www.fortinet.com Open in urlscan Pro
3.123.216.247 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
https://u33254697.ct.sendgrid.net/ls/click?upn=u001.rfmZKoSIQF-2FqHrRaNSBoL0tQOvhRvHO1kz4OsWiPx4gkHznYhBZRlBsbfo4ixwVKqEKhCWBQvbxd...
Effective URL:
https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
Submission: On August 09 via api (August 9th 2024, 10:38:48 pm UTC) from IL — Scanned from IL

Summary HTTP 196 Redirects Links 11 Behaviour Indicators

Summary

This website contacted 68 IPs in 7 countries across 63 domains to perform 196 HTTP transactions. The main IP is 3.123.216.247, located in Frankfurt am Main, Germany and belongs to AMAZON-02, US. The main domain is www.fortinet.com. The Cisco Umbrella rank of the primary domain is 221752.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on July 16th 2024. Valid for: a year.

This is the only time www.fortinet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	167.89.115.26 167.89.115.26	11377 (SENDGRID) (SENDGRID)
41	3.123.216.247 3.123.216.247	16509 (AMAZON-02) (AMAZON-02)
6	104.18.87.42 104.18.87.42	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	104.18.28.127 104.18.28.127	13335 (CLOUDFLAR...) (CLOUDFLARENET)
22	184.30.16.231 184.30.16.231	16625 (AKAMAI-AS) (AKAMAI-AS)
2	52.211.89.53 52.211.89.53	16509 (AMAZON-02) (AMAZON-02)
1	34.250.191.11 34.250.191.11	16509 (AMAZON-02) (AMAZON-02)
1 1	52.48.198.240 52.48.198.240	16509 (AMAZON-02) (AMAZON-02)
1	66.235.152.225 66.235.152.225	15224 (OMNITURE) (OMNITURE)
13	2.17.100.210 2.17.100.210	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	104.19.147.8 104.19.147.8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	184.30.17.67 184.30.17.67	16625 (AKAMAI-AS) (AKAMAI-AS)
2	35.204.89.238 35.204.89.238	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	13.107.21.237 13.107.21.237	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
8	142.250.185.200 142.250.185.200	15169 (GOOGLE) (GOOGLE)
2	64.202.112.191 64.202.112.191	23352 (SERVERCEN...) (SERVERCENTRAL)
1	2.17.100.193 2.17.100.193	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	76.223.9.105 76.223.9.105	16509 (AMAZON-02) (AMAZON-02)
2	142.250.186.110 142.250.186.110	15169 (GOOGLE) (GOOGLE)
2	169.150.247.37 169.150.247.37	60068 (CDN77 _) (CDN77 _)
1	172.66.41.8 172.66.41.8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.64.151.60 172.64.151.60	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	52.32.164.86 52.32.164.86	16509 (AMAZON-02) (AMAZON-02)
3	13.107.246.67 13.107.246.67	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	74.121.140.211 74.121.140.211	30419 (PAEDAE-INC) (PAEDAE-INC)
1	216.58.206.70 216.58.206.70	15169 (GOOGLE) (GOOGLE)
1 4	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
1	63.140.62.222 63.140.62.222	15224 (OMNITURE) (OMNITURE)
2	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 4	142.250.185.132 142.250.185.132	15169 (GOOGLE) (GOOGLE)
4	172.217.16.195 172.217.16.195	15169 (GOOGLE) (GOOGLE)
1	151.101.193.229 151.101.193.229	54113 (FASTLY) (FASTLY)
2	44.226.187.177 44.226.187.177	16509 (AMAZON-02) (AMAZON-02)
19 25	35.204.74.118 35.204.74.118	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	13.32.27.65 13.32.27.65	16509 (AMAZON-02) (AMAZON-02)
4 6	46.228.174.117 46.228.174.117	56396 (AMOBEE) (AMOBEE)
1 2	76.223.111.18 76.223.111.18	16509 (AMAZON-02) (AMAZON-02)
1	3.215.201.134 3.215.201.134	14618 (AMAZON-AES) (AMAZON-AES)
1 2	34.111.113.62 34.111.113.62	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	52.212.55.82 52.212.55.82	16509 (AMAZON-02) (AMAZON-02)
1 1	3.75.160.4 3.75.160.4	16509 (AMAZON-02) (AMAZON-02)
1	18.239.69.49 18.239.69.49	16509 (AMAZON-02) (AMAZON-02)
2 2	107.178.240.89 107.178.240.89	15169 (GOOGLE) (GOOGLE)
1 2	3.71.149.231 3.71.149.231	16509 (AMAZON-02) (AMAZON-02)
1 2	54.78.254.47 54.78.254.47	16509 (AMAZON-02) (AMAZON-02)
1	52.202.93.40 52.202.93.40	14618 (AMAZON-AES) (AMAZON-AES)
1	72.246.169.24 72.246.169.24	16625 (AKAMAI-AS) (AKAMAI-AS)
1 2	54.194.254.146 54.194.254.146	16509 (AMAZON-02) (AMAZON-02)
1 2	54.171.248.53 54.171.248.53	16509 (AMAZON-02) (AMAZON-02)
2 2	35.244.174.68 35.244.174.68	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	107.178.254.65 107.178.254.65	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1 1	142.250.186.130 142.250.186.130	15169 (GOOGLE) (GOOGLE)
2 4	185.89.210.90 185.89.210.90	29990 (ASN-APPNEX) (ASN-APPNEX)
1	69.173.144.165 69.173.144.165	26667 (RUBICONPR...) (RUBICONPROJECT)
1	35.244.159.8 35.244.159.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
2 2	142.250.181.226 142.250.181.226	15169 (GOOGLE) (GOOGLE)
1	34.238.149.65 34.238.149.65	14618 (AMAZON-AES) (AMAZON-AES)
1	151.101.8.157 151.101.8.157	54113 (FASTLY) (FASTLY)
1 2	185.89.210.46 185.89.210.46	29990 (ASN-APPNEX) (ASN-APPNEX)
1	18.245.60.5 18.245.60.5	16509 (AMAZON-02) (AMAZON-02)
1	54.203.236.163 54.203.236.163	16509 (AMAZON-02) (AMAZON-02)
3	93.184.221.165 93.184.221.165	15133 (EDGECAST) (EDGECAST)
3	104.244.42.67 104.244.42.67	13414 (TWITTER) (TWITTER)
1	52.22.50.55 52.22.50.55	14618 (AMAZON-AES) (AMAZON-AES)
1	16.170.91.85 16.170.91.85	16509 (AMAZON-02) (AMAZON-02)
1 2	142.250.185.134 142.250.185.134	15169 (GOOGLE) (GOOGLE)
2	157.240.0.6 157.240.0.6	32934 (FACEBOOK) (FACEBOOK)
1	188.114.97.3 188.114.97.3	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	34.117.77.79 34.117.77.79	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2.21.20.141 2.21.20.141	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	52.37.218.4 52.37.218.4	16509 (AMAZON-02) (AMAZON-02)
1	52.29.209.128 52.29.209.128	16509 (AMAZON-02) (AMAZON-02)
2	157.240.253.35 157.240.253.35	32934 (FACEBOOK) (FACEBOOK)
2 5	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	35.81.162.201 35.81.162.201	16509 (AMAZON-02) (AMAZON-02)
2 2	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
1	44.225.29.129 44.225.29.129	16509 (AMAZON-02) (AMAZON-02)
196	68

1 167.89.115.26 (Herndon, United States) 1 redirects

ASN11377 (SENDGRID, US)
PTR: o16789115x26.outbound-mail.sendgrid.net

u33254697.ct.sendgrid.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

41 3.123.216.247 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

www.fortinet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.18.87.42 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.28.127 (None, )

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 184.30.16.231 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-16-231.deploy.static.akamaitechnologies.com

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.211.89.53 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-211-89-53.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.250.191.11 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-34-250-191-11.eu-west-1.compute.amazonaws.com

fortinet.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.48.198.240 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-48-198-240.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 66.235.152.225 (United States)

ASN15224 (OMNITURE, US)
PTR: ip-66-235-152-225.data.adobedc.net

fortinet.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 2.17.100.210 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-210.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.19.147.8 (None, )

ASN13335 (CLOUDFLARENET, US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 184.30.17.67 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-17-67.deploy.static.akamaitechnologies.com

amplify.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
wave.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.204.89.238 (Groningen, Netherlands)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 238.89.204.35.bc.googleusercontent.com

tag.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
i.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.107.21.237 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 142.250.185.200 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f8.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.202.112.191 (United States)

ASN23352 (SERVERCENTRAL, US)
PTR: ny.outbrain.com

tr.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.17.100.193 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-100-193.deploy.static.akamaitechnologies.com

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.9.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: ac3ff6aafb2cddae2.awsglobalaccelerator.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.110 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f14.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 169.150.247.37 (Frankfurt am Main, Germany)

ASN60068 (CDN77 _, GB)
PTR: 169-150-247-37.bunnyinfra.net

a.opmnstr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.66.41.8 (United States)

ASN13335 (CLOUDFLARENET, US)

api.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.151.60 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.32.164.86 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-32-164-86.us-west-2.compute.amazonaws.com

abm-tracking.demandscience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.107.246.67 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

tmp.argusplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixels.argusplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
webtracker.argusplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 74.121.140.211 (Reston, United States)

ASN30419 (PAEDAE-INC, US)

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.58.206.70 (United States)

ASN15169 (GOOGLE, US)
PTR: lhr35s11-in-f6.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.226 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.140.62.222 (United States)

ASN15224 (OMNITURE, US)
PTR: ip-63-140-62-222.data.adobedc.net

metrics.fortinet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.132 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 172.217.16.195 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s08-in-f3.1e100.net

www.google.co.il	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.193.229 (San Francisco, United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.226.187.177 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-226-187-177.us-west-2.compute.amazonaws.com

intentstream.contanuity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

25 35.204.74.118 (Groningen, Netherlands) 19 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 118.74.204.35.bc.googleusercontent.com

um.simpli.fi	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.27.65 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: server-13-32-27-65.fra56.r.cloudfront.net

s.ad.smaato.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 46.228.174.117 (United Kingdom) 4 redirects

ASN56396 (AMOBEE, GB)

sync.1rx.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
sync.targeting.unrulymedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.111.18 (United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: a0f671730127a0812.awsglobalaccelerator.com

eb2.3lift.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.215.201.134 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-215-201-134.compute-1.amazonaws.com

simplifi.partners.tremorhub.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.113.62 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 62.113.111.34.bc.googleusercontent.com

pixel.tapad.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.212.55.82 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-212-55-82.eu-west-1.compute.amazonaws.com

aa.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 3.75.160.4 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-75-160-4.eu-central-1.compute.amazonaws.com

d.agkn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.239.69.49 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-239-69-49.ams58.r.cloudfront.net

sync.intentiq.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 107.178.240.89 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 89.240.178.107.bc.googleusercontent.com

fei.pro-market.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.71.149.231 (Frankfurt am Main, Germany) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

cms.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ups.analytics.yahoo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.78.254.47 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-78-254-47.eu-west-1.compute.amazonaws.com

loadm.exelator.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.202.93.40 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-202-93-40.compute-1.amazonaws.com

sync.bfmio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 72.246.169.24 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a72-246-169-24.deploy.static.akamaitechnologies.com

stags.bluekai.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.194.254.146 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-254-146.eu-west-1.compute.amazonaws.com

bcp.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 54.171.248.53 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-54-171-248-53.eu-west-1.compute.amazonaws.com

ce.lijit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.174.68 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 68.174.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 107.178.254.65 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 65.254.178.107.bc.googleusercontent.com

pippio.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.186.130 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s07-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 185.89.210.90 (Frankfurt am Main, Germany) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 69.173.144.165 (Frankfurt am Main, Germany)

ASN26667 (RUBICONPROJECT, US)

pixel.rubiconproject.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.244.159.8 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.159.244.35.bc.googleusercontent.com

us-u.openx.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.181.226 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f2.1e100.net

cm.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.238.149.65 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-238-149-65.compute-1.amazonaws.com

dx.mountain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.8.157 (San Francisco, United States)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 185.89.210.46 (Frankfurt am Main, Germany) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.245.60.5 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-245-60-5.fra60.r.cloudfront.net

tags.inzynk.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.203.236.163 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-203-236-163.us-west-2.compute.amazonaws.com

tracking.contanuity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 93.184.221.165 (London, United Kingdom)

ASN15133 (EDGECAST, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.244.42.67 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.22.50.55 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-22-50-55.compute-1.amazonaws.com

52.22.50.55	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 16.170.91.85 (Sweden)

ASN16509 (AMAZON-02, US)
PTR: ec2-16-170-91-85.eu-north-1.compute.amazonaws.com

analytics.inzynk.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.134 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f6.1e100.net

10104846.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.0.6 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-fra3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 188.114.97.3 (Amsterdam, Netherlands)

ASN13335 (CLOUDFLARENET, US)

siteimproveanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.117.77.79 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 79.77.117.34.bc.googleusercontent.com

ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2.21.20.141 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-21-20-141.deploy.static.akamaitechnologies.com

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.37.218.4 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-37-218-4.us-west-2.compute.amazonaws.com

px.mountain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.29.209.128 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-29-209-128.eu-central-1.compute.amazonaws.com

6033413.global.siteimproveanalytics.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.253.35 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-02-fra5.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 13.107.42.14 (United States) 2 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.81.162.201 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-81-162-201.us-west-2.compute.amazonaws.com

gs.mountain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.71.131.137 (United States) 2 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 44.225.29.129 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-225-29-129.us-west-2.compute.amazonaws.com

px.steelhousemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
42	fortinet.com www.fortinet.com — Cisco Umbrella Rank: 221752 metrics.fortinet.com — Cisco Umbrella Rank: 973993	10 MB
27	simpli.fi 19 redirects tag.simpli.fi — Cisco Umbrella Rank: 8238 i.simpli.fi — Cisco Umbrella Rank: 6968 um.simpli.fi — Cisco Umbrella Rank: 1484	15 KB
22	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 521	152 KB
14	6sc.co j.6sc.co — Cisco Umbrella Rank: 12402 c.6sc.co — Cisco Umbrella Rank: 16017 ipv6.6sc.co — Cisco Umbrella Rank: 12823 b.6sc.co — Cisco Umbrella Rank: 6896	22 KB
9	doubleclick.net 4 redirects ad.doubleclick.net — Cisco Umbrella Rank: 210 googleads.g.doubleclick.net — Cisco Umbrella Rank: 77 cm.g.doubleclick.net — Cisco Umbrella Rank: 363 10104846.fls.doubleclick.net	6 KB
8	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	721 KB
6	adnxs.com 3 redirects ib.adnxs.com — Cisco Umbrella Rank: 383 secure.adnxs.com — Cisco Umbrella Rank: 764	6 KB
6	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 554	127 KB
5	linkedin.com 2 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 669 www.linkedin.com — Cisco Umbrella Rank: 914	3 KB
5	outbrain.com amplify.outbrain.com — Cisco Umbrella Rank: 4363 tr.outbrain.com — Cisco Umbrella Rank: 4248 wave.outbrain.com — Cisco Umbrella Rank: 4246	10 KB
4	mountain.com dx.mountain.com — Cisco Umbrella Rank: 8539 px.mountain.com — Cisco Umbrella Rank: 8773 gs.mountain.com — Cisco Umbrella Rank: 14631	11 KB
4	1rx.io 4 redirects sync.1rx.io — Cisco Umbrella Rank: 741	1 KB
4	google.co.il www.google.co.il — Cisco Umbrella Rank: 18481	779 B
4	google.com 1 redirects www.google.com — Cisco Umbrella Rank: 10	216 B
3	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 1356	848 B
3	t.co t.co — Cisco Umbrella Rank: 979	880 B
3	contanuity.com intentstream.contanuity.com — Cisco Umbrella Rank: 173029 tracking.contanuity.com — Cisco Umbrella Rank: 44051	1 KB
3	argusplatform.com tmp.argusplatform.com — Cisco Umbrella Rank: 859686 pixels.argusplatform.com — Cisco Umbrella Rank: 956759 webtracker.argusplatform.com	4 KB
3	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 66995 ibc-flow.techtarget.com — Cisco Umbrella Rank: 63746	2 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 534	15 KB
3	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 319 fortinet.demdex.net	2 KB
2	adsrvr.org 2 redirects match.adsrvr.org — Cisco Umbrella Rank: 505	1 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 108	3 KB
2	ml314.com ml314.com — Cisco Umbrella Rank: 3108	39 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 236	73 KB
2	inzynk.io tags.inzynk.io — Cisco Umbrella Rank: 669379 analytics.inzynk.io — Cisco Umbrella Rank: 434735	22 KB
2	rlcdn.com 2 redirects idsync.rlcdn.com — Cisco Umbrella Rank: 689	827 B
2	lijit.com 1 redirects ce.lijit.com — Cisco Umbrella Rank: 1396	892 B
2	crwdcntrl.net 1 redirects bcp.crwdcntrl.net — Cisco Umbrella Rank: 1296	836 B
2	exelator.com 1 redirects loadm.exelator.com — Cisco Umbrella Rank: 3519	3 KB
2	yahoo.com 1 redirects cms.analytics.yahoo.com — Cisco Umbrella Rank: 3137 ups.analytics.yahoo.com — Cisco Umbrella Rank: 612	590 B
2	pro-market.net 2 redirects fei.pro-market.net — Cisco Umbrella Rank: 4127	813 B
2	agkn.com 2 redirects aa.agkn.com — Cisco Umbrella Rank: 910 d.agkn.com — Cisco Umbrella Rank: 1174	1 KB
2	tapad.com 1 redirects pixel.tapad.com — Cisco Umbrella Rank: 646	1 KB
2	3lift.com 1 redirects eb2.3lift.com — Cisco Umbrella Rank: 632	975 B
2	unrulymedia.com sync.targeting.unrulymedia.com — Cisco Umbrella Rank: 1897	755 B
2	demandscience.com abm-tracking.demandscience.com — Cisco Umbrella Rank: 157542	3 KB
2	omappapi.com a.omappapi.com — Cisco Umbrella Rank: 9699 api.omappapi.com — Cisco Umbrella Rank: 10036	3 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 104
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 18992	725 B
2	crazyegg.com script.crazyegg.com — Cisco Umbrella Rank: 4547	3 KB
1	steelhousemedia.com px.steelhousemedia.com — Cisco Umbrella Rank: 24442	318 B
1	siteimproveanalytics.io 6033413.global.siteimproveanalytics.io — Cisco Umbrella Rank: 847514	149 B
1	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1884	14 KB
1	siteimproveanalytics.com siteimproveanalytics.com — Cisco Umbrella Rank: 8455	12 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 1253	15 KB
1	openx.net us-u.openx.net — Cisco Umbrella Rank: 864	264 B
1	rubiconproject.com pixel.rubiconproject.com — Cisco Umbrella Rank: 555	1 KB
1	googleadservices.com 1 redirects www.googleadservices.com — Cisco Umbrella Rank: 176	23 B
1	pippio.com pippio.com — Cisco Umbrella Rank: 1285	569 B
1	bluekai.com stags.bluekai.com — Cisco Umbrella Rank: 1556	446 B
1	bfmio.com sync.bfmio.com — Cisco Umbrella Rank: 2757	421 B
1	intentiq.com sync.intentiq.com — Cisco Umbrella Rank: 1598	545 B
1	tremorhub.com simplifi.partners.tremorhub.com — Cisco Umbrella Rank: 10885	175 B
1	smaato.net 1 redirects s.ad.smaato.net — Cisco Umbrella Rank: 1043	509 B
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 410	15 KB
1	mathtag.com pixel.mathtag.com — Cisco Umbrella Rank: 4337	712 B
1	opmnstr.com a.opmnstr.com — Cisco Umbrella Rank: 59906	18 KB
1	omtrdc.net fortinet.tt.omtrdc.net — Cisco Umbrella Rank: 990592	3 KB
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 2184	490 B
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 1019	316 B
1	sendgrid.net 1 redirects u33254697.ct.sendgrid.net	297 B
0	krxd.net Failed usermatch.krxd.net Failed
196	63

	Domain	Requested by
41	www.fortinet.com	www.fortinet.com
25	um.simpli.fi	19 redirects
22	assets.adobedtm.com	cdn.cookielaw.org assets.adobedtm.com
11	b.6sc.co	www.fortinet.com
8	www.googletagmanager.com	assets.adobedtm.com www.googletagmanager.com abm-tracking.demandscience.com
6	cdn.cookielaw.org	www.fortinet.com cdn.cookielaw.org
4	px.ads.linkedin.com	1 redirects snap.licdn.com
4	ib.adnxs.com	2 redirects
4	sync.1rx.io	4 redirects
4	www.google.co.il	www.fortinet.com
4	www.google.com	1 redirects www.fortinet.com
4	googleads.g.doubleclick.net	1 redirects www.googletagmanager.com
3	analytics.twitter.com
3	t.co
3	bat.bing.com	assets.adobedtm.com bat.bing.com www.fortinet.com
2	match.adsrvr.org	2 redirects
2	www.facebook.com
2	px.mountain.com	dx.mountain.com px.mountain.com
2	ml314.com	www.fortinet.com ml314.com
2	connect.facebook.net	www.fortinet.com connect.facebook.net
2	10104846.fls.doubleclick.net	1 redirects assets.adobedtm.com
2	secure.adnxs.com	1 redirects
2	cm.g.doubleclick.net	2 redirects
2	idsync.rlcdn.com	2 redirects
2	ce.lijit.com	1 redirects
2	bcp.crwdcntrl.net	1 redirects
2	loadm.exelator.com	1 redirects
2	fei.pro-market.net	2 redirects
2	pixel.tapad.com	1 redirects
2	eb2.3lift.com	1 redirects
2	sync.targeting.unrulymedia.com
2	intentstream.contanuity.com	abm-tracking.demandscience.com
2	ibc-flow.techtarget.com	trk.techtarget.com
2	abm-tracking.demandscience.com	www.fortinet.com abm-tracking.demandscience.com
2	www.google-analytics.com	www.googletagmanager.com
2	epsilon.6sense.com	j.6sc.co
2	tr.outbrain.com	amplify.outbrain.com
2	amplify.outbrain.com	www.fortinet.com amplify.outbrain.com
2	script.crazyegg.com	www.fortinet.com script.crazyegg.com
2	dpm.demdex.net	www.fortinet.com
1	px.steelhousemedia.com
1	gs.mountain.com	px.mountain.com
1	www.linkedin.com	1 redirects
1	6033413.global.siteimproveanalytics.io
1	snap.licdn.com	www.fortinet.com
1	siteimproveanalytics.com	assets.adobedtm.com
1	analytics.inzynk.io	tags.inzynk.io
1	webtracker.argusplatform.com	tmp.argusplatform.com
1	tracking.contanuity.com	abm-tracking.demandscience.com
1	tags.inzynk.io	assets.adobedtm.com
1	static.ads-twitter.com	www.fortinet.com
1	dx.mountain.com	www.fortinet.com
1	us-u.openx.net
1	pixel.rubiconproject.com
1	www.googleadservices.com	1 redirects
1	pippio.com
1	stags.bluekai.com
1	sync.bfmio.com
1	ups.analytics.yahoo.com
1	cms.analytics.yahoo.com	1 redirects
1	sync.intentiq.com
1	d.agkn.com	1 redirects
1	aa.agkn.com	1 redirects
1	simplifi.partners.tremorhub.com
1	s.ad.smaato.net	1 redirects
1	i.simpli.fi	tag.simpli.fi
1	cdn.jsdelivr.net	abm-tracking.demandscience.com
1	pixels.argusplatform.com	tmp.argusplatform.com
1	metrics.fortinet.com	www.fortinet.com
1	ad.doubleclick.net	www.fortinet.com
1	pixel.mathtag.com	www.fortinet.com
1	tmp.argusplatform.com	www.fortinet.com
1	trk.techtarget.com	www.fortinet.com
1	api.omappapi.com	a.opmnstr.com
1	a.omappapi.com	a.opmnstr.com
1	a.opmnstr.com	assets.adobedtm.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	wave.outbrain.com	amplify.outbrain.com
1	tag.simpli.fi	assets.adobedtm.com
1	j.6sc.co	www.fortinet.com
1	fortinet.tt.omtrdc.net	www.fortinet.com
1	cm.everesttech.net	1 redirects
1	fortinet.demdex.net	www.fortinet.com
1	geolocation.onetrust.com	cdn.cookielaw.org
1	u33254697.ct.sendgrid.net	1 redirects
0	usermatch.krxd.net Failed
196	87

This site contains links to these domains. Also see Links.

Domain
github.com
www.linkedin.com
www.twitter.com
www.youtube.com
www.instagram.com
www.facebook.com
fortiguard.com
community.fortinet.com
investor.fortinet.com
onetrust.com

Subject Issuer	Validity	Valid
*.fortinet.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-16` - `2025-07-15`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2024-03-01` - `2024-12-31`	10 months	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh
assets.adobedtm.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-09` - `2025-08-09`	a year	crt.sh
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2024-10-26`	a year	crt.sh
*.tt.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2023-08-22` - `2024-09-21`	a year	crt.sh
6sc.co R11	`2024-07-03` - `2024-10-01`	3 months	crt.sh
script.crazyegg.com Cloudflare Inc ECC CA-3	`2024-08-02` - `2024-12-31`	5 months	crt.sh
*.outbrain.com DigiCert TLS RSA SHA256 2020 CA1	`2023-12-14` - `2024-12-14`	a year	crt.sh
*.simpli.fi DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-07` - `2024-12-07`	a year	crt.sh
www.bing.com Microsoft Azure RSA TLS Issuing CA 04	`2024-06-19` - `2024-12-16`	6 months	crt.sh
*.google-analytics.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.6sense.com Amazon RSA 2048 M03	`2024-03-31` - `2025-04-29`	a year	crt.sh
a.opmnstr.com R10	`2024-08-08` - `2024-11-06`	3 months	crt.sh
a.omappapi.com R10	`2024-08-08` - `2024-11-06`	3 months	crt.sh
omappapi.com WE1	`2024-06-16` - `2024-09-14`	3 months	crt.sh
trk.techtarget.com WE1	`2024-07-23` - `2024-10-21`	3 months	crt.sh
abm-tracking.demandscience.com R11	`2024-06-14` - `2024-09-12`	3 months	crt.sh
tmp.argusplatform.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2024-04-23` - `2024-10-23`	6 months	crt.sh
*.mathtag.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-04-23` - `2025-04-30`	a year	crt.sh
*.doubleclick.net WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
metrics.fortinet.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-26` - `2025-01-25`	a year	crt.sh
ibc-flow.techtarget.com WR3	`2024-07-02` - `2024-09-30`	3 months	crt.sh
*.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.google.co.il WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
pixels.argusplatform.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2024-04-22` - `2024-10-22`	6 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2024 Q3	`2024-07-30` - `2025-08-31`	a year	crt.sh
intentstream.contanuity.com E5	`2024-06-16` - `2024-09-14`	3 months	crt.sh
*.mountain.com Go Daddy Secure Certificate Authority - G2	`2024-05-23` - `2025-06-24`	a year	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-25` - `2025-06-24`	a year	crt.sh
*.inzynk.io Amazon RSA 2048 M02	`2024-01-07` - `2025-02-04`	a year	crt.sh
tracking.contanuity.com R11	`2024-07-13` - `2024-10-11`	3 months	crt.sh
webtracker.argusplatform.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2024-04-23` - `2024-10-23`	6 months	crt.sh
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-08` - `2025-05-07`	a year	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-31` - `2024-10-29`	a year	crt.sh
52.22.50.55 Sectigo RSA Domain Validation Secure Server CA	`2024-01-26` - `2025-02-14`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-05-19` - `2024-08-17`	3 months	crt.sh
siteimproveanalytics.com WE1	`2024-06-21` - `2024-09-19`	3 months	crt.sh
event-horizon.gcp.bomm.in WR3	`2024-06-23` - `2024-09-21`	3 months	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
*.global.r1.siteimproveanalytics.io Amazon RSA 2048 M03	`2023-10-26` - `2024-11-23`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-07-01` - `2025-01-01`	6 months	crt.sh

This page contains 3 frames:

Primary Page: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
Frame ID: 854EBEC6B9AE8B566159680F72EEF3A6
Requests: 193 HTTP requests in this frame

Frame: https://fortinet.demdex.net/dest5.html?d_nsid=0
Frame ID: 293DBEC204D8104EDEF8AD712150721E
Requests: 1 HTTP requests in this frame

Frame: https://10104846.fls.doubleclick.net/activityi;dc_pre=CJH2rfH86IcDFajxEQgdQF8AXw;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=606948012267.0367
Frame ID: B8F0DC9BD88C0F2AAE237F74B327BD65
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

PureHVNC Deployed via Python Multi-stage Loader | FortiGuard Labs

Page URL History Show full URLs

https://u33254697.ct.sendgrid.net/ls/click?upn=u001.rfmZKoSIQF-2FqHrRaNSBoL0tQOvhRvHO1kz4OsWiPx4gkHznYhBZRlBsb... HTTP 302
https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader Page URL

Detected technologies

Adobe Experience Manager (CMS) Expand

Overall confidence: 100%
Detected patterns

/etc/designs/
/etc\.clientlibs/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Crazy Egg (Analytics) Expand

Overall confidence: 100%
Detected patterns

script\.crazyegg\.com/pages/scripts/\d+/\d+\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

FingerprintJS (JavaScript libraries) Expand

Overall confidence: 100%
Detected patterns

/fingerprintjs@(\d)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

OpenX (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.openx\.net

Rubicon Project (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

https?://[^/]*\.rubiconproject\.com

TrackJs (Analytics) Expand

Overall confidence: 100%
Detected patterns

tracker\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

196
Requests

86 %
HTTPS

0 %
IPv6

63
Domains

87
Subdomains

68
IPs

7
Countries

11341 kB
Transfer

15018 kB
Size

100
Cookies

11 Outgoing links

These are links going to different origins than the main page.

