www.fortinet.com Open in urlscan Pro
54.183.113.141 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
Submission: On June 03 via api (June 3rd 2019, 7:22:50 am UTC) from CH

Summary HTTP 45 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 23 IPs in 4 countries across 16 domains to perform 45 HTTP transactions. The main IP is 54.183.113.141, located in San Jose, United States and belongs to AMAZON-02 - Amazon.com, Inc., US. The main domain is www.fortinet.com.
TLS certificate: Issued by DigiCert SHA2 High Assurance Server CA on March 19th 2019. Valid for: 2 years.

This is the only time www.fortinet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 9	54.183.113.141 54.183.113.141	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	2.19.43.118 2.19.43.118	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
7	2.18.232.23 2.18.232.23	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
3	52.52.101.113 52.52.101.113	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a00:1450:400... 2a00:1450:4001:81f::2008	15169 (GOOGLE) (GOOGLE - Google LLC)
1 4	52.210.34.59 52.210.34.59	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2.16.186.146 2.16.186.146	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2a00:1450:400... 2a00:1450:4001:814::200e	15169 (GOOGLE) (GOOGLE - Google LLC)
1 3	18.184.119.244 18.184.119.244	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	52.211.104.45 52.211.104.45	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
2	172.82.235.45 172.82.235.45	15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.)
1 1	66.117.28.86 66.117.28.86	15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.)
1	66.117.29.3 66.117.29.3	15224 (OMNITURE) (OMNITURE - Adobe Systems Inc.)
1	34.198.121.180 34.198.121.180	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
2	172.227.102.19 172.227.102.19	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
2	2.18.233.40 2.18.233.40	16625 (AKAMAI-AS) (AKAMAI-AS - Akamai Technologies)
1	2a02:26f0:a00... 2a02:26f0:a00:286::3adf	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	23.111.9.217 23.111.9.217	33438 (HIGHWINDS2) (HIGHWINDS2 - Highwinds Network Group)
1	50.19.60.226 50.19.60.226	14618 (AMAZON-AES) (AMAZON-AES - Amazon.com)
2	176.34.190.23 176.34.190.23	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a03:2880:f02... 2a03:2880:f02d:e:face:b00c:0:2	32934 (FACEBOOK) (FACEBOOK - Facebook)
1	52.216.238.251 52.216.238.251	16509 (AMAZON-02) (AMAZON-02 - Amazon.com)
1	2a05:f500:10:... 2a05:f500:10:101::b93f:9105	14413 (LINKEDIN) (LINKEDIN - LinkedIn Corporation)
45	23

9 54.183.113.141 (San Jose, United States) 2 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-54-183-113-141.us-west-1.compute.amazonaws.com

www.fortinet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.19.43.118 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-19-43-118.deploy.static.akamaitechnologies.com

platform-api.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
buttons-config.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2.18.232.23 (Ascension Island)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-232-23.deploy.static.akamaitechnologies.com

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 52.52.101.113 (San Jose, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-52-101-113.us-west-1.compute.amazonaws.com

www.fortinet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:81f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 52.210.34.59 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-210-34-59.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.16.186.146 (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)
PTR: a2-16-186-146.deploy.static.akamaitechnologies.com

c.sharethis.mgr.consensu.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:814::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE - Google LLC, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.184.119.244 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-18-184-119-244.eu-central-1.compute.amazonaws.com

l.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.211.104.45 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-52-211-104-45.eu-west-1.compute.amazonaws.com

fortinet.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.82.235.45 (United States)

ASN15224 (OMNITURE - Adobe Systems Inc., US)
PTR: fortinet.com.ssl.sc.omtrdc.net

metrics.fortinet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.117.28.86 (United States) 1 redirects

ASN15224 (OMNITURE - Adobe Systems Inc., US)

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.117.29.3 (United States)

ASN15224 (OMNITURE - Adobe Systems Inc., US)

fortinet.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.198.121.180 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-34-198-121-180.compute-1.amazonaws.com

count-server.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 172.227.102.19 (United States)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a172-227-102-19.deploy.static.akamaitechnologies.com

platform-cdn.sharethis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2.18.233.40 (Ascension Island)

ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US)
PTR: a2-18-233-40.deploy.static.akamaitechnologies.com

s.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:a00:286::3adf (Ascension Island)

ASN20940 (AKAMAI-ASN1, US)

sjs.bizographics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.111.9.217 (Phoenix, United States)

ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US)

a.optmnstr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 50.19.60.226 (Ashburn, United States)

ASN14618 (AMAZON-AES - Amazon.com, Inc., US)
PTR: ec2-50-19-60-226.compute-1.amazonaws.com

api.opmnstr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 176.34.190.23 (Dublin, Ireland)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: ec2-176-34-190-23.eu-west-1.compute.amazonaws.com

d.adroll.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a03:2880:f02d:e:face:b00c:0:2 (Ireland)

ASN32934 (FACEBOOK - Facebook, Inc., US)

graph.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.216.238.251 (Ashburn, United States)

ASN16509 (AMAZON-02 - Amazon.com, Inc., US)
PTR: s3-1-w.amazonaws.com

optin-monster.s3.amazonaws.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a05:f500:10:101::b93f:9105 (Ireland)

ASN14413 (LINKEDIN - LinkedIn Corporation, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
14	fortinet.com 2 redirects www.fortinet.com metrics.fortinet.com	897 KB
8	sharethis.com 1 redirects platform-api.sharethis.com buttons-config.sharethis.com l.sharethis.com count-server.sharethis.com platform-cdn.sharethis.com	32 KB
7	adobedtm.com assets.adobedtm.com	82 KB
5	demdex.net 1 redirects dpm.demdex.net fortinet.demdex.net	3 KB
4	adroll.com s.adroll.com d.adroll.com	29 KB
2	google-analytics.com www.google-analytics.com	17 KB
1	linkedin.com px.ads.linkedin.com	94 B
1	amazonaws.com optin-monster.s3.amazonaws.com	78 KB
1	facebook.com graph.facebook.com	778 B
1	opmnstr.com api.opmnstr.com	13 KB
1	optmnstr.com a.optmnstr.com	54 KB
1	bizographics.com sjs.bizographics.com	5 KB
1	omtrdc.net fortinet.tt.omtrdc.net	357 B
1	everesttech.net 1 redirects cm.everesttech.net	527 B
1	consensu.org c.sharethis.mgr.consensu.org
1	googletagmanager.com www.googletagmanager.com	23 KB
45	16

	Domain	Requested by
12	www.fortinet.com	2 redirects www.fortinet.com
7	assets.adobedtm.com	www.fortinet.com assets.adobedtm.com
4	dpm.demdex.net	1 redirects www.fortinet.com
3	l.sharethis.com	1 redirects www.fortinet.com
2	d.adroll.com	s.adroll.com www.fortinet.com
2	s.adroll.com	www.googletagmanager.com s.adroll.com
2	platform-cdn.sharethis.com	www.fortinet.com
2	metrics.fortinet.com	assets.adobedtm.com www.fortinet.com
2	www.google-analytics.com	www.googletagmanager.com www.fortinet.com
1	px.ads.linkedin.com	sjs.bizographics.com
1	optin-monster.s3.amazonaws.com	www.fortinet.com
1	graph.facebook.com	platform-api.sharethis.com
1	api.opmnstr.com	a.optmnstr.com
1	a.optmnstr.com	www.googletagmanager.com
1	sjs.bizographics.com	www.googletagmanager.com
1	count-server.sharethis.com	platform-api.sharethis.com
1	fortinet.tt.omtrdc.net	assets.adobedtm.com
1	cm.everesttech.net	1 redirects
1	fortinet.demdex.net	assets.adobedtm.com
1	c.sharethis.mgr.consensu.org	platform-api.sharethis.com
1	www.googletagmanager.com	www.fortinet.com
1	buttons-config.sharethis.com	platform-api.sharethis.com
1	platform-api.sharethis.com	www.fortinet.com
45	23

This site contains links to these domains. Also see Links.

