www.fortinet.com Open in urlscan Pro
44.199.160.6 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
Submission: On July 24 via api (July 24th 2024, 11:33:12 am UTC) from DE — Scanned from CA

Summary HTTP 159 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 48 IPs in 3 countries across 43 domains to perform 159 HTTP transactions. The main IP is 44.199.160.6, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is www.fortinet.com. The Cisco Umbrella rank of the primary domain is 221752.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on July 16th 2024. Valid for: a year.

This is the only time www.fortinet.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
33	44.199.160.6 44.199.160.6	14618 (AMAZON-AES) (AMAZON-AES)
6	104.19.178.52 104.19.178.52	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.64.155.119 172.64.155.119	13335 (CLOUDFLAR...) (CLOUDFLARENET)
22	23.220.136.244 23.220.136.244	16625 (AKAMAI-AS) (AKAMAI-AS)
3	23.23.225.172 23.23.225.172	14618 (AMAZON-AES) (AMAZON-AES)
1	18.213.178.132 18.213.178.132	14618 (AMAZON-AES) (AMAZON-AES)
1 1	52.33.109.89 52.33.109.89	16509 (AMAZON-02) (AMAZON-02)
1	63.140.39.117 63.140.39.117	14618 (AMAZON-AES) (AMAZON-AES)
10	23.212.248.22 23.212.248.22	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	104.19.148.8 104.19.148.8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	23.220.137.92 23.220.137.92	16625 (AKAMAI-AS) (AKAMAI-AS)
2	37.19.207.34 37.19.207.34	60068 (CDN77 _) (CDN77 _)
3	204.79.197.237 204.79.197.237	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
7	172.253.115.97 172.253.115.97	15169 (GOOGLE) (GOOGLE)
1	23.222.79.235 23.222.79.235	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	172.66.42.248 172.66.42.248	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	172.64.151.60 172.64.151.60	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	52.32.164.86 52.32.164.86	16509 (AMAZON-02) (AMAZON-02)
3	13.107.246.40 13.107.246.40	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	216.200.232.253 216.200.232.253	30419 (PAEDAE-INC) (PAEDAE-INC)
2	64.202.112.159 64.202.112.159	22075 (AS-OUTBRAIN) (AS-OUTBRAIN)
2	76.223.9.105 76.223.9.105	16509 (AMAZON-02) (AMAZON-02)
1	34.111.208.231 34.111.208.231	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	172.253.122.149 172.253.122.149	15169 (GOOGLE) (GOOGLE)
3	172.253.122.155 172.253.122.155	15169 (GOOGLE) (GOOGLE)
1	151.101.1.229 151.101.1.229	54113 (FASTLY) (FASTLY)
2	44.226.187.177 44.226.187.177	16509 (AMAZON-02) (AMAZON-02)
1	142.251.179.139 142.251.179.139	15169 (GOOGLE) (GOOGLE)
3	172.253.115.105 172.253.115.105	15169 (GOOGLE) (GOOGLE)
3	172.253.115.94 172.253.115.94	15169 (GOOGLE) (GOOGLE)
1	63.140.38.55 63.140.38.55	14618 (AMAZON-AES) (AMAZON-AES)
1	54.203.236.163 54.203.236.163	16509 (AMAZON-02) (AMAZON-02)
1	52.7.151.245 52.7.151.245	14618 (AMAZON-AES) (AMAZON-AES)
1	146.75.28.157 146.75.28.157	54113 (FASTLY) (FASTLY)
2 4	68.67.160.184 68.67.160.184	29990 (ASN-APPNEX) (ASN-APPNEX)
1	13.249.39.85 13.249.39.85	16509 (AMAZON-02) (AMAZON-02)
1	13.53.113.26 13.53.113.26	16509 (AMAZON-02) (AMAZON-02)
1 2	142.250.31.149 142.250.31.149	15169 (GOOGLE) (GOOGLE)
2	157.240.229.1 157.240.229.1	32934 (FACEBOOK) (FACEBOOK)
1	104.21.50.150 104.21.50.150	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	72.21.81.130 72.21.81.130	15133 (EDGECAST) (EDGECAST)
3	104.244.42.131 104.244.42.131	13414 (TWITTER) (TWITTER)
2	23.218.218.181 23.218.218.181	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1 4	34.117.77.79 34.117.77.79	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	54.156.91.224 54.156.91.224	14618 (AMAZON-AES) (AMAZON-AES)
3 6	13.107.42.14 13.107.42.14	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2 2	35.244.154.8 35.244.154.8	15169 (GOOGLE) (GOOGLE)
2 3	18.214.54.215 18.214.54.215	14618 (AMAZON-AES) (AMAZON-AES)
2	157.240.229.35 157.240.229.35	32934 (FACEBOOK) (FACEBOOK)
159	48

33 44.199.160.6 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-199-160-6.compute-1.amazonaws.com

www.fortinet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 104.19.178.52 (None, )

ASN13335 (CLOUDFLARENET, US)

cdn.cookielaw.org	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.155.119 (None, )

ASN13335 (CLOUDFLARENET, US)

geolocation.onetrust.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

22 23.220.136.244 (Ashburn, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-220-136-244.deploy.static.akamaitechnologies.com

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.23.225.172 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-23-23-225-172.compute-1.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.213.178.132 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-213-178-132.compute-1.amazonaws.com

fortinet.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.33.109.89 (Boardman, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-33-109-89.us-west-2.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.140.39.117 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ip-63-140-39-117.data.adobedc.net

fortinet.tt.omtrdc.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

10 23.212.248.22 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-212-248-22.deploy.static.akamaitechnologies.com

j.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
c.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
b.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 104.19.148.8 (None, )

ASN13335 (CLOUDFLARENET, US)

script.crazyegg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.220.137.92 (Ashburn, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-220-137-92.deploy.static.akamaitechnologies.com

amplify.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
wave.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 37.19.207.34 (Ashburn, United States)

ASN60068 (CDN77 _, GB)
PTR: 37-19-207-34.bunnyinfra.net

a.opmnstr.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
a.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 204.79.197.237 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

7 172.253.115.97 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f97.1e100.net

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 23.222.79.235 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-222-79-235.deploy.static.akamaitechnologies.com

ipv6.6sc.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.66.42.248 (United States)

ASN13335 (CLOUDFLARENET, US)

api.omappapi.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.64.151.60 (San Francisco, United States)

