www.fortinet.com Open in urlscan Pro
3.91.211.14 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games'
Submission: On June 13 via api (June 13th 2022, 4:00:17 pm UTC) from CA — Scanned from CA

Summary HTTP 175 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 68 IPs in 4 countries across 55 domains to perform 175 HTTP transactions. The main IP is 3.91.211.14, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is www.fortinet.com. The Cisco Umbrella rank of the primary domain is 87175.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on March 15th 2022. Valid for: a year.

This is the only time www.fortinet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
4	3.91.211.14 3.91.211.14	14618 (AMAZON-AES) (AMAZON-AES)
6	2606:4700::68... 2606:4700::6810:9540	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	35.201.125.192 35.201.125.192	15169 (GOOGLE) (GOOGLE)
4 6	2600:9000:220... 2600:9000:2209:b600:0:f267:a5c0:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2606:4700:10:... 2606:4700:10::6814:b944	13335 (CLOUDFLAR...) (CLOUDFLARENET)
21	2600:141b:900... 2600:141b:9000:498::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 5	35.171.54.31 35.171.54.31	14618 (AMAZON-AES) (AMAZON-AES)
11	23.217.148.24 23.217.148.24	16625 (AKAMAI-AS) (AKAMAI-AS)
1	23.52.162.190 23.52.162.190	16625 (AKAMAI-AS) (AKAMAI-AS)
1	23.198.216.120 23.198.216.120	16625 (AKAMAI-AS) (AKAMAI-AS)
1 4	2620:1ec:c11:... 2620:1ec:c11::200	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3	70.42.32.223 70.42.32.223	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1	34.199.16.170 34.199.16.170	14618 (AMAZON-AES) (AMAZON-AES)
2	63.140.38.123 63.140.38.123	14618 (AMAZON-AES) (AMAZON-AES)
1 1	100.24.83.44 100.24.83.44	14618 (AMAZON-AES) (AMAZON-AES)
1	68.67.179.164 68.67.179.164	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2600:141b:500... 2600:141b:5000:59e::1c91	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	104.118.9.242 104.118.9.242	16625 (AKAMAI-AS) (AKAMAI-AS)
2	138.199.40.58 138.199.40.58	60068 (CDN77 ^_^) (CDN77 ^_^)
2	18.235.123.5 18.235.123.5	14618 (AMAZON-AES) (AMAZON-AES)
1	2620:1ec:27::... 2620:1ec:27::cafe:1906	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
4	20.85.30.134 20.85.30.134	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	52.85.61.120 52.85.61.120	16509 (AMAZON-02) (AMAZON-02)
2	54.230.163.25 54.230.163.25	16509 (AMAZON-02) (AMAZON-02)
1 2	52.208.8.226 52.208.8.226	16509 (AMAZON-02) (AMAZON-02)
9	2607:f8b0:400... 2607:f8b0:4006:80a::2008	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:823::200e	15169 (GOOGLE) (GOOGLE)
1	52.85.61.99 52.85.61.99	16509 (AMAZON-02) (AMAZON-02)
1	34.251.139.24 34.251.139.24	16509 (AMAZON-02) (AMAZON-02)
1 2	20.110.81.91 20.110.81.91	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2 8	2600:9000:220... 2600:9000:2209:d800:6:9280:1080:93a1	16509 (AMAZON-02) (AMAZON-02)
1	146.75.32.157 146.75.32.157	54113 (FASTLY) (FASTLY)
3	2a03:2880:f01... 2a03:2880:f012:10c:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
2 7	34.111.234.236 34.111.234.236	15169 (GOOGLE) (GOOGLE)
1	54.69.255.140 54.69.255.140	16509 (AMAZON-02) (AMAZON-02)
1	2600:141b:13:... 2600:141b:13::17d7:82d0	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 5	142.250.65.230 142.250.65.230	15169 (GOOGLE) (GOOGLE)
1	2600:9000:220... 2600:9000:2209:6a00:12:dfa9:e200:93a1	16509 (AMAZON-02) (AMAZON-02)
1	142.250.80.34 142.250.80.34	15169 (GOOGLE) (GOOGLE)
6 6	2620:1ec:22::14 2620:1ec:22::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
3 3	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 4	104.18.101.194 104.18.101.194	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
4 4	35.201.70.94 35.201.70.94	15169 (GOOGLE) (GOOGLE)
3	104.244.42.5 104.244.42.5	13414 (TWITTER) (TWITTER)
1	13.53.253.113 13.53.253.113	16509 (AMAZON-02) (AMAZON-02)
5	151.139.128.11 151.139.128.11	20446 (STACKPATH...) (STACKPATH-CDN)
5	2607:f8b0:400... 2607:f8b0:4006:80f::2002	15169 (GOOGLE) (GOOGLE)
1	172.253.122.155 172.253.122.155	15169 (GOOGLE) (GOOGLE)
2	2607:f8b0:400... 2607:f8b0:4006:808::2002	15169 (GOOGLE) (GOOGLE)
3 4	35.190.60.146 35.190.60.146	15169 (GOOGLE) (GOOGLE)
8 9	52.223.40.198 52.223.40.198	16509 (AMAZON-02) (AMAZON-02)
2 2	52.6.248.150 52.6.248.150	14618 (AMAZON-AES) (AMAZON-AES)
2 3	34.197.192.192 34.197.192.192	14618 (AMAZON-AES) (AMAZON-AES)
14 17	3.91.118.171 3.91.118.171	14618 (AMAZON-AES) (AMAZON-AES)
3	2a03:2880:f11... 2a03:2880:f112:182:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
5	2607:f8b0:400... 2607:f8b0:4006:80b::2004	15169 (GOOGLE) (GOOGLE)
5	2607:f8b0:400... 2607:f8b0:4006:820::2003	15169 (GOOGLE) (GOOGLE)
1 1	2607:f8b0:400... 2607:f8b0:4006:80b::2002	15169 (GOOGLE) (GOOGLE)
2	44.235.191.156 44.235.191.156	16509 (AMAZON-02) (AMAZON-02)
1 2	35.211.178.172 35.211.178.172	19527 (GOOGLE-2) (GOOGLE-2)
3 3	142.251.40.98 142.251.40.98	15169 (GOOGLE) (GOOGLE)
1 2	104.118.9.53 104.118.9.53	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	107.178.254.65 107.178.254.65	15169 (GOOGLE) (GOOGLE)
1 1	34.98.67.3 34.98.67.3	15169 (GOOGLE) (GOOGLE)
1 2	69.173.151.100 69.173.151.100	26667 (RUBICONPR...) (RUBICONPROJECT)
1 2	34.98.64.218 34.98.64.218	15169 (GOOGLE) (GOOGLE)
1	8.28.7.83 8.28.7.83	62713 (AS-PUBMATIC) (AS-PUBMATIC)
1	2001:4998:1c:... 2001:4998:1c:800::1000	14779 (YAHOO) (YAHOO)
1	141.226.224.48 141.226.224.48	200478 (TABOOLA-AS) (TABOOLA-AS)
1 2	35.71.139.29 35.71.139.29	16509 (AMAZON-02) (AMAZON-02)
2 3	68.67.178.15 68.67.178.15	29990 (ASN-APPNEX) (ASN-APPNEX)
1	51.81.46.206 51.81.46.206	16276 (OVH) (OVH)
1	130.211.47.214 130.211.47.214	15169 (GOOGLE) (GOOGLE)
1	34.212.4.35 34.212.4.35	16509 (AMAZON-02) (AMAZON-02)
1	52.10.121.135 52.10.121.135	16509 (AMAZON-02) (AMAZON-02)
1 1	96.17.64.208 96.17.64.208	16625 (AKAMAI-AS) (AKAMAI-AS)
2 2	54.175.87.114 54.175.87.114	14618 (AMAZON-AES) (AMAZON-AES)
175	68

4 3.91.211.14 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-91-211-14.compute-1.amazonaws.com

www.fortinet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6810:9540 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.201.125.192 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 192.125.201.35.bc.googleusercontent.com

marvel-b2-cdn.bc0a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2600:9000:2209:b600:0:f267:a5c0:93a1 (United States) 4 redirects

ASN16509 (AMAZON-02, US)

marvel-b1-cdn.bc0a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700:10::6814:b944 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

21 2600:141b:9000:498::1e80 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.171.54.31 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-35-171-54-31.compute-1.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

11 23.217.148.24 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-217-148-24.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.52.162.190 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-52-162-190.deploy.static.akamaitechnologies.com

amplify.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.198.216.120 (Piscataway, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-198-216-120.deploy.static.akamaitechnologies.com

s7.addthis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2620:1ec:c11::200 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 70.42.32.223 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

tr.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.199.16.170 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-199-16-170.compute-1.amazonaws.com

fortinet.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.140.38.123 (United States)

ASN14618 (AMAZON-AES, US)

metrics.fortinet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 100.24.83.44 (Ashburn, United States) 1 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-100-24-83-44.compute-1.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 68.67.179.164 (Secaucus, United States)

ASN29990 (ASN-APPNEX, US)
PTR: 582.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:5000:59e::1c91 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.118.9.242 (New York, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a104-118-9-242.deploy.static.akamaitechnologies.com

z.moatads.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 138.199.40.58 (New York, United States)

ASN60068 (CDN77 ^_^, GB)
PTR: unn-138-199-40-58.datapacket.com

a.opmnstr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 18.235.123.5 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-235-123-5.compute-1.amazonaws.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:27::cafe:1906 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 20.85.30.134 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

j.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.85.61.120 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-61-120.ewr53.r.cloudfront.net

api.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.230.163.25 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-163-25.ewr53.r.cloudfront.net

static.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
script.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.208.8.226 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-208-8-226.eu-west-1.compute.amazonaws.com

argusplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.argusplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 2607:f8b0:4006:80a::2008 (Mullica Hill, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:823::200e (Mullica Hill, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.85.61.99 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-85-61-99.ewr53.r.cloudfront.net

vars.hotjar.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.251.139.24 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-251-139-24.eu-west-1.compute.amazonaws.com

pixels.argusplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 20.110.81.91 (Boydton, United States) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 2600:9000:2209:d800:6:9280:1080:93a1 (United States) 2 redirects

ASN16509 (AMAZON-02, US)

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.32.157 (Ashburn, United States)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f012:10c:face:b00c:0:3 (Secaucus, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 34.111.234.236 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 236.234.111.34.bc.googleusercontent.com

ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.69.255.140 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-69-255-140.us-west-2.compute.amazonaws.com

dx.mountain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:141b:13::17d7:82d0 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 142.250.65.230 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: lga25s73-in-f6.1e100.net

10104846.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
11974306.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2209:6a00:12:dfa9:e200:93a1 (United States)

ASN16509 (AMAZON-02, US)

tags.inzynk.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.80.34 (United States)

ASN15169 (GOOGLE, US)
PTR: lga34s34-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2620:1ec:22::14 (United States) 6 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.107.42.14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.18.101.194 (None, ) 1 redirects

ASN13335 (CLOUDFLARENET, US)

p.adsymptotic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.201.70.94 (Kansas City, United States) 4 redirects

ASN15169 (GOOGLE, US)
PTR: 94.70.201.35.bc.googleusercontent.com

marvel-processor.bc0a.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.244.42.5 (United States)

ASN13414 (TWITTER, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.53.253.113 (Stockholm, Sweden)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-53-253-113.eu-north-1.compute.amazonaws.com

analytics.inzynk.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 151.139.128.11 (United States)

ASN20446 (STACKPATH-CDN, US)

content.adacado.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4006:80f::2002 (Mullica Hill, United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.253.122.155 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f155.1e100.net

bid.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:808::2002 (Mullica Hill, United States)

ASN15169 (GOOGLE, US)

adservice.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 35.190.60.146 (Kansas City, United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: 146.60.190.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 52.223.40.198 (United States) 8 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
insight.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.6.248.150 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-6-248-150.compute-1.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 34.197.192.192 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-197-192-192.compute-1.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 3.91.118.171 (Ashburn, United States) 14 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-91-118-171.compute-1.amazonaws.com

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a03:2880:f112:182:face:b00c:0:25de (Secaucus, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4006:80b::2004 (Mullica Hill, United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2607:f8b0:4006:820::2003 (Mullica Hill, United States)

ASN15169 (GOOGLE, US)

www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:80b::2002 (Mullica Hill, United States) 1 redirects

ASN15169 (GOOGLE, US)

adservice.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.235.191.156 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-235-191-156.us-west-2.compute.amazonaws.com

px.mountain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.211.178.172 (North Charleston, United States) 1 redirects

ASN19527 (GOOGLE-2, US)
PTR: 172.178.211.35.bc.googleusercontent.com

x.bidswitch.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.251.40.98 (United States) 3 redirects

ASN15169 (GOOGLE, US)
PTR: lga25s79-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.118.9.53 (New York, United States) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a104-118-9-53.deploy.static.akamaitechnologies.com

dsum-sec.casalemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 107.178.254.65 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 65.254.178.107.bc.googleusercontent.com

pippio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.98.67.3 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 3.67.98.34.bc.googleusercontent.com

tags.rd.linksynergy.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 69.173.151.100 (United States) 1 redirects

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.98.64.218 (Kansas City, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: 218.64.98.34.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 8.28.7.83 (United States)

ASN62713 (AS-PUBMATIC, US)

image2.pubmatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4998:1c:800::1000 (United States)

ASN14779 (YAHOO, US)

ads.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 141.226.224.48 (United States)

ASN200478 (TABOOLA-AS, IL)

sync.taboola.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.71.139.29 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: afb83dd09526a6517.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 68.67.178.15 (Secaucus, United States) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 633.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.81.46.206 (Warrenton, United States)

ASN16276 (OVH, FR)
PTR: ns1000608.ip-51-81-46.us

register.powerlinks.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 130.211.47.214 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 214.47.211.130.bc.googleusercontent.com

ad.adacado.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.212.4.35 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-212-4-35.us-west-2.compute.amazonaws.com

gs.mountain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.10.121.135 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-10-121-135.us-west-2.compute.amazonaws.com

px.steelhousemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 96.17.64.208 (New York, United States) 1 redirects

ASN16625 (AKAMAI-AS, US)
PTR: a96-17-64-208.deploy.static.akamaitechnologies.com

tags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.175.87.114 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-175-87-114.compute-1.amazonaws.com

ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
25	adroll.com 16 redirects s.adroll.com — Cisco Umbrella Rank: 2164 d.adroll.com — Cisco Umbrella Rank: 1450	37 KB
21	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 441	107 KB
14	doubleclick.net 5 redirects 10104846.fls.doubleclick.net — Cisco Umbrella Rank: 345959 googleads.g.doubleclick.net — Cisco Umbrella Rank: 48 bid.g.doubleclick.net — Cisco Umbrella Rank: 454 cm.g.doubleclick.net — Cisco Umbrella Rank: 206 11974306.fls.doubleclick.net — Cisco Umbrella Rank: 366156	11 KB
12	6sc.co j.6sc.co — Cisco Umbrella Rank: 6842 c.6sc.co — Cisco Umbrella Rank: 10228 ipv6.6sc.co — Cisco Umbrella Rank: 7073 b.6sc.co — Cisco Umbrella Rank: 4477	18 KB
11	bc0a.com 8 redirects marvel-b2-cdn.bc0a.com — Cisco Umbrella Rank: 18789 marvel-b1-cdn.bc0a.com — Cisco Umbrella Rank: 19761 marvel-processor.bc0a.com — Cisco Umbrella Rank: 45040	88 KB
9	adsrvr.org 8 redirects match.adsrvr.org — Cisco Umbrella Rank: 361 insight.adsrvr.org — Cisco Umbrella Rank: 589	5 KB
9	linkedin.com 9 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 315 www.linkedin.com — Cisco Umbrella Rank: 482 px4.ads.linkedin.com — Cisco Umbrella Rank: 5732	5 KB
9	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 80	418 KB
7	google.com adservice.google.com — Cisco Umbrella Rank: 82 www.google.com — Cisco Umbrella Rank: 4	2 KB
7	ml314.com 2 redirects ml314.com — Cisco Umbrella Rank: 1499	33 KB
7	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 561 j.clarity.ms — Cisco Umbrella Rank: 5550 c.clarity.ms — Cisco Umbrella Rank: 1045	26 KB
6	google.ca 1 redirects www.google.ca — Cisco Umbrella Rank: 7627 adservice.google.ca — Cisco Umbrella Rank: 12139	2 KB
6	adacado.com content.adacado.com — Cisco Umbrella Rank: 35810 ad.adacado.com — Cisco Umbrella Rank: 42248	12 KB
6	demdex.net 2 redirects dpm.demdex.net — Cisco Umbrella Rank: 194 fortinet.demdex.net — Cisco Umbrella Rank: 279361	8 KB
6	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 426	117 KB
6	fortinet.com www.fortinet.com — Cisco Umbrella Rank: 87175 metrics.fortinet.com — Cisco Umbrella Rank: 280262	108 KB
4	rlcdn.com 3 redirects idsync.rlcdn.com — Cisco Umbrella Rank: 317	565 B
4	adsymptotic.com 1 redirects p.adsymptotic.com — Cisco Umbrella Rank: 518	734 B
4	mountain.com dx.mountain.com — Cisco Umbrella Rank: 6907 px.mountain.com — Cisco Umbrella Rank: 6800 gs.mountain.com — Cisco Umbrella Rank: 12092	8 KB
4	adnxs.com 2 redirects secure.adnxs.com — Cisco Umbrella Rank: 399 ib.adnxs.com — Cisco Umbrella Rank: 231	4 KB
4	bing.com 1 redirects bat.bing.com — Cisco Umbrella Rank: 341 c.bing.com — Cisco Umbrella Rank: 202	13 KB
4	outbrain.com amplify.outbrain.com — Cisco Umbrella Rank: 1975 tr.outbrain.com — Cisco Umbrella Rank: 1811 sync.outbrain.com — Cisco Umbrella Rank: 730	4 KB
3	yahoo.com 2 redirects ads.yahoo.com — Cisco Umbrella Rank: 1078 ups.analytics.yahoo.com — Cisco Umbrella Rank: 290	817 B
3	facebook.com www.facebook.com — Cisco Umbrella Rank: 97	586 B
3	eyeota.net 2 redirects ps.eyeota.net — Cisco Umbrella Rank: 892	2 KB
3	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 507	747 B
3	t.co t.co — Cisco Umbrella Rank: 467 Failed	620 B
3	facebook.net connect.facebook.net — Cisco Umbrella Rank: 152	193 KB
3	argusplatform.com 1 redirects argusplatform.com — Cisco Umbrella Rank: 183041 www.argusplatform.com — Cisco Umbrella Rank: 216077 pixels.argusplatform.com — Cisco Umbrella Rank: 238456	3 KB
3	hotjar.com static.hotjar.com — Cisco Umbrella Rank: 622 script.hotjar.com — Cisco Umbrella Rank: 794 vars.hotjar.com — Cisco Umbrella Rank: 881	67 KB
2	3lift.com 1 redirects eb2.3lift.com — Cisco Umbrella Rank: 387	742 B
2	openx.net 1 redirects us-u.openx.net — Cisco Umbrella Rank: 364	407 B
2	rubiconproject.com 1 redirects pixel.rubiconproject.com — Cisco Umbrella Rank: 321	2 KB
2	pippio.com 2 redirects pippio.com — Cisco Umbrella Rank: 763	716 B
2	casalemedia.com 1 redirects dsum-sec.casalemedia.com — Cisco Umbrella Rank: 564	2 KB
2	bidswitch.net 1 redirects x.bidswitch.net — Cisco Umbrella Rank: 286	1 KB
2	crwdcntrl.net 2 redirects sync.crwdcntrl.net — Cisco Umbrella Rank: 703	861 B
2	inzynk.io tags.inzynk.io — Cisco Umbrella Rank: 149013 analytics.inzynk.io — Cisco Umbrella Rank: 127213	18 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 47	20 KB
2	omappapi.com a.omappapi.com — Cisco Umbrella Rank: 5023 api.omappapi.com — Cisco Umbrella Rank: 5242	6 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 10473	432 B
2	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 733	807 B
1	bluekai.com 1 redirects tags.bluekai.com — Cisco Umbrella Rank: 473	846 B
1	steelhousemedia.com px.steelhousemedia.com — Cisco Umbrella Rank: 6554	244 B
1	powerlinks.com register.powerlinks.com — Cisco Umbrella Rank: 297624	41 B
1	taboola.com sync.taboola.com — Cisco Umbrella Rank: 880	222 B
1	pubmatic.com image2.pubmatic.com — Cisco Umbrella Rank: 838	493 B
1	linksynergy.com 1 redirects tags.rd.linksynergy.com — Cisco Umbrella Rank: 3986	391 B
1	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 127	15 KB
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 775	3 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 632	14 KB
1	opmnstr.com a.opmnstr.com — Cisco Umbrella Rank: 18958	53 KB
1	moatads.com z.moatads.com — Cisco Umbrella Rank: 374	1 KB
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 866	517 B
1	addthis.com s7.addthis.com — Cisco Umbrella Rank: 1445	114 KB
175	55

	Domain	Requested by
21	assets.adobedtm.com	cdn.cookielaw.org assets.adobedtm.com
17	d.adroll.com	14 redirects s.adroll.com
9	www.googletagmanager.com	www.fortinet.com www.googletagmanager.com assets.adobedtm.com
9	b.6sc.co	www.fortinet.com
8	match.adsrvr.org	7 redirects
8	s.adroll.com	2 redirects www.fortinet.com s.adroll.com d.adroll.com
7	ml314.com	2 redirects www.fortinet.com ml314.com
6	marvel-b1-cdn.bc0a.com	4 redirects www.fortinet.com
6	cdn.cookielaw.org	www.fortinet.com cdn.cookielaw.org
5	www.google.ca
5	www.google.com
5	googleads.g.doubleclick.net	www.googleadservices.com
5	content.adacado.com	www.fortinet.com content.adacado.com
5	px.ads.linkedin.com	5 redirects
5	dpm.demdex.net	2 redirects www.fortinet.com
4	idsync.rlcdn.com	3 redirects
4	marvel-processor.bc0a.com	4 redirects
4	p.adsymptotic.com	1 redirects 10104846.fls.doubleclick.net
4	j.clarity.ms	www.clarity.ms j.clarity.ms
4	www.fortinet.com	www.fortinet.com
3	ib.adnxs.com	2 redirects
3	cm.g.doubleclick.net	3 redirects
3	www.facebook.com
3	ps.eyeota.net	2 redirects
3	analytics.twitter.com
3	t.co
3	px4.ads.linkedin.com	3 redirects
3	10104846.fls.doubleclick.net	1 redirects assets.adobedtm.com adservice.google.com
3	connect.facebook.net	www.fortinet.com connect.facebook.net
3	bat.bing.com	assets.adobedtm.com bat.bing.com www.fortinet.com
2	ups.analytics.yahoo.com	2 redirects
2	11974306.fls.doubleclick.net	1 redirects 10104846.fls.doubleclick.net
2	eb2.3lift.com	1 redirects
2	us-u.openx.net	1 redirects
2	pixel.rubiconproject.com	1 redirects
2	pippio.com	2 redirects
2	dsum-sec.casalemedia.com	1 redirects
2	x.bidswitch.net	1 redirects
2	px.mountain.com	dx.mountain.com www.fortinet.com
2	sync.crwdcntrl.net	2 redirects
2	adservice.google.com	10104846.fls.doubleclick.net 11974306.fls.doubleclick.net
2	c.clarity.ms	1 redirects
2	www.google-analytics.com	a.opmnstr.com www.google-analytics.com
2	epsilon.6sense.com	j.6sc.co
2	metrics.fortinet.com	assets.adobedtm.com www.fortinet.com
2	tr.outbrain.com	amplify.outbrain.com www.fortinet.com
2	geolocation.onetrust.com	cdn.cookielaw.org assets.adobedtm.com
1	tags.bluekai.com	1 redirects
1	insight.adsrvr.org	1 redirects
1	px.steelhousemedia.com
1	gs.mountain.com	www.fortinet.com
1	ad.adacado.com	content.adacado.com
1	register.powerlinks.com	10104846.fls.doubleclick.net
1	sync.taboola.com
1	ads.yahoo.com
1	image2.pubmatic.com
1	sync.outbrain.com
1	tags.rd.linksynergy.com	1 redirects
1	adservice.google.ca	1 redirects
1	bid.g.doubleclick.net	www.googleadservices.com
1	analytics.inzynk.io	tags.inzynk.io
1	www.linkedin.com	1 redirects
1	www.googleadservices.com	www.googletagmanager.com
1	tags.inzynk.io	assets.adobedtm.com
1	snap.licdn.com	www.fortinet.com
1	dx.mountain.com	www.fortinet.com
1	static.ads-twitter.com	www.fortinet.com
1	c.bing.com	1 redirects
1	pixels.argusplatform.com	argusplatform.com
1	vars.hotjar.com	static.hotjar.com
1	script.hotjar.com	static.hotjar.com
1	www.argusplatform.com	www.fortinet.com
1	argusplatform.com	1 redirects
1	static.hotjar.com	www.fortinet.com
1	api.omappapi.com	a.opmnstr.com
1	a.omappapi.com	a.opmnstr.com
1	www.clarity.ms	bat.bing.com
1	a.opmnstr.com	assets.adobedtm.com
1	z.moatads.com	s7.addthis.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	secure.adnxs.com	j.6sc.co
1	cm.everesttech.net	1 redirects
1	fortinet.demdex.net	assets.adobedtm.com
1	s7.addthis.com	assets.adobedtm.com
1	amplify.outbrain.com	www.fortinet.com
1	j.6sc.co	www.fortinet.com
1	marvel-b2-cdn.bc0a.com	www.fortinet.com
175	88

This site contains links to these domains. Also see Links.

