (INTERNAP-...) (INTERNAP-BLK3)
1 2	34.229.3.43 34.229.3.43	14618 (AMAZON-AES) (AMAZON-AES)
1 2	3.225.218.10 3.225.218.10	14618 (AMAZON-AES) (AMAZON-AES)
1	52.204.142.153 52.204.142.153	14618 (AMAZON-AES) (AMAZON-AES)
1	23.46.225.71 23.46.225.71	16625 (AKAMAI-AS) (AKAMAI-AS)
2 3	44.193.146.17 44.193.146.17	14618 (AMAZON-AES) (AMAZON-AES)
1 2	34.206.18.6 34.206.18.6	14618 (AMAZON-AES) (AMAZON-AES)
3 3	35.244.154.8 35.244.154.8	15169 (GOOGLE) (GOOGLE)
1 1	107.178.254.65 107.178.254.65	15169 (GOOGLE) (GOOGLE)
3 7	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	142.251.35.162 142.251.35.162	15169 (GOOGLE) (GOOGLE)
1 4	142.251.41.2 142.251.41.2	15169 (GOOGLE) (GOOGLE)
3	142.250.80.36 142.250.80.36	15169 (GOOGLE) (GOOGLE)
1 4	68.67.181.211 68.67.181.211	29990 (ASN-APPNEX) (ASN-APPNEX)
1	69.173.151.100 69.173.151.100	26667 (RUBICONPR...) (RUBICONPROJECT)
1 2	35.244.159.8 35.244.159.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3 3	142.251.40.226 142.251.40.226	15169 (GOOGLE) (GOOGLE)
1	23.34.59.26 23.34.59.26	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	76.223.9.105 76.223.9.105	16509 (AMAZON-02) (AMAZON-02)
1	3.12.250.89 3.12.250.89	16509 (AMAZON-02) (AMAZON-02)
2	138.199.40.58 138.199.40.58	60068 (CDN77 _) (CDN77 _)
4	142.251.40.238 142.251.40.238	15169 (GOOGLE) (GOOGLE)
1	216.239.36.181 216.239.36.181	15169 (GOOGLE) (GOOGLE)
1	142.251.111.154 142.251.111.154	15169 (GOOGLE) (GOOGLE)
5	142.250.64.98 142.250.64.98	15169 (GOOGLE) (GOOGLE)
1	142.251.32.102 142.251.32.102	15169 (GOOGLE) (GOOGLE)
1	172.66.42.248 172.66.42.248	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.19.71 104.18.19.71	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	52.32.164.86 52.32.164.86	16509 (AMAZON-02) (AMAZON-02)
3	13.107.246.40 13.107.246.40	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	216.200.232.253 216.200.232.253	6461 (ZAYO-6461) (ZAYO-6461)
1	52.7.151.245 52.7.151.245	14618 (AMAZON-AES) (AMAZON-AES)
1	146.75.28.157 146.75.28.157	54113 (FASTLY) (FASTLY)
1	3.171.139.70 3.171.139.70	16509 (AMAZON-02) (AMAZON-02)
1	63.140.37.206 63.140.37.206	16509 (AMAZON-02) (AMAZON-02)
2	44.226.187.177 44.226.187.177	16509 (AMAZON-02) (AMAZON-02)
1	104.18.186.31 104.18.186.31	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	54.203.236.163 54.203.236.163	16509 (AMAZON-02) (AMAZON-02)
1	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2	51.20.153.244 51.20.153.244	16509 (AMAZON-02) (AMAZON-02)
1 2	142.251.41.6 142.251.41.6	15169 (GOOGLE) (GOOGLE)
2	31.13.71.7 31.13.71.7	32934 (FACEBOOK) (FACEBOOK)
1	172.67.163.237 172.67.163.237	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	172.66.0.227 172.66.0.227	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
1	52.71.121.170 52.71.121.170	14618 (AMAZON-AES) (AMAZON-AES)
2 7	34.117.77.79 34.117.77.79	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	23.44.131.36 23.44.131.36	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	54.156.78.110 54.156.78.110	14618 (AMAZON-AES) (AMAZON-AES)
2	31.13.71.36 31.13.71.36	32934 (FACEBOOK) (FACEBOOK)
3 3	15.197.193.217 15.197.193.217	16509 (AMAZON-02) (AMAZON-02)
2 3	44.218.64.233 44.218.64.233	14618 (AMAZON-AES) (AMAZON-AES)
2	52.89.99.220 52.89.99.220	16509 (AMAZON-02) (AMAZON-02)
1	35.81.162.201 35.81.162.201	16509 (AMAZON-02) (AMAZON-02)
1	52.10.121.135 52.10.121.135	16509 (AMAZON-02) (AMAZON-02)
201	72

31 44.199.160.6 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-199-160-6.compute-1.amazonaws.com

www.fortinet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.18.86.42 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.155.119 (None, )

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 23.45.193.57 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-45-193-57.deploy.static.akamaitechnologies.com

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.12.178.187 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-12-178-187.us-west-2.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.232.177.153 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-232-177-153.us-west-2.compute.amazonaws.com

fortinet.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.209.1.129 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-209-1-129.compute-1.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.140.36.145 (United States)

ASN16509 (AMAZON-02, US)
PTR: ip-63-140-36-145.data.adobedc.net

fortinet.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.19.147.8 (None, )

ASN13335 (CLOUDFLARENET, US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 23.34.59.33 (Edison, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-34-59-33.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.45.193.200 (United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-45-193-200.deploy.static.akamaitechnologies.com

amplify.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
wave.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.171.47.125 (Council Bluffs, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 125.47.171.34.bc.googleusercontent.com

tag.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 150.171.28.10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 142.251.40.168 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s81-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 70.42.32.31 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

tr.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

23 34.171.234.26 (Council Bluffs, United States) 20 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 26.234.171.34.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.194.240.13 (United States)

ASN26120 (RHYTHMONE, US)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.223.22.214 (Seattle, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: afb83dd09526a6517.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.197.150.112 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-197-150-112.compute-1.amazonaws.com

simplifi.partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.113.62 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 108.138.128.14 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-108-138-128-14.jfk50.r.cloudfront.net

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.173.219.73 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-18-173-219-73.jfk52.r.cloudfront.net

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.164.116.64 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-18-164-116-64.jfk50.r.cloudfront.net

sync.intentiq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.28.7.83 (United States)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.251.28.231 (Secaucus, United States)

ASN13789 (INTERNAP-BLK3, US)

ads.stickyadstv.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.229.3.43 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-229-3-43.compute-1.amazonaws.com

loadm.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.225.218.10 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-225-218-10.compute-1.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.204.142.153 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-204-142-153.compute-1.amazonaws.com

sync.bfmio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.46.225.71 (Secaucus, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-46-225-71.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 44.193.146.17 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-193-146-17.compute-1.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.206.18.6 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-206-18-6.compute-1.amazonaws.com

ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.244.154.8 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 8.154.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 107.178.254.65 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 65.254.178.107.bc.googleusercontent.com

pippio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 13.107.42.14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.35.162 (Queens, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: lga25s78-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.251.41.2 (Queens, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: lga34s40-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.80.36 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s34-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 68.67.181.211 (North Bergen, United States) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.151.100 (United States)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.159.8 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.251.40.226 (Queens, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: lga34s39-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.34.59.26 (Edison, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-34-59-26.deploy.static.akamaitechnologies.com

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.9.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: ac3ff6aafb2cddae2.awsglobalaccelerator.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.12.250.89 (Columbus, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-12-250-89.us-east-2.compute.amazonaws.com

tracking.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 138.199.40.58 (New York, United States)

ASN60068 (CDN77 _, GB)
PTR: 138-199-40-58.bunnyinfra.net

a.opmnstr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.251.40.238 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s39-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.239.36.181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.111.154 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: bk-in-f154.1e100.net

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.64.98 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: lga34s31-in-f2.1e100.net

td.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.32.102 (Queens, United States)

ASN15169 (GOOGLE, US)
PTR: lga25s77-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.66.42.248 (United States)

ASN13335 (CLOUDFLARENET, US)

api.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.19.71 (None, )

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.32.164.86 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-32-164-86.us-west-2.compute.amazonaws.com

abm-tracking.demandscience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.107.246.40 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

tmp.argusplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixels.argusplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
webtracker.argusplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.200.232.253 (Frederick, United States)

ASN6461 (ZAYO-6461, US)

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.7.151.245 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-7-151-245.compute-1.amazonaws.com

dx.mountain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.28.157 (Ashburn, United States)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.171.139.70 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-3-171-139-70.jfk52.r.cloudfront.net

tags.inzynk.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.140.37.206 (United States)

ASN16509 (AMAZON-02, US)
PTR: ip-63-140-37-206.data.adobedc.net

metrics.fortinet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.226.187.177 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-226-187-177.us-west-2.compute.amazonaws.com

intentstream.contanuity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.186.31 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.203.236.163 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-203-236-163.us-west-2.compute.amazonaws.com

tracking.contanuity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 51.20.153.244 (Stockholm, Sweden)

ASN16509 (AMAZON-02, US)
PTR: ec2-51-20-153-244.eu-north-1.compute.amazonaws.com

analytics.inzynk.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.41.6 (Queens, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: lga34s40-in-f6.1e100.net

10104846.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 31.13.71.7 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-lga3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.67.163.237 (United States)

ASN13335 (CLOUDFLARENET, US)

siteimproveanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.66.0.227 (United States)

ASN13335 (CLOUDFLARENET, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.71.121.170 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-71-121-170.compute-1.amazonaws.com

52.71.121.170	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 34.117.77.79 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 79.77.117.34.bc.googleusercontent.com

ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.44.131.36 (Piscataway, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-44-131-36.deploy.static.akamaitechnologies.com

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.156.78.110 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-156-78-110.compute-1.amazonaws.com

6033413.global.siteimproveanalytics.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 31.13.71.36 (Secaucus, United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-01-lga3.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 15.197.193.217 (Seattle, United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: a12b7a488abeaa9e4.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 44.218.64.233 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-218-64-233.compute-1.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.89.99.220 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-89-99-220.us-west-2.compute.amazonaws.com

px.mountain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.81.162.201 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-81-162-201.us-west-2.compute.amazonaws.com

gs.mountain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.10.121.135 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-10-121-135.us-west-2.compute.amazonaws.com

px.steelhousemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
32	fortinet.com www.fortinet.com — Cisco Umbrella Rank: 221752 metrics.fortinet.com — Cisco Umbrella Rank: 973993	2 MB
25	simpli.fi 20 redirects tag.simpli.fi — Cisco Umbrella Rank: 8238 i.simpli.fi — Cisco Umbrella Rank: 6968 um.simpli.fi — Cisco Umbrella Rank: 1484	14 KB
22	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 521	151 KB
16	doubleclick.net 5 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 77 cm.g.doubleclick.net — Cisco Umbrella Rank: 363 stats.g.doubleclick.net — Cisco Umbrella Rank: 252 td.doubleclick.net — Cisco Umbrella Rank: 481 ad.doubleclick.net — Cisco Umbrella Rank: 210 10104846.fls.doubleclick.net	7 KB
14	6sc.co j.6sc.co — Cisco Umbrella Rank: 12402 c.6sc.co — Cisco Umbrella Rank: 16017 ipv6.6sc.co — Cisco Umbrella Rank: 12823 b.6sc.co — Cisco Umbrella Rank: 6896	22 KB
9	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	843 KB
7	ml314.com 2 redirects ml314.com — Cisco Umbrella Rank: 3108	40 KB
7	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 669 www.linkedin.com — Cisco Umbrella Rank: 914	4 KB
6	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 554	127 KB
5	outbrain.com amplify.outbrain.com — Cisco Umbrella Rank: 4363 tr.outbrain.com — Cisco Umbrella Rank: 4248 wave.outbrain.com — Cisco Umbrella Rank: 4246	10 KB
5	crazyegg.com script.crazyegg.com — Cisco Umbrella Rank: 4547 tracking.crazyegg.com — Cisco Umbrella Rank: 8138	40 KB
4	mountain.com dx.mountain.com — Cisco Umbrella Rank: 8539 px.mountain.com — Cisco Umbrella Rank: 8773 gs.mountain.com — Cisco Umbrella Rank: 14631	11 KB
4	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 104
4	adnxs.com 1 redirects ib.adnxs.com — Cisco Umbrella Rank: 383 secure.adnxs.com — Cisco Umbrella Rank: 764	4 KB
4	google.com www.google.com — Cisco Umbrella Rank: 10 analytics.google.com — Cisco Umbrella Rank: 238	192 B
4	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 319 fortinet.demdex.net	2 KB
3	eyeota.net 2 redirects ps.eyeota.net — Cisco Umbrella Rank: 1596	2 KB
3	adsrvr.org 3 redirects match.adsrvr.org — Cisco Umbrella Rank: 505	2 KB
3	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 1356	820 B
3	t.co t.co — Cisco Umbrella Rank: 979	2 KB
3	contanuity.com intentstream.contanuity.com — Cisco Umbrella Rank: 173029 tracking.contanuity.com — Cisco Umbrella Rank: 44051	1 KB
3	inzynk.io tags.inzynk.io — Cisco Umbrella Rank: 669379 analytics.inzynk.io — Cisco Umbrella Rank: 434735	19 KB
3	argusplatform.com tmp.argusplatform.com — Cisco Umbrella Rank: 859686 pixels.argusplatform.com — Cisco Umbrella Rank: 956759 webtracker.argusplatform.com	4 KB
3	rlcdn.com 3 redirects idsync.rlcdn.com — Cisco Umbrella Rank: 689	848 B
3	crwdcntrl.net 2 redirects bcp.crwdcntrl.net — Cisco Umbrella Rank: 1296 sync.crwdcntrl.net — Cisco Umbrella Rank: 1261	1 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 534	15 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 108	4 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 236	71 KB
2	demandscience.com abm-tracking.demandscience.com — Cisco Umbrella Rank: 157542	3 KB
2	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 66995 ibc-flow.techtarget.com — Cisco Umbrella Rank: 63746	2 KB
2	omappapi.com a.omappapi.com — Cisco Umbrella Rank: 9699 api.omappapi.com — Cisco Umbrella Rank: 10036	3 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 18992	722 B
2	openx.net 1 redirects us-u.openx.net — Cisco Umbrella Rank: 864	504 B
2	lijit.com 1 redirects ce.lijit.com — Cisco Umbrella Rank: 1396	895 B
2	yahoo.com 1 redirects ups.analytics.yahoo.com — Cisco Umbrella Rank: 612	495 B
2	exelator.com 1 redirects loadm.exelator.com — Cisco Umbrella Rank: 3519	2 KB
2	intentiq.com 1 redirects sync.intentiq.com — Cisco Umbrella Rank: 1598	2 KB
2	agkn.com 2 redirects aa.agkn.com — Cisco Umbrella Rank: 910 d.agkn.com — Cisco Umbrella Rank: 1174	1 KB
2	tapad.com 1 redirects pixel.tapad.com — Cisco Umbrella Rank: 646	1 KB
2	3lift.com 1 redirects eb2.3lift.com — Cisco Umbrella Rank: 632	971 B
1	steelhousemedia.com px.steelhousemedia.com — Cisco Umbrella Rank: 24442	319 B
1	siteimproveanalytics.io 6033413.global.siteimproveanalytics.io — Cisco Umbrella Rank: 847514	149 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1884	14 KB
1	siteimproveanalytics.com siteimproveanalytics.com — Cisco Umbrella Rank: 8455	12 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 410	15 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 1253	15 KB
1	mathtag.com pixel.mathtag.com — Cisco Umbrella Rank: 4337	711 B
1	opmnstr.com a.opmnstr.com — Cisco Umbrella Rank: 59906	18 KB
1	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 555	1 KB
1	googleadservices.com 1 redirects www.googleadservices.com — Cisco Umbrella Rank: 176	23 B
1	pippio.com 1 redirects pippio.com — Cisco Umbrella Rank: 1285	633 B
1	bluekai.com stags.bluekai.com — Cisco Umbrella Rank: 1556	447 B
1	bfmio.com sync.bfmio.com — Cisco Umbrella Rank: 2757	421 B
1	stickyadstv.com ads.stickyadstv.com — Cisco Umbrella Rank: 969	654 B
1	pubmatic.com image2.pubmatic.com — Cisco Umbrella Rank: 1373	555 B
1	tremorhub.com simplifi.partners.tremorhub.com — Cisco Umbrella Rank: 10885	175 B
1	1rx.io sync.1rx.io — Cisco Umbrella Rank: 741	99 B
1	omtrdc.net fortinet.tt.omtrdc.net — Cisco Umbrella Rank: 990592	3 KB
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 2184	490 B
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 1019	300 B
0	krxd.net Failed usermatch.krxd.net Failed
0	smartadserver.com Failed sync.smartadserver.com Failed
0	lkqd.net Failed cs.lkqd.net Failed
201	63

	Domain	Requested by
31	www.fortinet.com	www.fortinet.com
23	um.simpli.fi	20 redirects
22	assets.adobedtm.com	cdn.cookielaw.org assets.adobedtm.com
11	b.6sc.co
9	www.googletagmanager.com	assets.adobedtm.com www.googletagmanager.com abm-tracking.demandscience.com
7	ml314.com	2 redirects www.fortinet.com ml314.com
6	px.ads.linkedin.com	2 redirects snap.licdn.com
6	cdn.cookielaw.org	www.fortinet.com cdn.cookielaw.org
5	td.doubleclick.net	www.googletagmanager.com
4	www.google-analytics.com	www.googletagmanager.com
4	googleads.g.doubleclick.net	1 redirects www.googletagmanager.com
4	script.crazyegg.com	www.fortinet.com script.crazyegg.com
3	ps.eyeota.net	2 redirects
3	match.adsrvr.org	3 redirects
3	analytics.twitter.com
3	t.co
3	cm.g.doubleclick.net	3 redirects
3	ib.adnxs.com	1 redirects
3	www.google.com
3	idsync.rlcdn.com	3 redirects
3	bat.bing.com	assets.adobedtm.com bat.bing.com
3	dpm.demdex.net	www.fortinet.com
2	px.mountain.com	dx.mountain.com px.mountain.com
2	www.facebook.com
2	connect.facebook.net	www.fortinet.com connect.facebook.net
2	10104846.fls.doubleclick.net	1 redirects assets.adobedtm.com
2	analytics.inzynk.io	tags.inzynk.io
2	intentstream.contanuity.com	abm-tracking.demandscience.com
2	abm-tracking.demandscience.com	www.fortinet.com abm-tracking.demandscience.com
2	epsilon.6sense.com	j.6sc.co
2	us-u.openx.net	1 redirects
2	ce.lijit.com	1 redirects
2	bcp.crwdcntrl.net	1 redirects
2	ups.analytics.yahoo.com	1 redirects
2	loadm.exelator.com	1 redirects
2	sync.intentiq.com	1 redirects
2	pixel.tapad.com	1 redirects
2	eb2.3lift.com	1 redirects
2	tr.outbrain.com	amplify.outbrain.com
2	amplify.outbrain.com	www.fortinet.com amplify.outbrain.com
1	px.steelhousemedia.com
1	gs.mountain.com	px.mountain.com
1	www.linkedin.com	1 redirects
1	sync.crwdcntrl.net	1 redirects
1	webtracker.argusplatform.com	tmp.argusplatform.com
1	6033413.global.siteimproveanalytics.io
1	snap.licdn.com	www.fortinet.com
1	siteimproveanalytics.com	assets.adobedtm.com
1	ibc-flow.techtarget.com	trk.techtarget.com
1	tracking.contanuity.com	abm-tracking.demandscience.com
1	pixels.argusplatform.com	tmp.argusplatform.com
1	cdn.jsdelivr.net	abm-tracking.demandscience.com
1	metrics.fortinet.com
1	secure.adnxs.com
1	tags.inzynk.io	assets.adobedtm.com
1	static.ads-twitter.com	www.fortinet.com
1	dx.mountain.com	www.fortinet.com
1	pixel.mathtag.com	www.fortinet.com
1	tmp.argusplatform.com	www.fortinet.com
1	trk.techtarget.com	www.fortinet.com
1	api.omappapi.com	a.opmnstr.com
1	a.omappapi.com	a.opmnstr.com
1	ad.doubleclick.net
1	stats.g.doubleclick.net	www.googletagmanager.com
1	analytics.google.com	www.googletagmanager.com
1	a.opmnstr.com	assets.adobedtm.com
1	tracking.crazyegg.com	script.crazyegg.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	pixel.rubiconproject.com
1	www.googleadservices.com	1 redirects
1	pippio.com	1 redirects
1	stags.bluekai.com
1	sync.bfmio.com
1	ads.stickyadstv.com
1	image2.pubmatic.com
1	d.agkn.com	1 redirects
1	aa.agkn.com	1 redirects
1	simplifi.partners.tremorhub.com
1	sync.1rx.io
1	wave.outbrain.com	amplify.outbrain.com
1	i.simpli.fi	tag.simpli.fi
1	tag.simpli.fi	assets.adobedtm.com
1	j.6sc.co	www.fortinet.com
1	fortinet.tt.omtrdc.net	www.fortinet.com
1	cm.everesttech.net	1 redirects
1	fortinet.demdex.net	www.fortinet.com
1	geolocation.onetrust.com	cdn.cookielaw.org
0	usermatch.krxd.net Failed
0	sync.smartadserver.com Failed
0	cs.lkqd.net Failed
201	91

This site contains links to these domains. Also see Links.

Domain
training.fortinet.com
www.linkedin.com
www.twitter.com
www.youtube.com
www.instagram.com
www.facebook.com
fortiguard.com
community.fortinet.com
investor.fortinet.com
onetrust.com

Subject Issuer	Validity	Valid
*.fortinet.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-16` - `2025-07-15`	a year	crt.sh
cookielaw.org WE1	`2024-08-13` - `2024-11-11`	3 months	crt.sh
geolocation.onetrust.com WE1	`2024-08-13` - `2024-11-11`	3 months	crt.sh
assets.adobedtm.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-09` - `2025-08-09`	a year	crt.sh
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2024-10-26`	a year	crt.sh
*.tt.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2024-02-26` - `2025-03-28`	a year	crt.sh
script.crazyegg.com Cloudflare Inc ECC CA-3	`2024-08-02` - `2024-12-31`	5 months	crt.sh
6sc.co R11	`2024-07-03` - `2024-10-01`	3 months	crt.sh
*.outbrain.com DigiCert TLS RSA SHA256 2020 CA1	`2023-12-14` - `2024-12-14`	a year	crt.sh
*.simpli.fi DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-07` - `2024-12-07`	a year	crt.sh
www.bing.com Microsoft Azure RSA TLS Issuing CA 04	`2024-06-19` - `2024-12-16`	6 months	crt.sh
*.google-analytics.com WR2	`2024-08-05` - `2024-10-28`	3 months	crt.sh
*.6sense.com Amazon RSA 2048 M03	`2024-04-01` - `2025-04-30`	a year	crt.sh
crazyegg.com Amazon RSA 2048 M02	`2024-06-30` - `2025-07-30`	a year	crt.sh
a.opmnstr.com R10	`2024-08-08` - `2024-11-06`	3 months	crt.sh
*.google.com WR2	`2024-08-05` - `2024-10-28`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-08-05` - `2024-10-28`	3 months	crt.sh
*.doubleclick.net WR2	`2024-08-05` - `2024-10-28`	3 months	crt.sh
a.omappapi.com R10	`2024-08-08` - `2024-11-06`	3 months	crt.sh
omappapi.com WE1	`2024-08-14` - `2024-11-12`	3 months	crt.sh
trk.techtarget.com WE1	`2024-07-23` - `2024-10-21`	3 months	crt.sh
abm-tracking.demandscience.com R10	`2024-08-14` - `2024-11-12`	3 months	crt.sh
tmp.argusplatform.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2024-04-23` - `2024-10-23`	6 months	crt.sh
*.mathtag.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-04-23` - `2025-04-30`	a year	crt.sh
*.mountain.com Go Daddy Secure Certificate Authority - G2	`2024-05-23` - `2025-06-24`	a year	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-25` - `2025-06-24`	a year	crt.sh
*.inzynk.io Amazon RSA 2048 M02	`2024-01-07` - `2025-02-04`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2024-02-14` - `2025-03-16`	a year	crt.sh
metrics.fortinet.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-26` - `2025-01-25`	a year	crt.sh
intentstream.contanuity.com E6	`2024-08-15` - `2024-11-13`	3 months	crt.sh
*.jsdelivr.net Sectigo RSA Domain Validation Secure Server CA	`2024-05-04` - `2025-05-04`	a year	crt.sh
pixels.argusplatform.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2024-04-22` - `2024-10-22`	6 months	crt.sh
tracking.contanuity.com R11	`2024-07-13` - `2024-10-11`	3 months	crt.sh
ibc-flow.techtarget.com WR3	`2024-08-28` - `2024-11-26`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-06-14` - `2024-09-12`	3 months	crt.sh
siteimproveanalytics.com WE1	`2024-08-19` - `2024-11-17`	3 months	crt.sh
t.co E6	`2024-07-31` - `2024-10-29`	3 months	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-09` - `2024-11-07`	a year	crt.sh
52.71.121.170 Sectigo RSA Domain Validation Secure Server CA	`2024-01-24` - `2025-02-12`	a year	crt.sh
event-horizon.gcp.bomm.in WR3	`2024-08-21` - `2024-11-19`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
*.global.r1.siteimproveanalytics.io Amazon RSA 2048 M02	`2024-09-02` - `2025-10-01`	a year	crt.sh
webtracker.argusplatform.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2024-04-23` - `2024-10-23`	6 months	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-08-27` - `2025-02-27`	6 months	crt.sh

This page contains 8 frames:

Primary Page: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
Frame ID: 3E5C839AB5E9FD7C26C688AACBD1BBEB
Requests: 191 HTTP requests in this frame

Frame: https://fortinet.demdex.net/dest5.html?d_nsid=0
Frame ID: 3F465E6B8B478A88D6A1BBF31279C7CC
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/ga/rul?tid=G-WW0XD247FL&gacid=949312111.1725524616&gtm=45be4930v9123037237za200zb9191763579&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=0&z=394262542
Frame ID: 8473DA5DD4F395064F4CCB5CD94AB9A8
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/662878185?random=1725524616234&cv=11&fst=1725524616234&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4930v887005625za200zb9191763579&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&hn=www.googleadservices.com&frm=0&tiba=Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=1398769009.1725524616&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dpage_view
Frame ID: 47903CE1D86939C83169BE4EFDF53549
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/609297413?random=1725524616306&cv=11&fst=1725524616306&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4930za200zb9191763579&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&hn=www.googleadservices.com&frm=0&tiba=Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=1398769009.1725524616&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dpage_view
Frame ID: 5B55AC6F84E8A5413209115201AD072A
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=10050195;npa=0;auiddc=1398769009.1725524616;ps=1;pcor=1751192483;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4930v9185241837za200zb9191763579;gcd=13l3l3l3l1l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue
Frame ID: 3EEFA895FE64A2409EE4B69DD7826023
Requests: 1 HTTP requests in this frame

Frame: https://td.doubleclick.net/td/rul/729495989?random=1725524616460&cv=11&fst=1725524616460&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4930za200zb9191763579&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&hn=www.googleadservices.com&frm=0&tiba=Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=1398769009.1725524616&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dpage_view
Frame ID: 109D72CFB687526664AD26771895099E
Requests: 1 HTTP requests in this frame

Frame: https://10104846.fls.doubleclick.net/activityi;dc_pre=CKWLzI-wq4gDFR-oywEd7-8n6g;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=${GDPR};gdpr_consent=${GDPR_CONSENT_755};ord=5672558153182.832?
Frame ID: 2182ECAEB2153EF891363F4157899724
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Emansrepo Stealer: Multi-Vector Attack Chains | FortiGuard Labs

Detected technologies

Adobe Experience Manager (CMS) Expand

Overall confidence: 100%
Detected patterns

/etc/designs/
/etc\.clientlibs/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Crazy Egg (Analytics) Expand

Overall confidence: 100%
Detected patterns

script\.crazyegg\.com/pages/scripts/\d+/\d+\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

FingerprintJS (JavaScript libraries) Expand

Overall confidence: 100%
Detected patterns

/fingerprintjs@(\d)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

TrackJs (Analytics) Expand

Overall confidence: 100%
Detected patterns

tracker\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

201
Requests

83 %
HTTPS

0 %
IPv6

63
Domains

91
Subdomains

72
IPs

3
Countries

3826 kB
Transfer

7839 kB
Size

122
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://training.fortinet.com/local/staticpage/view.php?page=fcf_cybersecurity
Title: Fortinet Cybersecurity Fundamentals (FCF) training

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/fortinet

Search URL Search Domain Scan URL

URL: https://www.twitter.com/fortinet

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCJHo4AuVomwMRzgkA5DQEOA?sub_confirmation=1

Search URL Search Domain Scan URL

URL: https://www.instagram.com/fortinet/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/fortinet

Search URL Search Domain Scan URL

URL: https://fortiguard.com/
Title: FortiGuard Labs

Search URL Search Domain Scan URL

URL: https://community.fortinet.com/
Title: Fortinet Community

Search URL Search Domain Scan URL

URL: https://investor.fortinet.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://onetrust.com/poweredbyonetrust

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 40

https://cm.everesttech.net/cm/dd?d_uuid=51336370114449419754469918940156614427 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZtlqhwAAAFcpHgNw

