www.fortinet.com Open in urlscan Pro
2600:1f18:1492:1702:852f:d87f:6683:b05a Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
Submission: On July 24 via api (July 24th 2024, 11:24:52 am UTC) from DE — Scanned from US

Summary HTTP 166 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 52 IPs in 2 countries across 43 domains to perform 166 HTTP transactions. The main IP is 2600:1f18:1492:1702:852f:d87f:6683:b05a, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is www.fortinet.com. The Cisco Umbrella rank of the primary domain is 221752.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on July 16th 2024. Valid for: a year.

This is the only time www.fortinet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
33	2600:1f18:149... 2600:1f18:1492:1702:852f:d87f:6683:b05a	14618 (AMAZON-AES) (AMAZON-AES)
6	2606:4700::68... 2606:4700::6813:b234	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::6812:2089	13335 (CLOUDFLAR...) (CLOUDFLARENET)
22	2600:1408:ac0... 2600:1408:ac00:18d::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	54.225.153.114 54.225.153.114	14618 (AMAZON-AES) (AMAZON-AES)
1 1	52.33.109.89 52.33.109.89	16509 (AMAZON-02) (AMAZON-02)
1	63.140.38.236 63.140.38.236	14618 (AMAZON-AES) (AMAZON-AES)
15	23.205.106.73 23.205.106.73	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2606:4700::68... 2606:4700::6813:9308	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	23.220.137.92 23.220.137.92	16625 (AKAMAI-AS) (AKAMAI-AS)
2	169.150.236.105 169.150.236.105	60068 (CDN77 _) (CDN77 _)
3	2620:1ec:c11:... 2620:1ec:c11::237	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
7	2607:f8b0:400... 2607:f8b0:400d:c04::61	15169 (GOOGLE) (GOOGLE)
2	70.42.32.191 70.42.32.191	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
1	2600:1408:c40... 2600:1408:c400:d::17cd:6a49	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2606:4700:310... 2606:4700:3108::ac42:2908	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::ac40:973c	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	52.32.164.86 52.32.164.86	16509 (AMAZON-02) (AMAZON-02)
3	2620:1ec:bdf::38 2620:1ec:bdf::38	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	216.200.232.249 216.200.232.249	30419 (PAEDAE-INC) (PAEDAE-INC)
2	3.230.242.193 3.230.242.193	14618 (AMAZON-AES) (AMAZON-AES)
2	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	173.194.175.148 173.194.175.148	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:400d:c09::9c	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:400d:c07::71	15169 (GOOGLE) (GOOGLE)
3	2607:f8b0:400... 2607:f8b0:4004:c07::69	15169 (GOOGLE) (GOOGLE)
1	2a04:4e42:600... 2a04:4e42:600::485	54113 (FASTLY) (FASTLY)
2	44.226.187.177 44.226.187.177	16509 (AMAZON-02) (AMAZON-02)
1	63.140.39.224 63.140.39.224	14618 (AMAZON-AES) (AMAZON-AES)
1	54.203.236.163 54.203.236.163	16509 (AMAZON-02) (AMAZON-02)
1	34.238.149.65 34.238.149.65	14618 (AMAZON-AES) (AMAZON-AES)
1	146.75.76.157 146.75.76.157	54113 (FASTLY) (FASTLY)
1 2	68.67.160.76 68.67.160.76	29990 (ASN-APPNEX) (ASN-APPNEX)
1 2	68.67.160.114 68.67.160.114	29990 (ASN-APPNEX) (ASN-APPNEX)
1	2600:9000:219... 2600:9000:2191:9000:12:dfa9:e200:93a1	16509 (AMAZON-02) (AMAZON-02)
1	51.21.14.61 51.21.14.61	16509 (AMAZON-02) (AMAZON-02)
1 2	209.85.201.149 209.85.201.149	15169 (GOOGLE) (GOOGLE)
2	2a03:2880:f00... 2a03:2880:f003:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
1	2606:4700:303... 2606:4700:3035::6815:3296	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	72.21.81.130 72.21.81.130	15133 (EDGECAST) (EDGECAST)
3	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
1	18.210.229.244 18.210.229.244	14618 (AMAZON-AES) (AMAZON-AES)
2	2600:1408:8c0... 2600:1408:8c00::172e:9631	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2 7	34.117.77.79 34.117.77.79	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	54.156.91.224 54.156.91.224	14618 (AMAZON-AES) (AMAZON-AES)
2	35.81.173.170 35.81.173.170	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f10... 2a03:2880:f103:181:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
4 6	2620:1ec:21::14 2620:1ec:21::14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2 2	35.244.154.8 35.244.154.8	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3 3	35.71.131.137 35.71.131.137	16509 (AMAZON-02) (AMAZON-02)
2 2	3.216.220.116 3.216.220.116	14618 (AMAZON-AES) (AMAZON-AES)
2 3	18.214.54.215 18.214.54.215	14618 (AMAZON-AES) (AMAZON-AES)
1	35.81.162.201 35.81.162.201	16509 (AMAZON-02) (AMAZON-02)
1	54.245.46.233 54.245.46.233	16509 (AMAZON-02) (AMAZON-02)
166	52

33 2600:1f18:1492:1702:852f:d87f:6683:b05a (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

www.fortinet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6813:b234 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:2089 (United States)

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 2600:1408:ac00:18d::1e80 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 54.225.153.114 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-225-153-114.compute-1.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
fortinet.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.33.109.89 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-33-109-89.us-west-2.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.140.38.236 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ip-63-140-38-236.data.adobedc.net

fortinet.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

15 23.205.106.73 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-205-106-73.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6813:9308 (United States)

ASN13335 (CLOUDFLARENET, US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.220.137.92 (Ashburn, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-220-137-92.deploy.static.akamaitechnologies.com

amplify.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
wave.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 169.150.236.105 (Chicago, United States)

ASN60068 (CDN77 _, GB)
PTR: 169-150-236-105.bunnyinfra.net

a.opmnstr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:c11::237 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 2607:f8b0:400d:c04::61 (Morganton, United States)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 70.42.32.191 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

tr.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1408:c400:d::17cd:6a49 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3108::ac42:2908 (United States)

ASN13335 (CLOUDFLARENET, US)

api.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::ac40:973c (United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.32.164.86 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-32-164-86.us-west-2.compute.amazonaws.com

abm-tracking.demandscience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:bdf::38 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

tmp.argusplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixels.argusplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
webtracker.argusplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.200.232.249 (Frederick, United States)

ASN30419 (PAEDAE-INC, US)

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.230.242.193 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-230-242-193.compute-1.amazonaws.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 173.194.175.148 (United States)

ASN15169 (GOOGLE, US)
PTR: qs-in-f148.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:400d:c09::9c (Morganton, United States)

ASN15169 (GOOGLE, US)

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:400d:c07::71 (Morganton, United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2607:f8b0:4004:c07::69 (Washington, United States)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a04:4e42:600::485 (United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.226.187.177 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-226-187-177.us-west-2.compute.amazonaws.com

intentstream.contanuity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.140.39.224 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ip-63-140-39-224.data.adobedc.net

metrics.fortinet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.203.236.163 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-203-236-163.us-west-2.compute.amazonaws.com

tracking.contanuity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.238.149.65 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-238-149-65.compute-1.amazonaws.com

dx.mountain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.76.157 (Chicago, United States)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.67.160.76 (Colonia, United States) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 678.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 68.67.160.114 (Colonia, United States) 1 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2191:9000:12:dfa9:e200:93a1 (United States)

ASN16509 (AMAZON-02, US)

tags.inzynk.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 51.21.14.61 (Stockholm, Sweden)

ASN16509 (AMAZON-02, US)
PTR: ec2-51-21-14-61.eu-north-1.compute.amazonaws.com

analytics.inzynk.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 209.85.201.149 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: qu-in-f149.1e100.net

10104846.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f003:100:face:b00c:0:3 (Ashburn, United States)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:3035::6815:3296 (United States)

ASN13335 (CLOUDFLARENET, US)

siteimproveanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 72.21.81.130 (United States)

ASN15133 (EDGECAST, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.210.229.244 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-210-229-244.compute-1.amazonaws.com

18.210.229.244	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1408:8c00::172e:9631 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 34.117.77.79 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 79.77.117.34.bc.googleusercontent.com

ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.156.91.224 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-156-91-224.compute-1.amazonaws.com

6033413.global.siteimproveanalytics.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.81.173.170 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-81-173-170.us-west-2.compute.amazonaws.com

px.mountain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f103:181:face:b00c:0:25de (Ashburn, United States)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2620:1ec:21::14 (United States) 4 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px4.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.154.8 (Kansas City, United States) 2 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 8.154.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.71.131.137 (United States) 3 redirects

ASN16509 (AMAZON-02, US)
PTR: a6370ebea231e0c9a.awsglobalaccelerator.com

match.adsrvr.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.216.220.116 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-216-220-116.compute-1.amazonaws.com

sync.crwdcntrl.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.214.54.215 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-214-54-215.compute-1.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.81.162.201 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-81-162-201.us-west-2.compute.amazonaws.com

gs.mountain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.245.46.233 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-245-46-233.us-west-2.compute.amazonaws.com

px.steelhousemedia.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
34	fortinet.com www.fortinet.com — Cisco Umbrella Rank: 221752 metrics.fortinet.com — Cisco Umbrella Rank: 973993	6 MB
22	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 521	150 KB
16	6sc.co j.6sc.co — Cisco Umbrella Rank: 12402 c.6sc.co — Cisco Umbrella Rank: 16017 ipv6.6sc.co — Cisco Umbrella Rank: 12823 b.6sc.co — Cisco Umbrella Rank: 6896	22 KB
7	linkedin.com 4 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 669 www.linkedin.com — Cisco Umbrella Rank: 914 px4.ads.linkedin.com — Cisco Umbrella Rank: 7330	4 KB
7	ml314.com 2 redirects ml314.com — Cisco Umbrella Rank: 3108	14 KB
7	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	612 KB
6	doubleclick.net 1 redirects ad.doubleclick.net — Cisco Umbrella Rank: 210 googleads.g.doubleclick.net — Cisco Umbrella Rank: 77 10104846.fls.doubleclick.net	5 KB
6	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 554	126 KB
5	outbrain.com amplify.outbrain.com — Cisco Umbrella Rank: 4363 tr.outbrain.com — Cisco Umbrella Rank: 4248 wave.outbrain.com — Cisco Umbrella Rank: 4246	10 KB
4	adnxs.com 2 redirects secure.adnxs.com — Cisco Umbrella Rank: 764 ib.adnxs.com — Cisco Umbrella Rank: 383	4 KB
4	mountain.com dx.mountain.com — Cisco Umbrella Rank: 8539 px.mountain.com — Cisco Umbrella Rank: 8773 gs.mountain.com — Cisco Umbrella Rank: 14631	10 KB
4	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 319 fortinet.demdex.net	2 KB
3	eyeota.net 2 redirects ps.eyeota.net — Cisco Umbrella Rank: 1596	2 KB
3	adsrvr.org 3 redirects match.adsrvr.org — Cisco Umbrella Rank: 505	2 KB
3	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 1356	842 B
3	t.co t.co — Cisco Umbrella Rank: 979	896 B
3	contanuity.com intentstream.contanuity.com — Cisco Umbrella Rank: 173029 tracking.contanuity.com — Cisco Umbrella Rank: 44051	1 KB
3	google.com www.google.com — Cisco Umbrella Rank: 10	192 B
3	argusplatform.com tmp.argusplatform.com — Cisco Umbrella Rank: 859686 pixels.argusplatform.com — Cisco Umbrella Rank: 956759 webtracker.argusplatform.com	4 KB
3	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 66995 ibc-flow.techtarget.com — Cisco Umbrella Rank: 63746	2 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 534	15 KB
2	crwdcntrl.net 2 redirects sync.crwdcntrl.net — Cisco Umbrella Rank: 1261	866 B
2	rlcdn.com 2 redirects idsync.rlcdn.com — Cisco Umbrella Rank: 689	832 B
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 108	4 KB
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1884	15 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 236	72 KB
2	inzynk.io tags.inzynk.io — Cisco Umbrella Rank: 669379 analytics.inzynk.io — Cisco Umbrella Rank: 434735	22 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 18992	715 B
2	demandscience.com abm-tracking.demandscience.com — Cisco Umbrella Rank: 157542	3 KB
2	omappapi.com a.omappapi.com — Cisco Umbrella Rank: 9699 api.omappapi.com — Cisco Umbrella Rank: 10036	3 KB
2	crazyegg.com script.crazyegg.com — Cisco Umbrella Rank: 4547	3 KB
1	steelhousemedia.com px.steelhousemedia.com — Cisco Umbrella Rank: 24442	318 B
1	siteimproveanalytics.io 6033413.global.siteimproveanalytics.io — Cisco Umbrella Rank: 847514	149 B
1	siteimproveanalytics.com siteimproveanalytics.com — Cisco Umbrella Rank: 8455	12 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 1253	15 KB
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 410	15 KB
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 104
1	mathtag.com pixel.mathtag.com — Cisco Umbrella Rank: 4337	712 B
1	opmnstr.com a.opmnstr.com — Cisco Umbrella Rank: 59906	18 KB
1	omtrdc.net fortinet.tt.omtrdc.net — Cisco Umbrella Rank: 990592	3 KB
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 2184	490 B
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 1019	305 B
0	krxd.net Failed usermatch.krxd.net Failed
166	43

	Domain	Requested by
33	www.fortinet.com	www.fortinet.com
22	assets.adobedtm.com	cdn.cookielaw.org assets.adobedtm.com
13	b.6sc.co	www.fortinet.com
7	ml314.com	2 redirects www.fortinet.com ml314.com
7	www.googletagmanager.com	assets.adobedtm.com www.googletagmanager.com abm-tracking.demandscience.com
6	cdn.cookielaw.org	www.fortinet.com cdn.cookielaw.org
5	px.ads.linkedin.com	3 redirects snap.licdn.com
3	ps.eyeota.net	2 redirects
3	match.adsrvr.org	3 redirects
3	analytics.twitter.com
3	t.co
3	www.google.com	www.fortinet.com
3	googleads.g.doubleclick.net	www.googletagmanager.com
3	bat.bing.com	assets.adobedtm.com bat.bing.com www.fortinet.com
3	dpm.demdex.net	www.fortinet.com
2	sync.crwdcntrl.net	2 redirects
2	idsync.rlcdn.com	2 redirects
2	www.facebook.com
2	px.mountain.com	dx.mountain.com px.mountain.com
2	snap.licdn.com	www.fortinet.com snap.licdn.com
2	connect.facebook.net	www.fortinet.com connect.facebook.net
2	10104846.fls.doubleclick.net	1 redirects assets.adobedtm.com
2	ib.adnxs.com	1 redirects
2	secure.adnxs.com	1 redirects
2	intentstream.contanuity.com	abm-tracking.demandscience.com
2	ibc-flow.techtarget.com	trk.techtarget.com
2	epsilon.6sense.com	j.6sc.co
2	abm-tracking.demandscience.com	www.fortinet.com abm-tracking.demandscience.com
2	tr.outbrain.com	amplify.outbrain.com
2	amplify.outbrain.com	www.fortinet.com amplify.outbrain.com
2	script.crazyegg.com	www.fortinet.com script.crazyegg.com
1	px.steelhousemedia.com
1	gs.mountain.com	px.mountain.com
1	px4.ads.linkedin.com
1	www.linkedin.com	1 redirects
1	6033413.global.siteimproveanalytics.io
1	webtracker.argusplatform.com	tmp.argusplatform.com
1	siteimproveanalytics.com	assets.adobedtm.com
1	analytics.inzynk.io	tags.inzynk.io
1	tags.inzynk.io	assets.adobedtm.com
1	static.ads-twitter.com	www.fortinet.com
1	dx.mountain.com	www.fortinet.com
1	tracking.contanuity.com	abm-tracking.demandscience.com www.fortinet.com
1	metrics.fortinet.com	www.fortinet.com
1	cdn.jsdelivr.net	abm-tracking.demandscience.com
1	pixels.argusplatform.com	tmp.argusplatform.com
1	www.google-analytics.com	www.googletagmanager.com
1	ad.doubleclick.net	www.fortinet.com
1	pixel.mathtag.com	www.fortinet.com
1	tmp.argusplatform.com	www.fortinet.com
1	trk.techtarget.com	www.fortinet.com
1	api.omappapi.com	a.opmnstr.com
1	a.omappapi.com	a.opmnstr.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	wave.outbrain.com	amplify.outbrain.com
1	a.opmnstr.com	assets.adobedtm.com
1	j.6sc.co	www.fortinet.com
1	fortinet.tt.omtrdc.net	www.fortinet.com
1	cm.everesttech.net	1 redirects
1	fortinet.demdex.net	www.fortinet.com
1	geolocation.onetrust.com	cdn.cookielaw.org
0	usermatch.krxd.net Failed
166	63

This site contains links to these domains. Also see Links.

Domain
www.linkedin.com
www.twitter.com
www.youtube.com
www.instagram.com
www.facebook.com
fortiguard.com
community.fortinet.com
investor.fortinet.com
onetrust.com

Subject Issuer	Validity	Valid
*.fortinet.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-16` - `2025-07-15`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2024-03-01` - `2024-12-31`	10 months	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh
assets.adobedtm.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-09` - `2025-08-09`	a year	crt.sh
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2024-10-26`	a year	crt.sh
*.tt.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2023-08-22` - `2024-09-21`	a year	crt.sh
6sc.co R11	`2024-07-03` - `2024-10-01`	3 months	crt.sh
script.crazyegg.com E1	`2024-06-03` - `2024-09-01`	3 months	crt.sh
*.outbrain.com DigiCert TLS RSA SHA256 2020 CA1	`2023-12-14` - `2024-12-14`	a year	crt.sh
a.opmnstr.com R11	`2024-06-25` - `2024-09-23`	3 months	crt.sh
www.bing.com Microsoft Azure RSA TLS Issuing CA 04	`2024-06-19` - `2024-12-16`	6 months	crt.sh
*.google-analytics.com WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
a.omappapi.com R11	`2024-06-25` - `2024-09-23`	3 months	crt.sh
omappapi.com WE1	`2024-06-16` - `2024-09-14`	3 months	crt.sh
trk.techtarget.com WE1	`2024-07-23` - `2024-10-21`	3 months	crt.sh
abm-tracking.demandscience.com R11	`2024-06-14` - `2024-09-12`	3 months	crt.sh
tmp.argusplatform.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2024-04-23` - `2024-10-23`	6 months	crt.sh
*.mathtag.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-04-23` - `2025-04-30`	a year	crt.sh
*.6sense.com Amazon RSA 2048 M03	`2024-04-23` - `2025-05-22`	a year	crt.sh
ibc-flow.techtarget.com WR3	`2024-07-02` - `2024-09-30`	3 months	crt.sh
*.doubleclick.net WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
pixels.argusplatform.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2024-04-22` - `2024-10-22`	6 months	crt.sh
*.google.com WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-09-27` - `2024-10-28`	a year	crt.sh
intentstream.contanuity.com E5	`2024-06-16` - `2024-09-14`	3 months	crt.sh
metrics.fortinet.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-26` - `2025-01-25`	a year	crt.sh
tracking.contanuity.com R11	`2024-07-13` - `2024-10-11`	3 months	crt.sh
*.mountain.com Go Daddy Secure Certificate Authority - G2	`2024-05-23` - `2025-06-24`	a year	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-25` - `2025-06-24`	a year	crt.sh
*.inzynk.io Amazon RSA 2048 M02	`2024-01-07` - `2025-02-04`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-05-02` - `2024-07-31`	3 months	crt.sh
siteimproveanalytics.com WE1	`2024-06-21` - `2024-09-19`	3 months	crt.sh
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-08` - `2025-05-07`	a year	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-07` - `2024-11-05`	a year	crt.sh
webtracker.argusplatform.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2024-04-23` - `2024-10-23`	6 months	crt.sh
18.210.229.244 Sectigo RSA Domain Validation Secure Server CA	`2024-01-24` - `2025-02-13`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
event-horizon.gcp.bomm.in WR3	`2024-06-23` - `2024-09-21`	3 months	crt.sh
*.global.r1.siteimproveanalytics.io Amazon RSA 2048 M02	`2023-10-26` - `2024-11-23`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-07-01` - `2025-01-01`	6 months	crt.sh

This page contains 3 frames:

Primary Page: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
Frame ID: 025D85F1A87FD8F7673FFB5F91380CE4
Requests: 163 HTTP requests in this frame

Frame: https://fortinet.demdex.net/dest5.html?d_nsid=0
Frame ID: 4A9A4CD101A955B90FB84D48A203588E
Requests: 1 HTTP requests in this frame

Frame: https://10104846.fls.doubleclick.net/activityi;dc_pre=CLjGwbLIv4cDFf78_QUdvxMKLQ;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=9272035833899.52
Frame ID: A7B081058F49AC6A1B901AB044A8B247
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Exploiting CVE-2024-21412: A Stealer Campaign Unleashed | FortiGuard Labs

Detected technologies

Adobe Experience Manager (CMS) Expand

Overall confidence: 100%
Detected patterns

/etc/designs/
/etc\.clientlibs/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Crazy Egg (Analytics) Expand

Overall confidence: 100%
Detected patterns

script\.crazyegg\.com/pages/scripts/\d+/\d+\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

FingerprintJS (JavaScript libraries) Expand

Overall confidence: 100%
Detected patterns

/fingerprintjs@(\d)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

TrackJs (Analytics) Expand

Overall confidence: 100%
Detected patterns

tracker\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

166
Requests

92 %
HTTPS

38 %
IPv6

43
Domains

63
Subdomains

52
IPs

2
Countries

7391 kB
Transfer

10869 kB
Size

70
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://www.linkedin.com/company/fortinet