Domain
www.facebook.com
www.twitter.com
www.youtube.com
www.linkedin.com
www.instagram.com
fortiguard.com
secure.fortinet.com
fusecommunity.fortinet.com
onetrust.com

Subject Issuer	Validity	Valid
*.fortinet.com DigiCert TLS RSA SHA256 2020 CA1	`2022-03-15` - `2023-04-15`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2022-05-01` - `2023-05-01`	a year	crt.sh
cdn.bc0a.com GTS CA 1D4	`2022-05-10` - `2022-08-08`	3 months	crt.sh
marvel-cdn.bc0a.com Amazon	`2022-03-11` - `2023-04-09`	a year	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2022-01-12` - `2023-01-12`	a year	crt.sh
assets.adobedtm.com DigiCert TLS RSA SHA256 2020 CA1	`2021-09-10` - `2022-09-10`	a year	crt.sh
*.6sc.co DigiCert TLS Hybrid ECC SHA384 2020 CA1	`2022-03-08` - `2023-03-11`	a year	crt.sh
*.outbrain.com DigiCert TLS RSA SHA256 2020 CA1	`2022-04-03` - `2023-04-04`	a year	crt.sh
odc-addthis-prod-01.oracle.com DigiCert SHA2 Secure Server CA	`2022-02-27` - `2023-02-28`	a year	crt.sh
www.bing.com Microsoft RSA TLS CA 01	`2022-06-10` - `2022-12-10`	6 months	crt.sh
*.demdex.net DigiCert TLS RSA SHA256 2020 CA1	`2021-10-19` - `2022-11-19`	a year	crt.sh
*.adnxs.com GeoTrust ECC CA 2018	`2022-02-11` - `2023-03-14`	a year	crt.sh
moatads.com DigiCert SHA2 Secure Server CA	`2021-11-27` - `2022-11-29`	a year	crt.sh
a.opmnstr.com R3	`2022-05-28` - `2022-08-26`	3 months	crt.sh
*.6sense.com Amazon	`2021-06-09` - `2022-07-08`	a year	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2022-02-27` - `2023-02-27`	a year	crt.sh
a.clarity.ms Microsoft Azure TLS Issuing CA 02	`2022-06-07` - `2023-06-02`	a year	crt.sh
a.omappapi.com R3	`2022-05-28` - `2022-08-26`	3 months	crt.sh
api.opmnstr.com Amazon	`2022-02-09` - `2023-03-10`	a year	crt.sh
*.hotjar.com Amazon	`2021-11-25` - `2022-12-23`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2022-05-25` - `2022-08-17`	3 months	crt.sh
pixels.argusplatform.com R3	`2022-06-12` - `2022-09-10`	3 months	crt.sh
s.adroll.com Amazon	`2021-08-02` - `2022-08-31`	a year	crt.sh
ads-twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2021-07-21` - `2022-07-26`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2022-03-23` - `2022-06-21`	3 months	crt.sh
*.ml314.com GoGetSSL RSA DV CA	`2022-03-29` - `2023-03-29`	a year	crt.sh
*.mountain.com Go Daddy Secure Certificate Authority - G2	`2021-05-20` - `2022-06-21`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2022-03-01` - `2023-03-01`	a year	crt.sh
*.doubleclick.net GTS CA 1C3	`2022-05-25` - `2022-08-17`	3 months	crt.sh
*.inzynk.io Sectigo RSA Domain Validation Secure Server CA	`2022-01-07` - `2023-01-07`	a year	crt.sh
www.googleadservices.com GTS CA 1C3	`2022-05-25` - `2022-08-17`	3 months	crt.sh
*.twitter.com DigiCert TLS RSA SHA256 2020 CA1	`2022-02-22` - `2023-02-22`	a year	crt.sh
*.adacado.com Sectigo RSA Domain Validation Secure Server CA	`2020-07-15` - `2022-10-17`	2 years	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2022-05-25` - `2022-08-17`	3 months	crt.sh
*.google.com GTS CA 1C3	`2022-05-25` - `2022-08-17`	3 months	crt.sh
adroll.mgr.consensu.org Amazon	`2021-09-10` - `2022-10-09`	a year	crt.sh
www.google.com GTS CA 1C3	`2022-05-25` - `2022-08-17`	3 months	crt.sh
*.google.ca GTS CA 1C3	`2022-05-25` - `2022-08-17`	3 months	crt.sh
*.powerlinks.com Sectigo RSA Domain Validation Secure Server CA	`2022-05-18` - `2023-05-26`	a year	crt.sh

This page contains 8 frames:

Primary Page: https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games'
Frame ID: 7527234A63F8CA27AACC99C974BB05A5
Requests: 166 HTTP requests in this frame

Frame: https://fortinet.demdex.net/dest5.html?d_nsid=0
Frame ID: A3FF9FBE2A4C25BA0AF379CC42DEE4F3
Requests: 1 HTTP requests in this frame

Frame: https://vars.hotjar.com/box-63c3a81830bf549dafe40b369003f751.html
Frame ID: 708ADFCBD5DB3BDD89E8CA53E090AA94
Requests: 1 HTTP requests in this frame

Frame: https://10104846.fls.doubleclick.net/activityi;dc_pre=CNjU7Y_mqvgCFeuHgwgdYyoEgw;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games';dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=4581714027837.542
Frame ID: 64DFE0016EDD1D13A23EA4CC2ED0477A
Requests: 1 HTTP requests in this frame

Frame: https://bid.g.doubleclick.net/xbbe/pixel?d=KAE
Frame ID: FBCD69F4B5F6CB79F810162D6DB3B59A
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CNjU7Y_mqvgCFeuHgwgdYyoEgw;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games';dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=4581714027837.542;~oref=https://www.fortinet.com/
Frame ID: 015717BCD4DECAF4F6532BCBB4A0E1CD
Requests: 1 HTTP requests in this frame

Frame: https://10104846.fls.doubleclick.net/ddm/fls/r/dc_pre=CNjU7Y_mqvgCFeuHgwgdYyoEgw;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games';dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=4581714027837.542;~oref=https://www.fortinet.com/
Frame ID: 2148F085E2CA4EE2C37797CCEC7ACA27
Requests: 3 HTTP requests in this frame

Frame: https://11974306.fls.doubleclick.net/activityi;dc_pre=CJmjjpDmqvgCFYlqhwodidEL1w;src=11974306;type=invmedia;cat=sitew0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=1085148059839.5135
Frame ID: D387059E449D59522AC73334C9A93C8B
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

404 Page Not FoundBack ButtonFilter Button

Detected technologies

Adobe Experience Manager (CMS) Expand

Overall confidence: 100%
Detected patterns

/etc\.clientlibs/

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

(?:a|s)\.adroll\.com

AddThis (Widgets) Expand

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

Hotjar (Analytics) Expand

Overall confidence: 100%
Detected patterns

//static\.hotjar\.com/

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Moat (Analytics) Expand

Overall confidence: 100%
Detected patterns

moatads\.com

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

PubMatic (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.pubmatic\.com

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

TrackJs (Analytics) Expand

Overall confidence: 100%
Detected patterns

tracker\.js

Page Statistics

175
Requests

79 %
HTTPS

27 %
IPv6

55
Domains

88
Subdomains

68
IPs

4
Countries

1512 kB
Transfer

4518 kB
Size

109
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://www.facebook.com/fortinet

Search URL Search Domain Scan URL

URL: https://www.twitter.com/fortinet

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/SecureNetworks

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/fortinet

Search URL Search Domain Scan URL

URL: https://www.instagram.com/behindthefirewall/

Search URL Search Domain Scan URL

URL: https://fortiguard.com/
Title: FortiGuard Labs

Search URL Search Domain Scan URL

URL: https://secure.fortinet.com/fortiguard
Title: Threat Briefs

Search URL Search Domain Scan URL

URL: https://fusecommunity.fortinet.com/
Title: Fuse Community

Search URL Search Domain Scan URL

URL: https://onetrust.com/poweredbyonetrust

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 17

https://dpm.demdex.net/id?d_visid_ver=5.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1655136009231 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=5.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1655136009231

Request Chain 33

https://cm.everesttech.net/cm/dd?d_uuid=13707351181557942300587681651171402890 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YqdfCQAAAD3DOQN_

Request Chain 48

https://argusplatform.com/js/wid.tracker.js HTTP 301
https://www.argusplatform.com/js/wid.tracker.js

Request Chain 80

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=7A87149D30F54682A7DDFE1A71BBC1BD&RedC=c.clarity.ms&MXFR=1F4C7B1AC5DB63821ED36AD8C1DB6D88 HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=7A87149D30F54682A7DDFE1A71BBC1BD&MUID=293315937A536325379C04517BF96280

Request Chain 89

https://10104846.fls.doubleclick.net/activityi;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games';dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=4581714027837.542 HTTP 302
https://10104846.fls.doubleclick.net/activityi;dc_pre=CNjU7Y_mqvgCFeuHgwgdYyoEgw;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games';dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=4581714027837.542

Request Chain 92

https://s.adroll.com/j/exp/7OBVBCAQE5FHDPFEAD5T4D/index.js HTTP 302
https://s.adroll.com/j/exp/index.js

Request Chain 93

https://s.adroll.com/j/pre/7OBVBCAQE5FHDPFEAD5T4D/GIVUJ77KRNF4LOPGYJ6RS5/fpconsent.js HTTP 302
https://s.adroll.com/j/pre/index.js

Request Chain 96

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&time=1655136010944&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27 HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&time=1655136010944&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7120%26time%3D1655136010944%26url%3Dhttps%253A%252F%252Fwww.fortinet.com%252Fblog%252Fthreat-research%252Fwiper-malware-riding-tokyo-olympic-games%2527%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&time=1655136010944&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&time=1655136010944&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&cookiesTest=true&liSync=true&e_ipv6=AQK1WYybPCqaaQAAAYFdy0PEWwb09FUz13rJy8LS7XwgwT1H13gJR2SLS6TE2RHW9w4fqvjt HTTP 302
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=2ad9347d-e53e-4252-88a5-1159579da603 HTTP 302
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=2ad9347d-e53e-4252-88a5-1159579da603&_expected_cookie=ddc62865d84ee1645fffc9b37f265a2c

Request Chain 103

https://marvel-b1-cdn.bc0a.com/f00000000216283/t.co/i/adsct?bci=3&eci=2&event_id=52a5fec1-98c9-4dd2-a8a2-f66d0613eb6f&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=4b8b8165-59a3-43bf-b0c9-a2586d83a29b&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxlzj&type=javascript&version=2.3.20 HTTP 302
https://marvel-processor.bc0a.com/snowcloud/v1/api/loadUrl?customer=f00000000216283&url=https://t.co/i/adsct?bci=3&eci=2&event_id=52a5fec1-98c9-4dd2-a8a2-f66d0613eb6f&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=4b8b8165-59a3-43bf-b0c9-a2586d83a29b&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxlzj&type=javascript&version=2.3.20 HTTP 307
https://t.co/i/adsct?bci=3&eci=2&event_id=52a5fec1-98c9-4dd2-a8a2-f66d0613eb6f&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=4b8b8165-59a3-43bf-b0c9-a2586d83a29b&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxlzj&type=javascript&version=2.3.20

Request Chain 104

https://marvel-b1-cdn.bc0a.com/f00000000216283/t.co/i/adsct?bci=3&eci=2&event_id=add51966-f013-44dd-b17e-10f89dc13fc6&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=4b8b8165-59a3-43bf-b0c9-a2586d83a29b&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o6ezf&type=javascript&version=2.3.20 HTTP 302
https://marvel-processor.bc0a.com/snowcloud/v1/api/loadUrl?customer=f00000000216283&url=https://t.co/i/adsct?bci=3&eci=2&event_id=add51966-f013-44dd-b17e-10f89dc13fc6&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=4b8b8165-59a3-43bf-b0c9-a2586d83a29b&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o6ezf&type=javascript&version=2.3.20 HTTP 307
https://t.co/i/adsct?bci=3&eci=2&event_id=add51966-f013-44dd-b17e-10f89dc13fc6&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=4b8b8165-59a3-43bf-b0c9-a2586d83a29b&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o6ezf&type=javascript&version=2.3.20

Request Chain 105

https://marvel-b1-cdn.bc0a.com/f00000000216283/t.co/i/adsct?bci=3&eci=2&event_id=62374c48-be34-4992-80d4-8f702446197b&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=4b8b8165-59a3-43bf-b0c9-a2586d83a29b&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o72wb&type=javascript&version=2.3.20 HTTP 302
https://marvel-processor.bc0a.com/snowcloud/v1/api/loadUrl?customer=f00000000216283&url=https://t.co/i/adsct?bci=3&eci=2&event_id=62374c48-be34-4992-80d4-8f702446197b&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=4b8b8165-59a3-43bf-b0c9-a2586d83a29b&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o72wb&type=javascript&version=2.3.20 HTTP 307
https://t.co/i/adsct?bci=3&eci=2&event_id=62374c48-be34-4992-80d4-8f702446197b&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=4b8b8165-59a3-43bf-b0c9-a2586d83a29b&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o72wb&type=javascript&version=2.3.20

Request Chain 117

https://idsync.rlcdn.com/395886.gif?partner_uid=3627897030091210845 HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CO6UGBIeChoIARCuXxoTMzYyNzg5NzAzMDA5MTIxMDg0NRAAGg0Ii76dlQYSBQjoBxAAQgBKAA HTTP 307
https://ml314.com/csync.ashx?fp=f0dc0fa7febeb66b2a7bce6b0dc11e7c0cebdb695284cb813143cd2dc2d53494f4cb09cee1a4f8eb&person_id=3627897030091210845&eid=50082

Request Chain 118

https://match.adsrvr.org/track/cmf/generic?ttd_pid=d0tro1j&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=d0tro1j&ttd_tpi=1 HTTP 302
https://ml314.com/utsync.ashx?eid=53819&et=0&fp=dc2e87ff-a69f-46af-af9a-9feac3bb92e2&gdpr=0&gdpr_consent=

Request Chain 119

https://sync.crwdcntrl.net/map/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3627897030091210845 HTTP 302
https://sync.crwdcntrl.net/map/ct=y/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3627897030091210845 HTTP 302
https://ml314.com/csync.ashx?fp=e191523a075f1045c306776579d60f4a&eid=50146&person_id=3627897030091210845

Request Chain 120

https://ps.eyeota.net/pixel?pid=r8hrb20&t=gif HTTP 302
https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif HTTP 302
https://ml314.com/utsync.ashx?eid=50052&et=0&fp=2IzZb1o6g8t0WAmbw8Bxo5IV9CvvikcGWPIBHYcrjM7Q&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3Dr8hrb20%26uid%3Dnil%26referrer_pid%3Dr8hrb20 HTTP 302
https://ml314.com/csync.ashx?fp=2IzZb1o6g8t0WAmbw8Bxo5IV9CvvikcGWPIBHYcrjM7Q&person_id=3627897030091210845&eid=50052&return=https%3a%2f%2fps.eyeota.net%2fmatch%3fbid%3dr8hrb20%26uid%3dnil%26referrer_pid%3dr8hrb20 HTTP 302
https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20

Request Chain 132

https://adservice.google.ca/ddm/fls/i/dc_pre=CNjU7Y_mqvgCFeuHgwgdYyoEgw;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games';dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=4581714027837.542;~oref=https://www.fortinet.com/ HTTP 302
https://10104846.fls.doubleclick.net/ddm/fls/r/dc_pre=CNjU7Y_mqvgCFeuHgwgdYyoEgw;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games';dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=4581714027837.542;~oref=https://www.fortinet.com/

Request Chain 137

https://d.adroll.com/pixel/7OBVBCAQE5FHDPFEAD5T4D/GIVUJ77KRNF4LOPGYJ6RS5?adroll_fpc=1fc58e6b60021ff37a9f44b70c90439a-1655136011205&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&pv=99038950719.55202&cookie=&adroll_s_ref=&keyw= HTTP 302
https://s.adroll.com/pixel/7OBVBCAQE5FHDPFEAD5T4D/GIVUJ77KRNF4LOPGYJ6RS5/VGLVDYA6GRASZMUSTHUV5D.js

Request Chain 142

https://d.adroll.com/cm/b/out?adroll_fpc=1fc58e6b60021ff37a9f44b70c90439a-1655136011205&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&advertisable=7OBVBCAQE5FHDPFEAD5T4D HTTP 302
https://x.bidswitch.net/sync?dsp_id=44&user_id=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM HTTP 302
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM

Request Chain 143

https://d.adroll.com/cm/g/out?adroll_fpc=1fc58e6b60021ff37a9f44b70c90439a-1655136011205&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&advertisable=7OBVBCAQE5FHDPFEAD5T4D HTTP 302
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=qC3q4-hCu24nHTxDL7aKkw HTTP 302
https://d.adroll.com/cm/g/in

Request Chain 144

https://d.adroll.com/cm/index/out?adroll_fpc=1fc58e6b60021ff37a9f44b70c90439a-1655136011205&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&advertisable=7OBVBCAQE5FHDPFEAD5T4D HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM&expiration=1686672011 HTTP 302
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM&expiration=1686672011&C=1

Request Chain 145

https://d.adroll.com/cm/l/out?adroll_fpc=1fc58e6b60021ff37a9f44b70c90439a-1655136011205&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&advertisable=7OBVBCAQE5FHDPFEAD5T4D HTTP 302
https://idsync.rlcdn.com/377928.gif?partner_uid=a82deae3e842bb6e271d3c432fb68a93 HTTP 307
https://pippio.com/api/sync?pid=5324&it=1&iv=ee7984c2af827a449e49bd19c494d2d921c1e30dcfb21181030dcae326618e48791426b5417dce21&_=2 HTTP 307
https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlBlZTc5ODRjMmFmODI3YTQ0OWU0OWJkMTljNDk0ZDJkOTIxYzFlMzBkY2ZiMjExODEwMzBkY2FlMzI2NjE4ZTQ4NzkxNDI2YjU0MTdkY2UyMRAAGgwIi76dlQYSBAgCEABCAEoA HTTP 302
https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlBlZTc5ODRjMmFmODI3YTQ0OWU0OWJkMTljNDk0ZDJkOTIxYzFlMzBkY2ZiMjExODEwMzBkY2FlMzI2NjE4ZTQ4NzkxNDI2YjU0MTdkY2UyMRAAGgwIi76dlQYSBAgCEABCAEoA&google_gid=CAESEK5gzmp8Ab-3HSCOp7DDO1U&google_cver=1 HTTP 307
https://tags.rd.linksynergy.com/rcs?ns=lr&uid3= HTTP 303
https://idsync.rlcdn.com/458249.gif?partner_uid=64bc46fb-536d-432d-830e-fc3132682ac7

Request Chain 146

https://d.adroll.com/cm/n/out?adroll_fpc=1fc58e6b60021ff37a9f44b70c90439a-1655136011205&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&advertisable=7OBVBCAQE5FHDPFEAD5T4D HTTP 302
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM&expires=365

Request Chain 147

https://d.adroll.com/cm/o/out?adroll_fpc=1fc58e6b60021ff37a9f44b70c90439a-1655136011205&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&advertisable=7OBVBCAQE5FHDPFEAD5T4D HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537103138&val=a82deae3e842bb6e271d3c432fb68a93&gdpr=0&gdpr_consent= HTTP 302
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=a82deae3e842bb6e271d3c432fb68a93&gdpr=0&gdpr_consent=

Request Chain 148

https://d.adroll.com/cm/outbrain/out?adroll_fpc=1fc58e6b60021ff37a9f44b70c90439a-1655136011205&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&advertisable=7OBVBCAQE5FHDPFEAD5T4D HTTP 302
https://sync.outbrain.com/cookie-sync?p=adroll&uid=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM

Request Chain 149

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=1fc58e6b60021ff37a9f44b70c90439a-1655136011205&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&advertisable=7OBVBCAQE5FHDPFEAD5T4D HTTP 302
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA

Request Chain 150

https://d.adroll.com/cm/r/out?adroll_fpc=1fc58e6b60021ff37a9f44b70c90439a-1655136011205&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&advertisable=7OBVBCAQE5FHDPFEAD5T4D HTTP 302
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Request Chain 151

https://d.adroll.com/cm/taboola/out?adroll_fpc=1fc58e6b60021ff37a9f44b70c90439a-1655136011205&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&advertisable=7OBVBCAQE5FHDPFEAD5T4D HTTP 302
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM

Request Chain 152

https://d.adroll.com/cm/triplelift/out?adroll_fpc=1fc58e6b60021ff37a9f44b70c90439a-1655136011205&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&advertisable=7OBVBCAQE5FHDPFEAD5T4D HTTP 302
https://eb2.3lift.com/xuid?mid=4714&xuid=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM&dongle=c85e HTTP 302
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM&dongle=c85e&gdpr=0&cmp_cs=&us_privacy=

Request Chain 153

https://d.adroll.com/cm/x/out?adroll_fpc=1fc58e6b60021ff37a9f44b70c90439a-1655136011205&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&advertisable=7OBVBCAQE5FHDPFEAD5T4D HTTP 302
https://ib.adnxs.com/setuid?entity=172&code=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DYTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM

Request Chain 154

https://d.adroll.com/cm/g/out?adroll_fpc=1fc58e6b60021ff37a9f44b70c90439a-1655136011205&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&advertisable=7OBVBCAQE5FHDPFEAD5T4D&google_nid=adroll5 HTTP 302
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=qC3q4-hCu24nHTxDL7aKkw HTTP 302
https://d.adroll.com/cm/g/in

Request Chain 155

https://marvel-b1-cdn.bc0a.com/f00000000216283/px.ads.linkedin.com/collect/?pid=2148604&fmt=gif HTTP 302
https://marvel-processor.bc0a.com/snowcloud/v1/api/loadUrl?customer=f00000000216283&url=https://px.ads.linkedin.com/collect/?pid=2148604&fmt=gif HTTP 307
https://px.ads.linkedin.com/collect/?pid=2148604&fmt=gif HTTP 302
https://px4.ads.linkedin.com/collect?pid=2148604&fmt=gif&e_ipv6=AQIyIhYLHpCPQwAAAYFdy0UG50S6UzrONwI6XifM4XtVySXp5zSpIgcKg_x6S8N4NEmd8tgD HTTP 302
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=2ad9347d-e53e-4252-88a5-1159579da603

Request Chain 158

https://px.ads.linkedin.com/collect/?pid=2159050&conversionId=6504418&fmt=gif HTTP 302
https://px4.ads.linkedin.com/collect?pid=2159050&conversionId=6504418&fmt=gif&e_ipv6=AQJ6MefvOjZ4BgAAAYFdy0SJiUwZNqYXL2GrOVJbFf_LjGGb_UOsPpvvICCMWt7NKSZISymN HTTP 302
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=2ad9347d-e53e-4252-88a5-1159579da603

Request Chain 159

https://11974306.fls.doubleclick.net/activityi;src=11974306;type=invmedia;cat=sitew0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=1085148059839.5135 HTTP 302
https://11974306.fls.doubleclick.net/activityi;dc_pre=CJmjjpDmqvgCFYlqhwodidEL1w;src=11974306;type=invmedia;cat=sitew0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=1085148059839.5135

Request Chain 170

https://match.adsrvr.org/track/cmf/generic?ttd_pid=steelhouse&ttd_tpi=1&ttd_puid=e7eee2d4-eb31-11ec-8616-e50f95cb7201&gdpr=&gdpr_consent= HTTP 302
https://px.steelhousemedia.com/tdsync?tdid=dc2e87ff-a69f-46af-af9a-9feac3bb92e2&shguid=e7eee2d4-eb31-11ec-8616-e50f95cb7201

Request Chain 171

https://insight.adsrvr.org/track/evnt/?adv=6s0zaeu&ct=0:0bi0elf&fmt=3 HTTP 302
https://dpm.demdex.net/ibs:dpid=903&dpuuid=dc2e87ff-a69f-46af-af9a-9feac3bb92e2&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Daam HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam HTTP 302
https://tags.bluekai.com/site/5386?id=dc2e87ff-a69f-46af-af9a-9feac3bb92e2&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Dbluekai HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=bluekai HTTP 302
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=dc2e87ff-a69f-46af-af9a-9feac3bb92e2&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon HTTP 302
https://match.adsrvr.org/track/cmf/rubicon?gdpr=0 HTTP 302
https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=dc2e87ff-a69f-46af-af9a-9feac3bb92e2 HTTP 302
https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=8364727669192864419&ttd_tdid=dc2e87ff-a69f-46af-af9a-9feac3bb92e2 HTTP 302
https://ups.analytics.yahoo.com/ups/55953/sync?uid=dc2e87ff-a69f-46af-af9a-9feac3bb92e2&_origin=1&redir=true&gdpr=0&gdpr_consent= HTTP 302
https://ups.analytics.yahoo.com/ups/55953/sync?uid=dc2e87ff-a69f-46af-af9a-9feac3bb92e2&_origin=1&redir=true&gdpr=0&gdpr_consent=&verify=true HTTP 302
https://match.adsrvr.org/track/cmf/generic?ttd_pid=rightmedia&yahoo_id=y-GXEpFDtE2uJPVQzdfnNczGSnFiPHYf8-~A&gdpr=0&gdpr_consent=

175 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 404
Not Found Primary Request wiper-malware-riding-tokyo-olympic-games' Show response
www.fortinet.com/blog/threat-research/ 25 KB
9 KB 491ms
298ms Document
text/html 3.91.211.14
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games'

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.91.211.14 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-91-211-14.compute-1.amazonaws.com

Software

Apache /

Resource Hash

80ca19572cbff9a40351f98078f9aa211c140e6212ca2f97aae9e78d30a78729

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Accept-Ranges: bytes
Age: 3406
Cache-Control: max-age=600, public
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 8835
Content-Type: text/html;charset=utf-8
Date: Mon, 13 Jun 2022 16:00:08 GMT
ETag: "6481-5e15596cdccea-gzip"
Last-Modified: Mon, 13 Jun 2022 15:03:22 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding,User-Agent
X-Content-Type-Options: nosniff
X-Dispatcher: dispatcher1uswest1
X-Frame-Options: SAMEORIGIN
X-Vhost: publish
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK clientlib-base.min.css
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/ 217 KB
27 KB 154ms
154ms Stylesheet
text/css 3.91.211.14
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.css

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games'

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.91.211.14 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-91-211-14.compute-1.amazonaws.com

Software

Apache /

Resource Hash

9163bd3e65a977c75fdf7c5c7d017fa275b5d6710144314ec03f8cf9c77b4c1a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games'
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1
Date: Mon, 13 Jun 2022 16:00:08 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 321550
X-Vhost: publish
Connection: keep-alive
Vary: Accept-Encoding,User-Agent
Content-Length: 27121
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 09 Jun 2022 22:35:12 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "362e3-5e10b6f50a800-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: text/css;charset=utf-8
Cache-Control: max-age=684000, public
Accept-Ranges: bytes

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 20 KB
7 KB 54ms
29ms Script
application/javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1a6622bbfd2f4017f391cae1040e22f99a923116427a0ccb25543581f5d92257

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 13 Jun 2022 16:00:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: 2R9GKwuxJTUynP4on2KYxQ==
age: 6675
vary: Accept-Encoding
content-length: 6921
x-ms-lease-status: unlocked
last-modified: Tue, 07 Jun 2022 19:29:00 GMT
server: cloudflare
etag: 0x8DA48BBF9415CFF
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 5e89c6e3-001e-009a-0cc0-7a5423000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 71ac0992bf76ca5f-YUL

GET
H2 200 marvel.js Show response
marvel-b2-cdn.bc0a.com/ 9 KB
4 KB 40ms
12ms Script
application/javascript 35.201.125.192
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://marvel-b2-cdn.bc0a.com/marvel.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games'
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.201.125.192 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 192.125.201.35.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 965fc05b277596a937ba9d14388799fd5217eb96179f0187b8b937347bdfaf59

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 15:55:46 GMT
content-encoding: gzip
age: 262
x-guploader-uploadid: ADPycds2H9CbricaTkCtTJVnAuEd6jXLyS27j1c1Gz1pAyma2Z4UrPjyyxESpCS6phSuq1o8_Vq4dKpMie_gYcItMv1lyw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3217
last-modified: Wed, 01 Sep 2021 18:16:49 GMT
server: UploadServer
etag: "5a385b6f8bc7f4775b2ec7b66c0ec4c2"
vary: Accept-Encoding
x-goog-hash: crc32c=0X9o7A==, md5=Wjhbb4vH9HdbLse2bA7Ewg==
content-language: en
access-control-allow-origin: *
x-goog-generation: 1630520209881243
access-control-expose-headers: Content-Type
cache-control: public, max-age=3600
x-goog-stored-content-length: 3217
accept-ranges: bytes
content-type: application/javascript
expires: Mon, 13 Jun 2022 16:55:46 GMT

GET
H/1.1 200
OK fortinet-logo-white.svg
www.fortinet.com/content/dam/fortinet-blog/ 32 KB
3 KB 91ms
91ms Image
image/svg+xml 3.91.211.14
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/fortinet-logo-white.svg

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games'

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.91.211.14 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-91-211-14.compute-1.amazonaws.com

Software

Apache /

Resource Hash

d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games'
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1
Date: Mon, 13 Jun 2022 16:00:08 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 31166240
X-Vhost: publish
Content-Disposition: attachment; filename="fortinet-logo-white.svg"
Connection: keep-alive
Vary: Accept-Encoding,User-Agent
Content-Length: 1998
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 22 Feb 2018 23:16:01 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "7ebb-565d53a1d6e40-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: image/svg+xml
Cache-Control: max-age=684000, public
Accept-Ranges: bytes

GET 404.jpg
www.fortinet.com/content/dam/fortinet/images/general/ 0
0

GET
H/1.1 200
OK clientlib-base.min.js Show response
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/ 149 KB
69 KB 485ms
415ms Script
application/javascript 3.91.211.14
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games'

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.91.211.14 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-3-91-211-14.compute-1.amazonaws.com

Software

Apache /

Resource Hash

88a4f0e07c018a79642473c6200ff694b6a69ea5c4af63ee47ac7a8ae1cd0889

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games'
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1
Date: Mon, 13 Jun 2022 16:00:08 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Age: 321546
X-Vhost: publish
Connection: keep-alive
Vary: Accept-Encoding,User-Agent
Content-Length: 69735
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 09 Jun 2022 22:36:37 GMT
Server: Apache
X-Frame-Options: SAMEORIGIN
ETag: "253c0-5e10b7461a740-gzip"
Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Type: application/javascript;charset=utf-8
Cache-Control: max-age=684000, public
Accept-Ranges: bytes

GET
H2 200 f85f39fc-d7aa-467a-b762-fbb722748016.json Show response
cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/ 4 KB
2 KB 44ms
19ms XHR
application/x-javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/f85f39fc-d7aa-467a-b762-fbb722748016.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a334f368b502d68bcaafb174022cfe21775f1744f0a1cd520d0c57d094a8e66a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 13 Jun 2022 16:00:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: ypNp2Paf3c+p42YUXiXMnA==
age: 13526
vary: Accept-Encoding
content-length: 1413
x-ms-lease-status: unlocked
last-modified: Fri, 12 Feb 2021 00:26:33 GMT
server: cloudflare
etag: 0x8D8CEECD9FE5833
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: d57e5650-b01e-00c7-6a15-b6a427000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 71ac0993dbb24bcb-YUL
expires: Mon, 13 Jun 2022 20:00:08 GMT