Request Chain 79

https://um.simpli.fi/smaato HTTP 302
https://s.ad.smaato.net/c/?dspInit=1001136&dspCookie=5EBF1F4FA8014B33BE8B3DBD85B87EAC HTTP 302
https://cs.lkqd.net/cs?partnerId=109&partnerUserId=80a46442f0&gdpr=0&gdpr_consent=

Request Chain 80

https://um.simpli.fi/nexxen HTTP 302
https://sync.1rx.io/usersync/simplifi/5EBF1F4FA8014B33BE8B3DBD85B87EAC

Request Chain 81

https://um.simpli.fi/triplelift HTTP 302
https://eb2.3lift.com/xuid?mid=7969&xuid=5EBF1F4FA8014B33BE8B3DBD85B87EAC&dongle=yf3 HTTP 302
https://eb2.3lift.com/xuid?ld=1&mid=7969&xuid=5EBF1F4FA8014B33BE8B3DBD85B87EAC&dongle=yf3&gdpr=0&cmp_cs=&us_privacy=

Request Chain 82

https://um.simpli.fi/telaria_p HTTP 302
https://simplifi.partners.tremorhub.com/sync?UISF=5EBF1F4FA8014B33BE8B3DBD85B87EAC

Request Chain 83

https://um.simpli.fi/tapad HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=2305&partner_device_id=5EBF1F4FA8014B33BE8B3DBD85B87EAC HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=5EBF1F4FA8014B33BE8B3DBD85B87EAC

Request Chain 84

https://um.simpli.fi/ad_advisor HTTP 302
https://aa.agkn.com/adscores/g.pixel?sid=9201915418&sifi_uid=5EBF1F4FA8014B33BE8B3DBD85B87EAC HTTP 302
https://d.agkn.com/pixel/10751/?che=1725524616314&ip=45.13.235.43&l1=https%3A%2F%2Fum.simpli.fi%2Faa_px%3Fsk%3D212520604996006897275 HTTP 302
https://um.simpli.fi/aa_px?sk=212520604996006897275 HTTP 302
https://um.simpli.fi/empty.gif

Request Chain 85

https://um.simpli.fi/intentiq HTTP 302
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=5EBF1F4FA8014B33BE8B3DBD85B87EAC HTTP 302
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=5EBF1F4FA8014B33BE8B3DBD85B87EAC&ckls=true&ci=3LHeZLPuZj&nc=false&trid=-480174161

Request Chain 86

https://um.simpli.fi/pubmatic HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:5EBF1F4FA8014B33BE8B3DBD85B87EAC

Request Chain 87

https://um.simpli.fi/freewheel HTTP 302
https://ads.stickyadstv.com/user-registering?dataProviderId=753&userId=5EBF1F4FA8014B33BE8B3DBD85B87EAC

Request Chain 88

https://um.simpli.fi/dtnx HTTP 302
https://fei.pro-market.net/engine?du=24;csync=5EBF1F4FA8014B33BE8B3DBD85B87EAC;mimetype=img; HTTP 302
https://fei.pro-market.net/engine?du=24;csync=5EBF1F4FA8014B33BE8B3DBD85B87EAC;mimetype=img;sr HTTP 302
https://sync.smartadserver.com/getuid?url=https%3A%2F%2Ffei.pro-market.net%2Fengine%3Fsite%3D161185%26size%3D1x1%26du%3D36%26csync%3D[sas_uid]

Request Chain 89

https://um.simpli.fi/exelatem HTTP 302
https://loadm.exelator.com/load/?p=204&g=2191&simid=5EBF1F4FA8014B33BE8B3DBD85B87EAC&j=0 HTTP 302
https://loadm.exelator.com/load/?p=204&g=2191&simid=5EBF1F4FA8014B33BE8B3DBD85B87EAC&j=0&xl8blockcheck=1

Request Chain 90

https://um.simpli.fi/yahoo HTTP 302
https://ups.analytics.yahoo.com/ups/55964/sync?uid=5EBF1F4FA8014B33BE8B3DBD85B87EAC HTTP 302
https://ups.analytics.yahoo.com/ups/55964/sync?uid=5EBF1F4FA8014B33BE8B3DBD85B87EAC&verify=true

Request Chain 91

https://um.simpli.fi/beachfront HTTP 302
https://sync.bfmio.com/sync?pid=141&uid=5EBF1F4FA8014B33BE8B3DBD85B87EAC

Request Chain 92

https://um.simpli.fi/bluekai HTTP 302
https://stags.bluekai.com/site/29931?id=5EBF1F4FA8014B33BE8B3DBD85B87EAC

Request Chain 93

https://um.simpli.fi/crwdcntrl HTTP 302
https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=5EBF1F4FA8014B33BE8B3DBD85B87EAC HTTP 302
https://bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/tpid=5EBF1F4FA8014B33BE8B3DBD85B87EAC

Request Chain 94

https://um.simpli.fi/lj_match HTTP 302
https://ce.lijit.com/merge?pid=2&3pid=5EBF1F4FA8014B33BE8B3DBD85B87EAC HTTP 302
https://ce.lijit.com/merge?pid=2&3pid=5EBF1F4FA8014B33BE8B3DBD85B87EAC&dnr=1

Request Chain 95

https://um.simpli.fi/liveramp_match HTTP 302
https://idsync.rlcdn.com/419566.gif?partner_uid=5EBF1F4FA8014B33BE8B3DBD85B87EAC HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CO7NGRIrCicIARDuJBogNUVCRjFGNEZBODAxNEIzM0JFOEIzREJEODVCODdFQUMQABoNCIjV5bYGEgUI6AcQAEIASgA HTTP 307
https://pippio.com/api/sync?pid=5324&it=1&iv=534c41908e633afdae3ea1e70af2a9008f675bce4c5e01bc615b19d0b9e8567e791426b5417dce21&_=2 HTTP 307
https://px.ads.linkedin.com/db_sync?pid=10339&puuid=534c41908e633afdae3ea1e70af2a9008f675bce4c5e01bc615b19d0b9e8567e791426b5417dce21&rand=08520354 HTTP 302
https://px.ads.linkedin.com/db_sync?pid=10339&puuid=534c41908e633afdae3ea1e70af2a9008f675bce4c5e01bc615b19d0b9e8567e791426b5417dce21&rand=08520354&expected_cookie=0650023d-5d9e-458f-a4d7-17d2e2a91493

Request Chain 96

https://www.googleadservices.com/pagead/conversion/1026675585/?random=1725524615418&cv=7&fst=1725524615418&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON HTTP 302
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1026675585/?random=1191705877&cv=7&fst=1725524615418&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgibx7EC&pscrd=IhMIu6u5jrCriAMVhQ5oCB0cJRL7MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5mb3J0aW5ldC5jb20v HTTP 302
https://www.google.com/pagead/1p-conversion/1026675585/?random=1191705877&cv=7&fst=1725524615418&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgibx7EC&pscrd=IhMIu6u5jrCriAMVhQ5oCB0cJRL7MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5mb3J0aW5ldC5jb20v&is_vtc=1&cid=CAQSKQDpaXnfULDr9di70sMYxpmxHQI00U4sqpIyN3o5wrpoMv3HWz5bQd4-&random=1653008605

Request Chain 98

https://um.simpli.fi/an HTTP 302
https://ib.adnxs.com/setuid?entity=66&code=5EBF1F4FA8014B33BE8B3DBD85B87EAC HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3D5EBF1F4FA8014B33BE8B3DBD85B87EAC

Request Chain 99

https://um.simpli.fi/rb_match HTTP 302
https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=5EBF1F4FA8014B33BE8B3DBD85B87EAC&expires=365

Request Chain 100

https://um.simpli.fi/ox_match HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072966&val=5EBF1F4FA8014B33BE8B3DBD85B87EAC HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072966&val=5EBF1F4FA8014B33BE8B3DBD85B87EAC

Request Chain 101

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm&google_sc HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm=&google_sc=&google_tc= HTTP 302
https://um.simpli.fi/g_match?id=&google_gid=CAESEJ1inFYR8J380yeTjYl2Uu4&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=5EBF1F4FA8014B33BE8B3DBD85B87EAC HTTP 302
https://um.simpli.fi/g_match?id=

Request Chain 159

https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=0ac9c017dfdd772893a32ead8dfce3c5_1725524617805 HTTP 303
https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=0ac9c017dfdd772893a32ead8dfce3c5_1725524617805&_bee_ppp=1 HTTP 303
https://tracking.contanuity.com/usersync?bwcookie=AAJP3k7NstUAABWwH3mGQQ

Request Chain 162

https://10104846.fls.doubleclick.net/activityi;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=${GDPR};gdpr_consent=${GDPR_CONSENT_755};ord=5672558153182.832? HTTP 302
https://10104846.fls.doubleclick.net/activityi;dc_pre=CKWLzI-wq4gDFR-oywEd7-8n6g;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=${GDPR};gdpr_consent=${GDPR_CONSENT_755};ord=5672558153182.832?

Request Chain 182

https://idsync.rlcdn.com/395886.gif?partner_uid=3646791828645085185 HTTP 307
https://ml314.com/csync.ashx?fp=7ce8ec73a1af6872bc0b67023e393cf8b72d081daacab73203d8ce95d57283e5f4cb09cee1a4f8eb&person_id=3646791828645085185&eid=50082

Request Chain 183

https://match.adsrvr.org/track/cmf/generic?ttd_pid=d0tro1j&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=d0tro1j&ttd_tpi=1 HTTP 302
https://ml314.com/utsync.ashx?eid=53819&et=0&fp=cba7ae33-aeae-449e-87f0-ef5677e84624&gdpr=0&gdpr_consent=

Request Chain 184

https://sync.crwdcntrl.net/map/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3646791828645085185 HTTP 302
https://ml314.com/csync.ashx?fp=d2a5c56c6266c141d0a3cc830f4a44ca&eid=50146&person_id=3646791828645085185

Request Chain 185

https://ps.eyeota.net/pixel?pid=r8hrb20&t=gif HTTP 302
https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif HTTP 302
https://ml314.com/utsync.ashx?eid=50052&et=0&fp=2eIn36uqyDq8GNN9--k327s9fHq40EO95gddpbgED9gw&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3Dr8hrb20%26uid%3Dnil%26referrer_pid%3Dr8hrb20 HTTP 302
https://ml314.com/csync.ashx?fp=2eIn36uqyDq8GNN9--k327s9fHq40EO95gddpbgED9gw&person_id=3646791828645085185&eid=50052&return=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3Dr8hrb20%26uid%3Dnil%26referrer_pid%3Dr8hrb20 HTTP 302
https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20

Request Chain 187

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050%2C4628290&time=1725524619137&li_adsId=fafd0075-a748-407e-9c07-3168e293b117&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7120%252C2159050%252C4628290%26time%3D1725524619137%26li_adsId%3Dfafd0075-a748-407e-9c07-3168e293b117%26url%3Dhttps%253A%252F%252Fwww.fortinet.com%252Fblog%252Fthreat-research%252Femansrepo-stealer-multi-vector-attack-chains%253F%2526web_view%253Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050%2C4628290&time=1725524619137&li_adsId=fafd0075-a748-407e-9c07-3168e293b117&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&liSync=true

Request Chain 193

https://match.adsrvr.org/track/cmf/generic?ttd_pid=steelhouse&ttd_tpi=1&ttd_puid=27905eb6-6b60-11ef-88e8-b7ae7e2bf7f9&gdpr=&gdpr_consent= HTTP 302
https://px.steelhousemedia.com/tdsync?tdid=cba7ae33-aeae-449e-87f0-ef5677e84624&shguid=27905eb6-6b60-11ef-88e8-b7ae7e2bf7f9

Request Chain 194

https://insight.adsrvr.org/track/evnt/?adv=6s0zaeu&ct=0:0bi0elf&fmt=3 HTTP 302
https://usermatch.krxd.net/um/v2?partner=ttd&partner_uid=ttd&gdpr=0&gdpr_consent=&ttd_tdid=cba7ae33-aeae-449e-87f0-ef5677e84624

201 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request emansrepo-stealer-multi-vector-attack-chains Show response
www.fortinet.com/blog/threat-research/ 71 KB
20 KB 511ms
145ms Document
text/html 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

7844854a2c3fa8ec3edf34d6e3dcaeb1a65c271f4b3c5aa379e5c8704fe6d97f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Age: 156193
Cache-Control: max-age=600, public, s-maxage=10800
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 19385
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Type: text/html;charset=utf-8
Date: Thu, 05 Sep 2024 08:23:28 GMT
ETag: "11d7e-62136a3c5ebb5-gzip"
Last-Modified: Tue, 03 Sep 2024 13:00:19 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
Via: 1.1 0bdcc10f69b746cb367ceb51e88a3d1c.cloudfront.net (CloudFront)
X-Amz-Cf-Id: RdkYG2zvdppjJzje0R46JEXeU5wA8lwmVEZjQxAl8_9nwPXaeZkwZQ==
X-Amz-Cf-Pop: IAD61-P2
X-Cache: Hit from cloudfront
X-Content-Type-Options: nosniff
X-Dispatcher: dispatcher2uswest1-28559771
X-Frame-Options: SAMEORIGIN
X-Vhost: publish
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK visitorapi.min.js Show response
www.fortinet.com/etc/designs/fortinet/adb-target/ 64 KB
30 KB 363ms
141ms Script
application/javascript 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc/designs/fortinet/adb-target/visitorapi.min.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

0f03d4ff929986a3cde83681fd2560eae544f7138f59945ec6ec32c17800ca91

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Thu, 05 Sep 2024 08:20:14 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Encoding: gzip
Via: 1.1 0bdcc10f69b746cb367ceb51e88a3d1c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
X-Vhost: publish
X-Cache: Hit from cloudfront
Age: 3582509
Connection: keep-alive
Content-Length: 29532
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 15 Feb 2024 21:43:32 GMT
Server: Apache
ETag: "fe2d-6117284c96900-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: xO__R6KfFjT09kFgR34bFUX5oC5sfIe0GjHLU5GNUXjEirDnDOs46w==

GET
H/1.1 200
OK at.js Show response
www.fortinet.com/etc/designs/fortinet/adb-target/ 104 KB
48 KB 380ms
133ms Script
application/javascript 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc/designs/fortinet/adb-target/at.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

db058d72d7ba8ff6ed7209af23a4458c373cc78f72c81ec1df88bb5de72a0b0b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Sat, 31 Aug 2024 22:42:22 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Encoding: gzip
Via: 1.1 1ffcb4016d0c1224c9505d74a866e6a8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
X-Vhost: publish
X-Cache: Hit from cloudfront
Age: 380471
Connection: keep-alive
Content-Length: 47782
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 21 Mar 2024 20:59:39 GMT
Server: Apache
ETag: "19e83-61431fc4b24c0-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: BDCf60jeZIcA3Ab3wxEYgsMTIfWjHorckZuQ2abjB4qTag_SeZOP2Q==

GET
H/1.1 200
OK clientlib-base.min.900b148ab7b87024003111a1245cca9c.css
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/ 540 KB
28 KB 192ms
140ms Stylesheet
text/css 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.900b148ab7b87024003111a1245cca9c.css

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

94633716497a85d800b6e573953942c4cfe483c0dbd68fa97fd01dd97ced5d66

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Thu, 05 Sep 2024 08:23:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Encoding: gzip
Via: 1.1 0bdcc10f69b746cb367ceb51e88a3d1c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
X-Vhost: publish
X-Cache: Hit from cloudfront
Age: 3850491
Connection: keep-alive
Content-Length: 27478
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 20 Jun 2024 21:00:07 GMT
Server: Apache
ETag: "86e1b-61b58998583c0-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: text/css;charset=utf-8
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: XpoR9c5vK3jctb8fKyMOnobWrYr1Wug8Q6q80jUPccm4fMqew64jJA==

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 258ms
93ms Script
application/javascript 104.18.86.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.86.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

50377d1d3e7dcb2c8298feb8d2505099df1957e3700a358b993b4cf443fd36e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 05 Sep 2024 08:23:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: p+39a+/XEcZfNKybQjgXjA==
age: 33890
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6882
x-ms-lease-status: unlocked
last-modified: Tue, 03 Sep 2024 16:39:46 GMT
server: cloudflare
etag: 0x8DCCC37056A183D
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 225937f4-d01e-0086-0131-fec758000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8be4d1603a3909f5-LAS

GET
H/1.1 200
OK fortinet-logo-white.svg
www.fortinet.com/content/dam/fortinet-blog/ 32 KB
3 KB 384ms
133ms Image
image/svg+xml 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/fortinet-logo-white.svg

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Thu, 05 Sep 2024 08:23:29 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Encoding: gzip
Via: 1.1 d45137f973d454db77c647196f56613a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
X-Vhost: publish
X-Cache: Hit from cloudfront
Age: 32728932
Content-Disposition: attachment; filename="fortinet-logo-white.svg"
Connection: keep-alive
Content-Length: 1998
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 22 Feb 2018 23:16:01 GMT
Server: Apache
ETag: "7ebb-565d53a1d6e40-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: 9OQG0FeV0SxZLObCdJvpSlJ2ltDHQ4Wvz4Ki_gzrgfxdFM85rCyAow==

GET
H/1.1 200
OK toc-icon.jpg
www.fortinet.com/content/dam/fortinet/images/ 1 KB
3 KB 386ms
133ms Image
image/jpeg 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet/images/toc-icon.jpg

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

370df1cc8999c1e03fc1c5f7ced35334513d19233d1fc79d2c1c7f711361565d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Thu, 05 Sep 2024 08:18:01 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 d45137f973d454db77c647196f56613a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 25541349
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 1277
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 14 Nov 2023 17:34:13 GMT
Server: Apache
ETag: "4fd-60a2031eb4f40"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: wkhpZDynrRfRt5P0m_rdOojWhA_k5CHIuTzGdkhHVULbA09Elxnqtg==

GET
H/1.1 200
OK clientlib-base.min.ba4f082a77dabb2c6baf715d9eb61c22.js Show response
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/ 160 KB
74 KB 142ms
141ms Script
application/javascript 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.ba4f082a77dabb2c6baf715d9eb61c22.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

7b1e74dd6970b56853dfd79e59ba73315051b0c59a69c6a9fd87e515650fdc80

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Fri, 30 Aug 2024 16:59:20 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Encoding: gzip
Via: 1.1 aa77c72923f68604fa8f6f77bfdaa2dc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
X-Vhost: publish
X-Cache: Hit from cloudfront
Age: 487453
Connection: keep-alive
Content-Length: 74768
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 11 Jul 2024 20:57:37 GMT
Server: Apache
ETag: "28100-61cff033f9240-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript;charset=utf-8
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: dqKvMjmKSoTiCidz03r8n2VZO7N1F4c423BPeDYMAh6GXzjYJ8LGwA==

GET
H2 200 f85f39fc-d7aa-467a-b762-fbb722748016.json Show response
cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/ 5 KB
2 KB 265ms
103ms XHR
application/x-javascript 104.18.86.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/f85f39fc-d7aa-467a-b762-fbb722748016.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.86.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8998282f5a80fff5eaafdbd457dd7a81af0cd7c8696bfe032a6aeef8fe67f99f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 05 Sep 2024 08:23:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 35882
content-md5: Uj3iBUKm1Vl2g2NHq67V+w==
content-length: 1792
x-ms-lease-status: unlocked
last-modified: Thu, 28 Dec 2023 19:56:54 GMT
server: cloudflare
etag: 0x8DC07DF23DF5130
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 964c1177-301e-008d-4857-790e51000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8be4d161e9860a01-LAS
expires: Fri, 06 Sep 2024 08:23:33 GMT

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK emansrepo-hero.png
www.fortinet.com/content/dam/fortinet-blog/article-heros/ 339 KB
341 KB 142ms
141ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/article-heros/emansrepo-hero.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

4e32f92e3b5f92f612eeb1b1eb5a306f82ed9c0de06e6e720fe63bef05645a63

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 03 Sep 2024 13:01:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 ded2db8c78a1ad7377261200a0bb44fa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 156144
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 347290
X-XSS-Protection: 1; mode=block
Last-Modified: Sat, 31 Aug 2024 00:05:34 GMT
Server: Apache
ETag: "54c9a-620ef7779af80"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: Oei_6CUgbmtkhoylyiPT2Oj8f8_Iww4nOCUN0fDNGh1rTz4JOWPtvg==

GET
H/1.1 200
OK underground-thumbnail.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-heros/ 39 KB
41 KB 140ms
139ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/article-heros/underground-thumbnail.png.thumb.319.319.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

65865fa1f3eaefb3c3c8b0ac41aa3230698ca25012dca027616b6183d6489afd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 03 Sep 2024 13:01:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 0bdcc10f69b746cb367ceb51e88a3d1c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 156140
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 40340
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 30 Aug 2024 02:10:14 GMT
Server: Apache
ETag: "9d94-620dd177a0d80"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: mzmiCUuKAtuVsz2ZCLKGkFufCy3TYeLGKTEuPNXCx4Y1PzZmgpUFWA==

GET
H/1.1 200
OK snake-keylogger-thumbnail.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-heros/ 48 KB
50 KB 135ms
135ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/article-heros/snake-keylogger-thumbnail.png.thumb.319.319.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

60508fca4a54390790c68f6ec949502d38dbf037230c8e5cfa972b134d68a24c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 03 Sep 2024 13:01:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 d45137f973d454db77c647196f56613a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 239567
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 49632
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 28 Aug 2024 00:05:21 GMT
Server: Apache
ETag: "c1e0-620b31d2d3240"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: R3mOPJIXe_SPfAcm8s-mU_PBByUQw-6Xt0af2RsoNGgsh_xncK1Sew==

GET
H/1.1 200
OK vrat24-thumbnail.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-heros/ 45 KB
47 KB 126ms
126ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/article-heros/vrat24-thumbnail.png.thumb.319.319.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

519c51ffa830c7d2747f3deae567a700c61d49aa95e63111a4701b1ee2065f88

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Wed, 28 Aug 2024 13:05:04 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 1ffcb4016d0c1224c9505d74a866e6a8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 674417
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 46537
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 13 Aug 2024 18:50:15 GMT
Server: Apache
ETag: "b5c9-61f95148347c0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: Ta8EF1gXOw7S9KO8en2EAtt2VoOw10Iml1LxBYwJWVIgbwfkngZCnQ==

GET
H/1.1 200
OK UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
www.fortinet.com/etc/designs/fortinet/gfonts/ 37 KB
38 KB 137ms
129ms Font
application/octet-stream 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc/designs/fortinet/gfonts/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.900b148ab7b87024003111a1245cca9c.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

b97c99a69a6275c8f90703cd4c0864089a74fd08383a1cc75a8a4d0c2cb60cce

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.900b148ab7b87024003111a1245cca9c.css
Origin: https://www.fortinet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Sat, 31 Aug 2024 18:42:12 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 d45137f973d454db77c647196f56613a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 394881
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 37716
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 18 May 2022 21:08:06 GMT
Server: Apache
ETag: "9354-5df4fa74ff980"
X-Frame-Options: SAMEORIGIN
Content-Type: application/octet-stream
Cache-Control: max-age=2000000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: L3w4RrSztERWziJm6cmWpCN4jldbVvD3ACC6zNWitNhqre6pIbBRPQ==

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 65 B
300 B 262ms
96ms XHR
application/json 172.64.155.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.155.119 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8f111bc178f111a8a4f4e3fc8a0fd591cdbfb4e79059bac3026ad220694005ed

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 8be4d1639a4909f7-LAS
access-control-allow-headers: Content-Type

GET
H/1.1 200
OK fig01-emansrepo-attack-flow.png
www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains/_jcr_content/root/responsivegrid/table_content/par/image.img.png/1725061640105/ 43 KB
45 KB 131ms
131ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains/_jcr_content/root/responsivegrid/table_content/par/image.img.png/1725061640105/fig01-emansrepo-attack-flow.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

42d156c4b4e8abba51629a7ab1190764fcb1e1b4cea16a4312f9277798f637fd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Wed, 04 Sep 2024 13:03:13 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 aa77c72923f68604fa8f6f77bfdaa2dc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 156140
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 44276
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 30 Aug 2024 23:47:20 GMT
Server: Apache
ETag: "acf4-620ef36449200"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: NFv7_Jvp6r7TeNYE9QooNdGLcOqb9rWGwRn_1k0rK1uBiu5FQtG8oQ==

GET
H/1.1 200
OK fig02-emansrepo-download-linnk.png
www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains/_jcr_content/root/responsivegrid/table_content/par/image_1853137724.img.png/1725061680309/ 95 KB
97 KB 139ms
138ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains/_jcr_content/root/responsivegrid/table_content/par/image_1853137724.img.png/1725061680309/fig02-emansrepo-download-linnk.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

29e9c208e6c64431d22659befba8a26fc57d7d6bdef46569cf6342dcec64a560

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 03 Sep 2024 13:01:52 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 0bdcc10f69b746cb367ceb51e88a3d1c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 156101
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 97683
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 30 Aug 2024 23:48:00 GMT
Server: Apache
ETag: "17d93-620ef38a6ec00"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: gDvagPkiPzjecYASyZSomBdxWQ4i3FKvM1S2LuV-aB-oVgE8XLSXeA==

GET
H/1.1 200
OK fig03-emansrepo-attack-flow-august-july.png
www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains/_jcr_content/root/responsivegrid/table_content/par/image_684845233.img.png/1725061695091/ 80 KB
81 KB 149ms
127ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains/_jcr_content/root/responsivegrid/table_content/par/image_684845233.img.png/1725061695091/fig03-emansrepo-attack-flow-august-july.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

cfc976fb91d959f5f04f5346aa60ab1e1d967e1ae45df6e5ee37c10722a31455

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 03 Sep 2024 13:01:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 d45137f973d454db77c647196f56613a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 156100
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 81566
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 30 Aug 2024 23:48:15 GMT
Server: Apache
ETag: "13e9e-620ef398bcdc0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: FnWKw8En7hoI5CCWlMlYJHS577XZqUVPg8Vb0-rcpaNwLMK5w_NQfw==

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK fig04-emansrepo-phishing-mail.png
www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains/_jcr_content/root/responsivegrid/table_content/par/image_1625202225.img.png/1725061711838/ 125 KB
127 KB 131ms
131ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains/_jcr_content/root/responsivegrid/table_content/par/image_1625202225.img.png/1725061711838/fig04-emansrepo-phishing-mail.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

e586b7d3b7e33d9b545ed9f0f9d07977263ced596dfb6a6fb44b51bb3f1cccd5

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 03 Sep 2024 13:01:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 d45137f973d454db77c647196f56613a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 156100
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 128215
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 30 Aug 2024 23:48:31 GMT
Server: Apache
ETag: "1f4d7-620ef3a7ff1c0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: v8KLHTsG8GHhU8gOzq15wm7cc3WxL2BXv-yKR_VOg8_aeLwUtq1b8Q==

GET
H/1.1 200
OK fig05-emansrepo-source-code.png
www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains/_jcr_content/root/responsivegrid/table_content/par/image_1619296131.img.png/1725061737289/ 146 KB
147 KB 125ms
124ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains/_jcr_content/root/responsivegrid/table_content/par/image_1619296131.img.png/1725061737289/fig05-emansrepo-source-code.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

650775e181c10044ffe36f84754d568229f3330b579f3cb88adc49556279e645

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 03 Sep 2024 13:01:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 1ffcb4016d0c1224c9505d74a866e6a8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 156140
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 149351
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 30 Aug 2024 23:48:57 GMT
Server: Apache
ETag: "24767-620ef3c0cac40"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: sJlGeEclgenq5aceNgYGoDXPavFY0pb8iSxf1HCvMwYlPxyj32JKHg==

GET
H/1.1 200
OK fig06-emansrepo-autoit-script.png
www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains/_jcr_content/root/responsivegrid/table_content/par/image_904906495.img.png/1725062317651/ 95 KB
97 KB 131ms
130ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains/_jcr_content/root/responsivegrid/table_content/par/image_904906495.img.png/1725062317651/fig06-emansrepo-autoit-script.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

cb9dcd01ab0b09c31bb9a3c89a5dcf1c29451a41a176b539ee3ff05df3347e6f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 03 Sep 2024 13:01:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 aa77c72923f68604fa8f6f77bfdaa2dc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 156140
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 97587
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 30 Aug 2024 23:58:37 GMT
Server: Apache
ETag: "17d33-620ef5e9ec540"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: jbfjEhYFVMHVXo5rVumbTZ2xIrdXwjzKuZqlqlF4b1TrqY0Kr9tZdw==

GET
H/1.1 200
OK fig07-emansrepo-phishing-mail-chain-2.png
www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains/_jcr_content/root/responsivegrid/table_content/par/image_1974412877.img.png/1725062331916/ 87 KB
88 KB 138ms
137ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains/_jcr_content/root/responsivegrid/table_content/par/image_1974412877.img.png/1725062331916/fig07-emansrepo-phishing-mail-chain-2.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

ba8f225c17e1130812e2f74f3a5f8f01a94fa0aea0f815e1c06c6505e26187a8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 03 Sep 2024 13:01:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 ded2db8c78a1ad7377261200a0bb44fa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 156140
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 88863
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 30 Aug 2024 23:58:51 GMT
Server: Apache
ETag: "15b1f-620ef5f7464c0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: bQozosObq8iSgzsU3ssvaVfyOja78bLwPCsdWD1rqvmmwKO2W0FxJA==