ASN13335 (CLOUDFLARENET, US)

trk.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.32.164.86 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-32-164-86.us-west-2.compute.amazonaws.com

abm-tracking.demandscience.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 13.107.246.40 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

tmp.argusplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
pixels.argusplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
webtracker.argusplatform.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.200.232.253 (Frederick, United States)

ASN30419 (PAEDAE-INC, US)

pixel.mathtag.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 64.202.112.159 (United States)

ASN22075 (AS-OUTBRAIN, US)
PTR: ny.outbrain.com

tr.outbrain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 76.223.9.105 (United States)

ASN16509 (AMAZON-02, US)
PTR: ac3ff6aafb2cddae2.awsglobalaccelerator.com

epsilon.6sense.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.111.208.231 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 231.208.111.34.bc.googleusercontent.com

ibc-flow.techtarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 172.253.122.149 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f149.1e100.net

ad.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.253.122.155 (United States)

ASN15169 (GOOGLE, US)
PTR: bh-in-f155.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.229 (San Francisco, United States)

ASN54113 (FASTLY, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.226.187.177 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-226-187-177.us-west-2.compute.amazonaws.com

intentstream.contanuity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.251.179.139 (Farmingdale, United States)

ASN15169 (GOOGLE, US)
PTR: pd-in-f139.1e100.net

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.253.115.105 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f105.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 172.253.115.94 (United States)

ASN15169 (GOOGLE, US)
PTR: bg-in-f94.1e100.net

www.google.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 63.140.38.55 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ip-63-140-38-55.data.adobedc.net

metrics.fortinet.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.203.236.163 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-203-236-163.us-west-2.compute.amazonaws.com

tracking.contanuity.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.7.151.245 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-7-151-245.compute-1.amazonaws.com

dx.mountain.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.28.157 (Ashburn, United States)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 68.67.160.184 (Colonia, United States) 2 redirects

ASN29990 (ASN-APPNEX, US)
PTR: 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

secure.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ib.adnxs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.249.39.85 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-249-39-85.iad89.r.cloudfront.net

tags.inzynk.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.53.113.26 (Stockholm, Sweden)

ASN16509 (AMAZON-02, US)
PTR: ec2-13-53-113-26.eu-north-1.compute.amazonaws.com

analytics.inzynk.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.31.149 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: bj-in-f149.1e100.net

10104846.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.229.1 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-iad3.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.21.50.150 (None, )

ASN13335 (CLOUDFLARENET, US)

siteimproveanalytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 72.21.81.130 (United States)

ASN15133 (EDGECAST, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 104.244.42.131 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 23.218.218.181 (Ashburn, United States)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-218-218-181.deploy.static.akamaitechnologies.com

snap.licdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 34.117.77.79 (Kansas City, United States) 1 redirects

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 79.77.117.34.bc.googleusercontent.com

ml314.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.156.91.224 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-156-91-224.compute-1.amazonaws.com

6033413.global.siteimproveanalytics.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 13.107.42.14 (United States) 3 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

px.ads.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.linkedin.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 35.244.154.8 (Kansas City, United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: 8.154.244.35.bc.googleusercontent.com

idsync.rlcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 18.214.54.215 (Ashburn, United States) 2 redirects

ASN14618 (AMAZON-AES, US)
PTR: ec2-18-214-54-215.compute-1.amazonaws.com

ps.eyeota.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.229.35 (Ashburn, United States)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-02-iad3.facebook.com

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
34	fortinet.com www.fortinet.com — Cisco Umbrella Rank: 221752 metrics.fortinet.com — Cisco Umbrella Rank: 973993	6 MB
22	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 521	150 KB
11	6sc.co j.6sc.co — Cisco Umbrella Rank: 12402 c.6sc.co — Cisco Umbrella Rank: 16017 ipv6.6sc.co — Cisco Umbrella Rank: 12823 b.6sc.co — Cisco Umbrella Rank: 6896	21 KB
7	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 112	612 KB
6	linkedin.com 3 redirects px.ads.linkedin.com — Cisco Umbrella Rank: 669 www.linkedin.com — Cisco Umbrella Rank: 914	4 KB
6	doubleclick.net 1 redirects ad.doubleclick.net — Cisco Umbrella Rank: 210 googleads.g.doubleclick.net — Cisco Umbrella Rank: 77 10104846.fls.doubleclick.net	5 KB
6	cookielaw.org cdn.cookielaw.org — Cisco Umbrella Rank: 554	127 KB
5	outbrain.com amplify.outbrain.com — Cisco Umbrella Rank: 4363 tr.outbrain.com — Cisco Umbrella Rank: 4248 wave.outbrain.com — Cisco Umbrella Rank: 4246	10 KB
4	ml314.com 1 redirects ml314.com — Cisco Umbrella Rank: 3108	14 KB
4	adnxs.com 2 redirects secure.adnxs.com — Cisco Umbrella Rank: 764 ib.adnxs.com — Cisco Umbrella Rank: 383	4 KB
4	demdex.net dpm.demdex.net — Cisco Umbrella Rank: 319 fortinet.demdex.net	2 KB
3	eyeota.net 2 redirects ps.eyeota.net — Cisco Umbrella Rank: 1596	2 KB
3	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 1356	822 B
3	t.co t.co — Cisco Umbrella Rank: 979	876 B
3	google.ca www.google.ca — Cisco Umbrella Rank: 9677	192 B
3	google.com www.google.com — Cisco Umbrella Rank: 10	192 B
3	contanuity.com intentstream.contanuity.com — Cisco Umbrella Rank: 173029 tracking.contanuity.com — Cisco Umbrella Rank: 44051	1 KB
3	argusplatform.com tmp.argusplatform.com — Cisco Umbrella Rank: 859686 pixels.argusplatform.com — Cisco Umbrella Rank: 956759 webtracker.argusplatform.com	4 KB
3	bing.com bat.bing.com — Cisco Umbrella Rank: 534	15 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 108	3 KB
2	rlcdn.com 2 redirects idsync.rlcdn.com — Cisco Umbrella Rank: 689	834 B
2	licdn.com snap.licdn.com — Cisco Umbrella Rank: 1884	15 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 236	72 KB
2	inzynk.io tags.inzynk.io — Cisco Umbrella Rank: 669379 analytics.inzynk.io — Cisco Umbrella Rank: 434735	22 KB
2	6sense.com epsilon.6sense.com — Cisco Umbrella Rank: 18992	715 B
2	demandscience.com abm-tracking.demandscience.com — Cisco Umbrella Rank: 157542	3 KB
2	techtarget.com trk.techtarget.com — Cisco Umbrella Rank: 66995 ibc-flow.techtarget.com — Cisco Umbrella Rank: 63746 Failed	2 KB
2	omappapi.com a.omappapi.com — Cisco Umbrella Rank: 9699 api.omappapi.com — Cisco Umbrella Rank: 10036	3 KB
2	crazyegg.com script.crazyegg.com — Cisco Umbrella Rank: 4547	3 KB
1	siteimproveanalytics.io 6033413.global.siteimproveanalytics.io — Cisco Umbrella Rank: 847514	149 B
1	siteimproveanalytics.com siteimproveanalytics.com — Cisco Umbrella Rank: 8455	12 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 1253	15 KB
1	mountain.com dx.mountain.com — Cisco Umbrella Rank: 8539 px.mountain.com Failed	6 KB
1	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 104
1	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 410	15 KB
1	mathtag.com pixel.mathtag.com — Cisco Umbrella Rank: 4337	712 B
1	opmnstr.com a.opmnstr.com — Cisco Umbrella Rank: 59906	18 KB
1	omtrdc.net fortinet.tt.omtrdc.net — Cisco Umbrella Rank: 990592	3 KB
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 2184	490 B
1	onetrust.com geolocation.onetrust.com — Cisco Umbrella Rank: 1019	315 B
0	crwdcntrl.net Failed sync.crwdcntrl.net Failed
0	adsrvr.org Failed match.adsrvr.org Failed
0	Failed function sub() { [native code] }. Failed
159	43