Domain
secure.fortinet.com
www.facebook.com
www.twitter.com
www.youtube.com
www.linkedin.com
www.instagram.com
fortiguard.com
fusecommunity.fortinet.com
cookie-script.com

Subject Issuer	Validity	Valid
www.fortinet.com DigiCert SHA2 High Assurance Server CA	`2019-03-19` - `2021-06-09`	2 years	crt.sh
*.sharethis.com DigiCert SHA2 Secure Server CA	`2018-12-16` - `2020-03-16`	a year	crt.sh
assets.adobedtm.com DigiCert SHA2 High Assurance Server CA	`2019-03-04` - `2020-03-11`	a year	crt.sh
*.google-analytics.com Google Internet Authority G3	`2019-05-14` - `2019-08-06`	3 months	crt.sh
*.demdex.net DigiCert SHA2 High Assurance Server CA	`2018-01-09` - `2021-02-12`	3 years	crt.sh
*.sharethis.mgr.consensu.org DigiCert ECC Secure Server CA	`2018-07-31` - `2019-07-31`	a year	crt.sh
metrics.fortinet.com DigiCert SHA2 High Assurance Server CA	`2019-01-29` - `2021-02-02`	2 years	crt.sh
*.tt.omtrdc.net DigiCert SHA2 High Assurance Server CA	`2017-10-19` - `2020-11-25`	3 years	crt.sh
*.adroll.com DigiCert SHA2 Secure Server CA	`2018-12-19` - `2020-03-19`	a year	crt.sh
js.bizographics.com DigiCert SHA2 Secure Server CA	`2018-04-13` - `2020-04-17`	2 years	crt.sh
*.optmnstr.com Go Daddy Secure Certificate Authority - G2	`2018-07-10` - `2020-07-10`	2 years	crt.sh
*.opmnstr.com Go Daddy Secure Certificate Authority - G2	`2019-04-11` - `2021-04-11`	2 years	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2019-04-22` - `2019-07-21`	3 months	crt.sh
*.s3.amazonaws.com DigiCert Baltimore CA-2 G2	`2018-11-07` - `2020-02-07`	a year	crt.sh
px.ads.linkedin.com DigiCert SHA2 Secure Server CA	`2019-05-29` - `2021-06-29`	2 years	crt.sh

This page contains 6 frames:

Primary Page: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
Frame ID: 08FFFB1DC2186A446E3088D6EF104847
Requests: 43 HTTP requests in this frame

Frame: https://c.sharethis.mgr.consensu.org/v1.0/cmp/portal.html
Frame ID: DB138239D11BE2D1D2A28D6A99E56156
Requests: 1 HTTP requests in this frame

Frame: https://fortinet.demdex.net/dest5.html?d_nsid=0
Frame ID: 5724301A91BE58816C59C85068D35BBA
Requests: 1 HTTP requests in this frame

Frame: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/scripts/satellite-5aa864a164746d58b700412b.html
Frame ID: 8EEDCB0C4185B27380B4B81CA63CE9C3
Requests: 1 HTTP requests in this frame

Frame: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/scripts/satellite-5aa864f264746d7629003a65.html
Frame ID: B2894B49F89B2F04CEA659DE9720033A
Requests: 1 HTTP requests in this frame

Frame: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/scripts/satellite-5aa8640864746d58b700411f.html
Frame ID: 4AF05CC65325B197D9AEB2BB80256260
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Detected technologies

Apache (Web Servers) Expand

Overall confidence: 100%
Detected patterns

headers server /(?:Apache(?:$|\/([\d.]+)|[^\/-])|(?:^|)HTTPD)/i

AdRoll (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

script /(?:a|s)\.adroll\.com/i
env /^adroll_/i

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /google-analytics\.com\/(?:ga|urchin|(analytics))\.js/i
env /^gaGlobal$/i

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

env /^google_tag_manager$/i

SiteCatalyst (Analytics) Expand

Overall confidence: 100%
Detected patterns

script /\/s[_-]code.*\.js/i
env /^s_(?:account|objectID|code|INST)$/i

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

env /^jQuery$/i

Page Statistics

45
Requests

100 %
HTTPS

22 %
IPv6

16
Domains

23
Subdomains

23
IPs

4
Countries

1232 kB
Transfer

2231 kB
Size

18
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://secure.fortinet.com/LP=6658?utm_source=social&utm_medium=blog&utm_campaign=GEN-WP-Q1-2019-Threat-Landscape-Report&elq_src=Social&elq_cid=7012H000001kzjAQAQ&elq_staid=10&elq_sid=19121

Search URL Search Domain Scan URL

URL: https://www.facebook.com/fortinet
Title:

Search URL Search Domain Scan URL

URL: https://www.twitter.com/fortinet
Title:

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/SecureNetworks
Title:

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/fortinet
Title:

Search URL Search Domain Scan URL

URL: https://www.instagram.com/behindthefirewall/
Title:

Search URL Search Domain Scan URL

URL: https://fortiguard.com/
Title: FortiGuard Labs

Search URL Search Domain Scan URL

URL: https://secure.fortinet.com/fortiguard
Title: Threat Briefs

Search URL Search Domain Scan URL

URL: https://fusecommunity.fortinet.com/
Title: Fuse

Search URL Search Domain Scan URL

URL: https://cookie-script.com/
Title: Free cookie consent by cookie-script.com

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 7

https://dpm.demdex.net/id?d_visid_ver=3.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1559546553144 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=3.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1559546553144

Request Chain 18

https://l.sharethis.com/pview?event=pview&version=st_sop.js&lang=en&hostname=www.fortinet.com&location=%2Fblog%2Fthreat-research%2Fquick-analysis-new-method-spreading-trickbot.html&product=sticky-share-buttons&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fquick-analysis-new-method-spreading-trickbot.html&source=sharethis.js&fcmp=false&title=Quick%20Analysis%20of%20New%20Method%20for%20Spreading%20TrickBot&publisher=5977d47080bb1d0011ab6d8f&ts1559546552859=&sop=true HTTP 301
https://l.sharethis.com/sc?cm=ZGAKr1z0yrkAAAASHxRRAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fquick-analysis-new-method-spreading-trickbot.html&sop=true

Request Chain 21

https://cm.everesttech.net/cm/dd?d_uuid=53751770401037517674333264410505975954 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XPTKuQAAFErlRBN_

Request Chain 32

https://www.fortinet.com/content/fortinet-blog/us/en/threat-research/quick-analysis-new-method-spreading-trickbot/_jcr_content/root/responsivegrid/image.img.png HTTP 301
https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot/_jcr_content/root/responsivegrid/image.img.png

Request Chain 33

https://www.fortinet.com/content/fortinet-blog/us/en/threat-research/quick-analysis-new-method-spreading-trickbot/_jcr_content/root/responsivegrid/image_617297224.img.png HTTP 301
https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot/_jcr_content/root/responsivegrid/image_617297224.img.png

45 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request quick-analysis-new-method-spreading-trickbot.html Show response
www.fortinet.com/blog/threat-research/ 28 KB
8 KB 674ms
166ms Document
text/html 54.183.113.141
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.183.113.141 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-183-113-141.us-west-1.compute.amazonaws.com

Software

Apache /

Resource Hash

184291e0710e3688f5649c05b1b665c1a873f1d6dadec6a639c7acdd4f5798db

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Host: www.fortinet.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=600, public
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Date: Mon, 03 Jun 2019 07:22:32 GMT
ETag: "704d-58a648a1be580-gzip"
Last-Modified: Mon, 03 Jun 2019 05:21:42 GMT
Server: Apache
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Vary: Accept-Encoding,User-Agent
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 7261
Connection: keep-alive

GET
H/1.1 200
OK clientlib-base.min.css
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/ 212 KB
17 KB 176ms
174ms Stylesheet
text/css 54.183.113.141
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.css

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.183.113.141 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-183-113-141.us-west-1.compute.amazonaws.com

Software

Apache /

Resource Hash

29f41d54055e58ed9dc430f8fe9963a7c5b25c8a5898faec74f6336df470f165

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 03 Jun 2019 07:22:32 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 29 May 2019 18:46:30 GMT
Server: Apache
ETag: "350ee-58a0b33176d80-gzip"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: text/css
Cache-Control: max-age=43200, public
Connection: keep-alive
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Length: 16944
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK sharethis.js Show response
platform-api.sharethis.com/js/ 91 KB
28 KB 50ms
8ms Script
text/javascript 2.19.43.118
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://platform-api.sharethis.com/js/sharethis.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.43.118 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-19-43-118.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 82aed21c24396238d255f9f6c8d0fd7a51a85080c405d96de12e05d29690fc94

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 03 Jun 2019 07:22:32 GMT
Content-Encoding: gzip
ETag: W/"16d40-QxEX/8T6JCneUkTV1CTAMY6bxrk"
Vary: Accept-Encoding
Access-Control-Allow-Methods: DELETE, GET, HEAD, OPTIONS, POST, PUT
Content-Type: text/javascript; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=3600
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Content-Length: 27855

GET
H2 200 satelliteLib-32b0117a6a1b1e07ce775d6f834af5718192ddf1.js Show response
assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/ 145 KB
41 KB 143ms
58ms Script
application/x-javascript 2.18.232.23
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/satelliteLib-32b0117a6a1b1e07ce775d6f834af5718192ddf1.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 5d59f41eadc2817c241092bfe6182dde49d5be9eb27cad035f2ec4272339283e

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 03 Jun 2019 07:22:32 GMT
content-encoding: gzip
last-modified: Fri, 17 May 2019 16:51:26 GMT
server: Apache
etag: "9cbb7ec91c15e95ae38fe4ad63d0bd8a:1558111886"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
expires: Mon, 03 Jun 2019 08:22:32 GMT