GET
H/1.1 200
OK fig08-emansrepo-decryption-algo.png
www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains/_jcr_content/root/responsivegrid/table_content/par/image_1804242722.img.png/1725062350226/ 154 KB
155 KB 138ms
137ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains/_jcr_content/root/responsivegrid/table_content/par/image_1804242722.img.png/1725062350226/fig08-emansrepo-decryption-algo.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

280fd339ad1171cff9dcff91030a2e3c5745256398873f972055100232ac60bd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 03 Sep 2024 13:01:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 0bdcc10f69b746cb367ceb51e88a3d1c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 156099
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 157751
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 30 Aug 2024 23:59:10 GMT
Server: Apache
ETag: "26837-620ef60964f80"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: DdqgWs-LVWbmnNSdiKtwA5TiOEpUstYS2Tci5I3SuwgMOy2oHpy5ww==

GET
H/1.1 200
OK fig09-emansrepo-script-ps1.png
www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains/_jcr_content/root/responsivegrid/table_content/par/image_579709247.img.png/1725062365405/ 47 KB
48 KB 127ms
126ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains/_jcr_content/root/responsivegrid/table_content/par/image_579709247.img.png/1725062365405/fig09-emansrepo-script-ps1.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

699fc0f99797d942c6616f51960b325ab291dec6a181332b4f21cc79fce59d7e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 03 Sep 2024 13:01:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 d45137f973d454db77c647196f56613a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 156140
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 47632
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 30 Aug 2024 23:59:25 GMT
Server: Apache
ETag: "ba10-620ef617b3140"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: ik822GOMjpWg5_2X3dl5v5RGFFQnmO23regq1ajB10Bf1Xk3I0dHxA==

GET
H/1.1 200
OK fig10-emansrepo-phishing-mail-chain-3.png
www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains/_jcr_content/root/responsivegrid/table_content/par/image_1331762575.img.png/1725062381381/ 65 KB
66 KB 130ms
129ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains/_jcr_content/root/responsivegrid/table_content/par/image_1331762575.img.png/1725062381381/fig10-emansrepo-phishing-mail-chain-3.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

fbf046a4f8f145054e3eba18a9528da6030f9f248f2cc96345176a718e5051d3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 03 Sep 2024 13:01:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 d45137f973d454db77c647196f56613a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 156099
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 66608
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 30 Aug 2024 23:59:41 GMT
Server: Apache
ETag: "10430-620ef626f5540"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: Ha2pXvj5B9ac0gnF5VosBu1Z88oMcTgNyaqnULyd7tHuxQk_hqJcSw==

GET
H/1.1 200
OK fig11-emansrepo-obfuscated-batch-file.png
www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains/_jcr_content/root/responsivegrid/table_content/par/image_1090275243.img.png/1725062395945/ 177 KB
178 KB 125ms
125ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains/_jcr_content/root/responsivegrid/table_content/par/image_1090275243.img.png/1725062395945/fig11-emansrepo-obfuscated-batch-file.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

ff195814cf18ad4db43709ce4a836078368cf1262384eea3664fc0ffc6f7bcce

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 03 Sep 2024 13:01:55 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 1ffcb4016d0c1224c9505d74a866e6a8.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 156139
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 181010
X-XSS-Protection: 1; mode=block
Last-Modified: Fri, 30 Aug 2024 23:59:55 GMT
Server: Apache
ETag: "2c312-620ef6344f4c0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: IgbDLXBC4bo21UcIshX4L6B_K0KsW5LTmAtdPhSX74KTO_ipVKOvQg==

GET
H/1.1 200
OK fig12-emansrepo-deobfuscated-batch-file.png
www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains/_jcr_content/root/responsivegrid/table_content/par/image_504141706.img.png/1725062425850/ 80 KB
81 KB 130ms
130ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains/_jcr_content/root/responsivegrid/table_content/par/image_504141706.img.png/1725062425850/fig12-emansrepo-deobfuscated-batch-file.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

741fb3582ff36b968944a0a851a8ae823a82c25277d2542539211e4f11cbed72

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 03 Sep 2024 13:01:55 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 aa77c72923f68604fa8f6f77bfdaa2dc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 156098
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 81630
X-XSS-Protection: 1; mode=block
Last-Modified: Sat, 31 Aug 2024 00:00:25 GMT
Server: Apache
ETag: "13ede-620ef650eb840"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: UVtJVTnoi-i4FycJK0ZIOgazbG2DHmBMuQIvQW4Y5V--AfyK3B7ahw==

GET
H/1.1 200
OK fig13-emansrepo-content-saved-pws.png
www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains/_jcr_content/root/responsivegrid/table_content/par/image_1295924766.img.png/1725062457757/ 53 KB
54 KB 137ms
136ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains/_jcr_content/root/responsivegrid/table_content/par/image_1295924766.img.png/1725062457757/fig13-emansrepo-content-saved-pws.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

4748d8ba70e19bee66f12a8c53294eded94e972cbfd6ac864beae7a6b971166d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 03 Sep 2024 13:01:55 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 ded2db8c78a1ad7377261200a0bb44fa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 156139
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 54097
X-XSS-Protection: 1; mode=block
Last-Modified: Sat, 31 Aug 2024 00:00:57 GMT
Server: Apache
ETag: "d351-620ef66f70040"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: YNDecbeUsvOBoo5NEzeW3tqkj-GxNmvaLSq2uzGVYqk2fCPWTwUjLg==

GET
H/1.1 200
OK fig14-emansrepo-variant-first-edition.png
www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains/_jcr_content/root/responsivegrid/table_content/par/image_668020563.img.png/1725062481280/ 155 KB
156 KB 128ms
127ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains/_jcr_content/root/responsivegrid/table_content/par/image_668020563.img.png/1725062481280/fig14-emansrepo-variant-first-edition.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

fed8a09fe38bfaa2fb439570ea6ddd76e55d08a5c9021862e9bbafc4b0f6e9f8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 03 Sep 2024 13:01:56 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 d45137f973d454db77c647196f56613a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 156139
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 158728
X-XSS-Protection: 1; mode=block
Last-Modified: Sat, 31 Aug 2024 00:01:21 GMT
Server: Apache
ETag: "26c08-620ef68653640"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: jvv1Sd9qO89P9xL1J-XQEdO7nj3HyN94zwevlSimbX5Vj10Lejlx7w==

GET
H/1.1 200
OK fig15-emansrepo-email-python-infostealer.png
www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains/_jcr_content/root/responsivegrid/table_content/par/image_1065073578.img.png/1725062500135/ 111 KB
112 KB 138ms
137ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains/_jcr_content/root/responsivegrid/table_content/par/image_1065073578.img.png/1725062500135/fig15-emansrepo-email-python-infostealer.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

5de24f6905efe766e86335f914ac029e3dbd4426a173cdefab7f51adfc5b264d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 03 Sep 2024 13:01:56 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 0bdcc10f69b746cb367ceb51e88a3d1c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 156098
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 113452
X-XSS-Protection: 1; mode=block
Last-Modified: Sat, 31 Aug 2024 00:01:40 GMT
Server: Apache
ETag: "1bb2c-620ef69872100"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: d1sePv196-JdfU4TlFFUjka6Vb-F0hWGwMaog5fLG11x8uD_O3R9Kg==

GET
H/1.1 200
OK fig16-emansrepo-attack-flow-remcos-campaign.png
www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains/_jcr_content/root/responsivegrid/table_content/par/image_497168457.img.png/1725062513116/ 23 KB
24 KB 131ms
131ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains/_jcr_content/root/responsivegrid/table_content/par/image_497168457.img.png/1725062513116/fig16-emansrepo-attack-flow-remcos-campaign.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

24074dc77aeb66572b3e64e277fadac095692c96ff380b4bf38e95258c40810e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 03 Sep 2024 13:01:56 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 d45137f973d454db77c647196f56613a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 156140
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 23116
X-XSS-Protection: 1; mode=block
Last-Modified: Sat, 31 Aug 2024 00:01:53 GMT
Server: Apache
ETag: "5a4c-620ef6a4d7e40"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: i2hijd6ND75LageocaFDJYaXfUxYwpcQK417HLQBbB6WPWEkjjywqA==

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.10.0/ 356 KB
78 KB 89ms
88ms Script
application/javascript 104.18.86.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.86.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a23e0e46e16f067271bc79c92a917c13769848457d16cdf109e4dc04c687e8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 05 Sep 2024 08:23:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Bh9exWOPGIwRshWljrtlEw==
age: 33736
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 79698
x-ms-lease-status: unlocked
last-modified: Thu, 03 Dec 2020 02:43:00 GMT
server: cloudflare
etag: 0x8D89735260901BC
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 5da0eb33-101e-0014-2cda-b5820d000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8be4d1643cb409f5-LAS

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/68cad325-7b77-4fcb-9f98-ba2e81aa9045/ 99 KB
24 KB 100ms
99ms Fetch
application/x-javascript 104.18.86.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/68cad325-7b77-4fcb-9f98-ba2e81aa9045/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.86.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7ad0607daba7c0ddecacb3c696099e761076f147549440a7b3c4baa8f67ddaac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 05 Sep 2024 08:23:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 35883
content-md5: SDJFQYswktbx6w5cJzzMRQ==
content-length: 24004
x-ms-lease-status: unlocked
last-modified: Thu, 28 Dec 2023 19:57:06 GMT
server: cloudflare
etag: 0x8DC07DF2B6F9C71
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 16a02b50-101e-0023-7a72-79a340000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8be4d165cc1d0a01-LAS
expires: Fri, 06 Sep 2024 08:23:34 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/6.10.0/assets/ 13 KB
3 KB 110ms
109ms Fetch
application/json 104.18.86.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.10.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.86.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8cdca3b36914e8a3f56390da71389944579faaae82704e53bd66f9c0387502f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 05 Sep 2024 08:23:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: W9e0YobmEbvdB0V9OmpQkw==
age: 35883
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3329
x-ms-lease-status: unlocked
last-modified: Thu, 03 Dec 2020 02:42:50 GMT
server: cloudflare
etag: 0x8D89735209A34D6
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 9a92e17f-301e-0046-2672-790d04000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8be4d166bcd00a01-LAS

GET
H2 200 otPcTab.json Show response
cdn.cookielaw.org/scripttemplates/6.10.0/assets/v2/ 45 KB
12 KB 90ms
90ms Fetch
application/json 104.18.86.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.10.0/assets/v2/otPcTab.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.86.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f9b2aaabab92d9c63930432351fa3f5aa634fcb5db31b039e23465f8b4bd5a68

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Thu, 05 Sep 2024 08:23:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: zNsRoM1FEmsEgJoYMCNTng==
age: 35883
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 11755
x-ms-lease-status: unlocked
last-modified: Thu, 03 Dec 2020 02:42:53 GMT
server: cloudflare
etag: 0x8D897352245C4EA
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: ecfe8c79-601e-0080-574e-79c685000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8be4d166bcd20a01-LAS

GET
H/1.1 200
OK favicon.ico
www.fortinet.com/etc/designs/fortinet-blog/ 318 B
2 KB 132ms
131ms Other
image/vnd.microsoft.icon 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc/designs/fortinet-blog/favicon.ico

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

d18b3c9feb76c3c1cfdcc51c732f113327e3c33fb3f63b479951f7da6ed1216f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Thu, 05 Sep 2024 08:23:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Encoding: gzip
Via: 1.1 d45137f973d454db77c647196f56613a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
X-Vhost: publish
X-Cache: Hit from cloudfront
Age: 4791702
Connection: keep-alive
Content-Length: 133
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 22 Feb 2018 05:17:28 GMT
Server: Apache
ETag: "13e-565c628eb6a00-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: image/vnd.microsoft.icon
Cache-Control: max-age=2000000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: lOa4pZTGQM7NZ_uvPbl0Gk0guQdBdyXIo4W1qjs1PonN3IuMXGysYg==

GET
H2 200 launch-EN23cb8375449840dc93b13f34d935b8b9.min.js Show response
assets.adobedtm.com/ 508 KB
121 KB 420ms
139ms Script
application/x-javascript 23.45.193.57
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Requested by: Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.193.57 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-193-57.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: ec00d90493322ddab8ed75ca595e3a447e60bc5b1965f94469d4a26bd981f88c

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:34 GMT
content-encoding: gzip
last-modified: Tue, 03 Sep 2024 23:25:55 GMT
server: AkamaiNetStorage
etag: "e16e56e8cbec3ea0d726f6c4c99cceaa:1725405954.943798"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 123451
expires: Thu, 05 Sep 2024 09:23:34 GMT

GET
H2 200 id Show response
dpm.demdex.net/ 367 B
915 B 313ms
106ms XHR
application/json 52.12.178.187
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1725524614311

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/etc/designs/fortinet/adb-target/visitorapi.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.12.178.187 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-12-178-187.us-west-2.compute.amazonaws.com

Software

Resource Hash

ef49cc46ec16ef482616df0ada8e7eb71214134682269e26a223138c59ee9e7d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

dcs: dcs-prod-usw2-2-v061-05ff8976a.edge-usw2.demdex.com 2 ms
pragma: no-cache
date: Thu, 05 Sep 2024 08:23:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-tid: la/pxXW4Rgs=
vary: Origin
content-type: application/json;charset=utf-8
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
access-control-allow-credentials: true
content-length: 309
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 dest5.html
fortinet.demdex.net/ Frame 3F46 0
0 304ms
104ms Document
text/html 44.232.177.153
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://fortinet.demdex.net/dest5.html?d_nsid=0

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/etc/designs/fortinet/adb-target/visitorapi.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.232.177.153 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-232-177-153.us-west-2.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.fortinet.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Thu, 05 Sep 2024 08:23:34 GMT
dcs: dcs-prod-usw2-2-v061-0321aa79a.edge-usw2.demdex.com 0 ms
expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Mon, 19 Aug 2024 12:40:47 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains
vary: accept-encoding
x-tid: GILkV0HPRU8=

GET
H2

200

ibs:dpid=411&dpuuid=ZtlqhwAAAFcpHgNw
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=51336370114449419754469918940156614427
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZtlqhwAAAFcpHgNw

42 B
717 B

108ms
107ms

Image
image/gif

52.12.178.187
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZtlqhwAAAFcpHgNw

Protocol

Server

52.12.178.187 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-12-178-187.us-west-2.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

dcs: dcs-prod-usw2-2-v061-05ff8976a.edge-usw2.demdex.com 2 ms
pragma: no-cache
date: Thu, 05 Sep 2024 08:23:35 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: kEqVAJaZRoM=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZtlqhwAAAFcpHgNw
Date: Thu, 05 Sep 2024 08:23:35 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

POST
H2 200 delivery Show response
fortinet.tt.omtrdc.net/rest/v1/ 7 KB
3 KB 318ms
113ms XHR
application/json 63.140.36.145
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://fortinet.tt.omtrdc.net/rest/v1/delivery?client=fortinet&sessionId=a8d0e3e3d1234626b94e84347e5fdba5&version=2.10.0

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/etc/designs/fortinet/adb-target/at.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.36.145 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-63-140-36-145.data.adobedc.net

Software

jag /

Resource Hash

cb2cb8142acaa6b910a75ae3d13d9977560689d2b99cabb2d48d33acd83ac36d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 05 Sep 2024 08:23:34 GMT
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
server: jag
x-content-type-options: nosniff
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
timing-allow-origin: *
x-xss-protection: 1; mode=block
x-request-id: 959b895e-72c7-4dc4-b1e9-302cc8aba398

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/ 35 KB
13 KB 141ms
140ms Script
application/x-javascript 23.45.193.57
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.193.57 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-193-57.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: b3bce010c0f5a7c24a82ae511194baf67bf8c2cee737a3a118f6b9590d322b15

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:35 GMT
content-encoding: gzip
last-modified: Thu, 01 Aug 2024 06:26:11 GMT
server: AkamaiNetStorage
etag: "d8232f86c8016a8e0acaa7ecfdf72b3e:1722493571.189276"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 13012
expires: Thu, 05 Sep 2024 09:23:35 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/ 3 KB
2 KB 144ms
143ms Script
application/x-javascript 23.45.193.57
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.193.57 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-193-57.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 9a54e6b1253d785972ccaab75a888119d13083bfb1f80343aef9454d5cd5bb6d

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:35 GMT
content-encoding: gzip
last-modified: Thu, 01 Aug 2024 06:26:11 GMT
server: AkamaiNetStorage
etag: "bb4b6453e3ab80111a2b227318d22efb:1722493571.614634"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1597
expires: Thu, 05 Sep 2024 09:23:35 GMT

GET
H3 200 0786.js Show response
script.crazyegg.com/pages/scripts/0117/ 7 KB
3 KB 184ms
97ms Script
text/javascript 104.19.147.8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0117/0786.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.147.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8db92e7cdc1ad40168c42e93b05d842e056d8a5b83ae96b95d2b1c546f828196

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:35 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 44640
cf-polished: origSize=6998
ce-version: 11.5.274
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Wed, 04 Sep 2024 19:58:33 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
cf-ray: 8be4d16c8a687b20-DEN

GET
H2 200 6si.min.js Show response
j.6sc.co/ 68 KB
19 KB 470ms
159ms Script
application/javascript 23.34.59.33
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.34.59.33 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-34-59-33.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

e08bbd8d11326289feff5496edc2ee3d0d7e905fe69ad7612a63dcd6bc6e8313

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:35 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 06 Aug 2024 18:33:23 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "66b26c73-10ff6"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, proxy-revalidate, max-age=10800
accept-ranges: bytes
content-length: 18711
expires: Thu, 05 Sep 2024 11:23:35 GMT

GET
H/1.1 200
OK obtp.js Show response
amplify.outbrain.com/cp/ 28 KB
9 KB 430ms
148ms Script
application/x-javascript 23.45.193.200
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://amplify.outbrain.com/cp/obtp.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.193.200 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-193-200.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 8489534bde4ad3c3cedebecd11b9babe653de6b413922ec2b877c5bfcb33ee3e

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Thu, 05 Sep 2024 08:23:35 GMT
Content-Encoding: gzip
Last-Modified: Mon, 22 Jul 2024 07:46:05 GMT
Server: AkamaiNetStorage
ETag: "7437febf15b08e005ac33eb9fc2707ae:1721634584.416148"
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-RG: NA
Cache-Control: max-age=1200
X-CC: US
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8614
Expires: Thu, 05 Sep 2024 08:43:35 GMT

GET
H2 200 25f2dd15-02c6-4e7a-bc8b-c5722b49624d Show response
tag.simpli.fi/sifitag/ 3 KB
2 KB 331ms
109ms Script
application/javascript 34.171.47.125
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.simpli.fi/sifitag/25f2dd15-02c6-4e7a-bc8b-c5722b49624d
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.171.47.125 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 125.47.171.34.bc.googleusercontent.com
Software: openresty /
Resource Hash: c6bcc71f8a9f5497ccc35e3aa16e00110504488fef71fffea99853274f9d7c86

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:35 GMT
content-encoding: gzip
server: openresty
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
x-request-id: F_JLftGwCUCzurtT9yvC
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 49 KB
14 KB 377ms
112ms Script
application/javascript 150.171.28.10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

150.171.28.10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Thu, 05 Sep 2024 08:23:35 GMT
last-modified: Sat, 13 Jul 2024 20:42:16 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5DBFA518280744738B6207F7FD209BE5 Ref B: SJC211051201033 Ref C: 2024-09-05T08:23:35Z
etag: "044982565d5da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 14183

GET
H2 200 RCac955f2e1e97429197e1e31aaec22e86-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/ 1 KB
941 B 144ms
138ms Script
application/x-javascript 23.45.193.57
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/RCac955f2e1e97429197e1e31aaec22e86-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.193.57 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-193-57.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 3d7e83ca66efbfc6f42c2975c5b4b42618f6cfbed629f7564365869a93b6285d

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:35 GMT
content-encoding: gzip
last-modified: Tue, 03 Sep 2024 23:25:57 GMT
server: AkamaiNetStorage
etag: "be6061a21b6b9b26c4525f8c1718864d:1725405957.109658"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 684
expires: Thu, 05 Sep 2024 09:23:35 GMT

GET
H2 200 RC41e16e9b16d1408cbf43b5b2e7378738-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/ 9 KB
2 KB 144ms
138ms Script
application/x-javascript 23.45.193.57
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/RC41e16e9b16d1408cbf43b5b2e7378738-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.193.57 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-193-57.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 4a5abd98fd6a0d0e6c2c77db16712845786b30184060754fdff35aabbd80e930

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:35 GMT
content-encoding: gzip
last-modified: Tue, 03 Sep 2024 23:25:57 GMT
server: AkamaiNetStorage
etag: "be6061a21b6b9b26c4525f8c1718864d:1725405957.109658"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 1845
expires: Thu, 05 Sep 2024 09:23:35 GMT

GET
H2 200 RC448863e9e05a4b4880daa4a5fb7da328-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/ 358 B
484 B 146ms
141ms Script
application/x-javascript 23.45.193.57
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/RC448863e9e05a4b4880daa4a5fb7da328-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.193.57 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-193-57.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: b791325b42339ccebed7764c4ffb4605cae7dd39aef04a3f2391a2dd81ddced4

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:35 GMT
content-encoding: gzip
last-modified: Tue, 03 Sep 2024 23:25:57 GMT
server: AkamaiNetStorage
etag: "be6061a21b6b9b26c4525f8c1718864d:1725405957.109658"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 228
expires: Thu, 05 Sep 2024 09:23:35 GMT

GET
H2 200 RCa4add8b607f6404fbd2aba7ee4b9abad-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/ 703 B
683 B 146ms
141ms Script
application/x-javascript 23.45.193.57
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/RCa4add8b607f6404fbd2aba7ee4b9abad-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.193.57 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-193-57.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 05444ba298774a31341ba7328751fd52756e1b69b7751ea61c4e4f1f2223f711

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:35 GMT
content-encoding: gzip
last-modified: Tue, 03 Sep 2024 23:25:57 GMT
server: AkamaiNetStorage
etag: "be6061a21b6b9b26c4525f8c1718864d:1725405957.109658"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 426
expires: Thu, 05 Sep 2024 09:23:35 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 359 KB
118 KB 492ms
177ms Script
application/javascript 142.251.40.168
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-748285774&l=dataLayer

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.168 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

02e0f950027001966b6c2cfc4701373f6328aaf56cf6b6c1fdca103b63e1a6bf

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:35 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 120659
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 05 Sep 2024 08:23:35 GMT

GET
H2 200 RC06cd6a06a307489f80febc787462cb12-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/ 635 B
641 B 146ms
142ms Script
application/x-javascript 23.45.193.57
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/RC06cd6a06a307489f80febc787462cb12-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.193.57 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-193-57.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 6ea393f38b217e5fd56f2929268b03a2aad79b8b5b345917503518c709b6b23f

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:35 GMT
content-encoding: gzip
last-modified: Tue, 03 Sep 2024 23:25:57 GMT
server: AkamaiNetStorage
etag: "be6061a21b6b9b26c4525f8c1718864d:1725405957.109658"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 384
expires: Thu, 05 Sep 2024 09:23:35 GMT

GET
H2 200 RC190d282f2b9c4848b2ea08ca5751fa40-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/ 2 KB
1011 B 148ms
144ms Script
application/x-javascript 23.45.193.57
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/RC190d282f2b9c4848b2ea08ca5751fa40-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.193.57 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-193-57.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: d091f3a99eef1f19c9b726a738a4f5efcbd3a95151a8e9401b98d5e0d070abb4

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:35 GMT
content-encoding: gzip
last-modified: Tue, 03 Sep 2024 23:25:57 GMT
server: AkamaiNetStorage
etag: "be6061a21b6b9b26c4525f8c1718864d:1725405957.109658"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 754
expires: Thu, 05 Sep 2024 09:23:35 GMT

GET
H2 200 RC7be3d22b2fd6487ca9390477738587fe-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/ 819 B
757 B 151ms
148ms Script
application/x-javascript 23.45.193.57
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/RC7be3d22b2fd6487ca9390477738587fe-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.193.57 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-193-57.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: b0a827d3664061f388027e1b0846aa7a866d655aad5145c2c1cc97503877fa79

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:35 GMT
content-encoding: gzip
last-modified: Tue, 03 Sep 2024 23:25:57 GMT
server: AkamaiNetStorage
etag: "be6061a21b6b9b26c4525f8c1718864d:1725405957.109658"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 501
expires: Thu, 05 Sep 2024 09:23:35 GMT

GET
H2 200 RC407b573180554ea6b11eecdc31ecbd3f-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/ 819 B
756 B 147ms
145ms Script
application/x-javascript 23.45.193.57
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/RC407b573180554ea6b11eecdc31ecbd3f-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.193.57 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-193-57.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: bee6553d58ab615b2a4d6b4eb1b4f703d0d5484f1d425f9c0b00083d9df01ba8

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:35 GMT
content-encoding: gzip
last-modified: Tue, 03 Sep 2024 23:25:57 GMT
server: AkamaiNetStorage
etag: "be6061a21b6b9b26c4525f8c1718864d:1725405957.109658"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 499
expires: Thu, 05 Sep 2024 09:23:35 GMT

GET
H2 200 RC1d92f04752ae42a38e54de48cb85adf4-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/ 661 B
647 B 147ms
145ms Script
application/x-javascript 23.45.193.57
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/RC1d92f04752ae42a38e54de48cb85adf4-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.193.57 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-193-57.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: d01bd59c5be877b4fd0d5a1475bd63e96df4f0beb4dd483b61f55ae63ad1101e

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:35 GMT
content-encoding: gzip
last-modified: Tue, 03 Sep 2024 23:25:57 GMT
server: AkamaiNetStorage
etag: "be6061a21b6b9b26c4525f8c1718864d:1725405957.109658"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 390
expires: Thu, 05 Sep 2024 09:23:35 GMT

GET
H2 200 RCf940460311f349b5af69d075bdef61d4-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/ 368 B
491 B 147ms
145ms Script
application/x-javascript 23.45.193.57
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/RCf940460311f349b5af69d075bdef61d4-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.193.57 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-193-57.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 541c13842ef2506d4da9a6c35d5ada095cfb7c0d158d2ec692a2310d22b481f6

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:35 GMT
content-encoding: gzip
last-modified: Tue, 03 Sep 2024 23:25:57 GMT
server: AkamaiNetStorage
etag: "be6061a21b6b9b26c4525f8c1718864d:1725405957.109658"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 234
expires: Thu, 05 Sep 2024 09:23:35 GMT

GET
H2 200 RCcb6e8e438d1741e6854bf3a039a2565a-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/ 754 B
704 B 147ms
146ms Script
application/x-javascript 23.45.193.57
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/RCcb6e8e438d1741e6854bf3a039a2565a-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.193.57 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-193-57.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: ab49d08c588585e401e9dfee028674612a67858365d6f0e0a2f79769d69d0403

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:35 GMT
content-encoding: gzip
last-modified: Tue, 03 Sep 2024 23:25:57 GMT
server: AkamaiNetStorage
etag: "be6061a21b6b9b26c4525f8c1718864d:1725405957.109658"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 447
expires: Thu, 05 Sep 2024 09:23:35 GMT

GET
H2 200 RCbbd24be21a0f4115a18f29bb3fee2a7a-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/ 2 KB
970 B 148ms
148ms Script
application/x-javascript 23.45.193.57
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/RCbbd24be21a0f4115a18f29bb3fee2a7a-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.193.57 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-193-57.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a808eb7e84c97d954809a0e335f91f415a9abe4d6b670f8d7a7e5a4f639cc31c

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:35 GMT
content-encoding: gzip
last-modified: Tue, 03 Sep 2024 23:25:57 GMT
server: AkamaiNetStorage
etag: "be6061a21b6b9b26c4525f8c1718864d:1725405957.109658"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 713
expires: Thu, 05 Sep 2024 09:23:35 GMT

GET
H2 200 RCf5bd1991cad84a7294a7b609189a1fa5-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/ 1021 B
856 B 209ms
209ms Script
application/x-javascript 23.45.193.57
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/RCf5bd1991cad84a7294a7b609189a1fa5-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.193.57 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-193-57.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 974f74e012cf126d9589716838cd7751d2fb9e334390512d887cfe27ca2ebb01

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:35 GMT
content-encoding: gzip
last-modified: Tue, 03 Sep 2024 23:25:57 GMT
server: AkamaiNetStorage
etag: "be6061a21b6b9b26c4525f8c1718864d:1725405957.109658"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 600
expires: Thu, 05 Sep 2024 09:23:35 GMT

GET
H2 200 RCcd84e40d19c24776bef77836ab2f8df6-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/ 819 B
757 B 208ms
208ms Script
application/x-javascript 23.45.193.57
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/RCcd84e40d19c24776bef77836ab2f8df6-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.193.57 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-193-57.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 986226d3ad33c6576451130ae1ab140ab003dfbd8338288057e3c640b575b65a

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:35 GMT
content-encoding: gzip
last-modified: Tue, 03 Sep 2024 23:25:57 GMT
server: AkamaiNetStorage
etag: "be6061a21b6b9b26c4525f8c1718864d:1725405957.109658"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 501
expires: Thu, 05 Sep 2024 09:23:35 GMT