	Domain	Requested by
33	www.fortinet.com	www.fortinet.com
22	assets.adobedtm.com	cdn.cookielaw.org assets.adobedtm.com
8	b.6sc.co	www.fortinet.com
7	www.googletagmanager.com	assets.adobedtm.com www.googletagmanager.com abm-tracking.demandscience.com
6	cdn.cookielaw.org	www.fortinet.com cdn.cookielaw.org
5	px.ads.linkedin.com	2 redirects snap.licdn.com
4	ml314.com	1 redirects www.fortinet.com ml314.com
3	ps.eyeota.net	2 redirects
3	analytics.twitter.com
3	t.co
3	www.google.ca	www.fortinet.com
3	www.google.com	www.fortinet.com
3	googleads.g.doubleclick.net	www.googletagmanager.com
3	bat.bing.com	assets.adobedtm.com bat.bing.com www.fortinet.com
3	dpm.demdex.net	www.fortinet.com
2	www.facebook.com
2	idsync.rlcdn.com	2 redirects
2	snap.licdn.com	www.fortinet.com snap.licdn.com
2	connect.facebook.net	www.fortinet.com connect.facebook.net
2	10104846.fls.doubleclick.net	1 redirects assets.adobedtm.com
2	ib.adnxs.com	1 redirects
2	secure.adnxs.com	1 redirects
2	intentstream.contanuity.com	abm-tracking.demandscience.com
2	epsilon.6sense.com	j.6sc.co
2	tr.outbrain.com	amplify.outbrain.com
2	abm-tracking.demandscience.com	www.fortinet.com abm-tracking.demandscience.com
2	amplify.outbrain.com	www.fortinet.com amplify.outbrain.com
2	script.crazyegg.com	www.fortinet.com script.crazyegg.com
1	www.linkedin.com	1 redirects
1	6033413.global.siteimproveanalytics.io
1	siteimproveanalytics.com	assets.adobedtm.com
1	analytics.inzynk.io	tags.inzynk.io
1	webtracker.argusplatform.com	tmp.argusplatform.com
1	tags.inzynk.io	assets.adobedtm.com
1	static.ads-twitter.com	www.fortinet.com
1	dx.mountain.com	www.fortinet.com
1	pixels.argusplatform.com	tmp.argusplatform.com
1	tracking.contanuity.com	abm-tracking.demandscience.com www.fortinet.com
1	metrics.fortinet.com	www.fortinet.com
1	www.google-analytics.com	www.googletagmanager.com
1	cdn.jsdelivr.net	abm-tracking.demandscience.com
1	ad.doubleclick.net	www.fortinet.com
1	ibc-flow.techtarget.com	trk.techtarget.com
1	wave.outbrain.com	amplify.outbrain.com
1	pixel.mathtag.com	www.fortinet.com
1	tmp.argusplatform.com	www.fortinet.com
1	trk.techtarget.com	www.fortinet.com
1	api.omappapi.com	a.opmnstr.com
1	a.omappapi.com	a.opmnstr.com
1	ipv6.6sc.co	j.6sc.co
1	c.6sc.co	j.6sc.co
1	a.opmnstr.com	assets.adobedtm.com
1	j.6sc.co	www.fortinet.com
1	fortinet.tt.omtrdc.net	www.fortinet.com
1	cm.everesttech.net	1 redirects
1	fortinet.demdex.net	www.fortinet.com
1	geolocation.onetrust.com	cdn.cookielaw.org
0	px.mountain.com Failed	dx.mountain.com
0	sync.crwdcntrl.net Failed
0	match.adsrvr.org Failed
0	18.210.229.244 Failed	dx.mountain.com
159	61

This site contains links to these domains. Also see Links.

Domain
www.linkedin.com
www.twitter.com
www.youtube.com
www.instagram.com
www.facebook.com
fortiguard.com
community.fortinet.com
investor.fortinet.com
onetrust.com