Search URL Search Domain Scan URL

URL: https://www.twitter.com/fortinet

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCJHo4AuVomwMRzgkA5DQEOA?sub_confirmation=1

Search URL Search Domain Scan URL

URL: https://www.instagram.com/fortinet/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/fortinet

Search URL Search Domain Scan URL

URL: https://fortiguard.com/
Title: FortiGuard Labs

Search URL Search Domain Scan URL

URL: https://community.fortinet.com/
Title: Fortinet Community

Search URL Search Domain Scan URL

URL: https://investor.fortinet.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://onetrust.com/poweredbyonetrust

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 41

https://cm.everesttech.net/cm/dd?d_uuid=13538561296373683852621395005955410987 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZqDkeQAAAIQyZANx

Request Chain 103

https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=406563d9626bcf2fead8b317a0d3497c_1721820281534 HTTP 303
https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=406563d9626bcf2fead8b317a0d3497c_1721820281534&_bee_ppp=1 HTTP 303
https://tracking.contanuity.com/usersync?bwcookie=AADLx07NQckAABNo_eqvEQ

Request Chain 122

https://secure.adnxs.com/px?id=1773420&t=2 HTTP 307
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1773420%26t%3D2

Request Chain 123

https://ib.adnxs.com/seg?add=36113683 HTTP 307
https://ib.adnxs.com/bounce?%2Fseg%3Fadd%3D36113683

Request Chain 126

https://10104846.fls.doubleclick.net/activityi;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=9272035833899.52 HTTP 302
https://10104846.fls.doubleclick.net/activityi;dc_pre=CLjGwbLIv4cDFf78_QUdvxMKLQ;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=9272035833899.52

Request Chain 147

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050&time=1721820282358&li_adsId=c30761a1-8708-483d-8179-f99ff28c69b4&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050&time=1721820282358&li_adsId=c30761a1-8708-483d-8179-f99ff28c69b4&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7120%252C2159050%26time%3D1721820282358%26li_adsId%3Dc30761a1-8708-483d-8179-f99ff28c69b4%26url%3Dhttps%253A%252F%252Fwww.fortinet.com%252Fblog%252Fthreat-research%252Fexploiting-cve-2024-21412-stealer-campaign-unleashed%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050&time=1721820282358&li_adsId=c30761a1-8708-483d-8179-f99ff28c69b4&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&cookiesTest=true&liSync=true HTTP 302
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050&time=1721820282358&li_adsId=c30761a1-8708-483d-8179-f99ff28c69b4&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&cookiesTest=true&liSync=true&e_ipv6=AQL9FlmCfqczVwAAAZDkfH6zerO9FtCayS3excPbhWnHk321URyLB84AHlFZ5Lq0MRGAinrvBEp8M1bFZRdgNJY8X1QyEr4

Request Chain 149

https://idsync.rlcdn.com/395886.gif?partner_uid=3645797453183057942 HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CO6UGBIeChoIARCuXxoTMzY0NTc5NzQ1MzE4MzA1Nzk0MhAAGg0I-siDtQYSBQjoBxAAQgBKAA HTTP 307
https://ml314.com/csync.ashx?fp=4007d249a5198f1df7b74a1966ce754c9589a16b74fd4f8ab956143a63cf9c04f4cb09cee1a4f8eb&person_id=3645797453183057942&eid=50082

Request Chain 150

https://match.adsrvr.org/track/cmf/generic?ttd_pid=d0tro1j&ttd_tpi=1 HTTP 302
https://match.adsrvr.org/track/cmb/generic?ttd_pid=d0tro1j&ttd_tpi=1 HTTP 302
https://ml314.com/utsync.ashx?eid=53819&et=0&fp=81f62988-9cb0-41a0-a2c2-cd751ac17a62&gdpr=0&gdpr_consent=

Request Chain 151

https://sync.crwdcntrl.net/map/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3645797453183057942 HTTP 302
https://sync.crwdcntrl.net/map/ct=y/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3645797453183057942 HTTP 302
https://ml314.com/csync.ashx?fp=9e46558a065a895a967a53b234d3be45&eid=50146&person_id=3645797453183057942

Request Chain 152

https://ps.eyeota.net/pixel?pid=r8hrb20&t=gif HTTP 302
https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif HTTP 302
https://ml314.com/utsync.ashx?eid=50052&et=0&fp=2Yj9uIHGPSteYjikvwlaqYI4qJQKmat5p6UpP9Ufb8TM&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3Dr8hrb20%26uid%3Dnil%26referrer_pid%3Dr8hrb20 HTTP 302
https://ml314.com/csync.ashx?fp=2Yj9uIHGPSteYjikvwlaqYI4qJQKmat5p6UpP9Ufb8TM&person_id=3645797453183057942&eid=50052&return=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3Dr8hrb20%26uid%3Dnil%26referrer_pid%3Dr8hrb20 HTTP 302
https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20

Request Chain 157

https://match.adsrvr.org/track/cmf/generic?ttd_pid=steelhouse&ttd_tpi=1&ttd_puid=52a11f09-49af-11ef-bcaa-3da86a6f1752&gdpr=&gdpr_consent= HTTP 302
https://px.steelhousemedia.com/tdsync?tdid=81f62988-9cb0-41a0-a2c2-cd751ac17a62&shguid=52a11f09-49af-11ef-bcaa-3da86a6f1752

Request Chain 158

https://insight.adsrvr.org/track/evnt/?adv=6s0zaeu&ct=0:0bi0elf&fmt=3 HTTP 302
https://usermatch.krxd.net/um/v2?partner=ttd&partner_uid=ttd&gdpr=0&gdpr_consent=&ttd_tdid=81f62988-9cb0-41a0-a2c2-cd751ac17a62

166 HTTP transactions
2 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request exploiting-cve-2024-21412-stealer-campaign-unleashed Show response
www.fortinet.com/blog/threat-research/ 70 KB
25 KB 146ms
29ms Document
text/html 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

b8bd6ae17f88486fa86c4acb7f2190d93bcbdd5e223e55b46273cb0eb0a05878

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Age: 66033
Cache-Control: max-age=600, public, s-maxage=10800
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 23684
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Type: text/html;charset=utf-8
Date: Wed, 24 Jul 2024 11:23:17 GMT
ETag: "118e6-61ded2657972b-gzip"
Last-Modified: Tue, 23 Jul 2024 17:04:07 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
Via: 1.1 999e0c944d96e4c2945aab8389961e9c.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 939KcASDxeb64cnY88_1EGNexLcyxS66xHwvf7vwuHET9yUvJgfvAA==
X-Amz-Cf-Pop: IAD61-P2
X-Cache: Hit from cloudfront
X-Content-Type-Options: nosniff
X-Dispatcher: dispatcher1uswest1-28559594
X-Frame-Options: SAMEORIGIN
X-Vhost: publish
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK visitorapi.min.js Show response
www.fortinet.com/etc/designs/fortinet/adb-target/ 64 KB
30 KB 54ms
24ms Script
application/javascript 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc/designs/fortinet/adb-target/visitorapi.min.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

0f03d4ff929986a3cde83681fd2560eae544f7138f59945ec6ec32c17800ca91

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Fri, 19 Jul 2024 19:32:47 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Encoding: gzip
Via: 1.1 362048055e32798c3baf11d093fb4a46.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
X-Vhost: publish
X-Cache: Hit from cloudfront
Age: 402713
Connection: keep-alive
Content-Length: 29532
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 15 Feb 2024 21:43:32 GMT
Server: Apache
ETag: "fe2d-6117284c96900-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: v64hyD-PyLN0netM96aSH3bke_xS4Sjj3ARTEea8WDAf-NQ4dAK3NQ==

GET
H/1.1 200
OK at.js Show response
www.fortinet.com/etc/designs/fortinet/adb-target/ 104 KB
48 KB 57ms
26ms Script
application/javascript 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc/designs/fortinet/adb-target/at.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

db058d72d7ba8ff6ed7209af23a4458c373cc78f72c81ec1df88bb5de72a0b0b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Fri, 19 Jul 2024 20:11:23 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Encoding: gzip
Via: 1.1 7c52bc60e0da5f557ed6047264a41c18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
X-Vhost: publish
X-Cache: Hit from cloudfront
Age: 400397
Connection: keep-alive
Content-Length: 47782
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 21 Mar 2024 20:59:39 GMT
Server: Apache
ETag: "19e83-61431fc4b24c0-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: iXoH3fkvhwwqvFPQ9twixvBo14uCYmBOWgenpZS9EhIqiGQ0jYHZCw==

GET
H/1.1 200
OK clientlib-base.min.900b148ab7b87024003111a1245cca9c.css
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/ 540 KB
28 KB 27ms
20ms Stylesheet
text/css 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.900b148ab7b87024003111a1245cca9c.css

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

94633716497a85d800b6e573953942c4cfe483c0dbd68fa97fd01dd97ced5d66

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 18:50:22 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Encoding: gzip
Via: 1.1 999e0c944d96e4c2945aab8389961e9c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
X-Vhost: publish
X-Cache: Hit from cloudfront
Age: 146160
Connection: keep-alive
Content-Length: 27478
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 20 Jun 2024 20:55:17 GMT
Server: Apache
ETag: "86e1b-61b58883c7740-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: text/css;charset=utf-8
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: fUUN2is_CytzUghzCidK3pYloO_rf3D-C7GH2buRlnlG5jZeAzjxDg==

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 82ms
19ms Script
application/javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0c289faa80333eff728b8bdbbf10b11dec1a6e1938a444e1cc41be6744e96d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 24 Jul 2024 11:24:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: PzcU3Ivp6w0l3AsetHXgNw==
age: 71376
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6882
x-ms-lease-status: unlocked
last-modified: Mon, 22 Jul 2024 16:52:22 GMT
server: cloudflare
etag: 0x8DCAA6EA7FD79D6
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 84d5a425-501e-00d8-5667-dc345b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a838b8eb8c14346-EWR

GET
H/1.1 200
OK fortinet-logo-white.svg
www.fortinet.com/content/dam/fortinet-blog/ 32 KB
3 KB 54ms
24ms Image
image/svg+xml 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/fortinet-logo-white.svg

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Wed, 24 Jul 2024 11:17:19 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Encoding: gzip
Via: 1.1 02db209838c99b1e3d9f7e6b74ddf272.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
X-Vhost: publish
X-Cache: Hit from cloudfront
Age: 29024599
Content-Disposition: attachment; filename="fortinet-logo-white.svg"
Connection: keep-alive
Content-Length: 1998
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 22 Feb 2018 23:16:01 GMT
Server: Apache
ETag: "7ebb-565d53a1d6e40-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: u7bfi7PkNsGWd9tevCR96BJXIDW2WPHmuLPBmhE8qpmzOaH5RVe3OA==

GET
H/1.1 200
OK toc-icon.jpg
www.fortinet.com/content/dam/fortinet/images/ 1 KB
3 KB 54ms
24ms Image
image/jpeg 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet/images/toc-icon.jpg

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

370df1cc8999c1e03fc1c5f7ced35334513d19233d1fc79d2c1c7f711361565d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Wed, 24 Jul 2024 11:23:58 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 e79fe89baeb54b7f7a5fec836a3f01b4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 21837016
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 1277
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 14 Nov 2023 17:34:13 GMT
Server: Apache
ETag: "4fd-60a2031eb4f40"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: CWhOz1gSo5BgtVOkkcbCb3Scv--MFZlGrZ8TMS5v0CJPbwngrWz0qg==

GET
H/1.1 200
OK clientlib-base.min.ba4f082a77dabb2c6baf715d9eb61c22.js Show response
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/ 160 KB
74 KB 23ms
22ms Script
application/javascript 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.ba4f082a77dabb2c6baf715d9eb61c22.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

7b1e74dd6970b56853dfd79e59ba73315051b0c59a69c6a9fd87e515650fdc80

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Mon, 22 Jul 2024 18:48:43 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Encoding: gzip
Via: 1.1 e79fe89baeb54b7f7a5fec836a3f01b4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
X-Vhost: publish
X-Cache: Hit from cloudfront
Age: 146157
Connection: keep-alive
Content-Length: 74768
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 11 Jul 2024 21:01:58 GMT
Server: Apache
ETag: "28100-61cff12ce1d80-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript;charset=utf-8
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: xeJQmkOgSnR19a53wbXg3O1exAFjHFnn9z6As7NMMVcL2VX9yG6tGQ==

GET
H2 200 f85f39fc-d7aa-467a-b762-fbb722748016.json Show response
cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/ 5 KB
2 KB 49ms
29ms XHR
application/x-javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/f85f39fc-d7aa-467a-b762-fbb722748016.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8998282f5a80fff5eaafdbd457dd7a81af0cd7c8696bfe032a6aeef8fe67f99f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 24 Jul 2024 11:24:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 62796
content-md5: Uj3iBUKm1Vl2g2NHq67V+w==
content-length: 1792
x-ms-lease-status: unlocked
last-modified: Thu, 28 Dec 2023 19:56:54 GMT
server: cloudflare
etag: 0x8DC07DF23DF5130
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 67257c4e-101e-0033-60c8-396628000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a838b8ef90c8cc6-EWR
expires: Thu, 25 Jul 2024 11:24:40 GMT

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK cve-2024-21412-hero.png
www.fortinet.com/content/dam/fortinet-blog/article-heros/ 429 KB
431 KB 19ms
19ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/article-heros/cve-2024-21412-hero.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

05b1d251b44fdd42bd27a73eb373440c9957297292c3f13a677eb908648486ee

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 13:09:56 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 7c52bc60e0da5f557ed6047264a41c18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 80608
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 439634
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:40:28 GMT
Server: Apache
ETag: "6b552-61d8d43f52f00"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: qDWYKhTENEz_Vbt6pfa9SlMxtszdIWpKdFR3xj_OsEzsGyMUjFIGhQ==

GET
H/1.1 200
OK UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
www.fortinet.com/etc/designs/fortinet/gfonts/ 37 KB
38 KB 18ms
17ms Font
application/octet-stream 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc/designs/fortinet/gfonts/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.900b148ab7b87024003111a1245cca9c.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

b97c99a69a6275c8f90703cd4c0864089a74fd08383a1cc75a8a4d0c2cb60cce

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.900b148ab7b87024003111a1245cca9c.css
Origin: https://www.fortinet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Thu, 11 Jul 2024 21:13:11 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 e79fe89baeb54b7f7a5fec836a3f01b4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 1087889
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 37716
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 18 May 2022 21:08:06 GMT
Server: Apache
ETag: "9354-5df4fa74ff980"
X-Frame-Options: SAMEORIGIN
Content-Type: application/octet-stream
Cache-Control: max-age=2000000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: 81dZ3xr6ypLdKd8sNvJ4GfZ2HUnYaoJpcld1xjhK_Yypk3ZG8d6KuA==

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 69 B
305 B 86ms
61ms XHR
application/json 2606:4700:4400::6812:2089
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::6812:2089 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

59e58524340cd7ad353be010374b124c242fdde10a0ed41047fe2fd4bb9e5a2e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 8a838b8f9d4d4291-EWR
access-control-allow-headers: Content-Type

GET
H/1.1 200
OK stealer-1.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image.img.png/1721335821214/ 85 KB
86 KB 19ms
18ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image.img.png/1721335821214/stealer-1.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

855f75e3c59ecf05751e400ad7f8ef021ab050a882b7c4861a187c9475c16dbc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 362048055e32798c3baf11d093fb4a46.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67029
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 86575
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 20:50:21 GMT
Server: Apache
ETag: "1522f-61d8bba265d40"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: dy-EnTmDfAPxxYaYfpOFGM7fAtkmTgPVPJaJra0dm-7fvWcOqeB1ow==

GET
H/1.1 200
OK stealer-2.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy.img.png/1721340599411/ 62 KB
63 KB 18ms
17ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy.img.png/1721340599411/stealer-2.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

bf75adb4dce36bece1ce5451a9fb6d4fbd65ee72fc074b55ca676f2d8898da5b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 02db209838c99b1e3d9f7e6b74ddf272.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67025
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 63509
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:09:59 GMT
Server: Apache
ETag: "f815-61d8cd6f0dbc0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: QTjoTv55wdhyRIBtSWeqU3z41p4ejY_nqHnR_-skChXPmGeD82lKlw==

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif

GET
H/1.1 200
OK stealer-3.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy.img.png/1721338963877/ 25 KB
26 KB 19ms
18ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy.img.png/1721338963877/stealer-3.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

1d7b331a045e0921f57a7aca33a2be27539027cc5b1ded6de5ad38263eddf8a3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 02db209838c99b1e3d9f7e6b74ddf272.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67029
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 25740
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 21:42:43 GMT
Server: Apache
ETag: "648c-61d8c756d7ac0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: EivEakvZT8D00mWFcoQAGBJNnBmY_3DoZB9pECKdaDAiawmZ73RGxg==

GET
H/1.1 200
OK stealer-3-2.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_110863164.img.png/1721338977125/ 25 KB
26 KB 20ms
18ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

0e5f18649f61dd74f9caf157048d64c16ceb0fd2e8b54ed9e3c6ff1ebf22bd24

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 362048055e32798c3baf11d093fb4a46.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 66494
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 25595
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 21:42:57 GMT
Server: Apache
ETag: "63fb-61d8c76431a40"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: L_8u0t1MYKFnr_H26dha_7b1NxClz9QvG9E13VNB3LDKRRxT8NI2fA==

GET
H/1.1 200
OK stealer-4.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy.img.png/1721339893610/ 255 KB
256 KB 23ms
21ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

e3a54e557f40c9a8528562f5f9fe39cb3fce5ad1e3f4238ec791c17961645240

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 e79fe89baeb54b7f7a5fec836a3f01b4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67029
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 260902
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 21:58:13 GMT
Server: Apache
ETag: "3fb26-61d8cacdc2740"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: A0ANMruDT6pfdWoKQDu9THj06IJNuFZ-zAc7l9rWZAavvi_lrlbaPA==

GET
H/1.1 200
OK stealer-5.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_967242649.img.png/1721339920989/ 736 KB
737 KB 21ms
19ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

bdfd8a95ffd68d8bc7149ea79a3ca8a1869fe507a42e4f7a368f626843346e89

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 7c52bc60e0da5f557ed6047264a41c18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67024
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 753246
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 21:58:40 GMT
Server: Apache
ETag: "b7e5e-61d8cae782400"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: MRKZrd6ZSGdOGYFkwjaTeqihVMT7RSESbEGtwt_pKF3LpooeDzo9AQ==

GET
H/1.1 200
OK stealer-6.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_1215818884.img.png/1721340297519/ 226 KB
227 KB 20ms
18ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

895f6b9e5d37c494c7c8ebf30eade521c286b27001d256e3a37f5ac27684a57d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 999e0c944d96e4c2945aab8389961e9c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67029
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 231447
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:04:57 GMT
Server: Apache
ETag: "38817-61d8cc4f0b440"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: S2AZo2Gnsn_oOoSPtUlwH-0vQxGDilBd0IdFCTCKTRRk3orqeG-E4Q==

GET
H/1.1 200
OK stealer-6-2.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_386732739.img.png/1721340317097/ 251 KB
252 KB 43ms
41ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

e2d910265020b45a6878d4b62b104bc4cfbcf7554e7386d81aef7a0ae208048e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 3200e279ff99ad1800a0dd3b3c8e2d10.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67029
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 257145
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:05:17 GMT
Server: Apache
ETag: "3ec79-61d8cc621e140"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: dxLzusTdKYcv6mRAjogscnlMjgtLo3fIhfe7QjPi2GXL9_UWyBjtMw==

GET
H/1.1 200
OK stealer-7.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_1175059951.img.png/1721340377992/ 485 KB
486 KB 18ms
17ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

663fcd2b41d75e07e72ea2622d80566bcf10f1951f7293217d5fd9c9e3e542d8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 02db209838c99b1e3d9f7e6b74ddf272.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67029
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 496746
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:06:17 GMT
Server: Apache
ETag: "7946a-61d8cc9b56840"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: bpaYJ5vZuVqxPT1wJmuFySIDP8it-SF0OZ08AZ-tmJ76oOxWhjaFnQ==

GET
H/1.1 200
OK stealer-8.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_1558477246.img.png/1721340431350/ 36 KB
38 KB 20ms
20ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

770be267abb4fe287bf67c2fdbdf4f14556632b8e07a6d464e58ca56e3e33474

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 362048055e32798c3baf11d093fb4a46.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67029
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 37083
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:07:11 GMT
Server: Apache
ETag: "90db-61d8ccced61c0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: SAAkPMYvMRcShHLOePyF7mJFczp-8tu8cTg7dqJvG8PYUZIijKFlLQ==

GET
H/1.1 200
OK stealer-8-2.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_447561515.img.png/1721340453929/ 31 KB
32 KB 20ms
19ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

ebd0b0892d3b17adc658369a10ebfe9abcd4883fd08bb047fd66dd459edd4481

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 362048055e32798c3baf11d093fb4a46.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67029
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 31764
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:07:33 GMT
Server: Apache
ETag: "7c14-61d8cce3d1340"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: OVLdHHBicjpCeWgle6kTBLOQFJVXlnAVI8YIR9w8znd3NbfS2vju-Q==

GET
H/1.1 200
OK stealer-9.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_299690718.img.png/1721340797851/ 548 KB
549 KB 18ms
18ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

bedf62e46e59fa272ad95971fb563c91a33501c2443058083872960861534da7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 362048055e32798c3baf11d093fb4a46.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67029
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 561099
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:13:17 GMT
Server: Apache
ETag: "88fcb-61d8ce2be1940"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: 6UNhF9XwAw_Q-5TXOYBVz1nyRwA13LzGiRWq4TY2desGuHujsTfshg==