GET
H2 200 RC4daaa3cd330f4ee2934602a98dab7c5f-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/ 388 B
498 B 205ms
205ms Script
application/x-javascript 23.45.193.57
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/RC4daaa3cd330f4ee2934602a98dab7c5f-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.193.57 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-193-57.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: d8879628262ee8c2ad70574c11ca7ce6a1220d8aa73f91e7e38e1f7a4edaaacf

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:35 GMT
content-encoding: gzip
last-modified: Tue, 03 Sep 2024 23:25:57 GMT
server: AkamaiNetStorage
etag: "be6061a21b6b9b26c4525f8c1718864d:1725405957.109658"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 242
expires: Thu, 05 Sep 2024 09:23:35 GMT

GET
H2 200 RC5c60a51709a94068afbf065e1448b617-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/ 664 B
656 B 203ms
203ms Script
application/x-javascript 23.45.193.57
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/RC5c60a51709a94068afbf065e1448b617-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.193.57 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-193-57.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: f77d20112e76b27e09182cbe9792393928d30b9e8177fdce463690f717e49c63

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:35 GMT
content-encoding: gzip
last-modified: Tue, 03 Sep 2024 23:25:57 GMT
server: AkamaiNetStorage
etag: "be6061a21b6b9b26c4525f8c1718864d:1725405957.109658"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 400
expires: Thu, 05 Sep 2024 09:23:35 GMT

GET
H2 200 RC7675832323134b109ff7c59296e2d2ca-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/ 1 KB
797 B 205ms
204ms Script
application/x-javascript 23.45.193.57
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/RC7675832323134b109ff7c59296e2d2ca-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.193.57 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-193-57.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 01e743b563a6d4824bb08b2ac0786e559b44edc45f34482a2cd6cf906c8a91a8

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:35 GMT
content-encoding: gzip
last-modified: Tue, 03 Sep 2024 23:25:57 GMT
server: AkamaiNetStorage
etag: "be6061a21b6b9b26c4525f8c1718864d:1725405957.109658"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 540
expires: Thu, 05 Sep 2024 09:23:35 GMT

GET
H2 200 RC0ba76d5bbb984ea6a79cd6308c48dbff-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/ 2 KB
980 B 205ms
205ms Script
application/x-javascript 23.45.193.57
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/RC0ba76d5bbb984ea6a79cd6308c48dbff-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.193.57 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-193-57.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 0fcc95d9950ffc82f18f6e48f9c75fba09e7314ec51bb396b7869132f180c0fb

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:35 GMT
content-encoding: gzip
last-modified: Tue, 03 Sep 2024 23:25:57 GMT
server: AkamaiNetStorage
etag: "be6061a21b6b9b26c4525f8c1718864d:1725405957.109658"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 723
expires: Thu, 05 Sep 2024 09:23:35 GMT

GET
H2 200 RC0829ccf7bc5a44478ae2705d4c111c37-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/ 966 B
808 B 201ms
201ms Script
application/x-javascript 23.45.193.57
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/fa3c80fd0c10/RC0829ccf7bc5a44478ae2705d4c111c37-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.193.57 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-193-57.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 3af1db717cba2620a17a0109499f2f89fc9be2d2747bbbe71f2c5a90f419dd8d

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:35 GMT
content-encoding: gzip
last-modified: Tue, 03 Sep 2024 23:25:57 GMT
server: AkamaiNetStorage
etag: "be6061a21b6b9b26c4525f8c1718864d:1725405957.109658"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 551
expires: Thu, 05 Sep 2024 09:23:35 GMT

GET
H/1.1 200
OK flyin-fortiguard-labs-outbreak-alerts-346x172.png
www.fortinet.com/content/dam/fortinet/images/promos/pzn/ 35 KB
37 KB 137ms
136ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet/images/promos/pzn/flyin-fortiguard-labs-outbreak-alerts-346x172.png

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

480e3b349655b6f17b20ec546c300957cad9ffd98b2d29be29db79422ededc52

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Thu, 05 Sep 2024 08:18:02 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 d45137f973d454db77c647196f56613a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 24133614
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 36133
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 30 Nov 2023 00:50:15 GMT
Server: Apache
ETag: "8d25-60b5408ea5fc0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: -rhumD3tGWheLE_TxVOLt5qRLHh4hQqsOlpooHeTf7R-W_vlwBFayw==

GET
H3 200 www.fortinet.com.json Show response
script.crazyegg.com/pages/data-scripts/0117/0786/site/ 8 KB
2 KB 181ms
97ms XHR
application/json 104.19.147.8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0117/0786/site/www.fortinet.com.json?t=1
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0117/0786.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.147.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c3986d134169941936f4a0df0f92d10f80110e430da407dec44a07556a86e7be

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:35 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 44640
ce-version: 11.5.274
alt-svc: h3=":443"; ma=86400
content-length: 1550
last-modified: Wed, 04 Sep 2024 19:58:34 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8be4d16dbc897987-DEN

GET
H2 200 p Show response
i.simpli.fi/ 798 B
760 B 122ms
109ms Script
application/javascript 34.171.47.125
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.simpli.fi/p?cid=339566&cb=sifi_att_42656._hp
Requested by: Host: tag.simpli.fi
URL: https://tag.simpli.fi/sifitag/25f2dd15-02c6-4e7a-bc8b-c5722b49624d
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.171.47.125 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 125.47.171.34.bc.googleusercontent.com
Software: openresty /
Resource Hash: 3c011f927be0655f3338c6e35aac0db7272bc89b9b2c7a05f80b90904e377265

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:35 GMT
content-encoding: gzip
server: openresty
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 309 KB
102 KB 232ms
222ms Script
application/javascript 142.251.40.168
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-38BQ9XFDT4

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.168 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

37a5679e4a3ebd771a597c76571dd5de48d722a2bb958fb39e7bd40e7013e1e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:35 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 104631
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 05 Sep 2024 08:23:35 GMT

GET
H3 200 5e721483a6b8d23c33da1af34e751f01.js Show response
script.crazyegg.com/pages/versioned/common-scripts/ 103 KB
35 KB 98ms
98ms Script
text/javascript 104.19.147.8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/versioned/common-scripts/5e721483a6b8d23c33da1af34e751f01.js
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0117/0786.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.147.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 52163d0f5da50fcfaeff240157a410384cb9dffa7697855446a46802c9b74714

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:35 GMT
content-encoding: gzip
cf-cache-status: HIT
cf-bgj: minify
last-modified: Fri, 30 Aug 2024 10:45:11 GMT
server: cloudflare
age: 44703
cf-polished: origSize=105124
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000, s-maxage=31536000
timing-allow-origin: *
cf-ray: 8be4d16e5bc27b20-DEN
alt-svc: h3=":443"; ma=86400

GET
H2 200 17532650.js Show response
bat.bing.com/p/action/ 335 B
404 B 111ms
111ms Script
application/javascript 150.171.28.10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/17532650.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

150.171.28.10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e0f9a49b3445df93031ef8414eab4c9266e8e6aefc9594c8b3f49376f57ee97c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
date: Thu, 05 Sep 2024 08:23:35 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 018FE394EFDD4DC7AA1E2196BD834EF7 Ref B: SJC211051201033 Ref C: 2024-09-05T08:23:35Z
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
cache-control: private,max-age=1800

GET
H/1.1 200
OK unifiedPixel Show response
tr.outbrain.com/ 53 B
321 B 406ms
133ms Fetch
image/gif 70.42.32.31
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.outbrain.com/unifiedPixel?au=false&bust=008999805976502939&referrer=&cht=ot&marketerId=00ad3119690e692fd6990245f9741ea8f1&name=PAGE_VIEW&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&g=0&obApiVersion=1.1&obtpVersion=2.0.5

Requested by

Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

70.42.32.31 , United States, ASN22075 (AS-OUTBRAIN, US),

Reverse DNS

ny.outbrain.com

Software

Resource Hash

b51f3497b0a65f1e1e87e75f5e7e823d871c23bcf76a5ee4101783c8f939e553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:35 GMT
cache-control: no-cache
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-traceid: aa560b785797eae9b59174e24aabe19d
content-length: 54
content-type: image/gif;

GET
H/1.1 200
OK cachedClickId Show response
tr.outbrain.com/ 35 B
293 B 690ms
419ms Script
application/javascript 70.42.32.31
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.outbrain.com/cachedClickId?marketerId=00ad3119690e692fd6990245f9741ea8f1

Requested by

Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

70.42.32.31 , United States, ASN22075 (AS-OUTBRAIN, US),

Reverse DNS

ny.outbrain.com

Software

Resource Hash

1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:36 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-traceid: 5673e6d1dc3211a1e1413480620bd02a
content-length: 39
content-type: application/javascript

GET
H/1.1 200
OK 00ad3119690e692fd6990245f9741ea8f1 Show response
wave.outbrain.com/mtWavesBundler/handler/ 2 B
516 B 415ms
137ms Script
text/html 23.45.193.200
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://wave.outbrain.com/mtWavesBundler/handler/00ad3119690e692fd6990245f9741ea8f1

Requested by

Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.45.193.200 , United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-45-193-200.deploy.static.akamaitechnologies.com

Software

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
Content-Encoding: gzip
Date: Thu, 05 Sep 2024 08:23:35 GMT
ob-sent-time: 1725448112131
ETag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
X-RG: NA
Cache-Control: max-age=60
X-CC: US
Connection: keep-alive
x-traceid: a4f5b5372077741eaaa503ebc424ed59
Content-Length: 22
Expires: Thu, 05 Sep 2024 08:24:35 GMT

GET
H/1.1 200
OK topics Show response
amplify.outbrain.com/ 26 B
301 B 412ms
137ms Fetch
text/html 23.45.193.200
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://amplify.outbrain.com/topics
Requested by: Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.45.193.200 , United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-45-193-200.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6d0291f90718dc0537f65dc6a4f68d8e75f0a8a3a0b62836d9cf41350ecaf552

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Thu, 05 Sep 2024 08:23:35 GMT
Observe-Browsing-Topics: ?1
Content-Type: text/html
Access-Control-Allow-Origin: *
X-RG: NA
Cache-Control: max-age=1200
X-CC: US
Connection: keep-alive
Content-Length: 26
Expires: Thu, 05 Sep 2024 08:43:35 GMT

GET

cs
cs.lkqd.net/
Redirect Chain

https://um.simpli.fi/smaato
https://s.ad.smaato.net/c/?dspInit=1001136&dspCookie=5EBF1F4FA8014B33BE8B3DBD85B87EAC
https://cs.lkqd.net/cs?partnerId=109&partnerUserId=80a46442f0&gdpr=0&gdpr_consent=

0
0

GET
H2

204

5EBF1F4FA8014B33BE8B3DBD85B87EAC
sync.1rx.io/usersync/simplifi/
Redirect Chain

https://um.simpli.fi/nexxen
https://sync.1rx.io/usersync/simplifi/5EBF1F4FA8014B33BE8B3DBD85B87EAC

0
99 B

592ms
128ms

Image
text/plain

69.194.240.13
RHYTHMONE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.1rx.io/usersync/simplifi/5EBF1F4FA8014B33BE8B3DBD85B87EAC
Protocol: H2
Server: 69.194.240.13 , United States, ASN26120 (RHYTHMONE, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:40 GMT
cache-control: no-store, no-cache, must-revalidate
expires: 0

Redirect headers

date: Thu, 05 Sep 2024 08:23:35 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://sync.1rx.io/usersync/simplifi/5EBF1F4FA8014B33BE8B3DBD85B87EAC
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Wed, 04 Sep 2024 08:23:35 GMT

GET
H2

200

xuid
eb2.3lift.com/
Redirect Chain

https://um.simpli.fi/triplelift
https://eb2.3lift.com/xuid?mid=7969&xuid=5EBF1F4FA8014B33BE8B3DBD85B87EAC&dongle=yf3
https://eb2.3lift.com/xuid?ld=1&mid=7969&xuid=5EBF1F4FA8014B33BE8B3DBD85B87EAC&dongle=yf3&gdpr=0&cmp_cs=&us_privacy=

37 B
474 B

152ms
148ms

Image
image/gif

52.223.22.214
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?ld=1&mid=7969&xuid=5EBF1F4FA8014B33BE8B3DBD85B87EAC&dongle=yf3&gdpr=0&cmp_cs=&us_privacy=
Protocol: H2
Server: 52.223.22.214 Seattle, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afb83dd09526a6517.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
date: Thu, 05 Sep 2024 08:23:36 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

Redirect headers

location: /xuid?ld=1&mid=7969&xuid=5EBF1F4FA8014B33BE8B3DBD85B87EAC&dongle=yf3&gdpr=0&cmp_cs=&us_privacy=
date: Thu, 05 Sep 2024 08:23:36 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

sync
simplifi.partners.tremorhub.com/
Redirect Chain

https://um.simpli.fi/telaria_p
https://simplifi.partners.tremorhub.com/sync?UISF=5EBF1F4FA8014B33BE8B3DBD85B87EAC

43 B
175 B

595ms
129ms

Image
image/gif

44.197.150.112
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simplifi.partners.tremorhub.com/sync?UISF=5EBF1F4FA8014B33BE8B3DBD85B87EAC
Protocol: H2
Server: 44.197.150.112 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-197-150-112.compute-1.amazonaws.com
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-type: image/gif
date: Thu, 05 Sep 2024 08:23:36 GMT
server: nginx
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'

Redirect headers

date: Thu, 05 Sep 2024 08:23:35 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://simplifi.partners.tremorhub.com/sync?UISF=5EBF1F4FA8014B33BE8B3DBD85B87EAC
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Wed, 04 Sep 2024 08:23:35 GMT

GET
H2

200

check
pixel.tapad.com/idsync/ex/receive/
Redirect Chain

https://um.simpli.fi/tapad
https://pixel.tapad.com/idsync/ex/receive?partner_id=2305&partner_device_id=5EBF1F4FA8014B33BE8B3DBD85B87EAC
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=5EBF1F4FA8014B33BE8B3DBD85B87EAC

95 B
429 B

113ms
106ms

Image
image/png

34.111.113.62
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=5EBF1F4FA8014B33BE8B3DBD85B87EAC

Protocol

Server

34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

62.113.111.34.bc.googleusercontent.com

Software

Jetty(11.0.13) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:36 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: Jetty(11.0.13)
content-type: image/png
access-control-allow-origin: *
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95

Redirect headers

date: Thu, 05 Sep 2024 08:23:36 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: Jetty(11.0.13)
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin: *
location: https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=5EBF1F4FA8014B33BE8B3DBD85B87EAC
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

empty.gif
um.simpli.fi/
Redirect Chain

https://um.simpli.fi/ad_advisor
https://aa.agkn.com/adscores/g.pixel?sid=9201915418&sifi_uid=5EBF1F4FA8014B33BE8B3DBD85B87EAC
https://d.agkn.com/pixel/10751/?che=1725524616314&ip=45.13.235.43&l1=https%3A%2F%2Fum.simpli.fi%2Faa_px%3Fsk%3D212520604996006897275
https://um.simpli.fi/aa_px?sk=212520604996006897275
https://um.simpli.fi/empty.gif

43 B
361 B

91ms
90ms

Image
image/gif

34.171.234.26
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/empty.gif

Protocol

Server

34.171.234.26 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

26.234.171.34.bc.googleusercontent.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:37 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43

Redirect headers

date: Thu, 05 Sep 2024 08:23:36 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: /empty.gif
access-control-allow-origin: *
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142

GET
H2

200

ProfilesEngineServlet
sync.intentiq.com/profiles_engine/
Redirect Chain

https://um.simpli.fi/intentiq
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=5EBF1F4FA8014B33BE8B3DBD85B87EAC
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=5EBF1F4FA8014B33BE8B3DBD85B87EAC&ckls=true&ci=3LHeZLPuZj&nc=false&trid=-480174161

43 B
1 KB

156ms
151ms

Image
image/gif

18.164.116.64
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=5EBF1F4FA8014B33BE8B3DBD85B87EAC&ckls=true&ci=3LHeZLPuZj&nc=false&trid=-480174161
Protocol: H2
Server: 18.164.116.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-164-116-64.jfk50.r.cloudfront.net
Software: /
Resource Hash: caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:36 GMT
via: 1.1 17eb4ce9c34597b3328325a19f8138fe.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P6
x-cache: Miss from cloudfront
content-type: image/gif
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=86400
content-length: 43
x-amz-cf-id: mzg8zuu2chuUuLJMhJvAbY9SLkc_tN4BwsagyydILd9OcGuz8Uitkw==
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:36 GMT
via: 1.1 17eb4ce9c34597b3328325a19f8138fe.cloudfront.net (CloudFront)
x-amz-cf-pop: JFK50-P6
x-cache: Miss from cloudfront
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
location: https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=5EBF1F4FA8014B33BE8B3DBD85B87EAC&ckls=true&ci=3LHeZLPuZj&nc=false&trid=-480174161
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
patent: https://www.almondnet.com/ip
alt-svc: h3=":443"; ma=86400
content-length: 43
x-amz-cf-id: CeYRrVKlwqSkoXO1yrauZialmOaHWW3NKaiVZrm4szQ6AFb-b9b45Q==
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2

200

Pug
image2.pubmatic.com/AdServer/
Redirect Chain

https://um.simpli.fi/pubmatic
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:5EBF1F4FA8014B33BE8B3DBD85B87EAC

42 B
555 B

555ms
125ms

Image
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:5EBF1F4FA8014B33BE8B3DBD85B87EAC
Protocol: H2
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
date: Thu, 05 Sep 2024 08:23:34 GMT
cache-control: no-store, no-cache, private
server: nginx
content-length: 42
content-type: image/gif; charset=utf-8

Redirect headers

date: Thu, 05 Sep 2024 08:23:35 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTgwNiZ0bD01MTg0MDA=&piggybackCookie=uid:5EBF1F4FA8014B33BE8B3DBD85B87EAC
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Wed, 04 Sep 2024 08:23:35 GMT

GET
H/1.1

200

user-registering
ads.stickyadstv.com/
Redirect Chain

https://um.simpli.fi/freewheel
https://ads.stickyadstv.com/user-registering?dataProviderId=753&userId=5EBF1F4FA8014B33BE8B3DBD85B87EAC

43 B
654 B

837ms
138ms

Image
image/gif

63.251.28.231
INTERNAP-BLK3

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ads.stickyadstv.com/user-registering?dataProviderId=753&userId=5EBF1F4FA8014B33BE8B3DBD85B87EAC
Protocol: HTTP/1.1
Server: 63.251.28.231 Secaucus, United States, ASN13789 (INTERNAP-BLK3, US),
Reverse DNS
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 05 Sep 2024 08:23:36 GMT
Server: nginx
Transfer-Encoding: chunked
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Access-Control-Allow-Credentials: true
Connection: keep-alive
x-sticky-vk: 1725524616577091-269

Redirect headers

date: Thu, 05 Sep 2024 08:23:35 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://ads.stickyadstv.com/user-registering?dataProviderId=753&userId=5EBF1F4FA8014B33BE8B3DBD85B87EAC
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Wed, 04 Sep 2024 08:23:35 GMT

GET

getuid
sync.smartadserver.com/
Redirect Chain

https://um.simpli.fi/dtnx
https://fei.pro-market.net/engine?du=24;csync=5EBF1F4FA8014B33BE8B3DBD85B87EAC;mimetype=img;
https://fei.pro-market.net/engine?du=24;csync=5EBF1F4FA8014B33BE8B3DBD85B87EAC;mimetype=img;sr
https://sync.smartadserver.com/getuid?url=https%3A%2F%2Ffei.pro-market.net%2Fengine%3Fsite%3D161185%26size%3D1x1%26du%3D36%26csync%3D[sas_uid]

0
0

GET
H2

204

/
loadm.exelator.com/load/
Redirect Chain

https://um.simpli.fi/exelatem
https://loadm.exelator.com/load/?p=204&g=2191&simid=5EBF1F4FA8014B33BE8B3DBD85B87EAC&j=0
https://loadm.exelator.com/load/?p=204&g=2191&simid=5EBF1F4FA8014B33BE8B3DBD85B87EAC&j=0&xl8blockcheck=1

0
767 B

129ms
127ms

Image
text/plain

34.229.3.43
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://loadm.exelator.com/load/?p=204&g=2191&simid=5EBF1F4FA8014B33BE8B3DBD85B87EAC&j=0&xl8blockcheck=1
Protocol: H2
Server: 34.229.3.43 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-229-3-43.compute-1.amazonaws.com
Software: nginx / Undertow/1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:36 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

Redirect headers

date: Thu, 05 Sep 2024 08:23:36 GMT
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
location: https://loadm.exelator.com/load/?p=204&g=2191&simid=5EBF1F4FA8014B33BE8B3DBD85B87EAC&j=0&xl8blockcheck=1
content-type: image/gif
cache-control: no-cache
access-control-allow-credentials: true
content-length: 0

GET
H2

204

sync
ups.analytics.yahoo.com/ups/55964/
Redirect Chain

https://um.simpli.fi/yahoo
https://ups.analytics.yahoo.com/ups/55964/sync?uid=5EBF1F4FA8014B33BE8B3DBD85B87EAC
https://ups.analytics.yahoo.com/ups/55964/sync?uid=5EBF1F4FA8014B33BE8B3DBD85B87EAC&verify=true

0
121 B

154ms
149ms

Image
text/plain

3.225.218.10
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/55964/sync?uid=5EBF1F4FA8014B33BE8B3DBD85B87EAC&verify=true

Protocol

Server

3.225.218.10 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-225-218-10.compute-1.amazonaws.com

Software

ATS/9.1.10.137 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:36 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.137
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/55964/sync?uid=5EBF1F4FA8014B33BE8B3DBD85B87EAC&verify=true
date: Thu, 05 Sep 2024 08:23:36 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.137
age: 0
content-length: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1

204

sync
sync.bfmio.com/
Redirect Chain

https://um.simpli.fi/beachfront
https://sync.bfmio.com/sync?pid=141&uid=5EBF1F4FA8014B33BE8B3DBD85B87EAC

0
421 B

644ms
123ms

Image
text/plain

52.204.142.153
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.bfmio.com/sync?pid=141&uid=5EBF1F4FA8014B33BE8B3DBD85B87EAC
Protocol: HTTP/1.1
Server: 52.204.142.153 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-204-142-153.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Connection: keep-alive
Date: Thu, 05 Sep 2024 08:23:35 GMT

Redirect headers

date: Thu, 05 Sep 2024 08:23:35 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://sync.bfmio.com/sync?pid=141&uid=5EBF1F4FA8014B33BE8B3DBD85B87EAC
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Wed, 04 Sep 2024 08:23:35 GMT

GET
H2

200

29931
stags.bluekai.com/site/
Redirect Chain

https://um.simpli.fi/bluekai
https://stags.bluekai.com/site/29931?id=5EBF1F4FA8014B33BE8B3DBD85B87EAC

62 B
447 B

614ms
226ms

Image
image/gif

23.46.225.71
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stags.bluekai.com/site/29931?id=5EBF1F4FA8014B33BE8B3DBD85B87EAC
Protocol: H2
Server: 23.46.225.71 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-46-225-71.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-type: image/gif
date: Thu, 05 Sep 2024 08:23:36 GMT
content-length: 62
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

Redirect headers

date: Thu, 05 Sep 2024 08:23:35 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://stags.bluekai.com/site/29931?id=5EBF1F4FA8014B33BE8B3DBD85B87EAC
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Wed, 04 Sep 2024 08:23:35 GMT

GET
H2

200

tpid=5EBF1F4FA8014B33BE8B3DBD85B87EAC
bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/
Redirect Chain

https://um.simpli.fi/crwdcntrl
https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=5EBF1F4FA8014B33BE8B3DBD85B87EAC
https://bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/tpid=5EBF1F4FA8014B33BE8B3DBD85B87EAC

49 B
543 B

149ms
144ms

Image
image/gif

44.193.146.17
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/tpid=5EBF1F4FA8014B33BE8B3DBD85B87EAC
Protocol: H2
Server: 44.193.146.17 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-193-146-17.compute-1.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:36 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.40.3.91
content-length: 49
expires: 0

Redirect headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:36 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/tpid=5EBF1F4FA8014B33BE8B3DBD85B87EAC
cache-control: no-cache
x-server: 10.40.52.90
content-length: 0
expires: 0

GET
H2

200

merge
ce.lijit.com/
Redirect Chain

https://um.simpli.fi/lj_match
https://ce.lijit.com/merge?pid=2&3pid=5EBF1F4FA8014B33BE8B3DBD85B87EAC
https://ce.lijit.com/merge?pid=2&3pid=5EBF1F4FA8014B33BE8B3DBD85B87EAC&dnr=1

43 B
511 B

141ms
135ms

Image
image/gif

34.206.18.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=2&3pid=5EBF1F4FA8014B33BE8B3DBD85B87EAC&dnr=1
Protocol: H2
Server: 34.206.18.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-206-18-6.compute-1.amazonaws.com
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:36 GMT
vary: Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
content-length: 43
expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:36 GMT
vary: Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://ce.lijit.com/merge?pid=2&3pid=5EBF1F4FA8014B33BE8B3DBD85B87EAC&dnr=1
cache-control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
content-length: 0
expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H2

200

db_sync
px.ads.linkedin.com/
Redirect Chain

https://um.simpli.fi/liveramp_match
https://idsync.rlcdn.com/419566.gif?partner_uid=5EBF1F4FA8014B33BE8B3DBD85B87EAC
https://idsync.rlcdn.com/1000.gif?memo=CO7NGRIrCicIARDuJBogNUVCRjFGNEZBODAxNEIzM0JFOEIzREJEODVCODdFQUMQABoNCIjV5bYGEgUI6AcQAEIASgA
https://pippio.com/api/sync?pid=5324&it=1&iv=534c41908e633afdae3ea1e70af2a9008f675bce4c5e01bc615b19d0b9e8567e791426b5417dce21&_=2
https://px.ads.linkedin.com/db_sync?pid=10339&puuid=534c41908e633afdae3ea1e70af2a9008f675bce4c5e01bc615b19d0b9e8567e791426b5417dce21&rand=08520354
https://px.ads.linkedin.com/db_sync?pid=10339&puuid=534c41908e633afdae3ea1e70af2a9008f675bce4c5e01bc615b19d0b9e8567e791426b5417dce21&rand=08520354&expected_cookie=0650023d-5d9e-458f-a4d7-17d2e2a91493

0
141 B

227ms
226ms

Image
text/plain

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/db_sync?pid=10339&puuid=534c41908e633afdae3ea1e70af2a9008f675bce4c5e01bc615b19d0b9e8567e791426b5417dce21&rand=08520354&expected_cookie=0650023d-5d9e-458f-a4d7-17d2e2a91493
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:36 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 9912B7D301A342B4986087861E7C1987 Ref B: BY3EDGE0307 Ref C: 2024-09-05T08:23:37Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYhWwHeddVxqI4CBtn63w==

Redirect headers

date: Thu, 05 Sep 2024 08:23:36 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 6B80C2576F574C03AB09CB372093BAAE Ref B: BY3EDGE0307 Ref C: 2024-09-05T08:23:37Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
location: /db_sync?pid=10339&puuid=534c41908e633afdae3ea1e70af2a9008f675bce4c5e01bc615b19d0b9e8567e791426b5417dce21&rand=08520354&expected_cookie=0650023d-5d9e-458f-a4d7-17d2e2a91493
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYhWwHbOy1LaenHZSev7Q==

GET
H3

200

/
www.google.com/pagead/1p-conversion/1026675585/
Redirect Chain

https://www.googleadservices.com/pagead/conversion/1026675585/?random=1725524615418&cv=7&fst=1725524615418&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1026675585/?random=1191705877&cv=7&fst=1725524615418&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLH...
https://www.google.com/pagead/1p-conversion/1026675585/?random=1191705877&cv=7&fst=1725524615418&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHD...