Subject Issuer	Validity	Valid
*.fortinet.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-16` - `2025-07-15`	a year	crt.sh
cookielaw.org Cloudflare Inc ECC CA-3	`2024-03-01` - `2024-12-31`	10 months	crt.sh
onetrust.com Cloudflare Inc ECC CA-3	`2023-11-13` - `2024-11-12`	a year	crt.sh
assets.adobedtm.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-09` - `2025-08-09`	a year	crt.sh
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-09-26` - `2024-10-26`	a year	crt.sh
*.tt.omtrdc.net DigiCert TLS RSA SHA256 2020 CA1	`2023-08-22` - `2024-09-21`	a year	crt.sh
6sc.co R11	`2024-07-03` - `2024-10-01`	3 months	crt.sh
script.crazyegg.com E1	`2024-06-03` - `2024-09-01`	3 months	crt.sh
*.outbrain.com DigiCert TLS RSA SHA256 2020 CA1	`2023-12-14` - `2024-12-14`	a year	crt.sh
a.opmnstr.com R11	`2024-06-25` - `2024-09-23`	3 months	crt.sh
www.bing.com Microsoft Azure RSA TLS Issuing CA 04	`2024-06-19` - `2024-12-16`	6 months	crt.sh
*.google-analytics.com WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
a.omappapi.com R11	`2024-06-25` - `2024-09-23`	3 months	crt.sh
omappapi.com WE1	`2024-06-16` - `2024-09-14`	3 months	crt.sh
trk.techtarget.com WE1	`2024-07-23` - `2024-10-21`	3 months	crt.sh
abm-tracking.demandscience.com R11	`2024-06-14` - `2024-09-12`	3 months	crt.sh
tmp.argusplatform.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2024-04-23` - `2024-10-23`	6 months	crt.sh
*.mathtag.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-04-23` - `2025-04-30`	a year	crt.sh
*.6sense.com Amazon RSA 2048 M03	`2024-04-23` - `2025-05-22`	a year	crt.sh
ibc-flow.techtarget.com WR3	`2024-07-02` - `2024-09-30`	3 months	crt.sh
*.doubleclick.net WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
jsdelivr.net GlobalSign Atlas R3 DV TLS CA 2023 Q3	`2023-09-27` - `2024-10-28`	a year	crt.sh
intentstream.contanuity.com E5	`2024-06-16` - `2024-09-14`	3 months	crt.sh
*.google.com WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
*.google.ca WR2	`2024-06-24` - `2024-09-16`	3 months	crt.sh
metrics.fortinet.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-12-26` - `2025-01-25`	a year	crt.sh
tracking.contanuity.com R11	`2024-07-13` - `2024-10-11`	3 months	crt.sh
pixels.argusplatform.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2024-04-22` - `2024-10-22`	6 months	crt.sh
*.mountain.com Go Daddy Secure Certificate Authority - G2	`2024-05-23` - `2025-06-24`	a year	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-25` - `2025-06-24`	a year	crt.sh
*.inzynk.io Amazon RSA 2048 M02	`2024-01-07` - `2025-02-04`	a year	crt.sh
webtracker.argusplatform.com GeoTrust Global TLS RSA4096 SHA256 2022 CA1	`2024-04-23` - `2024-10-23`	6 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-05-02` - `2024-07-31`	3 months	crt.sh
siteimproveanalytics.com WE1	`2024-06-21` - `2024-09-19`	3 months	crt.sh
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-08` - `2025-05-07`	a year	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-11-07` - `2024-11-05`	a year	crt.sh
snap.licdn.com DigiCert SHA2 Secure Server CA	`2023-12-13` - `2024-12-12`	a year	crt.sh
event-horizon.gcp.bomm.in WR3	`2024-06-23` - `2024-09-21`	3 months	crt.sh
*.global.r1.siteimproveanalytics.io Amazon RSA 2048 M02	`2023-10-26` - `2024-11-23`	a year	crt.sh
www.linkedin.com DigiCert SHA2 Secure Server CA	`2024-07-01` - `2025-01-01`	6 months	crt.sh

This page contains 3 frames:

Primary Page: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
Frame ID: D6E8014B56DDE3080ED91BF4B1A225E6
Requests: 157 HTTP requests in this frame

Frame: https://fortinet.demdex.net/dest5.html?d_nsid=0
Frame ID: C381618FCC83AF769F456DBC242AF6C0
Requests: 1 HTTP requests in this frame

Frame: https://10104846.fls.doubleclick.net/activityi;dc_pre=CPfbtaTKv4cDFaLl_QUdOvYDMg;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=9401346431529.53
Frame ID: 1B0B10D89A3FA9E1667D06D7C92E72F9
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Exploiting CVE-2024-21412: A Stealer Campaign Unleashed | FortiGuard Labs

Detected technologies

Adobe Experience Manager (CMS) Expand

Overall confidence: 100%
Detected patterns

/etc/designs/
/etc\.clientlibs/

AppNexus (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

adnxs\.(?:net|com)

Crazy Egg (Analytics) Expand

Overall confidence: 100%
Detected patterns

script\.crazyegg\.com/pages/scripts/\d+/\d+\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

FingerprintJS (JavaScript libraries) Expand

Overall confidence: 100%
Detected patterns

/fingerprintjs@(\d)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Linkedin Insight Tag (Analytics) Expand

Overall confidence: 100%
Detected patterns

snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

OneTrust (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

cdn\.cookielaw\.org
otSDKStub\.js

TrackJs (Analytics) Expand

Overall confidence: 100%
Detected patterns

tracker\.js

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

//cdn\.jsdelivr\.net/

Page Statistics

159
Requests

92 %
HTTPS

0 %
IPv6

43
Domains

61
Subdomains

48
IPs

3
Countries

7384 kB
Transfer

10864 kB
Size

63
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://www.linkedin.com/company/fortinet

Search URL Search Domain Scan URL

URL: https://www.twitter.com/fortinet

Search URL Search Domain Scan URL

URL: https://www.youtube.com/channel/UCJHo4AuVomwMRzgkA5DQEOA?sub_confirmation=1

Search URL Search Domain Scan URL

URL: https://www.instagram.com/fortinet/

Search URL Search Domain Scan URL

URL: https://www.facebook.com/fortinet

Search URL Search Domain Scan URL

URL: https://fortiguard.com/
Title: FortiGuard Labs

Search URL Search Domain Scan URL

URL: https://community.fortinet.com/
Title: Fortinet Community

Search URL Search Domain Scan URL

URL: https://investor.fortinet.com/
Title: Investor Relations

Search URL Search Domain Scan URL

URL: https://onetrust.com/poweredbyonetrust

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 42

https://cm.everesttech.net/cm/dd?d_uuid=52104645368140463242358385974948306634 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZqDmcQAAAG48PwN2

Request Chain 107

https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=a6bfe9c5e94d822489c8c4c06d71dd1f_1721820786694 HTTP 303
https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=a6bfe9c5e94d822489c8c4c06d71dd1f_1721820786694&_bee_ppp=1 HTTP 303
https://tracking.contanuity.com/usersync?bwcookie=AACa-E7NQc0AABSlH40N0w

Request Chain 125

https://secure.adnxs.com/px?id=1773420&t=2 HTTP 307
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1773420%26t%3D2