GET
H/1.1 200
OK stealer-10.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_486093180.img.png/1721341353108/ 536 KB
537 KB 20ms
20ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

bec82187bec72da82a4eed1c0c3624ac495ca960b7286da80815db9b5c43777e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 999e0c944d96e4c2945aab8389961e9c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 66763
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 548887
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:22:33 GMT
Server: Apache
ETag: "86017-61d8d03e1fc40"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: N4RggXGfoiXYAoJiVVICQ1BY-jNsbVqJDoPAKPswZlmZ7YPehTdDwQ==

GET
H/1.1 200
OK stealer-11.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_1792784929.img.png/1721341661455/ 495 KB
497 KB 20ms
19ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

114ed516604e98cd030c85d1be345541019326d2f32bb784626fb13ad57f8744

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 e79fe89baeb54b7f7a5fec836a3f01b4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67027
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 507338
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:27:41 GMT
Server: Apache
ETag: "7bdca-61d8d163db140"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: nskZYlErurCTYHfz-487G0b1OEtAlVBV_-Wvan1J8WeAdsoGuzlh6g==

GET
H/1.1 200
OK stealer-12.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_125801863.img.png/1721341839402/ 54 KB
55 KB 19ms
18ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

30ddee8ebf0ffd7c415585a9e3a0e8023deb80ed05b857a4427dbb75790c43bd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 02db209838c99b1e3d9f7e6b74ddf272.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67029
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 55265
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:30:39 GMT
Server: Apache
ETag: "d7e1-61d8d20d9c1c0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: RGDQ5dLV35BxZ4jgdtDxYHTVvhEufUAFEpwGuGJMkuohmVQhZim2Mg==

GET
H/1.1 200
OK stealer-13.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_1354616904.img.png/1721341858282/ 508 KB
509 KB 20ms
20ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

3e63ed3b834f3a6961e1476a3dfadffb78212feac2bf804352a6926091b4c828

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 23 Jul 2024 17:52:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 3200e279ff99ad1800a0dd3b3c8e2d10.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 66493
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 520084
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:30:58 GMT
Server: Apache
ETag: "7ef94-61d8d21fbac80"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: COsN0pjV4d6ygR6pCPxoF7Gxck7gJiD4yyVPRpmPAEiz2uDl7saV0w==

GET
H/1.1 200
OK stealer-14.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_210389830.img.png/1721341914790/ 287 KB
288 KB 20ms
20ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

b64cae93d3398a9d5da33d3728f714a222df73943f87b81b7f2c49d58e2794ef

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 23 Jul 2024 17:52:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 02db209838c99b1e3d9f7e6b74ddf272.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 66762
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 293512
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:31:54 GMT
Server: Apache
ETag: "47a88-61d8d25522a80"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: gHcGEsVGKQp42pa6NFKfz2Mvx7T7s65tOa5-4RxTkHVs_8ydFGj9Qg==

GET
H/1.1 200
OK stealer-15.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_1279974212.img.png/1721341938787/ 102 KB
103 KB 21ms
20ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

d1fe20aff60f91b78aabd65363112fbc84a8e7c8dd0c258bb1aae48cc4e4879c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 23 Jul 2024 17:52:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 7c52bc60e0da5f557ed6047264a41c18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 66762
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 104452
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:32:18 GMT
Server: Apache
ETag: "19804-61d8d26c06080"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: x2t4G9C5eOvUft_rh3k0SLspt9NQGHoqPLhS4XvzawTTX2vTJXnJNg==

GET
H/1.1 200
OK stealer-16.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_398882795.img.png/1721341971772/ 270 KB
271 KB 20ms
19ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

8883bc0b8dd0d8b6e1f37046e643e3487484913aae5fedbb41b9c0c059ecf123

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 362048055e32798c3baf11d093fb4a46.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67028
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 276602
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:32:51 GMT
Server: Apache
ETag: "4387a-61d8d28b7eac0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: S9t3wflQB4SHU4HX1kr7odCFwVhY3xiEVwp0Qmsn6Ee5cIsvvHquew==

GET
H/1.1 200
OK stealer-17.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_1313884336.img.png/1721342021064/ 192 KB
193 KB 18ms
18ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

93f1175b9eb9dcdf7cc89fb8a0049b1734aead76c4e9a71ce2e74c6659dfc7a2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 23 Jul 2024 17:52:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 999e0c944d96e4c2945aab8389961e9c.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 66761
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 196311
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:33:41 GMT
Server: Apache
ETag: "2fed7-61d8d2bb2db40"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: 4xlg_igxkZ7n_J_javq49pgnmqAbxFTu1rxDmMIuBJo_epCeV1mOqg==

GET
H/1.1 200
OK stealer-18.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_991419676.img.png/1721342039151/ 230 KB
231 KB 20ms
20ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

9453297b8c031ffe12f292174750cabd95f6069010d7dfb77e3e840f462706e1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 23 Jul 2024 17:52:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 e79fe89baeb54b7f7a5fec836a3f01b4.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 66761
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 235191
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:33:59 GMT
Server: Apache
ETag: "396b7-61d8d2cc583c0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: oUloJsX-6bM7nwHWJP08fD7uXNZVg8pJTaLLlJ2UIYqMD4bs-0Yptg==

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.10.0/ 356 KB
78 KB 26ms
25ms Script
application/javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a23e0e46e16f067271bc79c92a917c13769848457d16cdf109e4dc04c687e8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 24 Jul 2024 11:24:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Bh9exWOPGIwRshWljrtlEw==
age: 62545
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 79698
x-ms-lease-status: unlocked
last-modified: Thu, 03 Dec 2020 02:43:00 GMT
server: cloudflare
etag: 0x8D89735260901BC
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 196e3d49-701e-0078-0644-149a7b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a838b902a624346-EWR

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/68cad325-7b77-4fcb-9f98-ba2e81aa9045/ 99 KB
24 KB 29ms
29ms Fetch
application/x-javascript 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/68cad325-7b77-4fcb-9f98-ba2e81aa9045/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7ad0607daba7c0ddecacb3c696099e761076f147549440a7b3c4baa8f67ddaac

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 24 Jul 2024 11:24:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 52358
content-md5: SDJFQYswktbx6w5cJzzMRQ==
content-length: 24004
x-ms-lease-status: unlocked
last-modified: Thu, 28 Dec 2023 19:57:06 GMT
server: cloudflare
etag: 0x8DC07DF2B6F9C71
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 9f466969-301e-009d-1cc8-39cb39000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a838b90aa5c8cc6-EWR
expires: Thu, 25 Jul 2024 11:24:40 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/6.10.0/assets/ 13 KB
4 KB 20ms
19ms Fetch
application/json 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.10.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8cdca3b36914e8a3f56390da71389944579faaae82704e53bd66f9c0387502f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 24 Jul 2024 11:24:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: W9e0YobmEbvdB0V9OmpQkw==
age: 53579
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3329
x-ms-lease-status: unlocked
last-modified: Thu, 03 Dec 2020 02:42:50 GMT
server: cloudflare
etag: 0x8D89735209A34D6
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: e7ba9f8a-a01e-0009-5512-247c50000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a838b910a968cc6-EWR

GET
H2 200 otPcTab.json Show response
cdn.cookielaw.org/scripttemplates/6.10.0/assets/v2/ 45 KB
12 KB 22ms
21ms Fetch
application/json 2606:4700::6813:b234
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.10.0/assets/v2/otPcTab.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6813:b234 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f9b2aaabab92d9c63930432351fa3f5aa634fcb5db31b039e23465f8b4bd5a68

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 24 Jul 2024 11:24:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: zNsRoM1FEmsEgJoYMCNTng==
age: 66458
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 11755
x-ms-lease-status: unlocked
last-modified: Thu, 03 Dec 2020 02:42:53 GMT
server: cloudflare
etag: 0x8D897352245C4EA
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 77f313b5-301e-0034-7eb4-210a4b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a838b910a988cc6-EWR

GET
H2 200 launch-EN23cb8375449840dc93b13f34d935b8b9.min.js Show response
assets.adobedtm.com/ 500 KB
120 KB 151ms
38ms Script
application/x-javascript 2600:1408:ac00:18d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Requested by: Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:18d::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 3f36cb484213cafc798ef594c00ffdc27156f0106c63b539c3464bae355fb82a

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:40 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:18 GMT
server: AkamaiNetStorage
etag: "8a4c827a8473d3eaa82e456391d2db4b:1721688797.91308"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 123001
expires: Wed, 24 Jul 2024 12:24:40 GMT

GET
H2 200 id Show response
dpm.demdex.net/ 367 B
914 B 78ms
23ms XHR
application/json 54.225.153.114
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1721820280572

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/etc/designs/fortinet/adb-target/visitorapi.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.225.153.114 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-225-153-114.compute-1.amazonaws.com

Software

Resource Hash

5a777f037e5ea5cabf5e099ed0ad7f8495dc2a9bcbac0987646cce9a4b900db4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

dcs: dcs-prod-va6-1-v062-07df5e0a6.edge-va6.demdex.com 6 ms
pragma: no-cache
date: Wed, 24 Jul 2024 11:24:40 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-tid: 1xJrcu87QPo=
vary: Origin
content-type: application/json;charset=utf-8
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
access-control-allow-credentials: true
content-length: 309
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 dest5.html
fortinet.demdex.net/ Frame 4A9A 0
0 49ms
16ms Document
text/html 54.225.153.114
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://fortinet.demdex.net/dest5.html?d_nsid=0

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/etc/designs/fortinet/adb-target/visitorapi.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.225.153.114 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-225-153-114.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.fortinet.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Wed, 24 Jul 2024 11:24:40 GMT
dcs: dcs-prod-va6-2-v062-034adfef0.edge-va6.demdex.com 0 ms
expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Thu, 18 Jul 2024 10:28:26 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains
vary: accept-encoding
x-tid: avplT0uLTDE=

GET
H2

200

ibs:dpid=411&dpuuid=ZqDkeQAAAIQyZANx
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=13538561296373683852621395005955410987
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZqDkeQAAAIQyZANx

42 B
716 B

18ms
18ms

Image
image/gif

54.225.153.114
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZqDkeQAAAIQyZANx

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Server

54.225.153.114 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-225-153-114.compute-1.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

dcs: dcs-prod-va6-1-v062-0386ae6f9.edge-va6.demdex.com 3 ms
pragma: no-cache
date: Wed, 24 Jul 2024 11:24:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: Tb2QvNkiTKo=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZqDkeQAAAIQyZANx
Date: Wed, 24 Jul 2024 11:24:41 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

POST
H2 200 delivery Show response
fortinet.tt.omtrdc.net/rest/v1/ 7 KB
3 KB 77ms
38ms XHR
application/json 63.140.38.236
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://fortinet.tt.omtrdc.net/rest/v1/delivery?client=fortinet&sessionId=3fa12b6ddbc446498b8f729307d6a816&version=2.10.0

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/etc/designs/fortinet/adb-target/at.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.38.236 , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ip-63-140-38-236.data.adobedc.net

Software

jag /

Resource Hash

9b0ef86eb648592e5a9064d8728c0ea793c31ec6549fa93089b4a12bc650a1e7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 24 Jul 2024 11:24:40 GMT
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
server: jag
x-content-type-options: nosniff
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
timing-allow-origin: *
x-xss-protection: 1; mode=block
x-request-id: 0bcd6d56-a17b-40b4-ba4c-c9745b01367d

GET
H/1.1 200
OK flyin-fortiguard-labs-outbreak-alerts-346x172.png
www.fortinet.com/content/dam/fortinet/images/promos/pzn/ 35 KB
37 KB 19ms
19ms Image
image/png 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet/images/promos/pzn/flyin-fortiguard-labs-outbreak-alerts-346x172.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

480e3b349655b6f17b20ec546c300957cad9ffd98b2d29be29db79422ededc52

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Wed, 24 Jul 2024 11:23:59 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 7c52bc60e0da5f557ed6047264a41c18.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 20429279
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 36133
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 30 Nov 2023 00:50:15 GMT
Server: Apache
ETag: "8d25-60b5408ea5fc0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: KU4BMcIXu6ocflyeWqATN5CrAX1CCjBH-eT1p5kh45eZpbMsSoHnhA==

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EPc7341b33570d4c988798fc9f0093d4b2/ 35 KB
13 KB 20ms
18ms Script
application/x-javascript 2600:1408:ac00:18d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPc7341b33570d4c988798fc9f0093d4b2/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:18d::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: f012c00d43164a4de843ae80abefe500f8497e1123d11c965cd3b40600fe9720

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:40 GMT
content-encoding: gzip
last-modified: Mon, 04 Mar 2024 18:51:30 GMT
server: AkamaiNetStorage
etag: "964f8cb588092ac645368e7307eb73ac:1709578290.803919"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12938
expires: Wed, 24 Jul 2024 12:24:40 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EPc7341b33570d4c988798fc9f0093d4b2/ 3 KB
2 KB 21ms
19ms Script
application/x-javascript 2600:1408:ac00:18d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPc7341b33570d4c988798fc9f0093d4b2/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:18d::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: b90b775b65c2623322caaa52d7acf6af709ca59bdd475a54043b6308d91828c4

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:40 GMT
content-encoding: gzip
last-modified: Mon, 04 Mar 2024 18:51:31 GMT
server: AkamaiNetStorage
etag: "9cf185793291692f744c78c75da01dd8:1709578291.795602"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1599
expires: Wed, 24 Jul 2024 12:24:40 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 68 KB
18 KB 46ms
14ms Script
application/javascript 23.205.106.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.106.73 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-205-106-73.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

4dba9e54570483a0624219ec53864f468c9cbdf4f9c1f23821e539de7cb0c9fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:24:40 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 12 Jul 2024 19:23:12 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "669182a0-10e5e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, proxy-revalidate, max-age=1800
accept-ranges: bytes
content-length: 18671
expires: Wed, 24 Jul 2024 11:54:40 GMT

GET
H2 200 0786.js Show response
script.crazyegg.com/pages/scripts/0117/ 7 KB
3 KB 48ms
19ms Script
text/javascript 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0117/0786.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8db92e7cdc1ad40168c42e93b05d842e056d8a5b83ae96b95d2b1c546f828196

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:40 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 97029
cf-polished: origSize=6998
ce-version: 11.5.248
cf-bgj: minify
last-modified: Tue, 23 Jul 2024 08:27:31 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
cf-ray: 8a838b938bde43fa-EWR

GET
H/1.1 200
OK obtp.js Show response
amplify.outbrain.com/cp/ 28 KB
9 KB 58ms
23ms Script
application/x-javascript 23.220.137.92
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://amplify.outbrain.com/cp/obtp.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.220.137.92 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-220-137-92.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 8489534bde4ad3c3cedebecd11b9babe653de6b413922ec2b877c5bfcb33ee3e

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Wed, 24 Jul 2024 11:24:40 GMT
Content-Encoding: gzip
Last-Modified: Mon, 22 Jul 2024 07:46:05 GMT
Server: AkamaiNetStorage
ETag: "7437febf15b08e005ac33eb9fc2707ae:1721634584.416148"
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-RG: NA
Cache-Control: max-age=1200
X-CC: US
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8614
Expires: Wed, 24 Jul 2024 11:44:40 GMT

GET
H2 200 api.min.js Show response
a.opmnstr.com/app/js/ 51 KB
18 KB 124ms
30ms Script
application/javascript 169.150.236.105
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://a.opmnstr.com/app/js/api.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.236.105 Chicago, United States, ASN60068 (CDN77 _, GB),
Reverse DNS: 169-150-236-105.bunnyinfra.net
Software: BunnyCDN-IL1-1207 /
Resource Hash: 13c309d0ebac3484b78106413ee31f46abfc690429c64ddf6ceb1b1838424ada

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:41 GMT
content-encoding: br
cdn-edgestorageid: 718
perma-cache: HIT
cdn-storageserver: NY-427
cdn-cachedat: 07/22/2024 20:03:24
cdn-pullzone: 293267
last-modified: Wed, 10 Jul 2024 18:36:03 GMT
server: BunnyCDN-IL1-1207
cdn-fileserver: 749
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"668ed493-cc71"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 9bc421c38c0307021273535075ef4660
cdn-requestcountrycode: US
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 bat.js Show response
bat.bing.com/ 49 KB
14 KB 77ms
22ms Script
application/javascript 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Wed, 24 Jul 2024 11:24:40 GMT
last-modified: Sat, 13 Jul 2024 20:42:16 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: E5DC24780A1245EAB0613AE25985626A Ref B: EWR30EDGE1112 Ref C: 2024-07-24T11:24:40Z
etag: "044982565d5da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 14183

GET
H2 200 RCac955f2e1e97429197e1e31aaec22e86-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 1 KB
942 B 39ms
36ms Script
application/x-javascript 2600:1408:ac00:18d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RCac955f2e1e97429197e1e31aaec22e86-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:18d::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 7c951a4408b8eb47ecea22bc965c50addb9e027eed0d48b1248869d967967ceb

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:40 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 684
expires: Wed, 24 Jul 2024 12:24:40 GMT

GET
H2 200 RC41e16e9b16d1408cbf43b5b2e7378738-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 9 KB
2 KB 34ms
32ms Script
application/x-javascript 2600:1408:ac00:18d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC41e16e9b16d1408cbf43b5b2e7378738-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:18d::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 9e127a551b1d872db037fb1c551f032ffb34217f160a6906918f720cae169575

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:40 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 1845
expires: Wed, 24 Jul 2024 12:24:40 GMT

GET
H2 200 RC448863e9e05a4b4880daa4a5fb7da328-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 358 B
485 B 34ms
32ms Script
application/x-javascript 2600:1408:ac00:18d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC448863e9e05a4b4880daa4a5fb7da328-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:18d::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: c800888331e0e31f317acc8de442b6a71340d4f0d4f3db9dbb7f8e4b3172e84e

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:40 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 228
expires: Wed, 24 Jul 2024 12:24:40 GMT

GET
H2 200 RCa4add8b607f6404fbd2aba7ee4b9abad-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 703 B
684 B 34ms
32ms Script
application/x-javascript 2600:1408:ac00:18d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RCa4add8b607f6404fbd2aba7ee4b9abad-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:18d::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: a98a9441db98144c6e8c4ab37c72e26786065a15dfb36a9231be938f76984c4f

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:40 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 426
expires: Wed, 24 Jul 2024 12:24:40 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 354 KB
117 KB 83ms
34ms Script
application/javascript 2607:f8b0:400d:c04::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-748285774&l=dataLayer

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c04::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

fb7dc3ea8555f2488b696c5f70ba3dc95a7c79a8d41ad82d645e248219764d4f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:40 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 119038
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 24 Jul 2024 11:24:40 GMT

GET
H2 200 RC06cd6a06a307489f80febc787462cb12-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 635 B
642 B 25ms
24ms Script
application/x-javascript 2600:1408:ac00:18d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC06cd6a06a307489f80febc787462cb12-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:18d::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 0b2969b20d4b33763f23481f2dc0f0626a93fdd567798412bf891890047398a3

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:40 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 384
expires: Wed, 24 Jul 2024 12:24:40 GMT

GET
H2 200 www.fortinet.com.json Show response
script.crazyegg.com/pages/data-scripts/0117/0786/site/ 1 KB
746 B 39ms
18ms XHR
application/json 2606:4700::6813:9308
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0117/0786/site/www.fortinet.com.json?t=1
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0117/0786.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6813:9308 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 6741b10dd5b1580642a0aa204377a8fb50c2dd86c38fd4cd07e2319eefaa93d7

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:40 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 97028
ce-version: 11.5.248
content-length: 474
last-modified: Tue, 23 Jul 2024 08:27:32 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8a838b942d6b8c29-EWR

GET
H/1.1 200
OK unifiedPixel Show response
tr.outbrain.com/ 53 B
321 B 32ms
10ms Fetch
image/gif 70.42.32.191
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.outbrain.com/unifiedPixel?au=false&bust=0945108262089448&referrer=&cht=ot&marketerId=00ad3119690e692fd6990245f9741ea8f1&name=PAGE_VIEW&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&g=0&obApiVersion=1.1&obtpVersion=2.0.5

Requested by

Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

70.42.32.191 , United States, ASN22075 (AS-OUTBRAIN, US),

Reverse DNS

ny.outbrain.com

Software

Resource Hash

b51f3497b0a65f1e1e87e75f5e7e823d871c23bcf76a5ee4101783c8f939e553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:40 GMT
cache-control: no-cache
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-traceid: e15335d76231681060885569097b28c2
content-length: 54
content-type: image/gif;

GET
H/1.1 200
OK cachedClickId Show response
tr.outbrain.com/ 35 B
293 B 33ms
12ms Script
application/javascript 70.42.32.191
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.outbrain.com/cachedClickId?marketerId=00ad3119690e692fd6990245f9741ea8f1

Requested by

Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

70.42.32.191 , United States, ASN22075 (AS-OUTBRAIN, US),

Reverse DNS

ny.outbrain.com

Software

Resource Hash

1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:40 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-traceid: f1b64b9160979ff8b47cc0ab268881cd
content-length: 39
content-type: application/javascript

GET
H/1.1 200
OK 00ad3119690e692fd6990245f9741ea8f1 Show response
wave.outbrain.com/mtWavesBundler/handler/ 2 B
516 B 51ms
19ms Script
text/html 23.220.137.92
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://wave.outbrain.com/mtWavesBundler/handler/00ad3119690e692fd6990245f9741ea8f1

Requested by

Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.220.137.92 Ashburn, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-220-137-92.deploy.static.akamaitechnologies.com