URL: https://github.com/billythegoat356/Kramer
Title: Kramer

Search URL Search Domain Scan URL

URL: https://github.com/capt-meelo/laZzzy
Title: laZzzy

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/fortinet

Search URL Search Domain Scan URL

URL: https://www.twitter.com/fortinet

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCJHo4AuVomwMRzgkA5DQEOA?sub_confirmation=1

Search URL Search Domain Scan URL

URL: https://www.instagram.com/fortinet/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/fortinet

Search URL Search Domain Scan URL

URL: https://fortiguard.com/
Title: FortiGuard Labs

Search URL Search Domain Scan URL

URL: https://community.fortinet.com/
Title: Fortinet Community

Search URL Search Domain Scan URL

URL: https://investor.fortinet.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://onetrust.com/poweredbyonetrust

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

https://u33254697.ct.sendgrid.net/ls/click?upn=u001.rfmZKoSIQF-2FqHrRaNSBoL0tQOvhRvHO1kz4OsWiPx4gkHznYhBZRlBsbfo4ixwVKqEKhCWBQvbxdQFS0QmxOhmOY-2BVGrWJXfdPXG08xxF8fyO0f94XqUVAF7O-2BePQEPb8Hbk8RDs48RwnkAuWfeSsg-3D-3DOuUu_xe6fOXjz6id-2FgGyhTJI-2FmntAo0gAdry6sqehMjQCGvD7nF2NiWe4ARPoaOnYktALOWYwGnEileT4pnB7BgUy29PCEWlHJqzSP5uwzRbNK-2Bp2FsXJzQf9f9kr5uwy9-2Fqzql0btUrHvOmTl-2FdQoC6-2FVn0PDF8rcoUPFXIgbWnPajvz15YnHGD2hIS9ulO2jkV7CRvFvjSUPEtNNYAEO2F4Q-2BE599HfkQdt-2BdB7apOWLVY-3D HTTP 302
https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 49

https://cm.everesttech.net/cm/dd?d_uuid=59301217353698703593898713970681164306 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZraabgAAAFm6BgOV

Request Chain 132

https://um.simpli.fi/smaato HTTP 302
https://s.ad.smaato.net/c/?dspInit=1001136&dspCookie=FCE2CCF06CD9448EA3DB7054DA67A2AE HTTP 302
https://sync.1rx.io/usersync/smaato/f8523ec180?gdpr=0&gdpr_consent= HTTP 302
https://sync.1rx.io/usersync/smaato/f8523ec180?zcc=1&cb=1723243121894 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-9b3132aa-9522-4471-81a2-829365acac97-003

Request Chain 133

https://um.simpli.fi/nexxen HTTP 302
https://sync.1rx.io/usersync/simplifi/FCE2CCF06CD9448EA3DB7054DA67A2AE HTTP 302
https://sync.1rx.io/usersync/simplifi/FCE2CCF06CD9448EA3DB7054DA67A2AE?zcc=1&cb=1723243121893 HTTP 302
https://sync.targeting.unrulymedia.com/csync/RX-9b3132aa-9522-4471-81a2-829365acac97-003

Request Chain 134

https://um.simpli.fi/triplelift HTTP 302
https://eb2.3lift.com/xuid?mid=7969&xuid=FCE2CCF06CD9448EA3DB7054DA67A2AE&dongle=yf3 HTTP 302
https://eb2.3lift.com/xuid?ld=1&mid=7969&xuid=FCE2CCF06CD9448EA3DB7054DA67A2AE&dongle=yf3&gdpr=0&cmp_cs=&us_privacy=

Request Chain 135

https://um.simpli.fi/telaria_p HTTP 302
https://simplifi.partners.tremorhub.com/sync?UISF=FCE2CCF06CD9448EA3DB7054DA67A2AE

Request Chain 136

https://um.simpli.fi/tapad HTTP 302
https://pixel.tapad.com/idsync/ex/receive?partner_id=2305&partner_device_id=FCE2CCF06CD9448EA3DB7054DA67A2AE HTTP 302
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=FCE2CCF06CD9448EA3DB7054DA67A2AE

Request Chain 137

https://um.simpli.fi/ad_advisor HTTP 302
https://aa.agkn.com/adscores/g.pixel?sid=9201915418&sifi_uid=FCE2CCF06CD9448EA3DB7054DA67A2AE HTTP 302
https://d.agkn.com/pixel/10751/?che=1723243121565&ip=31.187.78.101&l1=https%3A%2F%2Fum.simpli.fi%2Faa_px%3Fsk%3D219403204969004351689 HTTP 302
https://um.simpli.fi/aa_px?sk=219403204969004351689 HTTP 302
https://um.simpli.fi/empty.gif

Request Chain 138

https://um.simpli.fi/intentiq HTTP 302
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=FCE2CCF06CD9448EA3DB7054DA67A2AE

Request Chain 141

https://um.simpli.fi/dtnx HTTP 302
https://fei.pro-market.net/engine?du=24;csync=FCE2CCF06CD9448EA3DB7054DA67A2AE;mimetype=img; HTTP 302
https://fei.pro-market.net/engine?du=24;csync=FCE2CCF06CD9448EA3DB7054DA67A2AE;mimetype=img;sr HTTP 302
https://cms.analytics.yahoo.com/cms?partner_id=DATCS HTTP 302
https://ups.analytics.yahoo.com/ups/58726/cms?partner_id=DATCS

Request Chain 142

https://um.simpli.fi/exelatem HTTP 302
https://loadm.exelator.com/load/?p=204&g=2191&simid=FCE2CCF06CD9448EA3DB7054DA67A2AE&j=0 HTTP 302
https://loadm.exelator.com/load/?p=204&g=2191&simid=FCE2CCF06CD9448EA3DB7054DA67A2AE&j=0&xl8blockcheck=1

Request Chain 144

https://um.simpli.fi/beachfront HTTP 302
https://sync.bfmio.com/sync?pid=141&uid=FCE2CCF06CD9448EA3DB7054DA67A2AE

Request Chain 145

https://um.simpli.fi/bluekai HTTP 302
https://stags.bluekai.com/site/29931?id=FCE2CCF06CD9448EA3DB7054DA67A2AE

Request Chain 146

https://um.simpli.fi/crwdcntrl HTTP 302
https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=FCE2CCF06CD9448EA3DB7054DA67A2AE HTTP 302
https://bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/tpid=FCE2CCF06CD9448EA3DB7054DA67A2AE

Request Chain 147

https://um.simpli.fi/lj_match HTTP 302
https://ce.lijit.com/merge?pid=2&3pid=FCE2CCF06CD9448EA3DB7054DA67A2AE HTTP 302
https://ce.lijit.com/merge?pid=2&3pid=FCE2CCF06CD9448EA3DB7054DA67A2AE&dnr=1

Request Chain 148

https://um.simpli.fi/liveramp_match HTTP 302
https://idsync.rlcdn.com/419566.gif?partner_uid=FCE2CCF06CD9448EA3DB7054DA67A2AE HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CO7NGRIrCicIARDuJBogRkNFMkNDRjA2Q0Q5NDQ4RUEzREI3MDU0REE2N0EyQUUQABoNCPG02rUGEgUI6AcQAEIASgA HTTP 307
https://pippio.com/api/sync?pid=5324&it=1&iv=e9fc0a01133384fc54664003c9aecd590e463a4502eae283cfbeafca934dcc3d791426b5417dce21&_=2

Request Chain 149

https://www.googleadservices.com/pagead/conversion/1026675585/?random=1723243120795&cv=7&fst=1723243120795&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON HTTP 302
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1026675585/?random=40837764&cv=7&fst=1723243120795&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CKG4sQIIscGxAgiwwbECCLnBsQI&pscrd=IhMIwKLe8PzohwMVdI-DBx2XyCYDMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5mb3J0aW5ldC5jb20v HTTP 302
https://www.google.com/pagead/1p-conversion/1026675585/?random=40837764&cv=7&fst=1723243120795&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CKG4sQIIscGxAgiwwbECCLnBsQI&pscrd=IhMIwKLe8PzohwMVdI-DBx2XyCYDMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5mb3J0aW5ldC5jb20v&is_vtc=1&cid=CAQSKQDpaXnfZIoPajVjZMAAXRdeNBAlP37HZcGET6w1YOuh28EPP9wkFWPv&random=3232231773 HTTP 302
https://www.google.co.il/pagead/1p-conversion/1026675585/?random=40837764&cv=7&fst=1723243120795&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CKG4sQIIscGxAgiwwbECCLnBsQI&pscrd=IhMIwKLe8PzohwMVdI-DBx2XyCYDMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5mb3J0aW5ldC5jb20v&is_vtc=1&cid=CAQSKQDpaXnfZIoPajVjZMAAXRdeNBAlP37HZcGET6w1YOuh28EPP9wkFWPv&random=3232231773&ipr=y

Request Chain 151

https://um.simpli.fi/an HTTP 302
https://ib.adnxs.com/setuid?entity=66&code=FCE2CCF06CD9448EA3DB7054DA67A2AE HTTP 307
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3DFCE2CCF06CD9448EA3DB7054DA67A2AE

Request Chain 152

https://um.simpli.fi/rb_match HTTP 302
https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=FCE2CCF06CD9448EA3DB7054DA67A2AE&expires=365

Request Chain 153

https://um.simpli.fi/ox_match HTTP 302
https://us-u.openx.net/w/1.0/sd?id=537072966&val=FCE2CCF06CD9448EA3DB7054DA67A2AE

Request Chain 154

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm&google_sc HTTP 302
https://um.simpli.fi/g_match?id=&google_gid=CAESEJL9nkeTFqd4vuJQXWC4N10&google_cver=1 HTTP 302
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=FCE2CCF06CD9448EA3DB7054DA67A2AE HTTP 302
https://um.simpli.fi/g_match?id=

Request Chain 157

https://secure.adnxs.com/px?id=1773420&t=2 HTTP 307
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1773420%26t%3D2

Request Chain 158

https://ib.adnxs.com/seg?add=36113683 HTTP 307
https://ib.adnxs.com/bounce?%2Fseg%3Fadd%3D36113683

Request Chain 170

https://10104846.fls.doubleclick.net/activityi;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=606948012267.0367 HTTP 302
https://10104846.fls.doubleclick.net/activityi;dc_pre=CJH2rfH86IcDFajxEQgdQF8AXw;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=606948012267.0367

Request Chain 175

https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=32e39a6d08d82c7f5e39d3ea18d4efb4_1723243120841 HTTP 303
https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=32e39a6d08d82c7f5e39d3ea18d4efb4_1723243120841&_bee_ppp=1 HTTP 303
https://tracking.contanuity.com/usersync?bwcookie=AAHzYE7NbTUAABSyAQVz6w

Request Chain 186

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050%2C4628290&time=1723243123017&li_adsId=9a1e0bd5-2001-4985-856e-472f0be5d5be&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7120%252C2159050%252C4628290%26time%3D1723243123017%26li_adsId%3D9a1e0bd5-2001-4985-856e-472f0be5d5be%26url%3Dhttps%253A%252F%252Fwww.fortinet.com%252Fblog%252Fthreat-research%252Fpurehvnc-deployed-via-python-multi-stage-loader%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050%2C4628290&time=1723243123017&li_adsId=9a1e0bd5-2001-4985-856e-472f0be5d5be&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&liSync=true

Request Chain 192

https://match.adsrvr.org/track/cmf/generic?ttd_pid=steelhouse&ttd_tpi=1&ttd_puid=21e9055e-56a0-11ef-83ab-1fa8abe17ca0&gdpr=&gdpr_consent= HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=steelhouse&ttd_tpi=1&ttd_puid=21e9055e-56a0-11ef-83ab-1fa8abe17ca0&gdpr=&gdpr_consent= HTTP 302
https://px.steelhousemedia.com/tdsync?tdid=218aab7b-0184-469a-82a4-7d15ee6e63fe&shguid=21e9055e-56a0-11ef-83ab-1fa8abe17ca0

Request Chain 193

https://insight.adsrvr.org/track/evnt/?adv=6s0zaeu&ct=0:0bi0elf&fmt=3 HTTP 302
https://usermatch.krxd.net/um/v2?partner=ttd&partner_uid=ttd&gdpr=0&gdpr_consent=&ttd_tdid=d2cc1912-bf33-4c9b-94b2-5597895a1668

196 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request purehvnc-deployed-via-python-multi-stage-loader Show response
www.fortinet.com/blog/threat-research/
Redirect Chain

https://u33254697.ct.sendgrid.net/ls/click?upn=u001.rfmZKoSIQF-2FqHrRaNSBoL0tQOvhRvHO1kz4OsWiPx4gkHznYhBZRlBsbfo4ixwVKqEKhCWBQvbxdQFS0QmxOhmOY-2BVGrWJXfdPXG08xxF8fyO0f94XqUVAF7O-2BePQEPb8Hbk8RDs48R...
https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

75 KB
23 KB

388ms
120ms

Document
text/html

3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

69667f1c2f0036f5f46e705a892ef6f5ce086874bb2fa271566d7412f34fc4e0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Age: 27457
Cache-Control: max-age=600, public, s-maxage=10800
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 21835
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Type: text/html;charset=utf-8
Date: Fri, 09 Aug 2024 22:28:58 GMT
ETag: "12d24-61f4169476fde-gzip"
Last-Modified: Fri, 09 Aug 2024 15:00:59 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
Via: 1.1 cb605905cea2427f1d9f13acc778e822.cloudfront.net (CloudFront)
X-Amz-Cf-Id: pZBLfwAeOzqDvVKeWrNg8CgbjxMGWhD4b23EdX_E8u5H1Ke_956F1w==
X-Amz-Cf-Pop: FRA60-P3
X-Cache: Hit from cloudfront
X-Content-Type-Options: nosniff
X-Dispatcher: dispatcher2uswest1-28559771
X-Frame-Options: SAMEORIGIN
X-Vhost: publish
X-XSS-Protection: 1; mode=block

Redirect headers

Connection: keep-alive
Content-Length: 116
Content-Type: text/html; charset=utf-8
Date: Fri, 09 Aug 2024 22:38:35 GMT
Location: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
Server: nginx
X-Robots-Tag: noindex, nofollow

GET
H/1.1 200
OK visitorapi.min.js Show response
www.fortinet.com/etc/designs/fortinet/adb-target/ 64 KB
30 KB 318ms
120ms Script
application/javascript 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc/designs/fortinet/adb-target/visitorapi.min.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

0f03d4ff929986a3cde83681fd2560eae544f7138f59945ec6ec32c17800ca91

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Mon, 05 Aug 2024 08:32:23 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Encoding: gzip
Via: 1.1 cb605905cea2427f1d9f13acc778e822.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
X-Vhost: publish
X-Cache: Hit from cloudfront
Age: 396372
Connection: keep-alive
Content-Length: 29532
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 15 Feb 2024 21:43:32 GMT
Server: Apache
ETag: "fe2d-6117284c96900-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: PSR_6kI1AQtKjfw78M9BAEvehc8GRT1lMbEtwwuWGGXTZ8Aor-BEMg==

GET
H/1.1 200
OK at.js Show response
www.fortinet.com/etc/designs/fortinet/adb-target/ 104 KB
48 KB 346ms
121ms Script
application/javascript 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc/designs/fortinet/adb-target/at.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

db058d72d7ba8ff6ed7209af23a4458c373cc78f72c81ec1df88bb5de72a0b0b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Fri, 02 Aug 2024 21:19:00 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Encoding: gzip
Via: 1.1 79272ab9b399ee696b329d4f677dca48.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
X-Vhost: publish
X-Cache: Hit from cloudfront
Age: 609576
Connection: keep-alive
Content-Length: 47782
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 21 Mar 2024 20:59:39 GMT
Server: Apache
ETag: "19e83-61431fc4b24c0-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: eVmgqj7Il4hIKrUQIfYJc0yZlQFWdUMAAX_gLdshnuq8lRrE18vDQw==

GET
H/1.1 200
OK clientlib-base.min.900b148ab7b87024003111a1245cca9c.css
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/ 540 KB
28 KB 173ms
119ms Stylesheet
text/css 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.900b148ab7b87024003111a1245cca9c.css

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

94633716497a85d800b6e573953942c4cfe483c0dbd68fa97fd01dd97ced5d66

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Fri, 09 Aug 2024 22:33:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Encoding: gzip
Via: 1.1 cb605905cea2427f1d9f13acc778e822.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
X-Vhost: publish
X-Cache: Hit from cloudfront
Age: 1568994
Connection: keep-alive
Content-Length: 27478
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 20 Jun 2024 21:00:07 GMT
Server: Apache
ETag: "86e1b-61b58998583c0-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: text/css;charset=utf-8
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: cqRUK2okbB23G9iG0kB3CFGNFso9xDwEESrF7EN3_JFi2ZSRyJkCkw==

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 196ms
72ms Script
application/javascript 104.18.87.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.87.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1505aa0792421f831935f4761a95f31462a3dd097c8bd00ad8e9c765c8065517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 22:38:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Wbr2pAeg61Hfi+2FuD0cYA==
age: 72662
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6882
x-ms-lease-status: unlocked
last-modified: Thu, 08 Aug 2024 02:35:45 GMT
server: cloudflare
etag: 0x8DCB752CE6C94B7
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 6f7be3ee-301e-002d-56c3-e9104a000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b0b3cc6fd12e3cf-TLV

GET
H/1.1 200
OK fortinet-logo-white.svg
www.fortinet.com/content/dam/fortinet-blog/ 32 KB
3 KB 345ms
120ms Image
image/svg+xml 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/fortinet-logo-white.svg

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Fri, 09 Aug 2024 22:38:14 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Encoding: gzip
Via: 1.1 a54cda8ccda3480314f451558e4dd062.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
X-Vhost: publish
X-Cache: Hit from cloudfront
Age: 30447435
Content-Disposition: attachment; filename="fortinet-logo-white.svg"
Connection: keep-alive
Content-Length: 1998
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 22 Feb 2018 23:16:01 GMT
Server: Apache
ETag: "7ebb-565d53a1d6e40-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: zRZDBaNiBJ1Lt5QJfGHN8d92U9B8Yy1MHoNuzMSvsgdZYl5bntMBIQ==

GET
H/1.1 200
OK toc-icon.jpg
www.fortinet.com/content/dam/fortinet/images/ 1 KB
3 KB 324ms
118ms Image
image/jpeg 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet/images/toc-icon.jpg

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

370df1cc8999c1e03fc1c5f7ced35334513d19233d1fc79d2c1c7f711361565d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Fri, 09 Aug 2024 22:38:14 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 68b2682a924ac399aa2724b5b439e75c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 23259852
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 1277
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 14 Nov 2023 17:34:13 GMT
Server: Apache
ETag: "4fd-60a2031eb4f40"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: c6Yie1N-uxQseYd7N6_0b739Q9FzWQcRnlt-QseNWvbQMc2A_koemQ==

GET
H/1.1 200
OK clientlib-base.min.ba4f082a77dabb2c6baf715d9eb61c22.js Show response
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/ 160 KB
74 KB 132ms
122ms Script
application/javascript 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.ba4f082a77dabb2c6baf715d9eb61c22.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

7b1e74dd6970b56853dfd79e59ba73315051b0c59a69c6a9fd87e515650fdc80

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Thu, 08 Aug 2024 15:13:35 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Encoding: gzip
Via: 1.1 3296b04068551f925d5fafd1b785ff30.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
X-Vhost: publish
X-Cache: Hit from cloudfront
Age: 113101
Connection: keep-alive
Content-Length: 74768
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 11 Jul 2024 21:01:58 GMT
Server: Apache
ETag: "28100-61cff12ce1d80-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript;charset=utf-8
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: gN2kHu9jSuaDxHyMQAtNCq6slq79cIBQh7KeiKW8jgxoo7DHSBa2ZA==

GET
H2 200 f85f39fc-d7aa-467a-b762-fbb722748016.json Show response
cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/ 5 KB
2 KB 241ms
124ms XHR
application/x-javascript 104.18.87.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/f85f39fc-d7aa-467a-b762-fbb722748016.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.87.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8998282f5a80fff5eaafdbd457dd7a81af0cd7c8696bfe032a6aeef8fe67f99f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 22:38:36 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 32612
content-md5: Uj3iBUKm1Vl2g2NHq67V+w==
content-length: 1792
x-ms-lease-status: unlocked
last-modified: Thu, 28 Dec 2023 19:56:54 GMT
server: cloudflare
etag: 0x8DC07DF23DF5130
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 964c1177-301e-008d-4857-790e51000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b0b3cc848b4e3df-TLV
expires: Sat, 10 Aug 2024 22:38:36 GMT

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK purehvnc-python-multi-stage-loader-hero.png
www.fortinet.com/content/dam/fortinet-blog/article-heros/ 435 KB
436 KB 124ms
119ms Image
image/png 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/article-heros/purehvnc-python-multi-stage-loader-hero.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

244c6b3f3ae382625a638af9cf80c7e4c470da6c1a304baf9284cc9162824c90

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Thu, 08 Aug 2024 13:03:15 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 121018
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 444945
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 01 Aug 2024 23:14:22 GMT
Server: Apache
ETag: "6ca11-61ea75ef8cf80"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: pWH_eboCBFVD5M_is6xUGiSWHTSpfFWCGuNBDMfqBoiYPvLbBQ51tA==

GET
H/1.1 200
OK debugging-postscript-with-ghostscript-thumb.jpg.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/ 84 KB
85 KB 116ms
116ms Image
image/png 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/article-images/debugging-postscript-with-ghostscript-thumb.jpg.thumb.319.319.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

591a6bc9905731bfa51a73e2a36a0c3eaead53b61ef407a3fc2b5f4f7c657309

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Fri, 09 Aug 2024 03:32:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 cb605905cea2427f1d9f13acc778e822.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 68744
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 85960
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 25 Jul 2018 23:04:11 GMT
Server: Apache
ETag: "14fc8-571dae58410c0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: PqLd4QC4mB0CXLP85XUTg76zZCMKQEQPcaVQQOQ2bEZI3VrgbB7iCA==

GET
H/1.1 200
OK 018_pythonm.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/python_based_malware_uses_nsa_exploit/ 34 KB
36 KB 117ms
116ms Image
image/png 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/article-images/python_based_malware_uses_nsa_exploit/018_pythonm.png.thumb.319.319.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

b870792c6c6441d421b921e5064ee780de9cdf87911269fcf539312d35861ce6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Fri, 09 Aug 2024 03:32:51 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 68b2682a924ac399aa2724b5b439e75c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 68744
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 34985
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 23 Apr 2018 20:31:50 GMT
Server: Apache
ETag: "88a9-56a89ed6d9980"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: PbYpQioICnIjjshxiD9h-f-HqjZWmJtDxd9Ll1WHCQ45demceB2PYw==

GET
H/1.1 200
OK badpatch-fifteen.png.thumb.319.319.png
www.fortinet.com/content/dam/fortinet-blog/article-images/badpatch-campaign/ 31 KB
32 KB 115ms
115ms Image
image/png 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/article-images/badpatch-campaign/badpatch-fifteen.png.thumb.319.319.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

a19b2bf07a64509548671072cf084869277b815a9df95b2749ed863906bcb6da

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Fri, 09 Aug 2024 22:29:00 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 a54cda8ccda3480314f451558e4dd062.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 30437007
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 31312
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 21 Oct 2019 18:12:12 GMT
Server: Apache
ETag: "7a50-5956f9f6a3700"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: 5vdFoe98rFXATxrIq_lOx8B1ewjeUxfPHLXjXhfqvEXu83T9kg0QMA==

GET
H/1.1 200
OK UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
www.fortinet.com/etc/designs/fortinet/gfonts/ 37 KB
38 KB 189ms
116ms Font
application/octet-stream 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc/designs/fortinet/gfonts/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.900b148ab7b87024003111a1245cca9c.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

b97c99a69a6275c8f90703cd4c0864089a74fd08383a1cc75a8a4d0c2cb60cce

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.900b148ab7b87024003111a1245cca9c.css
Origin: https://www.fortinet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Thu, 01 Aug 2024 00:58:02 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 79272ab9b399ee696b329d4f677dca48.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 1228937
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 37716
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 18 May 2022 21:08:06 GMT
Server: Apache
ETag: "9354-5df4fa74ff980"
X-Frame-Options: SAMEORIGIN
Content-Type: application/octet-stream
Cache-Control: max-age=2000000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: j-HV7v28Lr02P2YeX8hTlmObNxrnCHpqawuj-4g-SjYEoiXKw_NZWQ==

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 69 B
316 B 206ms
77ms XHR
application/json 104.18.28.127
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.28.127 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff10c1fe39489bf9f57c9dc9e8ccc064dfdfd4dec949636d5deeba2a8f2da2f0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:37 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 8b0b3cc9ed68e3ed-TLV
access-control-allow-headers: Content-Type

GET
H/1.1 200
OK purehyvnc-1.png
www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader/_jcr_content/root/responsivegrid/table_content/par/image.img.png/1722551803052/ 165 KB
166 KB 115ms
115ms Image
image/png 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader/_jcr_content/root/responsivegrid/table_content/par/image.img.png/1722551803052/purehyvnc-1.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

33710aaf03861ea1499d9c0bed3370f4a93a5b183f4903ccc3eff438c33be9be

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Fri, 09 Aug 2024 15:03:03 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 3296b04068551f925d5fafd1b785ff30.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 120939
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 168449
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 01 Aug 2024 22:36:43 GMT
Server: Apache
ETag: "29201-61ea6d85334c0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: Hz28vyjEMQAYksf16sJxSosmFamlftucqt1Go6Sv4IhbuKG6p8i5Hw==

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK purehyvnc-2.png
www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader/_jcr_content/root/responsivegrid/table_content/par/image_copy.img.png/1722551988031/ 237 KB
238 KB 117ms
117ms Image
image/png 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader/_jcr_content/root/responsivegrid/table_content/par/image_copy.img.png/1722551988031/purehyvnc-2.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

93a0e7f73f511076177b0b53749dc7e6560dae1f58692689bf5918ec97cbfece

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Fri, 09 Aug 2024 15:03:03 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 a54cda8ccda3480314f451558e4dd062.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 120938
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 242598
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 01 Aug 2024 22:39:48 GMT
Server: Apache
ETag: "3b3a6-61ea6e35a1500"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: NoBkQbeJPZTrWZBGCpadAZW8RHS7S1Tc1IlDv09x6TpKBTJUWJ9ODQ==

GET
H/1.1 200
OK purehyvnc-3.png
www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader/_jcr_content/root/responsivegrid/table_content/par/image_copy_475885376.img.png/1722552040679/ 300 KB
302 KB 115ms
115ms Image
image/png 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader/_jcr_content/root/responsivegrid/table_content/par/image_copy_475885376.img.png/1722552040679/purehyvnc-3.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

17aa4825b9b57feaec8e52e4f3ea7ffff49fc658357a5aaca6ba3d313890f602

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Fri, 09 Aug 2024 15:03:04 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 cb605905cea2427f1d9f13acc778e822.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 120695
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 307608
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 01 Aug 2024 22:40:40 GMT
Server: Apache
ETag: "4b198-61ea6e6738a00"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: VT09aSOByVx8g2ZDO3mDii_jnNynO-Bcw3LgeHwuB_PaloWzTNU6JQ==

GET
H/1.1 200
OK purehyvnc-4.png
www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader/_jcr_content/root/responsivegrid/table_content/par/image_copy_475885376_1303116407.img.png/1722552071596/ 148 KB
150 KB 116ms
115ms Image
image/png 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

b520237c91e8f509a5c12b27022bfeeee7ecbb18ce7ae17353907a9da04a113a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Fri, 09 Aug 2024 15:03:04 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 68b2682a924ac399aa2724b5b439e75c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 120937
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 151744
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 01 Aug 2024 22:41:11 GMT
Server: Apache
ETag: "250c0-61ea6e84c8fc0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: bOGAY4d0yTo1XLyR-5-nlecXECap0Fww1vrQs0NliAw_fQA-_-kDHQ==

GET
H/1.1 200
OK purehyvnc-new.png
www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader/_jcr_content/root/responsivegrid/table_content/par/image_copy_475885376_1025429357.img.png/1722877187323/ 1 MB
1 MB 115ms
115ms Image
image/png 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