Request Chain 126

https://ib.adnxs.com/seg?add=36113683 HTTP 307
https://ib.adnxs.com/bounce?%2Fseg%3Fadd%3D36113683

Request Chain 131

https://10104846.fls.doubleclick.net/activityi;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=9401346431529.53 HTTP 302
https://10104846.fls.doubleclick.net/activityi;dc_pre=CPfbtaTKv4cDFaLl_QUdOvYDMg;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=9401346431529.53

Request Chain 147

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050&time=1721820789172&li_adsId=90144915-fc0f-41c6-b5ed-2cafc55df137&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050&time=1721820789172&li_adsId=90144915-fc0f-41c6-b5ed-2cafc55df137&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&cookiesTest=true HTTP 302
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7120%252C2159050%26time%3D1721820789172%26li_adsId%3D90144915-fc0f-41c6-b5ed-2cafc55df137%26url%3Dhttps%253A%252F%252Fwww.fortinet.com%252Fblog%252Fthreat-research%252Fexploiting-cve-2024-21412-stealer-campaign-unleashed%26cookiesTest%3Dtrue%26liSync%3Dtrue HTTP 302
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050&time=1721820789172&li_adsId=90144915-fc0f-41c6-b5ed-2cafc55df137&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&cookiesTest=true&liSync=true

Request Chain 149

https://idsync.rlcdn.com/395886.gif?partner_uid=3645797589165539338 HTTP 307
https://idsync.rlcdn.com/1000.gif?memo=CO6UGBIeChoIARCuXxoTMzY0NTc5NzU4OTE2NTUzOTMzOBAAGg0I9cyDtQYSBQjoBxAAQgBKAA HTTP 307
https://ml314.com/csync.ashx?fp=2036266bfbc44e8e629b951c658ba7cbbcf794bb6d6542b64edf7fd964b083f9f4cb09cee1a4f8eb&person_id=3645797589165539338&eid=50082

Request Chain 152

https://ps.eyeota.net/pixel?pid=r8hrb20&t=gif HTTP 302
https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif HTTP 302
https://ml314.com/utsync.ashx?eid=50052&et=0&fp=2aisXPGqvR4NuG4ZcasN4U9YjW-bPORE0xwcW1QiSfOE&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3Dr8hrb20%26uid%3Dnil%26referrer_pid%3Dr8hrb20 HTTP 302
https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20

159 HTTP transactions
3 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request exploiting-cve-2024-21412-stealer-campaign-unleashed Show response
www.fortinet.com/blog/threat-research/ 70 KB
25 KB 337ms
55ms Document
text/html 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

b8bd6ae17f88486fa86c4acb7f2190d93bcbdd5e223e55b46273cb0eb0a05878

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Accept-Ranges: bytes
Age: 66536
Cache-Control: max-age=600, public, s-maxage=10800
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 23684
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Type: text/html;charset=utf-8
Date: Wed, 24 Jul 2024 11:23:17 GMT
ETag: "118e6-61ded2657972b-gzip"
Last-Modified: Tue, 23 Jul 2024 17:04:07 GMT
Server: Apache
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
Via: 1.1 689115ff2de1803f311819422d2bbc9e.cloudfront.net (CloudFront)
X-Amz-Cf-Id: _XHAecAEz-C_AS03yPRxfiS-yG3Y4EkNR-74JXI3gAUHvr-1PMleQw==
X-Amz-Cf-Pop: IAD61-P2
X-Cache: Hit from cloudfront
X-Content-Type-Options: nosniff
X-Dispatcher: dispatcher1uswest1-28559594
X-Frame-Options: SAMEORIGIN
X-Vhost: publish
X-XSS-Protection: 1; mode=block

GET
H/1.1 200
OK visitorapi.min.js Show response
www.fortinet.com/etc/designs/fortinet/adb-target/ 64 KB
30 KB 137ms
53ms Script
application/javascript 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc/designs/fortinet/adb-target/visitorapi.min.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

0f03d4ff929986a3cde83681fd2560eae544f7138f59945ec6ec32c17800ca91

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Fri, 19 Jul 2024 19:32:47 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Encoding: gzip
Via: 1.1 689115ff2de1803f311819422d2bbc9e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
X-Vhost: publish
X-Cache: Hit from cloudfront
Age: 403217
Connection: keep-alive
Content-Length: 29532
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 15 Feb 2024 21:43:32 GMT
Server: Apache
ETag: "fe2d-6117284c96900-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: tecNMAeRumB_UTc80pd8_I-o6-zgp6PD7EMgLWMNDv0gHF2wb7aWCA==

GET
H/1.1 200
OK at.js Show response
www.fortinet.com/etc/designs/fortinet/adb-target/ 104 KB
48 KB 144ms
54ms Script
application/javascript 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc/designs/fortinet/adb-target/at.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

db058d72d7ba8ff6ed7209af23a4458c373cc78f72c81ec1df88bb5de72a0b0b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Fri, 19 Jul 2024 20:11:23 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Encoding: gzip
Via: 1.1 fe40bff56d1483fa61dd95ff72f0b9c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
X-Vhost: publish
X-Cache: Hit from cloudfront
Age: 400901
Connection: keep-alive
Content-Length: 47782
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 21 Mar 2024 20:59:39 GMT
Server: Apache
ETag: "19e83-61431fc4b24c0-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: WC9CThZ-wgx_vGSPJg6q5SIwJYtUkx79DxrvOOk8WX4n-f4nhUMW3A==

GET
H/1.1 200
OK clientlib-base.min.900b148ab7b87024003111a1245cca9c.css
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/ 540 KB
28 KB 56ms
48ms Stylesheet
text/css 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.900b148ab7b87024003111a1245cca9c.css

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

94633716497a85d800b6e573953942c4cfe483c0dbd68fa97fd01dd97ced5d66

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 18:50:22 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Encoding: gzip
Via: 1.1 689115ff2de1803f311819422d2bbc9e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
X-Vhost: publish
X-Cache: Hit from cloudfront
Age: 146663
Connection: keep-alive
Content-Length: 27478
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 20 Jun 2024 20:55:17 GMT
Server: Apache
ETag: "86e1b-61b58883c7740-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: text/css;charset=utf-8
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: YmVVY-8ZPsrN7Zj-QLuHzKDZP9O62f-rXsMYOEPrVjWAkGVmjRVpMw==