42 B
64 B

440ms
158ms

Image
image/gif

142.250.80.36
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-conversion/1026675585/?random=1191705877&cv=7&fst=1725524615418&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgibx7EC&pscrd=IhMIu6u5jrCriAMVhQ5oCB0cJRL7MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5mb3J0aW5ldC5jb20v&is_vtc=1&cid=CAQSKQDpaXnfULDr9di70sMYxpmxHQI00U4sqpIyN3o5wrpoMv3HWz5bQd4-&random=1653008605

Protocol

Server

142.250.80.36 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:37 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:36 GMT
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://www.google.com/pagead/1p-conversion/1026675585/?random=1191705877&cv=7&fst=1725524615418&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECCLHDsQIIisWxAgibx7EC&pscrd=IhMIu6u5jrCriAMVhQ5oCB0cJRL7MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5mb3J0aW5ldC5jb20v&is_vtc=1&cid=CAQSKQDpaXnfULDr9di70sMYxpmxHQI00U4sqpIyN3o5wrpoMv3HWz5bQd4-&random=1653008605
content-type: image/gif
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 spotx_match
um.simpli.fi/ 0
272 B 91ms
89ms Image
text/plain 34.171.234.26
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/spotx_match

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

34.171.234.26 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

26.234.171.34.bc.googleusercontent.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 05 Sep 2024 08:23:35 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS

GET
H2

200

bounce
ib.adnxs.com/
Redirect Chain

https://um.simpli.fi/an
https://ib.adnxs.com/setuid?entity=66&code=5EBF1F4FA8014B33BE8B3DBD85B87EAC
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3D5EBF1F4FA8014B33BE8B3DBD85B87EAC

43 B
1 KB

161ms
160ms

Image
image/gif

68.67.181.211
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3D5EBF1F4FA8014B33BE8B3DBD85B87EAC

Protocol

Server

68.67.181.211 North Bergen, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:36 GMT
an-x-request-uuid: 203a3f24-5c3c-42a7-9dd7-06906e0555ad
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 45.13.235.43; 45.13.235.43; 584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:36 GMT
an-x-request-uuid: 5bed89d0-642d-4700-8fbb-b254ea3dc45a
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3D5EBF1F4FA8014B33BE8B3DBD85B87EAC
cache-control: no-store, no-cache, private
x-proxy-origin: 45.13.235.43; 45.13.235.43; 584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://um.simpli.fi/rb_match
https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=5EBF1F4FA8014B33BE8B3DBD85B87EAC&expires=365

42 B
1 KB

574ms
123ms

Image
image/gif

69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=5EBF1F4FA8014B33BE8B3DBD85B87EAC&expires=365
Protocol: HTTP/1.1
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: 0b388c490ecfef74be7d13328a4f3ac3
Expires: 0

Redirect headers

date: Thu, 05 Sep 2024 08:23:35 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=5EBF1F4FA8014B33BE8B3DBD85B87EAC&expires=365
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Wed, 04 Sep 2024 08:23:35 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://um.simpli.fi/ox_match
https://us-u.openx.net/w/1.0/sd?id=537072966&val=5EBF1F4FA8014B33BE8B3DBD85B87EAC
https://us-u.openx.net/w/1.0/sd?cc=1&id=537072966&val=5EBF1F4FA8014B33BE8B3DBD85B87EAC

43 B
171 B

97ms
90ms

Image
image/gif

35.244.159.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072966&val=5EBF1F4FA8014B33BE8B3DBD85B87EAC
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:36 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537072966&val=5EBF1F4FA8014B33BE8B3DBD85B87EAC
date: Thu, 05 Sep 2024 08:23:36 GMT
via: 1.1 google
server: OXGW/0.0.0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H2

204

g_match
um.simpli.fi/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm&google_sc
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm=&google_sc=&google_tc=
https://um.simpli.fi/g_match?id=&google_gid=CAESEJ1inFYR8J380yeTjYl2Uu4&google_cver=1
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=5EBF1F4FA8014B33BE8B3DBD85B87EAC
https://um.simpli.fi/g_match?id=

0
320 B

91ms
91ms

Image
text/plain

34.171.234.26
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/g_match?id=

Protocol

Server

34.171.234.26 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

26.234.171.34.bc.googleusercontent.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:36 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Wed, 04 Sep 2024 08:23:36 GMT

Redirect headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:36 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://um.simpli.fi/g_match?id=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 229
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 0
bat.bing.com/action/ 0
362 B 112ms
111ms Image
text/plain 150.171.28.10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=17532650&tm=al001&Ver=2&mid=804b5548-f2ea-4721-abf2-abefc07bae42&sid=251dfea06b6011efb4fc0f2affe61e22&vid=251e05e06b6011efa17751d0e927801b&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1600&sh=1200&sc=24&tl=Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs&kw=FortiGuard%20Labs%20Threat%20Research,infostealer,security%20attack&p=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&r=&lt=1731&pt=1725524612415,,,,,0,1,92,92,367,163,367,511,579,523,1110,1110,1119,1731,1731,1731&pn=0,0&evt=pageLoad&sv=1&cdb=AQET&rn=97480

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

150.171.28.10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Thu, 05 Sep 2024 08:23:35 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 7558127FA9304626AD8878EEE562B72A Ref B: SJC211051201033 Ref C: 2024-09-05T08:23:35Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
194 B 156ms
154ms XHR
text/html 23.34.59.33
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.34.59.33 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-34-59-33.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:35 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.fortinet.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 4 B
283 B 763ms
152ms XHR
text/html 23.34.59.26
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.34.59.26 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-34-59-26.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:36 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: null
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1725524615798_388501537_153867229_20_898_80_459_219";dur=1
content-length: 4
expires: Thu, 05 Sep 2024 08:23:36 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 163ms
162ms Image
image/gif 23.34.59.33
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=904f8a42-07c5-49c5-8755-44f60cba7022&session=f50db5a5-1f7f-494c-8c0e-169639716906&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Thu%2C%2005%20Sep%202024%2008%3A23%3A35%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20uncovered%20a%20fresh%20threat%20-%20Emansrepo%20stealer%2C%20which%20is%20distributed%20via%20multiple%20attack%20chains%20for%20months.%20Learn%20more.%22%2C%22keywords%22%3A%22FortiGuard%20Labs%20Threat%20Research%2Cinfostealer%2Csecurity%20attack%22%2C%22title%22%3A%22Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&pageViewId=25ba4e01-87c2-4604-8005-9108da4164e5&v=1.1.23

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.34.59.33 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-34-59-33.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:35 GMT
x-content-type-options: nosniff
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Thu, 05 Sep 2024 08:23:35 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 163ms
162ms Image
image/gif 23.34.59.33
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=904f8a42-07c5-49c5-8755-44f60cba7022&session=f50db5a5-1f7f-494c-8c0e-169639716906&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2005%20Sep%202024%2008%3A23%3A35%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%225eeecf22b2d12a77a14639dce97b7a36%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2005%20Sep%202024%2008%3A23%3A35%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2005%20Sep%202024%2008%3A23%3A35%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2005%20Sep%202024%2008%3A23%3A35%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%227381d1d7c753fe2d8e217c3fdc44c0f17418dcc4%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Thu%2C%2005%20Sep%202024%2008%3A23%3A35%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20uncovered%20a%20fresh%20threat%20-%20Emansrepo%20stealer%2C%20which%20is%20distributed%20via%20multiple%20attack%20chains%20for%20months.%20Learn%20more.%22%2C%22keywords%22%3A%22FortiGuard%20Labs%20Threat%20Research%2Cinfostealer%2Csecurity%20attack%22%2C%22title%22%3A%22Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&pageViewId=25ba4e01-87c2-4604-8005-9108da4164e5&v=1.1.23

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.34.59.33 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-34-59-33.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:36 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Thu, 05 Sep 2024 08:23:36 GMT

GET
H3 200 www.fortinet.com.json Show response
script.crazyegg.com/pages/data-scripts/0117/0786/sampling/ 46 B
278 B 92ms
92ms XHR
application/json 104.19.147.8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0117/0786/sampling/www.fortinet.com.json?t=1
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/5e721483a6b8d23c33da1af34e751f01.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.147.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: adc927ab8e07d22f6baf437633c277fd0fa3809cf50c7f74cf10a1f49eb8b1e6

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:35 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 44640
ce-version: 11.5.274
alt-svc: h3=":443"; ma=86400
content-length: 65
last-modified: Wed, 04 Sep 2024 19:58:34 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8be4d1701e0b7987-DEN

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 764 B
722 B 361ms
125ms XHR
application/json 76.223.9.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.9.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash: df5fe0a16d52c5174df3679a952f4b73e4965b871d307402b2a43f4ea51eb886

Request headers

Referer: https://www.fortinet.com/
Authorization: Token 7381d1d7c753fe2d8e217c3fdc44c0f17418dcc4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
X-6s-CustomID: WebTag1.0 5eeecf22b2d12a77a14639dce97b7a36

Response headers

x-trace-id: 8861572294434442652
date: Thu, 05 Sep 2024 08:23:36 GMT
content-encoding: gzip
server: nginx
vary: Origin, Accept-Encoding
content-type: application/json
x-6si-region: us-west-1a
access-control-allow-origin: https://www.fortinet.com
access-control-expose-headers: X-6si-Region
access-control-allow-credentials: true
timing-allow-origin: https://6sense.com, https://www.ssga.com
content-length: 403

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 625ms
126ms Preflight 76.223.9.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.9.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.fortinet.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.fortinet.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
date: Thu, 05 Sep 2024 08:23:36 GMT
server: nginx
timing-allow-origin: https://6sense.com, https://www.ssga.com
x-6si-region: us-west-1a
x-trace-id: 39698017691428946

GET d4b4959f-db97-4844-9344-300b5531f95d
https://www.fortinet.com/ Frame 0
0

GET
H2 200 clock Show response
tracking.crazyegg.com/ 38 B
145 B 582ms
120ms XHR
text/plain 3.12.250.89
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.crazyegg.com/clock?t=1&tk=329ee1373036c5ddcda74cf257baa0a6&u=1170786&s=424000&p=%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains&v=db5a3ef27260b505b3c840328667793b437b0fec&f=fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains&ul=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/versioned/common-scripts/5e721483a6b8d23c33da1af34e751f01.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.12.250.89 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-3-12-250-89.us-east-2.compute.amazonaws.com
Software: awselb/2.0 /
Resource Hash: d19a86ab6143919f238ef42dc0396845f389c51077d40a68a12ffc2fc9c8eb60

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 05 Sep 2024 08:23:36 GMT
cache-control: no-store
server: awselb/2.0
content-length: 38
content-type: text/plain

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 250 KB
88 KB 185ms
181ms Script
application/javascript 142.251.40.168
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-662878185&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-38BQ9XFDT4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.168 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

4064a15647196b03fa05bcc7e8654abf8098a7e9a975e5c70cb4018423d0e54a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:35 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 90292
x-xss-protection: 0
last-modified: Thu, 05 Sep 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 05 Sep 2024 08:23:35 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 215 KB
77 KB 175ms
173ms Script
application/javascript 142.251.40.168
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-10050195&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-38BQ9XFDT4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.168 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

3ee4da8b7fc441001353406e82822f67bd0005b486e4477d1e8a966343ed2d10

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:35 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78891
x-xss-protection: 0
last-modified: Thu, 05 Sep 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 05 Sep 2024 08:23:35 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 231 KB
83 KB 187ms
185ms Script
application/javascript 142.251.40.168
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-609297413&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-38BQ9XFDT4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.168 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

1fb93e8d559973a16136a554027cca2f77e925be68022f28cc8e958ca957aeb1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:35 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 85045
x-xss-protection: 0
last-modified: Thu, 05 Sep 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 05 Sep 2024 08:23:35 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 242 KB
86 KB 217ms
215ms Script
application/javascript 142.251.40.168
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-729495989&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-38BQ9XFDT4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.168 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

31d6054f4cebe92ef8a8fc86786530c89609f38b2e86dac373dfa8d3b7913e30

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:35 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 87941
x-xss-protection: 0
last-modified: Thu, 05 Sep 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 05 Sep 2024 08:23:35 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 359 KB
118 KB 277ms
275ms Script
application/javascript 142.251.40.168
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-748285774&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-38BQ9XFDT4

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.40.168 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

d5d7cfea851c57974530d66be25cf0d2c3083890c30e297ac32fadc3669e7502

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:35 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 120639
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 05 Sep 2024 08:23:35 GMT

GET
H2 200 api.min.js Show response
a.opmnstr.com/app/js/ 51 KB
18 KB 475ms
152ms Script
application/javascript 138.199.40.58
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://a.opmnstr.com/app/js/api.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 138.199.40.58 New York, United States, ASN60068 (CDN77 _, GB),
Reverse DNS: 138-199-40-58.bunnyinfra.net
Software: BunnyCDN-NY1-885 /
Resource Hash: 0be6763ca3bff1568298c07fb98f2461cc386d6dba8da56672e202ce93259bb7

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:36 GMT
content-encoding: br
cdn-edgestorageid: 885
perma-cache: HIT
cdn-storageserver: NY-267
cdn-cachedat: 09/02/2024 14:46:52
cdn-pullzone: 293267
last-modified: Mon, 02 Sep 2024 14:46:13 GMT
server: BunnyCDN-NY1-885
cdn-fileserver: 749
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"66d5cfb5-cca5"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: c40d6a2a40bac601b6a0244ac7fffe8b
cdn-requestcountrycode: US
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

POST
H2 204 collect
www.google-analytics.com/g/ 0
0 531ms
149ms Fetch
text/plain 142.251.40.238
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-38BQ9XFDT4&gtm=45je4940h2v9191763579za200&_p=1725524615032&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=0&cid=949312111.1725524616&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1725524615&sct=1&seg=0&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&dt=Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=3419
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-38BQ9XFDT4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.40.238 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga34s39-in-f14.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:36 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
0 372ms
91ms Fetch
text/plain 216.239.36.181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-WW0XD247FL&gtm=45be4930v9123037237za200zb9191763579&_p=1725524615032&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=0&cid=949312111.1725524616&ecid=1920428313&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_eu=AEA&_s=1&sid=1725524615&sct=1&seg=0&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&dt=Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs&en=scroll&_fv=1&_ss=1&ep.conversion_linker=true&epn.percent_scrolled=90&tfd=3498
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-748285774&l=dataLayer
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 216.239.36.181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:36 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
246 B 404ms
135ms Ping
text/plain 142.251.111.154
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-WW0XD247FL&cid=949312111.1725524616&gtm=45be4930v9123037237za200zb9191763579&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-748285774&l=dataLayer
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.111.154 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS: bk-in-f154.1e100.net
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:36 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 rul
td.doubleclick.net/td/ga/ Frame 8473 0
0 374ms
135ms Document
text/html 142.250.64.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/ga/rul?tid=G-WW0XD247FL&gacid=949312111.1725524616&gtm=45be4930v9123037237za200zb9191763579&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=0&z=394262542

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-748285774&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.64.98 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s31-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Sep 2024 08:23:36 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/662878185/ 43 B
61 B 478ms
173ms Script
text/javascript 142.251.41.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/662878185/?random=1725524616234&cv=11&fst=1725524616234&bg=ffffff&guid=ON&async=1&gtm=45be4930v887005625za200zb9191763579&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&hn=www.googleadservices.com&frm=0&tiba=Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=1398769009.1725524616&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-662878185&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s40-in-f2.1e100.net

Software

cafe /

Resource Hash

77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:36 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 37
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 662878185
td.doubleclick.net/td/rul/ Frame 4790 0
0 278ms
148ms Document
text/html 142.250.64.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/662878185?random=1725524616234&cv=11&fst=1725524616234&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4930v887005625za200zb9191763579&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&hn=www.googleadservices.com&frm=0&tiba=Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=1398769009.1725524616&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dpage_view

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-662878185&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.64.98 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s31-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Sep 2024 08:23:36 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/609297413/ 5 KB
2 KB 479ms
176ms Script
text/javascript 142.251.41.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/609297413/?random=1725524616306&cv=11&fst=1725524616306&bg=ffffff&guid=ON&async=1&gtm=45be4930za200zb9191763579&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&hn=www.googleadservices.com&frm=0&tiba=Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=1398769009.1725524616&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-609297413&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s40-in-f2.1e100.net

Software

cafe /

Resource Hash

c457b0280c7a79b6253d1b0da48dfcaa17548b2cb7ad10b522ceadd0a24e1d71

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:36 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2374
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 609297413
td.doubleclick.net/td/rul/ Frame 5B55 0
0 217ms
153ms Document
text/html 142.250.64.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/609297413?random=1725524616306&cv=11&fst=1725524616306&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4930za200zb9191763579&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&hn=www.googleadservices.com&frm=0&tiba=Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=1398769009.1725524616&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dpage_view

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-609297413&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.64.98 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s31-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Sep 2024 08:23:36 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 activityi;fledge=1;src=10050195;npa=0;auiddc=1398769009.1725524616;ps=1;pcor=1751192483;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4930v9185241837za200zb9191763579;gcd=...
td.doubleclick.net/td/fls/rul/ Frame 3EEF 0
0 166ms
162ms Document
text/html 142.250.64.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/fls/rul/activityi;fledge=1;src=10050195;npa=0;auiddc=1398769009.1725524616;ps=1;pcor=1751192483;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4930v9185241837za200zb9191763579;gcd=13l3l3l3l1l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-10050195&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.64.98 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s31-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Sep 2024 08:23:36 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 activity;src=10050195;npa=0;auiddc=1398769009.1725524616;ps=1;pcor=1751192483;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4930v9185241837za200zb9191763579;gcd=13l3l3l3l1...
ad.doubleclick.net/ 42 B
66 B 425ms
186ms Image
image/gif 142.251.32.102
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/activity;src=10050195;npa=0;auiddc=1398769009.1725524616;ps=1;pcor=1751192483;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4930v9185241837za200zb9191763579;gcd=13l3l3l3l1l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue?

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.32.102 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s77-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:36 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET activity;register_conversion=1;src=10050195;npa=0;auiddc=1398769009.1725524616;ps=1;pcor=1751192483;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4930v9185241837za200zb919...
ad.doubleclick.net/ 0
0

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/729495989/ 5 KB
2 KB 275ms
187ms Script
text/javascript 142.251.41.2
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/729495989/?random=1725524616460&cv=11&fst=1725524616460&bg=ffffff&guid=ON&async=1&gtm=45be4930za200zb9191763579&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&hn=www.googleadservices.com&frm=0&tiba=Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=1398769009.1725524616&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-729495989&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.41.2 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s40-in-f2.1e100.net

Software

cafe /

Resource Hash

33d0064b801e74f2bc70df095ec4fe3fc33957edbd2972af0db48d24385d77cb

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:36 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2395
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 729495989
td.doubleclick.net/td/rul/ Frame 109D 0
0 144ms
142ms Document
text/html 142.250.64.98
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://td.doubleclick.net/td/rul/729495989?random=1725524616460&cv=11&fst=1725524616460&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4930za200zb9191763579&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&hn=www.googleadservices.com&frm=0&tiba=Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=1398769009.1725524616&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dpage_view

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-729495989&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.64.98 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s31-in-f2.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-encoding: br
content-length: 16
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Sep 2024 08:23:36 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 168ms
168ms Image
image/gif 23.34.59.33
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=904f8a42-07c5-49c5-8755-44f60cba7022&session=f50db5a5-1f7f-494c-8c0e-169639716906&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2005%20Sep%202024%2008%3A23%3A36%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2005%20Sep%202024%2008%3A23%3A35%20GMT%22%2C%22timeSpent%22%3A%221009%22%2C%22totalTimeSpent%22%3A%221009%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20uncovered%20a%20fresh%20threat%20-%20Emansrepo%20stealer%2C%20which%20is%20distributed%20via%20multiple%20attack%20chains%20for%20months.%20Learn%20more.%22%2C%22keywords%22%3A%22FortiGuard%20Labs%20Threat%20Research%2Cinfostealer%2Csecurity%20attack%22%2C%22title%22%3A%22Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&pageViewId=25ba4e01-87c2-4604-8005-9108da4164e5&v=1.1.23

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.34.59.33 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-34-59-33.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:36 GMT
x-content-type-options: nosniff
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Thu, 05 Sep 2024 08:23:36 GMT

GET
H2 200 api.min.css
a.omappapi.com/app/js/ 10 KB
3 KB 415ms
140ms Stylesheet
text/css 138.199.40.58
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.css
Requested by: Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 138.199.40.58 New York, United States, ASN60068 (CDN77 _, GB),
Reverse DNS: 138-199-40-58.bunnyinfra.net
Software: BunnyCDN-NY1-885 /
Resource Hash: 0cfd9370969b7a0efbf301652a1cc88f846e92302b25687ae0fb33868ebe3b92

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:37 GMT
content-encoding: br
cdn-edgestorageid: 885
perma-cache: HIT
cdn-storageserver: NY-427
cdn-cachedat: 09/02/2024 14:46:52
cdn-pullzone: 293267
last-modified: Mon, 02 Sep 2024 14:46:12 GMT
server: BunnyCDN-NY1-885
cdn-fileserver: 749
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"66d5cfb4-2644"
vary: Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: a2237db9c0bf338dea8a23b41a75d4cf
cdn-requestcountrycode: US
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 401 39852 Show response
api.omappapi.com/v2/embed/ 165 B
594 B 1332ms
166ms XHR
application/json 172.66.42.248
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v2/embed/39852?d=fortinet.com
Requested by: Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.42.248 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b934ce9883949e7bceb88fa78a354125eefc85715f7e54da8ff529c94ebab0fe

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:38 GMT
via: 1.1 e18d3804375a86d48383ad266efc5b0a.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
x-cache-config: 0 0
x-amz-cf-pop: LAX50-P5
x-cache: Error from cloudfront
content-length: 165
x-user-agent: standard--
server: cloudflare
vary: Accept-Encoding, User-Agent
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=120, stale-while-revalidate=1800
cf-ray: 8be4d17dfce30ad7-LAS
access-control-allow-headers: X-CSRF-Token
x-amz-cf-id: nYN1b7ooZBvvfgnBjHBxSD0nHH57zd1RAvp7TjNgQ2z3nXpCTHzyng==
expires: Thu, 05 Sep 2024 08:25:17 GMT

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 1312ms
107ms Script
text/javascript 104.18.19.71
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trk.techtarget.com/tracking.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.19.71 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:37 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
age: 59336
server: cloudflare
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=1200
cf-ray: 8be4d17e3e4951ee-DEN
expires: Thu, 05 Sep 2024 08:43:37 GMT

GET
H/1.1 200
OK tag.js Show response
abm-tracking.demandscience.com/ 2 KB
2 KB 308ms
102ms Script
application/javascript 52.32.164.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://abm-tracking.demandscience.com/tag.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.32.164.86 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-32-164-86.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: 701769ec99138974c12369fd4acf65a7f99e9a1becbab1e16a89be9859aafc9f

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Thu, 05 Sep 2024 08:23:37 GMT
Last-Modified: Thu, 09 May 2024 12:00:49 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"82b-18f5d3a3d78"
Content-Type: application/javascript; charset=UTF-8
Cache-Control: public, max-age=0
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2091

GET
H2 200 wid.tracker.js Show response
tmp.argusplatform.com/js/ 8 KB
3 KB 462ms
193ms Script
text/javascript 13.107.246.40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://tmp.argusplatform.com/js/wid.tracker.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

13.107.246.40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

b697c4c8e7c22fa7e18ccef66c1bda6610f19ec8c7d1c60fb3696db54ea5362e

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preloadmax-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:37 GMT
content-encoding: br
referrer-policy: same-origin
strict-transport-security: max-age=10886400; includeSubDomains; preloadmax-age=31536000
last-modified: Sat, 08 Jun 2024 11:51:22 GMT
x-content-type-options: nosniff
etag: "28476869"
vary: Accept-Encoding
x-dns-prefetch-control: off
content-type: text/javascript
x-azure-ref: 20240905T082337Z-184d9d8fdbc654n6nrcteuu2nn0000000a8000000000fkda
x-cache: CONFIG_NOCACHE
cache-control: public, must-revalidate, max-age=30
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK js Show response
pixel.mathtag.com/event/ 161 B
711 B 1394ms
125ms Script
text/javascript 216.200.232.253
ZAYO-6461

General

Check archive.org

Show headers Download Go to

Full URL

https://pixel.mathtag.com/event/js?mt_id=1629896&mt_adid=260855&mt_exem=&mt_excl=&v2=&v3=&s1=&s2=&s3=&v1=en:blog:threat-research:emansrepo-stealer-multi-vector-attack-chains:&web_view=true

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

216.200.232.253 Frederick, United States, ASN6461 (ZAYO-6461, US),

Reverse DNS

Software

MT3 1668 f41eadd master ord ord-pixel-x26 config_version:"689" /

Resource Hash

98192c2b3bfd0e66cff07b8ba31ff42de9182144d3e21b9ca258f13da96ee457

Security Headers

Name	Value
Strict-Transport-Security	31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Thu, 05 Sep 2024 08:23:38 GMT
Strict-Transport-Security: 31536000
Referrer-Policy: strict-origin
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: MT3 1668 f41eadd master ord ord-pixel-x26 config_version:"689"
X-Permitted-Cross-Domain-Policies: all
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: text/javascript
Cache-Control: no-cache
Cross-Origin-Resource-Policy: cross-origin
Connection: close
X-XSS-Protection: 0

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 316 KB
104 KB 143ms
142ms Script
application/javascript 142.251.40.168
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-JH142QCQCJ&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-38BQ9XFDT4

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.168 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

108b33aadf97d435b9540de3d6b3c1f28be5e5c787e9d4c43ac9a7f13358fc7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:36 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 106860
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 05 Sep 2024 08:23:36 GMT

GET
H/1.1 200
OK spx Show response
dx.mountain.com/ 23 KB
6 KB 1532ms
134ms Script
application/javascript 52.7.151.245
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=32336&tdr=&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&cb=42150386726805576term=value
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.7.151.245 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-7-151-245.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: 91098738007001be6bd57fa715d6f8c0fd5ffeeb561944b10e0be8b9f9dd50a0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:37 GMT
content-encoding: gzip
server: istio-envoy
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
transfer-encoding: chunked
content-type: application/javascript;charset=utf-8
x-envoy-upstream-service-time: 1
be: spx-prod
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 1425ms
134ms Script
application/javascript 146.75.28.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.28.157 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:38 GMT
content-encoding: gzip
last-modified: Thu, 04 Apr 2024 00:26:35 GMT
x-amz-server-side-encryption: AES256
etag: "bbbcf811d8437a575d796a4c1e5d4fad+gzip"
vary: Accept-Encoding,Host
x-cache: HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15412
x-served-by: cache-iad-kiad7000145-IAD

GET
H2 200 iztag.js Show response
tags.inzynk.io/0ulh3gex/ 18 KB
19 KB 1408ms
149ms Script
application/octet-stream 3.171.139.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.inzynk.io/0ulh3gex/iztag.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 3.171.139.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-3-171-139-70.jfk52.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6f2b0ea5eae7a1034d2c771e7a2119ccc8cb21f97b543e94009574a66b37d4f1

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: yUdOURwg78HOnKKSOf8FFwzQDGLNrfdA
content-encoding
via: 1.1 eea48723a858e610f4ce8d4f4093fc88.cloudfront.net (CloudFront)
date: Wed, 04 Sep 2024 11:10:57 GMT
last-modified: Tue, 03 Sep 2024 11:00:19 GMT
server: AmazonS3
x-amz-cf-pop: JFK52-P8
age: 76362
x-amz-server-side-encryption: AES256
etag: "993865a088d3d16592f96888aa39c6e0"
x-cache: Hit from cloudfront
content-type: application/octet-stream
accept-ranges: bytes
content-length: 18755
x-amz-cf-id: KjMy2qm6PqZXn4KuE3BEJlqLodFTcg6rSL0kzx0nNeRJVDJb4w4a7A==

GET
H2 200 px
secure.adnxs.com/ 43 B
1 KB 152ms
151ms Image
image/gif 68.67.181.211
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/px?id=1773420&t=2

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.181.211 North Bergen, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:36 GMT
an-x-request-uuid: ded4af07-bf88-45c6-aca9-e20421a12df4
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
cache-control: no-store, no-cache, private
x-proxy-origin: 45.13.235.43; 45.13.235.43; 584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 seg
ib.adnxs.com/ 43 B
1 KB 163ms
163ms Image
image/gif 68.67.181.211
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/seg?add=36113683

Protocol

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.181.211 North Bergen, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:36 GMT
an-x-request-uuid: 1cf57a3f-cefb-4744-8c66-452b59ec5718
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 45.13.235.43; 45.13.235.43; 584.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK footer-links.json Show response
www.fortinet.com/content/dam/fortinet-blog/ 310 KB
36 KB 136ms
135ms XHR
application/json 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/footer-links.json

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.ba4f082a77dabb2c6baf715d9eb61c22.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

9c2bfadf1fe546bd3872bf81e8477e95faff0104f3b9b888bc47cff4ffe88a36

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Wed, 04 Sep 2024 21:49:08 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Encoding: gzip
Via: 1.1 d45137f973d454db77c647196f56613a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
X-Vhost: publish
X-Cache: Hit from cloudfront
Age: 4197365
Connection: keep-alive
Content-Length: 35378
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 18:24:37 GMT
Server: Apache
ETag: "4d8dc-61d89b0f78340-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/json
Accept-Ranges: bytes
X-Amz-Cf-Id: CGk98wkqX2NgRDM3c76ovuUw15vOVl7z8TpOL8VF621f1MSIQccw0Q==

GET
H2 200 s03968339419173
metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.27.0-LEWM/ 43 B
372 B 319ms
114ms Image
image/gif 63.140.37.206
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.27.0-LEWM/s03968339419173?AQB=1&ndh=1&pf=1&t=4%2F8%2F2024%2022%3A23%3A36%203%20600&sdid=13340FF1D3801B53-320F716C85415D48&mid=51680099760243602234507669535741015699&aamlh=9&ce=UTF-8&pageName=en%3Ablog%3Athreat-research%3Aemansrepo-stealer-multi-vector-attack-chains%3A%26web_view%3Dtrue&g=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&cc=USD&events=event3&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&v1=www.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&v3=%2B1&c7=Entire%20Site&c8=New&v25=51680099760243602234507669535741015699&v27=BLOG&v33=en%3Ablog%3Athreat-research%3Aemansrepo-stealer-multi-vector-attack-chains%3A%26web_view%3Dtrue&v35=Enabled&v92=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains&v106=Secaucus&v107=New%20Jersey&v108=United%20States&v126=NA&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=ED8739F75677FE917F000101%40AdobeOrg&AQE=1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.37.206 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-63-140-37-206.data.adobedc.net