Software

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
Content-Encoding: gzip
Date: Wed, 24 Jul 2024 11:24:41 GMT
ob-sent-time: 1721779125759
ETag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
X-RG: NA
Cache-Control: max-age=60
X-CC: US
Connection: keep-alive
x-traceid: 21b9ca85ac27edf64db310ca0e91a4f2
Content-Length: 22
Expires: Wed, 24 Jul 2024 11:25:41 GMT

GET
H/1.1 200
OK topics Show response
amplify.outbrain.com/ 26 B
301 B 44ms
15ms Fetch
text/html 23.220.137.92
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://amplify.outbrain.com/topics
Requested by: Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.220.137.92 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-220-137-92.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6d0291f90718dc0537f65dc6a4f68d8e75f0a8a3a0b62836d9cf41350ecaf552

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Wed, 24 Jul 2024 11:24:41 GMT
Observe-Browsing-Topics: ?1
Content-Type: text/html
Access-Control-Allow-Origin: *
X-RG: NA
Cache-Control: max-age=1200
X-CC: US
Connection: keep-alive
Content-Length: 26
Expires: Wed, 24 Jul 2024 11:44:41 GMT

GET
H2 200 / Show response
c.6sc.co/ 7 B
194 B 51ms
50ms XHR
text/html 23.205.106.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.205.106.73 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-205-106-73.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:41 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.fortinet.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 37 B
340 B 49ms
17ms XHR
text/html 2600:1408:c400:d::17cd:6a49
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:c400:d::17cd:6a49 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 9f7e8efcad54b71ba7ccf628c8320aa95737826add8726460426d4ce60fa9b23

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:24:41 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: 2a0d:5600:24:1500:1011:48fb:1b4a:bfd0
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1721820280990_400219721_609953929_22_1149_13_19_219";dur=1
content-length: 37
expires: Wed, 24 Jul 2024 11:24:41 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 51ms
50ms Image
image/gif 23.205.106.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=fec23e70-9c47-477e-89fc-de27dd2bf2a4&session=50ddd5e0-dcdf-4684-88c9-1304543638d2&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A24%3A40%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20observed%20a%20stealer%20campaign%20spreading%20multiple%20files%20that%20exploit%20CVE-2024-21412%20to%20download%20malicious%20executable%20files.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&pageViewId=c13dce9f-2184-4daf-83d3-84f07ef8eaa5&v=1.1.22

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.106.73 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-205-106-73.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:24:41 GMT
x-content-type-options: nosniff
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Jul 2024 11:24:41 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 60ms
60ms Image
image/gif 23.205.106.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=fec23e70-9c47-477e-89fc-de27dd2bf2a4&session=50ddd5e0-dcdf-4684-88c9-1304543638d2&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2011%3A24%3A40%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%225eeecf22b2d12a77a14639dce97b7a36%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2011%3A24%3A40%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2011%3A24%3A40%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2011%3A24%3A40%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%227381d1d7c753fe2d8e217c3fdc44c0f17418dcc4%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2011%3A24%3A40%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20observed%20a%20stealer%20campaign%20spreading%20multiple%20files%20that%20exploit%20CVE-2024-21412%20to%20download%20malicious%20executable%20files.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&pageViewId=c13dce9f-2184-4daf-83d3-84f07ef8eaa5&v=1.1.22

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.106.73 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-205-106-73.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:24:41 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Jul 2024 11:24:41 GMT

GET
H2 200 17532650.js Show response
bat.bing.com/p/action/ 334 B
407 B 24ms
23ms Script
application/javascript 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/17532650.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

0170197caffee3d73fe659b2b65d4c50b88310d98752d7dba0e7988e7dfe4376

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
date: Wed, 24 Jul 2024 11:24:40 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4BA34FDDE0824EAAB39F6CB0A63CEA05 Ref B: EWR30EDGE1112 Ref C: 2024-07-24T11:24:41Z
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
cache-control: private,max-age=1800

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 20ms
20ms Image
image/gif 23.205.106.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=fec23e70-9c47-477e-89fc-de27dd2bf2a4&session=50ddd5e0-dcdf-4684-88c9-1304543638d2&event=ipv6&q=%7B%22address%22%3A%222a0d%3A5600%3A24%3A1500%3A1011%3A48fb%3A1b4a%3Abfd0%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20observed%20a%20stealer%20campaign%20spreading%20multiple%20files%20that%20exploit%20CVE-2024-21412%20to%20download%20malicious%20executable%20files.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&pageViewId=c13dce9f-2184-4daf-83d3-84f07ef8eaa5&ipv6=2a0d%3A5600%3A24%3A1500%3A1011%3A48fb%3A1b4a%3Abfd0&v=1.1.22

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.106.73 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-205-106-73.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:24:41 GMT
x-content-type-options: nosniff
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Jul 2024 11:24:41 GMT

GET
H2 204 0
bat.bing.com/action/ 0
360 B 22ms
22ms Image
text/plain 2620:1ec:c11::237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=17532650&tm=al001&Ver=2&mid=10b91642-5b44-480c-b39a-695fcae75c77&sid=51aef5c049af11efbc5f1179ae720f88&vid=51aed79049af11ef91fe0b9b6eae510c&vids=1&msclkid=N&pi=918639831&lg=en-US&sw=1600&sh=1200&sc=24&tl=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&p=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&r=&lt=345&pt=1721820279887,,,,,0,84,84,84,118,98,118,147,164,153,337,337,345,,,&pn=0,0&evt=pageLoad&sv=1&cdb=AQET&rn=873774

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 24 Jul 2024 11:24:40 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9D470CF6C6DB48169C599F774A9371E1 Ref B: EWR30EDGE1112 Ref C: 2024-07-24T11:24:41Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 api.min.css
a.omappapi.com/app/js/ 10 KB
3 KB 77ms
24ms Stylesheet
text/css 169.150.236.105
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.css
Requested by: Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 169.150.236.105 Chicago, United States, ASN60068 (CDN77 _, GB),
Reverse DNS: 169-150-236-105.bunnyinfra.net
Software: BunnyCDN-IL1-1207 /
Resource Hash: d97ea24841d9881b6b38caf9174e468db2c6a133cc325320d5720b0783a37d06

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:41 GMT
content-encoding: br
cdn-edgestorageid: 1070
perma-cache: HIT
cdn-storageserver: NY-346
cdn-cachedat: 07/22/2024 20:03:24
cdn-pullzone: 293267
last-modified: Wed, 10 Jul 2024 18:34:15 GMT
server: BunnyCDN-IL1-1207
cdn-fileserver: 388
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"668ed427-2644"
vary: Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 3ccb79846df48d94bfd98360297eb001
cdn-requestcountrycode: US
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 401 39852 Show response
api.omappapi.com/v2/embed/ 165 B
592 B 49ms
26ms XHR
application/json 2606:4700:3108::ac42:2908
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v2/embed/39852?d=fortinet.com
Requested by: Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:3108::ac42:2908 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b934ce9883949e7bceb88fa78a354125eefc85715f7e54da8ff529c94ebab0fe

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:41 GMT
via: 1.1 2c8fc98e914dd92124c9f02bae44cffc.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
x-cache-config: 0 0
x-amz-cf-pop: JFK52-P4
x-cache: Error from cloudfront
content-length: 165
x-user-agent: standard--
server: cloudflare
vary: Accept-Encoding, User-Agent
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=120, stale-while-revalidate=1800
cf-ray: 8a838b94d8115e74-EWR
access-control-allow-headers: X-CSRF-Token
x-amz-cf-id: 9TZalkKtxUNEWvSmetRsvwT-HgggLgKIz5c0W2YpRvE8QlVncBgKEA==
expires: Wed, 24 Jul 2024 11:25:06 GMT

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 63ms
40ms Script
text/javascript 2606:4700:4400::ac40:973c
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trk.techtarget.com/tracking.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:4400::ac40:973c , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:41 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
age: 37697
server: cloudflare
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=1200
cf-ray: 8a838b94dd5642c4-EWR
expires: Wed, 24 Jul 2024 11:44:41 GMT

GET
H/1.1 200
OK tag.js Show response
abm-tracking.demandscience.com/ 2 KB
2 KB 278ms
79ms Script
application/javascript 52.32.164.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://abm-tracking.demandscience.com/tag.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.32.164.86 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-32-164-86.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: 701769ec99138974c12369fd4acf65a7f99e9a1becbab1e16a89be9859aafc9f

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Wed, 24 Jul 2024 11:24:41 GMT
Last-Modified: Thu, 09 May 2024 12:00:49 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"82b-18f5d3a3d78"
Content-Type: application/javascript; charset=UTF-8
Cache-Control: public, max-age=0
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2091

GET
H2 200 wid.tracker.js Show response
tmp.argusplatform.com/js/ 8 KB
3 KB 181ms
86ms Script
text/javascript 2620:1ec:bdf::38
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://tmp.argusplatform.com/js/wid.tracker.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:bdf::38 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

b697c4c8e7c22fa7e18ccef66c1bda6610f19ec8c7d1c60fb3696db54ea5362e

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preloadmax-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:41 GMT
content-encoding: br
referrer-policy: same-origin
strict-transport-security: max-age=10886400; includeSubDomains; preloadmax-age=31536000
last-modified: Sat, 08 Jun 2024 11:51:22 GMT
x-content-type-options: nosniff
etag: "28476869"
vary: Accept-Encoding
x-dns-prefetch-control: off
content-type: text/javascript
x-azure-ref: 20240724T112441Z-15b94bb6ff9kfp8j69xge57g30000000019g000000009q2h
x-cache: CONFIG_NOCACHE
cache-control: public, must-revalidate, max-age=30
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK js Show response
pixel.mathtag.com/event/ 161 B
712 B 121ms
28ms Script
text/javascript 216.200.232.249
PAEDAE-INC

General

Check archive.org

Show headers Download Go to

Full URL

https://pixel.mathtag.com/event/js?mt_id=1629896&mt_adid=260855&mt_exem=&mt_excl=&v2=&v3=&s1=&s2=&s3=&v1=en:blog:threat-research:exploiting-cve-2024-21412-stealer-campaign-unleashed

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

216.200.232.249 Frederick, United States, ASN30419 (PAEDAE-INC, US),

Reverse DNS

Software

MT3 1637 26565ec master ord ord-pixel-x58 config_version:"1994" /

Resource Hash

98192c2b3bfd0e66cff07b8ba31ff42de9182144d3e21b9ca258f13da96ee457

Security Headers

Name	Value
Strict-Transport-Security	31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Wed, 24 Jul 2024 11:24:41 GMT
Strict-Transport-Security: 31536000
Referrer-Policy: strict-origin
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: MT3 1637 26565ec master ord ord-pixel-x58 config_version:"1994"
X-Permitted-Cross-Domain-Policies: all
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: text/javascript
Cache-Control: no-cache
Cross-Origin-Resource-Policy: cross-origin
Connection: close
X-XSS-Protection: 0

GET
H/1.1 200
OK footer-links.json Show response
www.fortinet.com/content/dam/fortinet-blog/ 310 KB
36 KB 20ms
19ms XHR
application/json 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/footer-links.json

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.ba4f082a77dabb2c6baf715d9eb61c22.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

9c2bfadf1fe546bd3872bf81e8477e95faff0104f3b9b888bc47cff4ffe88a36

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 19:13:24 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Encoding: gzip
Via: 1.1 3200e279ff99ad1800a0dd3b3c8e2d10.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
X-Vhost: publish
X-Cache: Hit from cloudfront
Age: 493173
Connection: keep-alive
Content-Length: 35378
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 18:24:37 GMT
Server: Apache
ETag: "4d8dc-61d89b0f78340-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/json
Accept-Ranges: bytes
X-Amz-Cf-Id: WL_7WrrtuORM-W6zOszeByQzOzHKxHLlpkmNQQ_Kn9l0Mh5cvmLB_Q==

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 245 KB
87 KB 54ms
52ms Script
application/javascript 2607:f8b0:400d:c04::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-662878185&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-748285774&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c04::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5b23324492a0308ac4c5d96449b84639ebf90d86c1147ac4fb1b5baf3e3fc9cc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 88545
x-xss-protection: 0
last-modified: Wed, 24 Jul 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 24 Jul 2024 11:24:41 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 210 KB
76 KB 29ms
28ms Script
application/javascript 2607:f8b0:400d:c04::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-10050195&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-748285774&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c04::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

fd8d593765f949a86a3525533e2a04ac18bbdfea7449ae1ab3b3d1de820b70e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 77294
x-xss-protection: 0
last-modified: Wed, 24 Jul 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 24 Jul 2024 11:24:41 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 226 KB
82 KB 63ms
63ms Script
application/javascript 2607:f8b0:400d:c04::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-609297413&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-748285774&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c04::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

ea4d365b9f9f08d9bf0e54e36b6611e5901ac5f01fd2af09400b094621d3b5da

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 83345
x-xss-protection: 0
last-modified: Wed, 24 Jul 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 24 Jul 2024 11:24:41 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 237 KB
84 KB 38ms
38ms Script
application/javascript 2607:f8b0:400d:c04::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-729495989&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-748285774&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c04::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

88edf61f957a681571c52d533526246ca5543daa5740e917552a13e4942f1308

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 86148
x-xss-protection: 0
last-modified: Wed, 24 Jul 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 24 Jul 2024 11:24:41 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 312 KB
103 KB 52ms
52ms Script
application/javascript 2607:f8b0:400d:c04::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-JH142QCQCJ&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-748285774&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:400d:c04::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

316054bd7517154a5bf1553e544731183aedaa79f9e958315746acc6d4adcee0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 105564
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 24 Jul 2024 11:24:41 GMT

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 755 B
715 B 66ms
36ms XHR
application/json 3.230.242.193
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.230.242.193 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-230-242-193.compute-1.amazonaws.com
Software: nginx /
Resource Hash: 3cbadfa4978733bd5be49491780ee3fdcf1255dcfd09ebbaec113c1ddd256c5c

Request headers

Referer: https://www.fortinet.com/
Authorization: Token 7381d1d7c753fe2d8e217c3fdc44c0f17418dcc4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
X-6s-CustomID: WebTag1.0 5eeecf22b2d12a77a14639dce97b7a36

Response headers

x-trace-id: 1768215762052408908
date: Wed, 24 Jul 2024 11:24:41 GMT
content-encoding: gzip
server: nginx
vary: Origin, Accept-Encoding
content-type: application/json
x-6si-region: us-east-1a
access-control-allow-origin: https://www.fortinet.com
access-control-expose-headers: X-6si-Region
access-control-allow-credentials: true
timing-allow-origin: https://6sense.com, https://www.ssga.com
content-length: 396

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 50ms
17ms Preflight 3.230.242.193
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 3.230.242.193 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-230-242-193.compute-1.amazonaws.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.fortinet.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.fortinet.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
date: Wed, 24 Jul 2024 11:24:41 GMT
server: nginx
timing-allow-origin: https://6sense.com, https://www.ssga.com
x-6si-region: us-east-1a
x-trace-id: 5879782067166893315

GET
H2 200 gif.gif Show response
ibc-flow.techtarget.com/a/ 43 B
441 B 55ms
54ms XHR
image/gif 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1247773&r=1721820281133&ref=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&version=2.4
Requested by: Host: trk.techtarget.com
URL: https://trk.techtarget.com/tracking.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

ibc_rate_tier: 1247773
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:41 GMT
via: 1.1 google
x-guploader-uploadid: AHxI1nMhkOp7E1NHouIItuMW5SijLFEjt6dgCF9uGcI1ZSjsD0hCA9jzEiJffzSod0WCoEhR_eM
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
last-modified: Thu, 08 Dec 2022 21:19:29 GMT
server: nginx/1.20.2
etag: "fc94fb0c3ed8a8f909dbc7630a0987ff"
vary: Origin
x-goog-generation: 1670534369365034
content-type: image/gif
access-control-allow-origin: *
x-goog-hash: crc32c=7uenZA==, md5=/JT7DD7YqPkJ28djCgmH/w==
cache-control: public, max-age=3600
access-control-allow-methods: GET, POST, OPTIONS
x-goog-stored-content-length: 43
accept-ranges: bytes
access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
expires: Wed, 24 Jul 2024 12:24:41 GMT

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 60ms
27ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1247773&r=1721820281133&ref=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://www.fortinet.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 24 Jul 2024 11:24:41 GMT
expires: Wed, 24 Jul 2024 11:24:41 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: AHxI1nOft2dNbwpg1NTZFCl-0868A1QAm1PF4vTMaOUNZE1ERcjrQgEmeFQma11odUyqG01Pur0

GET
H3 200 activity;src=10050195;npa=0;auiddc=1482561396.1721820281;ps=1;pcor=1922920187;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe47h0v9185241837za200zb9123037237;gcd=13l3l3l3l1...
ad.doubleclick.net/ 42 B
65 B 470ms
393ms Image
image/gif 173.194.175.148
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/activity;src=10050195;npa=0;auiddc=1482561396.1721820281;ps=1;pcor=1922920187;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe47h0v9185241837za200zb9123037237;gcd=13l3l3l3l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed?

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

QUIC, , AES_128_GCM

Server

173.194.175.148 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qs-in-f148.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:24:41 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET activity;register_conversion=1;src=10050195;npa=0;auiddc=1482561396.1721820281;ps=1;pcor=1922920187;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe47h0v9185241837za200zb912...
ad.doubleclick.net/ 0
0

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/729495989/ 3 KB
1 KB 77ms
32ms Script
text/javascript 2607:f8b0:400d:c09::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/729495989/?random=1721820281221&cv=11&fst=1721820281221&bg=ffffff&guid=ON&async=1&gtm=45be47h0za200zb9123037237&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&hn=www.googleadservices.com&frm=0&tiba=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=1482561396.1721820281&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-729495989&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c09::9c Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

68235a6a6a55de123d70e5a958bce1e0a235da8907402de222c4a9f977fb2f49

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:24:41 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1430
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/609297413/ 3 KB
1 KB 50ms
31ms Script
text/javascript 2607:f8b0:400d:c09::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/609297413/?random=1721820281249&cv=11&fst=1721820281249&bg=ffffff&guid=ON&async=1&gtm=45be47h0za200zb9123037237&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&hn=www.googleadservices.com&frm=0&tiba=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=1482561396.1721820281&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-609297413&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c09::9c Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

6edc0141c2b2114c8d5355e76d5829748cc6464629f39fdf8441d94c807c8697

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:24:41 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1429
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/662878185/ 3 KB
1 KB 30ms
30ms Script
text/javascript 2607:f8b0:400d:c09::9c
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/662878185/?random=1721820281281&cv=11&fst=1721820281281&bg=ffffff&guid=ON&async=1&gtm=45be47h0v887005625za200zb9123037237&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&hn=www.googleadservices.com&frm=0&tiba=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=1482561396.1721820281&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-662878185&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c09::9c Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

f84ff677606b9c2087d58724d43388f161349071b79ab1b2a0446043f54aa4c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:24:41 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1436
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
www.google-analytics.com/g/ 0
0 70ms
23ms Fetch
text/plain 2607:f8b0:400d:c07::71
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-JH142QCQCJ&gtm=45je47h0v893708426za200zb9123037237&_p=1721820280916&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=95250753&cid=1797957380.1721820281&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1721820281&sct=1&seg=0&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&dt=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1447&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JH142QCQCJ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2607:f8b0:400d:c07::71 Morganton, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:24:41 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
BLOB 200
OK b7ff917a-f008-4dd0-8d6e-f9f97279b4f3
https://www.fortinet.com/ 43 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: blob:https://www.fortinet.com/b7ff917a-f008-4dd0-8d6e-f9f97279b4f3
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
Protocol: BLOB
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Length: 43
Content-Type: image/gif

GET
H2 401 / Show response
pixels.argusplatform.com/wh/track/ 205 B
467 B 363ms
281ms XHR
application/json 2620:1ec:bdf::38
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://pixels.argusplatform.com/wh/track/?site_id=C6AC00C8269540D0ABFF19F1B5558B6D&visitor_id=1721820281242976641&event_type=page_request&timestamp=1721820281&page_title=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&page_url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&page_url_referer=

Requested by

Host: tmp.argusplatform.com
URL: https://tmp.argusplatform.com/js/wid.tracker.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:bdf::38 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

2ed114345dab0a74e1c81b100e3db108ff86464854f3159d005fac67413454b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 24 Jul 2024 11:24:41 GMT
strict-transport-security: max-age=31536000
request-context: appId=cid-v1:ead16ead-3a47-42dd-aec9-91a1bbb42ff5
x-azure-ref: 20240724T112441Z-15b94bb6ff925b9tx3n1tt3cy40000000230000000000em1
x-cache: CONFIG_NOCACHE
content-type: application/json; charset=utf-8

GET
H3 200 /
www.google.com/pagead/1p-user-list/609297413/ 42 B
64 B 65ms
30ms Image
image/gif 2607:f8b0:4004:c07::69
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/609297413/?random=1721820281249&cv=11&fst=1721818800000&bg=ffffff&guid=ON&async=1&gtm=45be47h0za200zb9123037237&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&hn=www.googleadservices.com&frm=0&tiba=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=1482561396.1721820281&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDaQooLrh-oA3XWAin11LFFcpYrAv9a_t0ksg&random=171101238&rmt_tld=0&ipr=y

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c07::69 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:24:41 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/729495989/ 42 B
64 B 68ms
35ms Image
image/gif 2607:f8b0:4004:c07::69
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/729495989/?random=1721820281221&cv=11&fst=1721818800000&bg=ffffff&guid=ON&async=1&gtm=45be47h0za200zb9123037237&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&hn=www.googleadservices.com&frm=0&tiba=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=1482561396.1721820281&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDaQooL4Lq8zoWJJZf9i2iZBrZRbMVcu01OHw&random=1176418395&rmt_tld=0&ipr=y