GET
H2 200 otSDKStub.js Show response
cdn.cookielaw.org/scripttemplates/ 21 KB
7 KB 166ms
47ms Script
application/javascript 104.19.178.52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.178.52 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e0c289faa80333eff728b8bdbbf10b11dec1a6e1938a444e1cc41be6744e96d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 24 Jul 2024 11:33:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: PzcU3Ivp6w0l3AsetHXgNw==
age: 73771
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 6882
x-ms-lease-status: unlocked
last-modified: Mon, 22 Jul 2024 16:52:22 GMT
server: cloudflare
etag: 0x8DCAA6EA7FD79D6
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 84d5a425-501e-00d8-5667-dc345b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a8397dc3a00aabf-YYZ
expires: Wed, 24 Jul 2024 15:03:33 GMT

GET
H/1.1 200
OK fortinet-logo-white.svg
www.fortinet.com/content/dam/fortinet-blog/ 32 KB
3 KB 146ms
50ms Image
image/svg+xml 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/fortinet-logo-white.svg

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Wed, 24 Jul 2024 11:27:28 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Encoding: gzip
Via: 1.1 03c28758fe0abb70088fb45c6855d854.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
X-Vhost: publish
X-Cache: Hit from cloudfront
Age: 29025103
Content-Disposition: attachment; filename="fortinet-logo-white.svg"
Connection: keep-alive
Content-Length: 1998
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 22 Feb 2018 23:16:01 GMT
Server: Apache
ETag: "7ebb-565d53a1d6e40-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: hMX-eRelrvI1HWLxeQWZJA7kTuOJ_OjIf6s57kkl8me6YctW3tqTpA==

GET
H/1.1 200
OK toc-icon.jpg
www.fortinet.com/content/dam/fortinet/images/ 1 KB
3 KB 148ms
52ms Image
image/jpeg 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet/images/toc-icon.jpg

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

370df1cc8999c1e03fc1c5f7ced35334513d19233d1fc79d2c1c7f711361565d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Wed, 24 Jul 2024 11:23:58 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 8a66d5eadee9b730a388e117efe2af72.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 21837520
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 1277
X-XSS-Protection: 1; mode=block
Last-Modified: Tue, 14 Nov 2023 17:34:13 GMT
Server: Apache
ETag: "4fd-60a2031eb4f40"
X-Frame-Options: SAMEORIGIN
Content-Type: image/jpeg
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: xRR2nZ5VyJWXhNrNrJ2tZnAEQJQoHAeR1mWNfLv4ToYOa0agXl6hVw==

GET
H/1.1 200
OK clientlib-base.min.ba4f082a77dabb2c6baf715d9eb61c22.js Show response
www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/ 160 KB
74 KB 52ms
50ms Script
application/javascript 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.ba4f082a77dabb2c6baf715d9eb61c22.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

7b1e74dd6970b56853dfd79e59ba73315051b0c59a69c6a9fd87e515650fdc80

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Mon, 22 Jul 2024 18:48:43 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Encoding: gzip
Via: 1.1 8a66d5eadee9b730a388e117efe2af72.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
X-Vhost: publish
X-Cache: Hit from cloudfront
Age: 146661
Connection: keep-alive
Content-Length: 74768
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 11 Jul 2024 21:01:58 GMT
Server: Apache
ETag: "28100-61cff12ce1d80-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/javascript;charset=utf-8
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: SXPYQmqNKJQGGUnDzmTkNVdOM93256rZU9UAMPYYtBwVNyGzZXhZRA==

GET
H2 200 f85f39fc-d7aa-467a-b762-fbb722748016.json Show response
cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/ 5 KB
2 KB 116ms
57ms XHR
application/x-javascript 104.19.178.52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/f85f39fc-d7aa-467a-b762-fbb722748016.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.178.52 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8998282f5a80fff5eaafdbd457dd7a81af0cd7c8696bfe032a6aeef8fe67f99f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 24 Jul 2024 11:33:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 53055
content-md5: Uj3iBUKm1Vl2g2NHq67V+w==
content-length: 1792
x-ms-lease-status: unlocked
last-modified: Thu, 28 Dec 2023 19:56:54 GMT
server: cloudflare
etag: 0x8DC07DF23DF5130
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 67257c4e-101e-0033-60c8-396628000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a8397dd28cfac24-YYZ
expires: Thu, 25 Jul 2024 11:33:04 GMT

GET
DATA 200
OK truncated
/ 71 B
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK cve-2024-21412-hero.png
www.fortinet.com/content/dam/fortinet-blog/article-heros/ 429 KB
431 KB 51ms
50ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/article-heros/cve-2024-21412-hero.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

05b1d251b44fdd42bd27a73eb373440c9957297292c3f13a677eb908648486ee

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 13:09:56 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 fe40bff56d1483fa61dd95ff72f0b9c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 81112
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 439634
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:40:28 GMT
Server: Apache
ETag: "6b552-61d8d43f52f00"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: rPf63TQY-ZiCF4U7Oxnj1bixwe1R1WONrXr2ca6JMRBilg7VF8_2hA==

GET
H/1.1 200
OK UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2
www.fortinet.com/etc/designs/fortinet/gfonts/ 37 KB
38 KB 53ms
53ms Font
application/octet-stream 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc/designs/fortinet/gfonts/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7.woff2

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.900b148ab7b87024003111a1245cca9c.css

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

b97c99a69a6275c8f90703cd4c0864089a74fd08383a1cc75a8a4d0c2cb60cce

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.900b148ab7b87024003111a1245cca9c.css
Origin: https://www.fortinet.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Thu, 11 Jul 2024 21:13:11 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 8a66d5eadee9b730a388e117efe2af72.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 1088393
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 37716
X-XSS-Protection: 1; mode=block
Last-Modified: Wed, 18 May 2022 21:08:06 GMT
Server: Apache
ETag: "9354-5df4fa74ff980"
X-Frame-Options: SAMEORIGIN
Content-Type: application/octet-stream
Cache-Control: max-age=2000000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: LCFaRylOT-zMo_Vk_IHOnd2fm6IjAk2sfcXnQHdIuiEf_mkeHvRd7w==

GET
H2 200 location Show response
geolocation.onetrust.com/cookieconsentpub/v1/geo/ 68 B
315 B 106ms
45ms XHR
application/json 172.64.155.119
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://geolocation.onetrust.com/cookieconsentpub/v1/geo/location

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.155.119 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0a1309d2ccff026ab4dcf050977befc877505115e4777e240fa328b1781c63ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

accept: application/json
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:04 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
server: cloudflare
vary: Accept-Encoding
access-control-allow-methods: GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cf-ray: 8a8397de9e4636a3-YYZ
access-control-allow-headers: Content-Type