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Fri, 06 Sep 2024 08:23:37 GMT
server: jag
etag: 3705535901105913856-4618262074051477566
vary: *
p3p: CP="This is not a P3P policy"
access-control-allow-origin: *
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0, no-transform, private
content-length: 43
x-xss-protection: 1; mode=block
expires: Wed, 04 Sep 2024 08:23:37 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/609297413/ 42 B
64 B 230ms
153ms Image
image/gif 142.250.80.36
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/609297413/?random=1725524616306&cv=11&fst=1725523200000&bg=ffffff&guid=ON&async=1&gtm=45be4930za200zb9191763579&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&hn=www.googleadservices.com&frm=0&tiba=Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=1398769009.1725524616&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfrpHuGN2Ubk5B6SUYsnaT6d3_0Xx6dg&random=40533067&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.36 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:37 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/729495989/ 42 B
64 B 214ms
154ms Image
image/gif 142.250.80.36
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/729495989/?random=1725524616460&cv=11&fst=1725523200000&bg=ffffff&guid=ON&async=1&gtm=45be4930za200zb9191763579&gcd=13l3l3l3l1l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&hn=www.googleadservices.com&frm=0&tiba=Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=1398769009.1725524616&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fledge=1&data=event%3Dpage_view&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfufE_QX4c6wRpxNjFsZUdSaJcr9kBOFnVIYhNrrp4BkqyueG_&random=1517076637&rmt_tld=0&ipr=y

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.80.36 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:37 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

OPTIONS
H2 200 site-visitors
intentstream.contanuity.com/api/ Frame 0
0 308ms
101ms Preflight 44.226.187.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://intentstream.contanuity.com/api/site-visitors?pageIdentifier=fortinet_2712

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.226.187.177 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-226-187-177.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: x-pixel-auth
Access-Control-Request-Method: GET
Origin: https://www.fortinet.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Accept,Authorization,Content-Type,If-None-Match,x-pixel-auth
access-control-allow-methods: GET
access-control-allow-origin: https://www.fortinet.com
access-control-expose-headers: WWW-Authenticate,Server-Authorization
access-control-max-age: 86400
cache-control: no-cache
content-length: 0
date: Thu, 05 Sep 2024 08:20:12 GMT
server: nginx
strict-transport-security: max-age=15724800; includeSubdomains

GET
H2 200 fp.min.js Show response
cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/ 33 KB
15 KB 323ms
94ms Script
application/javascript 104.18.186.31
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js

Requested by

Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.186.31 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

99dc3803d1f19c8103f79f834044b2afd4c8af5b7927efbd36b1052d528b40ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 22169
x-jsd-version: 3.4.2
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 15023
x-served-by: cache-fra-etou8220049-FRA, cache-lga21944-LGA
x-jsd-version-type: version
server: cloudflare
etag: W/"83f4-k1lBXMQZh0ZUAAhwylRSOHXBLBY"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m4oPcs4%2BPNyPtj78SVzX3w158cP9zSA520XnM3Vu6IjEJ9tzs42Y3hWttREC130F7X9j0PuL6Vk7%2BysllugU3wcYTFk3a0O%2F9dg3xOTc1THZ6kEaXejAfUEpBeZohac1Xds%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8be4d17bcfe751e3-DEN

GET
H2 200 site-visitors Show response
intentstream.contanuity.com/api/ 115 B
374 B 105ms
104ms Fetch
application/json 44.226.187.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://intentstream.contanuity.com/api/site-visitors?pageIdentifier=fortinet_2712

Requested by

Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.226.187.177 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-226-187-177.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

930494fef37c0c702073ceeddd12da067bba2824f8eba39e1f9a3c5332bec6b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubdomains

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
x-pixel-auth: true

Response headers

date: Thu, 05 Sep 2024 08:20:12 GMT
strict-transport-security: max-age=15724800; includeSubdomains
server: nginx
vary: origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.fortinet.com
access-control-expose-headers: WWW-Authenticate,Server-Authorization
cache-control: no-cache
accept-ranges: bytes
content-length: 115

POST
H2 204 collect
www.google-analytics.com/g/ 0
0 149ms
148ms Fetch
text/plain 142.251.40.238
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-JH142QCQCJ&gtm=45je4930v893708426za200zb9191763579&_p=1725524615032&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=0&cid=949312111.1725524616&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1725524617&sct=1&seg=0&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&dt=Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs&en=page_view&_fv=1&_ss=1&_ee=1&tfd=4737
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JH142QCQCJ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.40.238 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga34s39-in-f14.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:37 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 401 / Show response
pixels.argusplatform.com/wh/track/ 205 B
468 B 908ms
643ms XHR
application/json 13.107.246.40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://pixels.argusplatform.com/wh/track/?site_id=C6AC00C8269540D0ABFF19F1B5558B6D&visitor_id=1725524617388663752&event_type=page_request&timestamp=1725524617&page_title=Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs&page_url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&page_url_referer=

Requested by

Host: tmp.argusplatform.com
URL: https://tmp.argusplatform.com/js/wid.tracker.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

13.107.246.40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

2ed114345dab0a74e1c81b100e3db108ff86464854f3159d005fac67413454b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 05 Sep 2024 08:23:38 GMT
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
x-azure-ref: 20240905T082337Z-184d9d8fdbch9hgkvrp48aqh200000000a90000000003uaw
x-cache: CONFIG_NOCACHE
request-context: appId=cid-v1:ead16ead-3a47-42dd-aec9-91a1bbb42ff5

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 182 KB
66 KB 136ms
136ms Script
application/javascript 142.251.40.168
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-M4NSPPXN

Requested by

Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.251.40.168 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s81-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

337c2d3ec3276e1c58c7ed7d1b3744c9f6e5409aadd7ee32f77f9533c8c7e647

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:37 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 67190
x-xss-protection: 0
last-modified: Thu, 05 Sep 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 05 Sep 2024 08:23:37 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 166ms
165ms Image
image/gif 23.34.59.33
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=904f8a42-07c5-49c5-8755-44f60cba7022&session=f50db5a5-1f7f-494c-8c0e-169639716906&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2005%20Sep%202024%2008%3A23%3A37%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2005%20Sep%202024%2008%3A23%3A36%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%222011%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20uncovered%20a%20fresh%20threat%20-%20Emansrepo%20stealer%2C%20which%20is%20distributed%20via%20multiple%20attack%20chains%20for%20months.%20Learn%20more.%22%2C%22keywords%22%3A%22FortiGuard%20Labs%20Threat%20Research%2Cinfostealer%2Csecurity%20attack%22%2C%22title%22%3A%22Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&pageViewId=25ba4e01-87c2-4604-8005-9108da4164e5&v=1.1.23

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.34.59.33 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-34-59-33.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:37 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Thu, 05 Sep 2024 08:23:37 GMT

GET
H/1.1 200
OK https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue Show response
abm-tracking.demandscience.com/page-tracking/fortinet_2712/ 2 B
665 B 105ms
104ms Script
application/json 52.32.164.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://abm-tracking.demandscience.com/page-tracking/fortinet_2712/https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue?visitorId=0ac9c017dfdd772893a32ead8dfce3c5_1725524617805&&clientId=undefined&&cookieEnabled=true
Requested by: Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.32.164.86 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-32-164-86.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 05 Sep 2024 08:23:37 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Content-Length: 2
Expires: -1

GET
H/1.1 200
OK tracking Show response
tracking.contanuity.com/ 2 B
769 B 311ms
104ms Script
application/json 54.203.236.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.contanuity.com/tracking?visitorId=0ac9c017dfdd772893a32ead8dfce3c5_1725524617805&&clientId=undefined&&cookieEnabled=true
Requested by: Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.203.236.163 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-203-236-163.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Pragma: no-cache
Date: Thu, 05 Sep 2024 08:23:38 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Content-Length: 2
Expires: -1

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 339ms
161ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1247773&r=1725524618023&ref=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://www.fortinet.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Thu, 05 Sep 2024 08:23:38 GMT
expires: Thu, 05 Sep 2024 08:23:38 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: AD-8ljvu7Th4Iwo9m7tXWcKkkVCt0OlaSuJBOjNbatvK6VC_P68QvOIreLWO9HJxP0jJJ_N0FnPxO4-HQA

GET gif.gif
ibc-flow.techtarget.com/a/ 0
0

GET

usersync
tracking.contanuity.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=0ac9c017dfdd772893a32ead8dfce3c5_1725524617805
https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=0ac9c017dfdd772893a32ead8dfce3c5_1725524617805&_bee_ppp=1
https://tracking.contanuity.com/usersync?bwcookie=AAJP3k7NstUAABWwH3mGQQ

0
0

OPTIONS
H2 200 0ulh3gex
analytics.inzynk.io/collect/ Frame 0
0 737ms
246ms Preflight 51.20.153.244
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.inzynk.io/collect/0ulh3gex
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.20.153.244 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-51-20-153-244.eu-north-1.compute.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://www.fortinet.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: HEAD,GET,POST,PUT,DELETE,PATCH,OPTIONS
access-control-allow-origin: *
access-control-max-age: 1800
allow: GET, HEAD, POST, PUT, DELETE, OPTIONS, PATCH
content-length: 0
date: Thu, 05 Sep 2024 08:23:38 GMT
server: nginx
vary: Origin Access-Control-Request-Method Access-Control-Request-Headers

POST
H2 200 0ulh3gex Show response
analytics.inzynk.io/collect/ 166 B
437 B 248ms
246ms Fetch
application/json 51.20.153.244
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.inzynk.io/collect/0ulh3gex
Requested by: Host: tags.inzynk.io
URL: https://tags.inzynk.io/0ulh3gex/iztag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.20.153.244 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-51-20-153-244.eu-north-1.compute.amazonaws.com
Software: nginx /
Resource Hash: b9cc3f9392d09b6694e46b66422f72ce2e809be3009d2cd02c7c67dcb1c5d43a

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

access-control-allow-origin: *
date: Thu, 05 Sep 2024 08:23:39 GMT
server: nginx
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/json

GET
H2

200

emansrepo-stealer-multi-vector-attack-chains
10104846.fls.doubleclick.net/activityi;dc_pre=CKWLzI-wq4gDFR-oywEd7-8n6g;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/ Frame 2182
Redirect Chain

https://10104846.fls.doubleclick.net/activityi;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true;dc...
https://10104846.fls.doubleclick.net/activityi;dc_pre=CKWLzI-wq4gDFR-oywEd7-8n6g;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vect...

0
0

185ms
182ms

Document
text/html

142.251.41.6
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10104846.fls.doubleclick.net/activityi;dc_pre=CKWLzI-wq4gDFR-oywEd7-8n6g;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=${GDPR};gdpr_consent=${GDPR_CONSENT_755};ord=5672558153182.832?

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.41.6 Queens, United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s40-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 2406
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Sep 2024 08:23:38 GMT
expires: Thu, 05 Sep 2024 08:23:38 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Thu, 05 Sep 2024 08:23:38 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://10104846.fls.doubleclick.net/activityi;dc_pre=CKWLzI-wq4gDFR-oywEd7-8n6g;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=${GDPR};gdpr_consent=${GDPR_CONSENT_755};ord=5672558153182.832?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 225 KB
58 KB 280ms
138ms Script
application/x-javascript 31.13.71.7
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.71.7 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-lga3.fbcdn.net

Software

Resource Hash

0055aa18da3581f4a468aaa7257d84f798e0fc070899c8008d9b321b76b98096

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 05 Sep 2024 08:23:38 GMT
document-policy: force-load-at-top
x-fb-server-load: 27
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58953
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: GOOD; q=0.7, rtt=136, rtx=0, c=24, mss=1232, tbw=8060, tp=13, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: bRMZoK3Mn5byiiETBZKanLPbFWFiuAVW1L41hP4wGfi5vl7m5I6PCtH+h7171G4t7ctvWgi/h3xHLeQzJvVJqQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 siteanalyze_6033413.js Show response
siteimproveanalytics.com/js/ 38 KB
12 KB 183ms
94ms Script
application/javascript 172.67.163.237
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://siteimproveanalytics.com/js/siteanalyze_6033413.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 172.67.163.237 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c7e8cbd9d9f4e631663caf054f1744a59dd4e83e48c9c689ed055eb7e355bf59

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:38 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: G02226MQV7VYGDS1
age: 6498
alt-svc: h3=":443"; ma=86400
content-length: 11550
x-amz-id-2: nz4aSsplw3Ae6alm4poW4itWE28cGTYIk9PgD3qGp1m2vKUqkUwW/ivzvpz2kfYRGGHPIq12mWw=
last-modified: Tue, 03 Sep 2024 18:55:37 GMT
server: cloudflare
etag: "8451e15415563cef4e816d6dd250d58a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FVCgLojpgXTzFpHDBw7zexdyarFyas%2BP7nEsFr5VRm1vY1u9TtQKgnC1a7tujBBOhS8UZRSdRsOY1SZ2e9aJA737y2xDNwEVMD%2F63qsjqlQ6s%2BKkSJg6E429QAw4CEuaJSKHpLAwPPIuZ0k%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=86400, no-transform
accept-ranges: bytes
cf-ray: 8be4d1814e711f2c-DEN

GET
H2 200 adsct
t.co/i/ 43 B
469 B 294ms
127ms Image
image/gif 172.66.0.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=eabcfa81-f909-465d-8e27-591c7b7ff2cc&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=00c012d2-8419-4556-ad81-789b06ced9be&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o6ezf&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.0.227 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-response-time: 7
date: Thu, 05 Sep 2024 08:23:38 GMT
strict-transport-security: max-age=0
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif;charset=utf-8
x-transaction-id: 22bbdfe9929edc6f
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 24800b19400df0091e5d92965f0fe68d0c3bf3034f012cbcb6f3110533089cb1
cf-ray: 8be4d18208410ad7-LAS
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
392 B 577ms
111ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=eabcfa81-f909-465d-8e27-591c7b7ff2cc&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=00c012d2-8419-4556-ad81-789b06ced9be&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o6ezf&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_p /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-response-time: 6
date: Thu, 05 Sep 2024 08:23:38 GMT
strict-transport-security: max-age=631138519
server: tsa_p
content-type: image/gif;charset=utf-8
x-transaction-id: 4467249aaa602ff0
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 0d1f18f9c02ee5054b889d0a2c7d2dbdaa46e6e313ca3137cccc4f4edf061007
content-length: 43

GET
H2 200 adsct
t.co/i/ 43 B
623 B 291ms
125ms Image
image/gif 172.66.0.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=cf017cf8-bce9-4271-b77e-75d9cc77a34b&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=00c012d2-8419-4556-ad81-789b06ced9be&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o72wb&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.0.227 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-response-time: 6
date: Thu, 05 Sep 2024 08:23:38 GMT
strict-transport-security: max-age=0
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif;charset=utf-8
x-transaction-id: 6703302f14cb2339
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 51536d2db78baf30d58f12eca6b69ac288e22076f85b19997d52a5cd67a5437a
cf-ray: 8be4d18208400ad7-LAS
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
214 B 587ms
122ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=cf017cf8-bce9-4271-b77e-75d9cc77a34b&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=00c012d2-8419-4556-ad81-789b06ced9be&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o72wb&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_p /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-response-time: 14
date: Thu, 05 Sep 2024 08:23:38 GMT
strict-transport-security: max-age=631138519
server: tsa_p
content-type: image/gif;charset=utf-8
x-transaction-id: 007fc160a0294ee5
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 0d1f18f9c02ee5054b889d0a2c7d2dbdaa46e6e313ca3137cccc4f4edf061007
content-length: 43

GET
H2 200 adsct
t.co/i/ 43 B
467 B 299ms
135ms Image
image/gif 172.66.0.227
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=4448c842-6bd5-4cb1-b762-58301170cdbc&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=00c012d2-8419-4556-ad81-789b06ced9be&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxlzj&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.66.0.227 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-response-time: 16
date: Thu, 05 Sep 2024 08:23:38 GMT
strict-transport-security: max-age=0
cf-cache-status: DYNAMIC
server: cloudflare
content-type: image/gif;charset=utf-8
x-transaction-id: 116eedd55a0db109
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: f23e2837c938003655ee532e4bbe27d03cd2703b637352b9de71e41da859938d
cf-ray: 8be4d182083f0ad7-LAS
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
214 B 577ms
112ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=4448c842-6bd5-4cb1-b762-58301170cdbc&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=00c012d2-8419-4556-ad81-789b06ced9be&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxlzj&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_p /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-response-time: 7
date: Thu, 05 Sep 2024 08:23:38 GMT
strict-transport-security: max-age=631138519
server: tsa_p
content-type: image/gif;charset=utf-8
x-transaction-id: c3a65bc01dab779c
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 0d1f18f9c02ee5054b889d0a2c7d2dbdaa46e6e313ca3137cccc4f4edf061007
content-length: 43

GET
H/1.1 200
OK is Show response
52.71.121.170/ 32 B
437 B 799ms
140ms Fetch
text/plain 52.71.121.170
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://52.71.121.170/is
Requested by: Host: dx.mountain.com
URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=32336&tdr=&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&cb=42150386726805576term=value
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.71.121.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-71-121-170.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: e83d65cc7757c48e6df355cb3336cde53bba267cd5e032085a80162a4320d15b

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:39 GMT
server: istio-envoy
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain;charset=utf-8
access-control-allow-origin: *
x-envoy-upstream-service-time: 1
connection: close
access-control-allow-headers: Accept, Content-Type, x-requested-with, X-Custom-Header
content-length: 32
x-application-context: application:prod:8080

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 166ms
166ms Image
image/gif 23.34.59.33
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=904f8a42-07c5-49c5-8755-44f60cba7022&session=f50db5a5-1f7f-494c-8c0e-169639716906&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2005%20Sep%202024%2008%3A23%3A38%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2005%20Sep%202024%2008%3A23%3A37%20GMT%22%2C%22timeSpent%22%3A%221004%22%2C%22totalTimeSpent%22%3A%223015%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20uncovered%20a%20fresh%20threat%20-%20Emansrepo%20stealer%2C%20which%20is%20distributed%20via%20multiple%20attack%20chains%20for%20months.%20Learn%20more.%22%2C%22keywords%22%3A%22FortiGuard%20Labs%20Threat%20Research%2Cinfostealer%2Csecurity%20attack%22%2C%22title%22%3A%22Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&pageViewId=25ba4e01-87c2-4604-8005-9108da4164e5&v=1.1.23

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.34.59.33 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-34-59-33.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:38 GMT
x-content-type-options: nosniff
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Thu, 05 Sep 2024 08:23:38 GMT

GET
H2 200 tag.aspx Show response
ml314.com/ 38 KB
39 KB 258ms
82ms Script
application/javascript 34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/tag.aspx?48
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: d0e12af8c4e560fe89643639e0c3ed4dc76125c62adeb2879b761d73dbaecf50

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 07:27:35 GMT
via: 1.1 google
age: 3363
x-guploader-uploadid: AD-8ljt8uN0rWh9AY30i_LAllf3B6dFJOCLPZaHnHN4lPE91mUahfad3KxxSCqPt_VIlAzIy9x4AbaOjLQ
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39162
last-modified: Wed, 24 Jul 2024 19:30:50 GMT
server: UploadServer
etag: "632616ff15825f030aab3391a58ef042"
x-goog-generation: 1721849450340665
x-goog-hash: crc32c=6sDw2Q==, md5=YyYW/xWCXwMKqzORpY7wQg==
content-type: application/javascript
cache-id: DEN-2327ed7
cache-control: public,max-age=3600
x-cache-hit: hit
x-goog-stored-content-length: 39162
accept-ranges: bytes

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 415ms
138ms Script
application/javascript 23.44.131.36
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.44.131.36 Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-44-131-36.deploy.static.akamaitechnologies.com

Software

Resource Hash

4e8276aea0a3c7fe3600e6718c7f484d49c347c8d5763d89be95900d526a14da

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:39 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Thu, 22 Aug 2024 11:06:54 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=40211
accept-ranges: bytes
content-length: 14628

GET
H2 200 image.aspx
6033413.global.siteimproveanalytics.io/ 34 B
149 B 638ms
128ms Image
image/gif 54.156.78.110
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://6033413.global.siteimproveanalytics.io/image.aspx?url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&title=Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs&res=1600x1200&accountid=6033413&rt=6214&prev=6694ed7f-300b-4b2e-e631-e98e1ede74e4&luid=92becc8b-fd98-d633-c8af-40ca5e12f1bb&rnd=40239
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.156.78.110 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-156-78-110.compute-1.amazonaws.com
Software: /
Resource Hash: 1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires: Thu, 05 Sep 2024 08:23:39 UTC
date: Thu, 05 Sep 2024 08:23:39 GMT
cache-control: max-age=0
content-length: 34
content-type: image/gif

GET
H2 401 / Show response
webtracker.argusplatform.com/wh/track/ 205 B
469 B 927ms
652ms XHR
application/json 13.107.246.40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://webtracker.argusplatform.com/wh/track/?site_id=C6AC00C8269540D0ABFF19F1B5558B6D&visitor_id=1725524617388663752&event_type=page_request&timestamp=1725524619&page_title=Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs&page_url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&page_url_referer=

Requested by

Host: tmp.argusplatform.com
URL: https://tmp.argusplatform.com/js/wid.tracker.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

13.107.246.40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

2ed114345dab0a74e1c81b100e3db108ff86464854f3159d005fac67413454b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
date: Thu, 05 Sep 2024 08:23:39 GMT
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
x-azure-ref: 20240905T082339Z-184d9d8fdbc7ftfjvqw7va0rpw0000000a8g00000000bz4e
x-cache: CONFIG_NOCACHE
request-context: appId=cid-v1:ead16ead-3a47-42dd-aec9-91a1bbb42ff5

GET
H3 200 177020962864941 Show response
connect.facebook.net/signals/config/ 64 KB
13 KB 138ms
138ms Script
application/x-javascript 31.13.71.7
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/177020962864941?v=2.9.167&r=stable&domain=www.fortinet.com&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

31.13.71.7 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-lga3.fbcdn.net

Software

Resource Hash

a138ac338ac8e4c122b5559b969556c5641a319a0a64b97f8250341cff39812a

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 05 Sep 2024 08:23:38 GMT
document-policy: force-load-at-top
x-fb-server-load: 47
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 13028
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: GOOD; q=0.7, rtt=136, rtx=0, c=77, mss=1232, tbw=71872, tp=70, tpl=0, uplat=0, ullat=-1
pragma: public
x-fb-debug: myQO1pJp3vZerjAQ9yjmOBEDJmURLweFPVdP2zaWEbXi2nGamnu70o+KUUibbApIkCyb6W37slwbVUr88Sr9cw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
269 B 409ms
134ms Image
text/plain 31.13.71.36
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=177020962864941&ev=PageView&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&rl=&if=false&ts=1725524618909&sw=1600&sh=1200&v=2.9.167&r=stable&ec=0&o=4126&fbp=fb.1.1725524618907.860810834288291778&ler=empty&cdl=API_unavailable&it=1725524618751&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.71.36 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-lga3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: GOOD; q=0.7, rtt=61, rtx=0, c=10, mss=1380, tbw=2823, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Thu, 05 Sep 2024 08:23:39 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 470ms
197ms Image
image/png 31.13.71.36
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=177020962864941&ev=PageView&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&rl=&if=false&ts=1725524618909&sw=1600&sh=1200&v=2.9.167&r=stable&ec=0&o=4126&fbp=fb.1.1725524618907.860810834288291778&ler=empty&cdl=API_unavailable&it=1725524618751&coo=false&rqm=FGET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

31.13.71.36 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-01-lga3.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

attribution-reporting-register-trigger: {"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x1df81ccff3911cb6","source_keys":["1"]}],"aggregatable_values":{"1":10922},"filters":{"2":["24:1473595392721544","7830:1473595392721544","10853:1473595392721544","41:1473595392721544","8046:1473595392721544"]},"debug_reporting":true,"debug_key":"1"}
content-encoding: zstd
x-content-type-options: nosniff
content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security: max-age=15552000; preload
document-policy: force-load-at-top
date: Thu, 05 Sep 2024 08:23:39 GMT
x-fb-server-load: 30
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7411071808819688356", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: GOOD; q=0.7, rtt=61, rtx=0, c=10, mss=1380, tbw=3136, tp=-1, tpl=-1, uplat=57, ullat=0
pragma: no-cache
x-fb-debug: K3T6RGjTsEzldEMbIiIeBLnwF3E0JoWEpP4C1O+AqKM6TcfnA4dbfPZYbTNNiNBzR3g6SsZUGnEx+x5KoejAAQ==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7411071808819688356"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 utsync.ashx Show response
ml314.com/ 684 B
1 KB 126ms
124ms Script
application/javascript 34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=54820&ct=js&pi=&fp=&clid=&if=0&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&pv=1725524618949_ntjpck7ci&bl=en-us&cb=4896468&return=&ht=&d=&dc=&si=1725524618949_ntjpck7ci&cid=&s=1600x1200&rp=&v=2.7.4.212
Requested by: Host: ml314.com
URL: https://ml314.com/tag.aspx?48
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 6f53bda1fdac0de979d6d9f12f0d5cf8c103c28b6bc59b467eb61607fa0a6176

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:39 GMT
via: 1.1 google
server: Google Frontend
content-type: application/javascript
p3p: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: 0

GET
H2 200 ibs:dpid=22052&dpuuid=3646791828645085185&redir=
dpm.demdex.net/ 42 B
717 B 108ms
105ms Image
image/gif 52.12.178.187
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3646791828645085185&redir=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.12.178.187 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-12-178-187.us-west-2.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

dcs: dcs-prod-usw2-1-v061-093d94d27.edge-usw2.demdex.com 2 ms
pragma: no-cache
date: Thu, 05 Sep 2024 08:23:39 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: jqDSgfoJQbY=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3

200

csync.ashx
ml314.com/
Redirect Chain

https://idsync.rlcdn.com/395886.gif?partner_uid=3646791828645085185
https://ml314.com/csync.ashx?fp=7ce8ec73a1af6872bc0b67023e393cf8b72d081daacab73203d8ce95d57283e5f4cb09cee1a4f8eb&person_id=3646791828645085185&eid=50082

43 B
56 B

133ms
132ms

Image
image/gif

34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/csync.ashx?fp=7ce8ec73a1af6872bc0b67023e393cf8b72d081daacab73203d8ce95d57283e5f4cb09cee1a4f8eb&person_id=3646791828645085185&eid=50082
Protocol: H3
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-type: image/gif
date: Thu, 05 Sep 2024 08:23:39 GMT
via: 1.1 google
server: Google Frontend
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 06 Sep 2024 08:23:39 GMT

Redirect headers

date: Thu, 05 Sep 2024 08:23:39 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://ml314.com/csync.ashx?fp=7ce8ec73a1af6872bc0b67023e393cf8b72d081daacab73203d8ce95d57283e5f4cb09cee1a4f8eb&person_id=3646791828645085185&eid=50082
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

utsync.ashx
ml314.com/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=d0tro1j&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=d0tro1j&ttd_tpi=1
https://ml314.com/utsync.ashx?eid=53819&et=0&fp=cba7ae33-aeae-449e-87f0-ef5677e84624&gdpr=0&gdpr_consent=

43 B
61 B

128ms
128ms

Image
image/gif

34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/utsync.ashx?eid=53819&et=0&fp=cba7ae33-aeae-449e-87f0-ef5677e84624&gdpr=0&gdpr_consent=
Protocol: H3
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:39 GMT
via: 1.1 google
server: Google Frontend
content-type: image/gif
p3p: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: 0,Fri, 06 Sep 2024 08:23:39 GMT

Redirect headers

location: https://ml314.com/utsync.ashx?eid=53819&et=0&fp=cba7ae33-aeae-449e-87f0-ef5677e84624&gdpr=0&gdpr_consent=
date: Thu, 05 Sep 2024 08:23:39 GMT
server: Kestrel
content-length: 241

GET
H3

200

csync.ashx
ml314.com/
Redirect Chain

https://sync.crwdcntrl.net/map/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3646791828645085185
https://ml314.com/csync.ashx?fp=d2a5c56c6266c141d0a3cc830f4a44ca&eid=50146&person_id=3646791828645085185

43 B
56 B

135ms
134ms

Image
image/gif

34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/csync.ashx?fp=d2a5c56c6266c141d0a3cc830f4a44ca&eid=50146&person_id=3646791828645085185
Protocol: H3
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-type: image/gif
date: Thu, 05 Sep 2024 08:23:39 GMT
via: 1.1 google
server: Google Frontend
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 06 Sep 2024 08:23:39 GMT

Redirect headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:39 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://ml314.com/csync.ashx?fp=d2a5c56c6266c141d0a3cc830f4a44ca&eid=50146&person_id=3646791828645085185
cache-control: no-cache
x-server: 10.40.10.120
content-length: 0
expires: 0

GET
H/1.1

200
OK

match
ps.eyeota.net/
Redirect Chain

https://ps.eyeota.net/pixel?pid=r8hrb20&t=gif
https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif
https://ml314.com/utsync.ashx?eid=50052&et=0&fp=2eIn36uqyDq8GNN9--k327s9fHq40EO95gddpbgED9gw&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3Dr8hrb20%26uid%3Dnil%26referrer_p...
https://ml314.com/csync.ashx?fp=2eIn36uqyDq8GNN9--k327s9fHq40EO95gddpbgED9gw&person_id=3646791828645085185&eid=50052&return=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3Dr8hrb20%26uid%3Dnil%26referre...
https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20

70 B
440 B

130ms
130ms

Image
image/gif

44.218.64.233
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20
Protocol: HTTP/1.1
Server: 44.218.64.233 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-218-64-233.compute-1.amazonaws.com
Software: /
Resource Hash: de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"
Date: Thu, 05 Sep 2024 08:23:40 GMT
Content-Length: 70
Content-Type: image/gif

Redirect headers

date: Thu, 05 Sep 2024 08:23:39 GMT
via: 1.1 google
server: Google Frontend
content-type: image/gif
location: https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20
x-cloud-trace-context: 8cc57087da341f727354c750b3fb7b93
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Fri, 06 Sep 2024 08:23:39 GMT

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
761 B 318ms
141ms XHR
application/json 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=7120%2C2159050%2C4628290&time=1725524619137&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept: *
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:38 GMT
content-encoding: gzip
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: AC603AD2671C414F929C1F2C16D4A293 Ref B: BY3EDGE0111 Ref C: 2024-09-05T08:23:39Z
access-control-allow-methods: GET, OPTIONS
x-li-fabric: prod-ltx1
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
content-type: application/json
x-li-proto: http/2
x-restli-protocol-version: 1.0.0
access-control-allow-headers: *
x-li-uuid: AAYhWwH9XxuCcfF2VZ5KSQ==
x-fs-uuid: 0006215b01fd5f1b8271f176559e4a49

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050%2C4628290&time=1725524619137&li_adsId=fafd0075-a748-407e-9c07-3168e293b117&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-resea...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7120%252C2159050%252C4628290%26time%3D1725524619137%26li_adsId%3Dfafd0075-a748-40...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050%2C4628290&time=1725524619137&li_adsId=fafd0075-a748-407e-9c07-3168e293b117&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-resea...