7df6ca1fef06a87ff31b343a9b68f5424d220b10bd9ad4be213a6c6842ccf5c1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Fri, 09 Aug 2024 15:03:04 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 79272ab9b399ee696b329d4f677dca48.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 120920
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 1297810
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 05 Aug 2024 16:59:47 GMT
Server: Apache
ETag: "13cd92-61ef29ab906c0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: nbQABw3E6evrmJpiBoxStSHhz1azXt4ca_8NZzERQYsCczsn9kEnxg==

GET
H/1.1 200
OK purehyvnc-6.png
www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader/_jcr_content/root/responsivegrid/table_content/par/image_copy_475885376_1389421869.img.png/1722552172511/ 165 KB
166 KB 122ms
122ms Image
image/png 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

92263e1a91be72db1a5357650e32b5130677af551be39582435c966d5051dcb2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Fri, 09 Aug 2024 15:03:05 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 120936
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 168633
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 01 Aug 2024 22:42:52 GMT
Server: Apache
ETag: "292b9-61ea6ee51b300"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: TSSPnEJIqYmMb_BEwQYG0LOnaqDJfwWmoWpA7GOiagcuyDya2hqAYA==

GET
H/1.1 200
OK purehyvnc-7.png
www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader/_jcr_content/root/responsivegrid/table_content/par/image_copy_475885376_478419250.img.png/1722552193478/ 173 KB
175 KB 116ms
116ms Image
image/png 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

6c00d3490f22d076b6d136b72ea5fdb5c42e76e3edb0753470d82e5fea368a91

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Fri, 09 Aug 2024 15:03:05 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 3296b04068551f925d5fafd1b785ff30.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 120935
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 177475
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 01 Aug 2024 22:43:13 GMT
Server: Apache
ETag: "2b543-61ea6ef922240"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: UEDgit3kYlY1V51Q5atIGIba_YY_iSvNzSLJHM3zlyKJFOQEg4KaZg==

GET
H/1.1 200
OK purehvnc-new-2.png
www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader/_jcr_content/root/responsivegrid/table_content/par/image_1505399129.img.png/1722881751852/ 204 KB
205 KB 117ms
116ms Image
image/png 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader/_jcr_content/root/responsivegrid/table_content/par/image_1505399129.img.png/1722881751852/purehvnc-new-2.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

cf39366e73b1c4f8cda895f02f5560b33dcd30520ae79097f58cad098dd7ec50

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Fri, 09 Aug 2024 15:03:06 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 cb605905cea2427f1d9f13acc778e822.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 120935
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 208423
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 05 Aug 2024 18:15:51 GMT
Server: Apache
ETag: "32e27-61ef3aac223c0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: YO-2WYgZx4AGKX2U36xAOJ8yue-2exRvn7xSg1TYd_rh20n_IFOsJw==

GET
H/1.1 200
OK purehvnc-new-3.png
www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader/_jcr_content/root/responsivegrid/table_content/par/image_472190827.img.png/1722881822889/ 507 KB
508 KB 117ms
116ms Image
image/png 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

1c6afd802534e83ad439f8a33b6799ff28d2c59a92c764cca497dd6b9962b6be

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Fri, 09 Aug 2024 15:03:06 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 68b2682a924ac399aa2724b5b439e75c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 120934
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 518852
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 05 Aug 2024 18:17:02 GMT
Server: Apache
ETag: "7eac4-61ef3aefd8380"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: ylQ40zuGrFswc8eBc8op8jYMMtDFS88VMJUhDKO1pkGFXx5uiZ5Fpw==

GET
H/1.1 200
OK purehyvnc-8.png
www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader/_jcr_content/root/responsivegrid/table_content/par/image_copy_475885376_1426426873.img.png/1722881862873/ 244 KB
246 KB 119ms
118ms Image
image/png 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

3350b7b96901ddabb814f65d6271eb9d6df3880233d5db95b48930f4d8ebfad2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Fri, 09 Aug 2024 15:03:06 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 120933
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 250158
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 05 Aug 2024 18:17:42 GMT
Server: Apache
ETag: "3d12e-61ef3b15fdd80"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: 4ZaR26DImaLy_cUKQvbw3Xfn_cZxExmGTXD5MPUQBMGGS9r-8KOSnQ==

GET
H/1.1 200
OK purehyvnc-9.png
www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader/_jcr_content/root/responsivegrid/table_content/par/image_copy_475885376_2007977278.img.png/1722881871888/ 1 MB
1 MB 199ms
198ms Image
image/png 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

ff5a728d0a25d9e26062e2ac91cc66cef961d385e44eccc327cd41da52fea161

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Fri, 09 Aug 2024 15:03:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 a54cda8ccda3480314f451558e4dd062.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 120932
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 1049752
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 05 Aug 2024 18:17:51 GMT
Server: Apache
ETag: "100498-61ef3b1e931c0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: XBJ7WIqS76Vz7Ttctyx-yLqEbsIIHlyCpg29w874jcpw0YlkAgVCqg==

GET
H/1.1 200
OK purehyvnc-10.png
www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader/_jcr_content/root/responsivegrid/table_content/par/image_copy_475885376_1713600450.img.png/1722881902992/ 68 KB
69 KB 117ms
116ms Image
image/png 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

7b546e7f9280653588380a7215b8ff3d80f05587160824313f2d3b279d116c4e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Fri, 09 Aug 2024 15:03:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 3296b04068551f925d5fafd1b785ff30.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 120931
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 69409
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 05 Aug 2024 18:18:22 GMT
Server: Apache
ETag: "10f21-61ef3b3c23780"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: DH8VcZLsZchuddqKiO2tBOE4k2aBVQzDQZ78uL-GYg1tYpDd5Hqe8Q==

GET
H/1.1 200
OK purehyvnc-11.png
www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader/_jcr_content/root/responsivegrid/table_content/par/image_copy_475885376_609938158.img.png/1722882083026/ 276 KB
277 KB 152ms
151ms Image
image/png 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

87a7c71ac7fd1a3c7b60d4ac57851068ca8f3cb76d3e44a07e01864800dd1834

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Fri, 09 Aug 2024 15:03:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 cb605905cea2427f1d9f13acc778e822.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 120932
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 282674
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 05 Aug 2024 18:21:23 GMT
Server: Apache
ETag: "45032-61ef3be8c0ec0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: ZZ9jLgT3u1Z08LJPbt3u3KBEQs8sgY0y8R1pPxg4CcVU1jl7IzBm_A==

GET
H/1.1 200
OK purehyvnc-12.png
www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader/_jcr_content/root/responsivegrid/table_content/par/image_copy_475885376_751303102.img.png/1722882100616/ 384 KB
385 KB 116ms
116ms Image
image/png 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

18d2c23ce0fcd0eda305d14fe136dbd8ea6c09889ddfb4f5c6d651820f8738d6

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Fri, 09 Aug 2024 15:03:07 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 3296b04068551f925d5fafd1b785ff30.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 120931
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 393052
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 05 Aug 2024 18:21:40 GMT
Server: Apache
ETag: "5ff5c-61ef3bf8f7500"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: 74RfQA54bCaMn-fkKpwiUG5sZ81NiA_pjUc60rhxxEs1doytxsHa9Q==

GET
H/1.1 200
OK purehyvnc-13.png
www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader/_jcr_content/root/responsivegrid/table_content/par/image_copy_475885376_1197803592.img.png/1722882115970/ 50 KB
51 KB 116ms
115ms Image
image/png 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

69a7fa5240adb8db5c7401908deafe70e84e1aa6c31800194cd27d83b043c6be

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Fri, 09 Aug 2024 15:03:08 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 120930
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 51247
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 05 Aug 2024 18:21:55 GMT
Server: Apache
ETag: "c82f-61ef3c07456c0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: 16YSr9mvNekvPNRQf2dBStWeDtx5VIBHuYxxtJLoau4BiOL8UxIXhg==

GET
H/1.1 200
OK purehyvnc-14.png
www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader/_jcr_content/root/responsivegrid/table_content/par/image_copy_475885376_1373686275.img.png/1722891335113/ 502 KB
504 KB 116ms
115ms Image
image/png 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

f88d435f9aef17e489379e8dbcecb3365681ed5d56d44c4e6ced49b76ac2484d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Fri, 09 Aug 2024 15:03:09 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 68b2682a924ac399aa2724b5b439e75c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 120930
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 514308
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 05 Aug 2024 20:55:35 GMT
Server: Apache
ETag: "7d904-61ef5e6025fc0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: -ApK57QklHIRngfUDDkilg25YBFoP8AVZpOu0rsQr99m3lfrY1NFAg==

GET
H/1.1 200
OK purehyvnc-15.png
www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader/_jcr_content/root/responsivegrid/table_content/par/image_copy_475885376_1606215095.img.png/1722891375467/ 391 KB
393 KB 117ms
116ms Image
image/png 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

1a72f04aaac5aebad82f1b0ad679a2d3c409a4161c26dcf5638c8242178117d0

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Fri, 09 Aug 2024 15:03:09 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 cb605905cea2427f1d9f13acc778e822.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 120929
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 400827
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 05 Aug 2024 20:56:15 GMT
Server: Apache
ETag: "61dbb-61ef5e864b9c0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: 80TB2Qlh_Q_HJKfisUdTJokGJXaLGpxHZ6hlAIsVN94ylfYW292ymg==

GET
H/1.1 200
OK purehyvnc-16.png
www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader/_jcr_content/root/responsivegrid/table_content/par/image_copy_475885376_1310345400.img.png/1722891404646/ 1 MB
1 MB 116ms
115ms Image
image/png 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

b97107088a54c575ce74910f863ccc0a99ef3b2a59ec9567fc01b5c53e61f74a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Fri, 09 Aug 2024 15:03:09 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 8b889e35789d2b97f2ba8771acc9a008.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 120928
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 1217239
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 05 Aug 2024 20:56:44 GMT
Server: Apache
ETag: "1292d7-61ef5ea1f3b00"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: Qqh4FATt0P3rhK8NDvxegnqpl7kAc_k5GqDu2PkKo4XDZmCLe0WEtA==

GET
H/1.1 200
OK purehyvnc-17.png
www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader/_jcr_content/root/responsivegrid/table_content/par/image_copy_475885376_1354495108.img.png/1722891450148/ 251 KB
253 KB 117ms
116ms Image
image/png 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

d9b396d109446d0373d061e50866f85ac8d20aaf6f62338fc13aa3ecb4e3668d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Fri, 09 Aug 2024 15:03:10 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 79272ab9b399ee696b329d4f677dca48.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 120928
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 257170
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 05 Aug 2024 20:57:30 GMT
Server: Apache
ETag: "3ec92-61ef5ecdd2280"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: Ioz0vt1QfwurYaOAMwHYc2-kU0hCW-g7Szhh3gFwXIpEdDlmYyhqwQ==

GET
H/1.1 200
OK purehyvnc-18.png
www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader/_jcr_content/root/responsivegrid/table_content/par/image_copy_475885376_306787936.img.png/1722891469077/ 177 KB
178 KB 116ms
115ms Image
image/png 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

9cf85a5873a30fe80a5eecaa22cd7013cbc54d9c8cdece37f4ed3b916c9eaec3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Fri, 09 Aug 2024 15:03:10 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 3296b04068551f925d5fafd1b785ff30.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 120926
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 180779
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 05 Aug 2024 20:57:49 GMT
Server: Apache
ETag: "2c22b-61ef5edff0d40"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: BAiEk18z1hRUjTQZpRJ8pHOl_JVCUv67Vyx0WnHdBg5EChQuHtT0Tw==

GET
H/1.1 200
OK purehyvnc-19.png
www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader/_jcr_content/root/responsivegrid/table_content/par/image_copy_475885376_869714817.img.png/1722891479127/ 209 KB
211 KB 117ms
116ms Image
image/png 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

b80c55d39ac816609a9ca9595b085e10cc2d27ee0e8acaaeb1e095d65d920d9f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Fri, 09 Aug 2024 15:03:10 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 a54cda8ccda3480314f451558e4dd062.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 120926
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 214175
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 05 Aug 2024 20:57:59 GMT
Server: Apache
ETag: "3449f-61ef5ee97a3c0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: ImM2zDfuTFk63ue8QOuX8BVc2dzj0TxhWmoXJv_Cq9Y6K_iNNbzCqg==

GET
H/1.1 200
OK purehyvnc-20.png
www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader/_jcr_content/root/responsivegrid/table_content/par/image_copy_475885376_1927554280.img.png/1722891498713/ 129 KB
131 KB 115ms
115ms Image
image/png 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

d937dfccdeb7e2c2120255a8e9c95361c2e5cba8d1208aea5b824bb96aed73fe

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Fri, 09 Aug 2024 15:03:10 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 3296b04068551f925d5fafd1b785ff30.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 120927
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 132305
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 05 Aug 2024 20:58:18 GMT
Server: Apache
ETag: "204d1-61ef5efb98e80"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: 8yPsoz-WAKQX1UKIITq-3tm6jfx5Cv8A5G4YxarOYGgRrJVosQsg5g==

GET
H/1.1 200
OK purehyvnc-21.png
www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader/_jcr_content/root/responsivegrid/table_content/par/image_copy_475885376_5700855.img.png/1722891545289/ 447 KB
448 KB 115ms
115ms Image
image/png 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

a8a3a769545fe17090291a6648cf182e7a87e0de48d367473f481ccf4594a7e3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Fri, 09 Aug 2024 15:03:11 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 79272ab9b399ee696b329d4f677dca48.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 120926
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 457464
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 05 Aug 2024 20:59:05 GMT
Server: Apache
ETag: "6faf8-61ef5f286b840"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: GT86CIM9i1vKJbBF6FDgfvZBfYSh6CwpuUNBVe1fRdWNq-jSreGYSw==

GET
H/1.1 200
OK purehyvnc-22.png
www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader/_jcr_content/root/responsivegrid/table_content/par/image_copy_475885376_2108786718.img.png/1722891576831/ 80 KB
81 KB 117ms
116ms Image
image/png 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

8c4761d5f39e9f9866a601cb7fb5f148f42b6482ef73e668f7abd6f9ed23bd24

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Fri, 09 Aug 2024 15:03:11 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 cb605905cea2427f1d9f13acc778e822.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 120926
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 81553
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 05 Aug 2024 20:59:36 GMT
Server: Apache
ETag: "13e91-61ef5f45fbe00"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: 7Ij77hhZvG3IbVXZmwrNlq2cShVVVw9cPODMeFjSFK718VuLue3neg==

GET
H/1.1 200
OK purehyvnc-23.png
www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader/_jcr_content/root/responsivegrid/table_content/par/image_copy_475885376_815896792.img.png/1722891583832/ 124 KB
125 KB 116ms
115ms Image
image/png 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

d1f8e63a54b697e75369c8cbdded6b7bf620c4b455c9d2824b851ea2e61bdd7a

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Fri, 09 Aug 2024 15:03:11 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 68b2682a924ac399aa2724b5b439e75c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 120925
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 126644
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 05 Aug 2024 20:59:43 GMT
Server: Apache
ETag: "1eeb4-61ef5f4ca8dc0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: h0a_qSVbqbtGrzyUTS4AOiS8a48Myprr4KHtjvgBDuZ2_voHDJnIvw==

GET
H/1.1 200
OK purehyvnc-24.png
www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader/_jcr_content/root/responsivegrid/table_content/par/image_copy_475885376_652431957.img.png/1722891604218/ 366 KB
368 KB 117ms
116ms Image
image/png 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

10c8ec5fa4d113898afdfee8033223253bda6dad54ecefb77ef5ea7a710259ba

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Fri, 09 Aug 2024 15:03:12 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 a54cda8ccda3480314f451558e4dd062.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 120925
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 375133
X-XSS-Protection: 1; mode=block
Last-Modified: Mon, 05 Aug 2024 21:00:04 GMT
Server: Apache
ETag: "5b95d-61ef5f60afd00"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: jbfXOLxIhHrStH_zYKlnMf0TwNiUFFDk92RA2vDRHytbyIp_7uVb9A==

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.10.0/ 356 KB
78 KB 75ms
74ms Script
application/javascript 104.18.87.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.87.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a23e0e46e16f067271bc79c92a917c13769848457d16cdf109e4dc04c687e8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 22:38:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Bh9exWOPGIwRshWljrtlEw==
age: 54811
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 79698
x-ms-lease-status: unlocked
last-modified: Thu, 03 Dec 2020 02:43:00 GMT
server: cloudflare
etag: 0x8D89735260901BC
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 196e3d49-701e-0078-0644-149a7b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b0b3ccaca5de3cf-TLV

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/68cad325-7b77-4fcb-9f98-ba2e81aa9045/ 99 KB
24 KB 117ms
115ms Fetch
application/x-javascript 104.18.87.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/68cad325-7b77-4fcb-9f98-ba2e81aa9045/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.87.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7ad0607daba7c0ddecacb3c696099e761076f147549440a7b3c4baa8f67ddaac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 22:38:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 1063
content-md5: SDJFQYswktbx6w5cJzzMRQ==
content-length: 24004
x-ms-lease-status: unlocked
last-modified: Thu, 28 Dec 2023 19:57:06 GMT
server: cloudflare
etag: 0x8DC07DF2B6F9C71
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 16a02b50-101e-0023-7a72-79a340000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b0b3ccc5d9de3df-TLV
expires: Sat, 10 Aug 2024 22:38:37 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/6.10.0/assets/ 13 KB
4 KB 73ms
72ms Fetch
application/json 104.18.87.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.10.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.87.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8cdca3b36914e8a3f56390da71389944579faaae82704e53bd66f9c0387502f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 22:38:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: W9e0YobmEbvdB0V9OmpQkw==
age: 1063
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3329
x-ms-lease-status: unlocked
last-modified: Thu, 03 Dec 2020 02:42:50 GMT
server: cloudflare
etag: 0x8D89735209A34D6
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 9a92e17f-301e-0046-2672-790d04000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b0b3ccd6f1ee3df-TLV

GET
H2 200 otPcTab.json Show response
cdn.cookielaw.org/scripttemplates/6.10.0/assets/v2/ 45 KB
12 KB 82ms
81ms Fetch
application/json 104.18.87.42
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.10.0/assets/v2/otPcTab.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.87.42 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f9b2aaabab92d9c63930432351fa3f5aa634fcb5db31b039e23465f8b4bd5a68

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Fri, 09 Aug 2024 22:38:37 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: zNsRoM1FEmsEgJoYMCNTng==
age: 1063
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 11755
x-ms-lease-status: unlocked
last-modified: Thu, 03 Dec 2020 02:42:53 GMT
server: cloudflare
etag: 0x8D897352245C4EA
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: ecfe8c79-601e-0080-574e-79c685000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8b0b3ccd6f21e3df-TLV

GET
H2 200 launch-EN23cb8375449840dc93b13f34d935b8b9.min.js Show response
assets.adobedtm.com/ 508 KB
122 KB 359ms
114ms Script
application/x-javascript 184.30.16.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Requested by: Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.16.231 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-231.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: b07df0831ff27d225d8f51b73c1b1a1236749b2ff5f6e603b42709102e557bd8

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:38 GMT
content-encoding: gzip
last-modified: Thu, 08 Aug 2024 18:15:49 GMT
server: AkamaiNetStorage
etag: "c79cb4f839341f93a45066176ac8c67e:1723140948.968635"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 124685
expires: Fri, 09 Aug 2024 23:38:38 GMT

GET
H2 200 id Show response
dpm.demdex.net/ 367 B
916 B 405ms
128ms XHR
application/json 52.211.89.53
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1723243117845

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/etc/designs/fortinet/adb-target/visitorapi.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

52.211.89.53 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-211-89-53.eu-west-1.compute.amazonaws.com

Software

Resource Hash

d58770d97ce881cd4999bf8de3afbdb2d9e4c49ab1daac2ac4ef902470c3eade

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

dcs: dcs-prod-irl1-1-v063-0bc90b7a0.edge-irl1.demdex.com 2 ms
pragma: no-cache
date: Fri, 09 Aug 2024 22:38:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-tid: xc/ArsD2QZs=
vary: Origin
content-type: application/json;charset=utf-8
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
access-control-allow-credentials: true
content-length: 310
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 dest5.html
fortinet.demdex.net/ Frame 293D 0
0 386ms
127ms Document
text/html 34.250.191.11
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://fortinet.demdex.net/dest5.html?d_nsid=0

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/etc/designs/fortinet/adb-target/visitorapi.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.250.191.11 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-34-250-191-11.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.fortinet.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Fri, 09 Aug 2024 22:38:38 GMT
dcs: dcs-prod-irl1-1-v063-04efd16b6.edge-irl1.demdex.com 0 ms
expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Thu, 8 Aug 2024 07:44:27 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains
vary: accept-encoding
x-tid: lZ4KdcvQSTk=

GET
H2

200

ibs:dpid=411&dpuuid=ZraabgAAAFm6BgOV
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=59301217353698703593898713970681164306
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZraabgAAAFm6BgOV

42 B
717 B

130ms
130ms

Image
image/gif

52.211.89.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZraabgAAAFm6BgOV

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

Server

52.211.89.53 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-52-211-89-53.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

dcs: dcs-prod-irl1-1-v063-001a4a4be.edge-irl1.demdex.com 3 ms
pragma: no-cache
date: Fri, 09 Aug 2024 22:38:38 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: ks3a2O3aRkY=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZraabgAAAFm6BgOV
Date: Fri, 09 Aug 2024 22:38:38 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

POST
H2 200 delivery Show response
fortinet.tt.omtrdc.net/rest/v1/ 7 KB
3 KB 401ms
137ms XHR
application/json 66.235.152.225
OMNITURE

General

Check archive.org

Show headers Download Go to

Full URL

https://fortinet.tt.omtrdc.net/rest/v1/delivery?client=fortinet&sessionId=f4d2357784e94de58d7717423e50e7cb&version=2.10.0

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/etc/designs/fortinet/adb-target/at.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.235.152.225 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

ip-66-235-152-225.data.adobedc.net

Software

jag /

Resource Hash

b8528c787676134511581097853799efde2ea848c9b17798dbf860addbfef435

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Fri, 09 Aug 2024 22:38:38 GMT
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
server: jag
x-content-type-options: nosniff
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
timing-allow-origin: *
x-xss-protection: 1; mode=block
x-request-id: 2513d9a9-8305-410a-b76b-50bcf03c2a7d

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EPc7341b33570d4c988798fc9f0093d4b2/ 35 KB
13 KB 111ms
110ms Script
application/x-javascript 184.30.16.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPc7341b33570d4c988798fc9f0093d4b2/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.16.231 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-231.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: f012c00d43164a4de843ae80abefe500f8497e1123d11c965cd3b40600fe9720

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:38 GMT
content-encoding: gzip
last-modified: Mon, 04 Mar 2024 18:51:30 GMT
server: AkamaiNetStorage
etag: "964f8cb588092ac645368e7307eb73ac:1709578290.803919"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12938
expires: Fri, 09 Aug 2024 23:38:38 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EPc7341b33570d4c988798fc9f0093d4b2/ 3 KB
2 KB 115ms
115ms Script
application/x-javascript 184.30.16.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPc7341b33570d4c988798fc9f0093d4b2/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.16.231 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-231.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: b90b775b65c2623322caaa52d7acf6af709ca59bdd475a54043b6308d91828c4

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:38 GMT
content-encoding: gzip
last-modified: Mon, 04 Mar 2024 18:51:31 GMT
server: AkamaiNetStorage
etag: "9cf185793291692f744c78c75da01dd8:1709578291.795602"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1599
expires: Fri, 09 Aug 2024 23:38:38 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 68 KB
19 KB 354ms
114ms Script
application/javascript 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

e08bbd8d11326289feff5496edc2ee3d0d7e905fe69ad7612a63dcd6bc6e8313

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:38 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 06 Aug 2024 18:33:23 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "66b26c73-10ff6"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, proxy-revalidate, max-age=10800
accept-ranges: bytes
content-length: 18711
expires: Sat, 10 Aug 2024 01:38:38 GMT

GET
H3 200 0786.js Show response
script.crazyegg.com/pages/scripts/0117/ 7 KB
3 KB 158ms
77ms Script
text/javascript 104.19.147.8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0117/0786.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.147.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8db92e7cdc1ad40168c42e93b05d842e056d8a5b83ae96b95d2b1c546f828196

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:38 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 6082
cf-polished: origSize=6998
ce-version: 11.5.257
alt-svc: h3=":443"; ma=86400
cf-bgj: minify
last-modified: Fri, 09 Aug 2024 19:56:39 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
cf-ray: 8b0b3cd26cc5e3d7-TLV

GET
H/1.1 200
OK obtp.js Show response
amplify.outbrain.com/cp/ 28 KB
9 KB 358ms
119ms Script
application/x-javascript 184.30.17.67
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://amplify.outbrain.com/cp/obtp.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.17.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-17-67.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 8489534bde4ad3c3cedebecd11b9babe653de6b413922ec2b877c5bfcb33ee3e

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Fri, 09 Aug 2024 22:38:38 GMT
Content-Encoding: gzip
Last-Modified: Mon, 22 Jul 2024 07:46:05 GMT
Server: AkamaiNetStorage
ETag: "7437febf15b08e005ac33eb9fc2707ae:1721634584.416148"
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-RG: AS
Cache-Control: max-age=1200
X-CC: IL
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8614
Expires: Fri, 09 Aug 2024 22:58:38 GMT

GET
H2 200 25f2dd15-02c6-4e7a-bc8b-c5722b49624d Show response
tag.simpli.fi/sifitag/ 3 KB
2 KB 365ms
119ms Script
application/javascript 35.204.89.238
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://tag.simpli.fi/sifitag/25f2dd15-02c6-4e7a-bc8b-c5722b49624d
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.204.89.238 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 238.89.204.35.bc.googleusercontent.com
Software: openresty /
Resource Hash: c6bcc71f8a9f5497ccc35e3aa16e00110504488fef71fffea99853274f9d7c86

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:38 GMT
content-encoding: gzip
server: openresty
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
cache-control: max-age=0, private, must-revalidate, max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
x-request-id: F-owfH22tYYPKWfCexOB
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 49 KB
14 KB 315ms
131ms Script
application/javascript 13.107.21.237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

13.107.21.237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Fri, 09 Aug 2024 22:38:38 GMT
last-modified: Sat, 13 Jul 2024 20:42:16 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 47272F62914B4492BADE3E6C22369920 Ref B: TLV30EDGE0408 Ref C: 2024-08-09T22:38:38Z
etag: "044982565d5da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 14183

GET
H2 200 RCac955f2e1e97429197e1e31aaec22e86-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/ 1 KB
938 B 113ms
113ms Script
application/x-javascript 184.30.16.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/RCac955f2e1e97429197e1e31aaec22e86-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.16.231 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-231.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: e51f9c7987f16c283fc910c3186fa741a16617d3fb800a090742f70ba4eb1b25

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:38 GMT
content-encoding: gzip
last-modified: Thu, 08 Aug 2024 18:15:50 GMT
server: AkamaiNetStorage
etag: "633a210e090b2fafc45162ab31636a64:1723140950.61328"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 682
expires: Fri, 09 Aug 2024 23:38:38 GMT

GET
H2 200 RC41e16e9b16d1408cbf43b5b2e7378738-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/ 9 KB
2 KB 114ms
114ms Script
application/x-javascript 184.30.16.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/RC41e16e9b16d1408cbf43b5b2e7378738-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.16.231 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-231.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 299077bfa11e31efad8c17f370cb0c1213e488a1a366839be6adf9ef1ec24b77

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:38 GMT
content-encoding: gzip
last-modified: Thu, 08 Aug 2024 18:15:50 GMT
server: AkamaiNetStorage
etag: "633a210e090b2fafc45162ab31636a64:1723140950.61328"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 1845
expires: Fri, 09 Aug 2024 23:38:38 GMT

GET
H2 200 RC448863e9e05a4b4880daa4a5fb7da328-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/ 358 B
482 B 137ms
137ms Script
application/x-javascript 184.30.16.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/RC448863e9e05a4b4880daa4a5fb7da328-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.16.231 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-231.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 20f78ae649f5ba99d3552f8f33768ef6c8b75e07d6fbf8cfabdab85ed40b0034

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:38 GMT
content-encoding: gzip
last-modified: Thu, 08 Aug 2024 18:15:50 GMT
server: AkamaiNetStorage
etag: "633a210e090b2fafc45162ab31636a64:1723140950.61328"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 227
expires: Fri, 09 Aug 2024 23:38:38 GMT

GET
H2 200 RCa4add8b607f6404fbd2aba7ee4b9abad-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/ 703 B
681 B 114ms
114ms Script
application/x-javascript 184.30.16.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/RCa4add8b607f6404fbd2aba7ee4b9abad-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.16.231 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-231.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 818259d4fb503263efbf680e128338d0e0eb6da660f344d56ef8191ac1661a03

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:38 GMT
content-encoding: gzip
last-modified: Thu, 08 Aug 2024 18:15:50 GMT
server: AkamaiNetStorage
etag: "633a210e090b2fafc45162ab31636a64:1723140950.61328"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 425
expires: Fri, 09 Aug 2024 23:38:38 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 357 KB
117 KB 387ms
143ms Script
application/javascript 142.250.185.200
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-748285774&l=dataLayer