GET
H/1.1 200
OK stealer-1.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image.img.png/1721335821214/ 85 KB
86 KB 53ms
53ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image.img.png/1721335821214/stealer-1.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

855f75e3c59ecf05751e400ad7f8ef021ab050a882b7c4861a187c9475c16dbc

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 fe40bff56d1483fa61dd95ff72f0b9c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67533
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 86575
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 20:50:21 GMT
Server: Apache
ETag: "1522f-61d8bba265d40"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: q2gNrkcWQLJmB-lTv0oYKbM36ODO4HAeaWlBhcckzBSA2q9NzJWJpA==

GET
H/1.1 200
OK stealer-2.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy.img.png/1721340599411/ 62 KB
63 KB 53ms
53ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy.img.png/1721340599411/stealer-2.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

bf75adb4dce36bece1ce5451a9fb6d4fbd65ee72fc074b55ca676f2d8898da5b

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 8a66d5eadee9b730a388e117efe2af72.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67529
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 63509
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:09:59 GMT
Server: Apache
ETag: "f815-61d8cd6f0dbc0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: 1Veq7yfFN1Vyc6HBrhhA4oqBD-iUm5KG2gmZWGt54tI1fu1Re7BKcg==

GET
DATA 200
OK truncated
/ 42 B
0 Image
image/gif

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif

GET
H2 200 otBannerSdk.js Show response
cdn.cookielaw.org/scripttemplates/6.10.0/ 356 KB
78 KB 44ms
44ms Script
application/javascript 104.19.178.52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.178.52 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

7a23e0e46e16f067271bc79c92a917c13769848457d16cdf109e4dc04c687e8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 24 Jul 2024 11:33:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: Bh9exWOPGIwRshWljrtlEw==
age: 54522
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 79698
x-ms-lease-status: unlocked
last-modified: Thu, 03 Dec 2020 02:43:00 GMT
server: cloudflare
etag: 0x8D89735260901BC
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
x-ms-request-id: 196e3d49-701e-0078-0644-149a7b000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a8397df8cc3aabf-YYZ

GET
H/1.1 200
OK stealer-3.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy.img.png/1721338963877/ 25 KB
26 KB 54ms
51ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy.img.png/1721338963877/stealer-3.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

1d7b331a045e0921f57a7aca33a2be27539027cc5b1ded6de5ad38263eddf8a3

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 03c28758fe0abb70088fb45c6855d854.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67533
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 25740
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 21:42:43 GMT
Server: Apache
ETag: "648c-61d8c756d7ac0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: FvMIdlLcEIcA-IgBqnFOk0EHwcimq9Edp10bdEs9aXinthsv4MflhA==

GET
H/1.1 200
OK stealer-3-2.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_110863164.img.png/1721338977125/ 25 KB
26 KB 54ms
50ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

0e5f18649f61dd74f9caf157048d64c16ceb0fd2e8b54ed9e3c6ff1ebf22bd24

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 689115ff2de1803f311819422d2bbc9e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 66998
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 25595
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 21:42:57 GMT
Server: Apache
ETag: "63fb-61d8c76431a40"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: V2mCZWZZI9PQclUWqwInIdh5I6Ym3St4AQAQO_pBCINCfkb7nEG1Uw==

GET
H/1.1 200
OK stealer-4.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy.img.png/1721339893610/ 255 KB
256 KB 63ms
59ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

e3a54e557f40c9a8528562f5f9fe39cb3fce5ad1e3f4238ec791c17961645240

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 ded2db8c78a1ad7377261200a0bb44fa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67533
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 260902
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 21:58:13 GMT
Server: Apache
ETag: "3fb26-61d8cacdc2740"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: B9ySrCLm6SAMOUk9HL_8HDJ2ypNaUaT_6oNyP0ZTTBzAwqhQO79EWA==

GET
H/1.1 200
OK stealer-5.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_967242649.img.png/1721339920989/ 736 KB
737 KB 61ms
57ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

bdfd8a95ffd68d8bc7149ea79a3ca8a1869fe507a42e4f7a368f626843346e89

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 aa77c72923f68604fa8f6f77bfdaa2dc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67528
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 753246
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 21:58:40 GMT
Server: Apache
ETag: "b7e5e-61d8cae782400"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: CrIRQHwHvAaJnKrqHcDOriGJTpp8kYxgwhcAMSUeeSsu8shKSIZhsA==

GET
H/1.1 200
OK stealer-6.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_1215818884.img.png/1721340297519/ 226 KB
227 KB 53ms
52ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

895f6b9e5d37c494c7c8ebf30eade521c286b27001d256e3a37f5ac27684a57d

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 fe40bff56d1483fa61dd95ff72f0b9c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67533
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 231447
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:04:57 GMT
Server: Apache
ETag: "38817-61d8cc4f0b440"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: HrB4PKYiCXKOjKuoYhNp4uJOhZ7kEdhedZZPU7q8HeSged9pJTbszA==

GET
H/1.1 200
OK stealer-6-2.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_386732739.img.png/1721340317097/ 251 KB
252 KB 47ms
46ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

e2d910265020b45a6878d4b62b104bc4cfbcf7554e7386d81aef7a0ae208048e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 8a66d5eadee9b730a388e117efe2af72.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67533
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 257145
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:05:17 GMT
Server: Apache
ETag: "3ec79-61d8cc621e140"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: 82lq0q7qPUD5-1nxplAY_eBFVT7AlOSFWWPQesuzK08CFQqpExA0cg==

GET
H/1.1 200
OK stealer-7.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_1175059951.img.png/1721340377992/ 485 KB
486 KB 53ms
51ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

663fcd2b41d75e07e72ea2622d80566bcf10f1951f7293217d5fd9c9e3e542d8

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 689115ff2de1803f311819422d2bbc9e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67533
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 496746
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:06:17 GMT
Server: Apache
ETag: "7946a-61d8cc9b56840"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: Kn-wpDnI0q8Iy3895YPzk4o0AC-AMEucLoG-H-MzgV01rEJnQ2A_3A==

GET
H/1.1 200
OK stealer-8.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_1558477246.img.png/1721340431350/ 36 KB
38 KB 53ms
51ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