0
162 B

168ms
167ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050%2C4628290&time=1725524619137&li_adsId=fafd0075-a748-407e-9c07-3168e293b117&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&liSync=true
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:39 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: D175BEAEE8404E2392ADE2792DD855F6 Ref B: BY3EDGE0307 Ref C: 2024-09-05T08:23:39Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYhWwIAYNrbdBLO2Q8U9g==

Redirect headers

strict-transport-security: max-age=31536000
content-security-policy: frame-ancestors 'self'
x-content-type-options: nosniff
date: Thu, 05 Sep 2024 08:23:38 GMT
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-length: 0
x-li-uuid: AAYhWwH9nww1Scq4qN+IFA==
pragma: no-cache
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: E639528B460640579A29FA767317954F Ref B: BY3EDGE0307 Ref C: 2024-09-05T08:23:39Z
x-frame-options: sameorigin
x-li-fabric: prod-lva1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050%2C4628290&time=1725524619137&li_adsId=fafd0075-a748-407e-9c07-3168e293b117&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&liSync=true
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK st Show response
px.mountain.com/ 2 KB
1 KB 408ms
106ms Script
application/javascript 52.89.99.220
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://px.mountain.com/st?ga_tracking_id=G-38BQ9XFDT4%3BG-JH142QCQCJ&ga_client_id=949312111.1725524616&shpt=Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs&ga_info=%7B%22status%22%3A%22OK%22%2C%22ga_tracking_id%22%3A%22G-38BQ9XFDT4%3BG-JH142QCQCJ%22%2C%22ga_client_id%22%3A%22949312111.1725524616%22%2C%22shpt%22%3A%22Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs%22%2C%22dcm_cid%22%3A%22949312111.1725524616%22%2C%22mntnis%22%3A%22vevGmsRgkEM%2BSUurK6MXYRYtUxklB5z5%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A9%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%7D%7D&dcm_cid=949312111.1725524616&available_ga=%5B%7B%22id%22%3A%22G-38BQ9XFDT4%22%2C%22sess_id%22%3A%221725524615%22%7D%2C%7B%22id%22%3A%22G-JH142QCQCJ%22%2C%22sess_id%22%3A%221725524617%22%7D%5D&hardcoded_ga=&dxver=4.0.0&shaid=32336&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&cb=42150386726805576term%3Dvalue&shadditional=sh_conversion%3DSHBLOCK%2Cgoogletagmanager%3Dtrue%2Cga4%3Dtrue%2Cmediamath%3Dtrue%2Cappnexus%3Dtrue
Requested by: Host: dx.mountain.com
URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=32336&tdr=&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&cb=42150386726805576term=value
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.89.99.220 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-89-99-220.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 05960befb16eab59b7dc6a98be196a8079dd6bc83a31c24257fb91e370e1b1b1

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:39 GMT
content-encoding: gzip
server: istio-envoy
transfer-encoding: chunked
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
p3p: CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
x-envoy-upstream-service-time: 2
connection: close

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 164ms
163ms Image
image/gif 23.34.59.33
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=904f8a42-07c5-49c5-8755-44f60cba7022&session=f50db5a5-1f7f-494c-8c0e-169639716906&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2005%20Sep%202024%2008%3A23%3A39%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2005%20Sep%202024%2008%3A23%3A38%20GMT%22%2C%22timeSpent%22%3A%221004%22%2C%22totalTimeSpent%22%3A%224019%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20uncovered%20a%20fresh%20threat%20-%20Emansrepo%20stealer%2C%20which%20is%20distributed%20via%20multiple%20attack%20chains%20for%20months.%20Learn%20more.%22%2C%22keywords%22%3A%22FortiGuard%20Labs%20Threat%20Research%2Cinfostealer%2Csecurity%20attack%22%2C%22title%22%3A%22Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&pageViewId=25ba4e01-87c2-4604-8005-9108da4164e5&v=1.1.23

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.34.59.33 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-34-59-33.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:39 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Thu, 05 Sep 2024 08:23:39 GMT

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
196 B 189ms
187ms XHR
text/plain 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 05 Sep 2024 08:23:39 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: B198046EE4034306A425FAF428FED95E Ref B: BY3EDGE0307 Ref C: 2024-09-05T08:23:39Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
access-control-allow-origin: https://www.fortinet.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYhWwIDEUqSsMkajzzvfQ==

GET
H/1.1 200
OK gs Show response
gs.mountain.com/ 144 B
733 B 412ms
104ms Script
application/javascript 35.81.162.201
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://gs.mountain.com/gs
Requested by: Host: px.mountain.com
URL: https://px.mountain.com/st?ga_tracking_id=G-38BQ9XFDT4%3BG-JH142QCQCJ&ga_client_id=949312111.1725524616&shpt=Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs&ga_info=%7B%22status%22%3A%22OK%22%2C%22ga_tracking_id%22%3A%22G-38BQ9XFDT4%3BG-JH142QCQCJ%22%2C%22ga_client_id%22%3A%22949312111.1725524616%22%2C%22shpt%22%3A%22Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs%22%2C%22dcm_cid%22%3A%22949312111.1725524616%22%2C%22mntnis%22%3A%22vevGmsRgkEM%2BSUurK6MXYRYtUxklB5z5%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A9%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%7D%7D&dcm_cid=949312111.1725524616&available_ga=%5B%7B%22id%22%3A%22G-38BQ9XFDT4%22%2C%22sess_id%22%3A%221725524615%22%7D%2C%7B%22id%22%3A%22G-JH142QCQCJ%22%2C%22sess_id%22%3A%221725524617%22%7D%5D&hardcoded_ga=&dxver=4.0.0&shaid=32336&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&cb=42150386726805576term%3Dvalue&shadditional=sh_conversion%3DSHBLOCK%2Cgoogletagmanager%3Dtrue%2Cga4%3Dtrue%2Cmediamath%3Dtrue%2Cappnexus%3Dtrue
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.81.162.201 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-81-162-201.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 3540f3a8c2c26ac98ec2acda1a9863875315fd32769a30c9b33f8c098593e2fd

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:40 GMT
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: istio-envoy
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
p3p: CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
cache-control: public, max-age=31536000
x-envoy-upstream-service-time: 1
connection: close
access-control-allow-headers: Accept, Content-Type, x-requested-with, X-Custom-Header
content-length: 144
x-application-context: application:prod:8080

GET
H/1.1 200
OK st Show response
px.mountain.com/ 5 KB
2 KB 332ms
132ms Script
application/javascript 52.89.99.220
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://px.mountain.com/st?ga_tracking_id=G-38BQ9XFDT4%3BG-JH142QCQCJ&ga_client_id=949312111.1725524616&shpt=Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs&ga_info=%7B%22status%22%3A%22OK%22%2C%22ga_tracking_id%22%3A%22G-38BQ9XFDT4%3BG-JH142QCQCJ%22%2C%22ga_client_id%22%3A%22949312111.1725524616%22%2C%22shpt%22%3A%22Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs%22%2C%22dcm_cid%22%3A%22949312111.1725524616%22%2C%22mntnis%22%3A%22vevGmsRgkEM%2BSUurK6MXYRYtUxklB5z5%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A9%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%7D%7D&dcm_cid=949312111.1725524616&available_ga=%5B%7B%22id%22%3A%22G-38BQ9XFDT4%22%2C%22sess_id%22%3A%221725524615%22%7D%2C%7B%22id%22%3A%22G-JH142QCQCJ%22%2C%22sess_id%22%3A%221725524617%22%7D%5D&hardcoded_ga=&dxver=4.0.0&shaid=32336&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&shadditional=sh_conversion%3DSHBLOCK%2Cgoogletagmanager%3Dtrue%2Cga4%3Dtrue%2Cmediamath%3Dtrue%2Cappnexus%3Dtrue&cb=1725524619658163&shguid=6f3db30f-db6a-3c61-8345-b5dd4d12382c&shgts=1725524620074
Requested by: Host: px.mountain.com
URL: https://px.mountain.com/st?ga_tracking_id=G-38BQ9XFDT4%3BG-JH142QCQCJ&ga_client_id=949312111.1725524616&shpt=Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs&ga_info=%7B%22status%22%3A%22OK%22%2C%22ga_tracking_id%22%3A%22G-38BQ9XFDT4%3BG-JH142QCQCJ%22%2C%22ga_client_id%22%3A%22949312111.1725524616%22%2C%22shpt%22%3A%22Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs%22%2C%22dcm_cid%22%3A%22949312111.1725524616%22%2C%22mntnis%22%3A%22vevGmsRgkEM%2BSUurK6MXYRYtUxklB5z5%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A9%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%7D%7D&dcm_cid=949312111.1725524616&available_ga=%5B%7B%22id%22%3A%22G-38BQ9XFDT4%22%2C%22sess_id%22%3A%221725524615%22%7D%2C%7B%22id%22%3A%22G-JH142QCQCJ%22%2C%22sess_id%22%3A%221725524617%22%7D%5D&hardcoded_ga=&dxver=4.0.0&shaid=32336&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&cb=42150386726805576term%3Dvalue&shadditional=sh_conversion%3DSHBLOCK%2Cgoogletagmanager%3Dtrue%2Cga4%3Dtrue%2Cmediamath%3Dtrue%2Cappnexus%3Dtrue
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.89.99.220 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-89-99-220.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: d2da3632a66a95a2a5dea629c3b46c317f7bff11a2e1dcba71a0deed01720cb5

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:40 GMT
content-encoding: gzip
server: istio-envoy
transfer-encoding: chunked
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
p3p: CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
x-envoy-upstream-service-time: 29
connection: close

GET
H/1.1

200
OK

tdsync
px.steelhousemedia.com/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=steelhouse&ttd_tpi=1&ttd_puid=27905eb6-6b60-11ef-88e8-b7ae7e2bf7f9&gdpr=&gdpr_consent=
https://px.steelhousemedia.com/tdsync?tdid=cba7ae33-aeae-449e-87f0-ef5677e84624&shguid=27905eb6-6b60-11ef-88e8-b7ae7e2bf7f9

0
319 B

418ms
115ms

Image
text/plain

52.10.121.135
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.steelhousemedia.com/tdsync?tdid=cba7ae33-aeae-449e-87f0-ef5677e84624&shguid=27905eb6-6b60-11ef-88e8-b7ae7e2bf7f9
Protocol: HTTP/1.1
Server: 52.10.121.135 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-10-121-135.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 05 Sep 2024 08:23:40 GMT
server: istio-envoy
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
x-envoy-upstream-service-time: 10
connection: close
access-control-allow-headers: Accept, Content-Type, x-requested-with, X-Custom-Header
content-length: 0

Redirect headers

location: https://px.steelhousemedia.com/tdsync?tdid=cba7ae33-aeae-449e-87f0-ef5677e84624&shguid=27905eb6-6b60-11ef-88e8-b7ae7e2bf7f9
date: Thu, 05 Sep 2024 08:23:40 GMT
server: Kestrel
content-length: 277

GET

v2
usermatch.krxd.net/um/
Redirect Chain

https://insight.adsrvr.org/track/evnt/?adv=6s0zaeu&ct=0:0bi0elf&fmt=3
https://usermatch.krxd.net/um/v2?partner=ttd&partner_uid=ttd&gdpr=0&gdpr_consent=&ttd_tdid=cba7ae33-aeae-449e-87f0-ef5677e84624

0
0

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 164ms
163ms Image
image/gif 23.34.59.33
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=904f8a42-07c5-49c5-8755-44f60cba7022&session=f50db5a5-1f7f-494c-8c0e-169639716906&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2005%20Sep%202024%2008%3A23%3A40%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2005%20Sep%202024%2008%3A23%3A39%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%225019%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20uncovered%20a%20fresh%20threat%20-%20Emansrepo%20stealer%2C%20which%20is%20distributed%20via%20multiple%20attack%20chains%20for%20months.%20Learn%20more.%22%2C%22keywords%22%3A%22FortiGuard%20Labs%20Threat%20Research%2Cinfostealer%2Csecurity%20attack%22%2C%22title%22%3A%22Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&pageViewId=25ba4e01-87c2-4604-8005-9108da4164e5&v=1.1.23

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.34.59.33 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-34-59-33.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:40 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Thu, 05 Sep 2024 08:23:40 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
0 165ms
164ms Fetch
text/plain 142.251.40.238
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-38BQ9XFDT4&gtm=45je4940h2v9191763579za200&_p=1725524615032&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=0&cid=949312111.1725524616&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1725524615&sct=1&seg=0&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&dt=Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs&en=scroll&epn.percent_scrolled=90&_et=68&tfd=8491
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-38BQ9XFDT4
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.40.238 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga34s39-in-f14.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:40 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 164ms
164ms Image
image/gif 23.34.59.33
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=904f8a42-07c5-49c5-8755-44f60cba7022&session=f50db5a5-1f7f-494c-8c0e-169639716906&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2005%20Sep%202024%2008%3A23%3A41%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2005%20Sep%202024%2008%3A23%3A40%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%226020%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20uncovered%20a%20fresh%20threat%20-%20Emansrepo%20stealer%2C%20which%20is%20distributed%20via%20multiple%20attack%20chains%20for%20months.%20Learn%20more.%22%2C%22keywords%22%3A%22FortiGuard%20Labs%20Threat%20Research%2Cinfostealer%2Csecurity%20attack%22%2C%22title%22%3A%22Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&pageViewId=25ba4e01-87c2-4604-8005-9108da4164e5&v=1.1.23

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.34.59.33 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-34-59-33.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:41 GMT
x-content-type-options: nosniff
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Thu, 05 Sep 2024 08:23:41 GMT

POST
H3 204 collect
www.google-analytics.com/g/ 0
0 165ms
165ms Fetch
text/plain 142.251.40.238
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-JH142QCQCJ&gtm=45je4930v893708426za200zb9191763579&_p=1725524615032&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=0&cid=949312111.1725524616&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1725524617&sct=1&seg=0&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&dt=Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs&en=scroll&epn.percent_scrolled=90&_et=15&tfd=9754
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JH142QCQCJ&l=dataLayer&cx=c
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.251.40.238 Queens, United States, ASN15169 (GOOGLE, US),
Reverse DNS: lga34s39-in-f14.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:42 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 164ms
163ms Image
image/gif 23.34.59.33
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=904f8a42-07c5-49c5-8755-44f60cba7022&session=f50db5a5-1f7f-494c-8c0e-169639716906&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2005%20Sep%202024%2008%3A23%3A42%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2005%20Sep%202024%2008%3A23%3A41%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%227020%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20uncovered%20a%20fresh%20threat%20-%20Emansrepo%20stealer%2C%20which%20is%20distributed%20via%20multiple%20attack%20chains%20for%20months.%20Learn%20more.%22%2C%22keywords%22%3A%22FortiGuard%20Labs%20Threat%20Research%2Cinfostealer%2Csecurity%20attack%22%2C%22title%22%3A%22Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&pageViewId=25ba4e01-87c2-4604-8005-9108da4164e5&v=1.1.23

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.34.59.33 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-34-59-33.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:42 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Thu, 05 Sep 2024 08:23:42 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 163ms
162ms Image
image/gif 23.34.59.33
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=904f8a42-07c5-49c5-8755-44f60cba7022&session=f50db5a5-1f7f-494c-8c0e-169639716906&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2005%20Sep%202024%2008%3A23%3A43%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2005%20Sep%202024%2008%3A23%3A42%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%228021%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20uncovered%20a%20fresh%20threat%20-%20Emansrepo%20stealer%2C%20which%20is%20distributed%20via%20multiple%20attack%20chains%20for%20months.%20Learn%20more.%22%2C%22keywords%22%3A%22FortiGuard%20Labs%20Threat%20Research%2Cinfostealer%2Csecurity%20attack%22%2C%22title%22%3A%22Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&pageViewId=25ba4e01-87c2-4604-8005-9108da4164e5&v=1.1.23

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.34.59.33 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-34-59-33.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:43 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Thu, 05 Sep 2024 08:23:43 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 163ms
163ms Image
image/gif 23.34.59.33
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=904f8a42-07c5-49c5-8755-44f60cba7022&session=f50db5a5-1f7f-494c-8c0e-169639716906&event=active_time_track&q=%7B%22currentTime%22%3A%22Thu%2C%2005%20Sep%202024%2008%3A23%3A44%20GMT%22%2C%22lastTrackTime%22%3A%22Thu%2C%2005%20Sep%202024%2008%3A23%3A43%20GMT%22%2C%22timeSpent%22%3A%221014%22%2C%22totalTimeSpent%22%3A%229035%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20uncovered%20a%20fresh%20threat%20-%20Emansrepo%20stealer%2C%20which%20is%20distributed%20via%20multiple%20attack%20chains%20for%20months.%20Learn%20more.%22%2C%22keywords%22%3A%22FortiGuard%20Labs%20Threat%20Research%2Cinfostealer%2Csecurity%20attack%22%2C%22title%22%3A%22Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&pageViewId=25ba4e01-87c2-4604-8005-9108da4164e5&v=1.1.23

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.34.59.33 Edison, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-34-59-33.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 05 Sep 2024 08:23:44 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Thu, 05 Sep 2024 08:23:44 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: cs.lkqd.net
URL: https://cs.lkqd.net/cs?partnerId=109&partnerUserId=80a46442f0&gdpr=0&gdpr_consent=

Domain: sync.smartadserver.com
URL: https://sync.smartadserver.com/getuid?url=https%3A%2F%2Ffei.pro-market.net%2Fengine%3Fsite%3D161185%26size%3D1x1%26du%3D36%26csync%3D[sas_uid]

Domain: www.fortinet.com
URL: blob:https://www.fortinet.com/d4b4959f-db97-4844-9344-300b5531f95d

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=10050195;npa=0;auiddc=1398769009.1725524616;ps=1;pcor=1751192483;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4930v9185241837za200zb9191763579;gcd=13l3l3l3l1l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue?

Domain: ibc-flow.techtarget.com
URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1247773&r=1725524618023&ref=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&version=2.4

Domain: tracking.contanuity.com
URL: https://tracking.contanuity.com/usersync?bwcookie=AAJP3k7NstUAABWwH3mGQQ

Domain: usermatch.krxd.net
URL: https://usermatch.krxd.net/um/v2?partner=ttd&partner_uid=ttd&gdpr=0&gdpr_consent=&ttd_tdid=cba7ae33-aeae-449e-87f0-ef5677e84624