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 404.jpg
marvel-b1-cdn.bc0a.com/f00000000216283/www.fortinet.com/content/dam/fortinet/images/general/ 16 KB
16 KB 152ms
89ms Image
image/webp 2600:9000:2209:b600:0:f267:a5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000216283/www.fortinet.com/content/dam/fortinet/images/general/404.jpg
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games'
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2209:b600:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e0f923a3e8f86f59010cf939160c88a2c69f107742421bb4821c1da40c80929c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 14:21:07 GMT
via: 1.1 9d35ce6897d7f02042955443076a54de.cloudfront.net (CloudFront)
age: 5942
x-cache: Hit from cloudfront
x-amz-request-id: R011T8D6074WM95E
x-amz-id-2: SXY6HzssdKiXtVCUKjMS8JZgjHP1fvF8hGLa179bdWTa+8e7jp//4fDw+5F3xziXimBXLiWlg5w=
accept-ranges: bytes
last-modified: Wed, 14 Jul 2021 03:20:34 GMT
server: AmazonS3
etag: "0687cdd0875281e24186a5d04ea53b84"
x-amz-version-id: 6M_eYIXerMPuqK1t4Va.dvd5LHOTckna
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-pop: EWR53-P1
content-length: 16158
content-type: image/webp
x-amz-cf-id: yOd5x263Dpel3f_4bQ5lEsYZQMlFQiUVq0ctfonDcWAzPrPHiKuAlg==

GET
H2 200 google_cloud_announ_thumb.png
marvel-b1-cdn.bc0a.com/f00000000216283/www.fortinet.com/content/dam/fortinet-blog/article-images/google_fabric_cloud/ 63 KB
64 KB 230ms
170ms Image
image/webp 2600:9000:2209:b600:0:f267:a5c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://marvel-b1-cdn.bc0a.com/f00000000216283/www.fortinet.com/content/dam/fortinet-blog/article-images/google_fabric_cloud/google_cloud_announ_thumb.png
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games'
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2209:b600:0:f267:a5c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 7f716b04f915d4461859021c4e75492b67ec0b956e14d7f7d2c4b7d3f33f13e8

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:09 GMT
via: 1.1 9d35ce6897d7f02042955443076a54de.cloudfront.net (CloudFront)
x-amz-request-id: T19ACEX3W1ZBJN4N
x-cache: Miss from cloudfront
content-length: 64654
x-amz-id-2: DjuomVtOApcNv4kEQ+BxM0pzx6SO9g2o1SVookSDIaYqHTDrG9IcUI4kbJQQfDk9ABdzhaUh2IE=
last-modified: Fri, 29 Apr 2022 21:11:08 GMT
server: AmazonS3
etag: "174d40137bb2668d37819c31a15bd154"
x-amz-version-id: csEwW16boe1DwZ7aKdW_1sXqz0xGAR7q
access-control-allow-origin: *
cache-control: max-age=31536000
x-amz-cf-pop: EWR53-P1
accept-ranges: bytes
content-type: image/webp
x-amz-cf-id: xHrMK1hSixIwjhorYnGPBzEiyhaSdKp-gwscET0JeqLUJqOpDwInQg==

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 157 B
434 B 51ms
26ms XHR
application/json 2606:4700:10::6814:b944
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

74b1612d1cb16d432cfd6542a7efe8f9297f1197025e044b9e0d9fa8e54befab

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.fortinet.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:08 GMT
content-encoding: gzip
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 71ac09942bb0ecf6-YUL
access-control-allow-headers: Content-Type

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.10.0/ 356 KB
78 KB 19ms
19ms Script
application/javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a23e0e46e16f067271bc79c92a917c13769848457d16cdf109e4dc04c687e8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 13 Jun 2022 16:00:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Bh9exWOPGIwRshWljrtlEw==
age: 20541123
vary: Accept-Encoding
content-length: 79698
x-ms-lease-status: unlocked
last-modified: Thu, 03 Dec 2020 02:43:00 GMT
server: cloudflare
etag: 0x8D89735260901BC
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 28487d86-701e-0130-706c-c4c499000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 71ac09945991ca5f-YUL

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/21f81f97-7d7e-4ec0-a244-66254c286eb2/ 62 KB
14 KB 18ms
18ms Fetch
application/x-javascript 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/21f81f97-7d7e-4ec0-a244-66254c286eb2/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9ffb8f3aec546bb06d1c4635ba17d29bf85c06c952e153034dae313250cbb829

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 13 Jun 2022 16:00:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: N/aNhuT6TciP7knaMxQGgw==
age: 13524
vary: Accept-Encoding
content-length: 14408
x-ms-lease-status: unlocked
last-modified: Fri, 12 Feb 2021 00:26:38 GMT
server: cloudflare
etag: 0x8D8CEECDCAD7A99
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 2f733433-c01e-0166-6215-b62ce9000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 71ac09949d1a4bcb-YUL
expires: Mon, 13 Jun 2022 20:00:08 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/6.10.0/assets/ 13 KB
4 KB 18ms
18ms Fetch
application/json 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.10.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8cdca3b36914e8a3f56390da71389944579faaae82704e53bd66f9c0387502f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 13 Jun 2022 16:00:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: W9e0YobmEbvdB0V9OmpQkw==
age: 13524
vary: Accept-Encoding
content-length: 3329
x-ms-lease-status: unlocked
last-modified: Thu, 03 Dec 2020 02:42:50 GMT
server: cloudflare
etag: 0x8D89735209A34D6
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: a9d5ccba-301e-011e-7f6c-c4445e000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 71ac0994cd664bcb-YUL

GET
H2 200 otPcTab.json Show response
cdn.cookielaw.org/scripttemplates/6.10.0/assets/v2/ 45 KB
12 KB 21ms
21ms Fetch
application/json 2606:4700::6810:9540
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.10.0/assets/v2/otPcTab.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:9540 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f9b2aaabab92d9c63930432351fa3f5aa634fcb5db31b039e23465f8b4bd5a68

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Mon, 13 Jun 2022 16:00:08 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: zNsRoM1FEmsEgJoYMCNTng==
age: 20540887
vary: Accept-Encoding
content-length: 11755
x-ms-lease-status: unlocked
last-modified: Thu, 03 Dec 2020 02:42:53 GMT
server: cloudflare
etag: 0x8D897352245C4EA
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 077a373d-a01e-00f1-7a6c-c40975000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=14400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 71ac0994cd674bcb-YUL

GET
DATA 200
OK truncated
/ 817 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

accept-language: en-CA,en;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 launch-EN23cb8375449840dc93b13f34d935b8b9.min.js Show response
assets.adobedtm.com/ 371 KB
79 KB 412ms
19ms Script
application/x-javascript 2600:141b:9000:498::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Requested by: Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:9000:498::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 19bd3758df2d4a24f8d2e334b6d44e8c4325ec9132cac300b1e1d5deeb1a97b1

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:09 GMT
content-encoding: gzip
last-modified: Thu, 09 Jun 2022 21:42:18 GMT
server: AkamaiNetStorage
etag: "679fbabc82edec8b7addc06da77eac6b:1654810938.149579"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 80789
expires: Mon, 13 Jun 2022 17:00:09 GMT

GET
H/1.1

200
OK

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=5.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1655136009231
https://dpm.demdex.net/id/rd?d_visid_ver=5.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1655136009231

367 B
1 KB

38ms
38ms

XHR
application/json

35.171.54.31
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=5.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1655136009231

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games'

Protocol

HTTP/1.1

Server

35.171.54.31 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-171-54-31.compute-1.amazonaws.com

Software

Resource Hash

63ca3ac1e4aed751d19450b7311aa25c3129683a3437631f2e3af596a37ab098

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

DCS: dcs-prod-va6-1-v034-0ea9745c4.edge-va6.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-TID: 0DMfwOv4Rgg=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.fortinet.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 307
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

DCS: dcs-prod-va6-1-v034-06f8ee44c.edge-va6.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Access-Control-Allow-Origin: https://www.fortinet.com
X-TID: YzPUo4viTTI=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/id/rd?d_visid_ver=5.3.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1655136009231
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/ 33 KB
12 KB 22ms
22ms Script
application/x-javascript 2600:141b:9000:498::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:9000:498::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 055e467aa53a9c0272d805bbc009ade8c74df5a8c1255271d753ac78fe179873

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:09 GMT
content-encoding: gzip
last-modified: Wed, 19 Jan 2022 22:18:26 GMT
server: AkamaiNetStorage
etag: "85722a02b6a7feb74d08ac7875516bee:1642630706.903013"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12243
expires: Mon, 13 Jun 2022 17:00:09 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/ 3 KB
2 KB 23ms
23ms Script
application/x-javascript 2600:141b:9000:498::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPa06d4a70bf964e93808ee073533d9238/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:9000:498::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: d4e77c7411d1de6efebf4278b9c98aa77dc2e5186cee271ac256138f17bef9f4

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:09 GMT
content-encoding: gzip
last-modified: Wed, 19 Jan 2022 22:18:27 GMT
server: AkamaiNetStorage
etag: "9355415074dbdbd216a19b61ce931ab2:1642630707.219535"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1599
expires: Mon, 13 Jun 2022 17:00:09 GMT

GET
H/1.1 200
OK 6si.min.js Show response
j.6sc.co/ 31 KB
10 KB 245ms
23ms Script
application/javascript 23.217.148.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games'

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.217.148.24 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-217-148-24.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

8e038b564510a45dc11799f74da367733f3db7f9c0a0434f1e90c44ec5168278

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Mon, 13 Jun 2022 16:00:09 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Connection: keep-alive
Vary: Accept-Encoding
Content-Length: 9715
Pragma: no-cache
Last-Modified: Thu, 05 May 2022 03:45:17 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "6273484d-7b02"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: application/javascript
Access-Control-Allow-Origin
Cache-Control: private, no-cache, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Mon, 13 Jun 2022 16:00:09 GMT

GET
H/1.1 200
OK obtp.js Show response
amplify.outbrain.com/cp/ 8 KB
3 KB 78ms
23ms Script
application/x-javascript 23.52.162.190
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://amplify.outbrain.com/cp/obtp.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games'
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.52.162.190 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-52-162-190.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 7e8ef05a55eafab5277e6449520107db94dfb01b497a52f283e7ffa6ee49363d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Mon, 13 Jun 2022 16:00:09 GMT
Content-Encoding: gzip
Last-Modified: Wed, 09 Feb 2022 12:30:38 GMT
Server: AkamaiNetStorage
ETag: "23b34d08f648c3f51b232443afced826:1644409863.170279"
Vary: Accept-Encoding
Content-Type: application/x-javascript
Cache-Control: max-age=1200
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3150
Expires: Mon, 13 Jun 2022 16:20:09 GMT

GET
H2 200 addthis_widget.js Show response
s7.addthis.com/js/300/ 353 KB
114 KB 245ms
24ms Script
application/javascript 23.198.216.120
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://s7.addthis.com/js/300/addthis_widget.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.198.216.120 Piscataway, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-198-216-120.deploy.static.akamaitechnologies.com

Software

nginx/1.15.8 /

Resource Hash

acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=15724800; includeSubDomains
content-encoding: gzip
last-modified: Mon, 26 Oct 2020 18:11:48 GMT
server: nginx/1.15.8
etag: "5f971164-5834c"
vary: Accept-Encoding
x-distribution: 99
content-type: application/javascript
cache-control: public, max-age=600
date: Mon, 13 Jun 2022 16:00:09 GMT
x-host: s7.addthis.com
content-length: 116361

GET
H2 200 RC448863e9e05a4b4880daa4a5fb7da328-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/ 358 B
495 B 19ms
19ms Script
application/x-javascript 2600:141b:9000:498::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/RC448863e9e05a4b4880daa4a5fb7da328-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:9000:498::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: fc972cefddf2d6c0c6b04d494c4d669b7f47b4fbe925ca1ef8ad1bdf5777407c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:09 GMT
content-encoding: gzip
last-modified: Thu, 09 Jun 2022 21:42:19 GMT
server: AkamaiNetStorage
etag: "676b0d0c2f7a2d68933d4b75937b10b7:1654810939.014522"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 229
expires: Mon, 13 Jun 2022 17:00:09 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 38 KB
12 KB 77ms
33ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

8540c5e2d2e85cc6c5d46b1b06b7f6642dce39e0314299a08976cfe6053c7c52

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
last-modified: Wed, 09 Feb 2022 23:54:49 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9DBAD55B01D84BFBACAA40F715504BEB Ref B: YTO01EDGE0521 Ref C: 2022-06-13T16:00:09Z
etag: "806a236c101ed81:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
access-control-allow-origin: *
cache-control: private,max-age=1800
date: Mon, 13 Jun 2022 16:00:08 GMT
accept-ranges: bytes
content-length: 11333

GET
H2 200 RC4566551d215d44c4824ebf3d9d3f9e69-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/ 5 KB
2 KB 19ms
18ms Script
application/x-javascript 2600:141b:9000:498::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/RC4566551d215d44c4824ebf3d9d3f9e69-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:9000:498::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 22a85475818964b346efc344e79f66d9284b2e76ee829db86a523656254fc6d5

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:09 GMT
content-encoding: gzip
last-modified: Thu, 09 Jun 2022 21:42:19 GMT
server: AkamaiNetStorage
etag: "676b0d0c2f7a2d68933d4b75937b10b7:1654810939.014522"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 1341
expires: Mon, 13 Jun 2022 17:00:09 GMT

GET
H2 200 RC52075bdc49924bc1a58a4118ed15476d-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/ 1 KB
803 B 19ms
19ms Script
application/x-javascript 2600:141b:9000:498::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/RC52075bdc49924bc1a58a4118ed15476d-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:9000:498::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 1aceab2451a22469791f72b4c621f9dbb977bc6593feb2a9d60cb1411d33d37b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:09 GMT
content-encoding: gzip
last-modified: Thu, 09 Jun 2022 21:42:19 GMT
server: AkamaiNetStorage
etag: "676b0d0c2f7a2d68933d4b75937b10b7:1654810939.014522"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 536
expires: Mon, 13 Jun 2022 17:00:09 GMT

GET
H/1.1 200
OK cachedClickId Show response
tr.outbrain.com/ 35 B
239 B 202ms
45ms Script
application/javascript 70.42.32.223
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL: https://tr.outbrain.com/cachedClickId?marketerId=00ad3119690e692fd6990245f9741ea8f1
Requested by: Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 70.42.32.223 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: 1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Mon, 13 Jun 2022 16:00:09 GMT
content-encoding: gzip
X-TraceId: eb4874c696b38ed591cebfd1306837db
Content-Length: 56
Content-Type: application/javascript

GET
H/1.1 200
OK unifiedPixel
tr.outbrain.com/ 43 B
256 B 176ms
19ms Image
image/gif 70.42.32.223
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://tr.outbrain.com/unifiedPixel?marketerId=00ad3119690e692fd6990245f9741ea8f1&obApiVersion=1.1&obtpVersion=1.6.0&name=PAGE_VIEW&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&optOut=false&bust=020110620623728037
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games'
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 70.42.32.223 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: 33ca751ed175a163bef530ebdcdbd0a2d15997ccbcbf8d50a6f504e8ffac5a5c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Mon, 13 Jun 2022 16:00:09 GMT
Cache-Control: no-cache
X-TraceId: 05321bf5de9e9b4ecec04fb003cbf426
content-encoding: gzip
Content-Length: 60
Content-Type: image/gif;

GET
H2 200 17532650.js Show response
bat.bing.com/p/action/ 219 B
495 B 205ms
205ms Script
application/javascript 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/17532650.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

/ ARR/3.0

Resource Hash

1db3a59ce17bdd4230dddbdb72cb8e50ecff0fbd84d50e81b0c9a5e126a39ca5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8EE6CCF32A6644788F6852B4A6E3F7A4 Ref B: YTO01EDGE0521 Ref C: 2022-06-13T16:00:09Z
x-powered-by: ARR/3.0
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: private,max-age=60
date: Mon, 13 Jun 2022 16:00:08 GMT
content-length: 300

GET
H2 204 0
bat.bing.com/action/ 0
176 B 34ms
33ms Image
text/plain 2620:1ec:c11::200
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=17532650&tm=al001&Ver=2&mid=e5c2c8c6-be99-4ec6-808c-4b0ebd530779&sid=e66c54f0eb3111eca1a00bed5160f7b4&vid=e66c68c0eb3111ec92e539e46562913a&vids=1&pi=1200101525&lg=en-US&sw=1600&sh=1200&sc=24&tl=404%20Page%20Not%20Found&p=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&r=&lt=1168&pt=1655136007581,,,,,0,1,122,122,194,145,194,492,493,496,1104,1104,1168,,,&pn=0,0&evt=pageLoad&msclkid=N&sv=1&rn=811536

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games'

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 347A8315618B42B69205E9B63C867158 Ref B: YTO01EDGE0521 Ref C: 2022-06-13T16:00:09Z
date: Mon, 13 Jun 2022 16:00:08 GMT
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK dest5.html Show response
fortinet.demdex.net/ Frame A3FF 7 KB
3 KB 98ms
26ms Document
text/html 34.199.16.170
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://fortinet.demdex.net/dest5.html?d_nsid=0

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

34.199.16.170 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-34-199-16-170.compute-1.amazonaws.com

Software

Resource Hash

7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.fortinet.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

Accept-Ranges: bytes
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Length: 2791
Content-Type: text/html;charset=UTF-8
DCS: dcs-prod-va6-1-v034-0321e58bb.edge-va6.demdex.com UNKNOWN
Expires: Thu, 01 Jan 1970 00:00:00 UTC
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-TID: /uIguvo3SKY=
content-encoding: gzip
date: Mon, 13 Jun 2022 16:00:09 GMT
last-modified: Wed, 8 Jun 2022 12:45:54 GMT
vary: accept-encoding

GET
H2 200 id Show response
metrics.fortinet.com/ 48 B
508 B 91ms
30ms XHR
application/x-javascript 63.140.38.123
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.fortinet.com/id?d_visid_ver=5.3.0&d_fieldgroup=A&mcorgid=ED8739F75677FE917F000101%40AdobeOrg&mid=14062383122417189740622058880665650434&ts=1655136009413

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.38.123 , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

jag /

Resource Hash

71db8379fcdffc5a00ba5c9aa889bf7188abc0fe6e37fc9806f5a4a03177fe3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

date: Mon, 13 Jun 2022 16:00:09 GMT
x-content-type-options: nosniff
server: jag
xserver: anedge-d754c8fcc-6nbbj
vary: Origin
x-c: main-1645.Id526ce.M0-571
p3p: CP="This is not a P3P policy"
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/x-javascript;charset=utf-8
content-length: 48
x-xss-protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=YqdfCQAAAD3DOQN_
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=13707351181557942300587681651171402890
https://dpm.demdex.net/ibs:dpid=411&dpuuid=YqdfCQAAAD3DOQN_

42 B
943 B

27ms
27ms

Image
image/gif

35.171.54.31
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=YqdfCQAAAD3DOQN_

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games'

Protocol

HTTP/1.1

Server

35.171.54.31 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-171-54-31.compute-1.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

DCS: dcs-prod-va6-2-v034-07c1033e4.edge-va6.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: fiG7X4sxQg4=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=YqdfCQAAAD3DOQN_
Date: Mon, 13 Jun 2022 16:00:09 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

GET
H/1.1 200
OK getuidj Show response
secure.adnxs.com/ 11 B
704 B 89ms
45ms XHR
application/json 68.67.179.164
ASN-APPNEX

General

Check archive.org

Show headers Download Go to

Full URL

https://secure.adnxs.com/getuidj

Requested by

Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_ECDSA, AES_128_GCM

Server

68.67.179.164 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

582.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 13 Jun 2022 16:00:09 GMT
X-Proxy-Origin: 149.56.153.189; 149.56.153.189; 582.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: e6311a46-ff05-48d5-8522-c426da32c3a7
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: https://www.fortinet.com
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Content-Length: 11
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1 200
OK / Show response
c.6sc.co/ 47 B
372 B 63ms
22ms XHR
text/plain 23.217.148.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.217.148.24 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-217-148-24.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: cf78e423128e590b0ecaedaacbab7a00054705512fca02a477a236fbbdb05f33

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Mon, 13 Jun 2022 16:00:09 GMT
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: text/plain
Access-Control-Allow-Origin: https://www.fortinet.com
Access-Control-Allow-Credentials: true
Connection: keep-alive
Access-Control-Allow-Headers: *
Content-Length: 47

GET
H2 200 / Show response
ipv6.6sc.co/ 20 B
256 B 72ms
19ms XHR
text/html 2600:141b:5000:59e::1c91
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:5000:59e::1c91 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 180c78ef7cfe1433cdecf0ff42f6e22f7fab4435cea2c43af15c43e6069faad0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 16:00:09 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2607:5300:60:7867::8
server-timing: cdn-cache; desc=HIT, edge; dur=1
content-length: 20
expires: Mon, 13 Jun 2022 16:00:09 GMT

GET
H2 200 moatframe.js Show response
z.moatads.com/addthismoatframe568911941483/ 2 KB
1 KB 76ms
26ms Script
application/x-javascript 104.118.9.242
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://z.moatads.com/addthismoatframe568911941483/moatframe.js
Requested by: Host: s7.addthis.com
URL: https://s7.addthis.com/js/300/addthis_widget.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 104.118.9.242 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-118-9-242.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:09 GMT
content-encoding: gzip
last-modified: Fri, 08 Nov 2019 20:13:52 GMT
server: AmazonS3
x-amz-request-id: 8CDB66B94D35BDA6
etag: "f14b4e1f799b14f798a195f43cf58376"
vary: Accept-Encoding
content-type: application/x-javascript
cache-control: max-age=20822
accept-ranges: bytes
content-length: 948
x-amz-id-2: kuJLoCwpFFA8kPEpCqX6J+hslcy///a0vlITZtc07hYIr8zPDNXg3x+H3ZRqroIv+eXDfhXdTfI=

GET
H2 200 api.min.js Show response
a.opmnstr.com/app/js/ 189 KB
53 KB 438ms
36ms Script
application/javascript 138.199.40.58
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://a.opmnstr.com/app/js/api.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 138.199.40.58 New York, United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-138-199-40-58.datapacket.com
Software: BunnyCDN-NY1-885 /
Resource Hash: 892ea632a364c2124e67fc5c066c87e1afd109c56a7e5fdae2e3fd3423a7aa5f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:10 GMT
content-encoding: br
cdn-edgestorageid: 885
perma-cache: HIT
cdn-storageserver: NY-347
cdn-cachedat: 06/09/2022 19:45:18
cdn-pullzone: 293267
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-requestpullcode: 200
server: BunnyCDN-NY1-885
access-control-allow-origin: *
last-modified: Thu, 09 Jun 2022 19:44:55 GMT
cdn-proxyver: 1.02
cdn-fileserver: 341
etag: W/"62a24db7-2f298"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
cdn-cache: HIT
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cdn-requestid: 7c1f56551277331ad8dbb2135d443abe
cdn-requestcountrycode: CA
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 445 B
432 B 77ms
26ms XHR
application/json 18.235.123.5
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.235.123.5 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-235-123-5.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 6ec3eaa960374bd8df144b340b0208053e7ca3e1b93278f533882c5a649a8eda

Request headers

User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Referer: https://www.fortinet.com/
accept-language: en-CA,en;q=0.9
Authorization: Token 82f0c18bd0395219670f57108eb160f3273629b2
EpsilonCookie: 675ddb1773310000095fa762e20100003cde0000

Response headers

date: Mon, 13 Jun 2022 16:00:10 GMT
content-encoding: gzip
server: nginx
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://www.fortinet.com
access-control-allow-credentials: true
content-length: 246

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 423ms
34ms Preflight 18.235.123.5
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.235.123.5 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-235-123-5.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,epsiloncookie
Access-Control-Request-Method: GET
Origin: https://www.fortinet.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,epsiloncookie
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.fortinet.com
access-control-max-age: 1800
date: Mon, 13 Jun 2022 16:00:09 GMT
server: nginx

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 413ms
43ms Image
image/gif 23.217.148.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=675ddb1773310000095fa762e20100003cde0000&session=928a699a-8bd1-4dd3-8500-58a38e5338cb&event=ipv6&q=%7B%22address%22%3A%222607%3A5300%3A60%3A7867%3A%3A8%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22404%20Page%20Not%20Found%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&pageViewId=357de213-af42-455a-898e-77cda6e37d97

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games'

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.217.148.24 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-217-148-24.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Mon, 13 Jun 2022 16:00:10 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Sat, 05 Jun 2021 07:56:05 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "60bb2e15-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 408ms
41ms Image
image/gif 23.217.148.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=675ddb1773310000095fa762e20100003cde0000&session=928a699a-8bd1-4dd3-8500-58a38e5338cb&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Mon%2C%2013%20Jun%202022%2016%3A00%3A09%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22404%20Page%20Not%20Found%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&pageViewId=357de213-af42-455a-898e-77cda6e37d97&an_uid=0

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games'

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.217.148.24 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-217-148-24.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Mon, 13 Jun 2022 16:00:10 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Tue, 05 Oct 2021 22:17:52 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "615ccf10-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 17532650 Show response
www.clarity.ms/tag/uet/ 2 KB
2 KB 403ms
40ms Script
application/x-javascript 2620:1ec:27::cafe:1906
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/uet/17532650
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/17532650.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:27::cafe:1906 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: / ASP.NET
Resource Hash: d499fa4e205a4cdb05469b1c270fedbd08fdb6899f16c3c96c475a4c86fa1231

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:09 GMT
x-powered-by: ASP.NET
x-azure-ref: 0Cl+nYgAAAACKQ8UYxYk7R5+OaQgw/gZoTllDRURHRTE1MTAANmNmYmVlZTAtNTAyNy00ODRiLTg5NjctNGEyOWFmNzdmMWUx
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
request-context: appId=cid-v1:3d284f99-f285-495c-ac33-dedd7ecf1ac8
content-length: 1585
expires: -1

GET
H2 200 clarity.js Show response
j.clarity.ms/s/0.6.34/ 53 KB
23 KB 171ms
52ms Script
application/javascript 20.85.30.134
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://j.clarity.ms/s/0.6.34/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/uet/17532650
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.85.30.134 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: ca63193ce799e4e00c9106349365981dc6e26cb77632ebf5df23dffba2aaccfa

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:09 GMT
content-encoding: br
etag: "1d87e8642decc54"
last-modified: Sun, 12 Jun 2022 18:00:12 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: public,max-age=86400
accept-ranges: bytes
content-length: 23150
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
H2 200 api.min.css
a.omappapi.com/app/js/ 18 KB
3 KB 141ms
37ms Stylesheet
text/css 138.199.40.58
CDN77 ^_^

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.css
Requested by: Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 138.199.40.58 New York, United States, ASN60068 (CDN77 ^_^, GB),
Reverse DNS: unn-138-199-40-58.datapacket.com
Software: BunnyCDN-NY1-885 /
Resource Hash: 4b99a75a42582fd22e780855dfb50880df624ce43988616f4b19dc7ba90f1250

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

cdn-storagebalancer: NY-346
date: Mon, 13 Jun 2022 16:00:10 GMT
content-encoding: br
cdn-edgestorageid: 885
perma-cache: MISS
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-cachedat: 06/09/2022 19:45:16
cdn-pullzone: 293267
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
x-amz-request-id: XBK8JP8146D0D8DJ
x-amz-id-2: j1ZaIT5iMkw1LNC/dPA+I8nA/XrIJ34WShDJ9DpXPyOrp7+CGUUEf/fnskEtc8buFSz7nIoD4y4=
server: BunnyCDN-NY1-885
access-control-allow-origin: *
last-modified: Thu, 09 Jun 2022 19:44:47 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
etag: W/"0bba6c591728c9a6ab3684c78e2569a5"
vary: Accept-Encoding, Accept-Encoding
content-type: text/css
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
cache-control: public, max-age=31919000
cdn-requestid: 77705a7974a1856193ac3785a8f3571d
cdn-requestcountrycode: CA
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 39852 Show response
api.omappapi.com/v2/embed/ 15 KB
3 KB 75ms
25ms XHR
application/json 52.85.61.120
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v2/embed/39852?d=fortinet.com
Requested by: Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.61.120 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-61-120.ewr53.r.cloudfront.net
Software: Pagely Gateway/1.5.1 /
Resource Hash: eff43e49142db1ab1ae6fee352b06a5db407ef4c4b88b5c21398a5e5b2020ace