GET
H/1.1 200
OK fortinet-logo-white.svg
www.fortinet.com/content/dam/fortinet-blog/ 32 KB
2 KB 669ms
167ms Image
image/svg+xml 52.52.101.113
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/fortinet-logo-white.svg

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.52.101.113 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-52-52-101-113.us-west-1.compute.amazonaws.com

Software

Apache /

Resource Hash

d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 03 Jun 2019 07:22:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Sun, 28 Apr 2019 02:29:19 GMT
Server: Apache
ETag: "7ebb-5878def54bdc0-gzip"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: image/svg+xml
Cache-Control: max-age=604800, public
Connection: keep-alive
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
Content-Length: 1998
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK clientlib-base.min.js Show response
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/ 165 KB
53 KB 455ms
178ms Script
application/javascript 54.183.113.141
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.183.113.141 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-183-113-141.us-west-1.compute.amazonaws.com

Software

Apache /

Resource Hash

85c6103aabd94bf4584fbdd8b15cb68c08fa52f43dc229ac034a1bf6c855c0bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 03 Jun 2019 07:22:33 GMT
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Last-Modified: Wed, 29 May 2019 18:46:32 GMT
Server: Apache
ETag: "2931b-58a0b3335f200-gzip"
X-Frame-Options: SAMEORIGIN
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Type: application/javascript
Cache-Control: max-age=43200, public
transfer-encoding: chunked
Connection: keep-alive
Accept-Ranges: bytes
Vary: Accept-Encoding,User-Agent
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK 5977d47080bb1d0011ab6d8f.js Show response
buttons-config.sharethis.com/js/ 444 B
865 B 53ms
11ms Script
text/javascript 2.19.43.118
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://buttons-config.sharethis.com/js/5977d47080bb1d0011ab6d8f.js
Requested by: Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.19.43.118 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-19-43-118.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 7f0daa7591ef2b42b26dd9d39102440c242e7fd798e7898a620e5489d67ec73e

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 03 Jun 2019 07:22:33 GMT
Last-Modified: Tue, 16 Jan 2018 20:14:52 GMT
Server: AmazonS3
x-amz-request-id: 33BF777283B6DCED
ETag: "6167cc13570c31ffc1713616a6fb087d"
Content-Type: text/javascript
Cache-Control: public, max-age=60
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 444
x-amz-id-2: hsILMaWrKRvq3dU3rIiiMpbXCpEB1o2SKOTVgl6vRXE0vKuZmuHru/osDcmeuqMHuHCSYNUlvNc=

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 62 KB
23 KB 18ms
16ms Script
application/javascript 2a00:1450:4001:81f::2008
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-NBSLLPJ

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:81f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Google Tag Manager (scaffolding) /

Resource Hash

9be20bfce75cf41393ac023535d01ba13114efea9d346a5d7ec001b1ef0b0ecd

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 03 Jun 2019 07:22:33 GMT
content-encoding: br
last-modified: Thu, 30 May 2019 16:41:01 GMT
server: Google Tag Manager (scaffolding)
access-control-allow-origin: http://www.googletagmanager.com
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
status: 200
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
content-length: 23622
x-xss-protection: 0
expires: Mon, 03 Jun 2019 07:22:33 GMT

GET
H/1.1

302
Found

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=3.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1559546553144
https://dpm.demdex.net/id/rd?d_visid_ver=3.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1559546553144

0
-1 B

134ms
30ms

XHR

52.210.34.59
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://dpm.demdex.net/id/rd?d_visid_ver=3.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1559546553144
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.210.34.59 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-210-34-59.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Pragma: no-cache
Location: https://dpm.demdex.net/id/rd?d_visid_ver=3.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1559546553144
X-TID: /igokTw+SY4=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.fortinet.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Pragma: no-cache
Access-Control-Allow-Origin: https://www.fortinet.com
X-TID: /igokTw+SY4=
Vary: Origin
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Location: https://dpm.demdex.net/id/rd?d_visid_ver=3.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1559546553144
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Length: 0
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 mbox-contents-081c7224345c702ebcf6ef22d3b7449ec11ce42d.js Show response
assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/ 75 KB
27 KB 42ms
40ms Script
application/x-javascript 2.18.232.23
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/mbox-contents-081c7224345c702ebcf6ef22d3b7449ec11ce42d.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/satelliteLib-32b0117a6a1b1e07ce775d6f834af5718192ddf1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: bf37dba5836581c0cc0451edd5c197e46a5a0e070b3f696e5b4bf7e32da1817a

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 03 Jun 2019 07:22:33 GMT
content-encoding: gzip
last-modified: Fri, 17 May 2019 16:51:26 GMT
server: Apache
etag: "eb6d969848d866a39a78150c4a347735:1558111886"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 27590
expires: Mon, 03 Jun 2019 08:22:33 GMT

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK figure-five-trickbot.png
www.fortinet.com/content/dam/fortinet-blog/article-images/quick-analysis-trickbot/ 207 KB
207 KB 544ms
333ms Image
image/png 52.52.101.113
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/article-images/quick-analysis-trickbot/figure-five-trickbot.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.52.101.113 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-52-52-101-113.us-west-1.compute.amazonaws.com

Software

Apache /

Resource Hash

124ca5183272e03715fe41e182212a9d30c72d519c6565ba33fa4b41e9927350

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 03 Jun 2019 07:22:33 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Mon, 29 Apr 2019 14:34:45 GMT
Server: Apache
ETag: "33a65-587ac2f862b40"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=604800, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 211557
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK trickintro.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/individual-images/ 27 KB
28 KB 630ms
319ms Image
image/png 52.52.101.113
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/article-images/individual-images/trickintro.png.thumb.319.319.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

52.52.101.113 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-52-52-101-113.us-west-1.compute.amazonaws.com

Software

Apache /

Resource Hash

2feca1615fb6a74f1eed325dbddaa5987e2f495e4a1b4848be03822fe3a31e6e

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 03 Jun 2019 07:22:33 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Sun, 28 Apr 2019 09:32:27 GMT
Server: Apache
ETag: "6ddf-58793d892e0c0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=604800, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 28127
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK trickbot_thumb.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/icedid_trickbot_a_give_and_take_relationship/ 25 KB
25 KB 480ms
169ms Image
image/png 54.183.113.141
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/article-images/icedid_trickbot_a_give_and_take_relationship/trickbot_thumb.png.thumb.319.319.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.183.113.141 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-183-113-141.us-west-1.compute.amazonaws.com

Software

Apache /

Resource Hash

e3f699d01517e48e10a9c252b7d00a0bfcdfcce0a40c5c046c09cf5adb8ff26d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 03 Jun 2019 07:22:33 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Sun, 28 Apr 2019 15:25:00 GMT
Server: Apache
ETag: "620d-58798c5640b00"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=604800, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 25101
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK trickbot_03.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/deep_analysis_of_trickbot_pwgrab/ 37 KB
37 KB 646ms
165ms Image
image/png 54.183.113.141
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/article-images/deep_analysis_of_trickbot_pwgrab/trickbot_03.png.thumb.319.319.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.183.113.141 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-183-113-141.us-west-1.compute.amazonaws.com

Software

Apache /

Resource Hash

7c90dd4b38de314a23ada3d8f4817c5e81e86ab444d1deb152f6d62c60895184

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 03 Jun 2019 07:22:33 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Mon, 29 Apr 2019 14:42:07 GMT
Server: Apache
ETag: "92c0-587ac49de8dc0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=604800, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 37568
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK portal.html
c.sharethis.mgr.consensu.org/v1.0/cmp/ Frame DB13 0
0 110ms
26ms Document
text/html 2.16.186.146
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.sharethis.mgr.consensu.org/v1.0/cmp/portal.html
Requested by: Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2.16.186.146 , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS: a2-16-186-146.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Host: c.sharethis.mgr.consensu.org
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
Accept-Encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html

Response headers

Accept-Ranges: bytes
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept
Access-Control-Allow-Methods: DELETE, GET, HEAD, OPTIONS, POST, PUT
Access-Control-Allow-Origin: *
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
ETag: W/"26b-4977387000"
Last-Modified: Tue, 01 Jan 1980 00:00:00 GMT
Vary: Accept-Encoding
Content-Length: 334
Cache-Control: public, max-age=3600
Date: Mon, 03 Jun 2019 07:22:33 GMT
Connection: keep-alive

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 43 KB
17 KB 6ms
6ms Script
text/javascript 2a00:1450:4001:814::200e
Google LLC

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NBSLLPJ

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8f88cb7a1cd4134f5d616b9fca90b9069fa16c162b7ae66ba1b500c490b41dd2

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 21 May 2019 23:53:44 GMT
server: Golfe2
age: 6598
date: Mon, 03 Jun 2019 05:32:35 GMT
vary: Accept-Encoding
content-type: text/javascript
status: 200
cache-control: public, max-age=7200
timing-allow-origin: *
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 17595
expires: Mon, 03 Jun 2019 07:32:35 GMT