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.200 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

3e8e0c8b33a8795055645e9dc3e32fc13b50921f214eb2e9bb141696a56917ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:38 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 119907
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 22:38:38 GMT

GET
H2 200 RC06cd6a06a307489f80febc787462cb12-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/ 635 B
640 B 113ms
113ms Script
application/x-javascript 184.30.16.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/RC06cd6a06a307489f80febc787462cb12-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.16.231 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-231.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 4faf238b1850e53e41a0e30f1ddf4584d46f2176641a6b9fcd468e301db33e46

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:38 GMT
content-encoding: gzip
last-modified: Thu, 08 Aug 2024 18:15:50 GMT
server: AkamaiNetStorage
etag: "633a210e090b2fafc45162ab31636a64:1723140950.61328"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 384
expires: Fri, 09 Aug 2024 23:38:38 GMT

GET
H3 200 www.fortinet.com.json Show response
script.crazyegg.com/pages/data-scripts/0117/0786/site/ 1 KB
722 B 143ms
83ms XHR
application/json 104.19.147.8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0117/0786/site/www.fortinet.com.json?t=1
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0117/0786.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.19.147.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: a1863eb6420e2c83a74d959c580abead814f2aab1ff40e7fa68cb45ebe9cfab1

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:38 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 6081
ce-version: 11.5.257
alt-svc: h3=":443"; ma=86400
content-length: 473
last-modified: Fri, 09 Aug 2024 19:56:41 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8b0b3cd34e3ce3db-TLV

GET
H/1.1 200
OK flyin-fortiguard-labs-outbreak-alerts-346x172.png
www.fortinet.com/content/dam/fortinet/images/promos/pzn/ 35 KB
37 KB 116ms
116ms Image
image/png 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet/images/promos/pzn/flyin-fortiguard-labs-outbreak-alerts-346x172.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

480e3b349655b6f17b20ec546c300957cad9ffd98b2d29be29db79422ededc52

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Fri, 02 Aug 2024 22:58:03 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 a54cda8ccda3480314f451558e4dd062.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
Age: 603635
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 36133
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 30 Nov 2023 00:50:15 GMT
Server: Apache
ETag: "8d25-60b5408ea5fc0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: 9UjJn8MkVq-mF6f3d0thOArnfXCY8bBYyiWChtVUax_LG7O0afPk5g==

GET
H2 200 17532650.js Show response
bat.bing.com/p/action/ 335 B
402 B 130ms
130ms Script
application/javascript 13.107.21.237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/17532650.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

13.107.21.237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

a823e98c44896060a5f7b883eebc7c513ee0bb0cd411d8c18c44c2dc9320b8b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
date: Fri, 09 Aug 2024 22:38:38 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6E802B3A4888466FA9710C29552A49A5 Ref B: TLV30EDGE0408 Ref C: 2024-08-09T22:38:38Z
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
cache-control: private,max-age=1800

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 308 KB
102 KB 154ms
153ms Script
application/javascript 142.250.185.200
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-38BQ9XFDT4

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.200 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

87da91113ebefb0e609cce845e712ff537dce5c4e9cd8a1f61f2d167b64260a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:38 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 104387
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 22:38:38 GMT

GET
H/1.1 200
OK unifiedPixel Show response
tr.outbrain.com/ 53 B
321 B 565ms
181ms Fetch
image/gif 64.202.112.191
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.outbrain.com/unifiedPixel?au=false&bust=05773322296951535&referrer=&cht=ot&marketerId=00ad3119690e692fd6990245f9741ea8f1&name=PAGE_VIEW&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&g=0&obApiVersion=1.1&obtpVersion=2.0.5

Requested by

Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

64.202.112.191 , United States, ASN23352 (SERVERCENTRAL, US),

Reverse DNS

ny.outbrain.com

Software

Resource Hash

b51f3497b0a65f1e1e87e75f5e7e823d871c23bcf76a5ee4101783c8f939e553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:39 GMT
cache-control: no-cache
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-traceid: 1e9e4d4195ef416debb6fc223685170b
content-length: 54
content-type: image/gif;

GET
H/1.1 200
OK cachedClickId Show response
tr.outbrain.com/ 35 B
293 B 582ms
189ms Script
application/javascript 64.202.112.191
SERVERCENTRAL

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.outbrain.com/cachedClickId?marketerId=00ad3119690e692fd6990245f9741ea8f1

Requested by

Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

64.202.112.191 , United States, ASN23352 (SERVERCENTRAL, US),

Reverse DNS

ny.outbrain.com

Software

Resource Hash

1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:39 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-traceid: 8be9ce41757de5ab090aed308e8231cc
content-length: 39
content-type: application/javascript

GET
H/1.1 200
OK 00ad3119690e692fd6990245f9741ea8f1 Show response
wave.outbrain.com/mtWavesBundler/handler/ 2 B
516 B 370ms
139ms Script
text/html 184.30.17.67
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://wave.outbrain.com/mtWavesBundler/handler/00ad3119690e692fd6990245f9741ea8f1

Requested by

Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

184.30.17.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-17-67.deploy.static.akamaitechnologies.com

Software

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
Content-Encoding: gzip
Date: Fri, 09 Aug 2024 22:38:39 GMT
ob-sent-time: 1723163972255
ETag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
X-RG: AS
Cache-Control: max-age=60
X-CC: IL
Connection: keep-alive
x-traceid: a7903c5cfa51888a051acbc5666b85ae
Content-Length: 22
Expires: Fri, 09 Aug 2024 22:39:39 GMT

GET
H/1.1 200
OK topics Show response
amplify.outbrain.com/ 26 B
301 B 337ms
114ms Fetch
text/html 184.30.17.67
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://amplify.outbrain.com/topics
Requested by: Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.17.67 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-17-67.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6d0291f90718dc0537f65dc6a4f68d8e75f0a8a3a0b62836d9cf41350ecaf552

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Fri, 09 Aug 2024 22:38:39 GMT
Observe-Browsing-Topics: ?1
Content-Type: text/html
Access-Control-Allow-Origin: *
X-RG: AS
Cache-Control: max-age=1200
X-CC: IL
Connection: keep-alive
Content-Length: 26
Expires: Fri, 09 Aug 2024 22:58:39 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
194 B 132ms
117ms XHR
text/html 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-100-210.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:38 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.fortinet.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 4 B
282 B 351ms
111ms XHR
text/html 2.17.100.193
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.17.100.193 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-17-100-193.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:39 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: null
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1723243118951_34694333_146333057_21_753_54_114_219";dur=1
content-length: 4
expires: Fri, 09 Aug 2024 22:38:39 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 222ms
214ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=42f1944b-f3a4-405b-8534-8506752422d5&session=e91cefb3-004e-45a3-83e9-72894a748c83&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Fri%2C%2009%20Aug%202024%2022%3A38%3A38%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Lab%20reveals%20a%20malware%20%5C%22PureHVNC%5C%22%2C%20sold%20on%20the%20cybercrime%20forum%2C%20is%20spreading%20through%20a%20phishing%20campaign%20targeting%20employees%20via%20a%20python%20multi-stage%20loader.%20Learn%20more.%22%2C%22keywords%22%3A%22FortiGuard%20Labs%20Threat%20Research%2Cpython%22%2C%22title%22%3A%22PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&pageViewId=40fd6078-11fe-467e-8b84-ebc2c1fd1d9c&v=1.1.23

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:38 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Fri, 09 Aug 2024 22:38:38 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 239ms
231ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=42f1944b-f3a4-405b-8534-8506752422d5&session=e91cefb3-004e-45a3-83e9-72894a748c83&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2009%20Aug%202024%2022%3A38%3A38%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%225eeecf22b2d12a77a14639dce97b7a36%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2009%20Aug%202024%2022%3A38%3A38%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2009%20Aug%202024%2022%3A38%3A38%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2009%20Aug%202024%2022%3A38%3A38%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%227381d1d7c753fe2d8e217c3fdc44c0f17418dcc4%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Fri%2C%2009%20Aug%202024%2022%3A38%3A38%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Lab%20reveals%20a%20malware%20%5C%22PureHVNC%5C%22%2C%20sold%20on%20the%20cybercrime%20forum%2C%20is%20spreading%20through%20a%20phishing%20campaign%20targeting%20employees%20via%20a%20python%20multi-stage%20loader.%20Learn%20more.%22%2C%22keywords%22%3A%22FortiGuard%20Labs%20Threat%20Research%2Cpython%22%2C%22title%22%3A%22PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&pageViewId=40fd6078-11fe-467e-8b84-ebc2c1fd1d9c&v=1.1.23

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:38 GMT
x-content-type-options: nosniff
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Fri, 09 Aug 2024 22:38:38 GMT

GET
H2 204 0
bat.bing.com/action/ 0
287 B 129ms
123ms Image
text/plain 13.107.21.237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=17532650&tm=al001&Ver=2&mid=ab359330-e033-4ec4-91b1-2a651a612b49&sid=1f23eff056a011ef87e2d5fdb9ad8d90&vid=1f24284056a011ef93ce41a1e344b027&vids=1&msclkid=N&pi=918639831&lg=he-IL&sw=1600&sh=1200&sc=24&tl=PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs&kw=FortiGuard%20Labs%20Threat%20Research,python&p=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&r=&lt=1673&pt=1723243115322,,,,,767,804,805,805,1035,860,1035,1154,1218,1162,1665,1665,1673,,,&pn=0,0&evt=pageLoad&sv=1&cdb=AQET&rn=150445

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

13.107.21.237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 09 Aug 2024 22:38:38 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FE69E7FB267C47AD912E7F5B9C9B056A Ref B: TLV30EDGE0408 Ref C: 2024-08-09T22:38:38Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 766 B
725 B 357ms
124ms XHR
application/json 76.223.9.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.9.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash: d134e93f060565a4fc14a09d0ba7d9ea931502fc4d6ef9402d2ef02c12fe97c1

Request headers

Referer: https://www.fortinet.com/
Authorization: Token 7381d1d7c753fe2d8e217c3fdc44c0f17418dcc4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
X-6s-CustomID: WebTag1.0 5eeecf22b2d12a77a14639dce97b7a36

Response headers

x-trace-id: 6327618123322039986
date: Fri, 09 Aug 2024 22:38:39 GMT
content-encoding: gzip
server: nginx
vary: Origin, Accept-Encoding
content-type: application/json
x-6si-region: eu-central-1a
access-control-allow-origin: https://www.fortinet.com
access-control-expose-headers: X-6si-Region
access-control-allow-credentials: true
timing-allow-origin: https://6sense.com, https://www.ssga.com
content-length: 404

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 367ms
119ms Preflight 76.223.9.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.9.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.fortinet.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.fortinet.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
date: Fri, 09 Aug 2024 22:38:39 GMT
server: nginx
timing-allow-origin: https://6sense.com, https://www.ssga.com
x-6si-region: eu-central-1a
x-trace-id: 3486688037279270609

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 248 KB
87 KB 214ms
214ms Script
application/javascript 142.250.185.200
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-662878185&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-748285774&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.200 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

1cbff27f83dfb9ab131cd3cf667563f46b4b696ff02eb44e9159f63961afca14

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:39 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 89555
x-xss-protection: 0
last-modified: Fri, 09 Aug 2024 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 09 Aug 2024 22:38:39 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 213 KB
77 KB 127ms
127ms Script
application/javascript 142.250.185.200
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-10050195&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-748285774&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.200 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

e48ba6b1bdc7f5f6e0ee7ebdffdd38a2f866c3d8caed3b7ea6576634e3a9396d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:39 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78544
x-xss-protection: 0
last-modified: Fri, 09 Aug 2024 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 09 Aug 2024 22:38:39 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 229 KB
82 KB 257ms
256ms Script
application/javascript 142.250.185.200
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-609297413&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-748285774&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.200 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

2bca4187da6c7ee52fec70384ccc5d8a422038627170fe8018c4cd79d4624a93

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:39 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 84428
x-xss-protection: 0
last-modified: Fri, 09 Aug 2024 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 09 Aug 2024 22:38:39 GMT

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 240 KB
85 KB 173ms
173ms Script
application/javascript 142.250.185.200
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-729495989&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-748285774&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.200 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

f44ec5d04108a0d51173814412daecda77d14d2b3da5325f1211a99882d5485d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:39 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 87164
x-xss-protection: 0
last-modified: Fri, 09 Aug 2024 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 09 Aug 2024 22:38:39 GMT

POST
H2 204 collect
www.google-analytics.com/g/ 0
0 373ms
120ms Fetch
text/plain 142.250.186.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-38BQ9XFDT4&gtm=45je4880v9191763579za200&_p=1723243118366&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=401372701.1723243119&ul=he-il&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1723243119&sct=1&seg=0&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&dt=PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=3746
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-38BQ9XFDT4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.186.110 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s06-in-f14.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:39 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 api.min.js Show response
a.opmnstr.com/app/js/ 51 KB
18 KB 379ms
109ms Script
application/javascript 169.150.247.37
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://a.opmnstr.com/app/js/api.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.37 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS: 169-150-247-37.bunnyinfra.net
Software: BunnyCDN-DE1-1080 /
Resource Hash: 13c309d0ebac3484b78106413ee31f46abfc690429c64ddf6ceb1b1838424ada

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:39 GMT
content-encoding: br
cdn-edgestorageid: 1080
perma-cache: HIT
cdn-storageserver: DE-661
cdn-cachedat: 08/08/2024 17:52:15
cdn-pullzone: 293267
last-modified: Tue, 06 Aug 2024 16:41:54 GMT
server: BunnyCDN-DE1-1080
cdn-fileserver: 818
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"66b25252-cc71"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 95502b85415ee5312a5a5d984db91c55
cdn-requestcountrycode: IL
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 api.min.css
a.omappapi.com/app/js/ 10 KB
3 KB 352ms
112ms Stylesheet
text/css 169.150.247.37
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.css
Requested by: Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.247.37 Frankfurt am Main, Germany, ASN60068 (CDN77 _, GB),
Reverse DNS: 169-150-247-37.bunnyinfra.net
Software: BunnyCDN-DE1-1080 /
Resource Hash: d97ea24841d9881b6b38caf9174e468db2c6a133cc325320d5720b0783a37d06

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:39 GMT
content-encoding: br
cdn-edgestorageid: 1081
perma-cache: HIT
cdn-storageserver: DE-382
cdn-cachedat: 08/08/2024 17:52:15
cdn-pullzone: 293267
last-modified: Mon, 05 Aug 2024 16:05:07 GMT
server: BunnyCDN-DE1-1080
cdn-fileserver: 728
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"66b0f833-2644"
vary: Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: fb5da221337ac7bddd3d5c456556b861
cdn-requestcountrycode: IL
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 401 39852 Show response
api.omappapi.com/v2/embed/ 165 B
593 B 343ms
214ms XHR
application/json 172.66.41.8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v2/embed/39852?d=fortinet.com
Requested by: Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.41.8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b934ce9883949e7bceb88fa78a354125eefc85715f7e54da8ff529c94ebab0fe

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:39 GMT
via: 1.1 50940f3eeb596eda1f7ea7b16cfd66f0.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
x-cache-config: 0 0
x-amz-cf-pop: TLV50-C2
x-cache: Error from cloudfront
content-length: 165
x-user-agent: standard--
server: cloudflare
vary: Accept-Encoding, User-Agent
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=120, stale-while-revalidate=1800
cf-ray: 8b0b3cda18a4e3d7-TLV
access-control-allow-headers: X-CSRF-Token
x-amz-cf-id: i7E3ZNLNYg-z3k71V1HHIOGRrPzo2sfzLX8wbP1_4cVNyv4UKLVpiw==
expires: Fri, 09 Aug 2024 22:39:40 GMT

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 277ms
136ms Script
text/javascript 172.64.151.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trk.techtarget.com/tracking.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.151.60 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:39 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
age: 23305
server: cloudflare
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=1200
cf-ray: 8b0b3cda2a7fe3db-TLV
expires: Fri, 09 Aug 2024 22:58:39 GMT

GET
H/1.1 200
OK tag.js Show response
abm-tracking.demandscience.com/ 2 KB
2 KB 800ms
264ms Script
application/javascript 52.32.164.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://abm-tracking.demandscience.com/tag.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.32.164.86 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-32-164-86.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: 701769ec99138974c12369fd4acf65a7f99e9a1becbab1e16a89be9859aafc9f

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Fri, 09 Aug 2024 22:38:40 GMT
Last-Modified: Thu, 09 May 2024 12:00:49 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"82b-18f5d3a3d78"
Content-Type: application/javascript; charset=UTF-8
Cache-Control: public, max-age=0
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2091

GET
H2 200 wid.tracker.js Show response
tmp.argusplatform.com/js/ 8 KB
3 KB 543ms
320ms Script
text/javascript 13.107.246.67
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://tmp.argusplatform.com/js/wid.tracker.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

13.107.246.67 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

b697c4c8e7c22fa7e18ccef66c1bda6610f19ec8c7d1c60fb3696db54ea5362e

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preloadmax-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:40 GMT
content-encoding: br
referrer-policy: same-origin
strict-transport-security: max-age=10886400; includeSubDomains; preloadmax-age=31536000
last-modified: Sat, 08 Jun 2024 11:51:22 GMT
x-content-type-options: nosniff
etag: "28476869"
vary: Accept-Encoding
x-dns-prefetch-control: off
content-type: text/javascript
x-azure-ref: 20240809T223839Z-r164bbb7d64qzj8jvv70e0zepg0000000840000000002szf
x-cache: CONFIG_NOCACHE
cache-control: public, must-revalidate, max-age=30
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK js Show response
pixel.mathtag.com/event/ 161 B
712 B 606ms
199ms Script
text/javascript 74.121.140.211
PAEDAE-INC

General

Check archive.org

Show headers Download Go to

Full URL

https://pixel.mathtag.com/event/js?mt_id=1629896&mt_adid=260855&mt_exem=&mt_excl=&v2=&v3=&s1=&s2=&s3=&v1=en:blog:threat-research:purehvnc-deployed-via-python-multi-stage-loader

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

74.121.140.211 Reston, United States, ASN30419 (PAEDAE-INC, US),

Reverse DNS

Software

MT3 1637 26565ec master iad iad-pixel-x31 config_version:"1438" /

Resource Hash

98192c2b3bfd0e66cff07b8ba31ff42de9182144d3e21b9ca258f13da96ee457

Security Headers

Name	Value
Strict-Transport-Security	31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date: Fri, 09 Aug 2024 22:38:40 GMT
Strict-Transport-Security: 31536000
Referrer-Policy: strict-origin
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: MT3 1637 26565ec master iad iad-pixel-x31 config_version:"1438"
X-Permitted-Cross-Domain-Policies: all
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: text/javascript
Cache-Control: no-cache
Cross-Origin-Resource-Policy: cross-origin
Connection: close
X-XSS-Protection: 0

GET
H3 200 js Show response
www.googletagmanager.com/gtag/ 315 KB
104 KB 133ms
132ms Script
application/javascript 142.250.185.200
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-JH142QCQCJ&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-748285774&l=dataLayer

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.200 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

3fce12f909f6c4389eb8dfa8eef0ac3ddcf55895d333a6bcd26d953f6c9d9001

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:39 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 106405
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 09 Aug 2024 22:38:39 GMT

GET
H/1.1 200
OK footer-links.json Show response
www.fortinet.com/content/dam/fortinet-blog/ 310 KB
36 KB 119ms
119ms XHR
application/json 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/footer-links.json

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.ba4f082a77dabb2c6baf715d9eb61c22.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

9c2bfadf1fe546bd3872bf81e8477e95faff0104f3b9b888bc47cff4ffe88a36

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Fri, 09 Aug 2024 20:11:12 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Encoding: gzip
Via: 1.1 a54cda8ccda3480314f451558e4dd062.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
X-Vhost: publish
X-Cache: Hit from cloudfront
Age: 1915868
Connection: keep-alive
Content-Length: 35378
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 18:24:37 GMT
Server: Apache
ETag: "4d8dc-61d89b0f78340-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/json
Accept-Ranges: bytes
X-Amz-Cf-Id: h8x-VucchQCMM4PX1JYu59vMGuiw7X0uX3Tfzt-ihLUUIYkaRGLtnw==

GET
H3 200 activity;src=10050195;npa=0;auiddc=2011428811.1723243119;ps=1;pcor=1421585294;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880v9185241837za200zb9123037237;gcd=13l3l3l3l1...
ad.doubleclick.net/ 42 B
65 B 268ms
148ms Image
image/gif 216.58.206.70
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/activity;src=10050195;npa=0;auiddc=2011428811.1723243119;ps=1;pcor=1421585294;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880v9185241837za200zb9123037237;gcd=13l3l3l3l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader?

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

Security

QUIC, , AES_128_GCM

Server

216.58.206.70 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

lhr35s11-in-f6.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:39 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET activity;register_conversion=1;src=10050195;npa=0;auiddc=2011428811.1723243119;ps=1;pcor=1421585294;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880v9185241837za200zb912...
ad.doubleclick.net/ 0
0

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/662878185/ 3 KB
1 KB 356ms
135ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/662878185/?random=1723243119593&cv=11&fst=1723243119593&bg=ffffff&guid=ON&async=1&gtm=45be4880v887005625za200zb9123037237&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&hn=www.googleadservices.com&frm=0&tiba=PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=2011428811.1723243119&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-662878185&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

6e3d5ab269d31faf10b21aef448b2dc79efc9bf5c40cecfe59359aefd651996b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:39 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1455
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/729495989/ 3 KB
1 KB 322ms
128ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/729495989/?random=1723243119621&cv=11&fst=1723243119621&bg=ffffff&guid=ON&async=1&gtm=45be4880za200zb9123037237&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&hn=www.googleadservices.com&frm=0&tiba=PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=2011428811.1723243119&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-729495989&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

080b71964b4c93a0548acbb246ae6cbd7686326fc2c58cd6968fa9a58c460fee

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:39 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1445
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/609297413/ 3 KB
1 KB 300ms
125ms Script
text/javascript 142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/609297413/?random=1723243119640&cv=11&fst=1723243119640&bg=ffffff&guid=ON&async=1&gtm=45be4880za200zb9123037237&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&hn=www.googleadservices.com&frm=0&tiba=PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=2011428811.1723243119&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-609297413&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

c62aad5de42c0797c987480e7e127cb20fdbebef897cc3d21bd39f704b9deab1

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:39 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1446
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
www.google-analytics.com/g/ 0
0 119ms
118ms Fetch
text/plain 142.250.186.110
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-JH142QCQCJ&gtm=45je4880v893708426za200zb9123037237&_p=1723243118366&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=401372701.1723243119&ul=he-il&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1723243119&sct=1&seg=0&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&dt=PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs&en=page_view&_fv=1&_ss=1&_ee=1&tfd=4422
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JH142QCQCJ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.250.186.110 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s06-in-f14.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:39 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 s99596390257916
metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.26.0-LDQM/ 43 B
372 B 345ms
113ms Image
image/gif 63.140.62.222
OMNITURE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.26.0-LDQM/s99596390257916?AQB=1&ndh=1&pf=1&t=10%2F7%2F2024%201%3A38%3A39%206%20-180&sdid=378740B29D1C25B8-013B7D2A2E85407A&mid=59656206001368877113935338670922371994&aamlh=6&ce=UTF-8&pageName=en%3Ablog%3Athreat-research%3Apurehvnc-deployed-via-python-multi-stage-loader&g=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&cc=USD&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&v1=www.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&c7=Entire%20Site&c8=New&v25=59656206001368877113935338670922371994&v27=BLOG&v33=en%3Ablog%3Athreat-research%3Apurehvnc-deployed-via-python-multi-stage-loader&v35=Enabled&v92=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&v106=Overland%20Park&v107=Kansas&v108=United%20States&v126=NA&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=ED8739F75677FE917F000101%40AdobeOrg&AQE=1

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.62.222 , United States, ASN15224 (OMNITURE, US),

Reverse DNS

ip-63-140-62-222.data.adobedc.net

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Sat, 10 Aug 2024 22:38:40 GMT
server: jag
etag: 3700636423066025984-4618575440289212748
vary: *
p3p: CP="This is not a P3P policy"
access-control-allow-origin: *
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0, no-transform, private
content-length: 43
x-xss-protection: 1; mode=block
expires: Thu, 08 Aug 2024 22:38:40 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 233ms
233ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=42f1944b-f3a4-405b-8534-8506752422d5&session=e91cefb3-004e-45a3-83e9-72894a748c83&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2009%20Aug%202024%2022%3A38%3A39%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2009%20Aug%202024%2022%3A38%3A38%20GMT%22%2C%22timeSpent%22%3A%221005%22%2C%22totalTimeSpent%22%3A%221005%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Lab%20reveals%20a%20malware%20%5C%22PureHVNC%5C%22%2C%20sold%20on%20the%20cybercrime%20forum%2C%20is%20spreading%20through%20a%20phishing%20campaign%20targeting%20employees%20via%20a%20python%20multi-stage%20loader.%20Learn%20more.%22%2C%22keywords%22%3A%22FortiGuard%20Labs%20Threat%20Research%2Cpython%22%2C%22title%22%3A%22PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&pageViewId=40fd6078-11fe-467e-8b84-ebc2c1fd1d9c&v=1.1.23

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:39 GMT
x-content-type-options: nosniff
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Fri, 09 Aug 2024 22:38:39 GMT

GET
H2 200 gif.gif Show response
ibc-flow.techtarget.com/a/ 43 B
447 B 213ms
209ms XHR
image/gif 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1247773&r=1723243119817&ref=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&version=2.4
Requested by: Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier: 1247773
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:40 GMT
via: 1.1 google
x-guploader-uploadid: AHxI1nOYVgTRp5kTZZs-3IHqJkVqH_2i6kqdzdI7mfGx6rqMjpzvR2s2TEc0CtJXWsgKyolWU8Lzleptvw
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
last-modified: Thu, 08 Dec 2022 21:19:29 GMT
server: nginx/1.20.2
etag: "fc94fb0c3ed8a8f909dbc7630a0987ff"
vary: Origin
x-goog-generation: 1670534369365034
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control: public, max-age=3600
access-control-allow-methods: GET, POST, OPTIONS
x-goog-stored-content-length: 43
accept-ranges: bytes
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires: Fri, 09 Aug 2024 23:38:40 GMT

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 326ms
199ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1247773&r=1723243119817&ref=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://www.fortinet.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Fri, 09 Aug 2024 22:38:40 GMT
expires: Fri, 09 Aug 2024 22:38:40 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: AHxI1nOAcmXr9ap_6kRaZ75SFu_rTmKYwOdnSiZ_xrxJ1ZjMPvp4Gru4I7urwddHXpukRGPXF3iNv3IiKg

GET
H3 200 /
www.google.com/pagead/1p-user-list/609297413/ 42 B
64 B 353ms
123ms Image
image/gif 142.250.185.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/609297413/?random=1723243119640&cv=11&fst=1723240800000&bg=ffffff&guid=ON&async=1&gtm=45be4880za200zb9123037237&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&hn=www.googleadservices.com&frm=0&tiba=PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=2011428811.1723243119&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnf9J3fpcBNhw7Did5okHWU9IkuImqKAg&random=550832685&rmt_tld=0&ipr=y

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:40 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.co.il/pagead/1p-user-list/609297413/ 42 B
108 B 362ms
123ms Image
image/gif 172.217.16.195
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.il/pagead/1p-user-list/609297413/?random=1723243119640&cv=11&fst=1723240800000&bg=ffffff&guid=ON&async=1&gtm=45be4880za200zb9123037237&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&hn=www.googleadservices.com&frm=0&tiba=PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=2011428811.1723243119&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnf9J3fpcBNhw7Did5okHWU9IkuImqKAg&random=550832685&rmt_tld=1&ipr=y

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:40 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/729495989/ 42 B
64 B 349ms
123ms Image
image/gif 142.250.185.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/729495989/?random=1723243119621&cv=11&fst=1723240800000&bg=ffffff&guid=ON&async=1&gtm=45be4880za200zb9123037237&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&hn=www.googleadservices.com&frm=0&tiba=PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=2011428811.1723243119&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfR9ztPsrw6-th8Gi758D9Vzu1_Rh3Dw&random=2030547137&rmt_tld=0&ipr=y

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:40 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.co.il/pagead/1p-user-list/729495989/ 42 B
455 B 358ms
123ms Image
image/gif 172.217.16.195
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.il/pagead/1p-user-list/729495989/?random=1723243119621&cv=11&fst=1723240800000&bg=ffffff&guid=ON&async=1&gtm=45be4880za200zb9123037237&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&hn=www.googleadservices.com&frm=0&tiba=PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=2011428811.1723243119&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfR9ztPsrw6-th8Gi758D9Vzu1_Rh3Dw&random=2030547137&rmt_tld=1&ipr=y

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:40 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/662878185/ 42 B
64 B 343ms
123ms Image
image/gif 142.250.185.132
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/662878185/?random=1723243119593&cv=11&fst=1723240800000&bg=ffffff&guid=ON&async=1&gtm=45be4880v887005625za200zb9123037237&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&hn=www.googleadservices.com&frm=0&tiba=PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=2011428811.1723243119&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfFqlgKplDqD6rcLa1SJjA2ECG1JtI-g&random=848999028&rmt_tld=0&ipr=y