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:09 GMT
content-encoding: gzip
x-cache-config: 0 0
x-amz-cf-pop: EWR53-P1
x-cache-status: HIT
x-cache: Miss from cloudfront
access-control-allow-headers: X-CSRF-Token
x-optinmonster-account: 45602
x-user-agent: standard--
last-modified: Thu, 24 Mar 2022 18:42:42 GMT
server: Pagely Gateway/1.5.1
etag: W/"6c16765a57d4b0ea0ebc93a9a30a9899"
vary: Accept-Encoding, User-Agent
content-type: application/json
via: 1.1 bf49d89d8a3c52a5998a7b465717a00e.cloudfront.net (CloudFront)
access-control-expose-headers: X-OptinMonster-Account, X-User-Agent
cache-control: public, max-age=30, stale-while-revalidate=1800
access-control-allow-origin: *
x-amz-cf-id: TU-D5SgwGUFHddY_Q2EH8jb0xtVOxfrAg-qXJYSZy5xJHe29Hpl0og==
expires: Mon, 13 Jun 2022 15:45:08 GMT

GET
H2 200 hotjar-1178304.js Show response
static.hotjar.com/c/ 5 KB
3 KB 66ms
27ms Script
application/javascript 54.230.163.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://static.hotjar.com/c/hotjar-1178304.js?sv=6

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.230.163.25 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-54-230-163-25.ewr53.r.cloudfront.net

Software

Resource Hash

3cb8513e2b91bee9f51fa4cacecd6d9f728f6763780f81c11e2ab26cb799a0ce

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:10 GMT
content-encoding: br
x-content-type-options: nosniff
cache-control: max-age=60
age: 34
etag: W/b86ff841a8e2234a8897793e26add04e
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
x-cache-hit: 1
cross-origin-resource-policy: cross-origin
x-amz-cf-pop: EWR53-C3
x-amz-cf-id: YvKMtb-QF3cHweTBCLeB6F0-l0PWki4Mbwq3AmNJBAIlBG5AW8HIxQ==
via: 1.1 37cc5671352ec3ac8f0d6d7b7c988e80.cloudfront.net (CloudFront)

GET
H2

200

wid.tracker.js Show response
www.argusplatform.com/js/
Redirect Chain

https://argusplatform.com/js/wid.tracker.js
https://www.argusplatform.com/js/wid.tracker.js

6 KB
2 KB

142ms
100ms

Script
application/javascript

52.208.8.226
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://www.argusplatform.com/js/wid.tracker.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games'
Protocol: H2
Server: 52.208.8.226 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-208-8-226.eu-west-1.compute.amazonaws.com
Software: Kestrel /
Resource Hash: 6fe9f9f7b377dc96c8b87655739234ae33479d20c2d8993f4ab01d3d8e4adb2a

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:10 GMT
content-encoding: gzip
last-modified: Sun, 12 Jun 2022 17:55:14 GMT
server: Kestrel
etag: "1d87e85913ef473-gzip"
vary: Accept-Encoding
content-type: application/javascript
accept-ranges: bytes
content-length: 2323

Redirect headers

location: https://www.argusplatform.com/js/wid.tracker.js
date: Mon, 13 Jun 2022 16:00:10 GMT
server: Apache/2.4.29 (Ubuntu)
content-length: 338
content-type: text/html; charset=iso-8859-1

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 101 KB
39 KB 84ms
38ms Script
application/javascript 2607:f8b0:4006:80a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-767980-1

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80a::2008 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

c3a0e18b4cb3e8dda176cf24c110a45e218b7c2700d3c6d16e98ab90456c9276

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:10 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 39768
x-xss-protection: 0
last-modified: Mon, 13 Jun 2022 15:19:28 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 13 Jun 2022 16:00:10 GMT

GET
H2 200 modules.b871a939666125f20d79.js Show response
script.hotjar.com/ 243 KB
63 KB 22ms
20ms Script
application/javascript 54.230.163.25
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://script.hotjar.com/modules.b871a939666125f20d79.js

Requested by

Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1178304.js?sv=6

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.230.163.25 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-54-230-163-25.ewr53.r.cloudfront.net

Software

Resource Hash

e5827fd8bddccf8f9ca7d06936e0bd6596f9ec6aca0652086c5d593a72d84435

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Thu, 09 Jun 2022 08:52:07 GMT
content-encoding: br
x-content-type-options: nosniff
age: 371283
x-cache: Hit from cloudfront
cross-origin-resource-policy: cross-origin
content-length: 64109
access-control-allow-origin: *
last-modified: Thu, 09 Jun 2022 08:51:29 GMT
etag: "a7a5f230aae7accf37f785c6590c07fa"
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 37cc5671352ec3ac8f0d6d7b7c988e80.cloudfront.net (CloudFront)
cache-control: max-age=31536000
x-amz-cf-pop: EWR53-C3
accept-ranges: bytes
x-robots-tag: none
x-amz-cf-id: RLxvmcZvsYQl5-L0KrE5NR3x6UyXvyNwfV9zWkoGFOdYnRzQEhaFbQ==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 70ms
20ms Script
text/javascript 2607:f8b0:4006:823::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::200e Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 13 Apr 2022 21:02:38 GMT
server: Golfe2
age: 4230
date: Mon, 13 Jun 2022 14:49:40 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Mon, 13 Jun 2022 16:49:40 GMT

GET
H2 200 s34511105685342
metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.22.4-LCS4/ 43 B
352 B 30ms
27ms Image
image/gif 63.140.38.123
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.22.4-LCS4/s34511105685342?AQB=1&ndh=1&pf=1&t=13%2F5%2F2022%2016%3A0%3A10%201%200&mid=14062383122417189740622058880665650434&aamlh=7&ce=UTF-8&pageName=BLOG%3A404%3Ahttps%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&g=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&cc=USD&pageType=errorPage&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&v1=www.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&c7=Entire%20Site&c8=New&v27=BLOG&v33=en%3Ablog%3Athreat-research%3Awiper-malware-riding-tokyo-olympic-games%27&v35=Enabled&v101=Not%20Identified&v102=Not%20Identified&v103=Not%20Identified&v104=Not%20Identified&v105=Not%20Identified&v106=Montreal&v107=Quebec&v108=Canada&v109=Not%20Identified&v110=Not%20Identified&v111=Not%20Identified&v112=Not%20Identified&v113=Not%20Identified&v126=Low&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=ED8739F75677FE917F000101%40AdobeOrg&AQE=1

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.38.123 , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:10 GMT
x-content-type-options: nosniff
x-c: main-1645.Id526ce.M0-571
p3p: CP="This is not a P3P policy"
vary: *
content-length: 43
x-xss-protection: 1; mode=block
pragma: no-cache
last-modified: Tue, 14 Jun 2022 16:00:10 GMT
server: jag
xserver: anedge-5f9f5f749c-dztjf
etag: 3554377517069533184-4619339859835162669
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif;charset=utf-8
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, no-transform, private
expires: Sun, 12 Jun 2022 16:00:10 GMT

GET
H2 200 box-63c3a81830bf549dafe40b369003f751.html Show response
vars.hotjar.com/ Frame 708A 2 KB
1 KB 65ms
18ms Document
text/html 52.85.61.99
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://vars.hotjar.com/box-63c3a81830bf549dafe40b369003f751.html
Requested by: Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1178304.js?sv=6
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.85.61.99 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-85-61-99.ewr53.r.cloudfront.net
Software: /
Resource Hash: f05ac9ba83369cd58d06d8ee2e5f8d61c040d30d044e20752153f95577627dc6

Request headers

Referer: https://www.fortinet.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

accept-ranges: bytes
age: 1153563
cache-control: max-age=31536000
content-encoding: br
content-length: 1044
content-type: text/html
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Tue, 31 May 2022 07:34:06 GMT
etag: "e6fb1304cb60a0dea0f76f7077cb13c6"
last-modified: Tue, 31 May 2022 07:33:23 GMT
vary: Accept-Encoding
via: 1.1 acbc1e922360be31edf0371abdc7a3a4.cloudfront.net (CloudFront)
x-amz-cf-id: QYrL_3oXzHTTqQvq5Nqmfr0eTbZmGEylLMjhOlF7ZCyFOxU8seORRQ==
x-amz-cf-pop: EWR53-P1
x-cache: Hit from cloudfront
x-robots-tag: none

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
207 B 32ms
31ms XHR
text/plain 2607:f8b0:4006:823::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j96&a=640625784&t=pageview&_s=1&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&ul=en-us&de=UTF-8&dt=404%20Page%20Not%20Found&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=797976680&gjid=1783351239&cid=656264877.1655136010&tid=UA-767980-1&_gid=1031228593.1655136010&_r=1&gtm=2ou680&z=1822465326

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::200e Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 16:00:10 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect Show response
j.clarity.ms/ 0
94 B 75ms
74ms XHR
text/plain 20.85.30.134
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://j.clarity.ms/collect
Requested by: Host: j.clarity.ms
URL: https://j.clarity.ms/s/0.6.34/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.85.30.134 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.fortinet.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

access-control-allow-origin: https://www.fortinet.com
date: Mon, 13 Jun 2022 16:00:10 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 40ms
39ms Image
image/gif 23.217.148.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=675ddb1773310000095fa762e20100003cde0000&session=928a699a-8bd1-4dd3-8500-58a38e5338cb&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2013%20Jun%202022%2016%3A00%3A10%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2013%20Jun%202022%2016%3A00%3A09%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%221001%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22404%20Page%20Not%20Found%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&pageViewId=357de213-af42-455a-898e-77cda6e37d97&an_uid=0

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games'

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.217.148.24 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-217-148-24.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Mon, 13 Jun 2022 16:00:10 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 18:57:20 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502810-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H2 200 RCd1fccef08b0148f5b82f654398f18bb4-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/ 959 B
811 B 20ms
19ms Script
application/x-javascript 2600:141b:9000:498::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/RCd1fccef08b0148f5b82f654398f18bb4-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:9000:498::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: b5634ae0237967857485f304ef8cbdff287cb8b5e4a8afe7bc317d4858ec4a93

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:10 GMT
content-encoding: gzip
last-modified: Thu, 09 Jun 2022 21:42:19 GMT
server: AkamaiNetStorage
etag: "676b0d0c2f7a2d68933d4b75937b10b7:1654810939.014522"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 544
expires: Mon, 13 Jun 2022 17:00:10 GMT

GET
H2 200 RCcd84e40d19c24776bef77836ab2f8df6-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/ 819 B
768 B 21ms
20ms Script
application/x-javascript 2600:141b:9000:498::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/RCcd84e40d19c24776bef77836ab2f8df6-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:9000:498::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: c677d331e6dbf3725d0906d727569d910193a821d4b38f934fa7c18677e73406

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:10 GMT
content-encoding: gzip
last-modified: Thu, 09 Jun 2022 21:42:19 GMT
server: AkamaiNetStorage
etag: "676b0d0c2f7a2d68933d4b75937b10b7:1654810939.014522"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 502
expires: Mon, 13 Jun 2022 17:00:10 GMT

GET
H2 200 RCf5bd1991cad84a7294a7b609189a1fa5-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/ 1021 B
867 B 22ms
22ms Script
application/x-javascript 2600:141b:9000:498::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/RCf5bd1991cad84a7294a7b609189a1fa5-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:9000:498::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a631882b4c7a29ca3732e330495ba099089c3721eb749038cb75ab7d1ec67ae9

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:10 GMT
content-encoding: gzip
last-modified: Thu, 09 Jun 2022 21:42:19 GMT
server: AkamaiNetStorage
etag: "676b0d0c2f7a2d68933d4b75937b10b7:1654810939.014522"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 601
expires: Mon, 13 Jun 2022 17:00:10 GMT

GET
H2 200 RC5c60a51709a94068afbf065e1448b617-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/ 664 B
666 B 22ms
22ms Script
application/x-javascript 2600:141b:9000:498::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/RC5c60a51709a94068afbf065e1448b617-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:9000:498::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: b758214ecf83fc7b9fa5e36077f36e8c65d8a2ddecddc999e9503fe45b1bf570

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:10 GMT
content-encoding: gzip
last-modified: Thu, 09 Jun 2022 21:42:19 GMT
server: AkamaiNetStorage
etag: "676b0d0c2f7a2d68933d4b75937b10b7:1654810939.014522"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 400
expires: Mon, 13 Jun 2022 17:00:10 GMT

GET
H2 200 RC190d282f2b9c4848b2ea08ca5751fa40-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/ 2 KB
1022 B 22ms
22ms Script
application/x-javascript 2600:141b:9000:498::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/RC190d282f2b9c4848b2ea08ca5751fa40-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:9000:498::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: c0e5562492756ff60efba71c04d05ac022317876e441cbb55df2bc45bd6d7f8e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:10 GMT
content-encoding: gzip
last-modified: Thu, 09 Jun 2022 21:42:19 GMT
server: AkamaiNetStorage
etag: "676b0d0c2f7a2d68933d4b75937b10b7:1654810939.014522"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 755
expires: Mon, 13 Jun 2022 17:00:10 GMT

GET
H2 200 RCf7f107dbff1d4418b8440adaefff3dc0-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/ 847 B
743 B 25ms
25ms Script
application/x-javascript 2600:141b:9000:498::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/RCf7f107dbff1d4418b8440adaefff3dc0-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:9000:498::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 577c5cd56441f867da7efc69271b5b14f4ac90f71965cc2369fa8580a7dc049d

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:10 GMT
content-encoding: gzip
last-modified: Thu, 09 Jun 2022 21:42:19 GMT
server: AkamaiNetStorage
etag: "676b0d0c2f7a2d68933d4b75937b10b7:1654810939.014522"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 476
expires: Mon, 13 Jun 2022 17:00:10 GMT

GET
H2 200 RC7be3d22b2fd6487ca9390477738587fe-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/ 819 B
767 B 29ms
29ms Script
application/x-javascript 2600:141b:9000:498::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/RC7be3d22b2fd6487ca9390477738587fe-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:9000:498::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 72e93127eb1e6f10a0b7f62b3600bdbdd552348f22d85917f37dd9550c763269

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:10 GMT
content-encoding: gzip
last-modified: Thu, 09 Jun 2022 21:42:19 GMT
server: AkamaiNetStorage
etag: "676b0d0c2f7a2d68933d4b75937b10b7:1654810939.014522"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 501
expires: Mon, 13 Jun 2022 17:00:10 GMT

GET
H2 200 RC50087428705b45feb485321e405537a0-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/ 1 KB
940 B 29ms
29ms Script
application/x-javascript 2600:141b:9000:498::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/RC50087428705b45feb485321e405537a0-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:9000:498::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 9739d9fb85847b8a51b6eeeaa134f2a13c866c7a6fd3b27eb9d58a7ff3fb1e1f

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:10 GMT
content-encoding: gzip
last-modified: Thu, 09 Jun 2022 21:42:19 GMT
server: AkamaiNetStorage
etag: "676b0d0c2f7a2d68933d4b75937b10b7:1654810939.014522"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 673
expires: Mon, 13 Jun 2022 17:00:10 GMT

GET
H2 200 RC407b573180554ea6b11eecdc31ecbd3f-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/ 819 B
766 B 31ms
31ms Script
application/x-javascript 2600:141b:9000:498::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/RC407b573180554ea6b11eecdc31ecbd3f-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:9000:498::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 5d9631cd898faa4142b95f905a8295de46a87e2454bf22a04eea0e6d94e19405

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:10 GMT
content-encoding: gzip
last-modified: Thu, 09 Jun 2022 21:42:19 GMT
server: AkamaiNetStorage
etag: "676b0d0c2f7a2d68933d4b75937b10b7:1654810939.014522"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 500
expires: Mon, 13 Jun 2022 17:00:10 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 108 KB
42 KB 127ms
81ms Script
application/javascript 2607:f8b0:4006:80a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-662878185&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-767980-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80a::2008 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bc3fd37e2013a20260f62669972171bd7231397a3efe8ad317a20517df44f1b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:10 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43287
x-xss-protection: 0
last-modified: Mon, 13 Jun 2022 15:19:28 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 13 Jun 2022 16:00:10 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 104 KB
40 KB 124ms
79ms Script
application/javascript 2607:f8b0:4006:80a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-10050195&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-767980-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80a::2008 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5f8b18809316f4c6a0c7c0c8e356f94e375e5995fd7b8ef55e9b331441eb97cd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:10 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 40962
x-xss-protection: 0
last-modified: Mon, 13 Jun 2022 15:24:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 13 Jun 2022 16:00:10 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 108 KB
42 KB 129ms
85ms Script
application/javascript 2607:f8b0:4006:80a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-609297413&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-767980-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80a::2008 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

7c85792ac7d7aca58ff173a3bc3990213d25ff692c67c047c7abbba619f76824

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:10 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43283
x-xss-protection: 0
last-modified: Mon, 13 Jun 2022 15:19:28 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 13 Jun 2022 16:00:10 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 108 KB
42 KB 119ms
75ms Script
application/javascript 2607:f8b0:4006:80a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-729495989&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-767980-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80a::2008 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9b71ecb91b5321f35e8f6cc9ee973f18eb7dc451cdd4cf2f4ed668434d29da57

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:10 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43287
x-xss-protection: 0
last-modified: Mon, 13 Jun 2022 15:24:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 13 Jun 2022 16:00:10 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 153 KB
57 KB 99ms
58ms Script
application/javascript 2607:f8b0:4006:80a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-748285774&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-767980-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80a::2008 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

a8a9305d0e4e3843c4db5dc024149ebd0c16403d3486a487258b09440da3b5cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:10 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 58099
x-xss-protection: 0
last-modified: Mon, 13 Jun 2022 15:19:28 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 13 Jun 2022 16:00:10 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 153 KB
57 KB 82ms
41ms Script
application/javascript 2607:f8b0:4006:80a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-748285774&l=dataLayer

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80a::2008 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ff5cc552b812416ea1d808affd2174d45a7dacb9cfaac27bc47667e7cae38321

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:10 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 58078
x-xss-protection: 0
last-modified: Mon, 13 Jun 2022 15:19:28 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 13 Jun 2022 16:00:10 GMT

GET
H2 200 RCf940460311f349b5af69d075bdef61d4-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/ 368 B
502 B 25ms
24ms Script
application/x-javascript 2600:141b:9000:498::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/RCf940460311f349b5af69d075bdef61d4-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:9000:498::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: d7f526bf4ca555b5d7c241660e774e94a50a8b0af5ec3163967bcdfd5118bf43

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:10 GMT
content-encoding: gzip
last-modified: Thu, 09 Jun 2022 21:42:19 GMT
server: AkamaiNetStorage
etag: "676b0d0c2f7a2d68933d4b75937b10b7:1654810939.014522"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 235
expires: Mon, 13 Jun 2022 17:00:10 GMT

GET
H2 200 RCcb6e8e438d1741e6854bf3a039a2565a-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/ 754 B
714 B 25ms
25ms Script
application/x-javascript 2600:141b:9000:498::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/RCcb6e8e438d1741e6854bf3a039a2565a-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:9000:498::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 8f43a20a77df4f1d340514051b4ac1ced808e385906e2b17ae0304c69e15f4b5

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:10 GMT
content-encoding: gzip
last-modified: Thu, 09 Jun 2022 21:42:19 GMT
server: AkamaiNetStorage
etag: "676b0d0c2f7a2d68933d4b75937b10b7:1654810939.014522"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 447
expires: Mon, 13 Jun 2022 17:00:10 GMT

GET
H2 200 RC3bae6526bab9473dbbab7449e16ead11-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/ 579 B
588 B 27ms
27ms Script
application/x-javascript 2600:141b:9000:498::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/RC3bae6526bab9473dbbab7449e16ead11-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:9000:498::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 768cfede61cd258af7d076ffa94861c20a89596514d5e0aa8be485e6eb7ded24

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:10 GMT
content-encoding: gzip
last-modified: Thu, 09 Jun 2022 21:42:19 GMT
server: AkamaiNetStorage
etag: "676b0d0c2f7a2d68933d4b75937b10b7:1654810939.014522"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 322
expires: Mon, 13 Jun 2022 17:00:10 GMT

GET
H2 200 RC770ba43e575a4f14a13af5ea84878a36-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/ 892 B
705 B 27ms
26ms Script
application/x-javascript 2600:141b:9000:498::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/RC770ba43e575a4f14a13af5ea84878a36-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:9000:498::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 3e30683f631b6baf6eaa6c3085257aa4d8477d78b5a18114d45be8ec508f4d9a

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:10 GMT
content-encoding: gzip
last-modified: Thu, 09 Jun 2022 21:42:19 GMT
server: AkamaiNetStorage
etag: "676b0d0c2f7a2d68933d4b75937b10b7:1654810939.014522"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 438
expires: Mon, 13 Jun 2022 17:00:10 GMT

GET
H2 200 RCe61896415d84436c959b7a66783b3417-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/ 1 KB
817 B 30ms
29ms Script
application/x-javascript 2600:141b:9000:498::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/RCe61896415d84436c959b7a66783b3417-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:9000:498::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 9bf968984db9eb56d5901734276c26ce217ead12c0368a1f4850f79aa3bf34d4

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:10 GMT
content-encoding: gzip
last-modified: Thu, 09 Jun 2022 21:42:19 GMT
server: AkamaiNetStorage
etag: "676b0d0c2f7a2d68933d4b75937b10b7:1654810939.014522"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 550
expires: Mon, 13 Jun 2022 17:00:10 GMT

GET
H2 200 RC0829ccf7bc5a44478ae2705d4c111c37-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/ 966 B
819 B 30ms
30ms Script
application/x-javascript 2600:141b:9000:498::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/d608c0801515/RC0829ccf7bc5a44478ae2705d4c111c37-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:9000:498::1e80 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: dfbce1ce67f80cf1baa23bf614fcce2e20b77efc054ad43e6e30f671d4603fcb

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:10 GMT
content-encoding: gzip
last-modified: Thu, 09 Jun 2022 21:42:19 GMT
server: AkamaiNetStorage
etag: "676b0d0c2f7a2d68933d4b75937b10b7:1654810939.014522"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 552
expires: Mon, 13 Jun 2022 17:00:10 GMT

GET
H2 200 geofeed Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/location/ 166 B
373 B 60ms
31ms Script
text/javascript 2606:4700:10::6814:b944
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location/geofeed

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6814:b944 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

430c9039cb907617877c2533c4504acca0e3265dd3b58c903360c2a7780da618

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:10 GMT
content-encoding: gzip
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: text/javascript
strict-transport-security: max-age=31536000; includeSubDomains; preload
cf-ray: 71ac09a289434bc5-YUL

GET
H/1.1 202
Accepted / Show response
pixels.argusplatform.com/wh/track/ 33 B
286 B 302ms
100ms XHR
application/json 34.251.139.24
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://pixels.argusplatform.com/wh/track/?site_id=C6AC00C8269540D0ABFF19F1B5558B6D&visitor_id=1655136011563644613&event_type=page_request&timestamp=1655136011&page_title=404%20Page%20Not%20Found&page_url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&page_url_referer=
Requested by: Host: argusplatform.com
URL: https://argusplatform.com/js/wid.tracker.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 34.251.139.24 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-251-139-24.eu-west-1.compute.amazonaws.com
Software: Kestrel /
Resource Hash: eec6b719c1df15556a3581632c1010a34d2f19f42481c6f875ab3ff21337748c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Access-Control-Allow-Origin: *
Date: Mon, 13 Jun 2022 16:00:10 GMT
Server: Kestrel
Connection: Keep-Alive
Keep-Alive: timeout=5, max=100
Transfer-Encoding: chunked
Content-Type: application/json; charset=utf-8

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=7A87149D30F54682A7DDFE1A71BBC1BD&RedC=c.clarity.ms&MXFR=1F4C7B1AC5DB63821ED36AD8C1DB6D88
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=7A87149D30F54682A7DDFE1A71BBC1BD&MUID=293315937A536325379C04517BF96280

42 B
440 B

31ms
31ms

Image
image/gif

20.110.81.91
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=7A87149D30F54682A7DDFE1A71BBC1BD&MUID=293315937A536325379C04517BF96280
Protocol: H2
Server: 20.110.81.91 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 16:00:10 GMT
last-modified: Wed, 06 Apr 2022 19:10:39 GMT
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
etag: "77ff271ea49d81:0"
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-type: image/gif
content-length: 42

Redirect headers

pragma: no-cache
date: Mon, 13 Jun 2022 16:00:09 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 1E8ED420FDB349BDBFFD4C8B445AB7A8 Ref B: YTO01EDGE0521 Ref C: 2022-06-13T16:00:10Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=7A87149D30F54682A7DDFE1A71BBC1BD&MUID=293315937A536325379C04517BF96280
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 108 KB
42 KB 48ms
38ms Script
application/javascript 2607:f8b0:4006:80a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-631698094

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80a::2008 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

dc5eb5ae3b8a40bd008326b594f8ce4bf3585cc1616283dc6e09d167135e0626

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:10 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 43279
x-xss-protection: 0
last-modified: Mon, 13 Jun 2022 15:24:00 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 13 Jun 2022 16:00:10 GMT

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 51 KB
17 KB 98ms
20ms Script
text/javascript 2600:9000:2209:d800:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games'
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2209:d800:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 2c510c691b7c0ac37b6d4037e3f73509accc0bd60246d85ccd3a196e75b1fd98

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

X-Amz-Version-Id: orWA146CD9P2lORNaQHGwaslIwc1AsG9
Content-Encoding: gzip
Etag: W/"406b8320e0c0d1d961ec82c086c1624d"
Age: 1396
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Vary: Accept-Encoding
Via: 1.1 11140291d542e546b40770525cf1e1b4.cloudfront.net (CloudFront)
Last-Modified: Thu, 02 Jun 2022 20:06:29 GMT
Server: AmazonS3
Date: Mon, 13 Jun 2022 15:36:55 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: EWR53-P1
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: OtlxSSSxk2xellwKb6R4sISOxT51-VEQlwY92a3wA7Y684o71nE5dQ==

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 152 KB
56 KB 39ms
39ms Script
application/javascript 2607:f8b0:4006:80a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-10828733185&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-767980-1

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:80a::2008 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5ddc949ce3677f3b7452e26b814215f9e013ab5fdff8fa6ab4308a7583fe136b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:10 GMT
content-encoding: br
vary: Accept-Encoding
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 57600
x-xss-protection: 0
last-modified: Mon, 13 Jun 2022 15:19:28 GMT
server: Google Tag Manager
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Mon, 13 Jun 2022 16:00:10 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 49 KB
14 KB 84ms
24ms Script
application/javascript 146.75.32.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games'
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 146.75.32.157 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 05448e9440e5f8a66395d7d66a9bfcb9614a80e4e181f6347cd742ec36725ca6

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:10 GMT
content-encoding: gzip
last-modified: Wed, 08 Jun 2022 18:12:45 GMT
etag: "90b3a450b1a5741eca2aac717f3ebbc2+gzip"
vary: Accept-Encoding,Host
x-tw-cdn: FT
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
cache-control: no-cache
x-cache: HIT
accept-ranges: bytes
content-type: application/javascript; charset=utf-8
content-length: 13714
x-served-by: cache-iad-kjyo7100028-IAD

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 100 KB
27 KB 59ms
20ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games'

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

3d79854e01d0c79408c548889dcfddd23e4ef10f11c698c831b570573ee13b97

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 26344
x-xss-protection: 0
pragma: public
x-fb-debug: rJVwrgagasTwpaSxF1L7jCSCqgF1+ipfTWeXZD4QeNmXF1b94OJTM7pVQK39K9oWZZtotpn+fPwCbvCScoMRyA==
x-fb-trip-id: 1512268381
x-frame-options: DENY
cross-origin-opener-policy: same-origin-allow-popups
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
date: Mon, 13 Jun 2022 16:00:10 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 tag.aspx Show response
ml314.com/ 31 KB
32 KB 37ms
11ms Script
application/javascript 34.111.234.236
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/tag.aspx?135
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games'
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.234.236 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 236.234.111.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 75d893335a1d25db1bf02e25ab904d97a3af743128850d8566b93d197e56e9e9

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 15:04:46 GMT
age: 3324
x-guploader-uploadid: ADPycdvuPEIblYmwk9GL7UuHBvQFeqZYHAPWYbDs5_LaLnSd3Lyhb1I10qddAoSlzDZvM0muYItBvw_VK6NjOkq41BYHJA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 32025
last-modified: Mon, 04 Apr 2022 15:43:44 GMT
server: UploadServer
cache-control: public,max-age=3600
etag: "25b1f355dd487bdf5381a749056080c4"
x-goog-hash: crc32c=dPpbog==, md5=JbHzVd1Ie99TgadJBWCAxA==
x-goog-generation: 1649087024620619
cache-id: YUL-62c5aa93
x-cache-hit: hit
x-goog-stored-content-length: 32025
accept-ranges: bytes
content-type: application/javascript

GET
H/1.1 200 spx Show response
dx.mountain.com/ 14 KB
4 KB 329ms
82ms Script
application/javascript 54.69.255.140
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=32336&tdr=&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&cb=98889178096518800term=value
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games'
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 54.69.255.140 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-69-255-140.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 2d30481118d030a0d1f1520cf21750723e11a6cf31213ce763f82f911c322a91

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:10 GMT
content-encoding: gzip
connection: close
content-type: application/javascript;charset=utf-8
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 8 KB
3 KB 68ms
20ms Script
application/x-javascript 2600:141b:13::17d7:82d0
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games'
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2600:141b:13::17d7:82d0 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Mon, 13 Jun 2022 16:00:10 GMT
Content-Encoding: gzip
Last-Modified: Wed, 13 Apr 2022 23:25:22 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=57005
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 3085

GET
H3

200

wiper-malware-riding-tokyo-olympic-games';dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=4581714027837.542 Show response
10104846.fls.doubleclick.net/activityi;dc_pre=CNjU7Y_mqvgCFeuHgwgdYyoEgw;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/ Frame 64DF
Redirect Chain

https://10104846.fls.doubleclick.net/activityi;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games';dc_lat=;dc_rdid=;tag_f...
https://10104846.fls.doubleclick.net/activityi;dc_pre=CNjU7Y_mqvgCFeuHgwgdYyoEgw;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-oly...