GET
H2 200 collect
www.google-analytics.com/r/ 35 B
111 B 13ms
13ms Image
image/gif 2a00:1450:4001:814::200e
Google LLC

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google-analytics.com/r/collect?v=1&_v=j76&a=2143470593&t=pageview&_s=1&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fquick-analysis-new-method-spreading-trickbot.html&ul=en-us&de=UTF-8&dt=Quick%20Analysis%20of%20New%20Method%20for%20Spreading%20TrickBot&sd=24-bit&sr=1600x1200&vp=1585x1200&je=0&_u=YEBAAAAB~&jid=857743276&gjid=1589228068&cid=1877688245.1559546553&tid=UA-767980-6&_gid=282894718.1559546553&_r=1&gtm=2wg5m0NBSLLPJ&z=49082212

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:814::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE - Google LLC, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

pragma: no-cache
date: Mon, 03 Jun 2019 07:22:33 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
access-control-allow-origin: *
content-type: image/gif
status: 200
cache-control: no-cache, no-store, must-revalidate
alt-svc: quic=":443"; ma=2592000; v="46,44,43,39"
content-length: 35
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK rd Show response
dpm.demdex.net/id/ 367 B
1 KB 36ms
35ms XHR
application/json 52.210.34.59
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://dpm.demdex.net/id/rd?d_visid_ver=3.4.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1559546553144
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.210.34.59 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-210-34-59.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: 16ef40c43b24f64098d2ccb7927ed95e6a28e91c24696b60df77cd5b9345fb85

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
Origin: https://www.fortinet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

DCS: dcs-prod-irl1-v032-0b76e570f.edge-irl1.demdex.com 5.53.0.20190531151436-AAM_38653-SNAPSHOT 3ms
Pragma: no-cache
Content-Encoding: gzip
X-TID: fQM9fH0nSjk=
Vary: Origin, Accept-Encoding, User-Agent
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Access-Control-Allow-Origin: https://www.fortinet.com
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: application/json;charset=utf-8
Content-Length: 299
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1

301
Moved Permanently

sc Show response
l.sharethis.com/
Redirect Chain

https://l.sharethis.com/pview?event=pview&version=st_sop.js&lang=en&hostname=www.fortinet.com&location=%2Fblog%2Fthreat-research%2Fquick-analysis-new-method-spreading-trickbot.html&product=sticky-s...
https://l.sharethis.com/sc?cm=ZGAKr1z0yrkAAAASHxRRAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fquick-analysis-new-method-spreading-trickbot.html&sop=true

0
-1 B

63ms
8ms

XHR
text/html

18.184.119.244
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://l.sharethis.com/sc?cm=ZGAKr1z0yrkAAAASHxRRAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fquick-analysis-new-method-spreading-trickbot.html&sop=true
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.184.119.244 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-184-119-244.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 03 Jun 2019 07:22:33 GMT
Location: /sc?cm=ZGAKr1z0yrkAAAASHxRRAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fquick-analysis-new-method-spreading-trickbot.html&sop=true
Access-Control-Max-Age: 1728000
P3p: policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Access-Control-Allow-Origin: https://www.fortinet.com
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Headers: *
Content-Length: 212
Stid: ZGAKr1z0yrkAAAASHxRRAw==

Redirect headers

Date: Mon, 03 Jun 2019 07:22:33 GMT
Access-Control-Allow-Origin: https://www.fortinet.com
Access-Control-Max-Age: 1728000
P3p: policyref="/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa PSAa PSDa OUR IND UNI COM NAV INT DEM"
Location: /sc?cm=ZGAKr1z0yrkAAAASHxRRAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fquick-analysis-new-method-spreading-trickbot.html&sop=true
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Headers: *
Content-Length: 212
Stid: ZGAKr1z0yrkAAAASHxRRAw==

GET
H/1.1 200
OK Cookie set dest5.html
fortinet.demdex.net/ Frame 5724 0
0 154ms
32ms Document
text/html 52.211.104.45
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://fortinet.demdex.net/dest5.html?d_nsid=0
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/satelliteLib-32b0117a6a1b1e07ce775d6f834af5718192ddf1.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.211.104.45 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-211-104-45.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash

Request headers

Host: fortinet.demdex.net
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
Accept-Encoding: gzip, deflate, br
Cookie: demdex=53751770401037517674333264410505975954
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html

Response headers

Accept-Ranges: bytes
Cache-Control: max-age=21600
Content-Encoding: gzip
Content-Type: text/html
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Last-Modified: Fri, 31 May 2019 17:44:13 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Pragma: no-cache
Set-Cookie: demdex=53751770401037517674333264410505975954;Path=/;Domain=.demdex.net;Expires=Sat, 30-Nov-2019 07:22:33 GMT;Max-Age=15552000
Vary: Accept-Encoding, User-Agent
X-TID: BIjW/701TX8=
Content-Length: 2764
Connection: keep-alive

GET
H/1.1 200
OK id Show response
metrics.fortinet.com/ 49 B
681 B 108ms
21ms XHR
application/x-javascript 172.82.235.45
Adobe Systems Inc.

General

Check archive.org

Show headers Download Go to

Full URL

https://metrics.fortinet.com/id?d_visid_ver=3.4.0&d_fieldgroup=A&mcorgid=ED8739F75677FE917F000101%40AdobeOrg&mid=53407997461933839034369893641946085658&ts=1559546553322

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/satelliteLib-32b0117a6a1b1e07ce775d6f834af5718192ddf1.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

172.82.235.45 , United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),

Reverse DNS

fortinet.com.ssl.sc.omtrdc.net

Software

Omniture DC /

Resource Hash

e63581e18925c2cdad993959d310ce1268b372cda5cba372ed751915fcc4830c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
Origin: https://www.fortinet.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

Date: Mon, 03 Jun 2019 07:22:33 GMT
X-Content-Type-Options: nosniff
Server: Omniture DC
xserver: www286
Vary: Origin
X-C: ms-6.7.4
P3P: CP="This is not a P3P policy"
Access-Control-Allow-Origin: https://www.fortinet.com
Cache-Control: no-cache, no-store, max-age=0, no-transform, private
Access-Control-Allow-Credentials: true
Connection: Keep-Alive
Content-Type: application/x-javascript
Keep-Alive: timeout=15
Content-Length: 49
X-XSS-Protection: 1; mode=block

GET
H/1.1

200
OK

ibs:dpid=411&dpuuid=XPTKuQAAFErlRBN_
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=53751770401037517674333264410505975954
https://dpm.demdex.net/ibs:dpid=411&dpuuid=XPTKuQAAFErlRBN_

42 B
788 B

34ms
34ms

Image
image/gif

52.210.34.59
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://dpm.demdex.net/ibs:dpid=411&dpuuid=XPTKuQAAFErlRBN_
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.210.34.59 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-52-210-34-59.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

DCS: dcs-prod-irl1-v032-062d8fb8a.edge-irl1.demdex.com 5.53.0.20190531151436-AAM_38653-SNAPSHOT 5ms
Pragma: no-cache
X-TID: MloepnftSDw=
P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
Connection: keep-alive
Content-Type: image/gif
Content-Length: 42
Expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

Date: Mon, 03 Jun 2019 07:22:32 GMT
Server: AMO-cookiemap/1.1
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=XPTKuQAAFErlRBN_
Cache-Control: no-cache
Connection: Keep-Alive
Keep-Alive: timeout=15,max=100
Content-Length: 0

GET
H/1.1 200
OK sc Show response
l.sharethis.com/ 52 B
475 B 8ms
8ms XHR
text/plain 18.184.119.244
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://l.sharethis.com/sc?cm=ZGAKr1z0yrkAAAASHxRRAw%3D%3D&uid=true&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fquick-analysis-new-method-spreading-trickbot.html&sop=true
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 18.184.119.244 Frankfurt am Main, Germany, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-18-184-119-244.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 4461910226279d818f7c57197124abac5172db21e5d650d8e628bb40ae39eaa3

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
Origin: https://www.fortinet.com

Response headers

Date: Mon, 03 Jun 2019 07:22:33 GMT
Access-Control-Max-Age: 1728000
Content-Type: text/plain; charset=utf-8
Access-Control-Allow-Origin: https://www.fortinet.com
Access-Control-Expose-Headers: stid
Cache-Control: no-cache, no-store, must-revalidate
Access-Control-Allow-Credentials: true
Connection: keep-alive
Stid: ZGAKr1z0yrkAAAASHxRRAw==
Access-Control-Allow-Headers: *
Content-Length: 52

GET
H2 200 json Show response
fortinet.tt.omtrdc.net/m2/fortinet/mbox/ 97 B
357 B 104ms
35ms XHR
application/json 66.117.29.3
Adobe Systems Inc.