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c07::69 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:24:41 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/662878185/ 42 B
64 B 61ms
28ms Image
image/gif 2607:f8b0:4004:c07::69
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/662878185/?random=1721820281281&cv=11&fst=1721818800000&bg=ffffff&guid=ON&async=1&gtm=45be47h0v887005625za200zb9123037237&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&hn=www.googleadservices.com&frm=0&tiba=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=1482561396.1721820281&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDaQooLD4UUSit0c7mDbUTcWZVt-NSr3tgbBQ&random=1311662299&rmt_tld=0&ipr=y

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4004:c07::69 Washington, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:24:41 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fp.min.js Show response
cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/ 33 KB
15 KB 47ms
8ms Script
application/javascript 2a04:4e42:600::485
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js

Requested by

Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a04:4e42:600::485 , United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

99dc3803d1f19c8103f79f834044b2afd4c8af5b7927efbd36b1052d528b40ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 24 Jul 2024 11:24:41 GMT
x-content-type-options: nosniff
content-encoding: br
age: 41539
x-jsd-version: 3.4.2
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 15023
x-served-by: cache-fra-etou8220049-FRA, cache-lga21925-LGA
x-jsd-version-type: version
etag: W/"83f4-k1lBXMQZh0ZUAAhwylRSOHXBLBY"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 site-visitors Show response
intentstream.contanuity.com/api/ 115 B
374 B 80ms
80ms Fetch
application/json 44.226.187.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://intentstream.contanuity.com/api/site-visitors?pageIdentifier=fortinet_2712

Requested by

Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.226.187.177 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-226-187-177.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

930494fef37c0c702073ceeddd12da067bba2824f8eba39e1f9a3c5332bec6b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubdomains

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
x-pixel-auth: true

Response headers

date: Wed, 24 Jul 2024 11:22:19 GMT
strict-transport-security: max-age=15724800; includeSubdomains
server: nginx
vary: origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.fortinet.com
access-control-expose-headers: WWW-Authenticate,Server-Authorization
cache-control: no-cache
accept-ranges: bytes
content-length: 115

OPTIONS
H2 200 site-visitors
intentstream.contanuity.com/api/ Frame 0
0 240ms
76ms Preflight 44.226.187.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://intentstream.contanuity.com/api/site-visitors?pageIdentifier=fortinet_2712

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.226.187.177 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-226-187-177.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: x-pixel-auth
Access-Control-Request-Method: GET
Origin: https://www.fortinet.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Accept,Authorization,Content-Type,If-None-Match,x-pixel-auth
access-control-allow-methods: GET
access-control-allow-origin: https://www.fortinet.com
access-control-expose-headers: WWW-Authenticate,Server-Authorization
access-control-max-age: 86400
cache-control: no-cache
content-length: 0
date: Wed, 24 Jul 2024 11:22:18 GMT
server: nginx
strict-transport-security: max-age=15724800; includeSubdomains

GET
H2 200 s75532175005460
metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.26.0-LDQM/ 43 B
373 B 102ms
18ms Image
image/gif 63.140.39.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.26.0-LDQM/s75532175005460?AQB=1&ndh=1&pf=1&t=24%2F6%2F2024%201%3A24%3A41%203%20600&sdid=7850C3F21F3DA0A7-5FC625E8AFC3F5E0&mid=13195534650829301212659149931131350435&aamlh=7&ce=UTF-8&pageName=en%3Ablog%3Athreat-research%3Aexploiting-cve-2024-21412-stealer-campaign-unleashed&g=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&cc=USD&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&v1=www.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&c7=Entire%20Site&c8=New&v25=13195534650829301212659149931131350435&v27=BLOG&v33=en%3Ablog%3Athreat-research%3Aexploiting-cve-2024-21412-stealer-campaign-unleashed&v35=Enabled&v92=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&v106=New%20York%20City&v107=New%20York&v108=United%20States&v126=NA&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=ED8739F75677FE917F000101%40AdobeOrg&AQE=1

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.39.224 , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ip-63-140-39-224.data.adobedc.net

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:24:41 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Thu, 25 Jul 2024 11:24:41 GMT
server: jag
etag: 3697580898409775104-4618524750550927363
vary: *
p3p: CP="This is not a P3P policy"
access-control-allow-origin: *
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0, no-transform, private
content-length: 43
x-xss-protection: 1; mode=block
expires: Tue, 23 Jul 2024 11:24:41 GMT

GET
H/1.1 200
OK https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed Show response
abm-tracking.demandscience.com/page-tracking/fortinet_2712/ 2 B
665 B 80ms
79ms Script
application/json 52.32.164.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://abm-tracking.demandscience.com/page-tracking/fortinet_2712/https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed?visitorId=406563d9626bcf2fead8b317a0d3497c_1721820281534&&clientId=undefined&&cookieEnabled=true
Requested by: Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.32.164.86 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-32-164-86.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 24 Jul 2024 11:24:41 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Content-Length: 2
Expires: -1

GET
H/1.1 200
OK tracking Show response
tracking.contanuity.com/ 2 B
769 B 246ms
79ms Script
application/json 54.203.236.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.contanuity.com/tracking?visitorId=406563d9626bcf2fead8b317a0d3497c_1721820281534&&clientId=undefined&&cookieEnabled=true
Requested by: Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.203.236.163 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-203-236-163.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 24 Jul 2024 11:24:41 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Content-Length: 2
Expires: -1

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 178 KB
64 KB 30ms
29ms Script
application/javascript 2607:f8b0:400d:c04::61
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-M4NSPPXN

Requested by

Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:400d:c04::61 Morganton, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e74d0c42bd16db8c7c163e06a2f1a18dd2e5bff9b1dfa0884e4510a14d4fa754

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:41 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 65968
x-xss-protection: 0
last-modified: Wed, 24 Jul 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 24 Jul 2024 11:24:41 GMT

GET

usersync
tracking.contanuity.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=406563d9626bcf2fead8b317a0d3497c_1721820281534
https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=406563d9626bcf2fead8b317a0d3497c_1721820281534&_bee_ppp=1
https://tracking.contanuity.com/usersync?bwcookie=AADLx07NQckAABNo_eqvEQ

0
0

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 33ms
33ms Image
image/gif 23.205.106.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=fec23e70-9c47-477e-89fc-de27dd2bf2a4&session=50ddd5e0-dcdf-4684-88c9-1304543638d2&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A24%3A41%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A24%3A40%20GMT%22%2C%22timeSpent%22%3A%221003%22%2C%22totalTimeSpent%22%3A%221003%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20observed%20a%20stealer%20campaign%20spreading%20multiple%20files%20that%20exploit%20CVE-2024-21412%20to%20download%20malicious%20executable%20files.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&pageViewId=c13dce9f-2184-4daf-83d3-84f07ef8eaa5&ipv6=2a0d%3A5600%3A24%3A1500%3A1011%3A48fb%3A1b4a%3Abfd0&v=1.1.22

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.106.73 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-205-106-73.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:24:41 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Jul 2024 11:24:41 GMT

GET
H2 200 RC190d282f2b9c4848b2ea08ca5751fa40-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 2 KB
1013 B 27ms
26ms Script
application/x-javascript 2600:1408:ac00:18d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC190d282f2b9c4848b2ea08ca5751fa40-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:18d::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 37fd820b496a40f0f5783b425ed0c873d7913a576c0f246e869c5a2be58f787e

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:42 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 755
expires: Wed, 24 Jul 2024 12:24:42 GMT

GET
H2 200 RC7be3d22b2fd6487ca9390477738587fe-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 819 B
758 B 25ms
24ms Script
application/x-javascript 2600:1408:ac00:18d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC7be3d22b2fd6487ca9390477738587fe-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:18d::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: c1ccdda10c297d3aeedbe2fa72700c5f49bdf9e102090c2d62775ec3c964e078

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:42 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 501
expires: Wed, 24 Jul 2024 12:24:42 GMT

GET
H2 200 RC407b573180554ea6b11eecdc31ecbd3f-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 819 B
756 B 33ms
32ms Script
application/x-javascript 2600:1408:ac00:18d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC407b573180554ea6b11eecdc31ecbd3f-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:18d::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 985071e89e5076c1b93d2b9ba507a2e890236ef8e3eaea519c7b2bc364cf84df

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:42 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 498
expires: Wed, 24 Jul 2024 12:24:42 GMT

GET
H2 200 RC1d92f04752ae42a38e54de48cb85adf4-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 661 B
649 B 26ms
26ms Script
application/x-javascript 2600:1408:ac00:18d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC1d92f04752ae42a38e54de48cb85adf4-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:18d::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: f41e718277c296a77a6259da8cadd84b5f195d21ea0a6eb36442de9217613c2f

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:42 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 391
expires: Wed, 24 Jul 2024 12:24:42 GMT

GET
H2 200 RCf940460311f349b5af69d075bdef61d4-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 368 B
493 B 53ms
53ms Script
application/x-javascript 2600:1408:ac00:18d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RCf940460311f349b5af69d075bdef61d4-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:18d::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: ec425cce7010294e5d2601a098dabc3e75536351f58e07ada250c8642934fb8d

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:42 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 235
expires: Wed, 24 Jul 2024 12:24:42 GMT

GET
H2 200 RCcb6e8e438d1741e6854bf3a039a2565a-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 754 B
705 B 42ms
42ms Script
application/x-javascript 2600:1408:ac00:18d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RCcb6e8e438d1741e6854bf3a039a2565a-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:18d::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: b5b4fea0f2608d0f0cafdee0e2b00ae659b091c6d18eda7fe291e636ba3f353c

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:42 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 447
expires: Wed, 24 Jul 2024 12:24:42 GMT

GET
H2 200 RCbbd24be21a0f4115a18f29bb3fee2a7a-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 2 KB
971 B 29ms
29ms Script
application/x-javascript 2600:1408:ac00:18d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RCbbd24be21a0f4115a18f29bb3fee2a7a-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:18d::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 4b1dfdf84f81ccef7d37fc96dfd2358c87a40a04b20f063179f2c87fc1d3d382

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:42 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 713
expires: Wed, 24 Jul 2024 12:24:42 GMT

GET
H2 200 RCf5bd1991cad84a7294a7b609189a1fa5-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 1021 B
857 B 25ms
25ms Script
application/x-javascript 2600:1408:ac00:18d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RCf5bd1991cad84a7294a7b609189a1fa5-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:18d::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 59faeec7cd3ce8eba6b26823c7dd41512a380a8c3329aa0ae0270a72f4645d08

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:42 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 600
expires: Wed, 24 Jul 2024 12:24:42 GMT

GET
H2 200 RCcd84e40d19c24776bef77836ab2f8df6-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 819 B
758 B 28ms
27ms Script
application/x-javascript 2600:1408:ac00:18d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RCcd84e40d19c24776bef77836ab2f8df6-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:18d::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 3f57193ed9b7928c36cb710ac6a4af1583023f928914c094db4995420f7e3a54

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:42 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 501
expires: Wed, 24 Jul 2024 12:24:42 GMT

GET
H2 200 RC4daaa3cd330f4ee2934602a98dab7c5f-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 388 B
499 B 25ms
25ms Script
application/x-javascript 2600:1408:ac00:18d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC4daaa3cd330f4ee2934602a98dab7c5f-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:18d::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 09edcbeb6bb1f2361271a99cb3369ee93e55c21a4985d8f5cfed37af10d6729d

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:42 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 242
expires: Wed, 24 Jul 2024 12:24:42 GMT

GET
H2 200 RC17482cd8da9b4802a76d2f1e017d90ab-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 1 KB
779 B 45ms
45ms Script
application/x-javascript 2600:1408:ac00:18d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC17482cd8da9b4802a76d2f1e017d90ab-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:18d::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: fcce7b7353be95b84f177e00cd497eb4e485606e88cf17a5d836ee6c0f1f0f20

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:42 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 522
expires: Wed, 24 Jul 2024 12:24:42 GMT

GET
H2 200 RC5c60a51709a94068afbf065e1448b617-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 664 B
657 B 42ms
42ms Script
application/x-javascript 2600:1408:ac00:18d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC5c60a51709a94068afbf065e1448b617-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:18d::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 262c76a939f7c2d543b0f5669d8958b82954e14e17d79ced7848cd51a36e6b1d

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:42 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 400
expires: Wed, 24 Jul 2024 12:24:42 GMT

GET
H2 200 RC0ba76d5bbb984ea6a79cd6308c48dbff-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 2 KB
981 B 41ms
41ms Script
application/x-javascript 2600:1408:ac00:18d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC0ba76d5bbb984ea6a79cd6308c48dbff-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:18d::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 404669b3d94f951d5e005752766d9f4e60dc4f44c7aeda8b491f204f71b760af

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:42 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 723
expires: Wed, 24 Jul 2024 12:24:42 GMT

GET
H2 200 RC0829ccf7bc5a44478ae2705d4c111c37-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 966 B
809 B 40ms
40ms Script
application/x-javascript 2600:1408:ac00:18d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC0829ccf7bc5a44478ae2705d4c111c37-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2600:1408:ac00:18d::1e80 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash: 3aec02b24881b79afb8d121953096fd5754b07c8d26a295bcd900b0833183933

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:42 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 551
expires: Wed, 24 Jul 2024 12:24:42 GMT

GET
H/1.1 200
OK favicon.ico
www.fortinet.com/etc/designs/fortinet-blog/ 318 B
2 KB 19ms
19ms Other
image/vnd.microsoft.icon 2600:1f18:1492:1702:852f:d87f:6683:b05a
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc/designs/fortinet-blog/favicon.ico

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2600:1f18:1492:1702:852f:d87f:6683:b05a Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Apache /

Resource Hash

d18b3c9feb76c3c1cfdcc51c732f113327e3c33fb3f63b479951f7da6ed1216f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Fri, 12 Jul 2024 21:15:40 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Encoding: gzip
Via: 1.1 3200e279ff99ad1800a0dd3b3c8e2d10.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
X-Vhost: publish
X-Cache: Hit from cloudfront
Age: 1087818
Connection: keep-alive
Content-Length: 133
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 22 Feb 2018 05:17:28 GMT
Server: Apache
ETag: "13e-565c628eb6a00-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: image/vnd.microsoft.icon
Cache-Control: max-age=2000000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: JenpEV726gjFMvNzHfK3_ImwmsShwPTS4cB41sfVb8XeELVmid0Osg==

GET
H/1.1 200
OK spx Show response
dx.mountain.com/ 23 KB
6 KB 104ms
19ms Script
application/javascript 34.238.149.65
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=32336&tdr=&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&cb=49214504206623496term=value
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 34.238.149.65 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-34-238-149-65.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: cb94d22efc4eb96dde627c24f40c34e7f0b2f469b7a7488a5b65f5b293c5442a

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:41 GMT
content-encoding: gzip
server: istio-envoy
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
transfer-encoding: chunked
content-type: application/javascript;charset=utf-8
x-envoy-upstream-service-time: 2
be: spx-prod
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 95ms
24ms Script
application/javascript 146.75.76.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.76.157 Chicago, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:42 GMT
content-encoding: gzip
last-modified: Tue, 26 Mar 2024 20:58:07 GMT
x-amz-server-side-encryption: AES256
etag: "bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15412
x-served-by: cache-iad-kcgs7200117-IAD, cache-chi-kigq8000093-CHI

GET
H2

200

bounce
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/px?id=1773420&t=2
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1773420%26t%3D2

43 B
1 KB

25ms
25ms

Image
image/gif

68.67.160.76
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1773420%26t%3D2

Protocol

Server

68.67.160.76 Colonia, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

678.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:24:42 GMT
an-x-request-uuid: e610c280-1e29-4710-a5ef-98f0a7c7b0e7
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 5.181.234.133; 5.181.234.133; 678.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:24:42 GMT
an-x-request-uuid: ca0d38d3-9122-4e4c-bd86-549b0e0afc71
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1773420%26t%3D2
cache-control: no-store, no-cache, private
x-proxy-origin: 5.181.234.133; 5.181.234.133; 678.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/
Redirect Chain

https://ib.adnxs.com/seg?add=36113683
https://ib.adnxs.com/bounce?%2Fseg%3Fadd%3D36113683

43 B
1 KB

14ms
14ms

Image
image/gif

68.67.160.114
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fseg%3Fadd%3D36113683

Protocol

Server

68.67.160.114 Colonia, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:24:42 GMT
an-x-request-uuid: 9b2d13d0-7b13-49a7-b376-bc4270736ba5
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 5.181.234.133; 5.181.234.133; 672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:24:42 GMT
an-x-request-uuid: ac2ef2cb-9ae7-4427-bd52-3d87e551bcae
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://ib.adnxs.com/bounce?%2Fseg%3Fadd%3D36113683
x-proxy-origin: 5.181.234.133; 5.181.234.133; 672.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 iztag.js Show response
tags.inzynk.io/0ulh3gex/ 21 KB
21 KB 61ms
15ms Script
application/octet-stream 2600:9000:2191:9000:12:dfa9:e200:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.inzynk.io/0ulh3gex/iztag.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2191:9000:12:dfa9:e200:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 178ec5d6c8298d4e308c4b7674042667ecafdbffcb5331b621985a2b11539f0e

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: null
date: Tue, 23 Jul 2024 13:45:55 GMT
via: 1.1 99baebf4b5bb631267dcfa82456151cc.cloudfront.net (CloudFront)
last-modified: Wed, 22 Nov 2023 13:20:07 GMT
server: AmazonS3
x-amz-cf-pop: IAD89-C1
age: 77931
x-amz-server-side-encryption: AES256
etag: "605a29cc08159ad81b95e2ceac549300"
x-cache: Hit from cloudfront
content-type: application/octet-stream
accept-ranges: bytes
content-length: 21193
x-amz-cf-id: Sizl5VhUSEufbmkYlDCRJonHi9me5Z65GKtT2WNJUO3imr8149uYzQ==

GET
H2 200 0ulh3gex Show response
analytics.inzynk.io/collect/ 171 B
436 B 360ms
111ms Script
text/plain 51.21.14.61
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.inzynk.io/collect/0ulh3gex?izcid=&iztid=&u=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&t=Exploiting+CVE-2024-21412%3A+A+Stealer+Campaign+Unleashed+%7C+FortiGuard+Labs&p=%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&d=www.fortinet.com&r=&inzynk_c=
Requested by: Host: tags.inzynk.io
URL: https://tags.inzynk.io/0ulh3gex/iztag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 51.21.14.61 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-51-21-14-61.eu-north-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 62a798301412dc0d4860ddc8f4d62b456eb51bedab0ea333ac30a008cc0a3719

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:42 GMT
server: nginx
content-length: 171
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: text/plain;charset=ISO-8859-1

GET
H2

200

exploiting-cve-2024-21412-stealer-campaign-unleashed;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=9272035833899.52
10104846.fls.doubleclick.net/activityi;dc_pre=CLjGwbLIv4cDFf78_QUdvxMKLQ;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/ Frame A7B0
Redirect Chain

https://10104846.fls.doubleclick.net/activityi;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed;dc_lat=;d...
https://10104846.fls.doubleclick.net/activityi;dc_pre=CLjGwbLIv4cDFf78_QUdvxMKLQ;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-st...

0
0

86ms
85ms

Document
text/html

209.85.201.149
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10104846.fls.doubleclick.net/activityi;dc_pre=CLjGwbLIv4cDFf78_QUdvxMKLQ;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=9272035833899.52?