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.132 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f4.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:40 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 /
www.google.co.il/pagead/1p-user-list/662878185/ 42 B
108 B 259ms
123ms Image
image/gif 172.217.16.195
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.il/pagead/1p-user-list/662878185/?random=1723243119593&cv=11&fst=1723240800000&bg=ffffff&guid=ON&async=1&gtm=45be4880v887005625za200zb9123037237&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&hn=www.googleadservices.com&frm=0&tiba=PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=2011428811.1723243119&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDpaXnfFqlgKplDqD6rcLa1SJjA2ECG1JtI-g&random=848999028&rmt_tld=1&ipr=y

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.217.16.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:40 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 401 / Show response
pixels.argusplatform.com/wh/track/ 205 B
468 B 558ms
356ms XHR
application/json 13.107.246.67
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://pixels.argusplatform.com/wh/track/?site_id=C6AC00C8269540D0ABFF19F1B5558B6D&visitor_id=1723243120440987566&event_type=page_request&timestamp=1723243120&page_title=PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs&page_url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&page_url_referer=

Requested by

Host: tmp.argusplatform.com
URL: https://tmp.argusplatform.com/js/wid.tracker.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

13.107.246.67 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

2ed114345dab0a74e1c81b100e3db108ff86464854f3159d005fac67413454b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 09 Aug 2024 22:38:40 GMT
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
x-azure-ref: 20240809T223840Z-r164bbb7d64vp2rs94075cxwz00000000spg0000000037tp
x-cache: CONFIG_NOCACHE
request-context: appId=cid-v1:ead16ead-3a47-42dd-aec9-91a1bbb42ff5

GET
H2 200 fp.min.js Show response
cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/ 33 KB
15 KB 305ms
97ms Script
application/javascript 151.101.193.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js

Requested by

Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.193.229 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

99dc3803d1f19c8103f79f834044b2afd4c8af5b7927efbd36b1052d528b40ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Fri, 09 Aug 2024 22:38:40 GMT
x-content-type-options: nosniff
content-encoding: br
age: 13525
x-jsd-version: 3.4.2
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 15023
x-served-by: cache-fra-etou8220049-FRA, cache-mrs10559-MRS
x-jsd-version-type: version
etag: W/"83f4-k1lBXMQZh0ZUAAhwylRSOHXBLBY"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 site-visitors Show response
intentstream.contanuity.com/api/ 115 B
374 B 260ms
259ms Fetch
application/json 44.226.187.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://intentstream.contanuity.com/api/site-visitors?pageIdentifier=fortinet_2712

Requested by

Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.226.187.177 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-226-187-177.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

930494fef37c0c702073ceeddd12da067bba2824f8eba39e1f9a3c5332bec6b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubdomains

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
x-pixel-auth: true

Response headers

date: Fri, 09 Aug 2024 22:35:52 GMT
strict-transport-security: max-age=15724800; includeSubdomains
server: nginx
vary: origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.fortinet.com
access-control-expose-headers: WWW-Authenticate,Server-Authorization
cache-control: no-cache
accept-ranges: bytes
content-length: 115

OPTIONS
H2 200 site-visitors
intentstream.contanuity.com/api/ Frame 0
0 777ms
255ms Preflight 44.226.187.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://intentstream.contanuity.com/api/site-visitors?pageIdentifier=fortinet_2712

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.226.187.177 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-226-187-177.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: x-pixel-auth
Access-Control-Request-Method: GET
Origin: https://www.fortinet.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Accept,Authorization,Content-Type,If-None-Match,x-pixel-auth
access-control-allow-methods: GET
access-control-allow-origin: https://www.fortinet.com
access-control-expose-headers: WWW-Authenticate,Server-Authorization
access-control-max-age: 86400
cache-control: no-cache
content-length: 0
date: Fri, 09 Aug 2024 22:35:52 GMT
server: nginx
strict-transport-security: max-age=15724800; includeSubdomains

GET
BLOB 200
OK 6d87384c-d9b2-44cf-9b54-5fb56c105362
https://www.fortinet.com/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://www.fortinet.com/6d87384c-d9b2-44cf-9b54-5fb56c105362
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Length: 43
Content-Type: image/gif

GET
H2 200 RC190d282f2b9c4848b2ea08ca5751fa40-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/ 2 KB
1009 B 160ms
157ms Script
application/x-javascript 184.30.16.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/RC190d282f2b9c4848b2ea08ca5751fa40-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.16.231 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-231.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: fb1d26cefbc57469296aa2bbcf8c0b5857e3a8b23542a08f2fbdeaedb873e943

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:40 GMT
content-encoding: gzip
last-modified: Thu, 08 Aug 2024 18:15:50 GMT
server: AkamaiNetStorage
etag: "633a210e090b2fafc45162ab31636a64:1723140950.61328"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 753
expires: Fri, 09 Aug 2024 23:38:40 GMT

GET
H2 200 RC7be3d22b2fd6487ca9390477738587fe-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/ 819 B
755 B 151ms
148ms Script
application/x-javascript 184.30.16.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/RC7be3d22b2fd6487ca9390477738587fe-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.16.231 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-231.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 103597a62621cf72aa373242f71884a882e44c935aa5655551562d44106d97b3

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:40 GMT
content-encoding: gzip
last-modified: Thu, 08 Aug 2024 18:15:50 GMT
server: AkamaiNetStorage
etag: "633a210e090b2fafc45162ab31636a64:1723140950.61328"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 499
expires: Fri, 09 Aug 2024 23:38:40 GMT

GET
H2 200 RC407b573180554ea6b11eecdc31ecbd3f-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/ 819 B
753 B 160ms
157ms Script
application/x-javascript 184.30.16.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/RC407b573180554ea6b11eecdc31ecbd3f-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.16.231 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-231.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 1c20b2012200b5909cd873db6277a02e73278ad5f8394a87d893740b227a702a

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:40 GMT
content-encoding: gzip
last-modified: Thu, 08 Aug 2024 18:15:50 GMT
server: AkamaiNetStorage
etag: "633a210e090b2fafc45162ab31636a64:1723140950.61328"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 497
expires: Fri, 09 Aug 2024 23:38:40 GMT

GET
H2 200 RC1d92f04752ae42a38e54de48cb85adf4-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/ 661 B
646 B 330ms
328ms Script
application/x-javascript 184.30.16.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/RC1d92f04752ae42a38e54de48cb85adf4-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.16.231 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-231.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 9fd44a8ab49367e5cf5cad8236a0600183a76d891dd75d94c595fa822b592a6d

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:40 GMT
content-encoding: gzip
last-modified: Thu, 08 Aug 2024 18:15:50 GMT
server: AkamaiNetStorage
etag: "633a210e090b2fafc45162ab31636a64:1723140950.61328"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 390
expires: Fri, 09 Aug 2024 23:38:40 GMT

GET
H2 200 RCf940460311f349b5af69d075bdef61d4-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/ 368 B
489 B 164ms
162ms Script
application/x-javascript 184.30.16.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/RCf940460311f349b5af69d075bdef61d4-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.16.231 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-231.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 4f5403c3e059fbe9f113e1840246695212fbc0ff75e3cf98d1ec15df36096610

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:40 GMT
content-encoding: gzip
last-modified: Thu, 08 Aug 2024 18:15:50 GMT
server: AkamaiNetStorage
etag: "633a210e090b2fafc45162ab31636a64:1723140950.61328"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 233
expires: Fri, 09 Aug 2024 23:38:40 GMT

GET
H2 200 RCcb6e8e438d1741e6854bf3a039a2565a-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/ 754 B
702 B 149ms
148ms Script
application/x-javascript 184.30.16.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/RCcb6e8e438d1741e6854bf3a039a2565a-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.16.231 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-231.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 9c1bc9021a10eed560ccbf198f787bbfa919370faae7c67ddffde0acec389bab

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:40 GMT
content-encoding: gzip
last-modified: Thu, 08 Aug 2024 18:15:50 GMT
server: AkamaiNetStorage
etag: "633a210e090b2fafc45162ab31636a64:1723140950.61328"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 446
expires: Fri, 09 Aug 2024 23:38:40 GMT

GET
H2 200 RCbbd24be21a0f4115a18f29bb3fee2a7a-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/ 2 KB
966 B 151ms
150ms Script
application/x-javascript 184.30.16.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/RCbbd24be21a0f4115a18f29bb3fee2a7a-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.16.231 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-231.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: e2b9e70870be254cf7569e4675af23bf6673b6cde8d0bc22d41c36481b8b4378

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:40 GMT
content-encoding: gzip
last-modified: Thu, 08 Aug 2024 18:15:50 GMT
server: AkamaiNetStorage
etag: "633a210e090b2fafc45162ab31636a64:1723140950.61328"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 711
expires: Fri, 09 Aug 2024 23:38:40 GMT

GET
H2 200 RCf5bd1991cad84a7294a7b609189a1fa5-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/ 1021 B
855 B 154ms
153ms Script
application/x-javascript 184.30.16.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/RCf5bd1991cad84a7294a7b609189a1fa5-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.16.231 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-231.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 053c9099c33db1a9312be217e6e966592084287eafe476a303c1465b302d642d

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:40 GMT
content-encoding: gzip
last-modified: Thu, 08 Aug 2024 18:15:50 GMT
server: AkamaiNetStorage
etag: "633a210e090b2fafc45162ab31636a64:1723140950.61328"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 599
expires: Fri, 09 Aug 2024 23:38:40 GMT

GET
H2 200 RCcd84e40d19c24776bef77836ab2f8df6-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/ 819 B
755 B 234ms
233ms Script
application/x-javascript 184.30.16.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/RCcd84e40d19c24776bef77836ab2f8df6-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.16.231 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-231.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: f47d4b2e5cd0cd8f39d799d75437c2f2a084dee6c1f3e8c97b945162851fb6d0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:40 GMT
content-encoding: gzip
last-modified: Thu, 08 Aug 2024 18:15:50 GMT
server: AkamaiNetStorage
etag: "633a210e090b2fafc45162ab31636a64:1723140950.61328"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 500
expires: Fri, 09 Aug 2024 23:38:40 GMT

GET
H2 200 RC4daaa3cd330f4ee2934602a98dab7c5f-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/ 388 B
496 B 153ms
152ms Script
application/x-javascript 184.30.16.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/RC4daaa3cd330f4ee2934602a98dab7c5f-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.16.231 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-231.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: e1faf329e8f1f75c70018741a3020700779a70bb7b099c61e7b30c9fabd06f30

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:40 GMT
content-encoding: gzip
last-modified: Thu, 08 Aug 2024 18:15:50 GMT
server: AkamaiNetStorage
etag: "633a210e090b2fafc45162ab31636a64:1723140950.61328"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 241
expires: Fri, 09 Aug 2024 23:38:40 GMT

GET
H2 200 RC5c60a51709a94068afbf065e1448b617-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/ 664 B
655 B 166ms
166ms Script
application/x-javascript 184.30.16.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/RC5c60a51709a94068afbf065e1448b617-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.16.231 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-231.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: e68cf7c29664a3be5231305c50a706645aca46a016c37bb8c673c99c7a8d4a31

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:40 GMT
content-encoding: gzip
last-modified: Thu, 08 Aug 2024 18:15:50 GMT
server: AkamaiNetStorage
etag: "633a210e090b2fafc45162ab31636a64:1723140950.61328"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 399
expires: Fri, 09 Aug 2024 23:38:40 GMT

GET
H2 200 RC7675832323134b109ff7c59296e2d2ca-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/ 1 KB
794 B 164ms
164ms Script
application/x-javascript 184.30.16.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/RC7675832323134b109ff7c59296e2d2ca-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.16.231 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-231.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 4fe295ef662f0e765f8d110b8583c0511d246933c2397505ebca7d90258eaaaa

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:40 GMT
content-encoding: gzip
last-modified: Thu, 08 Aug 2024 18:15:50 GMT
server: AkamaiNetStorage
etag: "633a210e090b2fafc45162ab31636a64:1723140950.61328"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 538
expires: Fri, 09 Aug 2024 23:38:40 GMT

GET
H2 200 RC0ba76d5bbb984ea6a79cd6308c48dbff-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/ 2 KB
977 B 164ms
164ms Script
application/x-javascript 184.30.16.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/RC0ba76d5bbb984ea6a79cd6308c48dbff-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.16.231 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-231.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 94e793d285943f7e45f0cdade1b83945f01efe90571f31ef4731685cf7040e42

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:40 GMT
content-encoding: gzip
last-modified: Thu, 08 Aug 2024 18:15:50 GMT
server: AkamaiNetStorage
etag: "633a210e090b2fafc45162ab31636a64:1723140950.61328"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 722
expires: Fri, 09 Aug 2024 23:38:40 GMT

GET
H2 200 RC0829ccf7bc5a44478ae2705d4c111c37-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/ 966 B
805 B 165ms
165ms Script
application/x-javascript 184.30.16.231
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/aeceeec53d3a/RC0829ccf7bc5a44478ae2705d4c111c37-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.30.16.231 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-30-16-231.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: d6034d18249c9b7dd34d51997a2abca6eae47c5dd8c44a08f891edf4d467f309

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:40 GMT
content-encoding: gzip
last-modified: Thu, 08 Aug 2024 18:15:50 GMT
server: AkamaiNetStorage
etag: "633a210e090b2fafc45162ab31636a64:1723140950.61328"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 549
expires: Fri, 09 Aug 2024 23:38:40 GMT

GET
H2 200 p Show response
i.simpli.fi/ 798 B
762 B 132ms
119ms Script
application/javascript 35.204.89.238
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://i.simpli.fi/p?cid=339566&cb=sifi_att_42656._hp
Requested by: Host: tag.simpli.fi
URL: https://tag.simpli.fi/sifitag/25f2dd15-02c6-4e7a-bc8b-c5722b49624d
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.204.89.238 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 238.89.204.35.bc.googleusercontent.com
Software: openresty /
Resource Hash: d8bdaa339c41e25dcd6b8f2031c22bfb8634d14dcdeded8b8e64257c7368e968

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:40 GMT
content-encoding: gzip
server: openresty
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK favicon.ico
www.fortinet.com/etc/designs/fortinet-blog/ 318 B
2 KB 117ms
116ms Other
image/vnd.microsoft.icon 3.123.216.247
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc/designs/fortinet-blog/favicon.ico

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

3.123.216.247 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-123-216-247.eu-central-1.compute.amazonaws.com

Software

Apache /

Resource Hash

d18b3c9feb76c3c1cfdcc51c732f113327e3c33fb3f63b479951f7da6ed1216f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Thu, 08 Aug 2024 09:18:33 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Encoding: gzip
Via: 1.1 a54cda8ccda3480314f451558e4dd062.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: FRA60-P3
X-Vhost: publish
X-Cache: Hit from cloudfront
Age: 134407
Connection: keep-alive
Content-Length: 133
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 22 Feb 2018 05:17:28 GMT
Server: Apache
ETag: "13e-565c628eb6a00-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: image/vnd.microsoft.icon
Cache-Control: max-age=2000000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: 5Z0MZA8mPCNgmSZ0yU7C18Aj4PiqqhahZX0BUqBRnfPEsVWKPmFPyg==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 209ms
209ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=42f1944b-f3a4-405b-8534-8506752422d5&session=e91cefb3-004e-45a3-83e9-72894a748c83&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2009%20Aug%202024%2022%3A38%3A40%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2009%20Aug%202024%2022%3A38%3A39%20GMT%22%2C%22timeSpent%22%3A%221023%22%2C%22totalTimeSpent%22%3A%222028%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Lab%20reveals%20a%20malware%20%5C%22PureHVNC%5C%22%2C%20sold%20on%20the%20cybercrime%20forum%2C%20is%20spreading%20through%20a%20phishing%20campaign%20targeting%20employees%20via%20a%20python%20multi-stage%20loader.%20Learn%20more.%22%2C%22keywords%22%3A%22FortiGuard%20Labs%20Threat%20Research%2Cpython%22%2C%22title%22%3A%22PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&pageViewId=40fd6078-11fe-467e-8b84-ebc2c1fd1d9c&v=1.1.23

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:40 GMT
x-content-type-options: nosniff
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Fri, 09 Aug 2024 22:38:40 GMT

GET
H/1.1 200
OK https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader Show response
abm-tracking.demandscience.com/page-tracking/fortinet_2712/ 2 B
665 B 266ms
266ms Script
application/json 52.32.164.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://abm-tracking.demandscience.com/page-tracking/fortinet_2712/https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader?visitorId=32e39a6d08d82c7f5e39d3ea18d4efb4_1723243120841&&clientId=undefined&&cookieEnabled=true
Requested by: Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.32.164.86 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-32-164-86.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 09 Aug 2024 22:38:40 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Content-Length: 2
Expires: -1

GET
H2

200

RX-9b3132aa-9522-4471-81a2-829365acac97-003
sync.targeting.unrulymedia.com/csync/
Redirect Chain

https://um.simpli.fi/smaato
https://s.ad.smaato.net/c/?dspInit=1001136&dspCookie=FCE2CCF06CD9448EA3DB7054DA67A2AE
https://sync.1rx.io/usersync/smaato/f8523ec180?gdpr=0&gdpr_consent=
https://sync.1rx.io/usersync/smaato/f8523ec180?zcc=1&cb=1723243121894
https://sync.targeting.unrulymedia.com/csync/RX-9b3132aa-9522-4471-81a2-829365acac97-003

43 B
377 B

487ms
116ms

Image
image/gif

46.228.174.117
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.targeting.unrulymedia.com/csync/RX-9b3132aa-9522-4471-81a2-829365acac97-003
Protocol: H2
Server: 46.228.174.117 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:42 GMT
content-length: 43
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"

Redirect headers

content-type: text/html
pragma: no-cache
date: Fri, 09 Aug 2024 22:38:42 GMT
cache-control: no-store, no-cache, must-revalidate
location: https://sync.targeting.unrulymedia.com/csync/RX-9b3132aa-9522-4471-81a2-829365acac97-003
expires: 0

GET
H2

200

RX-9b3132aa-9522-4471-81a2-829365acac97-003
sync.targeting.unrulymedia.com/csync/
Redirect Chain

https://um.simpli.fi/nexxen
https://sync.1rx.io/usersync/simplifi/FCE2CCF06CD9448EA3DB7054DA67A2AE
https://sync.1rx.io/usersync/simplifi/FCE2CCF06CD9448EA3DB7054DA67A2AE?zcc=1&cb=1723243121893
https://sync.targeting.unrulymedia.com/csync/RX-9b3132aa-9522-4471-81a2-829365acac97-003

43 B
378 B

372ms
116ms

Image
image/gif

46.228.174.117
AMOBEE

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.targeting.unrulymedia.com/csync/RX-9b3132aa-9522-4471-81a2-829365acac97-003
Protocol: H2
Server: 46.228.174.117 , United Kingdom, ASN56396 (AMOBEE, GB),
Reverse DNS
Software: /
Resource Hash: dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:42 GMT
content-length: 43
p3p: CP="This is not a P3P policy! See https://www.rhythmone.com/p3p to learn why"

Redirect headers

content-type: text/html
pragma: no-cache
date: Fri, 09 Aug 2024 22:38:42 GMT
cache-control: no-store, no-cache, must-revalidate
location: https://sync.targeting.unrulymedia.com/csync/RX-9b3132aa-9522-4471-81a2-829365acac97-003
expires: 0

GET
H2

200

xuid
eb2.3lift.com/
Redirect Chain

https://um.simpli.fi/triplelift
https://eb2.3lift.com/xuid?mid=7969&xuid=FCE2CCF06CD9448EA3DB7054DA67A2AE&dongle=yf3
https://eb2.3lift.com/xuid?ld=1&mid=7969&xuid=FCE2CCF06CD9448EA3DB7054DA67A2AE&dongle=yf3&gdpr=0&cmp_cs=&us_privacy=

37 B
476 B

117ms
117ms

Image
image/gif

76.223.111.18
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://eb2.3lift.com/xuid?ld=1&mid=7969&xuid=FCE2CCF06CD9448EA3DB7054DA67A2AE&dongle=yf3&gdpr=0&cmp_cs=&us_privacy=
Protocol: H2
Server: 76.223.111.18 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: a0f671730127a0812.awsglobalaccelerator.com
Software: /
Resource Hash: bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
date: Fri, 09 Aug 2024 22:38:41 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 37
content-type: image/gif

Redirect headers

location: /xuid?ld=1&mid=7969&xuid=FCE2CCF06CD9448EA3DB7054DA67A2AE&dongle=yf3&gdpr=0&cmp_cs=&us_privacy=
date: Fri, 09 Aug 2024 22:38:41 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 0
p3p: policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

GET
H2

200

sync
simplifi.partners.tremorhub.com/
Redirect Chain

https://um.simpli.fi/telaria_p
https://simplifi.partners.tremorhub.com/sync?UISF=FCE2CCF06CD9448EA3DB7054DA67A2AE

43 B
175 B

592ms
194ms

Image
image/gif

3.215.201.134
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://simplifi.partners.tremorhub.com/sync?UISF=FCE2CCF06CD9448EA3DB7054DA67A2AE
Protocol: H2
Server: 3.215.201.134 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-215-201-134.compute-1.amazonaws.com
Software: nginx /
Resource Hash: a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-type: image/gif
date: Fri, 09 Aug 2024 22:38:41 GMT
server: nginx
p3p: CP='This is not a P3P policy. See https://telaria.com/privacy-policy/'

Redirect headers

date: Fri, 09 Aug 2024 22:38:41 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://simplifi.partners.tremorhub.com/sync?UISF=FCE2CCF06CD9448EA3DB7054DA67A2AE
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Thu, 08 Aug 2024 22:38:41 GMT

GET
H2

200

check
pixel.tapad.com/idsync/ex/receive/
Redirect Chain

https://um.simpli.fi/tapad
https://pixel.tapad.com/idsync/ex/receive?partner_id=2305&partner_device_id=FCE2CCF06CD9448EA3DB7054DA67A2AE
https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=FCE2CCF06CD9448EA3DB7054DA67A2AE

95 B
427 B

117ms
116ms

Image
image/png

34.111.113.62
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=FCE2CCF06CD9448EA3DB7054DA67A2AE

Protocol

Server

34.111.113.62 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

62.113.111.34.bc.googleusercontent.com

Software

Jetty(11.0.13) /

Resource Hash

3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:41 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: Jetty(11.0.13)
content-type: image/png
access-control-allow-origin: *
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 95

Redirect headers

date: Fri, 09 Aug 2024 22:38:41 GMT
strict-transport-security: max-age=31536000
via: 1.1 google
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-WoW64
server: Jetty(11.0.13)
p3p: policyref="http://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
access-control-allow-origin: *
location: https://pixel.tapad.com/idsync/ex/receive/check?partner_id=2305&partner_device_id=FCE2CCF06CD9448EA3DB7054DA67A2AE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

empty.gif
um.simpli.fi/
Redirect Chain

https://um.simpli.fi/ad_advisor
https://aa.agkn.com/adscores/g.pixel?sid=9201915418&sifi_uid=FCE2CCF06CD9448EA3DB7054DA67A2AE
https://d.agkn.com/pixel/10751/?che=1723243121565&ip=31.187.78.101&l1=https%3A%2F%2Fum.simpli.fi%2Faa_px%3Fsk%3D219403204969004351689
https://um.simpli.fi/aa_px?sk=219403204969004351689
https://um.simpli.fi/empty.gif

43 B
361 B

118ms
117ms

Image
image/gif

35.204.74.118
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/empty.gif

Protocol

Server

35.204.74.118 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

118.74.204.35.bc.googleusercontent.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:42 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43

Redirect headers

date: Fri, 09 Aug 2024 22:38:42 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: /empty.gif
access-control-allow-origin: *
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142

GET
H2

200

ProfilesEngineServlet
sync.intentiq.com/profiles_engine/
Redirect Chain

https://um.simpli.fi/intentiq
https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=FCE2CCF06CD9448EA3DB7054DA67A2AE

43 B
545 B

445ms
202ms

Image
image/gif

18.239.69.49
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=FCE2CCF06CD9448EA3DB7054DA67A2AE
Protocol: H2
Server: 18.239.69.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-239-69-49.ams58.r.cloudfront.net
Software: /
Resource Hash: caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:41 GMT
via: 1.1 9dfbacf2c8a61beb17591bdaab142956.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P4
x-cache: Miss from cloudfront
content-type: image/gif
p3p: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=86400
content-length: 43
x-amz-cf-id: ev2wEVHTEYRRR9zY0GtMVP8px57NgbfCk_67fwNnnx-J7WdzBW0oXw==
expires: Thu, 01 Jan 1970 00:00:00 GMT

Redirect headers

date: Fri, 09 Aug 2024 22:38:41 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://sync.intentiq.com/profiles_engine/ProfilesEngineServlet?at=20&dpi=2124307461&pcid=FCE2CCF06CD9448EA3DB7054DA67A2AE
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Thu, 08 Aug 2024 22:38:41 GMT

GET
H2 200 pubmatic
um.simpli.fi/ 43 B
409 B 167ms
165ms Image
image/gif 35.204.74.118
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/pubmatic

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.204.74.118 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

118.74.204.35.bc.googleusercontent.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:41 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Thu, 08 Aug 2024 22:38:41 GMT

GET
H2 200 freewheel
um.simpli.fi/ 43 B
409 B 167ms
165ms Image
image/gif 35.204.74.118
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/freewheel

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.204.74.118 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

118.74.204.35.bc.googleusercontent.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:41 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Thu, 08 Aug 2024 22:38:41 GMT

GET
H2

204

cms
ups.analytics.yahoo.com/ups/58726/
Redirect Chain

https://um.simpli.fi/dtnx
https://fei.pro-market.net/engine?du=24;csync=FCE2CCF06CD9448EA3DB7054DA67A2AE;mimetype=img;
https://fei.pro-market.net/engine?du=24;csync=FCE2CCF06CD9448EA3DB7054DA67A2AE;mimetype=img;sr
https://cms.analytics.yahoo.com/cms?partner_id=DATCS
https://ups.analytics.yahoo.com/ups/58726/cms?partner_id=DATCS

0
110 B

164ms
145ms

Image
text/plain

3.71.149.231
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ups.analytics.yahoo.com/ups/58726/cms?partner_id=DATCS

Protocol

Server

3.71.149.231 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-3-71-149-231.eu-central-1.compute.amazonaws.com

Software

ATS/9.1.10.134 /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:42 GMT
strict-transport-security: max-age=31536000
server: ATS/9.1.10.134
age: 0
p3p: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location: https://ups.analytics.yahoo.com/ups/58726/cms?partner_id=DATCS
date: Fri, 09 Aug 2024 22:38:41 GMT
cache-control: no-store
content-language: en
server: ATS/9.1.10.134
content-length: 344
content-type: text/html

GET
H2

204

/
loadm.exelator.com/load/
Redirect Chain

https://um.simpli.fi/exelatem
https://loadm.exelator.com/load/?p=204&g=2191&simid=FCE2CCF06CD9448EA3DB7054DA67A2AE&j=0
https://loadm.exelator.com/load/?p=204&g=2191&simid=FCE2CCF06CD9448EA3DB7054DA67A2AE&j=0&xl8blockcheck=1

0
2 KB

128ms
127ms

Image
text/plain

54.78.254.47
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://loadm.exelator.com/load/?p=204&g=2191&simid=FCE2CCF06CD9448EA3DB7054DA67A2AE&j=0&xl8blockcheck=1
Protocol: H2
Server: 54.78.254.47 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-78-254-47.eu-west-1.compute.amazonaws.com
Software: nginx / Undertow/1
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:41 GMT
cache-control: no-cache
access-control-allow-credentials: true
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA

Redirect headers

date: Fri, 09 Aug 2024 22:38:41 GMT
server: nginx
x-powered-by: Undertow/1
p3p: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA, policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
location: https://loadm.exelator.com/load/?p=204&g=2191&simid=FCE2CCF06CD9448EA3DB7054DA67A2AE&j=0&xl8blockcheck=1
content-type: image/gif
cache-control: no-cache
access-control-allow-credentials: true
content-length: 0

GET
H2 200 yahoo
um.simpli.fi/ 43 B
409 B 168ms
166ms Image
image/gif 35.204.74.118
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/yahoo

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.204.74.118 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

118.74.204.35.bc.googleusercontent.com

Software

Resource Hash

cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:41 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
last-modified: Mon, 28 Sep 1970 06:00:00 GMT
access-control-allow-methods: GET, POST, OPTIONS
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 43
expires: Thu, 08 Aug 2024 22:38:41 GMT

GET
H/1.1

204

sync
sync.bfmio.com/
Redirect Chain

https://um.simpli.fi/beachfront
https://sync.bfmio.com/sync?pid=141&uid=FCE2CCF06CD9448EA3DB7054DA67A2AE

0
421 B

780ms
189ms

Image
text/plain

52.202.93.40
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://sync.bfmio.com/sync?pid=141&uid=FCE2CCF06CD9448EA3DB7054DA67A2AE
Protocol: HTTP/1.1
Server: 52.202.93.40 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-202-93-40.compute-1.amazonaws.com
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Connection: keep-alive
Date: Fri, 09 Aug 2024 22:38:41 GMT