General

Check archive.org

Show headers Download Go to

Full URL: https://fortinet.tt.omtrdc.net/m2/fortinet/mbox/json?mbox=target-global-mbox&mboxSession=4a59f114ce5049c18e06cacaa203e41e&mboxPC=&mboxPage=adae42f183074046921d06dc2b99b934&mboxRid=09d51ccc4166472b983d127d7074536c&mboxVersion=1.6.4&mboxCount=1&mboxTime=1559546553227&mboxHost=www.fortinet.com&mboxURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fquick-analysis-new-method-spreading-trickbot.html&mboxReferrer=&browserHeight=1200&browserWidth=1585&browserTimeOffset=0&screenHeight=1200&screenWidth=1600&colorDepth=24&devicePixelRatio=1&screenOrientation=landscape&mboxMCSDID=2EBDB1BAEAB8C8C2-45C0F19723D8D2F9&vst.trk=nsmetrics.fortinet.com&vst.trks=metrics.fortinet.com&mboxMCGVID=53407997461933839034369893641946085658&mboxAAMB=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&mboxMCGLH=6
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/mbox-contents-081c7224345c702ebcf6ef22d3b7449ec11ce42d.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 66.117.29.3 , United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),
Reverse DNS
Software: /
Resource Hash: 67400104bc013c3682c0b8a291eab033b303cc299bf0702c8bf8f7421cb177d4

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
Origin: https://www.fortinet.com

Response headers

pragma: no-cache
date: Mon, 03 Jun 2019 07:22:32 GMT
status: 200
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache
access-control-allow-credentials: true
timing-allow-origin: *
content-length: 97
x-request-id: 09d51ccc4166472b983d127d7074536c

GET
H2 200 satellite-5aa864a164746d58b700412b.html
assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/scripts/ Frame 8EED 0
0 30ms
29ms Document
text/html 2.18.232.23
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/scripts/satellite-5aa864a164746d58b700412b.html
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/satelliteLib-32b0117a6a1b1e07ce775d6f834af5718192ddf1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash

Request headers

:method: GET
:authority: assets.adobedtm.com
:scheme: https
:path: /4e56a4f921ab0baab5f89914672a3d541ff95762/scripts/satellite-5aa864a164746d58b700412b.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html

Response headers

status: 200
server: Apache
etag: "52fa849a16651953dc915efbae88d0cc:1558111887"
last-modified: Fri, 17 May 2019 16:51:27 GMT
accept-ranges: bytes
content-type: text/html
vary: Accept-Encoding
content-encoding: gzip
content-length: 803
cache-control: max-age=3600
expires: Mon, 03 Jun 2019 08:22:33 GMT
date: Mon, 03 Jun 2019 07:22:33 GMT
timing-allow-origin: *

GET
H2 200 satellite-5aa864f264746d7629003a65.html
assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/scripts/ Frame B289 0
0 34ms
33ms Document
text/html 2.18.232.23
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/scripts/satellite-5aa864f264746d7629003a65.html
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/satelliteLib-32b0117a6a1b1e07ce775d6f834af5718192ddf1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash

Request headers

:method: GET
:authority: assets.adobedtm.com
:scheme: https
:path: /4e56a4f921ab0baab5f89914672a3d541ff95762/scripts/satellite-5aa864f264746d7629003a65.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html

Response headers

status: 200
server: Apache
etag: "8227658d1e33b9eaa91028e35c3beb4f:1558111887"
last-modified: Fri, 17 May 2019 16:51:27 GMT
accept-ranges: bytes
content-type: text/html
vary: Accept-Encoding
content-encoding: gzip
content-length: 782
cache-control: max-age=3600
expires: Mon, 03 Jun 2019 08:22:33 GMT
date: Mon, 03 Jun 2019 07:22:33 GMT
timing-allow-origin: *

GET
H2 200 satellite-5aa8640864746d58b700411f.html
assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/scripts/ Frame 4AF0 0
0 42ms
40ms Document
text/html 2.18.232.23
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/scripts/satellite-5aa8640864746d58b700411f.html
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/satelliteLib-32b0117a6a1b1e07ce775d6f834af5718192ddf1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash

Request headers

:method: GET
:authority: assets.adobedtm.com
:scheme: https
:path: /4e56a4f921ab0baab5f89914672a3d541ff95762/scripts/satellite-5aa8640864746d58b700411f.html
pragma: no-cache
cache-control: no-cache
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3
referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
accept-encoding: gzip, deflate, br
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html

Response headers

status: 200
server: Apache
etag: "94b6dd03c710fe7140881c36dbb5ab47:1558111887"
last-modified: Fri, 17 May 2019 16:51:27 GMT
accept-ranges: bytes
content-type: text/html
vary: Accept-Encoding
content-encoding: gzip
content-length: 899
cache-control: max-age=3600
expires: Mon, 03 Jun 2019 08:22:33 GMT
date: Mon, 03 Jun 2019 07:22:33 GMT
timing-allow-origin: *

GET
H2 200 s-code-contents-678d604999b9203058dbe982c7a7ddbf795bb1f4.js Show response
assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/ 34 KB
13 KB 49ms
47ms Script
application/x-javascript 2.18.232.23
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/s-code-contents-678d604999b9203058dbe982c7a7ddbf795bb1f4.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/satelliteLib-32b0117a6a1b1e07ce775d6f834af5718192ddf1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 68588db4f09f1982d74887644c54e581cc6ed7e267f836a480c29ef1a3c0a7a0

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 03 Jun 2019 07:22:33 GMT
content-encoding: gzip
last-modified: Fri, 17 May 2019 16:51:26 GMT
server: Apache
etag: "9a1e762486f8afef7a6f384a1e9c253d:1558111886"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 13170
expires: Mon, 03 Jun 2019 08:22:33 GMT

GET
H2 200 satellite-59ceae2064746d21fe0037dd.js Show response
assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/scripts/ 1 KB
692 B 34ms
34ms Script
application/x-javascript 2.18.232.23
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/scripts/satellite-59ceae2064746d21fe0037dd.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/4e56a4f921ab0baab5f89914672a3d541ff95762/satelliteLib-32b0117a6a1b1e07ce775d6f834af5718192ddf1.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.232.23 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-232-23.deploy.static.akamaitechnologies.com
Software: Apache /
Resource Hash: 24038492cb3d19fef34ce0a9bc55033f3030c04eeea97a93c22b2ec8914c1316

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 03 Jun 2019 07:22:33 GMT
content-encoding: gzip
last-modified: Fri, 17 May 2019 16:51:27 GMT
server: Apache
etag: "d8619d86a5e27900726ec96a76ead3cc:1558111887"
vary: Accept-Encoding
content-type: application/x-javascript
status: 200
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 459
expires: Mon, 03 Jun 2019 08:22:33 GMT

GET
H/1.1 200
OK get_counts Show response
count-server.sharethis.com/v2.0/ 347 B
415 B 411ms
109ms Script
application/json 34.198.121.180
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://count-server.sharethis.com/v2.0/get_counts?cb=window.__sharethis__.cb3&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fquick-analysis-new-method-spreading-trickbot.html&refDomain=www.fortinet.com&sop=true
Requested by: Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.198.121.180 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-34-198-121-180.compute-1.amazonaws.com
Software: /
Resource Hash: 0c5d6afe54557312a77a608152e5252536586d4bb35a48f544abd5840ddae517

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 03 Jun 2019 07:22:33 GMT
Content-Encoding: gzip
Connection: keep-alive
Content-Length: 258
Content-Type: application/json

GET
H/1.1 200
OK arrow_left.svg
platform-cdn.sharethis.com/img/ 565 B
949 B 54ms
8ms Image
image/svg+xml 172.227.102.19
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform-cdn.sharethis.com/img/arrow_left.svg
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 172.227.102.19 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a172-227-102-19.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 5c833b1818762f1e134fbb158447fb0b92f2b018b15aa36f2e2405213f830d38

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 03 Jun 2019 07:22:33 GMT
Last-Modified: Fri, 04 Jan 2019 18:31:05 GMT
Server: AmazonS3
x-amz-request-id: 2891F6139E37AFD0
ETag: "b55d8d2b9321e381a3c38a4bddb74037"
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 565
x-amz-id-2: T6YxhoLpg9vZgcQ83d6hp+xZckYk/INJCcWswGDmsEczWAbIH4bL1SlCv7AphcWAC2Or2HauxtQ=

GET
H/1.1 200
OK arrow_right.svg
platform-cdn.sharethis.com/img/ 565 B
949 B 53ms
7ms Image
image/svg+xml 172.227.102.19
Akamai Technologies

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://platform-cdn.sharethis.com/img/arrow_right.svg
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 172.227.102.19 , United States, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a172-227-102-19.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 1bae747c7fd090f56608956a97c870391e1c43f89d24d5766129b75628985c1e