650 B
496 B

86ms
41ms

Document
text/html

142.250.65.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10104846.fls.doubleclick.net/activityi;dc_pre=CNjU7Y_mqvgCFeuHgwgdYyoEgw;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games';dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=4581714027837.542?

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f6.1e100.net

Software

cafe /

Resource Hash

0af17dceec23cd7c792b3d9eea0213f32fd711bab773feefe9a5e4902769d3d1

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 471
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 13 Jun 2022 16:00:10 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 13 Jun 2022 16:00:10 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://10104846.fls.doubleclick.net/activityi;dc_pre=CNjU7Y_mqvgCFeuHgwgdYyoEgw;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games';dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=4581714027837.542?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 iztag.js Show response
tags.inzynk.io/0ulh3gex/ 17 KB
18 KB 87ms
21ms Script
application/octet-stream 2600:9000:2209:6a00:12:dfa9:e200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.inzynk.io/0ulh3gex/iztag.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2209:6a00:12:dfa9:e200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 86a650683b7f2d79218dab2e8c7c934edaf8251fefd911b35d142d26f26055f5

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 12:59:02 GMT
via: 1.1 c22d4946ef5faea12b8d3942ceb9259a.cloudfront.net (CloudFront)
last-modified: Wed, 25 May 2022 10:11:22 GMT
server: AmazonS3
age: 11207
etag: "226826698dfaf258905f90aa4646e384"
x-cache: Hit from cloudfront
content-type: application/octet-stream
x-amz-cf-pop: EWR53-P1
accept-ranges: bytes
content-length: 17723
x-amz-cf-id: lyW7gF35arKKEq-cRP7TQYZj4SpD8Zf1WmqmdX61fozITioCSqJIZw==

GET
H2 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 39 KB
15 KB 120ms
55ms Script
text/javascript 142.250.80.34
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-662878185&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.80.34 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga34s34-in-f2.1e100.net

Software

cafe /

Resource Hash

b13e8f56e638d96f185c3874dee84d41452c5026179e1b1260fa54cd32afe50f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:10 GMT
content-encoding: gzip
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15073
x-xss-protection: 0
server: cafe
etag: 14959697428163462746
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Mon, 13 Jun 2022 16:00:10 GMT

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/exp/
Redirect Chain

https://s.adroll.com/j/exp/7OBVBCAQE5FHDPFEAD5T4D/index.js
https://s.adroll.com/j/exp/index.js

28 B
762 B

20ms
20ms

Script
application/javascript

2600:9000:2209:d800:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/exp/index.js
Protocol: HTTP/1.1
Server: 2600:9000:2209:d800:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

X-Amz-Version-Id: QCXe6z8Ijv28a3Z6pj7cPKMX4fdClAik
Via: 1.1 52b969a4ab7956a248b07efba57c92a4.cloudfront.net (CloudFront)
Etag: "5816cced8568d223aa09d889f300692b"
Age: 56051
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 28
Last-Modified: Wed, 18 May 2022 19:09:46 GMT
Server: AmazonS3
Date: Mon, 13 Jun 2022 00:26:02 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: EWR53-P1
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: ga2O1-FO1KSphkyNlqYto1Vun4h98Up4GRhpdEHDQQJbnxoM8veSUQ==

Redirect headers

Date: Sun, 12 Jun 2022 18:05:45 GMT
Via: 1.1 11140291d542e546b40770525cf1e1b4.cloudfront.net (CloudFront)
Age: 78864
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Server: AmazonS3
Location: https://s.adroll.com/j/exp/index.js
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/xml
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: EWR53-P1
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: hGeF2vRaI-1EmFud7yOYjCA3NcC8ceceeEpayRB8EgdN_6W7Aai3Sg==

GET
H/1.1

200
OK

index.js Show response
s.adroll.com/j/pre/
Redirect Chain

https://s.adroll.com/j/pre/7OBVBCAQE5FHDPFEAD5T4D/GIVUJ77KRNF4LOPGYJ6RS5/fpconsent.js
https://s.adroll.com/j/pre/index.js

0
733 B

19ms
19ms

Script
application/javascript

2600:9000:2209:d800:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/index.js
Protocol: HTTP/1.1
Server: 2600:9000:2209:d800:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

X-Amz-Version-Id: nQEe8wQ7h0ROt7P4GJfDfstto6x684Hy
Via: 1.1 11140291d542e546b40770525cf1e1b4.cloudfront.net (CloudFront)
Etag: "d41d8cd98f00b204e9800998ecf8427e"
Age: 56046
X-Amz-Server-Side-Encryption: AES256
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Last-Modified: Wed, 15 Jan 2020 23:54:18 GMT
Server: AmazonS3
Date: Mon, 13 Jun 2022 00:26:06 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: EWR53-P1
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: SQHGD_K2jlDrsRlovHJqsPghMnNDMPhTqOW4WuY0mWOb590qcKPIjA==

Redirect headers

Date: Mon, 13 Jun 2022 07:04:02 GMT
Via: 1.1 11140291d542e546b40770525cf1e1b4.cloudfront.net (CloudFront)
Age: 32168
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 0
Server: AmazonS3
Location: https://s.adroll.com/j/pre/index.js
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/xml
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: EWR53-P1
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: IusxQWFkVo_yi_5v9hnKE8NMULiazBOJimm86RXqRPsSMiVLP7a2pA==

GET
H/1.1 200
OK index.js Show response
s.adroll.com/j/pre/7OBVBCAQE5FHDPFEAD5T4D/GIVUJ77KRNF4LOPGYJ6RS5/ 4 KB
3 KB 55ms
20ms Script
text/javascript 2600:9000:2209:d800:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/pre/7OBVBCAQE5FHDPFEAD5T4D/GIVUJ77KRNF4LOPGYJ6RS5/index.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2209:d800:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 41f1e9970b646aadac0f40543bb08b21e49990bf1b09392d1ef4d71b275069ea

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

X-Amz-Version-Id: Zm6YSR1_qm87cQ3z.a5Rxb97Nz6Ly9li
Content-Encoding: gzip
Etag: W/"33ed216ef4569e95a97e55fb39d91d38"
Age: 3506
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Vary: Accept-Encoding
Via: 1.1 52b969a4ab7956a248b07efba57c92a4.cloudfront.net (CloudFront)
Last-Modified: Wed, 08 Jun 2022 20:43:02 GMT
Server: AmazonS3
Date: Mon, 13 Jun 2022 15:02:54 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: EWR53-P1
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: ZPtEQU95_nW8fwlanUmsPny1f-8FejAsmQ_G0iEvAhr3KLiIkXlBZw==

GET
H3 200 utsync.ashx Show response
ml314.com/ 644 B
667 B 52ms
27ms Script
application/javascript 34.111.234.236
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=54820&ct=js&pi=&fp=&clid=&if=0&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&pv=1655136010939_1ri5dwvfy&bl=en-us&cb=4318375&return=&ht=&d=&dc=&si=1655136010939_1ri5dwvfy&cid=&s=1600x1200&rp=&v=2.5.1.2
Requested by: Host: ml314.com
URL: https://ml314.com/tag.aspx?135
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 34.111.234.236 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 236.234.111.34.bc.googleusercontent.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 09718ae4e78398f775febd97b27555531fde3a1d8721a04055da05e51bb66e2c

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 16:00:10 GMT
via: 1.1 google
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
p3p: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
cache-control: private
content-type: application/javascript; charset=utf-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 644
expires: 0

GET
H2

200

/
p.adsymptotic.com/d/px/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&time=1655136010944&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&time=1655136010944&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&cookiesTest=true
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7120%26time%3D1655136010944%26url%3Dhttps%253A%252F%252Fwww.fortinet.com%252Fblog...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&time=1655136010944&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&cookiesTest=true...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=7120&time=1655136010944&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&cookiesTest=tru...
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=2ad9347d-e53e-4252-88a5-1159579da603
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=2ad9347d-e53e-4252-88a5-1159579da603&_expected_cookie=ddc62865d84ee1645fffc9b3...

43 B
142 B

49ms
47ms

Image
image/gif

104.18.101.194
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=2ad9347d-e53e-4252-88a5-1159579da603&_expected_cookie=ddc62865d84ee1645fffc9b37f265a2c
Protocol: H2
Server: 104.18.101.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:11 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 71ac09a7bf6c53fb-YYZ
p3p: CP='NON DSP COR CONi OUR BUS CNT'
content-type: image/gif
content-length: 43

Redirect headers

location: https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=2ad9347d-e53e-4252-88a5-1159579da603&_expected_cookie=ddc62865d84ee1645fffc9b37f265a2c
date: Mon, 13 Jun 2022 16:00:11 GMT
cf-cache-status: DYNAMIC
server: cloudflare
cf-ray: 71ac09a76ecb53fb-YYZ
content-length: 0
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"

GET adsct
t.co/i/ 0
0

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
353 B 132ms
43ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=52a5fec1-98c9-4dd2-a8a2-f66d0613eb6f&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=4b8b8165-59a3-43bf-b0c9-a2586d83a29b&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxlzj&type=javascript&version=2.3.20

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-response-time: 6
date: Mon, 13 Jun 2022 16:00:10 GMT
server: tsa_b
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: cef9cbc52c8f640b5f76b8ef1dadd57141411c3eb8d49374985a723de6b92205
content-length: 43

GET adsct
t.co/i/ 0
0

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
199 B 133ms
45ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=add51966-f013-44dd-b17e-10f89dc13fc6&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=4b8b8165-59a3-43bf-b0c9-a2586d83a29b&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o6ezf&type=javascript&version=2.3.20

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-response-time: 7
date: Mon, 13 Jun 2022 16:00:10 GMT
server: tsa_b
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: cef9cbc52c8f640b5f76b8ef1dadd57141411c3eb8d49374985a723de6b92205
content-length: 43

GET adsct
t.co/i/ 0
0

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
195 B 101ms
44ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=62374c48-be34-4992-80d4-8f702446197b&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=4b8b8165-59a3-43bf-b0c9-a2586d83a29b&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o72wb&type=javascript&version=2.3.20

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-response-time: 6
date: Mon, 13 Jun 2022 16:00:10 GMT
server: tsa_b
strict-transport-security: max-age=631138519
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: cef9cbc52c8f640b5f76b8ef1dadd57141411c3eb8d49374985a723de6b92205
content-length: 43

GET
H2

200

adsct
t.co/i/
Redirect Chain

https://marvel-b1-cdn.bc0a.com/f00000000216283/t.co/i/adsct?bci=3&eci=2&event_id=52a5fec1-98c9-4dd2-a8a2-f66d0613eb6f&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=4b8b8...
https://marvel-processor.bc0a.com/snowcloud/v1/api/loadUrl?customer=f00000000216283&url=https://t.co/i/adsct?bci=3&eci=2&event_id=52a5fec1-98c9-4dd2-a8a2-f66d0613eb6f&events=%5B%5B%22pageview%22%2C...
https://t.co/i/adsct?bci=3&eci=2&event_id=52a5fec1-98c9-4dd2-a8a2-f66d0613eb6f&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=4b8b8165-59a3-43bf-b0c9-a2586d83a29b&tw_docu...

43 B
97 B

43ms
43ms

Image
image/gif

104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=52a5fec1-98c9-4dd2-a8a2-f66d0613eb6f&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=4b8b8165-59a3-43bf-b0c9-a2586d83a29b&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxlzj&type=javascript&version=2.3.20

Protocol

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-response-time: 7
date: Mon, 13 Jun 2022 16:00:15 GMT
server: tsa_b
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: de6ba37062de580046ee15dfad82474c3890736c7ec95b058205117faf7458ae
content-length: 43

Redirect headers

pragma: no-cache
date: Mon, 13 Jun 2022 16:00:15 GMT
via: 1.1 google
x-content-type-options: nosniff
location: https://t.co/i/adsct?bci=3&eci=2&event_id=52a5fec1-98c9-4dd2-a8a2-f66d0613eb6f&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=4b8b8165-59a3-43bf-b0c9-a2586d83a29b&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxlzj&type=javascript&version=2.3.20
x-frame-options: DENY
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: 0

GET
H2

200

adsct
t.co/i/
Redirect Chain

https://marvel-b1-cdn.bc0a.com/f00000000216283/t.co/i/adsct?bci=3&eci=2&event_id=add51966-f013-44dd-b17e-10f89dc13fc6&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=4b8b8...
https://marvel-processor.bc0a.com/snowcloud/v1/api/loadUrl?customer=f00000000216283&url=https://t.co/i/adsct?bci=3&eci=2&event_id=add51966-f013-44dd-b17e-10f89dc13fc6&events=%5B%5B%22pageview%22%2C...
https://t.co/i/adsct?bci=3&eci=2&event_id=add51966-f013-44dd-b17e-10f89dc13fc6&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=4b8b8165-59a3-43bf-b0c9-a2586d83a29b&tw_docu...

43 B
336 B

87ms
43ms

Image
image/gif

104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=add51966-f013-44dd-b17e-10f89dc13fc6&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=4b8b8165-59a3-43bf-b0c9-a2586d83a29b&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o6ezf&type=javascript&version=2.3.20

Protocol

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-response-time: 7
date: Mon, 13 Jun 2022 16:00:10 GMT
server: tsa_b
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: de6ba37062de580046ee15dfad82474c3890736c7ec95b058205117faf7458ae
content-length: 43

Redirect headers

pragma: no-cache
date: Mon, 13 Jun 2022 16:00:11 GMT
via: 1.1 google
x-content-type-options: nosniff
location: https://t.co/i/adsct?bci=3&eci=2&event_id=add51966-f013-44dd-b17e-10f89dc13fc6&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=4b8b8165-59a3-43bf-b0c9-a2586d83a29b&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o6ezf&type=javascript&version=2.3.20
x-frame-options: DENY
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: 0

GET
H2

200

adsct
t.co/i/
Redirect Chain

https://marvel-b1-cdn.bc0a.com/f00000000216283/t.co/i/adsct?bci=3&eci=2&event_id=62374c48-be34-4992-80d4-8f702446197b&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=4b8b8...
https://marvel-processor.bc0a.com/snowcloud/v1/api/loadUrl?customer=f00000000216283&url=https://t.co/i/adsct?bci=3&eci=2&event_id=62374c48-be34-4992-80d4-8f702446197b&events=%5B%5B%22pageview%22%2C...
https://t.co/i/adsct?bci=3&eci=2&event_id=62374c48-be34-4992-80d4-8f702446197b&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=4b8b8165-59a3-43bf-b0c9-a2586d83a29b&tw_docu...

43 B
187 B

88ms
45ms

Image
image/gif

104.244.42.5
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=62374c48-be34-4992-80d4-8f702446197b&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=4b8b8165-59a3-43bf-b0c9-a2586d83a29b&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o72wb&type=javascript&version=2.3.20

Protocol

Server

104.244.42.5 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-response-time: 9
date: Mon, 13 Jun 2022 16:00:10 GMT
server: tsa_b
strict-transport-security: max-age=0
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0
x-connection-hash: de6ba37062de580046ee15dfad82474c3890736c7ec95b058205117faf7458ae
content-length: 43

Redirect headers

pragma: no-cache
date: Mon, 13 Jun 2022 16:00:11 GMT
via: 1.1 google
x-content-type-options: nosniff
location: https://t.co/i/adsct?bci=3&eci=2&event_id=62374c48-be34-4992-80d4-8f702446197b&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=4b8b8165-59a3-43bf-b0c9-a2586d83a29b&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o72wb&type=javascript&version=2.3.20
x-frame-options: DENY
access-control-allow-origin: *
cache-control: no-cache, no-store, max-age=0, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 1; mode=block
expires: 0

GET
H3 200 177020962864941 Show response
connect.facebook.net/signals/config/ 290 KB
83 KB 42ms
21ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/177020962864941?v=2.9.62&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6027a7b2e91832593ce25bb4d09729b0cec42247c6a20473cce1ac1b34c21ead

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 84954
x-xss-protection: 0
pragma: public
x-fb-debug: nhoc39tu7r6zH+SYMkp47co4yb0JMgUbhoOp1MFP9yxTzvXwdw9HcBNt+NzAHB9Un/0joPeKVNEBHOgnrMSdew==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 13 Jun 2022 16:00:10 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 0ulh3gex Show response
analytics.inzynk.io/collect/ 171 B
441 B 415ms
157ms Script
text/plain 13.53.253.113
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.inzynk.io/collect/0ulh3gex?izcid=&iztid=&u=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&t=404+Page+Not+Found&p=%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&d=www.fortinet.com&r=
Requested by: Host: tags.inzynk.io
URL: https://tags.inzynk.io/0ulh3gex/iztag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.53.253.113 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-53-253-113.eu-north-1.compute.amazonaws.com
Software: nginx/1.18.0 /
Resource Hash: 80f9a78d522f4ecf761dddffd0156a63a342a5cf4395c9390a3db21cb6659fbc

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:11 GMT
server: nginx/1.18.0
content-length: 171
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: text/plain;charset=ISO-8859-1

GET
H2 200 shell.umd.js Show response
content.adacado.com/productpixel/v1/ 7 KB
3 KB 89ms
27ms Script
application/javascript 151.139.128.11
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://content.adacado.com/productpixel/v1/shell.umd.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games'
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: /
Resource Hash: 6819066323cc1a834af6a68dad73abf3fe200ec556fd0fe953e2620c660686ab

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:11 GMT
via: 1.1 google
x-hw: 1655136011.cds165.dc2.hn,1655136011.cds090.dc2.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 3183

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/609297413/ 2 KB
1 KB 149ms
98ms Script
text/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/609297413/?random=1655136011006&cv=9&fst=1655136011006&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa680&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tiba=404%20Page%20Not%20Found&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a55c31e3eb3614cd77d7a167abd9124ac4254a31764e1459d74a229bf8ece4d0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 16:00:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1089
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/10828733185/ 2 KB
2 KB 88ms
42ms Script
text/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10828733185/?random=1655136011010&cv=9&fst=1655136011010&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa680&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tiba=404%20Page%20Not%20Found&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

a9a73c35e45c1c0786d95feb5d4963b70b5c3977835f7a69ed82538013727e95

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 16:00:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1078
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/662878185/ 2 KB
1 KB 92ms
48ms Script
text/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/662878185/?random=1655136011012&cv=9&fst=1655136011012&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa680&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tiba=404%20Page%20Not%20Found&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

027ef726455285067bd85d0ad82df58e490227db4e8df2d7fbc84ec2d196c165

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 16:00:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1075
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/631698094/ 2 KB
1 KB 105ms
100ms Script
text/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/631698094/?random=1655136011013&cv=9&fst=1655136011013&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635471&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa680&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tiba=404%20Page%20Not%20Found&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

e3bb44cef189e79c6966430735e24f2945deb7799a1535661996c8b7e1647a2f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 16:00:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1087
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 pixel Show response
bid.g.doubleclick.net/xbbe/ Frame FBCD 0
683 B 94ms
42ms Document
text/html 172.253.122.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://bid.g.doubleclick.net/xbbe/pixel?d=KAE

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.122.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f155.1e100.net

Software

cafe /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 13 Jun 2022 16:00:11 GMT
expires: Mon, 13 Jun 2022 16:00:11 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/729495989/ 2 KB
1 KB 46ms
43ms Script
text/javascript 2607:f8b0:4006:80f::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/729495989/?random=1655136011020&cv=9&fst=1655136011020&num=1&bg=ffffff&guid=ON&resp=GooglemKTybQhCsO&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa680&sendb=1&ig=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tiba=404%20Page%20Not%20Found&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80f::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6f8f5d87bfa866469f7e4d6445f1dc200191b3a99c9a9083d521d7e66ed9c69d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 16:00:11 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
content-type: text/javascript; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 1087
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 / Show response
adservice.google.com/ddm/fls/i/dc_pre=CNjU7Y_mqvgCFeuHgwgdYyoEgw;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games';dc_l... Frame 0157 649 B
941 B 132ms
84ms Document
text/html 2607:f8b0:4006:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://adservice.google.com/ddm/fls/i/dc_pre=CNjU7Y_mqvgCFeuHgwgdYyoEgw;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games';dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=4581714027837.542;~oref=https://www.fortinet.com/

Requested by

Host: 10104846.fls.doubleclick.net
URL: https://10104846.fls.doubleclick.net/activityi;dc_pre=CNjU7Y_mqvgCFeuHgwgdYyoEgw;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games';dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=4581714027837.542?

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:808::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

123be734ac80a896c91d7280f7759d0590fac19bd37816c58fb3d0fdc8725f3d

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10104846.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-encoding: gzip
content-length: 472
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 13 Jun 2022 16:00:11 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H/1.1 200
OK ibs:dpid=22052&dpuuid=3627897030091210845&redir=
dpm.demdex.net/ 42 B
943 B 28ms
26ms Image
image/gif 35.171.54.31
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3627897030091210845&redir=

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

35.171.54.31 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-35-171-54-31.compute-1.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

DCS: dcs-prod-va6-1-v034-05066d541.edge-va6.demdex.com UNKNOWN
Pragma: no-cache
Strict-Transport-Security: max-age=31536000; includeSubDomains
content-encoding: gzip
X-Content-Type-Options: nosniff
X-TID: 6Gw1eo8mSgc=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 59
Expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3

200

csync.ashx
ml314.com/
Redirect Chain

https://idsync.rlcdn.com/395886.gif?partner_uid=3627897030091210845
https://idsync.rlcdn.com/1000.gif?memo=CO6UGBIeChoIARCuXxoTMzYyNzg5NzAzMDA5MTIxMDg0NRAAGg0Ii76dlQYSBQjoBxAAQgBKAA
https://ml314.com/csync.ashx?fp=f0dc0fa7febeb66b2a7bce6b0dc11e7c0cebdb695284cb813143cd2dc2d53494f4cb09cee1a4f8eb&person_id=3627897030091210845&eid=50082

43 B
60 B

57ms
56ms

Image
image/gif

34.111.234.236
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/csync.ashx?fp=f0dc0fa7febeb66b2a7bce6b0dc11e7c0cebdb695284cb813143cd2dc2d53494f4cb09cee1a4f8eb&person_id=3627897030091210845&eid=50082
Protocol: H3
Server: 34.111.234.236 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 236.234.111.34.bc.googleusercontent.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:11 GMT
via: 1.1 google
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: image/gif
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Tue, 14 Jun 2022 12:00:11 GMT

Redirect headers

date: Mon, 13 Jun 2022 16:00:11 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://ml314.com/csync.ashx?fp=f0dc0fa7febeb66b2a7bce6b0dc11e7c0cebdb695284cb813143cd2dc2d53494f4cb09cee1a4f8eb&person_id=3627897030091210845&eid=50082
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

utsync.ashx
ml314.com/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=d0tro1j&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=d0tro1j&ttd_tpi=1
https://ml314.com/utsync.ashx?eid=53819&et=0&fp=dc2e87ff-a69f-46af-af9a-9feac3bb92e2&gdpr=0&gdpr_consent=

43 B
64 B

28ms
27ms

Image
image/gif

34.111.234.236
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/utsync.ashx?eid=53819&et=0&fp=dc2e87ff-a69f-46af-af9a-9feac3bb92e2&gdpr=0&gdpr_consent=
Protocol: H3
Server: 34.111.234.236 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 236.234.111.34.bc.googleusercontent.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 16:00:11 GMT
via: 1.1 google
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
p3p: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
cache-control: private
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: 0,Tue, 14 Jun 2022 12:00:11 GMT

Redirect headers

pragma: no-cache
date: Mon, 13 Jun 2022 16:00:11 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://ml314.com/utsync.ashx?eid=53819&et=0&fp=dc2e87ff-a69f-46af-af9a-9feac3bb92e2&gdpr=0&gdpr_consent=
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 241

GET
H3

200

csync.ashx
ml314.com/
Redirect Chain

https://sync.crwdcntrl.net/map/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3627897030091210845
https://sync.crwdcntrl.net/map/ct=y/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3627897030091210845
https://ml314.com/csync.ashx?fp=e191523a075f1045c306776579d60f4a&eid=50146&person_id=3627897030091210845

43 B
60 B

28ms
28ms

Image
image/gif

34.111.234.236
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/csync.ashx?fp=e191523a075f1045c306776579d60f4a&eid=50146&person_id=3627897030091210845
Protocol: H3
Server: 34.111.234.236 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 236.234.111.34.bc.googleusercontent.com
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:10 GMT
via: 1.1 google
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: image/gif
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Tue, 14 Jun 2022 12:00:11 GMT

Redirect headers

pragma: no-cache
date: Mon, 13 Jun 2022 16:00:11 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://ml314.com/csync.ashx?fp=e191523a075f1045c306776579d60f4a&eid=50146&person_id=3627897030091210845
cache-control: no-cache
x-server: 10.40.11.200
content-length: 0
expires: 0

GET
H/1.1

200
OK

match
ps.eyeota.net/
Redirect Chain

https://ps.eyeota.net/pixel?pid=r8hrb20&t=gif
https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif
https://ml314.com/utsync.ashx?eid=50052&et=0&fp=2IzZb1o6g8t0WAmbw8Bxo5IV9CvvikcGWPIBHYcrjM7Q&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3Dr8hrb20%26uid%3Dnil%26referrer_p...
https://ml314.com/csync.ashx?fp=2IzZb1o6g8t0WAmbw8Bxo5IV9CvvikcGWPIBHYcrjM7Q&person_id=3627897030091210845&eid=50052&return=https%3a%2f%2fps.eyeota.net%2fmatch%3fbid%3dr8hrb20%26uid%3dnil%26referre...
https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20

70 B
440 B

24ms
24ms

Image
image/gif

34.197.192.192
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20
Protocol: HTTP/1.1
Server: 34.197.192.192 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-197-192-192.compute-1.amazonaws.com
Software: /
Resource Hash: de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Mon, 13 Jun 2022 16:00:11 GMT
Content-Type: image/gif
Content-Length: 70
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

date: Mon, 13 Jun 2022 16:00:10 GMT
via: 1.1 google
server: Microsoft-IIS/10.0
x-aspnet-version: 4.0.30319
x-powered-by: ASP.NET
content-type: text/html; charset=utf-8
location: https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20
cache-control: private
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 193
expires: Tue, 14 Jun 2022 12:00:11 GMT

GET
H2 200 7OBVBCAQE5FHDPFEAD5T4D Show response
d.adroll.com/consent/check/ 440 B
908 B 97ms
24ms Script
application/javascript 3.91.118.171
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/7OBVBCAQE5FHDPFEAD5T4D?arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&_s=2f628545cda6b7e110d8e37aaec08926&_b=2
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.91.118.171 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-91-118-171.compute-1.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: 2268974385beeee92bd980a3ae3a927f2d9cbe40353cadb9e6bac62cfd0be401