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

209.85.201.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

qu-in-f149.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 2308
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 24 Jul 2024 11:24:42 GMT
expires: Wed, 24 Jul 2024 11:24:42 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 24 Jul 2024 11:24:42 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://10104846.fls.doubleclick.net/activityi;dc_pre=CLjGwbLIv4cDFf78_QUdvxMKLQ;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=9272035833899.52?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 224 KB
60 KB 51ms
17ms Script
application/x-javascript 2a03:2880:f003:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f003:100:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

eaa003d85cb77f94fcae98396e583ce01d0c375b57235402c884ef8a792b951e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 24 Jul 2024 11:24:42 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58677
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=13, rtx=0, c=12, mss=1328, tbw=2783, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma: public
x-fb-debug: 6T5L8QVRTvls/daOQLNoiKGRYG6qf9yE/osXvILYK9pghuDCV8ZdieA4Qfmszs03hQ/yYNMIb9/T1t4DYW3vWw==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 siteanalyze_6033413.js Show response
siteimproveanalytics.com/js/ 36 KB
12 KB 40ms
20ms Script
application/javascript 2606:4700:3035::6815:3296
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://siteimproveanalytics.com/js/siteanalyze_6033413.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 2606:4700:3035::6815:3296 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e171f597c12bd7813408cabb76395c783e04c8aa8a0a57416a120ac026e5acf5

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:42 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 7YNC0BGZ0BR84DJM
age: 2361
alt-svc: h3=":443"; ma=86400
content-length: 11242
x-amz-id-2: M71Ka/ADdlqlD7+8iH2bcZvNBemHIkoK6laVpg3OiAbOS+L1Txu9xnlljtfYZMkQl+2mv1/2twE=
last-modified: Sat, 29 Jun 2024 00:03:14 GMT
server: cloudflare
etag: "60402ae40e703f919eeaab313f154e6a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=x9YPAlgT3p75gEjEs7I8vBD3rWcYekajyBuVuvB%2BHGOe8EgBOedj%2BbdRUMfwGiBS7u9MnoxnOgfgAsztYt%2F9qvZmaMPaIdGuHXRbUCI53yYg5SoNTFzr1lnfKX0WGzw3IFVkL0POVSQ%2BQ%2FwggrxBKUIDrzfIpUQ%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=86400, no-transform
accept-ranges: bytes
cf-ray: 8a838b9bf887438e-EWR

GET
H2 200 adsct
t.co/i/ 43 B
272 B 90ms
58ms Image
image/gif 72.21.81.130
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=63e9b592-eff4-46a6-b7d7-a68aeffadc4f&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=7be20519-71da-4d07-82fb-39bddb78f9c5&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o6ezf&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.21.81.130 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-response-time: 6
date: Wed, 24 Jul 2024 11:24:41 GMT
strict-transport-security: max-age=0
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 5f90281278f5bea2
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 6e66aa3ba3686d0b4bc7d90d83260c791699e6572009e916ae7ee1727a37d8e3
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
392 B 121ms
40ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=63e9b592-eff4-46a6-b7d7-a68aeffadc4f&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=7be20519-71da-4d07-82fb-39bddb78f9c5&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o6ezf&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-response-time: 6
date: Wed, 24 Jul 2024 11:24:42 GMT
strict-transport-security: max-age=631138519
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 66e84077f1ef46a1
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 47a6c9064a69860ab95e80ba5464dc1f248771ad35e30bd9b316b0052a018f1a
content-length: 43

GET
H2 200 adsct
t.co/i/ 43 B
250 B 167ms
136ms Image
image/gif 72.21.81.130
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=f91fb7e4-3791-456f-a29e-5d52c5f962b2&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=7be20519-71da-4d07-82fb-39bddb78f9c5&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o72wb&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.21.81.130 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-response-time: 83
date: Wed, 24 Jul 2024 11:24:42 GMT
strict-transport-security: max-age=0
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 91acbbd2443ffb57
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 4b04242ed8213a45fbe927f4aea5f7b7e25bc88b0545bd1cb53a31a6be592615
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
213 B 197ms
116ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=f91fb7e4-3791-456f-a29e-5d52c5f962b2&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=7be20519-71da-4d07-82fb-39bddb78f9c5&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o72wb&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-response-time: 83
date: Wed, 24 Jul 2024 11:24:42 GMT
strict-transport-security: max-age=631138519
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 12e105c96a50fad3
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 47a6c9064a69860ab95e80ba5464dc1f248771ad35e30bd9b316b0052a018f1a
content-length: 43

GET
H2 200 adsct
t.co/i/ 43 B
374 B 88ms
58ms Image
image/gif 72.21.81.130
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=9c140518-e672-4408-9141-a2055aa8f595&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=7be20519-71da-4d07-82fb-39bddb78f9c5&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxlzj&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.21.81.130 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-response-time: 5
date: Wed, 24 Jul 2024 11:24:42 GMT
strict-transport-security: max-age=0
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 6bfcfd63a8d06c78
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 04fdb0080720b50db4cea8e25062966ee8b2b3c087b9983b0c518537957c6c95
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
237 B 204ms
123ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=9c140518-e672-4408-9141-a2055aa8f595&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=7be20519-71da-4d07-82fb-39bddb78f9c5&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxlzj&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-response-time: 90
date: Wed, 24 Jul 2024 11:24:41 GMT
strict-transport-security: max-age=631138519
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 1d25b99db8d21c17
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 47a6c9064a69860ab95e80ba5464dc1f248771ad35e30bd9b316b0052a018f1a
content-length: 43

GET
H2 401 / Show response
webtracker.argusplatform.com/wh/track/ 205 B
468 B 520ms
428ms XHR
application/json 2620:1ec:bdf::38
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://webtracker.argusplatform.com/wh/track/?site_id=C6AC00C8269540D0ABFF19F1B5558B6D&visitor_id=1721820281242976641&event_type=page_request&timestamp=1721820282&page_title=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&page_url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&page_url_referer=

Requested by

Host: tmp.argusplatform.com
URL: https://tmp.argusplatform.com/js/wid.tracker.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:bdf::38 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

2ed114345dab0a74e1c81b100e3db108ff86464854f3159d005fac67413454b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 24 Jul 2024 11:24:42 GMT
strict-transport-security: max-age=31536000
request-context: appId=cid-v1:ead16ead-3a47-42dd-aec9-91a1bbb42ff5
x-azure-ref: 20240724T112442Z-15b94bb6ff9hzj67et992uy4mg00000001u000000000472t
x-cache: CONFIG_NOCACHE
content-type: application/json; charset=utf-8

GET
H/1.1 200
OK is Show response
18.210.229.244/ 32 B
437 B 66ms
19ms Fetch
text/plain 18.210.229.244
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://18.210.229.244/is
Requested by: Host: dx.mountain.com
URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=32336&tdr=&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&cb=49214504206623496term=value
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 18.210.229.244 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-210-229-244.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: 1b671759ac5a3aa81647b8a62a4f933800e8f6d2974d59a4eb1398a0363a8c59

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:42 GMT
server: istio-envoy
access-control-allow-methods: GET, POST, OPTIONS
content-type: text/plain;charset=utf-8
access-control-allow-origin: *
x-envoy-upstream-service-time: 2
connection: close
access-control-allow-headers: Accept, Content-Type, x-requested-with, X-Custom-Header
content-length: 32
x-application-context: application:prod:8080

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 1 KB
969 B 62ms
16ms Script
application/javascript 2600:1408:8c00::172e:9631
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1408:8c00::172e:9631 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

89333b6a52d61646b071d1dec1a49c6a5a734096eb5ec9183ef08b42c9cfbe50

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2024 05:21:40 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=65302
accept-ranges: bytes
content-length: 759

GET
H2 200 tag.aspx Show response
ml314.com/ 37 KB
12 KB 63ms
12ms Script
application/javascript 34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/tag.aspx?246
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 773a28cc9ac8062b38482769d1f03d92a6487d5775d439cff1c8b5be61fdd6d7

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:03 GMT
via: 1.1 google
content-encoding: br
age: 39
x-guploader-uploadid: AHxI1nOndHtzmtLuoNU9GMxlGQqEyiwC6_5Bq1-nXFkbkF3MUGbFPpommCXqT2ffkD-At1WnGvI
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12140
last-modified: Wed, 12 Jun 2024 23:47:10 GMT
server: UploadServer
vary: Accept-Encoding
x-goog-generation: 1718236030191817
x-goog-hash: crc32c=jdP4zA==, md5=YRx2m1aKFpugF5vA5Ps9ng==
content-type: application/javascript
cache-id: LGA-12baf686
cache-control: public,max-age=3600
x-cache-hit: hit
x-goog-stored-content-length: 37568
accept-ranges: bytes

GET
H2 200 177020962864941 Show response
connect.facebook.net/signals/config/ 60 KB
12 KB 17ms
15ms Script
application/x-javascript 2a03:2880:f003:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/177020962864941?v=2.9.162&r=stable&domain=www.fortinet.com&hme=e67e7d148043b3a377ad0eb1c82669792a67ba5e3bb5734b69e611ae38f939ca&ex_m=68%2C115%2C102%2C106%2C59%2C3%2C95%2C67%2C15%2C92%2C85%2C49%2C52%2C163%2C166%2C178%2C174%2C175%2C177%2C28%2C96%2C51%2C74%2C176%2C158%2C161%2C171%2C172%2C179%2C124%2C39%2C33%2C136%2C14%2C48%2C184%2C183%2C126%2C17%2C38%2C1%2C41%2C63%2C64%2C65%2C69%2C89%2C16%2C13%2C91%2C88%2C87%2C103%2C50%2C105%2C37%2C104%2C29%2C25%2C159%2C162%2C133%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C55%2C60%2C62%2C72%2C97%2C26%2C73%2C8%2C7%2C77%2C46%2C20%2C99%2C98%2C100%2C93%2C9%2C19%2C18%2C82%2C54%2C80%2C32%2C71%2C0%2C90%2C31%2C79%2C84%2C45%2C44%2C83%2C36%2C4%2C86%2C78%2C42%2C34%2C81%2C2%2C35%2C61%2C40%2C101%2C43%2C76%2C66%2C107%2C58%2C57%2C30%2C94%2C56%2C53%2C47%2C75%2C70%2C23%2C108

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f003:100:face:b00c:0:3 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

8faa00fe604f9f30cef70e7242445d28716037d505d4b46c68768c0a3913068f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 24 Jul 2024 11:24:42 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 12430
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=17, rtx=0, c=63, mss=1328, tbw=64191, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma: public
x-fb-debug: nlf+GzZERIqzEQgKWXWTI/xkX4trVOPVhl7zV7pXXPTHntM24ny36q6GWJxtQxzS7GK4z3wLa+XHwDZnvw8FkQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 image.aspx
6033413.global.siteimproveanalytics.io/ 34 B
149 B 117ms
17ms Image
image/gif 54.156.91.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://6033413.global.siteimproveanalytics.io/image.aspx?url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&title=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&res=1600x1200&accountid=6033413&rt=2429&prev=7d9c561b-8b7b-b617-f509-baf1d49f791a&luid=4c7dfba9-dba3-0e8e-ca15-89f0e756919e&rnd=15126
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.156.91.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-156-91-224.compute-1.amazonaws.com
Software: /
Resource Hash: 1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-type: image/gif
date: Wed, 24 Jul 2024 11:24:42 GMT
cache-control: max-age=0
content-length: 34
expires: Wed, 24 Jul 2024 11:24:42 UTC

GET
H2 200 insight.beta.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 28ms
27ms Script
application/javascript 2600:1408:8c00::172e:9631
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.beta.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2600:1408:8c00::172e:9631 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

6c495fdee8fdedea958291002b9090e57e0ce477feae0ac9034f8b78c34ec65c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:42 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2024 10:02:06 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=64652
accept-ranges: bytes
content-length: 14597

GET
H/1.1 200
OK st Show response
px.mountain.com/ 2 KB
1 KB 333ms
81ms Script
application/javascript 35.81.173.170
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://px.mountain.com/st?ga_tracking_id=G-JH142QCQCJ&ga_client_id=1797957380.1721820281&shpt=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&ga_info=%7B%22status%22%3A%22OK%22%2C%22ga_tracking_id%22%3A%22G-JH142QCQCJ%22%2C%22ga_client_id%22%3A%221797957380.1721820281%22%2C%22shpt%22%3A%22Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs%22%2C%22dcm_cid%22%3A%221721820281.1%22%2C%22mntnis%22%3A%22uJnoBm0HkrVlZLym4gTS0s1DxkaunDlp%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A1%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%7D%7D&dcm_cid=1721820281.1&available_ga=%5B%7B%22id%22%3A%22G-JH142QCQCJ%22%2C%22sess_id%22%3A%221721820281%22%7D%5D&hardcoded_ga=&dxver=4.0.0&shaid=32336&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&cb=49214504206623496term%3Dvalue&shadditional=sh_conversion%3DSHBLOCK%2Cgoogletagmanager%3Dtrue%2Cga4%3Dtrue%2Cmediamath%3Dtrue%2Cappnexus%3Dtrue
Requested by: Host: dx.mountain.com
URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=32336&tdr=&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&cb=49214504206623496term=value
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.81.173.170 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-81-173-170.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: ff91c66e387e186d42e5aac531beb9f91d71d3e83acb52352748c390a262ec7d

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:42 GMT
content-encoding: gzip
server: istio-envoy
transfer-encoding: chunked
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
p3p: CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
x-envoy-upstream-service-time: 0
connection: close

GET
H2 200 utsync.ashx Show response
ml314.com/ 684 B
1 KB 40ms
39ms Script
application/javascript 34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=54820&ct=js&pi=&fp=&clid=&if=0&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&pv=1721820282333_rkmq2bx7z&bl=en-us&cb=418893&return=&ht=&d=&dc=&si=1721820282333_rkmq2bx7z&cid=&s=1600x1200&rp=&v=2.7.3.180
Requested by: Host: ml314.com
URL: https://ml314.com/tag.aspx?246
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 6edb4afac6415be18c1a0269040d4fd9dfdd75e5717cd7ec7ed1a28bf040611d

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:24:42 GMT
via: 1.1 google
server: Google Frontend
content-type: application/javascript
p3p: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: 0

GET
H2 200 /
www.facebook.com/tr/ 0
274 B 48ms
16ms Image
text/plain 2a03:2880:f103:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=177020962864941&ev=PageView&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&rl=&if=false&ts=1721820282343&sw=1600&sh=1200&v=2.9.162&r=stable&ec=0&o=4126&fbp=fb.1.1721820282342.16379307399920540&ler=empty&cdl=API_unavailable&it=1721820282308&coo=false&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f103:181:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=13, rtx=0, c=10, mss=1328, tbw=2831, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 24 Jul 2024 11:24:42 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 185ms
153ms Image
image/png 2a03:2880:f103:181:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=177020962864941&ev=PageView&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&rl=&if=false&ts=1721820282343&sw=1600&sh=1200&v=2.9.162&r=stable&ec=0&o=4126&fbp=fb.1.1721820282342.16379307399920540&ler=empty&cdl=API_unavailable&it=1721820282308&coo=false&rqm=FGET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f103:181:face:b00c:0:25de Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: zstd
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
date: Wed, 24 Jul 2024 11:24:42 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7395161801940031044", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=13, rtx=0, c=14, mss=1328, tbw=3149, tp=-1, tpl=-1, uplat=137, ullat=0
pragma: no-cache
x-fb-debug: FHAmaK326pCWsUosP5ZI2vO5KbqD2Es/X88lcYEP/HgHm+nE/qRnluM0+EbxA2R7epqtRknKiJo3RHEYdOzkuQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7395161801940031044"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
981 B 652ms
628ms XHR
application/json 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=7120%2C2159050&time=1721820282358&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept: *
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

attribution-reporting-register-trigger: {"event_trigger_data":[{"priority":"0","trigger_data":"4"}],"filters":[{"c":["182481196"]},{"c":["141366624"]},{"c":["136362026"]},{"c":["134312916"]},{"c":["134309046"]}],"debug_key":"421988"}
content-encoding: gzip
date: Wed, 24 Jul 2024 11:24:42 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 6383F93D3EF44DF9949B61545C06FF45 Ref B: EWR311000107029 Ref C: 2024-07-24T11:24:42Z
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
x-li-proto: http/2
x-restli-protocol-version: 1.0.0
access-control-allow-headers: *
x-li-uuid: AAYd/IZMluCu7HM+klgNPg==
x-fs-uuid: 00061dfc864c96e0aeec733e92580d3e

GET
H2

200

collect
px4.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050&time=1721820282358&li_adsId=c30761a1-8708-483d-8179-f99ff28c69b4&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexpl...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050&time=1721820282358&li_adsId=c30761a1-8708-483d-8179-f99ff28c69b4&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexpl...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7120%252C2159050%26time%3D1721820282358%26li_adsId%3Dc30761a1-8708-483d-8179-f99f...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050&time=1721820282358&li_adsId=c30761a1-8708-483d-8179-f99ff28c69b4&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexpl...
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050&time=1721820282358&li_adsId=c30761a1-8708-483d-8179-f99ff28c69b4&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexp...

0
488 B

97ms
65ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050&time=1721820282358&li_adsId=c30761a1-8708-483d-8179-f99ff28c69b4&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&cookiesTest=true&liSync=true&e_ipv6=AQL9FlmCfqczVwAAAZDkfH6zerO9FtCayS3excPbhWnHk321URyLB84AHlFZ5Lq0MRGAinrvBEp8M1bFZRdgNJY8X1QyEr4
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:41 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 9DB1BC748F1C474B9BEC7D64C28EC17C Ref B: EWR30EDGE0415 Ref C: 2024-07-24T11:24:42Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lva1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYd/IZPuyti5HIb9bCwnA==

Redirect headers

date: Wed, 24 Jul 2024 11:24:42 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 8B8A4579A0DE43DD886A796FD35164BE Ref B: EWR30EDGE0209 Ref C: 2024-07-24T11:24:42Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
location: https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050&time=1721820282358&li_adsId=c30761a1-8708-483d-8179-f99ff28c69b4&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&cookiesTest=true&liSync=true&e_ipv6=AQL9FlmCfqczVwAAAZDkfH6zerO9FtCayS3excPbhWnHk321URyLB84AHlFZ5Lq0MRGAinrvBEp8M1bFZRdgNJY8X1QyEr4
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYd/IZOze7cJeMydfe6kQ==

GET
H2 200 ibs:dpid=22052&dpuuid=3645797453183057942&redir=
dpm.demdex.net/ 42 B
716 B 19ms
18ms Image
image/gif 54.225.153.114
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3645797453183057942&redir=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.225.153.114 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-225-153-114.compute-1.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

dcs: dcs-prod-va6-1-v062-060746c4e.edge-va6.demdex.com 3 ms
pragma: no-cache
date: Wed, 24 Jul 2024 11:24:42 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: 5ldgjZG/Qdc=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3

200

csync.ashx
ml314.com/
Redirect Chain

https://idsync.rlcdn.com/395886.gif?partner_uid=3645797453183057942
https://idsync.rlcdn.com/1000.gif?memo=CO6UGBIeChoIARCuXxoTMzY0NTc5NzQ1MzE4MzA1Nzk0MhAAGg0I-siDtQYSBQjoBxAAQgBKAA
https://ml314.com/csync.ashx?fp=4007d249a5198f1df7b74a1966ce754c9589a16b74fd4f8ab956143a63cf9c04f4cb09cee1a4f8eb&person_id=3645797453183057942&eid=50082

43 B
56 B

41ms
40ms

Image
image/gif

34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/csync.ashx?fp=4007d249a5198f1df7b74a1966ce754c9589a16b74fd4f8ab956143a63cf9c04f4cb09cee1a4f8eb&person_id=3645797453183057942&eid=50082
Protocol: H3
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Thu, 25 Jul 2024 11:24:42 GMT
date: Wed, 24 Jul 2024 11:24:42 GMT
via: 1.1 google
server: Google Frontend
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/gif

Redirect headers

date: Wed, 24 Jul 2024 11:24:42 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://ml314.com/csync.ashx?fp=4007d249a5198f1df7b74a1966ce754c9589a16b74fd4f8ab956143a63cf9c04f4cb09cee1a4f8eb&person_id=3645797453183057942&eid=50082
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET
H3

200

utsync.ashx
ml314.com/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=d0tro1j&ttd_tpi=1
https://match.adsrvr.org/track/cmb/generic?ttd_pid=d0tro1j&ttd_tpi=1
https://ml314.com/utsync.ashx?eid=53819&et=0&fp=81f62988-9cb0-41a0-a2c2-cd751ac17a62&gdpr=0&gdpr_consent=

43 B
61 B

49ms
49ms

Image
image/gif

34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/utsync.ashx?eid=53819&et=0&fp=81f62988-9cb0-41a0-a2c2-cd751ac17a62&gdpr=0&gdpr_consent=
Protocol: H3
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:24:42 GMT
via: 1.1 google
server: Google Frontend
content-type: image/gif
p3p: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: 0,Thu, 25 Jul 2024 11:24:42 GMT

Redirect headers

location: https://ml314.com/utsync.ashx?eid=53819&et=0&fp=81f62988-9cb0-41a0-a2c2-cd751ac17a62&gdpr=0&gdpr_consent=
date: Wed, 24 Jul 2024 11:24:42 GMT
server: Kestrel
content-length: 241

GET
H3

200

csync.ashx
ml314.com/
Redirect Chain

https://sync.crwdcntrl.net/map/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3645797453183057942
https://sync.crwdcntrl.net/map/ct=y/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3645797453183057942
https://ml314.com/csync.ashx?fp=9e46558a065a895a967a53b234d3be45&eid=50146&person_id=3645797453183057942

43 B
56 B

43ms
42ms

Image
image/gif

34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/csync.ashx?fp=9e46558a065a895a967a53b234d3be45&eid=50146&person_id=3645797453183057942
Protocol: H3
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Thu, 25 Jul 2024 11:24:42 GMT
date: Wed, 24 Jul 2024 11:24:42 GMT
via: 1.1 google
server: Google Frontend
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/gif

Redirect headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:24:42 GMT
server: Jetty(9.4.38.v20210224)
p3p: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
location: https://ml314.com/csync.ashx?fp=9e46558a065a895a967a53b234d3be45&eid=50146&person_id=3645797453183057942
cache-control: no-cache
x-server: 10.40.13.206
content-length: 0
expires: 0

GET
H/1.1

200
OK

match
ps.eyeota.net/
Redirect Chain

https://ps.eyeota.net/pixel?pid=r8hrb20&t=gif
https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif
https://ml314.com/utsync.ashx?eid=50052&et=0&fp=2Yj9uIHGPSteYjikvwlaqYI4qJQKmat5p6UpP9Ufb8TM&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3Dr8hrb20%26uid%3Dnil%26referrer_p...
https://ml314.com/csync.ashx?fp=2Yj9uIHGPSteYjikvwlaqYI4qJQKmat5p6UpP9Ufb8TM&person_id=3645797453183057942&eid=50052&return=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3Dr8hrb20%26uid%3Dnil%26referre...
https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20

70 B
440 B

18ms
18ms

Image
image/gif

18.214.54.215
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20
Protocol: HTTP/1.1
Server: 18.214.54.215 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-214-54-215.compute-1.amazonaws.com
Software: /
Resource Hash: de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif
Date: Wed, 24 Jul 2024 11:24:42 GMT
Content-Length: 70
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

date: Wed, 24 Jul 2024 11:24:42 GMT
via: 1.1 google
server: Google Frontend
content-type: image/gif
location: https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20
x-cloud-trace-context: 9e24c4c01d85aacbd1dcc980096e4cf4
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: Thu, 25 Jul 2024 11:24:42 GMT