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 03 Jun 2019 07:22:33 GMT
Last-Modified: Fri, 04 Jan 2019 18:31:05 GMT
Server: AmazonS3
x-amz-request-id: 3B4514711A4E1246
ETag: "9928d025bd5792b718ee0a185f62e67c"
Content-Type: image/svg+xml
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 565
x-amz-id-2: EMBKoLjEvR3cnQTLp+hL8hkugJ9fWzqe05SAmvrX3cE0GlZLu/bEJVGs/PTaXJbXrEOoBAwBhIs=

GET
H/1.1

200
OK

image.img.png
www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot/_jcr_content/root/responsivegrid/
Redirect Chain

https://www.fortinet.com/content/fortinet-blog/us/en/threat-research/quick-analysis-new-method-spreading-trickbot/_jcr_content/root/responsivegrid/image.img.png
https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot/_jcr_content/root/responsivegrid/image.img.png

124 KB
124 KB

337ms
336ms

Image
image/png

54.183.113.141
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot/_jcr_content/root/responsivegrid/image.img.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.183.113.141 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-183-113-141.us-west-1.compute.amazonaws.com

Software

Apache /

Resource Hash

799bcb76ccce6e959aee2974b66cd72a019cc95b75d71c4cd10412e9062a406f

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 03 Jun 2019 07:22:33 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Mon, 29 Apr 2019 14:42:07 GMT
Server: Apache
ETag: "1efef-587ac49de8dc0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=604800, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 126959
X-XSS-Protection: 1; mode=block

Redirect headers

Location: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot/_jcr_content/root/responsivegrid/image.img.png
Date: Mon, 03 Jun 2019 07:22:33 GMT
Server: Apache
Connection: keep-alive
Content-Length: 345
Content-Type: text/html; charset=iso-8859-1

GET
H/1.1

200
OK

image_617297224.img.png
www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot/_jcr_content/root/responsivegrid/
Redirect Chain

https://www.fortinet.com/content/fortinet-blog/us/en/threat-research/quick-analysis-new-method-spreading-trickbot/_jcr_content/root/responsivegrid/image_617297224.img.png
https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot/_jcr_content/root/responsivegrid/image_617297224.img.png

393 KB
394 KB

321ms
320ms

Image
image/png

54.183.113.141
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot/_jcr_content/root/responsivegrid/image_617297224.img.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.183.113.141 San Jose, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),

Reverse DNS

ec2-54-183-113-141.us-west-1.compute.amazonaws.com

Software

Apache /

Resource Hash

7ce64a05cbc548f6ded7b286c1710901b758b0d4319a598e1e53b29c2046b9a7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 03 Jun 2019 07:22:33 GMT
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
X-Content-Type-Options: nosniff
Last-Modified: Mon, 29 Apr 2019 14:47:56 GMT
Server: Apache
ETag: "624bf-587ac5eabdf00"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=604800, public
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 402623
X-XSS-Protection: 1; mode=block

Redirect headers

Location: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot/_jcr_content/root/responsivegrid/image_617297224.img.png
Date: Mon, 03 Jun 2019 07:22:33 GMT
Server: Apache
Connection: keep-alive
Content-Length: 355
Content-Type: text/html; charset=iso-8859-1

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK roundtrip.js Show response
s.adroll.com/j/ 32 KB
11 KB 121ms
47ms Script
text/javascript 2.18.233.40
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/roundtrip.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NBSLLPJ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.40 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-233-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 8aa2d4a076b1df43e751a2dca70d57a2c6098758addfc7c13e7076337564e0fd

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: 0KvjO0PSxb_aRPpEctl8rXy5kbeLg3Al
Content-Encoding: gzip
x-amz-request-id: 40FE85C4C9F6C9C5
x-amz-server-side-encryption: AES256
Access-Control-Max-Age: 600
Date: Mon, 03 Jun 2019 07:22:33 GMT
Connection: keep-alive
Content-Length: 10323
x-amz-id-2: Z8FRLCjiCrNv7ODKvm7cBkksOER9yFd0ycpcEz249zelF0yMhhYNe/DHwMNNVexdwcX0h9wznlc=
Last-Modified: Wed, 29 May 2019 15:13:20 GMT
Server: AmazonS3
ETag: "089df3afc0b2c1dede17edfaf42eee33"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=3600, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK insight.min.js Show response
sjs.bizographics.com/ 15 KB
5 KB 20ms
19ms Script
application/x-javascript 2a02:26f0:a00:286::3adf
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sjs.bizographics.com/insight.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NBSLLPJ
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2a02:26f0:a00:286::3adf , Ascension Island, ASN20940 (AKAMAI-ASN1, US),
Reverse DNS
Software: /
Resource Hash: bc9cef10d07e8da3ce80181de07a056414731f86e0dc12e2c81d652b28ac770b

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 03 Jun 2019 07:22:33 GMT
Content-Encoding: gzip
Last-Modified: Mon, 03 Dec 2018 23:03:30 GMT
X-CDN: AKAM
Vary: Accept-Encoding
Content-Type: application/x-javascript;charset=utf-8
Cache-Control: max-age=25341
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4571

GET
H2 200 api.min.js Show response
a.optmnstr.com/app/js/ 177 KB
54 KB 57ms
15ms Script
application/javascript 23.111.9.217
Highwinds Network...

General

Check archive.org

Show headers Download Go to

Full URL: https://a.optmnstr.com/app/js/api.min.js
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NBSLLPJ
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 23.111.9.217 Phoenix, United States, ASN33438 (HIGHWINDS2 - Highwinds Network Group, Inc., US),
Reverse DNS
Software: NetDNA-cache/2.2 /
Resource Hash: f666ce185468b63d5ae46811e8baa4809787249e887b0782cdcef1814f36bc92

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 03 Jun 2019 07:22:33 GMT
content-encoding: gzip
last-modified: Thu, 30 May 2019 13:57:45 GMT
server: NetDNA-cache/2.2
x-amz-request-id: 3A9F9AFD496CE18D
etag: W/"316001bafd441c8bf0cd75cde5773835"
x-cache: HIT
content-type: application/javascript
status: 200
cache-control: max-age=2592000
x-amz-id-2: oK/bO/p+IggS31TrWXInShrlE/JE3SWq/A7nWUMCcbEDpmxxWl2qWVHD+o5Z7T9R6YrunkBSf4w=
expires: Wed, 03 Jul 2019 07:22:33 GMT

GET
H/1.1 200
OK s29310922162759
metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.10.0-D7QN/ 43 B
610 B 24ms
23ms Image
image/gif 172.82.235.45
Adobe Systems Inc.

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.10.0-D7QN/s29310922162759?AQB=1&ndh=1&pf=1&t=3%2F5%2F2019%207%3A22%3A33%201%200&sdid=2EBDB1BAEAB8C8C2-45C0F19723D8D2F9&D=D%3D&mid=53407997461933839034369893641946085658&aamlh=6&ce=UTF-8&pageName=en%3Ablog%3Athreat-research%3Aquick-analysis-new-method-spreading-trickbot&g=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fquick-analysis-new-method-spreading-trickbot.html&events=event3&aamb=RKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y&v1=www.fortinet.com%2Fblog%2Fthreat-research%2Fquick-analysis-new-method-spreading-trickbot.html&v3=%2B1&c7=Entire%20Site&c8=New&v25=53407997461933839034369893641946085658&v27=BLOG&v33=en%3Ablog%3Athreat-research%3Aquick-analysis-new-method-spreading-trickbot&v35=Enabled&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=ED8739F75677FE917F000101%40AdobeOrg&AQE=1

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

172.82.235.45 , United States, ASN15224 (OMNITURE - Adobe Systems Inc., US),

Reverse DNS

fortinet.com.ssl.sc.omtrdc.net

Software

Omniture DC /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 03 Jun 2019 07:22:33 GMT
X-Content-Type-Options: nosniff
X-C: ms-6.7.4
P3P: CP="This is not a P3P policy"
Connection: Keep-Alive
Content-Length: 43
X-XSS-Protection: 1; mode=block
Pragma: no-cache
Last-Modified: Tue, 04 Jun 2019 07:22:33 GMT
Server: Omniture DC
xserver: www288
ETag: "3349100720949362688-6802336677617475777"
Vary: *
Content-Type: image/gif
Access-Control-Allow-Origin: *
Cache-Control: no-cache, no-store, max-age=0, no-transform, private
Keep-Alive: timeout=15
Expires: Sun, 02 Jun 2019 07:22:33 GMT

GET
H2 200 39852 Show response
api.opmnstr.com/v2/embed/ 120 KB
13 KB 383ms
180ms XHR
application/json 50.19.60.226
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://api.opmnstr.com/v2/embed/39852
Requested by: Host: a.optmnstr.com
URL: https://a.optmnstr.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 50.19.60.226 Ashburn, United States, ASN14618 (AMAZON-AES - Amazon.com, Inc., US),
Reverse DNS: ec2-50-19-60-226.compute-1.amazonaws.com
Software: Pagely Gateway/1.5.1 /
Resource Hash: 2273f8230b8b17ef1e7f77a521a0a1e404d89f7094db7b1cc68c92b28e95559a