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 16:00:11 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.20.0
content-type: application/javascript
content-length: 440
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2 200 /
www.facebook.com/tr/ 44 B
407 B 59ms
18ms Image
image/gif 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=177020962864941&ev=PageView&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&rl=&if=false&ts=1655136011061&sw=1600&sh=1200&v=2.9.62&r=stable&ec=0&o=30&fbp=fb.1.1655136011058.1369320596&it=1655136010961&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:11 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length: 44
expires: Mon, 13 Jun 2022 16:00:11 GMT

GET
H2 200 prpx.umd.js Show response
content.adacado.com/productpixel/v1/ 22 KB
8 KB 338ms
36ms Script
application/javascript 151.139.128.11
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://content.adacado.com/productpixel/v1/prpx.umd.js
Requested by: Host: content.adacado.com
URL: https://content.adacado.com/productpixel/v1/shell.umd.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: /
Resource Hash: b5a0a4da7164990a96124bd86c139ee6b3634455d2949320eb299471024d9f15

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:11 GMT
via: 1.1 google
x-hw: 1655136011.cds165.dc2.hn,1655136011.cds042.dc2.c
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=3600
accept-ranges: bytes
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 7651

GET
H2 200 default Show response
content.adacado.com/advertiser/v1/pixel/61382/dspcentro/ 0
261 B 428ms
68ms Fetch
application/octet-stream 151.139.128.11
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://content.adacado.com/advertiser/v1/pixel/61382/dspcentro/default
Requested by: Host: content.adacado.com
URL: https://content.adacado.com/productpixel/v1/shell.umd.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:11 GMT
via: 1.1 google
x-hw: 1655136011.cds179.dc2.hn,1655136011.cds069.dc2.sc,1655136011.cds069.dc2.p
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 default Show response
content.adacado.com/advertiser/v1/pixel/61382/facebook/ 0
83 B 746ms
387ms Fetch
application/octet-stream 151.139.128.11
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://content.adacado.com/advertiser/v1/pixel/61382/facebook/default
Requested by: Host: content.adacado.com
URL: https://content.adacado.com/productpixel/v1/shell.umd.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:11 GMT
via: 1.1 google
x-hw: 1655136011.cds179.dc2.hn,1655136011.cds207.dc2.sc,1655136011.cds207.dc2.p
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
accept-ranges: bytes
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2 200 /
www.google.com/pagead/1p-user-list/10828733185/ 42 B
548 B 88ms
38ms Image
image/gif 2607:f8b0:4006:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/10828733185/?random=1655136011010&cv=9&fst=1655136000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa680&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tiba=404%20Page%20Not%20Found&async=1&fmt=3&is_vtc=1&random=2450407365&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2004 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 16:00:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.ca/pagead/1p-user-list/10828733185/ 42 B
108 B 89ms
40ms Image
image/gif 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/10828733185/?random=1655136011010&cv=9&fst=1655136000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa680&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tiba=404%20Page%20Not%20Found&async=1&fmt=3&is_vtc=1&random=2450407365&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 16:00:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/662878185/ 42 B
108 B 44ms
42ms Image
image/gif 2607:f8b0:4006:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/662878185/?random=1655136011012&cv=9&fst=1655136000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa680&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tiba=404%20Page%20Not%20Found&async=1&fmt=3&is_vtc=1&random=3384800143&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2004 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 16:00:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.ca/pagead/1p-user-list/662878185/ 42 B
548 B 79ms
39ms Image
image/gif 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/662878185/?random=1655136011012&cv=9&fst=1655136000000&num=1&bg=ffffff&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa680&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tiba=404%20Page%20Not%20Found&async=1&fmt=3&is_vtc=1&random=3384800143&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 16:00:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/729495989/ 42 B
108 B 42ms
41ms Image
image/gif 2607:f8b0:4006:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/729495989/?random=1655136011020&cv=9&fst=1655136000000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa680&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tiba=404%20Page%20Not%20Found&async=1&fmt=3&is_vtc=1&random=1173242324&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2004 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 16:00:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.ca/pagead/1p-user-list/729495989/ 42 B
108 B 45ms
39ms Image
image/gif 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/729495989/?random=1655136011020&cv=9&fst=1655136000000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa680&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tiba=404%20Page%20Not%20Found&async=1&fmt=3&is_vtc=1&random=1173242324&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 16:00:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/ Show response
10104846.fls.doubleclick.net/ddm/fls/r/dc_pre=CNjU7Y_mqvgCFeuHgwgdYyoEgw;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-gam... Frame 2148
Redirect Chain

https://adservice.google.ca/ddm/fls/i/dc_pre=CNjU7Y_mqvgCFeuHgwgdYyoEgw;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-game...
https://10104846.fls.doubleclick.net/ddm/fls/r/dc_pre=CNjU7Y_mqvgCFeuHgwgdYyoEgw;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-oly...

1 KB
570 B

42ms
42ms

Document
text/html

142.250.65.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10104846.fls.doubleclick.net/ddm/fls/r/dc_pre=CNjU7Y_mqvgCFeuHgwgdYyoEgw;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games';dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=4581714027837.542;~oref=https://www.fortinet.com/

Requested by

Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CNjU7Y_mqvgCFeuHgwgdYyoEgw;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games';dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=4581714027837.542;~oref=https://www.fortinet.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f6.1e100.net

Software

cafe /

Resource Hash

963957e50ce51ed09719da230e6033bcd6bc3cac8b5e12a168179d759e7d61e1

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://adservice.google.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: gzip
content-length: 547
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 13 Jun 2022 16:00:11 GMT
expires: Mon, 13 Jun 2022 16:00:11 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 13 Jun 2022 16:00:11 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
location: https://10104846.fls.doubleclick.net/ddm/fls/r/dc_pre=CNjU7Y_mqvgCFeuHgwgdYyoEgw;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games';dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=4581714027837.542;~oref=https://www.fortinet.com/
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
pragma: no-cache
server: cafe
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 /
www.google.com/pagead/1p-user-list/609297413/ 42 B
108 B 39ms
38ms Image
image/gif 2607:f8b0:4006:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/609297413/?random=1655136011006&cv=9&fst=1655136000000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa680&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tiba=404%20Page%20Not%20Found&async=1&fmt=3&is_vtc=1&random=3705322154&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2004 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 16:00:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.ca/pagead/1p-user-list/609297413/ 42 B
108 B 44ms
41ms Image
image/gif 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/609297413/?random=1655136011006&cv=9&fst=1655136000000&num=1&bg=ffffff&guid=ON&eid=376635470&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa680&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tiba=404%20Page%20Not%20Found&async=1&fmt=3&is_vtc=1&random=3705322154&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 16:00:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.com/pagead/1p-user-list/631698094/ 42 B
108 B 40ms
40ms Image
image/gif 2607:f8b0:4006:80b::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/631698094/?random=1655136011013&cv=9&fst=1655136000000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa680&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tiba=404%20Page%20Not%20Found&async=1&fmt=3&is_vtc=1&random=3129263264&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:80b::2004 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 16:00:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.ca/pagead/1p-user-list/631698094/ 42 B
108 B 39ms
39ms Image
image/gif 2607:f8b0:4006:820::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/631698094/?random=1655136011013&cv=9&fst=1655136000000&num=1&bg=ffffff&guid=ON&eid=376635471&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&gtm=2oa680&sendb=1&data=event%3Dgtag.config&frm=0&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tiba=404%20Page%20Not%20Found&async=1&fmt=3&is_vtc=1&random=3129263264&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:820::2003 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 16:00:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
content-security-policy: script-src 'none'; object-src 'none'
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

VGLVDYA6GRASZMUSTHUV5D.js Show response
s.adroll.com/pixel/7OBVBCAQE5FHDPFEAD5T4D/GIVUJ77KRNF4LOPGYJ6RS5/
Redirect Chain

https://d.adroll.com/pixel/7OBVBCAQE5FHDPFEAD5T4D/GIVUJ77KRNF4LOPGYJ6RS5?adroll_fpc=1fc58e6b60021ff37a9f44b70c90439a-1655136011205&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fw...
https://s.adroll.com/pixel/7OBVBCAQE5FHDPFEAD5T4D/GIVUJ77KRNF4LOPGYJ6RS5/VGLVDYA6GRASZMUSTHUV5D.js

10 KB
3 KB

19ms
19ms

Script
text/javascript

2600:9000:2209:d800:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/pixel/7OBVBCAQE5FHDPFEAD5T4D/GIVUJ77KRNF4LOPGYJ6RS5/VGLVDYA6GRASZMUSTHUV5D.js
Protocol: HTTP/1.1
Server: 2600:9000:2209:d800:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 312f45f8763af6649dda99f778252e993591f45b5bdbab087953f751fb987dae

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

X-Amz-Version-Id: KHV3E_OjNgE0upltEL0PBgYJYL85.bCg
Content-Encoding: gzip
Etag: W/"65c05ee71752b85355035c46374841be"
Age: 2961
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Vary: Accept-Encoding
Via: 1.1 11140291d542e546b40770525cf1e1b4.cloudfront.net (CloudFront)
Last-Modified: Mon, 06 Jun 2022 21:39:33 GMT
Server: AmazonS3
Date: Mon, 13 Jun 2022 15:12:27 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: EWR53-P1
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: Qk8hJqhT2ApttXW7Uht5o6P2fgWBXlN5io9LtWraM3LLruhl7Io1YQ==

Redirect headers

date: Mon, 13 Jun 2022 16:00:11 GMT
x-segment-display-name: Visitors to Unsegmented Pages
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
x-rule-type: p
content-length: 0
pragma: no-cache
x-conversion-value: 0.00
server: nginx/1.20.0
x-rule: *
x-segment-eid: VGLVDYA6GRASZMUSTHUV5D
location: https://s.adroll.com/pixel/7OBVBCAQE5FHDPFEAD5T4D/GIVUJ77KRNF4LOPGYJ6RS5/VGLVDYA6GRASZMUSTHUV5D.js
cache-control: no-store, no-cache, must-revalidate
x-pixel-eid: GIVUJ77KRNF4LOPGYJ6RS5
x-segment-name: *
x-advertisable-eid: 7OBVBCAQE5FHDPFEAD5T4D
x-conversion-currency

GET
H/1.1 200
OK st Show response
px.mountain.com/ 2 KB
1 KB 685ms
425ms Script
application/javascript 44.235.191.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://px.mountain.com/st?ga_tracking_id=UA-767980-1&ga_client_id=656264877.1655136010&shpt=404%20Page%20Not%20Found&ga_info=%7B%22status%22%3A%22OK%22%2C%22ga_tracking_id%22%3A%22UA-767980-1%22%2C%22ga_client_id%22%3A%22656264877.1655136010%22%2C%22shpt%22%3A%22404%20Page%20Not%20Found%22%2C%22dcm_cid%22%3A%22656264877.1655136010%22%2C%22dcm_gid%22%3A%221031228593.1655136010%22%2C%22ga_gclid%22%3A%22656264877.1655136010%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A1%2C%22getClientIdByGA%22%3A%22OK%22%2C%22ga_gclid%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%2C%22dcm_gid%22%3A%22OK%22%7D%7D&dcm_cid=656264877.1655136010&dcm_gid=1031228593.1655136010&dxver=4.0.0&shaid=32336&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&cb=98889178096518800term%3Dvalue&shadditional=sh_conversion%3DSHBLOCK%2Cgoogletagmanager%3Dtrue%2Cadroll%3Dtrue&shoid=656264877.1655136010
Requested by: Host: dx.mountain.com
URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=32336&tdr=&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&cb=98889178096518800term=value
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.235.191.156 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-235-191-156.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 60a1ab93c577a6f7d303ae60d919d098081459b50f590d411bf4da9fa6055116

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 13 Jun 2022 16:00:11 GMT
content-encoding: gzip
connection: close
p3p: CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
content-type: application/javascript;charset=utf-8

GET
H/1.1 200
OK sendrolling.js Show response
s.adroll.com/j/ 9 KB
3 KB 20ms
19ms Script
application/javascript 2600:9000:2209:d800:6:9280:1080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/sendrolling.js
Requested by: Host: d.adroll.com
URL: https://d.adroll.com/pixel/7OBVBCAQE5FHDPFEAD5T4D/GIVUJ77KRNF4LOPGYJ6RS5?adroll_fpc=1fc58e6b60021ff37a9f44b70c90439a-1655136011205&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&pv=99038950719.55202&cookie=&adroll_s_ref=&keyw=
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2209:d800:6:9280:1080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 8b4fb78c5e5599a29f86d20a29d4f69e3ed0654547b1a595cf038ee0553b58d2

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

X-Amz-Version-Id: ZF339xBDqZ1K9SKXIggpL0GW25oAXt0X
Content-Encoding: gzip
Etag: W/"156295addf985cb637d7863ee802fd77"
Age: 261
X-Amz-Server-Side-Encryption: AES256
Transfer-Encoding: chunked
X-Cache: Hit from cloudfront
Connection: keep-alive
Vary: Accept-Encoding
Via: 1.1 11140291d542e546b40770525cf1e1b4.cloudfront.net (CloudFront)
Last-Modified: Mon, 11 Apr 2022 15:24:31 GMT
Server: AmazonS3
Date: Mon, 13 Jun 2022 15:55:51 GMT
Access-Control-Max-Age: 600
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, must-revalidate
Access-Control-Allow-Credentials: false
X-Amz-Cf-Pop: EWR53-P1
Access-Control-Allow-Headers: *
X-Amz-Cf-Id: wxEw_Dwkfal990UCy3D4BkcmdIPg5KBXHCrMcZPsStC0pAYFAF8rTw==

GET
H3 200 719861091558308 Show response
connect.facebook.net/signals/config/ 289 KB
83 KB 21ms
21ms Script
application/x-javascript 2a03:2880:f012:10c:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/719861091558308?v=2.9.62&r=stable

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f012:10c:face:b00c:0:3 Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

6187a263d8618abbe61c80b203af5bdd91fb9ee51557612b3856eaa5a87f0747

Security Headers

Name	Value
Content-Security-Policy	default-src * data: blob: 'self';script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1: 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy: default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding: gzip
x-content-type-options: nosniff
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length: 84894
x-xss-protection: 0
pragma: public
x-fb-debug: y1t0Zk1PkRx3vmhwuEG6MENAntdba8yXLoXTwHeyDKJuF5YkO0aGfecjzHq8EiWBGbMLIww5si1t8XmaHr9Ogg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: DENY
date: Mon, 13 Jun 2022 16:00:11 GMT
strict-transport-security: max-age=31536000; preload; includeSubDomains
report-to: {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding
cache-control: public, max-age=1200
x-fb-rlafr: 0
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET /
px.ads.linkedin.com/collect/ 0
0

GET
H/1.1

200
OK

sync
x.bidswitch.net/ul_cb/
Redirect Chain

https://d.adroll.com/cm/b/out?adroll_fpc=1fc58e6b60021ff37a9f44b70c90439a-1655136011205&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&...
https://x.bidswitch.net/sync?dsp_id=44&user_id=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM
https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM

43 B
510 B

36ms
35ms

Image
image/gif

35.211.178.172
GOOGLE-2

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM
Protocol: HTTP/1.1
Server: 35.211.178.172 North Charleston, United States, ASN19527 (GOOGLE-2, US),
Reverse DNS: 172.178.211.35.bc.googleusercontent.com
Software: nginx /
Resource Hash: 548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Mon, 13 Jun 2022 16:00:11 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 43
Content-Type: image/gif

Redirect headers

Location: https://x.bidswitch.net/ul_cb/sync?dsp_id=44&user_id=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM
Date: Mon, 13 Jun 2022 16:00:11 GMT
Cache-Control: no-cache, no-store, must-revalidate
Server: nginx
Connection: keep-alive
Content-Length: 0

GET
H2

200

in
d.adroll.com/cm/g/
Redirect Chain

https://d.adroll.com/cm/g/out?adroll_fpc=1fc58e6b60021ff37a9f44b70c90439a-1655136011205&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&...
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=qC3q4-hCu24nHTxDL7aKkw
https://d.adroll.com/cm/g/in

42 B
536 B

30ms
29ms

Image
image/gif

3.91.118.171
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/g/in
Protocol: H2
Server: 3.91.118.171 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-91-118-171.compute-1.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 16:00:11 GMT
server: nginx/1.20.0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-store, no-cache, must-revalidate
content-type: image/gif
content-length: 42
x-result: g.-1.-1.-1

Redirect headers

pragma: no-cache
date: Mon, 13 Jun 2022 16:00:11 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://d.adroll.com/cm/g/in
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 225
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1

200
OK

rum
dsum-sec.casalemedia.com/
Redirect Chain

https://d.adroll.com/cm/index/out?adroll_fpc=1fc58e6b60021ff37a9f44b70c90439a-1655136011205&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games...
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM&expiration=1686672011
https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM&expiration=1686672011&C=1

43 B
781 B

28ms
28ms

Image
image/gif

104.118.9.53
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dsum-sec.casalemedia.com/rum?cm_dsp_id=105&external_user_id=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM&expiration=1686672011&C=1
Protocol: HTTP/1.1
Server: 104.118.9.53 New York, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a104-118-9-53.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 13 Jun 2022 16:00:11 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
Expires: Mon, 13 Jun 2022 16:00:11 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 13 Jun 2022 16:00:11 GMT
Server: Apache
P3p: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: /rum?cm_dsp_id=105&external_user_id=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM&expiration=1686672011&C=1
Cache-Control: max-age=0, no-cache, no-store
Connection: keep-alive
Content-Length: 0
Expires: Mon, 13 Jun 2022 16:00:11 GMT

GET
H3

200

458249.gif
idsync.rlcdn.com/
Redirect Chain

https://d.adroll.com/cm/l/out?adroll_fpc=1fc58e6b60021ff37a9f44b70c90439a-1655136011205&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&...
https://idsync.rlcdn.com/377928.gif?partner_uid=a82deae3e842bb6e271d3c432fb68a93
https://pippio.com/api/sync?pid=5324&it=1&iv=ee7984c2af827a449e49bd19c494d2d921c1e30dcfb21181030dcae326618e48791426b5417dce21&_=2
https://cm.g.doubleclick.net/pixel?google_nid=pippio_dmp&google_cm&google_no_sc&m=CMwpElsKVwgBEJInGlBlZTc5ODRjMmFmODI3YTQ0OWU0OWJkMTljNDk0ZDJkOTIxYzFlMzBkY2ZiMjExODEwMzBkY2FlMzI2NjE4ZTQ4NzkxNDI2YjU...
https://pippio.com/api/sync/ddp?pid=2&m=CMwpElsKVwgBEJInGlBlZTc5ODRjMmFmODI3YTQ0OWU0OWJkMTljNDk0ZDJkOTIxYzFlMzBkY2ZiMjExODEwMzBkY2FlMzI2NjE4ZTQ4NzkxNDI2YjU0MTdkY2UyMRAAGgwIi76dlQYSBAgCEABCAEoA&goog...
https://tags.rd.linksynergy.com/rcs?ns=lr&uid3=
https://idsync.rlcdn.com/458249.gif?partner_uid=64bc46fb-536d-432d-830e-fc3132682ac7

42 B
60 B

357ms
357ms

Image
image/gif

35.190.60.146
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://idsync.rlcdn.com/458249.gif?partner_uid=64bc46fb-536d-432d-830e-fc3132682ac7
Protocol: H3
Server: 35.190.60.146 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 146.60.190.35.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

timing-allow-origin: *
date: Mon, 13 Jun 2022 16:00:12 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

location: https://idsync.rlcdn.com/458249.gif?partner_uid=64bc46fb-536d-432d-830e-fc3132682ac7
date: Mon, 13 Jun 2022 16:00:11 GMT
via: 1.1 google
x-samesite: secure
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 111
content-type: text/html; charset=utf-8

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://d.adroll.com/cm/n/out?adroll_fpc=1fc58e6b60021ff37a9f44b70c90439a-1655136011205&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&...
https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM&expires=365

42 B
798 B

186ms
25ms

Image
image/gif

69.173.151.100
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM&expires=365
Protocol: HTTP/1.1
Server: 69.173.151.100 , United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma: no-cache
Expires: 0
Cache-Control: no-cache,no-store,must-revalidate
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
content-length: 42
X-RPHost: b5ba23d75d0dcd35432b720d73e3149b
Content-Type: image/gif

Redirect headers

location: https://pixel.rubiconproject.com/tap.php?v=194538&nid=3644&put=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM&expires=365
pragma: no-cache
date: Mon, 13 Jun 2022 16:00:11 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.20.0
content-length: 124
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H3

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://d.adroll.com/cm/o/out?adroll_fpc=1fc58e6b60021ff37a9f44b70c90439a-1655136011205&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&...
https://us-u.openx.net/w/1.0/sd?id=537103138&val=a82deae3e842bb6e271d3c432fb68a93&gdpr=0&gdpr_consent=
https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=a82deae3e842bb6e271d3c432fb68a93&gdpr=0&gdpr_consent=

43 B
61 B

65ms
40ms

Image
image/gif

34.98.64.218
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=a82deae3e842bb6e271d3c432fb68a93&gdpr=0&gdpr_consent=
Protocol: H3
Server: 34.98.64.218 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 218.64.98.34.bc.googleusercontent.com
Software: OXGW/7f1e280 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 16:00:11 GMT
via: 1.1 google
server: OXGW/7f1e280
vary: Accept
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

location: https://us-u.openx.net/w/1.0/sd?cc=1&id=537103138&val=a82deae3e842bb6e271d3c432fb68a93&gdpr=0&gdpr_consent=
date: Mon, 13 Jun 2022 16:00:11 GMT
via: 1.1 google
server: OXGW/7f1e280
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
p3p: CP="CUR ADM OUR NOR STA NID"

GET
H/1.1

200
OK

cookie-sync
sync.outbrain.com/
Redirect Chain

https://d.adroll.com/cm/outbrain/out?adroll_fpc=1fc58e6b60021ff37a9f44b70c90439a-1655136011205&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-ga...
https://sync.outbrain.com/cookie-sync?p=adroll&uid=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM

0
477 B

114ms
21ms

Image
text/plain

70.42.32.223
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.outbrain.com/cookie-sync?p=adroll&uid=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM
Protocol: HTTP/1.1
Server: 70.42.32.223 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS: ny.outbrain.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Mon, 13 Jun 2022 16:00:11 GMT
Cache-Control: no-cache
X-TraceId: c3ee837508f66e8aea5cf2e795904eb7
Content-Length: 0

Redirect headers

location: https://sync.outbrain.com/cookie-sync?p=adroll&uid=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM
pragma: no-cache
date: Mon, 13 Jun 2022 16:00:11 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.20.0
content-length: 100
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2

200

Pug
image2.pubmatic.com/AdServer/
Redirect Chain

https://d.adroll.com/cm/pubmatic/out?adroll_fpc=1fc58e6b60021ff37a9f44b70c90439a-1655136011205&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-ga...
https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXy...

42 B
493 B

99ms
34ms

Image
image/gif

8.28.7.83
AS-PUBMATIC

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
Protocol: H2
Server: 8.28.7.83 , United States, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software: nginx /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:11 GMT
cache-control: no-store, no-cache, private
server: nginx
content-type: image/gif; charset=utf-8
content-length: 42
p3p: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"

Redirect headers

location: https://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTMzMDYmdGw9MTI5NjAw&piggybackCookie=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM&gdpr=0&gdpr_consent=BOOoKswOOoKswA2ABBENAkwAAAAXyACACYAIIA
pragma: no-cache
date: Mon, 13 Jun 2022 16:00:11 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.20.0
content-length: 212
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2

204

v1
ads.yahoo.com/cms/
Redirect Chain

https://d.adroll.com/cm/r/out?adroll_fpc=1fc58e6b60021ff37a9f44b70c90439a-1655136011205&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&...
https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

0
194 B

84ms
33ms

Image
text/plain

2001:4998:1c:800::1000
YAHOO

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA

Protocol

Server

2001:4998:1c:800::1000 , United States, ASN14779 (YAHOO, US),

Reverse DNS

Software

ATS /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:11 GMT
cache-control: no-store
x-content-type-options: nosniff
server: ATS
strict-transport-security: max-age=15552000
expect-ct: max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection: 1; mode=block

Redirect headers

location: https://ads.yahoo.com/cms/v1?esig=1~bf4e7dc4546a90c08591652d78a230d3f2ef5733&nwid=10001032567&sigv=1&gdpr=0&gdpr_consent=BOOla_OOOla_OA2ABBENAkwAAAAXyACAAyAIIA
pragma: no-cache
date: Mon, 13 Jun 2022 16:00:11 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.20.0
content-length: 165
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2

204

rtb-h
sync.taboola.com/sg/adroll-network/1/
Redirect Chain

https://d.adroll.com/cm/taboola/out?adroll_fpc=1fc58e6b60021ff37a9f44b70c90439a-1655136011205&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-gam...
https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM

0
222 B

75ms
27ms

Image
text/plain

141.226.224.48
TABOOLA-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM
Protocol: H2
Server: 141.226.224.48 , United States, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:11 GMT
access-control-allow-credentials: true
server: nginx
x-fastly-to-nlb-rtt: 17310

Redirect headers

location: https://sync.taboola.com/sg/adroll-network/1/rtb-h?taboola_hm=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM
pragma: no-cache
date: Mon, 13 Jun 2022 16:00:11 GMT
cache-control: no-store, no-cache, must-revalidate
server: nginx/1.20.0
content-length: 111
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"

GET
H2

200

xuid
eb2.3lift.com/
Redirect Chain

https://d.adroll.com/cm/triplelift/out?adroll_fpc=1fc58e6b60021ff37a9f44b70c90439a-1655136011205&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-...
https://eb2.3lift.com/xuid?mid=4714&xuid=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM&dongle=c85e
https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM&dongle=c85e&gdpr=0&cmp_cs=&us_privacy=

37 B
354 B

34ms
33ms

Image
image/gif

35.71.139.29
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?ld=1&mid=4714&xuid=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM&dongle=c85e&gdpr=0&cmp_cs=&us_privacy=
Protocol: H2
Server: 35.71.139.29 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: afb83dd09526a6517.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:11 GMT
cache-control: no-cache, no-store, must-revalidate
content-type: image/gif
content-length: 37
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location: /xuid?ld=1&mid=4714&xuid=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM&dongle=c85e&gdpr=0&cmp_cs=&us_privacy=
date: Mon, 13 Jun 2022 16:00:11 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H/1.1

200
OK

bounce
ib.adnxs.com/
Redirect Chain

https://d.adroll.com/cm/x/out?adroll_fpc=1fc58e6b60021ff37a9f44b70c90439a-1655136011205&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&...
https://ib.adnxs.com/setuid?entity=172&code=YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DYTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM

43 B
1 KB

47ms
47ms

Image
image/gif

68.67.178.15
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DYTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM

Protocol

HTTP/1.1

Server

68.67.178.15 Secaucus, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

633.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.21.3 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Pragma: no-cache
Date: Mon, 13 Jun 2022 16:00:11 GMT
X-Proxy-Origin: 149.56.153.189; 149.56.153.189; 633.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: d2d620d9-60b9-4548-9390-3614263d81b9
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin: *
Cache-Control: no-store, no-cache, private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: image/gif
Content-Length: 43
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma: no-cache
Date: Mon, 13 Jun 2022 16:00:11 GMT
X-Proxy-Origin: 149.56.153.189; 149.56.153.189; 633.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
AN-X-Request-Uuid: e35bbe21-fd6d-45d9-a9b5-bb446291c53e
Server: nginx/1.21.3
P3P: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D172%26code%3DYTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM
Cache-Control: no-store, no-cache, private
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Content-Length: 0
X-XSS-Protection: 0
Expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

in
d.adroll.com/cm/g/
Redirect Chain

https://d.adroll.com/cm/g/out?adroll_fpc=1fc58e6b60021ff37a9f44b70c90439a-1655136011205&arrfrr=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&...
https://cm.g.doubleclick.net/pixel?google_sc&google_nid=artb&google_hm=qC3q4-hCu24nHTxDL7aKkw
https://d.adroll.com/cm/g/in

42 B
536 B

31ms
30ms

Image
image/gif

3.91.118.171
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/cm/g/in
Protocol: H2
Server: 3.91.118.171 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-91-118-171.compute-1.amazonaws.com
Software: nginx/1.20.0 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 16:00:11 GMT
server: nginx/1.20.0
p3p: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
cache-control: no-store, no-cache, must-revalidate
content-type: image/gif
content-length: 42
x-result: g.-1.-1.-1