Redirect headers

date: Fri, 09 Aug 2024 22:38:41 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://sync.bfmio.com/sync?pid=141&uid=FCE2CCF06CD9448EA3DB7054DA67A2AE
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Thu, 08 Aug 2024 22:38:41 GMT

GET
H2

200

29931
stags.bluekai.com/site/
Redirect Chain

https://um.simpli.fi/bluekai
https://stags.bluekai.com/site/29931?id=FCE2CCF06CD9448EA3DB7054DA67A2AE

62 B
446 B

515ms
271ms

Image
image/gif

72.246.169.24
AKAMAI-AS

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://stags.bluekai.com/site/29931?id=FCE2CCF06CD9448EA3DB7054DA67A2AE
Protocol: H2
Server: 72.246.169.24 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a72-246-169-24.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-type: image/gif
date: Fri, 09 Aug 2024 22:38:41 GMT
content-length: 62
p3p: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"

Redirect headers

date: Fri, 09 Aug 2024 22:38:41 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://stags.bluekai.com/site/29931?id=FCE2CCF06CD9448EA3DB7054DA67A2AE
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Thu, 08 Aug 2024 22:38:41 GMT

GET
H2

200

tpid=FCE2CCF06CD9448EA3DB7054DA67A2AE
bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/
Redirect Chain

https://um.simpli.fi/crwdcntrl
https://bcp.crwdcntrl.net/map/c=7625/tp=SIMP/tpid=FCE2CCF06CD9448EA3DB7054DA67A2AE
https://bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/tpid=FCE2CCF06CD9448EA3DB7054DA67A2AE

49 B
544 B

134ms
132ms

Image
image/gif

54.194.254.146
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/tpid=FCE2CCF06CD9448EA3DB7054DA67A2AE
Protocol: H2
Server: 54.194.254.146 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-194-254-146.eu-west-1.compute.amazonaws.com
Software: Jetty(9.4.38.v20210224) /
Resource Hash: 2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:41 GMT
server: Jetty(9.4.38.v20210224)
content-type: image/gif
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
access-control-allow-origin: *
cache-control: no-cache
x-server: 10.45.5.80
content-length: 49
expires: 0

Redirect headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:41 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://bcp.crwdcntrl.net/map/ct=y/c=7625/tp=SIMP/tpid=FCE2CCF06CD9448EA3DB7054DA67A2AE
cache-control: no-cache
x-server: 10.45.11.234
content-length: 0
expires: 0

GET
H2

200

merge
ce.lijit.com/
Redirect Chain

https://um.simpli.fi/lj_match
https://ce.lijit.com/merge?pid=2&3pid=FCE2CCF06CD9448EA3DB7054DA67A2AE
https://ce.lijit.com/merge?pid=2&3pid=FCE2CCF06CD9448EA3DB7054DA67A2AE&dnr=1

43 B
509 B

127ms
125ms

Image
image/gif

54.171.248.53
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ce.lijit.com/merge?pid=2&3pid=FCE2CCF06CD9448EA3DB7054DA67A2AE&dnr=1
Protocol: H2
Server: 54.171.248.53 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-171-248-53.eu-west-1.compute.amazonaws.com
Software: /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:41 GMT
vary: Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
content-type: image/gif
cache-control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
content-length: 43
expires: Fri, 20 Mar 2009 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:41 GMT
vary: Accept-Encoding
p3p: CP="CUR ADM OUR NOR STA NID"
location: https://ce.lijit.com/merge?pid=2&3pid=FCE2CCF06CD9448EA3DB7054DA67A2AE&dnr=1
cache-control: private, no-cache, no-store, must-revalidate, proxy-revalidate, max-age=0, s-maxage=0
content-length: 0
expires: Fri, 20 Mar 2009 00:00:00 GMT

GET
H2

200

sync
pippio.com/api/
Redirect Chain

https://um.simpli.fi/liveramp_match
https://idsync.rlcdn.com/419566.gif?partner_uid=FCE2CCF06CD9448EA3DB7054DA67A2AE
https://idsync.rlcdn.com/1000.gif?memo=CO7NGRIrCicIARDuJBogRkNFMkNDRjA2Q0Q5NDQ4RUEzREI3MDU0REE2N0EyQUUQABoNCPG02rUGEgUI6AcQAEIASgA
https://pippio.com/api/sync?pid=5324&it=1&iv=e9fc0a01133384fc54664003c9aecd590e463a4502eae283cfbeafca934dcc3d791426b5417dce21&_=2

42 B
569 B

353ms
228ms

Image
image/gif

107.178.254.65
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pippio.com/api/sync?pid=5324&it=1&iv=e9fc0a01133384fc54664003c9aecd590e463a4502eae283cfbeafca934dcc3d791426b5417dce21&_=2
Protocol: H2
Server: 107.178.254.65 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 65.254.178.107.bc.googleusercontent.com
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:41 GMT
via: 1.1 google
content-type: image/gif
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42

Redirect headers

date: Fri, 09 Aug 2024 22:38:41 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://pippio.com/api/sync?pid=5324&it=1&iv=e9fc0a01133384fc54664003c9aecd590e463a4502eae283cfbeafca934dcc3d791426b5417dce21&_=2
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H2

200

/
www.google.co.il/pagead/1p-conversion/1026675585/
Redirect Chain

https://www.googleadservices.com/pagead/conversion/1026675585/?random=1723243120795&cv=7&fst=1723243120795&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/1026675585/?random=40837764&cv=7&fst=1723243120795&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CKG4s...
https://www.google.com/pagead/1p-conversion/1026675585/?random=40837764&cv=7&fst=1723243120795&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CKG4sQIIscGxAgiwwbECCLnBsQ...
https://www.google.co.il/pagead/1p-conversion/1026675585/?random=40837764&cv=7&fst=1723243120795&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CKG4sQIIscGxAgiwwbECCLnB...

42 B
108 B

127ms
125ms

Image
image/gif

172.217.16.195
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.il/pagead/1p-conversion/1026675585/?random=40837764&cv=7&fst=1723243120795&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CKG4sQIIscGxAgiwwbECCLnBsQI&pscrd=IhMIwKLe8PzohwMVdI-DBx2XyCYDMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5mb3J0aW5ldC5jb20v&is_vtc=1&cid=CAQSKQDpaXnfZIoPajVjZMAAXRdeNBAlP37HZcGET6w1YOuh28EPP9wkFWPv&random=3232231773&ipr=y

Protocol

Server

172.217.16.195 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s08-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:41 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:41 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.co.il/pagead/1p-conversion/1026675585/?random=40837764&cv=7&fst=1723243120795&fmt=3&value=0&label=eGG0CO2U2AIQgafH6QM&guid=ON&ct_cookie_present=false&crd=CKG4sQIIscGxAgiwwbECCLnBsQI&pscrd=IhMIwKLe8PzohwMVdI-DBx2XyCYDMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggSOhlodHRwczovL3d3dy5mb3J0aW5ldC5jb20v&is_vtc=1&cid=CAQSKQDpaXnfZIoPajVjZMAAXRdeNBAlP37HZcGET6w1YOuh28EPP9wkFWPv&random=3232231773&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 204 spotx_match
um.simpli.fi/ 0
272 B 172ms
171ms Image
text/plain 35.204.74.118
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/spotx_match

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.204.74.118 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

118.74.204.35.bc.googleusercontent.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 09 Aug 2024 22:38:41 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
access-control-allow-methods: GET, POST, OPTIONS

GET
H2

200

bounce
ib.adnxs.com/
Redirect Chain

https://um.simpli.fi/an
https://ib.adnxs.com/setuid?entity=66&code=FCE2CCF06CD9448EA3DB7054DA67A2AE
https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3DFCE2CCF06CD9448EA3DB7054DA67A2AE

43 B
1 KB

115ms
114ms

Image
image/gif

185.89.210.90
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3DFCE2CCF06CD9448EA3DB7054DA67A2AE

Protocol

Server

185.89.210.90 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:41 GMT
an-x-request-uuid: d0e93b31-1565-4535-ac7c-2b21611f282c
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 31.187.78.101; 31.187.78.101; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:41 GMT
an-x-request-uuid: 1b699c11-d0e1-4854-b275-f5c6abdb733e
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://ib.adnxs.com/bounce?%2Fsetuid%3Fentity%3D66%26code%3DFCE2CCF06CD9448EA3DB7054DA67A2AE
cache-control: no-store, no-cache, private
x-proxy-origin: 31.187.78.101; 31.187.78.101; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H/1.1

200
OK

tap.php
pixel.rubiconproject.com/
Redirect Chain

https://um.simpli.fi/rb_match
https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=FCE2CCF06CD9448EA3DB7054DA67A2AE&expires=365

42 B
1 KB

508ms
112ms

Image
image/gif

69.173.144.165
RUBICONPROJECT

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=FCE2CCF06CD9448EA3DB7054DA67A2AE&expires=365
Protocol: HTTP/1.1
Server: 69.173.144.165 Frankfurt am Main, Germany, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Pragma: no-cache
Content-Type: image/gif
Cache-Control: no-cache,no-store,must-revalidate
content-length: 42
X-RPHost: 1f4afaf10c6b5898421df1cdca3fc7f5
Expires: 0

Redirect headers

date: Fri, 09 Aug 2024 22:38:41 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://pixel.rubiconproject.com/tap.php?v=6286&nid=2132&put=FCE2CCF06CD9448EA3DB7054DA67A2AE&expires=365
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Thu, 08 Aug 2024 22:38:41 GMT

GET
H2

200

sd
us-u.openx.net/w/1.0/
Redirect Chain

https://um.simpli.fi/ox_match
https://us-u.openx.net/w/1.0/sd?id=537072966&val=FCE2CCF06CD9448EA3DB7054DA67A2AE

43 B
264 B

238ms
113ms

Image
image/gif

35.244.159.8
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://us-u.openx.net/w/1.0/sd?id=537072966&val=FCE2CCF06CD9448EA3DB7054DA67A2AE
Protocol: H2
Server: 35.244.159.8 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 8.159.244.35.bc.googleusercontent.com
Software: OXGW/0.0.0 /
Resource Hash: 4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:41 GMT
via: 1.1 google
server: OXGW/0.0.0
vary: Accept
content-type: image/gif
p3p: CP="CUR ADM OUR NOR STA NID"
cache-control: private, max-age=0, no-cache
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

date: Fri, 09 Aug 2024 22:38:41 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
server: openresty
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/html
location: https://us-u.openx.net/w/1.0/sd?id=537072966&val=FCE2CCF06CD9448EA3DB7054DA67A2AE
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
content-length: 142
expires: Thu, 08 Aug 2024 22:38:41 GMT

GET
H2

204

g_match
um.simpli.fi/
Redirect Chain

https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_cm&google_sc
https://um.simpli.fi/g_match?id=&google_gid=CAESEJL9nkeTFqd4vuJQXWC4N10&google_cver=1
https://cm.g.doubleclick.net/pixel?google_nid=simplifi&google_hm=FCE2CCF06CD9448EA3DB7054DA67A2AE
https://um.simpli.fi/g_match?id=

0
320 B

115ms
115ms

Image
text/plain

35.204.74.118
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://um.simpli.fi/g_match?id=

Protocol

Server

35.204.74.118 Groningen, Netherlands, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

118.74.204.35.bc.googleusercontent.com

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:41 GMT
strict-transport-security: max-age=63072000; includeSubdomains; preload
x-content-type-options: nosniff
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
cache-control: no-cache
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
expires: Thu, 08 Aug 2024 22:38:41 GMT

Redirect headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:41 GMT
server: HTTP server (unknown)
content-type: text/html; charset=UTF-8
location: https://um.simpli.fi/g_match?id=
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 229
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK spx Show response
dx.mountain.com/ 23 KB
6 KB 799ms
204ms Script
application/javascript 34.238.149.65
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=32336&tdr=&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&cb=8939508226799675term=value
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.238.149.65 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-238-149-65.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: 71f246cfcdf6d37d683f464bbdf984cb6b90b597c475a3d0d80e7f3567a596a9

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:40 GMT
content-encoding: gzip
server: istio-envoy
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
transfer-encoding: chunked
content-type: application/javascript;charset=utf-8
x-envoy-upstream-service-time: 2
be: spx-prod
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 344ms
110ms Script
application/javascript 151.101.8.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.8.157 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:41 GMT
content-encoding: gzip
last-modified: Thu, 04 Apr 2024 00:26:35 GMT
x-amz-server-side-encryption: AES256
etag: "bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15412
x-served-by: cache-iad-kcgs7200164-IAD, cache-bru1480071-BRU

GET
H2

200

bounce
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/px?id=1773420&t=2
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1773420%26t%3D2

43 B
1 KB

118ms
115ms

Image
image/gif

185.89.210.46
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1773420%26t%3D2

Protocol

Server

185.89.210.46 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:41 GMT
an-x-request-uuid: 402e8366-45de-4bcd-8ad9-6f2c419f3942
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 31.187.78.101; 31.187.78.101; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:41 GMT
an-x-request-uuid: 0a1cec83-e734-461a-b2db-d45388c3b192
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1773420%26t%3D2
cache-control: no-store, no-cache, private
x-proxy-origin: 31.187.78.101; 31.187.78.101; 940.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/
Redirect Chain

https://ib.adnxs.com/seg?add=36113683
https://ib.adnxs.com/bounce?%2Fseg%3Fadd%3D36113683

43 B
1 KB

117ms
117ms

Image
image/gif

185.89.210.90
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fseg%3Fadd%3D36113683

Protocol

Server

185.89.210.90 Frankfurt am Main, Germany, ASN29990 (ASN-APPNEX, US),

Reverse DNS

941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:41 GMT
an-x-request-uuid: 9a203239-90aa-481a-9eb0-93aa60f72dcc
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 31.187.78.101; 31.187.78.101; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:41 GMT
an-x-request-uuid: b626ecaa-35ab-4c05-8177-a5217e8a1656
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://ib.adnxs.com/bounce?%2Fseg%3Fadd%3D36113683
x-proxy-origin: 31.187.78.101; 31.187.78.101; 941.bm-nginx-loadbalancer.mgmt.ams3.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 iztag.js Show response
tags.inzynk.io/0ulh3gex/ 21 KB
21 KB 384ms
118ms Script
application/octet-stream 18.245.60.5
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.inzynk.io/0ulh3gex/iztag.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.245.60.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-245-60-5.fra60.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 178ec5d6c8298d4e308c4b7674042667ecafdbffcb5331b621985a2b11539f0e

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id: null
date: Fri, 09 Aug 2024 08:14:22 GMT
via: 1.1 dc57cbf9d7336ae929f762b5ada2ed98.cloudfront.net (CloudFront)
last-modified: Wed, 22 Nov 2023 13:20:07 GMT
server: AmazonS3
x-amz-cf-pop: FRA60-P5
age: 51866
x-amz-server-side-encryption: AES256
etag: "605a29cc08159ad81b95e2ceac549300"
x-cache: Hit from cloudfront
content-type: application/octet-stream
accept-ranges: bytes
content-length: 21193
x-amz-cf-id: WucRpUajZrCdhVKmUYXcqwWlc2oWIC54ipoqJF_bQcIAfKHNTxhO-A==

GET
H/1.1 200
OK tracking Show response
tracking.contanuity.com/ 2 B
769 B 796ms
264ms Script
application/json 54.203.236.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.contanuity.com/tracking?visitorId=32e39a6d08d82c7f5e39d3ea18d4efb4_1723243120841&&clientId=undefined&&cookieEnabled=true
Requested by: Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.203.236.163 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-203-236-163.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Pragma: no-cache
Date: Fri, 09 Aug 2024 22:38:42 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Content-Length: 2
Expires: -1

GET
H2 401 / Show response
webtracker.argusplatform.com/wh/track/ 205 B
469 B 596ms
371ms XHR
application/json 13.107.246.67
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://webtracker.argusplatform.com/wh/track/?site_id=C6AC00C8269540D0ABFF19F1B5558B6D&visitor_id=1723243120440987566&event_type=page_request&timestamp=1723243121&page_title=PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs&page_url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&page_url_referer=

Requested by

Host: tmp.argusplatform.com
URL: https://tmp.argusplatform.com/js/wid.tracker.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

13.107.246.67 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

2ed114345dab0a74e1c81b100e3db108ff86464854f3159d005fac67413454b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
date: Fri, 09 Aug 2024 22:38:41 GMT
strict-transport-security: max-age=31536000
content-type: application/json; charset=utf-8
x-azure-ref: 20240809T223841Z-r164bbb7d64qzj8jvv70e0zepg000000082g00000000338p
x-cache: CONFIG_NOCACHE
request-context: appId=cid-v1:ead16ead-3a47-42dd-aec9-91a1bbb42ff5

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 180 KB
65 KB 128ms
127ms Script
application/javascript 142.250.185.200
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-M4NSPPXN

Requested by

Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.200 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s52-in-f8.1e100.net

Software

Google Tag Manager /

Resource Hash

3b4f5964d63830cc4fb8b8efe6c8821da7fb8220853089bd9e02f685533465e8

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66747
x-xss-protection: 0
last-modified: Fri, 09 Aug 2024 21:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 09 Aug 2024 22:38:41 GMT

GET
H2 200 adsct
t.co/i/ 43 B
377 B 618ms
280ms Image
image/gif 93.184.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=03f47a50-f7c3-430c-a478-472086509bfb&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=a5f3d27c-d7cb-4262-be44-ee01c1b2673b&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o6ezf&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.221.165 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-response-time: 168
date: Fri, 09 Aug 2024 22:38:41 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 61e749c9beaee940
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: eac6d55692ff3298ca66ab74fbbe25f3f44cc0508775012842dab088fe75a4d3
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
392 B 488ms
223ms Image
image/gif 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=03f47a50-f7c3-430c-a478-472086509bfb&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=a5f3d27c-d7cb-4262-be44-ee01c1b2673b&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o6ezf&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-response-time: 104
date: Fri, 09 Aug 2024 22:38:41 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: fd14c39477060c96
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 41a2d1bc109cbd2ebde3df2d0b51a568e9fd8e67301acea73d140b9361787f24
content-length: 43

GET
H2 200 adsct
t.co/i/ 43 B
252 B 501ms
285ms Image
image/gif 93.184.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=0e13c90a-0e1f-4005-9469-c661568d1745&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=a5f3d27c-d7cb-4262-be44-ee01c1b2673b&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o72wb&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.221.165 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-response-time: 172
date: Fri, 09 Aug 2024 22:38:41 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 7c091897860ee28f
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 63bd728bae56875b62ef95b518878409fcda8e8ce73d661686375fa9ca887015
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
217 B 498ms
288ms Image
image/gif 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=0e13c90a-0e1f-4005-9469-c661568d1745&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=a5f3d27c-d7cb-4262-be44-ee01c1b2673b&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o72wb&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-response-time: 168
date: Fri, 09 Aug 2024 22:38:41 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 5d51e771ff8aa237
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 41a2d1bc109cbd2ebde3df2d0b51a568e9fd8e67301acea73d140b9361787f24
content-length: 43

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 221ms
220ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=42f1944b-f3a4-405b-8534-8506752422d5&session=e91cefb3-004e-45a3-83e9-72894a748c83&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2009%20Aug%202024%2022%3A38%3A41%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2009%20Aug%202024%2022%3A38%3A40%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%223029%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Lab%20reveals%20a%20malware%20%5C%22PureHVNC%5C%22%2C%20sold%20on%20the%20cybercrime%20forum%2C%20is%20spreading%20through%20a%20phishing%20campaign%20targeting%20employees%20via%20a%20python%20multi-stage%20loader.%20Learn%20more.%22%2C%22keywords%22%3A%22FortiGuard%20Labs%20Threat%20Research%2Cpython%22%2C%22title%22%3A%22PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&pageViewId=40fd6078-11fe-467e-8b84-ebc2c1fd1d9c&v=1.1.23

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:42 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Fri, 09 Aug 2024 22:38:42 GMT

GET
H/1.1 200
OK is Show response
52.22.50.55/ 32 B
437 B 762ms
193ms Fetch
text/plain 52.22.50.55
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://52.22.50.55/is
Requested by: Host: dx.mountain.com
URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=32336&tdr=&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&cb=8939508226799675term=value
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.22.50.55 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-22-50-55.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: a9e179cb114cbdbd6ad1e9094aab5de9e3dbe79edc8018da3af313fde903f21d

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:42 GMT
server: istio-envoy
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain;charset=utf-8
access-control-allow-origin: *
x-envoy-upstream-service-time: 1
connection: close
access-control-allow-headers: Accept, Content-Type, x-requested-with, X-Custom-Header
content-length: 32
x-application-context: application:prod:8080

GET
H2 200 0ulh3gex Show response
analytics.inzynk.io/collect/ 171 B
436 B 425ms
134ms Script
text/plain 16.170.91.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.inzynk.io/collect/0ulh3gex?izcid=&iztid=&u=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&t=PureHVNC+Deployed+via+Python+Multi-stage+Loader+%7C+FortiGuard+Labs&p=%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&d=www.fortinet.com&r=&inzynk_c=
Requested by: Host: tags.inzynk.io
URL: https://tags.inzynk.io/0ulh3gex/iztag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 16.170.91.85 , Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-16-170-91-85.eu-north-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 7943ea73d5f3384ec288d4e9a1d6e8dafeb6e42838d0a8e492f5852ff5813d79

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:42 GMT
server: nginx
content-length: 171
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: text/plain;charset=ISO-8859-1

GET
H2

200

purehvnc-deployed-via-python-multi-stage-loader;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=606948012267.0367
10104846.fls.doubleclick.net/activityi;dc_pre=CJH2rfH86IcDFajxEQgdQF8AXw;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/ Frame B8F0
Redirect Chain

https://10104846.fls.doubleclick.net/activityi;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader;dc_lat=;dc_rdi...
https://10104846.fls.doubleclick.net/activityi;dc_pre=CJH2rfH86IcDFajxEQgdQF8AXw;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python...

0
0

130ms
129ms

Document
text/html

142.250.185.134
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10104846.fls.doubleclick.net/activityi;dc_pre=CJH2rfH86IcDFajxEQgdQF8AXw;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=606948012267.0367?

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.185.134 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 2308
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 09 Aug 2024 22:38:42 GMT
expires: Fri, 09 Aug 2024 22:38:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Fri, 09 Aug 2024 22:38:42 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://10104846.fls.doubleclick.net/activityi;dc_pre=CJH2rfH86IcDFajxEQgdQF8AXw;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=606948012267.0367?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 225 KB
60 KB 336ms
109ms Script
application/x-javascript 157.240.0.6
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra3.fbcdn.net

Software

Resource Hash

4d424af8e6254a3ee915b6efdec3f0ed3fcbdedc67c83025148c9758701cd2d4

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 09 Aug 2024 22:38:42 GMT
document-policy: force-load-at-top
x-fb-server-load: 26
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58865
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: GOOD; q=0.7, rtt=51, rtx=0, c=12, mss=1380, tbw=2803, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: T3nFUV5pLY5QcYe0Mk1arRiljZkyevXI/cJt5xiN//CA814wcyBuJ/jSPyqKPaquIfo+bJvAGvIeXPu1JTvXgQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 siteanalyze_6033413.js Show response
siteimproveanalytics.com/js/ 36 KB
12 KB 247ms
120ms Script
application/javascript 188.114.97.3
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://siteimproveanalytics.com/js/siteanalyze_6033413.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 188.114.97.3 Amsterdam, Netherlands, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e171f597c12bd7813408cabb76395c783e04c8aa8a0a57416a120ac026e5acf5

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:42 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: KWY6KA7AXQ75HGYK
age: 6073
alt-svc: h3=":443"; ma=86400
content-length: 11242
x-amz-id-2: D1NWf/oPtTF5uW9cNmXmhKjAVUoS2T+jrqnsVbNOCHaEu/3yKA33WaqUCLsMDcsSYuvCALTtwDc=
last-modified: Sat, 29 Jun 2024 00:03:14 GMT
server: cloudflare
etag: "60402ae40e703f919eeaab313f154e6a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vZEX%2BN3DveJPv6Er%2F8CQrZiGjQwU%2FrGiLYelJGj8ZN7W%2FZA5l92joT%2FIJBa%2BenyrX90hL1vDSUw9x4WwjEUQlb0Hc%2Bx5tv1wq7lKiHSqZ0TeAK9FVmOenc97TQfN4cR3WHEUwkja4qgrk%2BA%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=86400, no-transform
accept-ranges: bytes
cf-ray: 8b0b3ceb3d47383a-FRA

GET
H2 200 adsct
t.co/i/ 43 B
251 B 284ms
282ms Image
image/gif 93.184.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=caad3caa-a051-4940-adaf-18603d2be33b&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=a5f3d27c-d7cb-4262-be44-ee01c1b2673b&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxlzj&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.221.165 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-response-time: 169
date: Fri, 09 Aug 2024 22:38:41 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 089a98c570078656
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 1256494ba81d9375ee1d802bba6e18bba0f773e537aab64cdb22126ace01c15b
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
239 B 228ms
227ms Image
image/gif 104.244.42.67
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=caad3caa-a051-4940-adaf-18603d2be33b&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=a5f3d27c-d7cb-4262-be44-ee01c1b2673b&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxlzj&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.67 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-response-time: 106
date: Fri, 09 Aug 2024 22:38:42 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 152849149c149576
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 41a2d1bc109cbd2ebde3df2d0b51a568e9fd8e67301acea73d140b9361787f24
content-length: 43

GET

usersync
tracking.contanuity.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=32e39a6d08d82c7f5e39d3ea18d4efb4_1723243120841
https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=32e39a6d08d82c7f5e39d3ea18d4efb4_1723243120841&_bee_ppp=1
https://tracking.contanuity.com/usersync?bwcookie=AAHzYE7NbTUAABSyAQVz6w

0
0

GET
H2 200 tag.aspx Show response
ml314.com/ 38 KB
39 KB 251ms
58ms Script
application/javascript 34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/tag.aspx?107
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: d0e12af8c4e560fe89643639e0c3ed4dc76125c62adeb2879b761d73dbaecf50

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:07:44 GMT
via: 1.1 google
age: 1858
x-guploader-uploadid: AHxI1nPeSVDdbFL3NYT880UhzBGdpTiYqocmUcDdg1Spte5mL3mX2frwNP-9ljpiJVd0MA3hMA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 39162
last-modified: Wed, 24 Jul 2024 19:30:50 GMT
server: UploadServer
etag: "632616ff15825f030aab3391a58ef042"
x-goog-generation: 1721849450340665
x-goog-hash: crc32c=6sDw2Q==, md5=YyYW/xWCXwMKqzORpY7wQg==
content-type: application/javascript
cache-id: TLV
cache-control: public,max-age=3600
x-cache-hit: hit
x-goog-stored-content-length: 39162
accept-ranges: bytes

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 349ms
111ms Script
application/javascript 2.21.20.141
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/purehvnc-deployed-via-python-multi-stage-loader

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.21.20.141 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-21-20-141.deploy.static.akamaitechnologies.com

Software

Resource Hash

cb31bb53eefec5a74b7e7271abd4e97e0735174d7d0b0dec0f2217462573d1f1

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Sun, 28 Jul 2024 07:35:22 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=85294
accept-ranges: bytes
content-length: 14597

GET
H/1.1 200
OK st Show response
px.mountain.com/ 2 KB
1 KB 1036ms
260ms Script
application/javascript 52.37.218.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://px.mountain.com/st?ga_tracking_id=G-38BQ9XFDT4%3BG-JH142QCQCJ&ga_client_id=401372701.1723243119&shpt=PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs&ga_info=%7B%22status%22%3A%22OK%22%2C%22ga_tracking_id%22%3A%22G-38BQ9XFDT4%3BG-JH142QCQCJ%22%2C%22ga_client_id%22%3A%22401372701.1723243119%22%2C%22shpt%22%3A%22PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs%22%2C%22dcm_cid%22%3A%221723243119.1%22%2C%22mntnis%22%3A%221bBUwp4shwsmBcx%2BqmerielLltm1u3bK%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A8%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%7D%7D&dcm_cid=1723243119.1&available_ga=%5B%7B%22id%22%3A%22G-38BQ9XFDT4%22%2C%22sess_id%22%3A%221723243119%22%7D%2C%7B%22id%22%3A%22G-JH142QCQCJ%22%2C%22sess_id%22%3A%221723243119%22%7D%5D&hardcoded_ga=&dxver=4.0.0&shaid=32336&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&cb=8939508226799675term%3Dvalue&shadditional=sh_conversion%3DSHBLOCK%2Cgoogletagmanager%3Dtrue%2Cga4%3Dtrue%2Cmediamath%3Dtrue%2Cappnexus%3Dtrue
Requested by: Host: dx.mountain.com
URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=32336&tdr=&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&cb=8939508226799675term=value
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.37.218.4 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-37-218-4.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 866f2c8df3026abc2d74d2db7f492a460cf66dd5916ca7c2d4b2828931ceff5a

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:43 GMT
content-encoding: gzip
server: istio-envoy
transfer-encoding: chunked
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
p3p: CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
x-envoy-upstream-service-time: 1
connection: close