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36
Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
Origin: https://www.fortinet.com

Response headers

x-user-agent: standard
content-encoding: gzip
x-cache-config: 0 0
server: Pagely Gateway/1.5.1
status: 200
date: Mon, 03 Jun 2019 07:22:33 GMT
x-cache-status: HIT
vary: Accept-Encoding, User-Agent
content-type: application/json;charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: X-OptinMonster-Account
access-control-allow-headers: X-CSRF-Token
x-optinmonster-account: 45602

GET
H/1.1 200
OK 7OBVBCAQE5FHDPFEAD5T4D Show response
d.adroll.com/consent/check/ 40 B
200 B 161ms
46ms Script
application/javascript 176.34.190.23
Amazon.com

General

Check archive.org

Show headers Download Go to

Full URL: https://d.adroll.com/consent/check/7OBVBCAQE5FHDPFEAD5T4D?_s=1738f7e41319239bf3cf6be79dfb3acd
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 176.34.190.23 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-176-34-190-23.eu-west-1.compute.amazonaws.com
Software: nginx/1.14.1 /
Resource Hash: 6f43e1e85c42d5e449308701054501d9867a7254c9a8734406afbc89b3dfe5b4

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 03 Jun 2019 07:22:33 GMT
Server: nginx/1.14.1
Connection: keep-alive
Content-Length: 40
Content-Type: application/javascript

GET
H/1.1 200
OK consent.js Show response
s.adroll.com/j/ 102 KB
17 KB 36ms
36ms Script
application/javascript 2.18.233.40
Akamai Technologies

General

Check archive.org

Show headers Download Go to

Full URL: https://s.adroll.com/j/consent.js
Requested by: Host: s.adroll.com
URL: https://s.adroll.com/j/roundtrip.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2.18.233.40 , Ascension Island, ASN16625 (AKAMAI-AS - Akamai Technologies, Inc., US),
Reverse DNS: a2-18-233-40.deploy.static.akamaitechnologies.com
Software: AmazonS3 /
Resource Hash: 83051023bfab2e4afa31dca7ebf6f9be8b83dbaec10fe5f2849b20ef0b7c825d

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

x-amz-version-id: .dRGyr46ShY2eEWWiKKbXrf_.GbMqm7g
Content-Encoding: gzip
x-amz-request-id: 7FEA3EDB644DAACA
x-amz-server-side-encryption: AES256
Access-Control-Max-Age: 600
Date: Mon, 03 Jun 2019 07:22:33 GMT
Connection: keep-alive
Content-Length: 16967
x-amz-id-2: HkzQ8j3AsDjyfkjZu88Uy35a6dNeWCd9aFVju48bP4V47w1xr4R9r2yQPxiMz8sKRaXTeNHe1iY=
Last-Modified: Thu, 30 May 2019 16:50:11 GMT
Server: AmazonS3
ETag: "7bf3c4f6ffbc158d1a50bee22d735356"
Vary: Accept-Encoding
Access-Control-Allow-Methods: GET
Content-Type: application/javascript
Access-Control-Allow-Origin: *
Cache-Control: max-age=300, must-revalidate
Access-Control-Allow-Credentials: false
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
H/1.1 200
OK hod
d.adroll.com/consent/ 42 B
264 B 44ms
43ms Image
image/gif 176.34.190.23
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://d.adroll.com/consent/hod?_e=view_banner&_s=1738f7e41319239bf3cf6be79dfb3acd&_b=626d9f6089ce68&_a=7OBVBCAQE5FHDPFEAD5T4D
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 176.34.190.23 Dublin, Ireland, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: ec2-176-34-190-23.eu-west-1.compute.amazonaws.com
Software: nginx/1.14.1 /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 03 Jun 2019 07:22:33 GMT
Cache-Control: no-transform,public,max-age=300,s-maxage=900
Server: nginx/1.14.1
Connection: keep-alive
Content-Length: 42
Vary: Cookie
Content-Type: image/gif

GET
H2 200 / Show response
graph.facebook.com/ 528 B
778 B 127ms
112ms Script
text/javascript 2a03:2880:f02d:e:face:b00c:0:2
Facebook

General

Check archive.org

Show headers Download Go to

Full URL

https://graph.facebook.com/?id=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fquick-analysis-new-method-spreading-trickbot.html&callback=window.__sharethis__.cb4

Requested by

Host: platform-api.sharethis.com
URL: https://platform-api.sharethis.com/js/sharethis.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f02d:e:face:b00c:0:2 , Ireland, ASN32934 (FACEBOOK - Facebook, Inc., US),

Reverse DNS

Software

Resource Hash

afd379b941de993b0b6da0623de30399654994f97a2590dcc20f00a38328a481

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; preload

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

strict-transport-security: max-age=15552000; preload
content-encoding: br
x-app-usage: {"call_count":0,"total_cputime":0,"total_time":0}
status: 200
date: Mon, 03 Jun 2019 07:22:33 GMT
x-fb-rev: 1000778590
content-length: 330
pragma: no-cache
x-fb-debug: CASIOzMWRLDJFHsDrZ/U9Nefk8+6iBWHR+tOAGTeXSuefPtcsAFFD4grmslY8B5wi+6Vqk4Ty9IPx5MzweuEjA==
x-fb-trace-id: CkkinIZo9ts
etag: "00a3f6b4cf217cdff98ed1006c4a088478766087"
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
access-control-allow-origin: *
x-fb-request-id: AQM6D8MyYcVD-TlMqlbWg3Y
cache-control: private, no-cache, no-store, must-revalidate
facebook-api-version: v2.9
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK 457327a1971d1558451996-blog-banner-1024x160-TLR-Q1-2019.jpg
optin-monster.s3.amazonaws.com/users/df0603609574/images/ 78 KB
78 KB 424ms
130ms Image
image/jpeg 52.216.238.251
Amazon.com

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://optin-monster.s3.amazonaws.com/users/df0603609574/images/457327a1971d1558451996-blog-banner-1024x160-TLR-Q1-2019.jpg
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.216.238.251 Ashburn, United States, ASN16509 (AMAZON-02 - Amazon.com, Inc., US),
Reverse DNS: s3-1-w.amazonaws.com
Software: AmazonS3 /
Resource Hash: fa729b65174a6d9d279f0596f9fb123bf6af17cb87a29ffddcb3a6c5390a6ab9

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Date: Mon, 03 Jun 2019 07:22:35 GMT
x-amz-request-id: D668E2B77B64BBBB
x-amz-meta-date: 1558451996
Content-Length: 79699
x-amz-id-2: FX4htkwTajvxZa7mTkkxzMoGCcu6pyDWX/oB3NCwfJE1BkN0ZG1PpBSW9XKbly2ksQuvxV6p97U=
x-amz-meta-level: pro
Last-Modified: Tue, 21 May 2019 15:19:57 GMT
Server: AmazonS3
x-amz-meta-accountid: 45602
ETag: "30ecb61aa07532eb85646e0bab50840b"
Content-Type: image/jpeg
x-amz-meta-userid: 39852
x-amz-meta-title: 457327a1971d1558451996-blog-banner-1024x160-TLR-Q1-2019.jpg
Cache-Control: 31104000
Accept-Ranges: bytes
Expires: Thu, 21 May 2020 15:19:56 GMT

GET
DATA 200
OK truncated
/ 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: dbeeb3fa5f0188835b6b6208bc89d641f030e79e27ad5712d427eabd79e6095a

Request headers

User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 / Show response
px.ads.linkedin.com/collect/ 0
94 B 110ms
110ms Script
application/javascript 2a05:f500:10:101::b93f:9105
LinkedIn Corporation

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/collect/?time=1559546554775&pid=7120&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fquick-analysis-new-method-spreading-trickbot.html&fmt=js&s=1
Requested by: Host: sjs.bizographics.com
URL: https://sjs.bizographics.com/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 2a05:f500:10:101::b93f:9105 , Ireland, ASN14413 (LINKEDIN - LinkedIn Corporation, US),
Reverse DNS
Software: Play /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.169 Safari/537.36

Response headers

date: Mon, 03 Jun 2019 07:22:34 GMT
content-encoding: gzip
server: Play
vary: Accept-Encoding
x-li-fabric: prod-lva1
status: 200
x-li-proto: http/2
x-li-pop: prod-efr5
content-type: application/javascript
content-length: 20
x-li-uuid: qKJiKFSfpBXg2RyL9SoAAA==