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
198 B 33ms
32ms XHR
text/plain 2620:1ec:21::14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 24 Jul 2024 11:24:42 GMT
x-li-pop: afd-prod-lva1-x
x-msedge-ref: Ref A: 0422057ED6BE46A99EBF29DC0DC8C1F6 Ref B: EWR30EDGE0209 Ref C: 2024-07-24T11:24:42Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lva1
access-control-allow-origin: https://www.fortinet.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYd/IZQ2pKSOYemM7dwiw==

GET
H/1.1 200
OK gs Show response
gs.mountain.com/ 144 B
733 B 357ms
82ms Script
application/javascript 35.81.162.201
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://gs.mountain.com/gs
Requested by: Host: px.mountain.com
URL: https://px.mountain.com/st?ga_tracking_id=G-JH142QCQCJ&ga_client_id=1797957380.1721820281&shpt=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&ga_info=%7B%22status%22%3A%22OK%22%2C%22ga_tracking_id%22%3A%22G-JH142QCQCJ%22%2C%22ga_client_id%22%3A%221797957380.1721820281%22%2C%22shpt%22%3A%22Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs%22%2C%22dcm_cid%22%3A%221721820281.1%22%2C%22mntnis%22%3A%22uJnoBm0HkrVlZLym4gTS0s1DxkaunDlp%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A1%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%7D%7D&dcm_cid=1721820281.1&available_ga=%5B%7B%22id%22%3A%22G-JH142QCQCJ%22%2C%22sess_id%22%3A%221721820281%22%7D%5D&hardcoded_ga=&dxver=4.0.0&shaid=32336&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&cb=49214504206623496term%3Dvalue&shadditional=sh_conversion%3DSHBLOCK%2Cgoogletagmanager%3Dtrue%2Cga4%3Dtrue%2Cmediamath%3Dtrue%2Cappnexus%3Dtrue
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.81.162.201 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-81-162-201.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 6235215aeacfc43187d7f3ae5e0f967459db995bd0140f5000bb3b64a8a111eb

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:42 GMT
last-modified: Thu, 01 Jan 1970 00:00:00 GMT
server: istio-envoy
access-control-allow-methods: GET, POST, OPTIONS
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
p3p: CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
cache-control: public, max-age=31536000
x-envoy-upstream-service-time: 1
connection: close
access-control-allow-headers: Accept, Content-Type, x-requested-with, X-Custom-Header
content-length: 144
x-application-context: application:prod:8080

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 17ms
17ms Image
image/gif 23.205.106.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=fec23e70-9c47-477e-89fc-de27dd2bf2a4&session=50ddd5e0-dcdf-4684-88c9-1304543638d2&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A24%3A42%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A24%3A41%20GMT%22%2C%22timeSpent%22%3A%221004%22%2C%22totalTimeSpent%22%3A%222007%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20observed%20a%20stealer%20campaign%20spreading%20multiple%20files%20that%20exploit%20CVE-2024-21412%20to%20download%20malicious%20executable%20files.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&pageViewId=c13dce9f-2184-4daf-83d3-84f07ef8eaa5&ipv6=2a0d%3A5600%3A24%3A1500%3A1011%3A48fb%3A1b4a%3Abfd0&v=1.1.22

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.106.73 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-205-106-73.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:24:42 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 02:04:22 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f03226-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Jul 2024 11:24:42 GMT

GET
H/1.1 200
OK st Show response
px.mountain.com/ 5 KB
2 KB 255ms
102ms Script
application/javascript 35.81.173.170
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://px.mountain.com/st?ga_tracking_id=G-JH142QCQCJ&ga_client_id=1797957380.1721820281&shpt=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&ga_info=%7B%22status%22%3A%22OK%22%2C%22ga_tracking_id%22%3A%22G-JH142QCQCJ%22%2C%22ga_client_id%22%3A%221797957380.1721820281%22%2C%22shpt%22%3A%22Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs%22%2C%22dcm_cid%22%3A%221721820281.1%22%2C%22mntnis%22%3A%22uJnoBm0HkrVlZLym4gTS0s1DxkaunDlp%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A1%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%7D%7D&dcm_cid=1721820281.1&available_ga=%5B%7B%22id%22%3A%22G-JH142QCQCJ%22%2C%22sess_id%22%3A%221721820281%22%7D%5D&hardcoded_ga=&dxver=4.0.0&shaid=32336&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&shadditional=sh_conversion%3DSHBLOCK%2Cgoogletagmanager%3Dtrue%2Cga4%3Dtrue%2Cmediamath%3Dtrue%2Cappnexus%3Dtrue&cb=1721820282617864&shguid=6b60920d-553b-3158-8831-f968df52c75a&shgts=1721820282976
Requested by: Host: px.mountain.com
URL: https://px.mountain.com/st?ga_tracking_id=G-JH142QCQCJ&ga_client_id=1797957380.1721820281&shpt=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&ga_info=%7B%22status%22%3A%22OK%22%2C%22ga_tracking_id%22%3A%22G-JH142QCQCJ%22%2C%22ga_client_id%22%3A%221797957380.1721820281%22%2C%22shpt%22%3A%22Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs%22%2C%22dcm_cid%22%3A%221721820281.1%22%2C%22mntnis%22%3A%22uJnoBm0HkrVlZLym4gTS0s1DxkaunDlp%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A1%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%7D%7D&dcm_cid=1721820281.1&available_ga=%5B%7B%22id%22%3A%22G-JH142QCQCJ%22%2C%22sess_id%22%3A%221721820281%22%7D%5D&hardcoded_ga=&dxver=4.0.0&shaid=32336&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&cb=49214504206623496term%3Dvalue&shadditional=sh_conversion%3DSHBLOCK%2Cgoogletagmanager%3Dtrue%2Cga4%3Dtrue%2Cmediamath%3Dtrue%2Cappnexus%3Dtrue
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 35.81.173.170 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-35-81-173-170.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: 641a876fdc98145f81c16d59529efdfd2e9986ec6d5f70b2d1b1f54483e39842

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:43 GMT
content-encoding: gzip
server: istio-envoy
transfer-encoding: chunked
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
p3p: CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
x-envoy-upstream-service-time: 24
connection: close

GET
H/1.1

200
OK

tdsync
px.steelhousemedia.com/
Redirect Chain

https://match.adsrvr.org/track/cmf/generic?ttd_pid=steelhouse&ttd_tpi=1&ttd_puid=52a11f09-49af-11ef-bcaa-3da86a6f1752&gdpr=&gdpr_consent=
https://px.steelhousemedia.com/tdsync?tdid=81f62988-9cb0-41a0-a2c2-cd751ac17a62&shguid=52a11f09-49af-11ef-bcaa-3da86a6f1752

0
318 B

332ms
87ms

Image
text/plain

54.245.46.233
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.steelhousemedia.com/tdsync?tdid=81f62988-9cb0-41a0-a2c2-cd751ac17a62&shguid=52a11f09-49af-11ef-bcaa-3da86a6f1752
Protocol: HTTP/1.1
Server: 54.245.46.233 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-245-46-233.us-west-2.compute.amazonaws.com
Software: istio-envoy /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:24:43 GMT
server: istio-envoy
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
x-envoy-upstream-service-time: 7
connection: close
access-control-allow-headers: Accept, Content-Type, x-requested-with, X-Custom-Header
content-length: 0

Redirect headers

location: https://px.steelhousemedia.com/tdsync?tdid=81f62988-9cb0-41a0-a2c2-cd751ac17a62&shguid=52a11f09-49af-11ef-bcaa-3da86a6f1752
date: Wed, 24 Jul 2024 11:24:43 GMT
server: Kestrel
content-length: 277

GET

v2
usermatch.krxd.net/um/
Redirect Chain

https://insight.adsrvr.org/track/evnt/?adv=6s0zaeu&ct=0:0bi0elf&fmt=3
https://usermatch.krxd.net/um/v2?partner=ttd&partner_uid=ttd&gdpr=0&gdpr_consent=&ttd_tdid=81f62988-9cb0-41a0-a2c2-cd751ac17a62

0
0

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 20ms
20ms Image
image/gif 23.205.106.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=fec23e70-9c47-477e-89fc-de27dd2bf2a4&session=50ddd5e0-dcdf-4684-88c9-1304543638d2&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A24%3A43%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A24%3A42%20GMT%22%2C%22timeSpent%22%3A%221004%22%2C%22totalTimeSpent%22%3A%223011%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20observed%20a%20stealer%20campaign%20spreading%20multiple%20files%20that%20exploit%20CVE-2024-21412%20to%20download%20malicious%20executable%20files.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&pageViewId=c13dce9f-2184-4daf-83d3-84f07ef8eaa5&ipv6=2a0d%3A5600%3A24%3A1500%3A1011%3A48fb%3A1b4a%3Abfd0&v=1.1.22

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.106.73 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-205-106-73.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:24:43 GMT
x-content-type-options: nosniff
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Jul 2024 11:24:43 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 20ms
20ms Image
image/gif 23.205.106.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=fec23e70-9c47-477e-89fc-de27dd2bf2a4&session=50ddd5e0-dcdf-4684-88c9-1304543638d2&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A24%3A44%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A24%3A43%20GMT%22%2C%22timeSpent%22%3A%221004%22%2C%22totalTimeSpent%22%3A%224015%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20observed%20a%20stealer%20campaign%20spreading%20multiple%20files%20that%20exploit%20CVE-2024-21412%20to%20download%20malicious%20executable%20files.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&pageViewId=c13dce9f-2184-4daf-83d3-84f07ef8eaa5&ipv6=2a0d%3A5600%3A24%3A1500%3A1011%3A48fb%3A1b4a%3Abfd0&v=1.1.22

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.106.73 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-205-106-73.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:24:44 GMT
x-content-type-options: nosniff
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Jul 2024 11:24:44 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 44ms
43ms Image
image/gif 23.205.106.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=fec23e70-9c47-477e-89fc-de27dd2bf2a4&session=50ddd5e0-dcdf-4684-88c9-1304543638d2&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A24%3A45%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A24%3A44%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%225015%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20observed%20a%20stealer%20campaign%20spreading%20multiple%20files%20that%20exploit%20CVE-2024-21412%20to%20download%20malicious%20executable%20files.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&pageViewId=c13dce9f-2184-4daf-83d3-84f07ef8eaa5&ipv6=2a0d%3A5600%3A24%3A1500%3A1011%3A48fb%3A1b4a%3Abfd0&v=1.1.22

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.106.73 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-205-106-73.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:24:46 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 01:45:17 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f02dad-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Jul 2024 11:24:46 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 25ms
25ms Image
image/gif 23.205.106.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=fec23e70-9c47-477e-89fc-de27dd2bf2a4&session=50ddd5e0-dcdf-4684-88c9-1304543638d2&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A24%3A46%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A24%3A45%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%226016%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20observed%20a%20stealer%20campaign%20spreading%20multiple%20files%20that%20exploit%20CVE-2024-21412%20to%20download%20malicious%20executable%20files.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&pageViewId=c13dce9f-2184-4daf-83d3-84f07ef8eaa5&ipv6=2a0d%3A5600%3A24%3A1500%3A1011%3A48fb%3A1b4a%3Abfd0&v=1.1.22

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.106.73 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-205-106-73.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:24:46 GMT
x-content-type-options: nosniff
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Jul 2024 11:24:46 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 18ms
18ms Image
image/gif 23.205.106.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=fec23e70-9c47-477e-89fc-de27dd2bf2a4&session=50ddd5e0-dcdf-4684-88c9-1304543638d2&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A24%3A47%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A24%3A46%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%227016%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20observed%20a%20stealer%20campaign%20spreading%20multiple%20files%20that%20exploit%20CVE-2024-21412%20to%20download%20malicious%20executable%20files.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&pageViewId=c13dce9f-2184-4daf-83d3-84f07ef8eaa5&ipv6=2a0d%3A5600%3A24%3A1500%3A1011%3A48fb%3A1b4a%3Abfd0&v=1.1.22

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.106.73 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-205-106-73.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:24:47 GMT
x-content-type-options: nosniff
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Jul 2024 11:24:47 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 19ms
19ms Image
image/gif 23.205.106.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=fec23e70-9c47-477e-89fc-de27dd2bf2a4&session=50ddd5e0-dcdf-4684-88c9-1304543638d2&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A24%3A48%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A24%3A47%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%228017%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20observed%20a%20stealer%20campaign%20spreading%20multiple%20files%20that%20exploit%20CVE-2024-21412%20to%20download%20malicious%20executable%20files.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&pageViewId=c13dce9f-2184-4daf-83d3-84f07ef8eaa5&ipv6=2a0d%3A5600%3A24%3A1500%3A1011%3A48fb%3A1b4a%3Abfd0&v=1.1.22

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.106.73 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-205-106-73.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:24:48 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Jul 2024 11:24:48 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 34ms
33ms Image
image/gif 23.205.106.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=fec23e70-9c47-477e-89fc-de27dd2bf2a4&session=50ddd5e0-dcdf-4684-88c9-1304543638d2&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A24%3A49%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A24%3A48%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%229017%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20observed%20a%20stealer%20campaign%20spreading%20multiple%20files%20that%20exploit%20CVE-2024-21412%20to%20download%20malicious%20executable%20files.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&pageViewId=c13dce9f-2184-4daf-83d3-84f07ef8eaa5&ipv6=2a0d%3A5600%3A24%3A1500%3A1011%3A48fb%3A1b4a%3Abfd0&v=1.1.22

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.106.73 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-205-106-73.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:24:50 GMT
x-content-type-options: nosniff
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Jul 2024 11:24:50 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 18ms
18ms Image
image/gif 23.205.106.73
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=fec23e70-9c47-477e-89fc-de27dd2bf2a4&session=50ddd5e0-dcdf-4684-88c9-1304543638d2&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A24%3A50%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A24%3A49%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%2210018%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20observed%20a%20stealer%20campaign%20spreading%20multiple%20files%20that%20exploit%20CVE-2024-21412%20to%20download%20malicious%20executable%20files.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&pageViewId=c13dce9f-2184-4daf-83d3-84f07ef8eaa5&ipv6=2a0d%3A5600%3A24%3A1500%3A1011%3A48fb%3A1b4a%3Abfd0&v=1.1.22

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.205.106.73 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-205-106-73.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:24:50 GMT
x-content-type-options: nosniff
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Jul 2024 11:24:50 GMT

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=10050195;npa=0;auiddc=1482561396.1721820281;ps=1;pcor=1922920187;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe47h0v9185241837za200zb9123037237;gcd=13l3l3l3l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed?

Domain: tracking.contanuity.com
URL: https://tracking.contanuity.com/usersync?bwcookie=AADLx07NQckAABNo_eqvEQ

Domain: usermatch.krxd.net
URL: https://usermatch.krxd.net/um/v2?partner=ttd&partner_uid=ttd&gdpr=0&gdpr_consent=&ttd_tdid=81f62988-9cb0-41a0-a2c2-cd751ac17a62

Verdicts & Comments Add Verdict or Comment

150 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

70 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.fortinet.com/	1970-01-21 07:02:36	Name: cookiesession1 Value: 678A3E5D3232CA3FA5E623467B80DEE7
.fortinet.com/	1970-01-21 07:02:36	Name: OptanonConsent Value: isIABGlobal=false&datestamp=Wed+Jul+24+2024+01%3A24%3A40+GMT-1000+(Hawaii-Aleutian+Standard+Time)&version=6.10.0&hosts=&consentId=2b2b5530-8baf-4558-bba1-287074050553&interactionCount=0&landingPath=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&groups=C0001%3A1%2CC0002%3A1%2CC0003%3A1%2CC0004%3A1
.fortinet.com/	1969-12-31 23:59:59	Name: at_check Value: true
.demdex.net/	1970-01-21 02:36:12	Name: demdex Value: 13538561296373683852621395005955410987
.fortinet.com/	1969-12-31 23:59:59	Name: AMCVS_ED8739F75677FE917F000101%40AdobeOrg Value: 1
.fortinet.com/	1970-01-21 07:53:00	Name: mbox Value: session#3fa12b6ddbc446498b8f729307d6a816#1721822141\|PC#3fa12b6ddbc446498b8f729307d6a816.34_0#1785065081
.fortinet.com/	1970-01-20 22:17:02	Name: mboxEdgeCluster Value: 34
www.fortinet.com/	1970-01-21 07:53:00	Name: _gd_visitor Value: fec23e70-9c47-477e-89fc-de27dd2bf2a4
www.fortinet.com/	1970-01-20 22:17:14	Name: _gd_session Value: 50ddd5e0-dcdf-4684-88c9-1304543638d2
www.fortinet.com/	1970-01-20 22:17:00	Name: dicbo_id Value: %7B%22dicbo_fetch%22%3A1721820281004%7D
.fortinet.com/	1970-01-20 22:18:26	Name: _uetsid Value: 51aef5c049af11efbc5f1179ae720f88
.fortinet.com/	1970-01-21 07:38:36	Name: _uetvid Value: 51aed79049af11ef91fe0b9b6eae510c
.bing.com/	1970-01-21 07:38:36	Name: MUID Value: 2C418B6862336B68246C9FAE63516A53
.bat.bing.com/	1970-01-20 22:27:05	Name: MR Value: 0
www.fortinet.com/	1970-01-21 07:53:00	Name: _omappvp Value: MhQ0u7FJpB1pLswSABlruPXC2DChjqqt6DWD1TITCbzCcRTd3NfU0Ol0JWM1Ni7cM6FB6tFiWuKnaCbm8wCDdMIfjtgoqzKb
www.fortinet.com/	1970-01-20 22:17:01	Name: _omappvs Value: 1721820281064
.fortinet.com/	1970-01-21 00:26:36	Name: _gcl_au Value: 1.1.1482561396.1721820281
.techtarget.com/	1970-01-20 22:17:02	Name: __cf_bm Value: wYa1zPj38LUMXeHDw7N6Ud_qJJsNAtbYejbGCn_s9dk-1721820281-1.0.1.1-tuS_ONe0e0F7n.CxilwVpAdC2Ys_QI1tIz2NuCDn0OBWA7w4kT8U0lVbmc2eyGwpmQHHR6A97gHi0UuDnPk3JQ
.dpm.demdex.net/	1970-01-21 02:36:12	Name: dpm Value: 13538561296373683852621395005955410987
.fortinet.com/	1970-01-21 07:53:00	Name: AMCV_ED8739F75677FE917F000101%40AdobeOrg Value: 179643557%7CMCIDTS%7C19929%7CMCMID%7C13195534650829301212659149931131350435%7CMCAAMLH-1722425080%7C7%7CMCAAMB-1722425080%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1721827480s%7CNONE%7CMCSYNCSOP%7C411-19936%7CvVersion%7C5.5.0
.fortinet.com/	1970-01-21 07:53:00	Name: _ga_JH142QCQCJ Value: GS1.1.1721820281.1.0.1721820281.0.0.0
.fortinet.com/	1970-01-21 07:53:00	Name: _ga Value: GA1.1.1797957380.1721820281
.www.fortinet.com/	1970-01-21 07:02:36	Name: WID_VISITOR_ID Value: 1721820281242976641
.fortinet.com/	1970-01-20 22:17:02	Name: gpv_pn Value: www.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed
.fortinet.com/	1970-01-21 00:26:36	Name: s_getNewRepeat Value: 1721820281485-New
.fortinet.com/	1969-12-31 23:59:59	Name: s_cc Value: true
abm-tracking.demandscience.com/	1970-01-21 07:53:00	Name: userId Value: 406563d9626bcf2fead8b317a0d3497c_1721820281534
.doubleclick.net/	1970-01-21 02:36:12	Name: receive-cookie-deprecation Value: 1
tracking.contanuity.com/	1970-01-21 07:53:00	Name: userId Value: 406563d9626bcf2fead8b317a0d3497c_1721820281534
tracking.contanuity.com/	1970-01-21 07:53:00	Name: clientId Value: undefined
.bidr.io/	1970-01-21 07:45:33	Name: bito Value: AADLx07NQckAABNo_eqvEQ
.bidr.io/	1970-01-21 07:45:33	Name: bitoIsSecure Value: ok
www.fortinet.com/	1970-01-20 22:27:05	Name: AWSALB Value: hoMv75zc/KLTEeuooYuZWvon30mlqpupwnCQlDqG0D9j6jD0k7gpnLsQbigOwmzj3hF/6Q+LxUAOiRucVhO3Kzg1xUMc+S9JzUKJQUKQiqX2/IsUdzsn9VQVBDT4zauFZQgAOI3dYRBCk9ebyhwJ/QSNIgzO4K0REscbdu5ZYYsHC9d2yS0xYlfMROfbiUdEoxVf+9I9El+VAjLNDrGkx1N/E6VDrCZ5
www.fortinet.com/	1970-01-20 22:27:05	Name: AWSALBCORS Value: UvWAPHw+9mqKOTSv4ws73twpl+qq/KI9wG+7/IHqZBnYuxnB7VoixiRO5fetxwHMrR2QI8DOHFGamzkszwMf3c+TPb0ZAV9mFNCXY6Y/D8vlT5I1cv60i+Z8IEar0XF9qjzYtDrPfLYnK/JHRQspBSMtHcqplc94sEsMZHVdxxTqdIZFXv5Ji646SNN13iePc0I8GVxg/pYHwKvirbFXwhramoLV0Nah
.adnxs.com/	1970-01-21 07:53:00	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-21 00:26:36	Name: XANDR_PANID Value: qWdhqeRQDJKtfc6LR_R3fmgnYK94nO7ryB1nvN85BHcwUjaaGU1RZB-fk_lhHGOAKaGxrFIdPO6JgZIVCDMrfO57QEkc6v0PYoycWCFs91Q.
.adnxs.com/	1970-01-21 00:26:36	Name: anj Value: dTM7k!M4/8CxrEQF']wIg2IlbDk'^x!@wnf-Te9(>wL5L!!'SJ$ifV6
.adnxs.com/	1970-01-21 00:26:36	Name: uuid2 Value: 4337835083417143809
www.fortinet.com/	1970-01-20 22:18:28	Name: aa_cc Value: US
www.fortinet.com/	1970-01-20 22:18:28	Name: aa_cn Value: United%20States
www.fortinet.com/	1970-01-20 22:18:28	Name: 6scexist Value: true
.fortinet.com/	1970-01-21 07:53:00	Name: nmstat Value: 7d9c561b-8b7b-b617-f509-baf1d49f791a
.fortinet.com/	1970-01-21 00:26:36	Name: _fbp Value: fb.1.1721820282342.16379307399920540
.ml314.com/	1970-01-21 07:02:36	Name: pi Value: 3645797453183057942
.ml314.com/	1970-01-20 22:37:09	Name: tp Value: 4%253B07%252F24%252F2024%2B11%253A24%253A42%253B0
.t.co/	1970-01-21 07:53:00	Name: muc_ads Value: bc0f09c5-9fc9-4873-a387-ea21ac5170ec
.twitter.com/	1970-01-21 07:53:00	Name: personalization_id Value: "v1_47b42iF2ukZ1N4WA0P8q/Q=="
.adsrvr.org/	1970-01-21 07:02:36	Name: TDID Value: 81f62988-9cb0-41a0-a2c2-cd751ac17a62
.linkedin.com/	1970-01-21 00:26:36	Name: li_sugr Value: c712869c-a83a-47d1-8bf5-ad9f7ed82eca
.linkedin.com/	1970-01-21 07:02:36	Name: bcookie Value: "v=2&34373b92-9b67-479c-8c85-7eb310714baf"
.linkedin.com/	1970-01-20 22:18:26	Name: lidc Value: "b=VGST09:s=V:r=V:a=V:p=V:g=2957:u=1:x=1:i=1721820282:t=1721906682:v=2:sig=AQGvbvJcQxe5nUm2LUYZJqzeTN7ghOYd"
.rlcdn.com/	1970-01-21 07:02:36	Name: rlas3 Value: OjkHW32ybnBqYLwbTKwzscfUxcrbE6b5Ob5UeAHiOh0=
.linkedin.com/	1970-01-20 23:00:12	Name: UserMatchHistory Value: AQK5mvQ853QL8QAAAZDkfH5bmRm9ciVE92z_mEKQiaprIW5C2TsjX_6VKI3Fy06dpNdnC5YhgzTviQ
.linkedin.com/	1970-01-20 23:00:12	Name: AnalyticsSyncHistory Value: AQIz-ZAySwdUcQAAAZDkfH5cB2F7pnFG-9eWlDx3BHoBJJcgRW9FVtHT6JGVwa4Enm3q3H_etYcdOfgGZqon3w
.eyeota.net/	1970-01-21 07:02:36	Name: mako_uid Value: 190e47c7e7b-12a0000010a5fa8
.eyeota.net/	1970-01-20 22:17:00	Name: SERVERID Value: 24488~DM
.rlcdn.com/	1970-01-20 23:43:24	Name: pxrc Value: CPrIg7UGEgUI6AcQABIFCNtOEAA=
.crwdcntrl.net/	1970-01-21 04:45:47	Name: _cc_dc Value: 0
.crwdcntrl.net/	1970-01-21 04:45:47	Name: _cc_id Value: 9e46558a065a895a967a53b234d3be45
.ml314.com/	1970-01-20 22:17:00	Name: u Value: aHR0cHM6Ly93d3cuZm9ydGluZXQuY29tLw%3D%3D
.www.linkedin.com/	1970-01-21 07:02:36	Name: bscookie Value: "v=1&202407241124421debd609-7423-4aa9-80d1-e859d1d22ddeAQGfDG74SNsyWWefNC130467ORTt0v-2"
.inzynk.io/	1970-01-21 07:02:36	Name: iztid Value: 1721820290862
www.fortinet.com/	1970-01-21 07:02:36	Name: izcid Value: 1721820283644
www.fortinet.com/	1970-01-21 07:02:36	Name: iztid Value: 1721820290862
.mountain.com/	1970-01-21 07:02:36	Name: guid Value: 52a11f09-49af-11ef-bcaa-3da86a6f1752
.doubleclick.net/	1970-01-21 07:53:00	Name: IDE Value: AHWqTUkdv5zTkh38aOjyr40YpfnDksPip6iagkny8NACHHnyHaT5dO_CUozD9W_XUeQ
.doubleclick.net/	1970-01-20 23:00:12	Name: ar_debug Value: 1
.px.mountain.com/	1970-01-21 07:02:36	Name: tt Value: "H4sIAAAAAAAAAKtW8guKNzYyNjaLNzK3NFayMtBRgnItjC2UrAzNjQwtjAyAHCNDYx2lMiUrIx0kLWA1BrUAj7bP+kYAAAA="
.mountain.com/	1970-01-21 07:02:36	Name: rt Value: "MzIzMzY6MTcyMTgyMDI4Mw=="
.adsrvr.org/	1970-01-21 07:02:36	Name: TDCPM Value: CAESFgoHZDB0cm8xahILCKq4tPCn95U9EAUSEwoEa3J1eBILCLau6pjuxIo9EAUYBSgBMgsIpIfDpb73lT0QBUIVIhMIARIPCgtOTyBUcnVPcHRpaxABWgc2czB6YWV1YAFyBGtydXg.