Verdicts & Comments Add Verdict or Comment

163 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

122 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.fortinet.com/	1970-01-21 08:04:20	Name: cookiesession1 Value: 678A3E5C0D50F6370737FC68A700F544
.fortinet.com/	1970-01-21 08:04:20	Name: OptanonConsent Value: isIABGlobal=false&datestamp=Wed+Sep+04+2024+22%3A23%3A34+GMT-1000+(Hawaii-Aleutian+Standard+Time)&version=6.10.0&hosts=&consentId=f661624c-e68d-4fec-8ef1-3cf4b0e5c7a3&interactionCount=0&landingPath=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&groups=C0001%3A1%2CC0002%3A1%2CC0003%3A1%2CC0004%3A1
.fortinet.com/	1969-12-31 23:59:59	Name: at_check Value: true
.demdex.net/	1970-01-21 03:37:56	Name: demdex Value: 51336370114449419754469918940156614427
.fortinet.com/	1969-12-31 23:59:59	Name: AMCVS_ED8739F75677FE917F000101%40AdobeOrg Value: 1
.fortinet.com/	1970-01-20 23:18:46	Name: mboxEdgeCluster Value: 35
.fortinet.com/	1970-01-21 08:54:44	Name: mbox Value: session#a8d0e3e3d1234626b94e84347e5fdba5#1725526476\|PC#a8d0e3e3d1234626b94e84347e5fdba5.35_0#1788769416
.dpm.demdex.net/	1970-01-21 03:37:56	Name: dpm Value: 51336370114449419754469918940156614427
.fortinet.com/	1970-01-21 08:54:44	Name: AMCV_ED8739F75677FE917F000101%40AdobeOrg Value: 179643557%7CMCIDTS%7C19972%7CMCMID%7C51680099760243602234507669535741015699%7CMCAAMLH-1726129414%7C9%7CMCAAMB-1726129414%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1725531814s%7CNONE%7CMCSYNCSOP%7C411-19979%7CvVersion%7C5.5.0
.simpli.fi/	1970-01-21 08:05:47	Name: suid Value: 5EBF1F4FA8014B33BE8B3DBD85B87EAC
.simpli.fi/	1970-01-20 23:28:49	Name: uid_syncd_secure Value: true
.fortinet.com/	1970-01-20 23:20:11	Name: _uetsid Value: 251dfea06b6011efb4fc0f2affe61e22
.fortinet.com/	1970-01-21 08:40:20	Name: _uetvid Value: 251e05e06b6011efa17751d0e927801b
www.fortinet.com/	1970-01-21 08:54:44	Name: _gd_visitor Value: 904f8a42-07c5-49c5-8755-44f60cba7022
www.fortinet.com/	1970-01-20 23:18:59	Name: _gd_session Value: f50db5a5-1f7f-494c-8c0e-169639716906
.bing.com/	1970-01-21 08:40:20	Name: MUID Value: 0AFF1995C31562FE1F3D0D64C29663AE
.bat.bing.com/	1970-01-20 23:28:49	Name: MR Value: 0
.fortinet.com/	1969-12-31 23:59:59	Name: _ce.irv Value: new
.fortinet.com/	1969-12-31 23:59:59	Name: cebs Value: 1
.fortinet.com/	1970-01-20 23:20:11	Name: _ce.clock_event Value: 1
.fortinet.com/	1970-01-21 08:54:44	Name: _ga Value: GA1.1.949312111.1725524616
.fortinet.com/	1970-01-21 01:28:20	Name: _gcl_au Value: 1.1.1398769009.1725524616
.fortinet.com/	1970-01-21 08:54:44	Name: _ga_38BQ9XFDT4 Value: GS1.1.1725524615.1.0.1725524615.0.0.0
.fortinet.com/	1970-01-21 08:54:44	Name: _ga_WW0XD247FL Value: GS1.1.1725524615.1.0.1725524615.60.0.1920428313
www.fortinet.com/	1970-01-20 23:18:44	Name: dicbo_id Value: %7B%22dicbo_fetch%22%3A1725524616134%7D
.openx.net/	1970-01-21 08:04:20	Name: i Value: 2d8930cc-8efc-4846-97dd-fa5e7b3ea809\|1725524616
.tapad.com/	1970-01-21 00:45:08	Name: TapAd_TS Value: 1725524616251
.tapad.com/	1970-01-21 00:45:08	Name: TapAd_DID Value: 40e3f393-7683-4b13-83c8-21294f4f841d
.pubmatic.com/	1970-01-21 00:01:56	Name: KRTBCOOKIE_148 Value: 19421-uid:5EBF1F4FA8014B33BE8B3DBD85B87EAC&KRTB&23486-uid:5EBF1F4FA8014B33BE8B3DBD85B87EAC&KRTB&23489-uid:5EBF1F4FA8014B33BE8B3DBD85B87EAC&KRTB&23539-uid:5EBF1F4FA8014B33BE8B3DBD85B87EAC
.pubmatic.com/	1970-01-21 00:01:56	Name: PugT Value: 1725524614
.exelator.com/	1970-01-21 02:11:32	Name: EE Value: "7ec323e1a25557528b8125d1d6023860"
.yahoo.com/	1970-01-21 08:04:42	Name: A3 Value: d=AQABBIhq2WYCEFl-EVc0etImWFKq90XzwOoFEgEBAQG82mbjZtxT0iMA_eMAAA&S=AQAAAqh1bRLCxW3rYZYtdM_pmk4
.lijit.com/	1970-01-21 08:04:20	Name: ljt_reader Value: JR6XAQZHJyEtpq40S-K3cEOd
.intentiq.com/	1970-01-21 08:54:44	Name: IQver Value: 1.9
.intentiq.com/	1970-01-21 08:54:44	Name: intentIQ Value: 3LHeZLPuZj
.3lift.com/	1970-01-21 01:28:20	Name: tluidp Value: 4502974601454299545918
.3lift.com/	1970-01-21 01:28:20	Name: tluid Value: 4502974601454299545918
.agkn.com/	1970-01-21 08:04:20	Name: ab Value: 0001%3ANg4dr%2Fb34mSNQUQ%2FoDEBb73AdzUpJswj
.adnxs.com/	1970-01-21 01:28:20	Name: XANDR_PANID Value: lZic8N0fwaX0FymsI2bg3PYPgXv-5FWqEekcNSf2AgMxh34gLjpldRZTg64UV4YQ02DtA9alXj4r0XSU_Plx4TPy_yuxWsjSnMbp9LHusAE.
.adnxs.com/	1970-01-21 08:54:44	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-21 01:28:20	Name: uuid2 Value: 461056344061192120
.smaato.net/	1970-01-20 23:48:59	Name: SCM Value: 80a46442f0
.smaato.net/	1970-01-20 23:48:59	Name: SCMv Value: 80a46442f0
.smaato.net/	1970-01-20 23:48:59	Name: SCM1001136 Value: 80a46442f0
.bluekai.com/	1970-01-21 03:39:23	Name: bku Value: blx99/C3tVjdC+yi
.bluekai.com/	1970-01-21 03:39:23	Name: bkpa Value: KJy9nyexd02pSUHknp/8mE1hwtkAwEPaxARhHMHsxEQy1EHY1pBYHECY16HYHeQNxMQlHDae9y9+W9Fp
.pro-market.net/	1970-01-21 03:37:56	Name: anProfile Value: "ge9ckyjaklmr+1+1f=1+1g=1+1j=57:1+rs=s+rt=2D0DEB2B+s2=(sjbzbc)+vm=24-5EBF1F4FA8014B33BE8B3DBD85B87EAC"
.pro-market.net/	1970-01-21 00:01:56	Name: anHistory Value: "ge9ckyjaklmr+2+!#6wM$k#QBi"
.tapad.com/	1970-01-21 00:45:08	Name: TapAd_3WAY_SYNCS Value:
.bfmio.com/	1970-01-21 08:04:20	Name: __141_cid Value: 5EBF1F4FA8014B33BE8B3DBD85B87EAC
.bfmio.com/	1970-01-21 08:04:20	Name: __io_cid Value: b4d1552ae1c8805aaf7a20965f1f59d4d2a7d898
.rubiconproject.com/	1970-01-21 08:04:20	Name: audit_p Value: 1\|Q0GTKlug+8PYKlB0aq3b7yNIG0BZEFerQOPoOm9oY2bgcoYKcsXyyvDcT9i43ZcaUHrE7aHOXCuM1KxoLazIt04KBbjzRD/Y5dDZuxGLGk/+16I1Ioo0uG6J+c6NDcVZ+XP0dxQPIiPSm94Lp3QOKmOj0ZueI6BvSpxNqhhzGypRm99a3bMoP35/bkYCLFZe
.rubiconproject.com/	1970-01-21 08:04:20	Name: khaos Value: M0P0SZ50-1Q-LB3Y
.rubiconproject.com/	1970-01-21 08:04:20	Name: khaos_p Value: M0P0SZ50-1Q-LB3Y
.rubiconproject.com/	1970-01-21 08:04:20	Name: audit Value: 1\|Q0GTKlug+8PYKlB0aq3b7yNIG0BZEFerQOPoOm9oY2bgcoYKcsXyyvDcT9i43ZcaUHrE7aHOXCuM1KxoLazIt04KBbjzRD/Y5dDZuxGLGk/+16I1Ioo0uG6J+c6NDcVZ+XP0dxQPIiPSm94Lp3QOKmOj0ZueI6BvSpxNqhhzGypRm99a3bMoP35/bkYCLFZe
.rubiconproject.com/	1970-01-21 01:28:20	Name: receive-cookie-deprecation Value: 1
.exelator.com/	1970-01-21 02:11:32	Name: ud Value: "eJxrXxzq6XKLQcE8NdnYyDjVMNHI1NTU3NTIIsnC0Mg0xTDFzMDI2MLMYHFZatGCpaXFqSlJh5ZU5JTkNK0uiw91jHdz9PX0iVzmnFGUn5u6AiwU5hq02NDIYkl%252BUWb6otDgxUUpaQyLSopPBZ94sAQAVegqDA%253D%253D"
.fortinet.com/	1970-01-20 23:20:11	Name: _ce.clock_data Value: 248%2C45.13.235.43%2C1%2C9d1d68e5c1dc3c213377efe8cbc2564a%2CChrome%2CUS
.fortinet.com/	1969-12-31 23:59:59	Name: cebsp_ Value: 1
.lijit.com/	1970-01-21 08:04:20	Name: _ljtrtb_2 Value: 5EBF1F4FA8014B33BE8B3DBD85B87EAC
.fortinet.com/	1970-01-21 08:04:20	Name: _ce.s Value: v~db5a3ef27260b505b3c840328667793b437b0fec~lcw~1725524616553~lva~1725524615749~vpv~0~v11.cs~424000~v11.s~25b5ab30-6b60-11ef-bd9a-1baab37824d6~lcw~1725524616556
.crwdcntrl.net/	1970-01-21 05:47:31	Name: _cc_dc Value: 0
.crwdcntrl.net/	1970-01-21 05:47:31	Name: _cc_id Value: d2a5c56c6266c141d0a3cc830f4a44ca
.analytics.yahoo.com/	1970-01-21 08:04:20	Name: IDSYNC Value: 176k~2kiw
.intentiq.com/	1970-01-21 08:54:44	Name: CSDT Value: UEQ6MTAwNDNfMCZVTlVEUlJv
.intentiq.com/	1970-01-21 08:54:44	Name: intentIQCDate Value: 1725524616510
.intentiq.com/	1970-01-21 08:54:44	Name: IQPData Value: 755886891#1725524616508#0#1725524616508
.intentiq.com/	1970-01-21 08:54:44	Name: ASDT Value: 0
.adnxs.com/	1970-01-21 01:28:20	Name: anj Value: dTM7k!M4.FE:2jUF']wIg2C$GjeoT-!]tbPl1N!7OnM$=BX01fo(5[e9LbLcxP%Eka#@wdXGLPfn50Lfmqnei=61(qM3Xi(j#iP(Md+>)fyDMQHKX
.ads.stickyadstv.com/	1970-01-21 00:01:56	Name: UID Value: d44379d19e6f1fcda7eb0ad2523b5c0
.ads.stickyadstv.com/	1970-01-20 23:20:11	Name: uid-bp-26865 Value: 5EBF1F4FA8014B33BE8B3DBD85B87EAC
www.fortinet.com/	1970-01-21 08:54:44	Name: _omappvp Value: D0JwYLAlXHrFGw4RICICFnaWamRwMxnkpVPCR01xRsPwrZHfogXFeBc7bcqPt3rwf6XhHcdqat8Hszjfm0WGc4q1zg9OjoHq
www.fortinet.com/	1970-01-20 23:18:45	Name: _omappvs Value: 1725524616703
.fortinet.com/	1970-01-20 23:18:46	Name: gpv_pn Value: www.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue
.fortinet.com/	1970-01-21 01:28:20	Name: s_getNewRepeat Value: 1725524616833-New
.fortinet.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.doubleclick.net/	1970-01-21 08:54:44	Name: IDE Value: AHWqTUnfN5bo7cKNL1ZTwhoTZWbLbrwOAMlohoI6lw7oQe_tdUY7kf-QIwHeXth05dU
.doubleclick.net/	1970-01-21 03:37:56	Name: receive-cookie-deprecation Value: 1
.agkn.com/	1970-01-21 08:04:20	Name: u Value: C\|0AAAAAAAALmwnCAAAAAAA
www.fortinet.com/	1970-01-20 23:28:49	Name: AWSALB Value: 8ZdXQ5lCVtO0bVlYAycSaqDh7DjK0LxGwlmvRrChfChMz4QgBdfWYfMmzDp1HNv8EvWKTZMR1/Gk8qx974FvESv+fKuWnHjGfFr0SCbt1uDwbsr01rk16BB7qEzTV9OOmlnz1wPLubYoUW/IK8heHsmIUqxox/qBKqMAzPkHDY6luVQ5UwT5zMWksQnwjrTwTJLA3bAt6HNgaEGcrxpGymLT0KjuOuxC
www.fortinet.com/	1970-01-20 23:28:49	Name: AWSALBCORS Value: eWWWXrZITSBGB2i2tEILfj6ptYmqi91QO4sVTdHYZ5XjVaHEoYMSOvSn1lXaq8GU9lF7BUujMfMDZ8UVZjt3JMPmjT7IRZg0RD8HnR8TdHamdLEkZcBuun6KdkJkA88t1S4XsO028MqMQNDlFvwZYhQ2ny9c47v/CRpENv7LFhYilYwLNFs0ZThHEQwKGINI/OHyS8+8agLF1dHDfhsSWHxNOcwnw3sS
.pippio.com/	1970-01-21 08:04:20	Name: did Value: nMsQHFAJOjq06h0D
.pippio.com/	1970-01-21 08:04:20	Name: didts Value: 1725524616
.pippio.com/	1970-01-21 00:45:08	Name: nnls Value:
.pippio.com/	1970-01-21 00:45:08	Name: pxrc Value: CIjV5bYGEgYIgr0rEAA=
.fortinet.com/	1970-01-21 08:54:44	Name: _ga_JH142QCQCJ Value: GS1.1.1725524617.1.0.1725524617.0.0.0
.linkedin.com/	1970-01-21 01:28:20	Name: li_sugr Value: 0650023d-5d9e-458f-a4d7-17d2e2a91493
.linkedin.com/	1970-01-21 08:04:20	Name: bcookie Value: "v=2&8996ca76-7a87-4799-8188-dd99ccd5321d"
.linkedin.com/	1970-01-20 23:20:11	Name: lidc Value: "b=VGST08:s=V:r=V:a=V:p=V:g=3013:u=1:x=1:i=1725524617:t=1725611017:v=2:sig=AQFWV4JP2ENU3n31njsCmaPXMDgwFG4y"
.www.fortinet.com/	1970-01-21 08:04:20	Name: WID_VISITOR_ID Value: 1725524617388663752
abm-tracking.demandscience.com/	1970-01-21 08:54:44	Name: userId Value: 0ac9c017dfdd772893a32ead8dfce3c5_1725524617805
.techtarget.com/	1970-01-20 23:18:46	Name: __cf_bm Value: 8LguLbCAEQdEkZ_cgt3f4VgNJ58n3IURNthflV4STo8-1725524617-1.0.1.1-MNsVfTPbQCpH6Jp1Ez2MWnbWToWL9.znzORahywmj2KBK6fwakuGHYhgnNpfvIpa8roEEj_mTHAcjOEWdO6OcQ
tracking.contanuity.com/	1970-01-21 08:54:44	Name: userId Value: 0ac9c017dfdd772893a32ead8dfce3c5_1725524617805
tracking.contanuity.com/	1970-01-21 08:54:44	Name: clientId Value: undefined
www.fortinet.com/	1970-01-20 23:20:12	Name: aa_cc Value: US
www.fortinet.com/	1970-01-20 23:20:12	Name: aa_cn Value: United%20States
www.fortinet.com/	1970-01-20 23:20:12	Name: 6scexist Value: true
.fortinet.com/	1970-01-21 08:54:44	Name: nmstat Value: 6694ed7f-300b-4b2e-e631-e98e1ede74e4
.t.co/	1970-01-21 08:54:44	Name: muc_ads Value: 69100adf-5c1d-4521-8978-1a2cb337dcd4
.t.co/	1970-01-20 23:18:46	Name: __cf_bm Value: ss468Z1mUXe5OEiKbntNIr47qzdJFygJ41tV1n0044M-1725524618-1.0.1.1-UOUNh.rF0pEtXvh8n775tSNhJ5IhcLB73HQ_55Nc3vR3pA6ZodPHnX7VxOZOcArut.ELsLJlzdx2z87kGz_8yA
.bidr.io/	1970-01-21 08:47:18	Name: bito Value: AAJP3k7NstUAABWwH3mGQQ
.bidr.io/	1970-01-21 08:47:18	Name: bitoIsSecure Value: ok
.fortinet.com/	1970-01-21 01:28:20	Name: _fbp Value: fb.1.1725524618907.860810834288291778
.twitter.com/	1970-01-21 08:54:44	Name: personalization_id Value: "v1_DftGFbsOKMJlZ19vr62ATg=="
.ml314.com/	1970-01-21 08:04:20	Name: pi Value: 3646791828645085185
.ml314.com/	1970-01-20 23:38:54	Name: tp Value: 4%253B09%252F05%252F2024%2B08%253A23%253A39%253B0
.rlcdn.com/	1970-01-21 08:04:20	Name: rlas3 Value: 1I1RHNux8DbSxPQqoCU2CuiBxazO8UJO9e26/kjofMU=
.rlcdn.com/	1970-01-21 00:45:08	Name: pxrc Value: CIjV5bYGEgUI6AcQABIFCOhHEAASBQjbThAD
www.fortinet.com/	1970-01-21 08:04:20	Name: izcid Value: 1725524625129
www.fortinet.com/	1970-01-21 08:04:20	Name: iztid Value: 1725524627776
.linkedin.com/	1970-01-21 00:01:56	Name: UserMatchHistory Value: AQLnFy7noEQiUQAAAZHBSDAPUx9YB2OCRFjCLRoL7haHv6QnuFA8eOzNZUr8v3Ey3GEs9xi1Q2-gHg
.linkedin.com/	1970-01-21 00:01:56	Name: AnalyticsSyncHistory Value: AQK0x0RP0zjoGAAAAZHBSDAPWv2wzwPAdu5yUEYa1UsUVLXi8nA4s1hhDStImn0e7U4fUVXHS4kXaLuoupGKvg
.doubleclick.net/	1970-01-21 00:01:56	Name: ar_debug Value: 1
.adsrvr.org/	1970-01-21 08:04:20	Name: TDID Value: cba7ae33-aeae-449e-87f0-ef5677e84624
.www.linkedin.com/	1970-01-21 08:04:20	Name: bscookie Value: "v=1&20240905082339619680a2-822e-422f-8473-cee8792598aeAQG3aUN_pmX7-y1zavp_jzuJpEIuQGxY"
.eyeota.net/	1970-01-21 08:04:20	Name: mako_uid Value: 191c1483114-661d0000010a540e
.eyeota.net/	1970-01-20 23:18:45	Name: SERVERID Value: 21518~DM
.ml314.com/	1970-01-20 23:18:44	Name: u Value: aHR0cHM6Ly93d3cuZm9ydGluZXQuY29tLw%3D%3D
.mountain.com/	1970-01-21 08:04:20	Name: guid Value: 27905eb6-6b60-11ef-88e8-b7ae7e2bf7f9
.px.mountain.com/	1970-01-21 08:04:20	Name: tt Value: "H4sIAAAAAAAAAKtW8guKNzYyNjaLNzK3NFayMtBRgnItjC2UrAzNjUxNjUzMjAyMLYx1lMqUrIx0kLSA1RjUAgD3Raw5RgAAAA=="
.mountain.com/	1970-01-21 08:04:20	Name: rt Value: "MzIzMzY6MTcyNTUyNDYyMA=="
.adsrvr.org/	1970-01-21 08:04:20	Name: TDCPM Value: CAESFgoHZDB0cm8xahILCJiP_L7C46Y9EAUSEwoEa3J1eBILCLj3vOmIsZs9EAUYBSgBMgsI_s2V9tjjpj0QBUIVIhMIARIPCgtOTyBUcnVPcHRpaxABWgc2czB6YWV1YAFyBGtydXg.

7 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://cs.lkqd.net/cs?partnerId=109&partnerUserId=80a46442f0&gdpr=0&gdpr_consent= Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED
network	error	URL: https://api.omappapi.com/v2/embed/39852?d=fortinet.com Message: Failed to load resource: the server responded with a status of 401 ()
network	error	URL: https://pixels.argusplatform.com/wh/track/?site_id=C6AC00C8269540D0ABFF19F1B5558B6D&visitor_id=1725524617388663752&event_type=page_request&timestamp=1725524617&page_title=Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs&page_url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&page_url_referer= Message: Failed to load resource: the server responded with a status of 401 ()
javascript	error	URL: https://www.fortinet.com/blog/threat-research/emansrepo-stealer-multi-vector-attack-chains?&web_view=true Message: Access to XMLHttpRequest at 'https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1247773&r=1725524618023&ref=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&version=2.4' from origin 'https://www.fortinet.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1247773&r=1725524618023&ref=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&version=2.4 Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://webtracker.argusplatform.com/wh/track/?site_id=C6AC00C8269540D0ABFF19F1B5558B6D&visitor_id=1725524617388663752&event_type=page_request&timestamp=1725524619&page_title=Emansrepo%20Stealer%3A%20Multi-Vector%20Attack%20Chains%20%7C%20FortiGuard%20Labs&page_url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Femansrepo-stealer-multi-vector-attack-chains%3F%26web_view%3Dtrue&page_url_referer= Message: Failed to load resource: the server responded with a status of 401 ()
network	error	URL: https://usermatch.krxd.net/um/v2?partner=ttd&partner_uid=ttd&gdpr=0&gdpr_consent=&ttd_tdid=cba7ae33-aeae-449e-87f0-ef5677e84624 Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10104846.fls.doubleclick.net
6033413.global.siteimproveanalytics.io
a.omappapi.com
a.opmnstr.com
aa.agkn.com
abm-tracking.demandscience.com
ad.doubleclick.net
ads.stickyadstv.com
amplify.outbrain.com
analytics.google.com
analytics.inzynk.io
analytics.twitter.com
api.omappapi.com
assets.adobedtm.com
b.6sc.co
bat.bing.com
bcp.crwdcntrl.net
c.6sc.co
cdn.cookielaw.org
cdn.jsdelivr.net
ce.lijit.com
cm.everesttech.net
cm.g.doubleclick.net
connect.facebook.net
cs.lkqd.net
d.agkn.com
dpm.demdex.net
dx.mountain.com
eb2.3lift.com
epsilon.6sense.com
fortinet.demdex.net
fortinet.tt.omtrdc.net
geolocation.onetrust.com
googleads.g.doubleclick.net
gs.mountain.com
i.simpli.fi
ib.adnxs.com
ibc-flow.techtarget.com
idsync.rlcdn.com
image2.pubmatic.com
intentstream.contanuity.com
ipv6.6sc.co
j.6sc.co
loadm.exelator.com
match.adsrvr.org
metrics.fortinet.com
ml314.com
pippio.com
pixel.mathtag.com
pixel.rubiconproject.com
pixel.tapad.com
pixels.argusplatform.com
ps.eyeota.net
px.ads.linkedin.com
px.mountain.com
px.steelhousemedia.com
script.crazyegg.com
secure.adnxs.com
simplifi.partners.tremorhub.com
siteimproveanalytics.com
snap.licdn.com
stags.bluekai.com
static.ads-twitter.com
stats.g.doubleclick.net
sync.1rx.io
sync.bfmio.com
sync.crwdcntrl.net
sync.intentiq.com
sync.smartadserver.com
t.co
tag.simpli.fi
tags.inzynk.io
td.doubleclick.net
tmp.argusplatform.com
tr.outbrain.com
tracking.contanuity.com
tracking.crazyegg.com
trk.techtarget.com
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
usermatch.krxd.net
wave.outbrain.com
webtracker.argusplatform.com
www.facebook.com
www.fortinet.com
www.google-analytics.com
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
ad.doubleclick.net
cs.lkqd.net
ibc-flow.techtarget.com
sync.smartadserver.com
tracking.contanuity.com
usermatch.krxd.net
www.fortinet.com
104.18.186.31
104.18.19.71
104.18.86.42
104.19.147.8
104.244.42.131
107.178.254.65
108.138.128.14
13.107.246.40
13.107.42.14
138.199.40.58
142.250.64.98
142.250.80.36
142.251.111.154
142.251.32.102
142.251.35.162
142.251.40.168
142.251.40.226
142.251.40.238
142.251.41.2
142.251.41.6
146.75.28.157
15.197.193.217
150.171.28.10
172.64.155.119
172.66.0.227
172.66.42.248
172.67.163.237
18.164.116.64
18.173.219.73
216.200.232.253
216.239.36.181
23.34.59.26
23.34.59.33
23.44.131.36
23.45.193.200
23.45.193.57
23.46.225.71
3.12.250.89
3.171.139.70
3.209.1.129
3.225.218.10
31.13.71.36
31.13.71.7
34.111.113.62
34.111.208.231
34.117.77.79
34.171.234.26
34.171.47.125
34.206.18.6
34.229.3.43
35.244.154.8
35.244.159.8
35.81.162.201
44.193.146.17
44.197.150.112
44.199.160.6
44.218.64.233
44.226.187.177
44.232.177.153
51.20.153.244
52.10.121.135
52.12.178.187
52.204.142.153
52.223.22.214
52.32.164.86
52.7.151.245
52.71.121.170
52.89.99.220
54.156.78.110
54.203.236.163
63.140.36.145
63.140.37.206
63.251.28.231
68.67.181.211
69.173.151.100
69.194.240.13
70.42.32.31
76.223.9.105
8.28.7.83
0055aa18da3581f4a468aaa7257d84f798e0fc070899c8008d9b321b76b98096
01e743b563a6d4824bb08b2ac0786e559b44edc45f34482a2cd6cf906c8a91a8
02e0f950027001966b6c2cfc4701373f6328aaf56cf6b6c1fdca103b63e1a6bf
05444ba298774a31341ba7328751fd52756e1b69b7751ea61c4e4f1f2223f711
05960befb16eab59b7dc6a98be196a8079dd6bc83a31c24257fb91e370e1b1b1
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0be6763ca3bff1568298c07fb98f2461cc386d6dba8da56672e202ce93259bb7
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0cfd9370969b7a0efbf301652a1cc88f846e92302b25687ae0fb33868ebe3b92
0f03d4ff929986a3cde83681fd2560eae544f7138f59945ec6ec32c17800ca91
0fcc95d9950ffc82f18f6e48f9c75fba09e7314ec51bb396b7869132f180c0fb
108b33aadf97d435b9540de3d6b3c1f28be5e5c787e9d4c43ac9a7f13358fc7a
1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
1fb93e8d559973a16136a554027cca2f77e925be68022f28cc8e958ca957aeb1
24074dc77aeb66572b3e64e277fadac095692c96ff380b4bf38e95258c40810e
280fd339ad1171cff9dcff91030a2e3c5745256398873f972055100232ac60bd
29e9c208e6c64431d22659befba8a26fc57d7d6bdef46569cf6342dcec64a560
2ed114345dab0a74e1c81b100e3db108ff86464854f3159d005fac67413454b7
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
31d6054f4cebe92ef8a8fc86786530c89609f38b2e86dac373dfa8d3b7913e30
337c2d3ec3276e1c58c7ed7d1b3744c9f6e5409aadd7ee32f77f9533c8c7e647
33d0064b801e74f2bc70df095ec4fe3fc33957edbd2972af0db48d24385d77cb
3540f3a8c2c26ac98ec2acda1a9863875315fd32769a30c9b33f8c098593e2fd
370df1cc8999c1e03fc1c5f7ced35334513d19233d1fc79d2c1c7f711361565d
37a5679e4a3ebd771a597c76571dd5de48d722a2bb958fb39e7bd40e7013e1e4
3af1db717cba2620a17a0109499f2f89fc9be2d2747bbbe71f2c5a90f419dd8d
3c011f927be0655f3338c6e35aac0db7272bc89b9b2c7a05f80b90904e377265
3d7e83ca66efbfc6f42c2975c5b4b42618f6cfbed629f7564365869a93b6285d
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3ee4da8b7fc441001353406e82822f67bd0005b486e4477d1e8a966343ed2d10
4064a15647196b03fa05bcc7e8654abf8098a7e9a975e5c70cb4018423d0e54a
42d156c4b4e8abba51629a7ab1190764fcb1e1b4cea16a4312f9277798f637fd
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4748d8ba70e19bee66f12a8c53294eded94e972cbfd6ac864beae7a6b971166d
480e3b349655b6f17b20ec546c300957cad9ffd98b2d29be29db79422ededc52
4a5abd98fd6a0d0e6c2c77db16712845786b30184060754fdff35aabbd80e930
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4e32f92e3b5f92f612eeb1b1eb5a306f82ed9c0de06e6e720fe63bef05645a63
4e8276aea0a3c7fe3600e6718c7f484d49c347c8d5763d89be95900d526a14da
50377d1d3e7dcb2c8298feb8d2505099df1957e3700a358b993b4cf443fd36e8
519c51ffa830c7d2747f3deae567a700c61d49aa95e63111a4701b1ee2065f88
52163d0f5da50fcfaeff240157a410384cb9dffa7697855446a46802c9b74714
541c13842ef2506d4da9a6c35d5ada095cfb7c0d158d2ec692a2310d22b481f6
5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d
5de24f6905efe766e86335f914ac029e3dbd4426a173cdefab7f51adfc5b264d
60508fca4a54390790c68f6ec949502d38dbf037230c8e5cfa972b134d68a24c
650775e181c10044ffe36f84754d568229f3330b579f3cb88adc49556279e645
65865fa1f3eaefb3c3c8b0ac41aa3230698ca25012dca027616b6183d6489afd
699fc0f99797d942c6616f51960b325ab291dec6a181332b4f21cc79fce59d7e
6d0291f90718dc0537f65dc6a4f68d8e75f0a8a3a0b62836d9cf41350ecaf552
6ea393f38b217e5fd56f2929268b03a2aad79b8b5b345917503518c709b6b23f
6f2b0ea5eae7a1034d2c771e7a2119ccc8cb21f97b543e94009574a66b37d4f1
6f53bda1fdac0de979d6d9f12f0d5cf8c103c28b6bc59b467eb61607fa0a6176
701769ec99138974c12369fd4acf65a7f99e9a1becbab1e16a89be9859aafc9f
741fb3582ff36b968944a0a851a8ae823a82c25277d2542539211e4f11cbed72
74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b
77d5fe96defd6c8c1e3b0466b4827cf83dc7e5c727a10177e115d25132fa86f6
7844854a2c3fa8ec3edf34d6e3dcaeb1a65c271f4b3c5aa379e5c8704fe6d97f
7a23e0e46e16f067271bc79c92a917c13769848457d16cdf109e4dc04c687e8f
7ad0607daba7c0ddecacb3c696099e761076f147549440a7b3c4baa8f67ddaac
7b1e74dd6970b56853dfd79e59ba73315051b0c59a69c6a9fd87e515650fdc80
8489534bde4ad3c3cedebecd11b9babe653de6b413922ec2b877c5bfcb33ee3e
8998282f5a80fff5eaafdbd457dd7a81af0cd7c8696bfe032a6aeef8fe67f99f
8cdca3b36914e8a3f56390da71389944579faaae82704e53bd66f9c0387502f6
8db92e7cdc1ad40168c42e93b05d842e056d8a5b83ae96b95d2b1c546f828196
8f111bc178f111a8a4f4e3fc8a0fd591cdbfb4e79059bac3026ad220694005ed
91098738007001be6bd57fa715d6f8c0fd5ffeeb561944b10e0be8b9f9dd50a0
930494fef37c0c702073ceeddd12da067bba2824f8eba39e1f9a3c5332bec6b6
94633716497a85d800b6e573953942c4cfe483c0dbd68fa97fd01dd97ced5d66
974f74e012cf126d9589716838cd7751d2fb9e334390512d887cfe27ca2ebb01
98192c2b3bfd0e66cff07b8ba31ff42de9182144d3e21b9ca258f13da96ee457
986226d3ad33c6576451130ae1ab140ab003dfbd8338288057e3c640b575b65a
99dc3803d1f19c8103f79f834044b2afd4c8af5b7927efbd36b1052d528b40ae
9a54e6b1253d785972ccaab75a888119d13083bfb1f80343aef9454d5cd5bb6d
9c2bfadf1fe546bd3872bf81e8477e95faff0104f3b9b888bc47cff4ffe88a36
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a138ac338ac8e4c122b5559b969556c5641a319a0a64b97f8250341cff39812a
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a808eb7e84c97d954809a0e335f91f415a9abe4d6b670f8d7a7e5a4f639cc31c
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
ab49d08c588585e401e9dfee028674612a67858365d6f0e0a2f79769d69d0403
abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
adc927ab8e07d22f6baf437633c277fd0fa3809cf50c7f74cf10a1f49eb8b1e6
b0a827d3664061f388027e1b0846aa7a866d655aad5145c2c1cc97503877fa79
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b3bce010c0f5a7c24a82ae511194baf67bf8c2cee737a3a118f6b9590d322b15
b51f3497b0a65f1e1e87e75f5e7e823d871c23bcf76a5ee4101783c8f939e553
b697c4c8e7c22fa7e18ccef66c1bda6610f19ec8c7d1c60fb3696db54ea5362e
b791325b42339ccebed7764c4ffb4605cae7dd39aef04a3f2391a2dd81ddced4
b934ce9883949e7bceb88fa78a354125eefc85715f7e54da8ff529c94ebab0fe
b97c99a69a6275c8f90703cd4c0864089a74fd08383a1cc75a8a4d0c2cb60cce
b9cc3f9392d09b6694e46b66422f72ce2e809be3009d2cd02c7c67dcb1c5d43a
ba8f225c17e1130812e2f74f3a5f8f01a94fa0aea0f815e1c06c6505e26187a8
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bee6553d58ab615b2a4d6b4eb1b4f703d0d5484f1d425f9c0b00083d9df01ba8
c3986d134169941936f4a0df0f92d10f80110e430da407dec44a07556a86e7be
c457b0280c7a79b6253d1b0da48dfcaa17548b2cb7ad10b522ceadd0a24e1d71
c6bcc71f8a9f5497ccc35e3aa16e00110504488fef71fffea99853274f9d7c86
c7e8cbd9d9f4e631663caf054f1744a59dd4e83e48c9c689ed055eb7e355bf59
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cb2cb8142acaa6b910a75ae3d13d9977560689d2b99cabb2d48d33acd83ac36d
cb9dcd01ab0b09c31bb9a3c89a5dcf1c29451a41a176b539ee3ff05df3347e6f
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cfc976fb91d959f5f04f5346aa60ab1e1d967e1ae45df6e5ee37c10722a31455
d01bd59c5be877b4fd0d5a1475bd63e96df4f0beb4dd483b61f55ae63ad1101e
d091f3a99eef1f19c9b726a738a4f5efcbd3a95151a8e9401b98d5e0d070abb4
d0e12af8c4e560fe89643639e0c3ed4dc76125c62adeb2879b761d73dbaecf50
d18b3c9feb76c3c1cfdcc51c732f113327e3c33fb3f63b479951f7da6ed1216f
d19a86ab6143919f238ef42dc0396845f389c51077d40a68a12ffc2fc9c8eb60
d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17
d2da3632a66a95a2a5dea629c3b46c317f7bff11a2e1dcba71a0deed01720cb5
d5d7cfea851c57974530d66be25cf0d2c3083890c30e297ac32fadc3669e7502
d8879628262ee8c2ad70574c11ca7ce6a1220d8aa73f91e7e38e1f7a4edaaacf
db058d72d7ba8ff6ed7209af23a4458c373cc78f72c81ec1df88bb5de72a0b0b
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98
df5fe0a16d52c5174df3679a952f4b73e4965b871d307402b2a43f4ea51eb886
e08bbd8d11326289feff5496edc2ee3d0d7e905fe69ad7612a63dcd6bc6e8313
e0f9a49b3445df93031ef8414eab4c9266e8e6aefc9594c8b3f49376f57ee97c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e586b7d3b7e33d9b545ed9f0f9d07977263ced596dfb6a6fb44b51bb3f1cccd5
e83d65cc7757c48e6df355cb3336cde53bba267cd5e032085a80162a4320d15b
ec00d90493322ddab8ed75ca595e3a447e60bc5b1965f94469d4a26bd981f88c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef49cc46ec16ef482616df0ada8e7eb71214134682269e26a223138c59ee9e7d
f77d20112e76b27e09182cbe9792393928d30b9e8177fdce463690f717e49c63
f9b2aaabab92d9c63930432351fa3f5aa634fcb5db31b039e23465f8b4bd5a68
fbf046a4f8f145054e3eba18a9528da6030f9f248f2cc96345176a718e5051d3
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
fed8a09fe38bfaa2fb439570ea6ddd76e55d08a5c9021862e9bbafc4b0f6e9f8
ff195814cf18ad4db43709ce4a836078368cf1262384eea3664fc0ffc6f7bcce

www.fortinet.com Open in urlscan Pro 44.199.160.6 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

201 Requests

83 %HTTPS

0 %IPv6

63 Domains

91 Subdomains

72 IPs

3 Countries

3826 kBTransfer

7839 kBSize

122 Cookies

10 Outgoing links

Redirected requests

201 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.fortinet.com Open in urlscan Pro
44.199.160.6 Public Scan

Screenshot
Live screenshot

Full Image

201
Requests

83 %
HTTPS

0 %
IPv6

63
Domains

91
Subdomains

72
IPs

3
Countries

3826 kB
Transfer

7839 kB
Size

122
Cookies

201 HTTP transactions
2 data transactions