Redirect headers

pragma: no-cache
date: Mon, 13 Jun 2022 16:00:11 GMT
server: HTTP server (unknown)
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location: https://d.adroll.com/cm/g/in
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: text/html; charset=UTF-8
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 225
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2

200

/
p.adsymptotic.com/d/px/
Redirect Chain

https://marvel-b1-cdn.bc0a.com/f00000000216283/px.ads.linkedin.com/collect/?pid=2148604&fmt=gif
https://marvel-processor.bc0a.com/snowcloud/v1/api/loadUrl?customer=f00000000216283&url=https://px.ads.linkedin.com/collect/?pid=2148604&fmt=gif
https://px.ads.linkedin.com/collect/?pid=2148604&fmt=gif
https://px4.ads.linkedin.com/collect?pid=2148604&fmt=gif&e_ipv6=AQIyIhYLHpCPQwAAAYFdy0UG50S6UzrONwI6XifM4XtVySXp5zSpIgcKg_x6S8N4NEmd8tgD
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=2ad9347d-e53e-4252-88a5-1159579da603

43 B
97 B

83ms
83ms

Image
image/gif

104.18.101.194
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=2ad9347d-e53e-4252-88a5-1159579da603
Protocol: H2
Server: 104.18.101.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:11 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 71ac09a888d553fb-YYZ
p3p: CP='NON DSP COR CONi OUR BUS CNT'
content-type: image/gif
content-length: 43

Redirect headers

date: Mon, 13 Jun 2022 16:00:10 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 80CC3A6EFD6644D3A88A126531134BCC Ref B: YTO01EDGE0816 Ref C: 2022-06-13T16:00:11Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
location: https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=2ad9347d-e53e-4252-88a5-1159579da603
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXhVmIGIWWRZer0lLfkuA==

GET
H3 200 /
www.facebook.com/tr/ 44 B
91 B 38ms
18ms Image
image/gif 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=719861091558308&ev=PageView&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&rl=&if=false&ts=1655136011310&cd[segment_eid]=VGLVDYA6GRASZMUSTHUV5D&sw=1600&sh=1200&v=2.9.62&r=stable&ec=0&o=29&fbp=fb.1.1655136011058.1369320596&it=1655136010961&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:11 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Mon, 13 Jun 2022 16:00:11 GMT

GET
H2 204 conversion
register.powerlinks.com/ Frame 2148 0
41 B 138ms
24ms Image
text/plain 51.81.46.206
OVH

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://register.powerlinks.com/conversion?id=1408
Requested by: Host: 10104846.fls.doubleclick.net
URL: https://10104846.fls.doubleclick.net/ddm/fls/r/dc_pre=CNjU7Y_mqvgCFeuHgwgdYyoEgw;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games';dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=4581714027837.542;~oref=https://www.fortinet.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 51.81.46.206 Warrenton, United States, ASN16276 (OVH, FR),
Reverse DNS: ns1000608.ip-51-81-46.us
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://10104846.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:11 GMT
server: nginx

GET
H2

200

/
p.adsymptotic.com/d/px/ Frame 2148
Redirect Chain

https://px.ads.linkedin.com/collect/?pid=2159050&conversionId=6504418&fmt=gif
https://px4.ads.linkedin.com/collect?pid=2159050&conversionId=6504418&fmt=gif&e_ipv6=AQJ6MefvOjZ4BgAAAYFdy0SJiUwZNqYXL2GrOVJbFf_LjGGb_UOsPpvvICCMWt7NKSZISymN
https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=2ad9347d-e53e-4252-88a5-1159579da603

43 B
97 B

49ms
49ms

Image
image/gif

104.18.101.194
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=2ad9347d-e53e-4252-88a5-1159579da603
Requested by: Host: 10104846.fls.doubleclick.net
URL: https://10104846.fls.doubleclick.net/ddm/fls/r/dc_pre=CNjU7Y_mqvgCFeuHgwgdYyoEgw;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games';dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=4581714027837.542;~oref=https://www.fortinet.com/
Protocol: H2
Server: 104.18.101.194 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://10104846.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:11 GMT
cf-cache-status: DYNAMIC
server: cloudflare
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
cf-ray: 71ac09a7cf7b53fb-YYZ
p3p: CP='NON DSP COR CONi OUR BUS CNT'
content-type: image/gif
content-length: 43

Redirect headers

date: Mon, 13 Jun 2022 16:00:10 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 945EBA3925854A8E851D479665529AA7 Ref B: YTO01EDGE0816 Ref C: 2022-06-13T16:00:11Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
location: https://p.adsymptotic.com/d/px/?_pid=16218&_psign=0aa5badf92527f7732e22463d6fa4dbc&coopa=0&gdpr=0&gdpr_consent=&_puuid=2ad9347d-e53e-4252-88a5-1159579da603
x-li-proto: http/2
content-length: 0
x-li-uuid: AAXhVmIERXAL1NUEpn7dqQ==

GET
H3

200

activityi;dc_pre=CJmjjpDmqvgCFYlqhwodidEL1w;src=11974306;type=invmedia;cat=sitew0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=1085148059839.5135 Show response
11974306.fls.doubleclick.net/ Frame D387
Redirect Chain

https://11974306.fls.doubleclick.net/activityi;src=11974306;type=invmedia;cat=sitew0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=1085148059839.5135?
https://11974306.fls.doubleclick.net/activityi;dc_pre=CJmjjpDmqvgCFYlqhwodidEL1w;src=11974306;type=invmedia;cat=sitew0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_conse...

422 B
360 B

60ms
56ms

Document
text/html

142.250.65.230
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://11974306.fls.doubleclick.net/activityi;dc_pre=CJmjjpDmqvgCFYlqhwodidEL1w;src=11974306;type=invmedia;cat=sitew0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=1085148059839.5135?

Requested by

Host: 10104846.fls.doubleclick.net
URL: https://10104846.fls.doubleclick.net/ddm/fls/r/dc_pre=CNjU7Y_mqvgCFeuHgwgdYyoEgw;src=10104846;type=sitew00;cat=sitew0;u3=https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games';dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=4581714027837.542;~oref=https://www.fortinet.com/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.65.230 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lga25s73-in-f6.1e100.net

Software

cafe /

Resource Hash

36c4ded955f17ed1a93f3e4cad1bfae4207ce7de39c6b46551aa2d1725f9864f

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://10104846.fls.doubleclick.net/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language: en-CA,en;q=0.9

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: private, max-age=0
content-encoding: gzip
content-length: 337
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 13 Jun 2022 16:00:11 GMT
expires: Mon, 13 Jun 2022 16:00:11 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Mon, 13 Jun 2022 16:00:11 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://11974306.fls.doubleclick.net/activityi;dc_pre=CJmjjpDmqvgCFYlqhwodidEL1w;src=11974306;type=invmedia;cat=sitew0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=1085148059839.5135?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 61382 Show response
content.adacado.com/advertiser/v1/scraperconfig/ 4 B
125 B 327ms
26ms Fetch
text/plain 151.139.128.11
STACKPATH-CDN

General

Check archive.org

Show headers Download Go to

Full URL: https://content.adacado.com/advertiser/v1/scraperconfig/61382
Requested by: Host: content.adacado.com
URL: https://content.adacado.com/productpixel/v1/prpx.umd.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.139.128.11 , United States, ASN20446 (STACKPATH-CDN, US),
Reverse DNS
Software: /
Resource Hash: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:11 GMT
via: 1.1 google
x-hw: 1655136011.cds179.dc2.hn,1655136011.cds061.dc2.c
content-type: text/plain; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, max-age=0, must-revalidate, private, max-stale=0, post-check=0, pre-check=0
accept-ranges: bytes
content-encoding: gzip
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 24

GET
H3 200 dc_pre=CJmjjpDmqvgCFYlqhwodidEL1w;src=11974306;type=invmedia;cat=sitew0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=1085148059839.5135
adservice.google.com/ddm/fls/z/ Frame D387 42 B
63 B 123ms
83ms Image
image/gif 2607:f8b0:4006:808::2002
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://adservice.google.com/ddm/fls/z/dc_pre=CJmjjpDmqvgCFYlqhwodidEL1w;src=11974306;type=invmedia;cat=sitew0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=1085148059839.5135

Requested by

Host: 11974306.fls.doubleclick.net
URL: https://11974306.fls.doubleclick.net/activityi;dc_pre=CJmjjpDmqvgCFYlqhwodidEL1w;src=11974306;type=invmedia;cat=sitew0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=;gdpr_consent=;ord=1085148059839.5135?

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:808::2002 Mullica Hill, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://11974306.fls.doubleclick.net/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 16:00:11 GMT
x-content-type-options: nosniff
server: cafe
timing-allow-origin: *
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-type: image/gif
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 40ms
39ms Image
image/gif 23.217.148.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=675ddb1773310000095fa762e20100003cde0000&session=928a699a-8bd1-4dd3-8500-58a38e5338cb&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2013%20Jun%202022%2016%3A00%3A11%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2013%20Jun%202022%2016%3A00%3A10%20GMT%22%2C%22timeSpent%22%3A%221005%22%2C%22totalTimeSpent%22%3A%222006%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22404%20Page%20Not%20Found%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&pageViewId=357de213-af42-455a-898e-77cda6e37d97&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.217.148.24 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-217-148-24.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Mon, 13 Jun 2022 16:00:11 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 18:57:20 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502810-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H3 200 /
www.facebook.com/tr/ 44 B
88 B 19ms
18ms Image
image/gif 2a03:2880:f112:182:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=177020962864941&ev=Microdata&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&rl=&if=false&ts=1655136011564&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22404%20Page%20Not%20Found%22%7D&cd[OpenGraph]=%7B%22og%3Asite_name%22%3A%22Fortinet%20Blog%22%2C%22og%3Atitle%22%3A%22404%20Page%20Not%20Found%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.fortinet.com%2Fblog%2Ferror%2F404%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fwww.fortinet.com%2Fcontent%2Fdam%2Ffortinet%2Fimages%2Ficons%2Ffortinet-social-icon.jpg%22%2C%22twitter%3Acard%22%3A%22summary%22%2C%22twitter%3Asite%22%3A%22%40Fortinet%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.62&r=stable&ec=1&o=30&fbp=fb.1.1655136011058.1369320596&it=1655136010961&coo=false&dpo=LDU&dpoco=0&dpost=0&es=automatic&tm=3&rqm=GET

Protocol

Security

QUIC, , AES_128_GCM

Server

2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:11 GMT
last-modified: Fri, 21 Dec 2012 00:00:01 GMT
server: proxygen-bolt
strict-transport-security: max-age=31536000; includeSubDomains
content-type: image/gif
cache-control: no-cache, must-revalidate, max-age=0
cross-origin-resource-policy: cross-origin
content-length: 44
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority: u=3,i
expires: Mon, 13 Jun 2022 16:00:11 GMT

POST
H2 204 collect Show response
j.clarity.ms/ 0
48 B 32ms
32ms XHR
text/plain 20.85.30.134
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://j.clarity.ms/collect
Requested by: Host: j.clarity.ms
URL: https://j.clarity.ms/s/0.6.34/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.85.30.134 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.fortinet.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

access-control-allow-origin: https://www.fortinet.com
date: Mon, 13 Jun 2022 16:00:11 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
H2 200 6138 Show response
ad.adacado.com/pixel/v1/ 0
310 B 82ms
53ms Script
text/plain 130.211.47.214
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://ad.adacado.com/pixel/v1/6138
Requested by: Host: content.adacado.com
URL: https://content.adacado.com/productpixel/v1/prpx.umd.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 130.211.47.214 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS: 214.47.211.130.bc.googleusercontent.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:11 GMT
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H/1.1 200
OK gs Show response
gs.mountain.com/ 144 B
733 B 331ms
79ms Script
application/javascript 34.212.4.35
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://gs.mountain.com/gs
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games'
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 34.212.4.35 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-34-212-4-35.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 5b8c493bbd93f0f09686914364af21b5a0a4c644fc04af2410c8d53c3fa6486e

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date: Mon, 13 Jun 2022 16:00:11 GMT
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: istio-envoy
access-control-allow-methods: GET, POST, OPTIONS
p3p: CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
access-control-allow-origin: *
cache-control: public, max-age=31536000
x-envoy-upstream-service-time: 1
connection: close
content-type: application/javascript;charset=utf-8
access-control-allow-headers: Accept, Content-Type, x-requested-with, X-Custom-Header
content-length: 144
x-application-context: application:prod:8080

GET
H/1.1 200
OK st Show response
px.mountain.com/ 3 KB
2 KB 1460ms
1304ms Script
application/javascript 44.235.191.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://px.mountain.com/st?ga_tracking_id=UA-767980-1&ga_client_id=656264877.1655136010&shpt=404%20Page%20Not%20Found&ga_info=%7B%22status%22%3A%22OK%22%2C%22ga_tracking_id%22%3A%22UA-767980-1%22%2C%22ga_client_id%22%3A%22656264877.1655136010%22%2C%22shpt%22%3A%22404%20Page%20Not%20Found%22%2C%22dcm_cid%22%3A%22656264877.1655136010%22%2C%22dcm_gid%22%3A%221031228593.1655136010%22%2C%22ga_gclid%22%3A%22656264877.1655136010%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A1%2C%22getClientIdByGA%22%3A%22OK%22%2C%22ga_gclid%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%2C%22dcm_gid%22%3A%22OK%22%7D%7D&dcm_cid=656264877.1655136010&dcm_gid=1031228593.1655136010&dxver=4.0.0&shaid=32336&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&shadditional=sh_conversion%3DSHBLOCK%2Cgoogletagmanager%3Dtrue%2Cadroll%3Dtrue&shoid=656264877.1655136010&cb=1655136011876309&shguid=6cdec43c-8bae-30a7-8b9e-d05974a44404&shgts=1655136012210
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games'
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 44.235.191.156 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-235-191-156.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: 19ec4322eb739d479b5c7567fc76ffbd2a4f342d1781b02868fc0245fd3b5ba4

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 13 Jun 2022 16:00:13 GMT
content-encoding: gzip
connection: close
p3p: CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
content-type: application/javascript;charset=utf-8

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 45ms
45ms Image
image/gif 23.217.148.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=675ddb1773310000095fa762e20100003cde0000&session=928a699a-8bd1-4dd3-8500-58a38e5338cb&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2013%20Jun%202022%2016%3A00%3A12%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2013%20Jun%202022%2016%3A00%3A11%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%223009%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22404%20Page%20Not%20Found%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&pageViewId=357de213-af42-455a-898e-77cda6e37d97&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.217.148.24 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-217-148-24.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Mon, 13 Jun 2022 16:00:12 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Tue, 05 Oct 2021 22:17:52 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "615ccf10-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 42ms
42ms Image
image/gif 23.217.148.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=675ddb1773310000095fa762e20100003cde0000&session=928a699a-8bd1-4dd3-8500-58a38e5338cb&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2013%20Jun%202022%2016%3A00%3A13%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2013%20Jun%202022%2016%3A00%3A12%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%224011%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22404%20Page%20Not%20Found%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&pageViewId=357de213-af42-455a-898e-77cda6e37d97&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.217.148.24 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-217-148-24.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Mon, 13 Jun 2022 16:00:13 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 18:57:20 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502810-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1

200
OK

tdsync
px.steelhousemedia.com/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=steelhouse&ttd_tpi=1&ttd_puid=e7eee2d4-eb31-11ec-8616-e50f95cb7201&gdpr=&gdpr_consent=
https://px.steelhousemedia.com/tdsync?tdid=dc2e87ff-a69f-46af-af9a-9feac3bb92e2&shguid=e7eee2d4-eb31-11ec-8616-e50f95cb7201

0
244 B

519ms
271ms

Image
text/plain

52.10.121.135
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.steelhousemedia.com/tdsync?tdid=dc2e87ff-a69f-46af-af9a-9feac3bb92e2&shguid=e7eee2d4-eb31-11ec-8616-e50f95cb7201
Protocol: HTTP/1.1
Server: 52.10.121.135 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-10-121-135.us-west-2.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

access-control-allow-origin: *
date: Mon, 13 Jun 2022 16:00:14 GMT
connection: close
access-control-allow-headers: Accept, Content-Type, x-requested-with, X-Custom-Header
access-control-allow-methods: GET, POST, OPTIONS

Redirect headers

pragma: no-cache
date: Mon, 13 Jun 2022 16:00:13 GMT
x-aspnet-version: 4.0.30319
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
location: https://px.steelhousemedia.com/tdsync?tdid=dc2e87ff-a69f-46af-af9a-9feac3bb92e2&shguid=e7eee2d4-eb31-11ec-8616-e50f95cb7201
cache-control: private,no-cache, must-revalidate
content-type: text/html
content-length: 277

GET
H2

200

generic
match.adsrvr.org/track/cmf/
Redirect Chain

https://insight.adsrvr.org/track/evnt/?adv=6s0zaeu&ct=0:0bi0elf&fmt=3
https://dpm.demdex.net/ibs:dpid=903&dpuuid=dc2e87ff-a69f-46af-af9a-9feac3bb92e2&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Daam
https://match.adsrvr.org/track/cmf/generic?ttd_pid=aam
https://tags.bluekai.com/site/5386?id=dc2e87ff-a69f-46af-af9a-9feac3bb92e2&gdpr=0&gdpr_consent=&redir=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Fgeneric%3Fttd_pid%3Dbluekai
https://match.adsrvr.org/track/cmf/generic?ttd_pid=bluekai
https://pixel.rubiconproject.com/tap.php?v=8981&nid=2307&put=dc2e87ff-a69f-46af-af9a-9feac3bb92e2&gdpr=0&gdpr_consent=&expires=30&next=https%3A%2F%2Fmatch.adsrvr.org%2Ftrack%2Fcmf%2Frubicon
https://match.adsrvr.org/track/cmf/rubicon?gdpr=0
https://ib.adnxs.com/getuid?https%3a%2f%2fmatch.adsrvr.org%2ftrack%2fcmf%2fappnexus%3fttd%3d1%26anid%3d%24UID&ttd_tdid=dc2e87ff-a69f-46af-af9a-9feac3bb92e2
https://match.adsrvr.org/track/cmf/appnexus?ttd=1&anid=8364727669192864419&ttd_tdid=dc2e87ff-a69f-46af-af9a-9feac3bb92e2
https://ups.analytics.yahoo.com/ups/55953/sync?uid=dc2e87ff-a69f-46af-af9a-9feac3bb92e2&_origin=1&redir=true&gdpr=0&gdpr_consent=
https://ups.analytics.yahoo.com/ups/55953/sync?uid=dc2e87ff-a69f-46af-af9a-9feac3bb92e2&_origin=1&redir=true&gdpr=0&gdpr_consent=&verify=true
https://match.adsrvr.org/track/cmf/generic?ttd_pid=rightmedia&yahoo_id=y-GXEpFDtE2uJPVQzdfnNczGSnFiPHYf8-~A&gdpr=0&gdpr_consent=

70 B
621 B

24ms
24ms

Image
image/gif

52.223.40.198
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=rightmedia&yahoo_id=y-GXEpFDtE2uJPVQzdfnNczGSnFiPHYf8-~A&gdpr=0&gdpr_consent=
Protocol: H2
Server: 52.223.40.198 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a6370ebea231e0c9a.awsglobalaccelerator.com
Software: /
Resource Hash: 8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 13 Jun 2022 16:00:14 GMT
cache-control: private,no-cache, must-revalidate
x-aspnet-version: 4.0.30319
content-type: image/gif
content-length: 70
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Redirect headers

location: https://match.adsrvr.org/track/cmf/generic?ttd_pid=rightmedia&yahoo_id=y-GXEpFDtE2uJPVQzdfnNczGSnFiPHYf8-~A&gdpr=0&gdpr_consent=
date: Mon, 13 Jun 2022 16:00:14 GMT
server: ATS/9.1.0.46
age: 0
content-length: 0
strict-transport-security: max-age=31536000
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 41ms
40ms Image
image/gif 23.217.148.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=675ddb1773310000095fa762e20100003cde0000&session=928a699a-8bd1-4dd3-8500-58a38e5338cb&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2013%20Jun%202022%2016%3A00%3A14%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2013%20Jun%202022%2016%3A00%3A13%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%225013%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22404%20Page%20Not%20Found%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&pageViewId=357de213-af42-455a-898e-77cda6e37d97&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.217.148.24 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-217-148-24.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Mon, 13 Jun 2022 16:00:14 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 18:57:20 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502810-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 43ms
42ms Image
image/gif 23.217.148.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=675ddb1773310000095fa762e20100003cde0000&session=928a699a-8bd1-4dd3-8500-58a38e5338cb&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2013%20Jun%202022%2016%3A00%3A15%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2013%20Jun%202022%2016%3A00%3A14%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%226014%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22404%20Page%20Not%20Found%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&pageViewId=357de213-af42-455a-898e-77cda6e37d97&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.217.148.24 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-217-148-24.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Mon, 13 Jun 2022 16:00:15 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Fri, 21 Feb 2020 18:57:20 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "5e502810-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

POST
H2 204 collect Show response
j.clarity.ms/ 0
48 B 31ms
31ms XHR
text/plain 20.85.30.134
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://j.clarity.ms/collect
Requested by: Host: j.clarity.ms
URL: https://j.clarity.ms/s/0.6.34/clarity.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 20.85.30.134 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer: https://www.fortinet.com/
accept-language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

access-control-allow-origin: https://www.fortinet.com
date: Mon, 13 Jun 2022 16:00:15 GMT
access-control-allow-credentials: true
server: Microsoft-IIS/10.0
x-powered-by: ASP.NET
request-context: appId=cid-v1:3f60b293-70d6-4805-b0bb-3484f0a73bf0

GET
H/1.1 200
OK img.gif
b.6sc.co/v1/beacon/ 43 B
774 B 44ms
43ms Image
image/gif 23.217.148.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=675ddb1773310000095fa762e20100003cde0000&session=928a699a-8bd1-4dd3-8500-58a38e5338cb&event=active_time_track&q=%7B%22currentTime%22%3A%22Mon%2C%2013%20Jun%202022%2016%3A00%3A16%20GMT%22%2C%22lastTrackTime%22%3A%22Mon%2C%2013%20Jun%202022%2016%3A00%3A15%20GMT%22%2C%22timeSpent%22%3A%221002%22%2C%22totalTimeSpent%22%3A%227016%22%7D&isIframe=false&m=%7B%22description%22%3A%22%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22404%20Page%20Not%20Found%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&pageViewId=357de213-af42-455a-898e-77cda6e37d97&an_uid=0

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.217.148.24 New York, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-217-148-24.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

accept-language: en-CA,en;q=0.9
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

Date: Mon, 13 Jun 2022 16:00:16 GMT
X-Content-Type-Options: nosniff
Connection: keep-alive
Content-Length: 43
Pragma: no-cache
Last-Modified: Tue, 05 Oct 2021 22:17:52 GMT
Server: nginx/1.14.0 (Ubuntu)
ETag: "615ccf10-2b"
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET,POST
Content-Type: image/gif
Access-Control-Allow-Origin
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Access-Control-Allow-Credentials: true
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Expires: Wed, 19 Apr 2000 11:43:00 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: www.fortinet.com
URL: https://www.fortinet.com/content/dam/fortinet/images/general/404.jpg

Domain: t.co
URL: https://t.co/i/adsct?bci=3&eci=2&event_id=52a5fec1-98c9-4dd2-a8a2-f66d0613eb6f&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=4b8b8165-59a3-43bf-b0c9-a2586d83a29b&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxlzj&type=javascript&version=2.3.20

Domain: t.co
URL: https://t.co/i/adsct?bci=3&eci=2&event_id=add51966-f013-44dd-b17e-10f89dc13fc6&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=4b8b8165-59a3-43bf-b0c9-a2586d83a29b&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o6ezf&type=javascript&version=2.3.20

Domain: t.co
URL: https://t.co/i/adsct?bci=3&eci=2&event_id=62374c48-be34-4992-80d4-8f702446197b&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&p_id=Twitter&p_user_id=0&pl_id=4b8b8165-59a3-43bf-b0c9-a2586d83a29b&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o72wb&type=javascript&version=2.3.20

Domain: px.ads.linkedin.com
URL: https://px.ads.linkedin.com/collect/?pid=2148604&fmt=gif