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://api.omappapi.com/v2/embed/39852?d=fortinet.com Message: Failed to load resource: the server responded with a status of 401 ()
network	error	URL: https://pixels.argusplatform.com/wh/track/?site_id=C6AC00C8269540D0ABFF19F1B5558B6D&visitor_id=1721820281242976641&event_type=page_request&timestamp=1721820281&page_title=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&page_url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&page_url_referer= Message: Failed to load resource: the server responded with a status of 401 ()
network	error	URL: https://webtracker.argusplatform.com/wh/track/?site_id=C6AC00C8269540D0ABFF19F1B5558B6D&visitor_id=1721820281242976641&event_type=page_request&timestamp=1721820282&page_title=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&page_url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&page_url_referer= Message: Failed to load resource: the server responded with a status of 401 ()
network	error	URL: https://usermatch.krxd.net/um/v2?partner=ttd&partner_uid=ttd&gdpr=0&gdpr_consent=&ttd_tdid=81f62988-9cb0-41a0-a2c2-cd751ac17a62 Message: Failed to load resource: net::ERR_NAME_NOT_RESOLVED

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10104846.fls.doubleclick.net
6033413.global.siteimproveanalytics.io
a.omappapi.com
a.opmnstr.com
abm-tracking.demandscience.com
ad.doubleclick.net
amplify.outbrain.com
analytics.inzynk.io
analytics.twitter.com
api.omappapi.com
assets.adobedtm.com
b.6sc.co
bat.bing.com
c.6sc.co
cdn.cookielaw.org
cdn.jsdelivr.net
cm.everesttech.net
connect.facebook.net
dpm.demdex.net
dx.mountain.com
epsilon.6sense.com
fortinet.demdex.net
fortinet.tt.omtrdc.net
geolocation.onetrust.com
googleads.g.doubleclick.net
gs.mountain.com
ib.adnxs.com
ibc-flow.techtarget.com
idsync.rlcdn.com
intentstream.contanuity.com
ipv6.6sc.co
j.6sc.co
match.adsrvr.org
metrics.fortinet.com
ml314.com
pixel.mathtag.com
pixels.argusplatform.com
ps.eyeota.net
px.ads.linkedin.com
px.mountain.com
px.steelhousemedia.com
px4.ads.linkedin.com
script.crazyegg.com
secure.adnxs.com
siteimproveanalytics.com
snap.licdn.com
static.ads-twitter.com
sync.crwdcntrl.net
t.co
tags.inzynk.io
tmp.argusplatform.com
tr.outbrain.com
tracking.contanuity.com
trk.techtarget.com
usermatch.krxd.net
wave.outbrain.com
webtracker.argusplatform.com
www.facebook.com
www.fortinet.com
www.google-analytics.com
www.google.com
www.googletagmanager.com
www.linkedin.com
ad.doubleclick.net
tracking.contanuity.com
usermatch.krxd.net
104.244.42.131
13.107.42.14
146.75.76.157
169.150.236.105
173.194.175.148
18.210.229.244
18.214.54.215
209.85.201.149
216.200.232.249
23.205.106.73
23.220.137.92
2600:1408:8c00::172e:9631
2600:1408:ac00:18d::1e80
2600:1408:c400:d::17cd:6a49
2600:1f18:1492:1702:852f:d87f:6683:b05a
2600:9000:2191:9000:12:dfa9:e200:93a1
2606:4700:3035::6815:3296
2606:4700:3108::ac42:2908
2606:4700:4400::6812:2089
2606:4700:4400::ac40:973c
2606:4700::6813:9308
2606:4700::6813:b234
2607:f8b0:4004:c07::69
2607:f8b0:400d:c04::61
2607:f8b0:400d:c07::71
2607:f8b0:400d:c09::9c
2620:1ec:21::14
2620:1ec:bdf::38
2620:1ec:c11::237
2a03:2880:f003:100:face:b00c:0:3
2a03:2880:f103:181:face:b00c:0:25de
2a04:4e42:600::485
3.216.220.116
3.230.242.193
34.111.208.231
34.117.77.79
34.238.149.65
35.244.154.8
35.71.131.137
35.81.162.201
35.81.173.170
44.226.187.177
51.21.14.61
52.32.164.86
52.33.109.89
54.156.91.224
54.203.236.163
54.225.153.114
54.245.46.233
63.140.38.236
63.140.39.224
68.67.160.114
68.67.160.76
70.42.32.191
72.21.81.130
0170197caffee3d73fe659b2b65d4c50b88310d98752d7dba0e7988e7dfe4376
05b1d251b44fdd42bd27a73eb373440c9957297292c3f13a677eb908648486ee
09edcbeb6bb1f2361271a99cb3369ee93e55c21a4985d8f5cfed37af10d6729d
0b2969b20d4b33763f23481f2dc0f0626a93fdd567798412bf891890047398a3
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0e5f18649f61dd74f9caf157048d64c16ceb0fd2e8b54ed9e3c6ff1ebf22bd24
0f03d4ff929986a3cde83681fd2560eae544f7138f59945ec6ec32c17800ca91
114ed516604e98cd030c85d1be345541019326d2f32bb784626fb13ad57f8744
13c309d0ebac3484b78106413ee31f46abfc690429c64ddf6ceb1b1838424ada
178ec5d6c8298d4e308c4b7674042667ecafdbffcb5331b621985a2b11539f0e
1b671759ac5a3aa81647b8a62a4f933800e8f6d2974d59a4eb1398a0363a8c59
1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580
1d7b331a045e0921f57a7aca33a2be27539027cc5b1ded6de5ad38263eddf8a3
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
262c76a939f7c2d543b0f5669d8958b82954e14e17d79ced7848cd51a36e6b1d
2dfe28cbdb83f01c940de6a88ab86200154fd772d568035ac568664e52068363
2ed114345dab0a74e1c81b100e3db108ff86464854f3159d005fac67413454b7
30ddee8ebf0ffd7c415585a9e3a0e8023deb80ed05b857a4427dbb75790c43bd
316054bd7517154a5bf1553e544731183aedaa79f9e958315746acc6d4adcee0
370df1cc8999c1e03fc1c5f7ced35334513d19233d1fc79d2c1c7f711361565d
37fd820b496a40f0f5783b425ed0c873d7913a576c0f246e869c5a2be58f787e
3aec02b24881b79afb8d121953096fd5754b07c8d26a295bcd900b0833183933
3cbadfa4978733bd5be49491780ee3fdcf1255dcfd09ebbaec113c1ddd256c5c
3e63ed3b834f3a6961e1476a3dfadffb78212feac2bf804352a6926091b4c828
3f36cb484213cafc798ef594c00ffdc27156f0106c63b539c3464bae355fb82a
3f57193ed9b7928c36cb710ac6a4af1583023f928914c094db4995420f7e3a54
404669b3d94f951d5e005752766d9f4e60dc4f44c7aeda8b491f204f71b760af
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
480e3b349655b6f17b20ec546c300957cad9ffd98b2d29be29db79422ededc52
4b1dfdf84f81ccef7d37fc96dfd2358c87a40a04b20f063179f2c87fc1d3d382
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
4dba9e54570483a0624219ec53864f468c9cbdf4f9c1f23821e539de7cb0c9fc
59e58524340cd7ad353be010374b124c242fdde10a0ed41047fe2fd4bb9e5a2e
59faeec7cd3ce8eba6b26823c7dd41512a380a8c3329aa0ae0270a72f4645d08
5a777f037e5ea5cabf5e099ed0ad7f8495dc2a9bcbac0987646cce9a4b900db4
5b23324492a0308ac4c5d96449b84639ebf90d86c1147ac4fb1b5baf3e3fc9cc
5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d
6235215aeacfc43187d7f3ae5e0f967459db995bd0140f5000bb3b64a8a111eb
62a798301412dc0d4860ddc8f4d62b456eb51bedab0ea333ac30a008cc0a3719
641a876fdc98145f81c16d59529efdfd2e9986ec6d5f70b2d1b1f54483e39842
663fcd2b41d75e07e72ea2622d80566bcf10f1951f7293217d5fd9c9e3e542d8
6741b10dd5b1580642a0aa204377a8fb50c2dd86c38fd4cd07e2319eefaa93d7
68235a6a6a55de123d70e5a958bce1e0a235da8907402de222c4a9f977fb2f49
6c495fdee8fdedea958291002b9090e57e0ce477feae0ac9034f8b78c34ec65c
6d0291f90718dc0537f65dc6a4f68d8e75f0a8a3a0b62836d9cf41350ecaf552
6edb4afac6415be18c1a0269040d4fd9dfdd75e5717cd7ec7ed1a28bf040611d
6edc0141c2b2114c8d5355e76d5829748cc6464629f39fdf8441d94c807c8697
701769ec99138974c12369fd4acf65a7f99e9a1becbab1e16a89be9859aafc9f
770be267abb4fe287bf67c2fdbdf4f14556632b8e07a6d464e58ca56e3e33474
773a28cc9ac8062b38482769d1f03d92a6487d5775d439cff1c8b5be61fdd6d7
7a23e0e46e16f067271bc79c92a917c13769848457d16cdf109e4dc04c687e8f
7ad0607daba7c0ddecacb3c696099e761076f147549440a7b3c4baa8f67ddaac
7b1e74dd6970b56853dfd79e59ba73315051b0c59a69c6a9fd87e515650fdc80
7c951a4408b8eb47ecea22bc965c50addb9e027eed0d48b1248869d967967ceb
8489534bde4ad3c3cedebecd11b9babe653de6b413922ec2b877c5bfcb33ee3e
855f75e3c59ecf05751e400ad7f8ef021ab050a882b7c4861a187c9475c16dbc
8883bc0b8dd0d8b6e1f37046e643e3487484913aae5fedbb41b9c0c059ecf123
88edf61f957a681571c52d533526246ca5543daa5740e917552a13e4942f1308
89333b6a52d61646b071d1dec1a49c6a5a734096eb5ec9183ef08b42c9cfbe50
895f6b9e5d37c494c7c8ebf30eade521c286b27001d256e3a37f5ac27684a57d
8998282f5a80fff5eaafdbd457dd7a81af0cd7c8696bfe032a6aeef8fe67f99f
8cdca3b36914e8a3f56390da71389944579faaae82704e53bd66f9c0387502f6
8db92e7cdc1ad40168c42e93b05d842e056d8a5b83ae96b95d2b1c546f828196
8faa00fe604f9f30cef70e7242445d28716037d505d4b46c68768c0a3913068f
930494fef37c0c702073ceeddd12da067bba2824f8eba39e1f9a3c5332bec6b6
93f1175b9eb9dcdf7cc89fb8a0049b1734aead76c4e9a71ce2e74c6659dfc7a2
9453297b8c031ffe12f292174750cabd95f6069010d7dfb77e3e840f462706e1
94633716497a85d800b6e573953942c4cfe483c0dbd68fa97fd01dd97ced5d66
98192c2b3bfd0e66cff07b8ba31ff42de9182144d3e21b9ca258f13da96ee457
985071e89e5076c1b93d2b9ba507a2e890236ef8e3eaea519c7b2bc364cf84df
99dc3803d1f19c8103f79f834044b2afd4c8af5b7927efbd36b1052d528b40ae
9b0ef86eb648592e5a9064d8728c0ea793c31ec6549fa93089b4a12bc650a1e7
9c2bfadf1fe546bd3872bf81e8477e95faff0104f3b9b888bc47cff4ffe88a36
9e127a551b1d872db037fb1c551f032ffb34217f160a6906918f720cae169575
9f7e8efcad54b71ba7ccf628c8320aa95737826add8726460426d4ce60fa9b23
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a98a9441db98144c6e8c4ab37c72e26786065a15dfb36a9231be938f76984c4f
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b51f3497b0a65f1e1e87e75f5e7e823d871c23bcf76a5ee4101783c8f939e553
b5b4fea0f2608d0f0cafdee0e2b00ae659b091c6d18eda7fe291e636ba3f353c
b64cae93d3398a9d5da33d3728f714a222df73943f87b81b7f2c49d58e2794ef
b697c4c8e7c22fa7e18ccef66c1bda6610f19ec8c7d1c60fb3696db54ea5362e
b8bd6ae17f88486fa86c4acb7f2190d93bcbdd5e223e55b46273cb0eb0a05878
b90b775b65c2623322caaa52d7acf6af709ca59bdd475a54043b6308d91828c4
b934ce9883949e7bceb88fa78a354125eefc85715f7e54da8ff529c94ebab0fe
b97c99a69a6275c8f90703cd4c0864089a74fd08383a1cc75a8a4d0c2cb60cce
bdfd8a95ffd68d8bc7149ea79a3ca8a1869fe507a42e4f7a368f626843346e89
bec82187bec72da82a4eed1c0c3624ac495ca960b7286da80815db9b5c43777e
bedf62e46e59fa272ad95971fb563c91a33501c2443058083872960861534da7
bf75adb4dce36bece1ce5451a9fb6d4fbd65ee72fc074b55ca676f2d8898da5b
c1ccdda10c297d3aeedbe2fa72700c5f49bdf9e102090c2d62775ec3c964e078
c800888331e0e31f317acc8de442b6a71340d4f0d4f3db9dbb7f8e4b3172e84e
cb94d22efc4eb96dde627c24f40c34e7f0b2f469b7a7488a5b65f5b293c5442a
d18b3c9feb76c3c1cfdcc51c732f113327e3c33fb3f63b479951f7da6ed1216f
d1fe20aff60f91b78aabd65363112fbc84a8e7c8dd0c258bb1aae48cc4e4879c
d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17
d97ea24841d9881b6b38caf9174e468db2c6a133cc325320d5720b0783a37d06
db058d72d7ba8ff6ed7209af23a4458c373cc78f72c81ec1df88bb5de72a0b0b
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98
e0c289faa80333eff728b8bdbbf10b11dec1a6e1938a444e1cc41be6744e96d2
e171f597c12bd7813408cabb76395c783e04c8aa8a0a57416a120ac026e5acf5
e2d910265020b45a6878d4b62b104bc4cfbcf7554e7386d81aef7a0ae208048e
e3a54e557f40c9a8528562f5f9fe39cb3fce5ad1e3f4238ec791c17961645240
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e74d0c42bd16db8c7c163e06a2f1a18dd2e5bff9b1dfa0884e4510a14d4fa754
ea4d365b9f9f08d9bf0e54e36b6611e5901ac5f01fd2af09400b094621d3b5da
eaa003d85cb77f94fcae98396e583ce01d0c375b57235402c884ef8a792b951e
ebd0b0892d3b17adc658369a10ebfe9abcd4883fd08bb047fd66dd459edd4481
ec425cce7010294e5d2601a098dabc3e75536351f58e07ada250c8642934fb8d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f012c00d43164a4de843ae80abefe500f8497e1123d11c965cd3b40600fe9720
f41e718277c296a77a6259da8cadd84b5f195d21ea0a6eb36442de9217613c2f
f84ff677606b9c2087d58724d43388f161349071b79ab1b2a0446043f54aa4c5
f9b2aaabab92d9c63930432351fa3f5aa634fcb5db31b039e23465f8b4bd5a68
fb7dc3ea8555f2488b696c5f70ba3dc95a7c79a8d41ad82d645e248219764d4f
fcce7b7353be95b84f177e00cd497eb4e485606e88cf17a5d836ee6c0f1f0f20
fd8d593765f949a86a3525533e2a04ac18bbdfea7449ae1ab3b3d1de820b70e5
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a
ff91c66e387e186d42e5aac531beb9f91d71d3e83acb52352748c390a262ec7d

www.fortinet.com Open in urlscan Pro 2600:1f18:1492:1702:852f:d87f:6683:b05a Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

166 Requests

92 %HTTPS

38 %IPv6

43 Domains

63 Subdomains

52 IPs

2 Countries

7391 kBTransfer

10869 kBSize

70 Cookies

9 Outgoing links

Redirected requests

166 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 2 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.fortinet.com Open in urlscan Pro
2600:1f18:1492:1702:852f:d87f:6683:b05a Public Scan

Screenshot
Live screenshot

Full Image

166
Requests

92 %
HTTPS

38 %
IPv6

43
Domains

63
Subdomains

52
IPs

2
Countries

7391 kB
Transfer

10869 kB
Size

70
Cookies

166 HTTP transactions
2 data transactions