Verdicts & Comments Add Verdict or Comment

138 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

18 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.fortinet.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.demdex.net/	1970-01-19 05:31:38	Name: demdex Value: 53751770401037517674333264410505975954
.fortinet.com/	1970-01-19 03:22:02	Name: s_getNewRepeat Value: 1559546553578-New
.adobedtm.com/	1970-01-19 03:22:02	Name: _fbp Value: fb.1.1559546553600.1541105809
www.fortinet.com/	1970-01-19 01:55:38	Name: omSeen-qxx1b0gslklfu2kjckea Value: 1559546554628
www.fortinet.com/	1969-12-31 23:59:59	Name: st_shares_https://www.fortinet.com/blog/threat-research/quick-analysis-new-method-spreading-trickbot.html Value: [object Object]
.fortinet.com/	1969-12-31 23:59:59	Name: check Value: true
.fortinet.com/	1970-01-19 18:45:04	Name: AMCV_ED8739F75677FE917F000101%40AdobeOrg Value: 1994364360%7CMCIDTS%7C18051%7CMCMID%7C53407997461933839034369893641946085658%7CMCAAMLH-1560151353%7C6%7CMCAAMB-1560151353%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1559553753s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-18058%7CvVersion%7C3.4.0
.fortinet.com/	1970-01-19 18:43:38	Name: s_ecid Value: MCMID%7C53407997461933839034369893641946085658
www.fortinet.com/	1970-01-19 01:12:27	Name: _omappvs Value: 1559546553611
.fortinet.com/	1970-01-19 01:13:52	Name: _gid Value: GA1.2.282894718.1559546553
www.fortinet.com/	1970-01-23 01:11:00	Name: _omappvp Value: N6fBgCFJiAe95pGnMMFQWScZckPwduW7kQZArVksLQR6fyFzLGBMPJj1gDIlqxyg2rVzgUnxUgpKtTGKxlhCGoymOww4akYg
.fortinet.com/	1970-01-19 01:12:28	Name: mboxEdgeCluster Value: 26
.fortinet.com/	1970-01-19 18:46:31	Name: mbox Value: session#4a59f114ce5049c18e06cacaa203e41e#1559548414\|PC#4a59f114ce5049c18e06cacaa203e41e.26_13#1622791354
www.fortinet.com/	1970-01-19 18:43:38	Name: _sdsat_mcvID Value: 53407997461933839034369893641946085658
.fortinet.com/	1970-01-19 01:12:26	Name: _gat_UA-767980-6 Value: 1
.fortinet.com/	1970-01-19 18:43:38	Name: _ga Value: GA1.2.1877688245.1559546553
.fortinet.com/	1969-12-31 23:59:59	Name: AMCVS_ED8739F75677FE917F000101%40AdobeOrg Value: 1

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
console-api	warning	URL: https://a.optmnstr.com/app/js/api.min.js(Line 2) Message: [OptinMonster]
console-api	warning	URL: https://a.optmnstr.com/app/js/api.min.js(Line 2) Message: [OptinMonster]
console-api	log	URL: https://a.optmnstr.com/app/js/api.min.js(Line 2) Message: [OptinMonster]
console-api	log	URL: https://a.optmnstr.com/app/js/api.min.js(Line 2) Message: [object Object]
console-api	log	URL: https://a.optmnstr.com/app/js/api.min.js(Line 2) Message: console.groupEnd
console-api	warning	URL: https://a.optmnstr.com/app/js/api.min.js(Line 2) Message: [OptinMonster]
console-api	log	URL: https://a.optmnstr.com/app/js/api.min.js(Line 2) Message: [OptinMonster]
console-api	log	URL: https://a.optmnstr.com/app/js/api.min.js(Line 2) Message: [object Object]
console-api	log	URL: https://a.optmnstr.com/app/js/api.min.js(Line 2) Message: console.groupEnd

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a.optmnstr.com
api.opmnstr.com
assets.adobedtm.com
buttons-config.sharethis.com
c.sharethis.mgr.consensu.org
cm.everesttech.net
count-server.sharethis.com
d.adroll.com
dpm.demdex.net
fortinet.demdex.net
fortinet.tt.omtrdc.net
graph.facebook.com
l.sharethis.com
metrics.fortinet.com
optin-monster.s3.amazonaws.com
platform-api.sharethis.com
platform-cdn.sharethis.com
px.ads.linkedin.com
s.adroll.com
sjs.bizographics.com
www.fortinet.com
www.google-analytics.com
www.googletagmanager.com
172.227.102.19
172.82.235.45
176.34.190.23
18.184.119.244
2.16.186.146
2.18.232.23
2.18.233.40
2.19.43.118
23.111.9.217
2a00:1450:4001:814::200e
2a00:1450:4001:81f::2008
2a02:26f0:a00:286::3adf
2a03:2880:f02d:e:face:b00c:0:2
2a05:f500:10:101::b93f:9105
34.198.121.180
50.19.60.226
52.210.34.59
52.211.104.45
52.216.238.251
52.52.101.113
54.183.113.141
66.117.28.86
66.117.29.3
0c5d6afe54557312a77a608152e5252536586d4bb35a48f544abd5840ddae517
124ca5183272e03715fe41e182212a9d30c72d519c6565ba33fa4b41e9927350
16ef40c43b24f64098d2ccb7927ed95e6a28e91c24696b60df77cd5b9345fb85
184291e0710e3688f5649c05b1b665c1a873f1d6dadec6a639c7acdd4f5798db
1bae747c7fd090f56608956a97c870391e1c43f89d24d5766129b75628985c1e
2273f8230b8b17ef1e7f77a521a0a1e404d89f7094db7b1cc68c92b28e95559a
24038492cb3d19fef34ce0a9bc55033f3030c04eeea97a93c22b2ec8914c1316
29f41d54055e58ed9dc430f8fe9963a7c5b25c8a5898faec74f6336df470f165
2feca1615fb6a74f1eed325dbddaa5987e2f495e4a1b4848be03822fe3a31e6e
4461910226279d818f7c57197124abac5172db21e5d650d8e628bb40ae39eaa3
5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d
5c833b1818762f1e134fbb158447fb0b92f2b018b15aa36f2e2405213f830d38
5d59f41eadc2817c241092bfe6182dde49d5be9eb27cad035f2ec4272339283e
67400104bc013c3682c0b8a291eab033b303cc299bf0702c8bf8f7421cb177d4
68588db4f09f1982d74887644c54e581cc6ed7e267f836a480c29ef1a3c0a7a0
6f43e1e85c42d5e449308701054501d9867a7254c9a8734406afbc89b3dfe5b4
799bcb76ccce6e959aee2974b66cd72a019cc95b75d71c4cd10412e9062a406f
7c90dd4b38de314a23ada3d8f4817c5e81e86ab444d1deb152f6d62c60895184
7ce64a05cbc548f6ded7b286c1710901b758b0d4319a598e1e53b29c2046b9a7
7f0daa7591ef2b42b26dd9d39102440c242e7fd798e7898a620e5489d67ec73e
82aed21c24396238d255f9f6c8d0fd7a51a85080c405d96de12e05d29690fc94
83051023bfab2e4afa31dca7ebf6f9be8b83dbaec10fe5f2849b20ef0b7c825d
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
85c6103aabd94bf4584fbdd8b15cb68c08fa52f43dc229ac034a1bf6c855c0bc
8aa2d4a076b1df43e751a2dca70d57a2c6098758addfc7c13e7076337564e0fd
8f88cb7a1cd4134f5d616b9fca90b9069fa16c162b7ae66ba1b500c490b41dd2
9be20bfce75cf41393ac023535d01ba13114efea9d346a5d7ec001b1ef0b0ecd
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
afd379b941de993b0b6da0623de30399654994f97a2590dcc20f00a38328a481
bc9cef10d07e8da3ce80181de07a056414731f86e0dc12e2c81d652b28ac770b
bf37dba5836581c0cc0451edd5c197e46a5a0e070b3f696e5b4bf7e32da1817a
d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17
dbeeb3fa5f0188835b6b6208bc89d641f030e79e27ad5712d427eabd79e6095a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3f699d01517e48e10a9c252b7d00a0bfcdfcce0a40c5c046c09cf5adb8ff26d
e63581e18925c2cdad993959d310ce1268b372cda5cba372ed751915fcc4830c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f666ce185468b63d5ae46811e8baa4809787249e887b0782cdcef1814f36bc92
fa729b65174a6d9d279f0596f9fb123bf6af17cb87a29ffddcb3a6c5390a6ab9

www.fortinet.com Open in urlscan Pro 54.183.113.141 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Detected technologies

Page Statistics

45 Requests

100 %HTTPS

22 %IPv6

16 Domains

23 Subdomains

23 IPs

4 Countries

1232 kBTransfer

2231 kBSize

18 Cookies

10 Outgoing links

Redirected requests

45 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.fortinet.com Open in urlscan Pro
54.183.113.141 Public Scan

Screenshot
Live screenshot

Full Image

45
Requests

100 %
HTTPS

22 %
IPv6

16
Domains

23
Subdomains

23
IPs

4
Countries

1232 kB
Transfer

2231 kB
Size

18
Cookies

45 HTTP transactions
3 data transactions