Verdicts & Comments Add Verdict or Comment

215 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

109 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.fortinet.com/	1970-01-20 12:31:12	Name: cookiesession1 Value: 678A3E8DB83CEE58191E167D671BBBBD
.fortinet.com/	1970-01-20 12:31:12	Name: OptanonConsent Value: isIABGlobal=false&datestamp=Mon+Jun+13+2022+16%3A00%3A08+GMT%2B0000+(GMT)&version=6.10.0&hosts=&consentId=ee66a2e3-efa3-4097-ab0c-98cc89029524&interactionCount=0&landingPath=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games'&groups=C0001%3A1%2CC0002%3A1%2CC0003%3A1%2CC0004%3A1
.bing.com/	1970-01-20 13:07:12	Name: MUID Value: 293315937A536325379C04517BF96280
.bat.bing.com/	1970-01-20 03:55:40	Name: MR Value: 0
.fortinet.com/	1970-01-20 03:47:02	Name: _uetsid Value: e66c54f0eb3111eca1a00bed5160f7b4
.fortinet.com/	1970-01-20 13:07:12	Name: _uetvid Value: e66c68c0eb3111ec92e539e46562913a
.demdex.net/	1970-01-20 08:04:48	Name: demdex Value: 13707351181557942300587681651171402890
.fortinet.com/	1969-12-31 23:59:59	Name: AMCVS_ED8739F75677FE917F000101%40AdobeOrg Value: 1
.6sc.co/	1970-01-20 21:16:48	Name: 6suuid Value: 675ddb1773310000095fa762e20100003cde0000
.fortinet.com/	1970-01-20 21:16:48	Name: s_ecid Value: MCMID%7C14062383122417189740622058880665650434
.everesttech.net/	1970-01-20 12:31:12	Name: everest_g_v2 Value: g_surferid~YqdfCQAAAD3DOQN_
www.fortinet.com/	1970-01-20 03:45:36	Name: outbrain_cid_fetch Value: true
.dpm.demdex.net/	1970-01-20 08:04:48	Name: dpm Value: 13707351181557942300587681651171402890
www.fortinet.com/	1970-01-20 21:16:48	Name: _gd_svisitor Value: 675ddb1773310000095fa762e20100003cde0000
www.fortinet.com/	1970-01-20 21:16:48	Name: _gd_visitor Value: 9b83b97c-0cbd-46f7-8941-32394efc31d7
www.fortinet.com/	1970-01-20 03:45:50	Name: _gd_session Value: 928a699a-8bd1-4dd3-8500-58a38e5338cb
www.fortinet.com/	1970-01-20 03:55:40	Name: _an_uid Value: 0
.fortinet.com/	1970-01-20 21:18:14	Name: AMCV_ED8739F75677FE917F000101%40AdobeOrg Value: -2121179033%7CMCIDTS%7C19157%7CMCMID%7C14062383122417189740622058880665650434%7CMCAAMLH-1655740809%7C7%7CMCAAMB-1655740809%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1655143209s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-19164%7CvVersion%7C5.3.0
www.clarity.ms/	1970-01-20 12:31:12	Name: CLID Value: 6c8a7b99b3284432b2d8b90bfd74c7cc.20220613.20230613
www.fortinet.com/	1970-01-24 03:44:09	Name: _omappvp Value: XJcjCSwE9RPaHcFBlsm1AAX1yQgnphzqDG1KfGdKLvKLKvcC9QXTgQIocHdPkQW6XjAXGXYFBFuxGEZzjyEm1eeHwcvT9brF
www.fortinet.com/	1970-01-20 03:45:37	Name: _omappvs Value: 1655136010116
.fortinet.com/	1970-01-20 03:45:37	Name: gpv_pn Value: www.fortinet.com%2Fblog%2Fthreat-research%2Fwiper-malware-riding-tokyo-olympic-games%27
.fortinet.com/	1970-01-20 05:55:12	Name: s_getNewRepeat Value: 1655136010241-New
.fortinet.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.fortinet.com/	1970-01-20 12:31:12	Name: _clck Value: x98q63\|1\|f2a\|0
.fortinet.com/	1970-01-20 21:16:48	Name: _ga Value: GA1.2.656264877.1655136010
.fortinet.com/	1970-01-20 03:47:02	Name: _gid Value: GA1.2.1031228593.1655136010
.fortinet.com/	1970-01-20 03:45:36	Name: _gat_gtag_UA_767980_1 Value: 1
.fortinet.com/	1970-01-20 12:31:12	Name: _hjSessionUser_1178304 Value: eyJpZCI6ImZlODAyMDA0LWExNzctNTZmZi1hZjRiLWExYmJlODZlMTY0YiIsImNyZWF0ZWQiOjE2NTUxMzYwMTAyOTQsImV4aXN0aW5nIjpmYWxzZX0=
.fortinet.com/	1970-01-20 03:45:37	Name: _hjFirstSeen Value: 1
www.fortinet.com/	1970-01-20 03:45:36	Name: _hjIncludedInSessionSample Value: 0
.fortinet.com/	1970-01-20 03:45:37	Name: _hjSession_1178304 Value: eyJpZCI6IjdhZTYxMzFkLTQ1NDEtNDVmMC1iOGM0LTcxZWY4MDI4MjUzNyIsImNyZWF0ZWQiOjE2NTUxMzYwMTA0MDQsImluU2FtcGxlIjpmYWxzZX0=
.fortinet.com/	1970-01-20 03:45:37	Name: _hjAbsoluteSessionInProgress Value: 0
.fortinet.com/	1970-01-20 03:47:02	Name: _clsk Value: 1od5ic3\|1655136010507\|1\|1\|j.clarity.ms/collect
www.fortinet.com/	1970-01-20 12:31:12	Name: WID_VISITOR_ID Value: 1655136011563644613
.fortinet.com/	1970-01-20 03:45:37	Name: aa_cc Value: CA
.fortinet.com/	1970-01-20 03:45:37	Name: aa_cn Value: CA
.c.bing.com/	1970-01-20 03:55:40	Name: MR Value: 0
.c.bing.com/	1970-01-20 13:07:12	Name: SRM_B Value: 293315937A536325379C04517BF96280
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-20 13:07:12	Name: MUID Value: 293315937A536325379C04517BF96280
.c.clarity.ms/	1970-01-20 03:55:40	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 03:45:36	Name: ANONCHK Value: 0
.fortinet.com/	1970-01-20 05:55:12	Name: _gcl_au Value: 1.1.345484704.1655136011
.ml314.com/	1970-01-20 12:31:12	Name: pi Value: 3627897030091210845
.ml314.com/	1970-01-20 04:05:45	Name: tp Value: 4%3b6%2f13%2f2022+12%3a00%3a10+PM%3b0
.linkedin.com/	1970-01-20 05:55:12	Name: li_sugr Value: 2ad9347d-e53e-4252-88a5-1159579da603
.ads.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.linkedin.com/	1970-01-20 21:17:29	Name: bcookie Value: "v=2&66db2b54-b2c9-4210-8322-33202982b98d"
.linkedin.com/	1970-01-20 03:47:02	Name: lidc Value: "b=VGST09:s=V:r=V:a=V:p=V:g=2305:u=1:x=1:i=1655136011:t=1655222411:v=2:sig=AQEsCKNmwpxnBkiR7zkKLS-okxYbKjk5"
.fortinet.com/	1970-01-20 05:55:12	Name: _fbp Value: fb.1.1655136011058.1369320596
.twitter.com/	1970-01-20 21:16:48	Name: personalization_id Value: "v1_FvBunvzfWvxkHYhLyYURBg=="
.linkedin.com/	1970-01-20 04:28:48	Name: UserMatchHistory Value: AQI9PfDUIO9zkwAAAYFdy0NkqdhJh21tqHy0_tkjgcQUA0FOZ1C7CU9LTjWaZc1_jYmI2x5xLuOjaA
.linkedin.com/	1970-01-20 04:28:48	Name: AnalyticsSyncHistory Value: AQLUnDs26oub-gAAAYFdy0NkGIYZwCrVldDZGO9tIgMsSMYfkmfegN94o12-VKa-a0QuRCny4TFgXi4hwb0mRA
.facebook.com/	1970-01-20 05:55:12	Name: fr Value: 0QNaGp6adLru2rb1h..Bip18L...1.0.Bip18L.
.linkedin.com/	1969-12-31 23:59:59	Name: lang Value: v=2&lang=en-us
.www.linkedin.com/	1970-01-20 21:17:29	Name: bscookie Value: "v=1&20220613160011f10a2543-e8c2-44ae-839f-613b8e8b562dAQEukivMGhBSTaz_FsQRTLKcHY6Xb2m9"
.adsrvr.org/	1970-01-20 12:31:12	Name: TDID Value: dc2e87ff-a69f-46af-af9a-9feac3bb92e2
.doubleclick.net/	1970-01-20 21:16:48	Name: IDE Value: AHWqTUnA1Y_zqqiw1HAWvlH2tFGECoPGcHauVS0kOWUwwDTNrHJfrcKLzPee6myi
.www.fortinet.com/	1970-01-20 12:31:33	Name: __adroll_fpc Value: 1fc58e6b60021ff37a9f44b70c90439a-1655136011205
.eyeota.net/	1970-01-20 12:31:12	Name: mako_uid Value: 1815dcb43be-36060000010a5185
.eyeota.net/	1970-01-20 03:45:36	Name: SERVERID Value: 20869~DM
.ml314.com/	1970-01-20 03:45:36	Name: u Value: aHR0cHM6Ly93d3cuZm9ydGluZXQuY29tLw==
.t.co/	1970-01-20 21:16:48	Name: muc_ads Value: 5ed700a2-b369-4bc5-b889-7801215b8655
.www.fortinet.com/	1970-01-20 12:31:12	Name: __ar_v4 Value: %7C7OBVBCAQE5FHDPFEAD5T4D%3A20220613%3A1%7CGIVUJ77KRNF4LOPGYJ6RS5%3A20220613%3A1%7CVGLVDYA6GRASZMUSTHUV5D%3A20220613%3A1
.crwdcntrl.net/	1970-01-20 10:14:24	Name: _cc_dc Value: 0
.crwdcntrl.net/	1970-01-20 10:14:24	Name: _cc_id Value: e191523a075f1045c306776579d60f4a
.rlcdn.com/	1970-01-20 05:12:00	Name: pxrc Value: CIu+nZUGEgUI6AcQABIFCOhHEAASBQjbThAA
.openx.net/	1970-01-20 12:31:12	Name: i Value: de74212a-0083-43ae-89b8-f5d3fda91475\|1655136011
.taboola.com/	1970-01-20 12:31:12	Name: t_gid Value: ddf42b8b-bb95-4872-b21b-5a0604b36533-tuct9a0e48b
.3lift.com/	1970-01-20 05:55:12	Name: tluid Value: 2497525979244700435659
.adnxs.com/	1970-01-20 05:55:12	Name: uuid2 Value: 8364727669192864419
.inzynk.io/	1970-01-20 12:31:12	Name: iztid Value: 1655136011954
.bidswitch.net/	1970-01-20 12:31:12	Name: tuuid Value: 442c1b1f-0ed1-4fd8-a5e4-09c904d5bd28
.bidswitch.net/	1970-01-20 12:31:12	Name: c Value: 1655136011
.bidswitch.net/	1970-01-20 12:31:12	Name: tuuid_lu Value: 1655136011
www.fortinet.com/	1970-01-20 12:31:12	Name: izcid Value: 1655136019351
www.fortinet.com/	1970-01-20 12:31:12	Name: iztid Value: 1655136011954
.pubmatic.com/	1970-01-20 05:55:12	Name: KRTBCOOKIE_10 Value: 22808-YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM&KRTB&22883-YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM
.pubmatic.com/	1970-01-20 04:28:48	Name: PugT Value: 1655136011
d.adroll.com/	1970-01-20 13:14:24	Name: __adroll Value: a82deae3e842bb6e271d3c432fb68a93-g_1655136011-a_1655136011
.adroll.com/	1970-01-20 13:14:24	Name: __adroll_shared Value: a82deae3e842bb6e271d3c432fb68a93-g_1655136011-a_1655136011
.casalemedia.com/	1970-01-20 12:31:12	Name: CMID Value: YqdfC4r4i9us5wAidwkOxgAA
.casalemedia.com/	1970-01-20 05:55:12	Name: CMPS Value: 471
.casalemedia.com/	1970-01-20 05:55:12	Name: CMPRO Value: 471
.outbrain.com/	1970-01-20 05:55:12	Name: obuid Value: d27a6da2-1b55-4dcd-953a-19bd8dc8b4cc
.outbrain.com/	1970-01-20 04:05:45	Name: adrl Value: YTgyZGVhZTNlODQyYmI2ZTI3MWQzYzQzMmZiNjhhOTM
.adnxs.com/	1970-01-20 05:55:12	Name: anj Value: dTM7k!M4/rD>6NRF']wIg2C''heY<4!]tbPl@/@8$-^=$U_hs4LAeAkADU<KCbQqtCyIqSZguIPZr42gCwce?D%T^N@5S$):^_HO^@dnwaTv3/bpRzqF1`*b^LC-3G7%
.pippio.com/	1970-01-20 12:31:12	Name: did Value: 309yNrRJNggvOsrf
.pippio.com/	1970-01-20 12:31:12	Name: didts Value: 1655136011
.pippio.com/	1970-01-20 05:12:00	Name: nnls Value:
.adsymptotic.com/	1970-01-20 05:55:12	Name: U Value: ddc62865d84ee1645fffc9b37f265a2c
.rubiconproject.com/	1970-01-20 12:31:12	Name: khaos Value: L4CX8VYU-2-3Q4U
.pippio.com/	1970-01-20 05:12:00	Name: pxrc Value: CIu+nZUGEgQIAhAAEgYI7OsBEAA=
.linksynergy.com/	1970-01-20 12:31:12	Name: rmuid Value: 64bc46fb-536d-432d-830e-fc3132682ac7
.linksynergy.com/	1970-01-20 12:31:12	Name: icts Value: 2022-06-13T16:00:11Z
.adacado.com/	1970-01-20 12:31:12	Name: adacadoVisitor Value: 1ad1be61-73c1-46ff-9c73-76be81817f3d
.adacado.com/	1970-01-20 12:31:12	Name: adacadoVisitorValidation Value: 804f8665d87e7ea558bae79ae9479ee4
.mountain.com/	1970-01-20 21:17:29	Name: guid Value: e7eee2d4-eb31-11ec-8616-e50f95cb7201
.rlcdn.com/	1970-01-20 12:31:12	Name: rlas3 Value: rT59tg5LaTlJws8nlGIrXAk2s8kEswdTAj9PSeMhlvU=
.px.mountain.com/	1970-01-20 21:17:29	Name: tt Value: "H4sIAAAAAAAAAKtW8guKNzYyNjaLNzK3NFayMtBRgnItjC2UrAzNTE0Njc0MgNgMKFWmZGWkg6QFrMagFgDx+8U1RgAAAA=="
.mountain.com/	1970-01-20 21:17:29	Name: rt Value: "MzIzMzY6MTY1NTEzNjAxMw=="
.bluekai.com/	1970-01-20 08:04:48	Name: bkdc Value: phx
.bluekai.com/	1970-01-20 08:04:48	Name: bkpa Value: KJy5iBLvQp9xOqXZF3AkSSN8YvPxd9Nj5pzSgOzttl8dxtWTz8QtJIUt8FgrAuQxVrfF15qxIPC4m0QFK3C2jW9lE5b0gVRbJPpIsFcR1IXSvZavWCqP1hFlBcRGqvYTBWOjF+/z1oKA9gQVThqnpg0pJeHrDvUhEsEzSlodK/U6980K17/=
.bluekai.com/	1970-01-20 08:04:48	Name: bku Value: YCD99984otvg+wA2
.rubiconproject.com/	1970-01-20 12:31:12	Name: audit Value: 1\|CRk+PQZVSyu1ZbtMvIn6AtJQU5dYOwKJBQNQr3iTnQfWaDs14xzbSGCTCjmiajuYXNKjQNgcHg+M1KxoLazIt7kxm0k08nop+R4DB+iLIkEJdt26juuvt9VqJc22quahZwJTwlJNjTzuEL6mFjmqQHdLFCtPA7rifzW7tuGF1YPuJDUa07rbBw5/8Wu8VjpS3TYsX/cuoqHQD5U7tEfUTQ==
.yahoo.com/	1970-01-20 12:31:33	Name: A3 Value: d=AQABBA5fp2ICEKk-6CrWlVlaLwF_k86zqIYFEgEBAQGwqGKxYgAAAAAA_eMAAA&S=AQAAAtuNo_Wqs09C_I4wX14FmkU
.analytics.yahoo.com/	1970-01-20 12:31:12	Name: IDSYNC Value: 1769~25fr
.adsrvr.org/	1970-01-20 12:31:12	Name: TDCPM Value: CAESFgoHZDB0cm8xahILCIKc-cH61-Y6EAUSEgoDYWFtEgsI4OPk-sCl2zoQBRIWCgdibHVla2FpEgsI3Oz82PrX5joQBRIWCgdydWJpY29uEgsImOjL3frX5joQBRIXCghhcHBuZXh1cxILCLiSveD61-Y6EAUSGQoKcmlnaHRtZWRpYRILCLiSveD61-Y6EAUYBTgBQgQiAggB

1 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://www.fortinet.com/blog/threat-research/wiper-malware-riding-tokyo-olympic-games' Message: Failed to load resource: the server responded with a status of 404 (Not Found)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10104846.fls.doubleclick.net
11974306.fls.doubleclick.net
a.omappapi.com
a.opmnstr.com
ad.adacado.com
ads.yahoo.com
adservice.google.ca
adservice.google.com
amplify.outbrain.com
analytics.inzynk.io
analytics.twitter.com
api.omappapi.com
argusplatform.com
assets.adobedtm.com
b.6sc.co
bat.bing.com
bid.g.doubleclick.net
c.6sc.co
c.bing.com
c.clarity.ms
cdn.cookielaw.org
cm.everesttech.net
cm.g.doubleclick.net
connect.facebook.net
content.adacado.com
d.adroll.com
dpm.demdex.net
dsum-sec.casalemedia.com
dx.mountain.com
eb2.3lift.com
epsilon.6sense.com
fortinet.demdex.net
geolocation.onetrust.com
googleads.g.doubleclick.net
gs.mountain.com
ib.adnxs.com
idsync.rlcdn.com
image2.pubmatic.com
insight.adsrvr.org
ipv6.6sc.co
j.6sc.co
j.clarity.ms
marvel-b1-cdn.bc0a.com
marvel-b2-cdn.bc0a.com
marvel-processor.bc0a.com
match.adsrvr.org
metrics.fortinet.com
ml314.com
p.adsymptotic.com
pippio.com
pixel.rubiconproject.com
pixels.argusplatform.com
ps.eyeota.net
px.ads.linkedin.com
px.mountain.com
px.steelhousemedia.com
px4.ads.linkedin.com
register.powerlinks.com
s.adroll.com
s7.addthis.com
script.hotjar.com
secure.adnxs.com
snap.licdn.com
static.ads-twitter.com
static.hotjar.com
sync.crwdcntrl.net
sync.outbrain.com
sync.taboola.com
t.co
tags.bluekai.com
tags.inzynk.io
tags.rd.linksynergy.com
tr.outbrain.com
ups.analytics.yahoo.com
us-u.openx.net
vars.hotjar.com
www.argusplatform.com
www.clarity.ms
www.facebook.com
www.fortinet.com
www.google-analytics.com
www.google.ca
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
x.bidswitch.net
z.moatads.com
px.ads.linkedin.com
t.co
www.fortinet.com
100.24.83.44
104.118.9.242
104.118.9.53
104.18.101.194
104.244.42.3
104.244.42.5
107.178.254.65
13.107.42.14
13.53.253.113
130.211.47.214
138.199.40.58
141.226.224.48
142.250.65.230
142.250.80.34
142.251.40.98
146.75.32.157
151.139.128.11
172.253.122.155
18.235.123.5
20.110.81.91
20.85.30.134
2001:4998:1c:800::1000
23.198.216.120
23.217.148.24
23.52.162.190
2600:141b:13::17d7:82d0
2600:141b:5000:59e::1c91
2600:141b:9000:498::1e80
2600:9000:2209:6a00:12:dfa9:e200:93a1
2600:9000:2209:b600:0:f267:a5c0:93a1
2600:9000:2209:d800:6:9280:1080:93a1
2606:4700:10::6814:b944
2606:4700::6810:9540
2607:f8b0:4006:808::2002
2607:f8b0:4006:80a::2008
2607:f8b0:4006:80b::2002
2607:f8b0:4006:80b::2004
2607:f8b0:4006:80f::2002
2607:f8b0:4006:820::2003
2607:f8b0:4006:823::200e
2620:1ec:22::14
2620:1ec:27::cafe:1906
2620:1ec:c11::200
2a03:2880:f012:10c:face:b00c:0:3
2a03:2880:f112:182:face:b00c:0:25de
3.91.118.171
3.91.211.14
34.111.234.236
34.197.192.192
34.199.16.170
34.212.4.35
34.251.139.24
34.98.64.218
34.98.67.3
35.171.54.31
35.190.60.146
35.201.125.192
35.201.70.94
35.211.178.172
35.71.139.29
44.235.191.156
51.81.46.206
52.10.121.135
52.208.8.226
52.223.40.198
52.6.248.150
52.85.61.120
52.85.61.99
54.175.87.114
54.230.163.25
54.69.255.140
63.140.38.123
68.67.178.15
68.67.179.164
69.173.151.100
70.42.32.223
8.28.7.83
96.17.64.208
027ef726455285067bd85d0ad82df58e490227db4e8df2d7fbc84ec2d196c165
05090f9390f5bc0cd23fe5f432037cc92d7cbce1ced9bfe8faf3d1c9abae85cd
05448e9440e5f8a66395d7d66a9bfcb9614a80e4e181f6347cd742ec36725ca6
055e467aa53a9c0272d805bbc009ade8c74df5a8c1255271d753ac78fe179873
09718ae4e78398f775febd97b27555531fde3a1d8721a04055da05e51bb66e2c
0af17dceec23cd7c792b3d9eea0213f32fd711bab773feefe9a5e4902769d3d1
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
123be734ac80a896c91d7280f7759d0590fac19bd37816c58fb3d0fdc8725f3d
14f2ec002b176e0dee403cb7dd4ef2274a1353080e1e3e4084678770f4c15b9c
180c78ef7cfe1433cdecf0ff42f6e22f7fab4435cea2c43af15c43e6069faad0
19bd3758df2d4a24f8d2e334b6d44e8c4325ec9132cac300b1e1d5deeb1a97b1
19ec4322eb739d479b5c7567fc76ffbd2a4f342d1781b02868fc0245fd3b5ba4
1a6622bbfd2f4017f391cae1040e22f99a923116427a0ccb25543581f5d92257
1aceab2451a22469791f72b4c621f9dbb977bc6593feb2a9d60cb1411d33d37b
1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580
1db3a59ce17bdd4230dddbdb72cb8e50ecff0fbd84d50e81b0c9a5e126a39ca5
2268974385beeee92bd980a3ae3a927f2d9cbe40353cadb9e6bac62cfd0be401
22a85475818964b346efc344e79f66d9284b2e76ee829db86a523656254fc6d5
2c510c691b7c0ac37b6d4037e3f73509accc0bd60246d85ccd3a196e75b1fd98
2d30481118d030a0d1f1520cf21750723e11a6cf31213ce763f82f911c322a91
312f45f8763af6649dda99f778252e993591f45b5bdbab087953f751fb987dae
31b45c462302ac175bfa43f9e5591491db780ca094f6ecdd2907f25ad578448d
33ca751ed175a163bef530ebdcdbd0a2d15997ccbcbf8d50a6f504e8ffac5a5c
36c4ded955f17ed1a93f3e4cad1bfae4207ce7de39c6b46551aa2d1725f9864f
3cb8513e2b91bee9f51fa4cacecd6d9f728f6763780f81c11e2ab26cb799a0ce
3d79854e01d0c79408c548889dcfddd23e4ef10f11c698c831b570573ee13b97
3e30683f631b6baf6eaa6c3085257aa4d8477d78b5a18114d45be8ec508f4d9a
41f1e9970b646aadac0f40543bb08b21e49990bf1b09392d1ef4d71b275069ea
430c9039cb907617877c2533c4504acca0e3265dd3b58c903360c2a7780da618
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4b99a75a42582fd22e780855dfb50880df624ce43988616f4b19dc7ba90f1250
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
577c5cd56441f867da7efc69271b5b14f4ac90f71965cc2369fa8580a7dc049d
5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d
5b8c493bbd93f0f09686914364af21b5a0a4c644fc04af2410c8d53c3fa6486e
5d9631cd898faa4142b95f905a8295de46a87e2454bf22a04eea0e6d94e19405
5ddc949ce3677f3b7452e26b814215f9e013ab5fdff8fa6ab4308a7583fe136b
5f8b18809316f4c6a0c7c0c8e356f94e375e5995fd7b8ef55e9b331441eb97cd
6027a7b2e91832593ce25bb4d09729b0cec42247c6a20473cce1ac1b34c21ead
60a1ab93c577a6f7d303ae60d919d098081459b50f590d411bf4da9fa6055116
6187a263d8618abbe61c80b203af5bdd91fb9ee51557612b3856eaa5a87f0747
63ca3ac1e4aed751d19450b7311aa25c3129683a3437631f2e3af596a37ab098
6819066323cc1a834af6a68dad73abf3fe200ec556fd0fe953e2620c660686ab
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6ec3eaa960374bd8df144b340b0208053e7ca3e1b93278f533882c5a649a8eda
6f8f5d87bfa866469f7e4d6445f1dc200191b3a99c9a9083d521d7e66ed9c69d
6fe9f9f7b377dc96c8b87655739234ae33479d20c2d8993f4ab01d3d8e4adb2a
71db8379fcdffc5a00ba5c9aa889bf7188abc0fe6e37fc9806f5a4a03177fe3d
72e93127eb1e6f10a0b7f62b3600bdbdd552348f22d85917f37dd9550c763269
74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b
74b1612d1cb16d432cfd6542a7efe8f9297f1197025e044b9e0d9fa8e54befab
75d893335a1d25db1bf02e25ab904d97a3af743128850d8566b93d197e56e9e9
768cfede61cd258af7d076ffa94861c20a89596514d5e0aa8be485e6eb7ded24
7a23e0e46e16f067271bc79c92a917c13769848457d16cdf109e4dc04c687e8f
7bea17a80a61ed0f54248b4ffc4c718f7c8ff2619742577a73591d62ce074da8
7c85792ac7d7aca58ff173a3bc3990213d25ff692c67c047c7abbba619f76824
7e8ef05a55eafab5277e6449520107db94dfb01b497a52f283e7ffa6ee49363d
7f716b04f915d4461859021c4e75492b67ec0b956e14d7f7d2c4b7d3f33f13e8
80ca19572cbff9a40351f98078f9aa211c140e6212ca2f97aae9e78d30a78729
80f9a78d522f4ecf761dddffd0156a63a342a5cf4395c9390a3db21cb6659fbc
8540c5e2d2e85cc6c5d46b1b06b7f6642dce39e0314299a08976cfe6053c7c52
86a650683b7f2d79218dab2e8c7c934edaf8251fefd911b35d142d26f26055f5
88a4f0e07c018a79642473c6200ff694b6a69ea5c4af63ee47ac7a8ae1cd0889
892ea632a364c2124e67fc5c066c87e1afd109c56a7e5fdae2e3fd3423a7aa5f
8b4fb78c5e5599a29f86d20a29d4f69e3ed0654547b1a595cf038ee0553b58d2
8cdca3b36914e8a3f56390da71389944579faaae82704e53bd66f9c0387502f6
8d70b3e6badb6973663b398d297bb32eaedd08826a1af98d0a1cfce5324ffce0
8e038b564510a45dc11799f74da367733f3db7f9c0a0434f1e90c44ec5168278
8f43a20a77df4f1d340514051b4ac1ced808e385906e2b17ae0304c69e15f4b5
9163bd3e65a977c75fdf7c5c7d017fa275b5d6710144314ec03f8cf9c77b4c1a
963957e50ce51ed09719da230e6033bcd6bc3cac8b5e12a168179d759e7d61e1
965fc05b277596a937ba9d14388799fd5217eb96179f0187b8b937347bdfaf59
9739d9fb85847b8a51b6eeeaa134f2a13c866c7a6fd3b27eb9d58a7ff3fb1e1f
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9b71ecb91b5321f35e8f6cc9ee973f18eb7dc451cdd4cf2f4ed668434d29da57
9bf968984db9eb56d5901734276c26ce217ead12c0368a1f4850f79aa3bf34d4
9ffb8f3aec546bb06d1c4635ba17d29bf85c06c952e153034dae313250cbb829
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a334f368b502d68bcaafb174022cfe21775f1744f0a1cd520d0c57d094a8e66a
a55c31e3eb3614cd77d7a167abd9124ac4254a31764e1459d74a229bf8ece4d0
a631882b4c7a29ca3732e330495ba099089c3721eb749038cb75ab7d1ec67ae9
a8a9305d0e4e3843c4db5dc024149ebd0c16403d3486a487258b09440da3b5cc
a9a73c35e45c1c0786d95feb5d4963b70b5c3977835f7a69ed82538013727e95
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
acd2f7ad78edeebad4b6b0fdd17ff57d81c3726c60fd5435ee8c5a0115d29403
b13e8f56e638d96f185c3874dee84d41452c5026179e1b1260fa54cd32afe50f
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b5634ae0237967857485f304ef8cbdff287cb8b5e4a8afe7bc317d4858ec4a93
b5a0a4da7164990a96124bd86c139ee6b3634455d2949320eb299471024d9f15
b758214ecf83fc7b9fa5e36077f36e8c65d8a2ddecddc999e9503fe45b1bf570
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc3fd37e2013a20260f62669972171bd7231397a3efe8ad317a20517df44f1b8
c0e5562492756ff60efba71c04d05ac022317876e441cbb55df2bc45bd6d7f8e
c3a0e18b4cb3e8dda176cf24c110a45e218b7c2700d3c6d16e98ab90456c9276
c677d331e6dbf3725d0906d727569d910193a821d4b38f934fa7c18677e73406
ca63193ce799e4e00c9106349365981dc6e26cb77632ebf5df23dffba2aaccfa
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
cf78e423128e590b0ecaedaacbab7a00054705512fca02a477a236fbbdb05f33
d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17
d499fa4e205a4cdb05469b1c270fedbd08fdb6899f16c3c96c475a4c86fa1231
d4e77c7411d1de6efebf4278b9c98aa77dc2e5186cee271ac256138f17bef9f4
d7f526bf4ca555b5d7c241660e774e94a50a8b0af5ec3163967bcdfd5118bf43
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
dc5eb5ae3b8a40bd008326b594f8ce4bf3585cc1616283dc6e09d167135e0626
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98
dfbce1ce67f80cf1baa23bf614fcce2e20b77efc054ad43e6e30f671d4603fcb
e0f923a3e8f86f59010cf939160c88a2c69f107742421bb4821c1da40c80929c
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3bb44cef189e79c6966430735e24f2945deb7799a1535661996c8b7e1647a2f
e5827fd8bddccf8f9ca7d06936e0bd6596f9ec6aca0652086c5d593a72d84435
eec6b719c1df15556a3581632c1010a34d2f19f42481c6f875ab3ff21337748c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
eff43e49142db1ab1ae6fee352b06a5db407ef4c4b88b5c21398a5e5b2020ace
f05ac9ba83369cd58d06d8ee2e5f8d61c040d30d044e20752153f95577627dc6
f59e5f34a941183aacaed25322ac0856628493c2cfd936ded3fddc0a49510e52
f9b2aaabab92d9c63930432351fa3f5aa634fcb5db31b039e23465f8b4bd5a68
fc972cefddf2d6c0c6b04d494c4d669b7f47b4fbe925ca1ef8ad1bdf5777407c
ff5cc552b812416ea1d808affd2174d45a7dacb9cfaac27bc47667e7cae38321

www.fortinet.com Open in urlscan Pro 3.91.211.14 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

175 Requests

79 %HTTPS

27 %IPv6

55 Domains

88 Subdomains

68 IPs

4 Countries

1512 kBTransfer

4518 kBSize

109 Cookies

9 Outgoing links

Redirected requests

175 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.fortinet.com Open in urlscan Pro
3.91.211.14 Public Scan

Screenshot
Live screenshot

Full Image

175
Requests

79 %
HTTPS

27 %
IPv6

55
Domains

88
Subdomains

68
IPs

4
Countries

1512 kB
Transfer

4518 kB
Size

109
Cookies

175 HTTP transactions
2 data transactions