GET
H2 200 image.aspx
6033413.global.siteimproveanalytics.io/ 34 B
149 B 366ms
114ms Image
image/gif 52.29.209.128
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://6033413.global.siteimproveanalytics.io/image.aspx?url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&title=PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs&res=1600x1200&accountid=6033413&rt=7341&prev=8ea97277-0da0-803f-2e9d-a4d31c1ba2cb&luid=82c40e88-be69-e500-09bc-8ab7420f4d03&rnd=58465
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.29.209.128 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-29-209-128.eu-central-1.compute.amazonaws.com
Software: /
Resource Hash: 1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

expires: Fri, 09 Aug 2024 22:38:42 UTC
date: Fri, 09 Aug 2024 22:38:42 GMT
cache-control: max-age=0
content-length: 34
content-type: image/gif

GET
H2 200 177020962864941 Show response
connect.facebook.net/signals/config/ 64 KB
13 KB 151ms
150ms Script
application/x-javascript 157.240.0.6
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/177020962864941?v=2.9.164&r=stable&domain=www.fortinet.com&hme=61ff4e692c87a9a2ce7b19822df2b04638e3ca38b23c1be6c0f1945ccadb2ad5&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C167%2C170%2C182%2C178%2C179%2C181%2C29%2C98%2C52%2C75%2C180%2C162%2C165%2C175%2C176%2C183%2C127%2C40%2C34%2C139%2C15%2C49%2C189%2C188%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C163%2C166%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.0.6 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-fra3.fbcdn.net

Software

Resource Hash

b7784bcb36d2a10878376b703060eec4fb983236edb203b794d98fb9f6bed773

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Fri, 09 Aug 2024 22:38:42 GMT
document-policy: force-load-at-top
x-fb-server-load: 26
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: GOOD; q=0.7, rtt=51, rtx=0, c=62, mss=1380, tbw=64392, tp=-1, tpl=-1, uplat=41, ullat=1
pragma: public
x-fb-debug: GErvi9nneSz38Nog4wInWGvFUmMp7eBy+6rR9DWUOxzrAq0h3Eggvg046KahBZ94pmDBb7uVbvhAvEPnOrJwhA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 215ms
214ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=42f1944b-f3a4-405b-8534-8506752422d5&session=e91cefb3-004e-45a3-83e9-72894a748c83&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2009%20Aug%202024%2022%3A38%3A42%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2009%20Aug%202024%2022%3A38%3A41%20GMT%22%2C%22timeSpent%22%3A%221004%22%2C%22totalTimeSpent%22%3A%224033%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Lab%20reveals%20a%20malware%20%5C%22PureHVNC%5C%22%2C%20sold%20on%20the%20cybercrime%20forum%2C%20is%20spreading%20through%20a%20phishing%20campaign%20targeting%20employees%20via%20a%20python%20multi-stage%20loader.%20Learn%20more.%22%2C%22keywords%22%3A%22FortiGuard%20Labs%20Threat%20Research%2Cpython%22%2C%22title%22%3A%22PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&pageViewId=40fd6078-11fe-467e-8b84-ebc2c1fd1d9c&v=1.1.23

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:42 GMT
x-content-type-options: nosniff
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Fri, 09 Aug 2024 22:38:42 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
269 B 336ms
110ms Image
text/plain 157.240.253.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=177020962864941&ev=PageView&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&rl=&if=false&ts=1723243122867&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723243122866.159990452793576902&ler=empty&cdl=API_unavailable&it=1723243122702&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.253.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-02-fra5.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: GOOD; q=0.7, rtt=52, rtx=0, c=10, mss=1380, tbw=2785, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Fri, 09 Aug 2024 22:38:43 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 482ms
257ms Image
image/png 157.240.253.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=177020962864941&ev=PageView&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&rl=&if=false&ts=1723243122867&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4126&fbp=fb.1.1723243122866.159990452793576902&ler=empty&cdl=API_unavailable&it=1723243122702&coo=false&rqm=FGET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.253.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-02-fra5.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: zstd
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
date: Fri, 09 Aug 2024 22:38:43 GMT
document-policy: force-load-at-top
x-fb-server-load: 21
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7401272856405754649", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: GOOD; q=0.7, rtt=52, rtx=0, c=10, mss=1380, tbw=3098, tp=-1, tpl=-1, uplat=146, ullat=0
pragma: no-cache
x-fb-debug: Yy50l+xI7/GSKcca7N6Rn9G8em/V5jY2JPWDilrEO4I21qIbXvxRQoxoL/YATqJZb7SD47JFI6+gu9mmMWN+1Q==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7401272856405754649"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 utsync.ashx Show response
ml314.com/ 62 B
237 B 147ms
145ms Script
application/javascript 34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=54820&ct=js&pi=&fp=&clid=&if=0&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&pv=1723243122953_9lvhi79uu&bl=he-il&cb=1770426&return=&ht=&d=&dc=&si=1723243122953_9lvhi79uu&cid=&s=1600x1200&rp=&v=2.7.4.212
Requested by: Host: ml314.com
URL: https://ml314.com/tag.aspx?107
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 5a1ba6ff6db12f791bbbfc4da3cb389e06f0cd53eede09ef3eb3ceb074089ef1

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:43 GMT
via: 1.1 google
server: Google Frontend
content-type: application/javascript
p3p: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: 0

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
762 B 346ms
231ms XHR
application/json 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=7120%2C2159050%2C4628290&time=1723243123017&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept: *
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:43 GMT
content-encoding: gzip
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: 45D14F3359DD4F16A5C193C7EF3EF78E Ref B: TLV30EDGE0119 Ref C: 2024-08-09T22:38:43Z
access-control-allow-methods: GET, OPTIONS
x-li-fabric: prod-ltx1
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
content-type: application/json
x-li-proto: http/2
x-restli-protocol-version: 1.0.0
access-control-allow-headers: *
x-li-uuid: AAYfR844/ht7rqzM9jYjQg==
x-fs-uuid: 00061f47ce38fe1b7baeacccf6362342

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050%2C4628290&time=1723243123017&li_adsId=9a1e0bd5-2001-4985-856e-472f0be5d5be&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-resea...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7120%252C2159050%252C4628290%26time%3D1723243123017%26li_adsId%3D9a1e0bd5-2001-49...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050%2C4628290&time=1723243123017&li_adsId=9a1e0bd5-2001-4985-856e-472f0be5d5be&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-resea...

0
163 B

265ms
265ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050%2C4628290&time=1723243123017&li_adsId=9a1e0bd5-2001-4985-856e-472f0be5d5be&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&liSync=true
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:43 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 10D7B1EEA3ED411AA01C0076B56B9309 Ref B: TLV30EDGE0512 Ref C: 2024-08-09T22:38:43Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYfR85Bj93qHSDHewUQww==

Redirect headers

strict-transport-security: max-age=31536000
content-security-policy: frame-ancestors 'self'
x-content-type-options: nosniff
date: Fri, 09 Aug 2024 22:38:43 GMT
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-length: 0
x-li-uuid: AAYfR849Yl4vmh3mUmWt5w==
pragma: no-cache
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: BC226696B72C49A99F8725D2F7C0F1EC Ref B: TLV30EDGE0512 Ref C: 2024-08-09T22:38:43Z
x-frame-options: sameorigin
x-li-fabric: prod-lor1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050%2C4628290&time=1723243123017&li_adsId=9a1e0bd5-2001-4985-856e-472f0be5d5be&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&liSync=true
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK gs Show response
gs.mountain.com/ 144 B
733 B 1038ms
261ms Script
application/javascript 35.81.162.201
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://gs.mountain.com/gs
Requested by: Host: px.mountain.com
URL: https://px.mountain.com/st?ga_tracking_id=G-38BQ9XFDT4%3BG-JH142QCQCJ&ga_client_id=401372701.1723243119&shpt=PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs&ga_info=%7B%22status%22%3A%22OK%22%2C%22ga_tracking_id%22%3A%22G-38BQ9XFDT4%3BG-JH142QCQCJ%22%2C%22ga_client_id%22%3A%22401372701.1723243119%22%2C%22shpt%22%3A%22PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs%22%2C%22dcm_cid%22%3A%221723243119.1%22%2C%22mntnis%22%3A%221bBUwp4shwsmBcx%2BqmerielLltm1u3bK%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A8%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%7D%7D&dcm_cid=1723243119.1&available_ga=%5B%7B%22id%22%3A%22G-38BQ9XFDT4%22%2C%22sess_id%22%3A%221723243119%22%7D%2C%7B%22id%22%3A%22G-JH142QCQCJ%22%2C%22sess_id%22%3A%221723243119%22%7D%5D&hardcoded_ga=&dxver=4.0.0&shaid=32336&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&cb=8939508226799675term%3Dvalue&shadditional=sh_conversion%3DSHBLOCK%2Cgoogletagmanager%3Dtrue%2Cga4%3Dtrue%2Cmediamath%3Dtrue%2Cappnexus%3Dtrue
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.81.162.201 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-81-162-201.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: f4376ec44772dc71be6dea498217c563631c6b8e57516557cbd38da68825e558

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:44 GMT
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: istio-envoy
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
p3p: CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
cache-control: public, max-age=31536000
x-envoy-upstream-service-time: 1
connection: close
access-control-allow-headers: Accept, Content-Type, x-requested-with, X-Custom-Header
content-length: 144
x-application-context: application:prod:8080

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 241ms
240ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=42f1944b-f3a4-405b-8534-8506752422d5&session=e91cefb3-004e-45a3-83e9-72894a748c83&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2009%20Aug%202024%2022%3A38%3A43%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2009%20Aug%202024%2022%3A38%3A42%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%225033%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Lab%20reveals%20a%20malware%20%5C%22PureHVNC%5C%22%2C%20sold%20on%20the%20cybercrime%20forum%2C%20is%20spreading%20through%20a%20phishing%20campaign%20targeting%20employees%20via%20a%20python%20multi-stage%20loader.%20Learn%20more.%22%2C%22keywords%22%3A%22FortiGuard%20Labs%20Threat%20Research%2Cpython%22%2C%22title%22%3A%22PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&pageViewId=40fd6078-11fe-467e-8b84-ebc2c1fd1d9c&v=1.1.23

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:43 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Fri, 09 Aug 2024 22:38:43 GMT

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
196 B 267ms
266ms XHR
text/plain 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Fri, 09 Aug 2024 22:38:43 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 57482F40046D425AA26CF13197642267 Ref B: TLV30EDGE0512 Ref C: 2024-08-09T22:38:43Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
access-control-allow-origin: https://www.fortinet.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYfR85Fteqya62o5Ft/RQ==

GET
H/1.1 200
OK st Show response
px.mountain.com/ 5 KB
2 KB 796ms
282ms Script
application/javascript 52.37.218.4
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://px.mountain.com/st?ga_tracking_id=G-38BQ9XFDT4%3BG-JH142QCQCJ&ga_client_id=401372701.1723243119&shpt=PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs&ga_info=%7B%22status%22%3A%22OK%22%2C%22ga_tracking_id%22%3A%22G-38BQ9XFDT4%3BG-JH142QCQCJ%22%2C%22ga_client_id%22%3A%22401372701.1723243119%22%2C%22shpt%22%3A%22PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs%22%2C%22dcm_cid%22%3A%221723243119.1%22%2C%22mntnis%22%3A%221bBUwp4shwsmBcx%2BqmerielLltm1u3bK%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A8%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%7D%7D&dcm_cid=1723243119.1&available_ga=%5B%7B%22id%22%3A%22G-38BQ9XFDT4%22%2C%22sess_id%22%3A%221723243119%22%7D%2C%7B%22id%22%3A%22G-JH142QCQCJ%22%2C%22sess_id%22%3A%221723243119%22%7D%5D&hardcoded_ga=&dxver=4.0.0&shaid=32336&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&shadditional=sh_conversion%3DSHBLOCK%2Cgoogletagmanager%3Dtrue%2Cga4%3Dtrue%2Cmediamath%3Dtrue%2Cappnexus%3Dtrue&cb=1723243123545536&shguid=83101d38-ca82-3c44-b841-6ada2fc3099e&shgts=1723243124585
Requested by: Host: px.mountain.com
URL: https://px.mountain.com/st?ga_tracking_id=G-38BQ9XFDT4%3BG-JH142QCQCJ&ga_client_id=401372701.1723243119&shpt=PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs&ga_info=%7B%22status%22%3A%22OK%22%2C%22ga_tracking_id%22%3A%22G-38BQ9XFDT4%3BG-JH142QCQCJ%22%2C%22ga_client_id%22%3A%22401372701.1723243119%22%2C%22shpt%22%3A%22PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs%22%2C%22dcm_cid%22%3A%221723243119.1%22%2C%22mntnis%22%3A%221bBUwp4shwsmBcx%2BqmerielLltm1u3bK%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A8%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%7D%7D&dcm_cid=1723243119.1&available_ga=%5B%7B%22id%22%3A%22G-38BQ9XFDT4%22%2C%22sess_id%22%3A%221723243119%22%7D%2C%7B%22id%22%3A%22G-JH142QCQCJ%22%2C%22sess_id%22%3A%221723243119%22%7D%5D&hardcoded_ga=&dxver=4.0.0&shaid=32336&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&cb=8939508226799675term%3Dvalue&shadditional=sh_conversion%3DSHBLOCK%2Cgoogletagmanager%3Dtrue%2Cga4%3Dtrue%2Cmediamath%3Dtrue%2Cappnexus%3Dtrue
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 52.37.218.4 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-37-218-4.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 4a7ef78696cdc2241ec542102d6ef23d417746b7f2d48615b90df40f3c64283e

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:45 GMT
content-encoding: gzip
server: istio-envoy
transfer-encoding: chunked
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
p3p: CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
x-envoy-upstream-service-time: 22
connection: close

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 237ms
237ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=42f1944b-f3a4-405b-8534-8506752422d5&session=e91cefb3-004e-45a3-83e9-72894a748c83&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2009%20Aug%202024%2022%3A38%3A44%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2009%20Aug%202024%2022%3A38%3A43%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%226033%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Lab%20reveals%20a%20malware%20%5C%22PureHVNC%5C%22%2C%20sold%20on%20the%20cybercrime%20forum%2C%20is%20spreading%20through%20a%20phishing%20campaign%20targeting%20employees%20via%20a%20python%20multi-stage%20loader.%20Learn%20more.%22%2C%22keywords%22%3A%22FortiGuard%20Labs%20Threat%20Research%2Cpython%22%2C%22title%22%3A%22PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&pageViewId=40fd6078-11fe-467e-8b84-ebc2c1fd1d9c&v=1.1.23

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:44 GMT
x-content-type-options: nosniff
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Fri, 09 Aug 2024 22:38:44 GMT

GET
H/1.1

200
OK

tdsync
px.steelhousemedia.com/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=steelhouse&ttd_tpi=1&ttd_puid=21e9055e-56a0-11ef-83ab-1fa8abe17ca0&gdpr=&gdpr_consent=
https://match.adsrvr.org/track/cmb/generic?ttd_pid=steelhouse&ttd_tpi=1&ttd_puid=21e9055e-56a0-11ef-83ab-1fa8abe17ca0&gdpr=&gdpr_consent=
https://px.steelhousemedia.com/tdsync?tdid=218aab7b-0184-469a-82a4-7d15ee6e63fe&shguid=21e9055e-56a0-11ef-83ab-1fa8abe17ca0

0
318 B

1069ms
274ms

Image
text/plain

44.225.29.129
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.steelhousemedia.com/tdsync?tdid=218aab7b-0184-469a-82a4-7d15ee6e63fe&shguid=21e9055e-56a0-11ef-83ab-1fa8abe17ca0
Protocol: HTTP/1.1
Server: 44.225.29.129 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-44-225-29-129.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date: Fri, 09 Aug 2024 22:38:46 GMT
server: istio-envoy
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
x-envoy-upstream-service-time: 9
connection: close
access-control-allow-headers: Accept, Content-Type, x-requested-with, X-Custom-Header
content-length: 0

Redirect headers

location: https://px.steelhousemedia.com/tdsync?tdid=218aab7b-0184-469a-82a4-7d15ee6e63fe&shguid=21e9055e-56a0-11ef-83ab-1fa8abe17ca0
date: Fri, 09 Aug 2024 22:38:45 GMT
server: Kestrel
content-length: 277

GET

v2
usermatch.krxd.net/um/
Redirect Chain

https://insight.adsrvr.org/track/evnt/?adv=6s0zaeu&ct=0:0bi0elf&fmt=3
https://usermatch.krxd.net/um/v2?partner=ttd&partner_uid=ttd&gdpr=0&gdpr_consent=&ttd_tdid=d2cc1912-bf33-4c9b-94b2-5597895a1668

0
0

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 217ms
216ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=42f1944b-f3a4-405b-8534-8506752422d5&session=e91cefb3-004e-45a3-83e9-72894a748c83&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2009%20Aug%202024%2022%3A38%3A45%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2009%20Aug%202024%2022%3A38%3A44%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%227034%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Lab%20reveals%20a%20malware%20%5C%22PureHVNC%5C%22%2C%20sold%20on%20the%20cybercrime%20forum%2C%20is%20spreading%20through%20a%20phishing%20campaign%20targeting%20employees%20via%20a%20python%20multi-stage%20loader.%20Learn%20more.%22%2C%22keywords%22%3A%22FortiGuard%20Labs%20Threat%20Research%2Cpython%22%2C%22title%22%3A%22PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&pageViewId=40fd6078-11fe-467e-8b84-ebc2c1fd1d9c&v=1.1.23

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:45 GMT
x-content-type-options: nosniff
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Fri, 09 Aug 2024 22:38:45 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 226ms
224ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=42f1944b-f3a4-405b-8534-8506752422d5&session=e91cefb3-004e-45a3-83e9-72894a748c83&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2009%20Aug%202024%2022%3A38%3A46%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2009%20Aug%202024%2022%3A38%3A45%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%228034%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Lab%20reveals%20a%20malware%20%5C%22PureHVNC%5C%22%2C%20sold%20on%20the%20cybercrime%20forum%2C%20is%20spreading%20through%20a%20phishing%20campaign%20targeting%20employees%20via%20a%20python%20multi-stage%20loader.%20Learn%20more.%22%2C%22keywords%22%3A%22FortiGuard%20Labs%20Threat%20Research%2Cpython%22%2C%22title%22%3A%22PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&pageViewId=40fd6078-11fe-467e-8b84-ebc2c1fd1d9c&v=1.1.23

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:46 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Fri, 09 Aug 2024 22:38:46 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 212ms
211ms Image
image/gif 2.17.100.210
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=42f1944b-f3a4-405b-8534-8506752422d5&session=e91cefb3-004e-45a3-83e9-72894a748c83&event=active_time_track&q=%7B%22currentTime%22%3A%22Fri%2C%2009%20Aug%202024%2022%3A38%3A47%20GMT%22%2C%22lastTrackTime%22%3A%22Fri%2C%2009%20Aug%202024%2022%3A38%3A46%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%229035%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Lab%20reveals%20a%20malware%20%5C%22PureHVNC%5C%22%2C%20sold%20on%20the%20cybercrime%20forum%2C%20is%20spreading%20through%20a%20phishing%20campaign%20targeting%20employees%20via%20a%20python%20multi-stage%20loader.%20Learn%20more.%22%2C%22keywords%22%3A%22FortiGuard%20Labs%20Threat%20Research%2Cpython%22%2C%22title%22%3A%22PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&pageViewId=40fd6078-11fe-467e-8b84-ebc2c1fd1d9c&v=1.1.23

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2.17.100.210 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a2-17-100-210.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 09 Aug 2024 22:38:47 GMT
x-content-type-options: nosniff
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Fri, 09 Aug 2024 22:38:47 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=10050195;npa=0;auiddc=2011428811.1723243119;ps=1;pcor=1421585294;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4880v9185241837za200zb9123037237;gcd=13l3l3l3l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader?

Domain: tracking.contanuity.com
URL: https://tracking.contanuity.com/usersync?bwcookie=AAHzYE7NbTUAABSyAQVz6w

Domain: usermatch.krxd.net
URL: https://usermatch.krxd.net/um/v2?partner=ttd&partner_uid=ttd&gdpr=0&gdpr_consent=&ttd_tdid=d2cc1912-bf33-4c9b-94b2-5597895a1668

Verdicts & Comments Add Verdict or Comment

152 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

100 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.fortinet.com/	1970-01-21 07:26:19	Name: cookiesession1 Value: 678A3E2288B4071E94B1DCC854D12568
.fortinet.com/	1970-01-21 07:26:19	Name: OptanonConsent Value: isIABGlobal=false&datestamp=Sat+Aug+10+2024+01%3A38%3A37+GMT%2B0300+(%D7%A9%D7%A2%D7%95%D7%9F+%D7%99%D7%A9%D7%A8%D7%90%D7%9C+(%D7%A7%D7%99%D7%A5))&version=6.10.0&hosts=&consentId=1860e8ea-d74a-4f23-925e-b7b3698e327c&interactionCount=0&landingPath=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&groups=C0001%3A1%2CC0002%3A1%2CC0003%3A1%2CC0004%3A1
.fortinet.com/	1969-12-31 23:59:59	Name: at_check Value: true
.demdex.net/	1970-01-21 02:59:55	Name: demdex Value: 59301217353698703593898713970681164306
.fortinet.com/	1969-12-31 23:59:59	Name: AMCVS_ED8739F75677FE917F000101%40AdobeOrg Value: 1
.fortinet.com/	1970-01-21 08:16:43	Name: mbox Value: session#f4d2357784e94de58d7717423e50e7cb#1723244979\|PC#f4d2357784e94de58d7717423e50e7cb.37_0#1786487919
.fortinet.com/	1970-01-20 22:40:44	Name: mboxEdgeCluster Value: 37
.simpli.fi/	1970-01-21 07:27:45	Name: suid Value: FCE2CCF06CD9448EA3DB7054DA67A2AE
www.fortinet.com/	1970-01-21 08:16:43	Name: _gd_visitor Value: 42f1944b-f3a4-405b-8534-8506752422d5
www.fortinet.com/	1970-01-20 22:40:57	Name: _gd_session Value: e91cefb3-004e-45a3-83e9-72894a748c83
.fortinet.com/	1970-01-20 22:42:09	Name: _uetsid Value: 1f23eff056a011ef87e2d5fdb9ad8d90
.fortinet.com/	1970-01-21 08:02:19	Name: _uetvid Value: 1f24284056a011ef93ce41a1e344b027
.dpm.demdex.net/	1970-01-21 02:59:55	Name: dpm Value: 59301217353698703593898713970681164306
.fortinet.com/	1970-01-21 00:50:19	Name: _gcl_au Value: 1.1.2011428811.1723243119
.bing.com/	1970-01-21 08:02:19	Name: MUID Value: 2207D6FD626E604538B0C22B63FE61FB
.fortinet.com/	1970-01-21 08:16:43	Name: AMCV_ED8739F75677FE917F000101%40AdobeOrg Value: 179643557%7CMCIDTS%7C19945%7CMCMID%7C59656206001368877113935338670922371994%7CMCAAMLH-1723847918%7C6%7CMCAAMB-1723847918%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1723250318s%7CNONE%7CMCSYNCSOP%7C411-19952%7CvVersion%7C5.5.0
.fortinet.com/	1970-01-21 08:16:43	Name: _ga_38BQ9XFDT4 Value: GS1.1.1723243119.1.0.1723243119.0.0.0
.fortinet.com/	1970-01-21 08:16:43	Name: _ga Value: GA1.1.401372701.1723243119
www.fortinet.com/	1970-01-20 22:40:43	Name: dicbo_id Value: %7B%22dicbo_fetch%22%3A1723243119346%7D
www.fortinet.com/	1970-01-21 08:16:43	Name: _omappvp Value: NcjvhN4bAJSdkGd8WruTWjVJV0bwfKkc1Opz36ehXRrj8GToGspsT88aUeyx7C0p3JpKJ7JAxUU4f9cWmP0MlAIhoEAQFfR2
www.fortinet.com/	1970-01-20 22:40:44	Name: _omappvs Value: 1723243119532
.fortinet.com/	1970-01-21 08:16:43	Name: _ga_JH142QCQCJ Value: GS1.1.1723243119.1.0.1723243119.0.0.0
.fortinet.com/	1970-01-20 22:40:44	Name: gpv_pn Value: www.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader
.fortinet.com/	1970-01-21 00:50:19	Name: s_getNewRepeat Value: 1723243119765-New
.fortinet.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.techtarget.com/	1970-01-20 22:40:44	Name: __cf_bm Value: nLj5xjwyOdJZWYHA1eG7V5eVEHxXs6I4f9GwaQFovYE-1723243119-1.0.1.1-O8YXiz99UugQP_VCP9VGNCbQjszuP1wiMGz4NgUze1ZK52hsn0cuCMX4UDVT6QNIj2TwKoyLLLk.ETeKsgBt3A
.doubleclick.net/	1970-01-21 02:59:55	Name: receive-cookie-deprecation Value: 1
.www.fortinet.com/	1970-01-21 07:26:19	Name: WID_VISITOR_ID Value: 1723243120440987566
www.fortinet.com/	1970-01-20 22:50:47	Name: AWSALB Value: ahOCPTH4jvCfdpwF40xXD18AqYXMqWQa0ABEjuWKFXPSozf3BXen9Gw8IJH2p7s6nRe34g1vpgxY7GkQFwrP5rGCXpGBNUgBs2vOkqNmH0OThbkMGWZoDXo3h5zBxo1Gzpi0KqaackbNGwW2ObVztAhJ5wi5UfPOPLcfAAe6vL7BVBSdqiZlzhhqhc2LZ9nXVOKAA77Hqyrj0ZSNqcFn+TuXiTZD5RDV
www.fortinet.com/	1970-01-20 22:50:47	Name: AWSALBCORS Value: aPMm8JBKptYhx8kZPNxvjwLYmajmtXBI6pK/BSW366Wz06IB4NgRG1x9wcUX5Uf6BdIMFDIK74wTzRksQbnxndE9o/5zsykmQOZrnKGLGUSam9XgZpsaEO6sBVRNBjfBllowkbvMUIPUHPvPlD872VywfvjU02u1pHxr6BQMfFyLqeKQU+K2B/R0xYghTEyhmAri3Y5rc9QXHNwcnYHI0kX2oZuD2gv0
.simpli.fi/	1970-01-20 22:50:47	Name: uid_syncd_secure Value: true
abm-tracking.demandscience.com/	1970-01-21 08:16:43	Name: userId Value: 32e39a6d08d82c7f5e39d3ea18d4efb4_1723243120841
.doubleclick.net/	1970-01-21 08:16:43	Name: IDE Value: AHWqTUllqOIQyKs5nxoahk7IeKorOqVOUA8hs9puNGiPbLuFbESqud5a0PrJBzsT
.tapad.com/	1970-01-21 00:07:07	Name: TapAd_TS Value: 1723243121408
.tapad.com/	1970-01-21 00:07:07	Name: TapAd_DID Value: 857502e4-1014-48ae-9f77-94a8b885d76f
.rlcdn.com/	1970-01-21 07:26:19	Name: rlas3 Value: 69cPMdnMzSX0452gboo8AVYap0Pe2sEV7Uic3ZpTTxA=
.3lift.com/	1970-01-21 00:50:19	Name: tluidp Value: 4596069799346363817415
.3lift.com/	1970-01-21 00:50:19	Name: tluid Value: 4596069799346363817415
.tapad.com/	1970-01-21 00:07:07	Name: TapAd_3WAY_SYNCS Value:
.smaato.net/	1970-01-20 23:10:57	Name: SCM Value: f8523ec180
.smaato.net/	1970-01-20 23:10:57	Name: SCMu Value: f8523ec180
.smaato.net/	1970-01-20 23:10:57	Name: SCM1001136 Value: f8523ec180
.agkn.com/	1970-01-21 07:26:19	Name: ab Value: 0001%3AnSIr%2B%2BDu8LY2cpVOOIPaI71%2FCRfcj6au
.pro-market.net/	1970-01-21 02:59:55	Name: anProfile Value: "-srnsllfrg91z+1+1f=1+1g=1+1j=2+rs=s+rt=1FBB4E65+s2=(shz2wh)+vm=24-FCE2CCF06CD9448EA3DB7054DA67A2AE"
.pro-market.net/	1970-01-20 23:23:55	Name: anHistory Value: "-srnsllfrg91z+2+!#7')$P!LTR"
.rlcdn.com/	1970-01-21 00:07:07	Name: pxrc Value: CPG02rUGEgUI6AcQABIFCOhHEAA=
.adnxs.com/	1970-01-21 08:16:43	Name: receive-cookie-deprecation Value: 1
.intentiq.com/	1970-01-21 08:16:43	Name: IQver Value: 1.9
.lijit.com/	1970-01-21 07:26:19	Name: ljt_reader Value: JIoOAQZH92m4z2W5TEa_6i-9
.exelator.com/	1970-01-21 01:33:31	Name: EE Value: "978e156cdb7f50b4caa9ec6608145156"
.adnxs.com/	1970-01-21 00:50:19	Name: anj Value: dTM7k!M4/8CxrEQF']wIg2In9oi.Pa!]tbP6j2F-XstGt!@E0W%*Pyv
.rubiconproject.com/	1970-01-21 07:26:19	Name: audit_p Value: 1\|aZ2fB0/lEY6UXkPdnKuhNtXJaUs6YIkGUvfnVB37tSeUHKCefwHvs3Ze1M+PI3F1dxa+zG2u+aBw0S94mtzOHxX1ClJMS060s8vYM4pkAimaYKiW1FxRLcI2leu3mssJd/hAgJwMv8kHjKIbo3+N0+vWwHSetldxwP3NzD435qNZYr2f2sSAEVDfv570ZGhx
.rubiconproject.com/	1970-01-21 07:26:19	Name: khaos Value: LZNAGMKL-X-A771
.rubiconproject.com/	1970-01-21 07:26:19	Name: khaos_p Value: LZNAGMKL-X-A771
.rubiconproject.com/	1970-01-21 07:26:19	Name: audit Value: 1\|aZ2fB0/lEY6UXkPdnKuhNtXJaUs6YIkGUvfnVB37tSeUHKCefwHvs3Ze1M+PI3F1dxa+zG2u+aBw0S94mtzOHxX1ClJMS060s8vYM4pkAimaYKiW1FxRLcI2leu3mssJd/hAgJwMv8kHjKIbo3+N0+vWwHSetldxwP3NzD435qNZYr2f2sSAEVDfv570ZGhx
.rubiconproject.com/	1970-01-21 00:50:19	Name: receive-cookie-deprecation Value: 1
.bluekai.com/	1970-01-21 03:05:40	Name: bku Value: blx99csS+ZRUJwzp
.bluekai.com/	1970-01-21 03:05:40	Name: bkpa Value: KJy9nyexd02pSUHknp/8mE1hwtkAwDjeHEJex6RyBABWmEx6mWPO16HYBp9NBWHOBM5O1Aaa9y9FV9Fh
.crwdcntrl.net/	1970-01-21 05:09:29	Name: _cc_dc Value: 1
.crwdcntrl.net/	1970-01-21 05:09:29	Name: _cc_id Value: 225b1026eacf8654d5341517436c8812
.lijit.com/	1970-01-21 07:26:19	Name: _ljtrtb_2 Value: FCE2CCF06CD9448EA3DB7054DA67A2AE
.exelator.com/	1970-01-21 01:33:31	Name: udo Value: "gAAAAAQAAAUhKLUv%252FWAhBI0aAMZuqkcQbaoOICAAAESnAGE1gSsg6PwK5oad9n4ACLCIrA5DgFVSDxJvTTTREHY1c1ETl5dPQiAjlTlU9iQQAR0OSKhaThSltuGMFJQAlQCVAP1z5dCI5NnTGfkT0bSNtoGQefR4NicxQJHVRnqGIOPm%252BOOuq6fUFeVhGIUaA3s4FnE3Fup3JJIg0ZZptEq36TTcK8TkuEMaNO71gLbHR6T2%252BM4gd0MM%252FAi0RVcfs5XbW%252F%252BT%252F08J7gHsGPndgcT%252FT3xJSUnJE%252Fh%252FAAmehMPtrVC%252Fp3NVPx6EH86Fif8QbPsWWLvbqhAZ7TJy89yIuTxGT%252BPY2tsNVUotVdAyVdm1hziImGlJMkt1JcHIDIJpMBzWzkZQ1w5su2yYzAVz6bYMrbuqNEobLgas%252FG2P4yzikJess2hpAiF3Z4t81DJLaWErKbWUnqbeykBxw8r0%252FcTdYJQ%252F44sBS8xaFLF7umUF7e0rQ5m%252BI3GDmcReRzTGsv7s7WH4tCuiUlsNNhMuLAkdI%252FzxkCQ5mMdYx4eDIZ4Rugb8iBV%252Ft4oXY3ybtlk2naXbbJYNIxtDmjfAIndhp7LSnmxarm25rr0NCY0aky9oazCLnGbTZLaNxnGlzinLUoakaUwdySxxmq1vOk7lST4tanWXrSXmjNcpPVtWRY0cbDGU8QV3HP4yGq3rfBicN5kM5%252FM4zeN5l%252Bx5Kk%252BC4RkDb2HyP%252FIhKCgUFBCUF2GeVK2ZKnW2OlSld2YykVozljVbmAmFiv8%252FEOAF%252FMRPTCi8xdZp3IVJstg0FHthsljwJKhqvmIeMI5Fu4CgoKMQhLqiozaAIBxyLHKh2lRNxWYaKBb1MRs%252FTUH5wFF%252BK%252FvaMBnuY4OuKjjQszRhHa4Zm5Yd9dDyLHUVK%252FMA6Q7fXuzfwuTDiUVB%252BWCyRkZUrEEoQAJCkENmHhFQREkdqRopiQvbAVSFMyZ5v8JAJamqIwmHlnCgJocFjyda0xDLBPwj4zCQoi9Fcroe4fjgJSycMO6pLuReexq4aa4gs%252FzsoTHByhdbyY7gD9ggH7QCkFVCh39pHKAT3ijj76MwpcM1Eaxn9sGrRyg0apKgynD3hTmww%252B%252BHiK%252BsT6uGt%252F3yBY1yrRQcaFNvhILV1xgalEW29T5fMg%253D%253D"
.exelator.com/	1970-01-21 01:33:31	Name: ud Value: "eJxrXxzq6XKLQcHS3CLV0NQsOSXJPM3UIMkkOTHRMjXZzMzAwtDEFCixuCy1aMHS0uLUlKRDSypySnKaVpfFhzrGuzn6evpELnPOKMrPTV0BFgpzDVpsaGS%252BJL8oM32Rp8%252FiopQ0hkUlxaeCT8xZBgCbvCqH"
.adnxs.com/	1970-01-21 00:50:19	Name: XANDR_PANID Value: pis_5t6xRmyjiKnZq-MoDVcgvFBgCDcYgtqCn5COVQZG7IuKfeWhpZNuYP2TA8zG55Khh43FPrPidh2Xp8AxQdPApEdymxonsv8iLgr5j1g.
.adnxs.com/	1970-01-21 00:50:19	Name: uuid2 Value: 2779881072598705952
.1rx.io/	1970-01-21 07:26:19	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-9b3132aa-9522-4471-81a2-829365acac97-003%22%7D
.pippio.com/	1970-01-21 07:26:19	Name: did Value: a7JfelIGekGR3rjw
.pippio.com/	1970-01-21 07:26:19	Name: didts Value: 1723243121
.pippio.com/	1970-01-21 00:07:07	Name: nnls Value:
.pippio.com/	1970-01-21 00:07:07	Name: pxrc Value: CAA=
.bfmio.com/	1970-01-21 07:26:19	Name: __141_cid Value: FCE2CCF06CD9448EA3DB7054DA67A2AE
.bfmio.com/	1970-01-21 07:26:19	Name: __io_cid Value: 136c1222960bc53d8747f04a1d754bb3e5b03d55
.agkn.com/	1970-01-21 07:26:19	Name: u Value: C\|0AAAAAAAALklW8gAAAAAA
.twitter.com/	1970-01-21 08:16:43	Name: personalization_id Value: "v1_WQCFRYypYcz3VLCA4LpQqw=="
.t.co/	1970-01-21 08:16:43	Name: muc_ads Value: ab2c6be6-f9c7-4cc0-93ba-273fd1cd8c60
tracking.contanuity.com/	1970-01-21 08:16:43	Name: userId Value: 32e39a6d08d82c7f5e39d3ea18d4efb4_1723243120841
tracking.contanuity.com/	1970-01-21 08:16:43	Name: clientId Value: undefined
.targeting.unrulymedia.com/	1970-01-21 07:26:19	Name: _rxuuid Value: %7B%22rx_uuid%22%3A%22RX-9b3132aa-9522-4471-81a2-829365acac97-003%22%7D
.inzynk.io/	1970-01-21 07:26:19	Name: iztid Value: 1723243125790
www.fortinet.com/	1970-01-21 07:26:19	Name: izcid Value: 1723243129967
www.fortinet.com/	1970-01-21 07:26:19	Name: iztid Value: 1723243125790
www.fortinet.com/	1970-01-20 22:42:11	Name: aa_cc Value: US
www.fortinet.com/	1970-01-20 22:42:11	Name: aa_cn Value: United%20States
www.fortinet.com/	1970-01-20 22:42:11	Name: 6scexist Value: true
.fortinet.com/	1970-01-21 08:16:43	Name: nmstat Value: 8ea97277-0da0-803f-2e9d-a4d31c1ba2cb
.doubleclick.net/	1970-01-20 23:23:55	Name: ar_debug Value: 1
.fortinet.com/	1970-01-21 00:50:19	Name: _fbp Value: fb.1.1723243122866.159990452793576902
.linkedin.com/	1970-01-21 00:50:19	Name: li_sugr Value: e63674da-56e3-4c29-a4ea-e9411e86e9f0
.linkedin.com/	1970-01-21 07:26:19	Name: bcookie Value: "v=2&b610b47d-a57e-468a-80b0-012c260b56ef"
.linkedin.com/	1970-01-20 22:42:09	Name: lidc Value: "b=OGST04:s=O:r=O:a=O:p=O:g=3270:u=1:x=1:i=1723243122:t=1723329522:v=2:sig=AQFnwhPw76VjszDnsVxtaQDTJfyiUDQ7"
.bidr.io/	1970-01-21 08:09:16	Name: bito Value: AAHzYE7NbTUAABSyAQVz6w
.bidr.io/	1970-01-21 08:09:16	Name: bitoIsSecure Value: ok
.linkedin.com/	1970-01-20 23:23:55	Name: UserMatchHistory Value: AQLJ4IbyIxH8cQAAAZE5S1JGvcFGW0g5AuWslqSSH6xMqSLueCKHPLNh9S4Rkjl8LLepcXF-x3StJQ
.linkedin.com/	1970-01-20 23:23:55	Name: AnalyticsSyncHistory Value: AQLT0BIlsRyLbwAAAZE5S1JGv7HwYPRYYbs-Q86F6dT-VJ6qBaMiY9IA9r9SZEGO2bVwfR5g8iGg3wTXoJXYvg
.mountain.com/	1970-01-21 07:26:19	Name: guid Value: 21e9055e-56a0-11ef-83ab-1fa8abe17ca0
.www.linkedin.com/	1970-01-21 07:26:19	Name: bscookie Value: "v=1&20240809223843b6e9ea51-d933-4522-8128-2e672aca3133AQEvlcGYjYLhlvIePgptis9wDqGqOPIR"
.px.mountain.com/	1970-01-21 07:26:19	Name: tt Value: "H4sIAAAAAAAAAKtW8guKNzYyNjaLNzK3NFayMtBRgnItjC2UrAzNjYyNTIwNjUyNzSx1lMqUrIx0kLSA1RjUAgDlNCgmRgAAAA=="
.mountain.com/	1970-01-21 07:26:19	Name: rt Value: "MzIzMzY6MTcyMzI0MzEyNQ=="
.adsrvr.org/	1970-01-21 07:26:19	Name: TDID Value: 218aab7b-0184-469a-82a4-7d15ee6e63fe
.adsrvr.org/	1970-01-21 07:26:19	Name: TDCPM Value: CAEYBSABKAIyCwikorOp2LOcPRAFOAE.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://api.omappapi.com/v2/embed/39852?d=fortinet.com Message: Failed to load resource: the server responded with a status of 401 ()
network	error	URL: https://pixels.argusplatform.com/wh/track/?site_id=C6AC00C8269540D0ABFF19F1B5558B6D&visitor_id=1723243120440987566&event_type=page_request&timestamp=1723243120&page_title=PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs&page_url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&page_url_referer= Message: Failed to load resource: the server responded with a status of 401 ()
network	error	URL: https://webtracker.argusplatform.com/wh/track/?site_id=C6AC00C8269540D0ABFF19F1B5558B6D&visitor_id=1723243120440987566&event_type=page_request&timestamp=1723243121&page_title=PureHVNC%20Deployed%20via%20Python%20Multi-stage%20Loader%20%7C%20FortiGuard%20Labs&page_url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fpurehvnc-deployed-via-python-multi-stage-loader&page_url_referer= Message: Failed to load resource: the server responded with a status of 401 ()
network	error	URL: https://usermatch.krxd.net/um/v2?partner=ttd&partner_uid=ttd&gdpr=0&gdpr_consent=&ttd_tdid=d2cc1912-bf33-4c9b-94b2-5597895a1668 Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10104846.fls.doubleclick.net
6033413.global.siteimproveanalytics.io
a.omappapi.com
a.opmnstr.com
aa.agkn.com
abm-tracking.demandscience.com
ad.doubleclick.net
amplify.outbrain.com
analytics.inzynk.io
analytics.twitter.com
api.omappapi.com
assets.adobedtm.com
b.6sc.co
bat.bing.com
bcp.crwdcntrl.net
c.6sc.co
cdn.cookielaw.org
cdn.jsdelivr.net
ce.lijit.com
cm.everesttech.net
cm.g.doubleclick.net
cms.analytics.yahoo.com
connect.facebook.net
d.agkn.com
dpm.demdex.net
dx.mountain.com
eb2.3lift.com
epsilon.6sense.com
fei.pro-market.net
fortinet.demdex.net
fortinet.tt.omtrdc.net
geolocation.onetrust.com
googleads.g.doubleclick.net
gs.mountain.com
i.simpli.fi
ib.adnxs.com
ibc-flow.techtarget.com
idsync.rlcdn.com
intentstream.contanuity.com
ipv6.6sc.co
j.6sc.co
loadm.exelator.com
match.adsrvr.org
metrics.fortinet.com
ml314.com
pippio.com
pixel.mathtag.com
pixel.rubiconproject.com
pixel.tapad.com
pixels.argusplatform.com
px.ads.linkedin.com
px.mountain.com
px.steelhousemedia.com
s.ad.smaato.net
script.crazyegg.com
secure.adnxs.com
simplifi.partners.tremorhub.com
siteimproveanalytics.com
snap.licdn.com
stags.bluekai.com
static.ads-twitter.com
sync.1rx.io
sync.bfmio.com
sync.intentiq.com
sync.targeting.unrulymedia.com
t.co
tag.simpli.fi
tags.inzynk.io
tmp.argusplatform.com
tr.outbrain.com
tracking.contanuity.com
trk.techtarget.com
u33254697.ct.sendgrid.net
um.simpli.fi
ups.analytics.yahoo.com
us-u.openx.net
usermatch.krxd.net
wave.outbrain.com
webtracker.argusplatform.com
www.facebook.com
www.fortinet.com
www.google-analytics.com
www.google.co.il
www.google.com
www.googleadservices.com
www.googletagmanager.com
www.linkedin.com
ad.doubleclick.net
tracking.contanuity.com
usermatch.krxd.net
104.18.28.127
104.18.87.42
104.19.147.8
104.244.42.67
107.178.240.89
107.178.254.65
13.107.21.237
13.107.246.67
13.107.42.14
13.32.27.65
142.250.181.226
142.250.185.132
142.250.185.134
142.250.185.200
142.250.185.226
142.250.186.110
142.250.186.130
151.101.193.229
151.101.8.157
157.240.0.6
157.240.253.35
16.170.91.85
167.89.115.26
169.150.247.37
172.217.16.195
172.64.151.60
172.66.41.8
18.239.69.49
18.245.60.5
184.30.16.231
184.30.17.67
185.89.210.46
185.89.210.90
188.114.97.3
2.17.100.193
2.17.100.210
2.21.20.141
216.58.206.70
3.123.216.247
3.215.201.134
3.71.149.231
3.75.160.4
34.111.113.62
34.111.208.231
34.117.77.79
34.238.149.65
34.250.191.11
35.204.74.118
35.204.89.238
35.244.159.8
35.244.174.68
35.71.131.137
35.81.162.201
44.225.29.129
44.226.187.177
46.228.174.117
52.202.93.40
52.211.89.53
52.212.55.82
52.22.50.55
52.29.209.128
52.32.164.86
52.37.218.4
52.48.198.240
54.171.248.53
54.194.254.146
54.203.236.163
54.78.254.47
63.140.62.222
64.202.112.191
66.235.152.225
69.173.144.165
72.246.169.24
74.121.140.211
76.223.111.18
76.223.9.105
93.184.221.165
053c9099c33db1a9312be217e6e966592084287eafe476a303c1465b302d642d
080b71964b4c93a0548acbb246ae6cbd7686326fc2c58cd6968fa9a58c460fee
0af3aae90b7de9fdceee2ab421378ea2f54c74be81ef43fc6c1790a032755d80
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0f03d4ff929986a3cde83681fd2560eae544f7138f59945ec6ec32c17800ca91
103597a62621cf72aa373242f71884a882e44c935aa5655551562d44106d97b3
10c8ec5fa4d113898afdfee8033223253bda6dad54ecefb77ef5ea7a710259ba
13c309d0ebac3484b78106413ee31f46abfc690429c64ddf6ceb1b1838424ada
1505aa0792421f831935f4761a95f31462a3dd097c8bd00ad8e9c765c8065517
178ec5d6c8298d4e308c4b7674042667ecafdbffcb5331b621985a2b11539f0e
17aa4825b9b57feaec8e52e4f3ea7ffff49fc658357a5aaca6ba3d313890f602
18d2c23ce0fcd0eda305d14fe136dbd8ea6c09889ddfb4f5c6d651820f8738d6
1a72f04aaac5aebad82f1b0ad679a2d3c409a4161c26dcf5638c8242178117d0
1c20b2012200b5909cd873db6277a02e73278ad5f8394a87d893740b227a702a
1c6afd802534e83ad439f8a33b6799ff28d2c59a92c764cca497dd6b9962b6be
1cbff27f83dfb9ab131cd3cf667563f46b4b696ff02eb44e9159f63961afca14
1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
20f78ae649f5ba99d3552f8f33768ef6c8b75e07d6fbf8cfabdab85ed40b0034
244c6b3f3ae382625a638af9cf80c7e4c470da6c1a304baf9284cc9162824c90
299077bfa11e31efad8c17f370cb0c1213e488a1a366839be6adf9ef1ec24b77
2bca4187da6c7ee52fec70384ccc5d8a422038627170fe8018c4cd79d4624a93
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2ed114345dab0a74e1c81b100e3db108ff86464854f3159d005fac67413454b7
2f561b02a49376e3679acd5975e3790abdff09ecbadfa1e1858c7ba26e3ffcef
3350b7b96901ddabb814f65d6271eb9d6df3880233d5db95b48930f4d8ebfad2
33710aaf03861ea1499d9c0bed3370f4a93a5b183f4903ccc3eff438c33be9be
370df1cc8999c1e03fc1c5f7ced35334513d19233d1fc79d2c1c7f711361565d
3b4f5964d63830cc4fb8b8efe6c8821da7fb8220853089bd9e02f685533465e8
3e8e0c8b33a8795055645e9dc3e32fc13b50921f214eb2e9bb141696a56917ca
3eb10792d1f0c7e07e7248273540f1952d9a5a2996f4b5df70ab026cd9f05517
3fce12f909f6c4389eb8dfa8eef0ac3ddcf55895d333a6bcd26d953f6c9d9001
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
480e3b349655b6f17b20ec546c300957cad9ffd98b2d29be29db79422ededc52
4a7ef78696cdc2241ec542102d6ef23d417746b7f2d48615b90df40f3c64283e
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
4d424af8e6254a3ee915b6efdec3f0ed3fcbdedc67c83025148c9758701cd2d4
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f5403c3e059fbe9f113e1840246695212fbc0ff75e3cf98d1ec15df36096610
4faf238b1850e53e41a0e30f1ddf4584d46f2176641a6b9fcd468e301db33e46
4fe295ef662f0e765f8d110b8583c0511d246933c2397505ebca7d90258eaaaa
591a6bc9905731bfa51a73e2a36a0c3eaead53b61ef407a3fc2b5f4f7c657309
5a1ba6ff6db12f791bbbfc4da3cb389e06f0cd53eede09ef3eb3ceb074089ef1
5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d
69667f1c2f0036f5f46e705a892ef6f5ce086874bb2fa271566d7412f34fc4e0
69a7fa5240adb8db5c7401908deafe70e84e1aa6c31800194cd27d83b043c6be
6c00d3490f22d076b6d136b72ea5fdb5c42e76e3edb0753470d82e5fea368a91
6d0291f90718dc0537f65dc6a4f68d8e75f0a8a3a0b62836d9cf41350ecaf552
6e3d5ab269d31faf10b21aef448b2dc79efc9bf5c40cecfe59359aefd651996b
701769ec99138974c12369fd4acf65a7f99e9a1becbab1e16a89be9859aafc9f
71f246cfcdf6d37d683f464bbdf984cb6b90b597c475a3d0d80e7f3567a596a9
74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b
7943ea73d5f3384ec288d4e9a1d6e8dafeb6e42838d0a8e492f5852ff5813d79
7a23e0e46e16f067271bc79c92a917c13769848457d16cdf109e4dc04c687e8f
7ad0607daba7c0ddecacb3c696099e761076f147549440a7b3c4baa8f67ddaac
7b1e74dd6970b56853dfd79e59ba73315051b0c59a69c6a9fd87e515650fdc80
7b546e7f9280653588380a7215b8ff3d80f05587160824313f2d3b279d116c4e
7df6ca1fef06a87ff31b343a9b68f5424d220b10bd9ad4be213a6c6842ccf5c1
818259d4fb503263efbf680e128338d0e0eb6da660f344d56ef8191ac1661a03
8489534bde4ad3c3cedebecd11b9babe653de6b413922ec2b877c5bfcb33ee3e
866f2c8df3026abc2d74d2db7f492a460cf66dd5916ca7c2d4b2828931ceff5a
87a7c71ac7fd1a3c7b60d4ac57851068ca8f3cb76d3e44a07e01864800dd1834
87da91113ebefb0e609cce845e712ff537dce5c4e9cd8a1f61f2d167b64260a6
8998282f5a80fff5eaafdbd457dd7a81af0cd7c8696bfe032a6aeef8fe67f99f
8c4761d5f39e9f9866a601cb7fb5f148f42b6482ef73e668f7abd6f9ed23bd24
8cdca3b36914e8a3f56390da71389944579faaae82704e53bd66f9c0387502f6
8db92e7cdc1ad40168c42e93b05d842e056d8a5b83ae96b95d2b1c546f828196
92263e1a91be72db1a5357650e32b5130677af551be39582435c966d5051dcb2
930494fef37c0c702073ceeddd12da067bba2824f8eba39e1f9a3c5332bec6b6
93a0e7f73f511076177b0b53749dc7e6560dae1f58692689bf5918ec97cbfece
94633716497a85d800b6e573953942c4cfe483c0dbd68fa97fd01dd97ced5d66
94e793d285943f7e45f0cdade1b83945f01efe90571f31ef4731685cf7040e42
98192c2b3bfd0e66cff07b8ba31ff42de9182144d3e21b9ca258f13da96ee457
99dc3803d1f19c8103f79f834044b2afd4c8af5b7927efbd36b1052d528b40ae
9c1bc9021a10eed560ccbf198f787bbfa919370faae7c67ddffde0acec389bab
9c2bfadf1fe546bd3872bf81e8477e95faff0104f3b9b888bc47cff4ffe88a36
9cf85a5873a30fe80a5eecaa22cd7013cbc54d9c8cdece37f4ed3b916c9eaec3
9fd44a8ab49367e5cf5cad8236a0600183a76d891dd75d94c595fa822b592a6d
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a1863eb6420e2c83a74d959c580abead814f2aab1ff40e7fa68cb45ebe9cfab1
a19b2bf07a64509548671072cf084869277b815a9df95b2749ed863906bcb6da
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a823e98c44896060a5f7b883eebc7c513ee0bb0cd411d8c18c44c2dc9320b8b8
a8a3a769545fe17090291a6648cf182e7a87e0de48d367473f481ccf4594a7e3
a9e179cb114cbdbd6ad1e9094aab5de9e3dbe79edc8018da3af313fde903f21d
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b07df0831ff27d225d8f51b73c1b1a1236749b2ff5f6e603b42709102e557bd8
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b51f3497b0a65f1e1e87e75f5e7e823d871c23bcf76a5ee4101783c8f939e553
b520237c91e8f509a5c12b27022bfeeee7ecbb18ce7ae17353907a9da04a113a
b697c4c8e7c22fa7e18ccef66c1bda6610f19ec8c7d1c60fb3696db54ea5362e
b7784bcb36d2a10878376b703060eec4fb983236edb203b794d98fb9f6bed773
b80c55d39ac816609a9ca9595b085e10cc2d27ee0e8acaaeb1e095d65d920d9f
b8528c787676134511581097853799efde2ea848c9b17798dbf860addbfef435
b870792c6c6441d421b921e5064ee780de9cdf87911269fcf539312d35861ce6
b90b775b65c2623322caaa52d7acf6af709ca59bdd475a54043b6308d91828c4
b934ce9883949e7bceb88fa78a354125eefc85715f7e54da8ff529c94ebab0fe
b97107088a54c575ce74910f863ccc0a99ef3b2a59ec9567fc01b5c53e61f74a
b97c99a69a6275c8f90703cd4c0864089a74fd08383a1cc75a8a4d0c2cb60cce
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
c62aad5de42c0797c987480e7e127cb20fdbebef897cc3d21bd39f704b9deab1
c6bcc71f8a9f5497ccc35e3aa16e00110504488fef71fffea99853274f9d7c86
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cb31bb53eefec5a74b7e7271abd4e97e0735174d7d0b0dec0f2217462573d1f1
cf39366e73b1c4f8cda895f02f5560b33dcd30520ae79097f58cad098dd7ec50
cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
d0e12af8c4e560fe89643639e0c3ed4dc76125c62adeb2879b761d73dbaecf50
d134e93f060565a4fc14a09d0ba7d9ea931502fc4d6ef9402d2ef02c12fe97c1
d18b3c9feb76c3c1cfdcc51c732f113327e3c33fb3f63b479951f7da6ed1216f
d1f8e63a54b697e75369c8cbdded6b7bf620c4b455c9d2824b851ea2e61bdd7a
d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17
d58770d97ce881cd4999bf8de3afbdb2d9e4c49ab1daac2ac4ef902470c3eade
d6034d18249c9b7dd34d51997a2abca6eae47c5dd8c44a08f891edf4d467f309
d8bdaa339c41e25dcd6b8f2031c22bfb8634d14dcdeded8b8e64257c7368e968
d937dfccdeb7e2c2120255a8e9c95361c2e5cba8d1208aea5b824bb96aed73fe
d97ea24841d9881b6b38caf9174e468db2c6a133cc325320d5720b0783a37d06
d9b396d109446d0373d061e50866f85ac8d20aaf6f62338fc13aa3ecb4e3668d
db058d72d7ba8ff6ed7209af23a4458c373cc78f72c81ec1df88bb5de72a0b0b
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
e08bbd8d11326289feff5496edc2ee3d0d7e905fe69ad7612a63dcd6bc6e8313
e171f597c12bd7813408cabb76395c783e04c8aa8a0a57416a120ac026e5acf5
e1faf329e8f1f75c70018741a3020700779a70bb7b099c61e7b30c9fabd06f30
e2b9e70870be254cf7569e4675af23bf6673b6cde8d0bc22d41c36481b8b4378
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e48ba6b1bdc7f5f6e0ee7ebdffdd38a2f866c3d8caed3b7ea6576634e3a9396d
e51f9c7987f16c283fc910c3186fa741a16617d3fb800a090742f70ba4eb1b25
e68cf7c29664a3be5231305c50a706645aca46a016c37bb8c673c99c7a8d4a31
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f012c00d43164a4de843ae80abefe500f8497e1123d11c965cd3b40600fe9720
f4376ec44772dc71be6dea498217c563631c6b8e57516557cbd38da68825e558
f44ec5d04108a0d51173814412daecda77d14d2b3da5325f1211a99882d5485d
f47d4b2e5cd0cd8f39d799d75437c2f2a084dee6c1f3e8c97b945162851fb6d0
f88d435f9aef17e489379e8dbcecb3365681ed5d56d44c4e6ced49b76ac2484d
f9b2aaabab92d9c63930432351fa3f5aa634fcb5db31b039e23465f8b4bd5a68
fb1d26cefbc57469296aa2bbcf8c0b5857e3a8b23542a08f2fbdeaedb873e943
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
ff10c1fe39489bf9f57c9dc9e8ccc064dfdfd4dec949636d5deeba2a8f2da2f0
ff5a728d0a25d9e26062e2ac91cc66cef961d385e44eccc327cd41da52fea161

www.fortinet.com Open in urlscan Pro 3.123.216.247 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

196 Requests

86 %HTTPS

0 %IPv6

63 Domains

87 Subdomains

68 IPs

7 Countries

11341 kBTransfer

15018 kBSize

100 Cookies

11 Outgoing links

Page URL History

Redirected requests

196 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.fortinet.com Open in urlscan Pro
3.123.216.247 Public Scan

Screenshot
Live screenshot

Full Image

196
Requests

86 %
HTTPS

0 %
IPv6

63
Domains

87
Subdomains

68
IPs

7
Countries

11341 kB
Transfer

15018 kB
Size

100
Cookies

196 HTTP transactions
2 data transactions