770be267abb4fe287bf67c2fdbdf4f14556632b8e07a6d464e58ca56e3e33474

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 03c28758fe0abb70088fb45c6855d854.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67533
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 37083
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:07:11 GMT
Server: Apache
ETag: "90db-61d8ccced61c0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: iONeFMPeDGbrAUI7lw6iZOsA4LZP0JjwdO7veclDtdLGhzNY7T9TJQ==

GET
H/1.1 200
OK stealer-8-2.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_447561515.img.png/1721340453929/ 31 KB
32 KB 52ms
52ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

ebd0b0892d3b17adc658369a10ebfe9abcd4883fd08bb047fd66dd459edd4481

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 fe40bff56d1483fa61dd95ff72f0b9c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67533
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 31764
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:07:33 GMT
Server: Apache
ETag: "7c14-61d8cce3d1340"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: oNhOQjIhVSafgwBP2LUVr0Wwwg_AVJxFt4W1yATpTEVJJBq9ATM8MA==

GET
H/1.1 200
OK stealer-9.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_299690718.img.png/1721340797851/ 548 KB
549 KB 51ms
49ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

bedf62e46e59fa272ad95971fb563c91a33501c2443058083872960861534da7

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 03c28758fe0abb70088fb45c6855d854.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67533
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 561099
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:13:17 GMT
Server: Apache
ETag: "88fcb-61d8ce2be1940"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: 2rqm87SLb8_zAE4XhAPW7BOjGsQB_CC61mbX0r2VcEJ99NZpnM71cg==

GET
H/1.1 200
OK stealer-10.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_486093180.img.png/1721341353108/ 536 KB
537 KB 52ms
51ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

bec82187bec72da82a4eed1c0c3624ac495ca960b7286da80815db9b5c43777e

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 fe40bff56d1483fa61dd95ff72f0b9c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67267
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 548887
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:22:33 GMT
Server: Apache
ETag: "86017-61d8d03e1fc40"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: nygsDZi4lusgcIIhThO1cDZv8rFC4Aj5VGofsxrWDU6ZTzw2sAiTaA==

GET
H/1.1 200
OK stealer-11.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_1792784929.img.png/1721341661455/ 495 KB
497 KB 52ms
52ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

114ed516604e98cd030c85d1be345541019326d2f32bb784626fb13ad57f8744

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:53 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 8a66d5eadee9b730a388e117efe2af72.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67531
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 507338
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:27:41 GMT
Server: Apache
ETag: "7bdca-61d8d163db140"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: A5qI6YNDi4xmQZahGzAWAORlzB3DBC6R7-lg8DB3tK1xIu9Rp1-6Cg==

GET
H/1.1 200
OK stealer-12.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_125801863.img.png/1721341839402/ 54 KB
55 KB 48ms
47ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

30ddee8ebf0ffd7c415585a9e3a0e8023deb80ed05b857a4427dbb75790c43bd

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 ded2db8c78a1ad7377261200a0bb44fa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67533
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 55265
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:30:39 GMT
Server: Apache
ETag: "d7e1-61d8d20d9c1c0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: WHrqD3ED80ITOykJ6OUEmrp9mv7V936dqgadaJO00pTuYpEEBCndUw==

GET
H/1.1 200
OK stealer-13.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_1354616904.img.png/1721341858282/ 508 KB
509 KB 48ms
46ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

3e63ed3b834f3a6961e1476a3dfadffb78212feac2bf804352a6926091b4c828

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 23 Jul 2024 17:52:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 ded2db8c78a1ad7377261200a0bb44fa.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 66998
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 520084
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:30:58 GMT
Server: Apache
ETag: "7ef94-61d8d21fbac80"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: f7voYxkP0xf9jvtJNY-Ovic0mGIq8XusQjzdOkD3IEYsbt6yDt___w==

GET
H/1.1 200
OK stealer-14.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_210389830.img.png/1721341914790/ 287 KB
288 KB 54ms
54ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

b64cae93d3398a9d5da33d3728f714a222df73943f87b81b7f2c49d58e2794ef

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 23 Jul 2024 17:52:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 689115ff2de1803f311819422d2bbc9e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67267
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 293512
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:31:54 GMT
Server: Apache
ETag: "47a88-61d8d25522a80"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: pDoKVJTSvnKgweVGmXMOgD3_nfSb6CfdTdcSFvux5RLTwj8bgPyNuw==

GET
H/1.1 200
OK stealer-15.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_1279974212.img.png/1721341938787/ 102 KB
103 KB 49ms
47ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

d1fe20aff60f91b78aabd65363112fbc84a8e7c8dd0c258bb1aae48cc4e4879c

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 23 Jul 2024 17:52:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 fe40bff56d1483fa61dd95ff72f0b9c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67267
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 104452
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:32:18 GMT
Server: Apache
ETag: "19804-61d8d26c06080"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: 6Pl5e5juatM2fsm8HcQnq0xwCfeVEWJxak58TuS78VW6AGex-ZjsKg==

GET
H/1.1 200
OK stealer-16.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_398882795.img.png/1721341971772/ 270 KB
271 KB 50ms
50ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

8883bc0b8dd0d8b6e1f37046e643e3487484913aae5fedbb41b9c0c059ecf123

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 17:52:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 aa77c72923f68604fa8f6f77bfdaa2dc.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67533
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 276602
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:32:51 GMT
Server: Apache
ETag: "4387a-61d8d28b7eac0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: rz4PyBobtKC245kcMMehGzUM43lxtSH-Z8VGhGslRxWVx7W4T53hSw==

GET
H/1.1 200
OK stealer-17.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_1313884336.img.png/1721342021064/ 192 KB
193 KB 48ms
47ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

93f1175b9eb9dcdf7cc89fb8a0049b1734aead76c4e9a71ce2e74c6659dfc7a2

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 23 Jul 2024 17:52:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 fe40bff56d1483fa61dd95ff72f0b9c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67266
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 196311
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:33:41 GMT
Server: Apache
ETag: "2fed7-61d8d2bb2db40"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: Y-04zMVIIgb2GTULm9b6x2oHblbYWABgrOwYcaYgw4IHSPvGl53bGA==

GET
H/1.1 200
OK stealer-18.png
www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed/_jcr_content/root/responsivegrid/table_content/par/image_copy_copy_copy_991419676.img.png/1721342039151/ 230 KB
231 KB 48ms
48ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

9453297b8c031ffe12f292174750cabd95f6069010d7dfb77e3e840f462706e1

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Tue, 23 Jul 2024 17:52:54 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 689115ff2de1803f311819422d2bbc9e.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 67266
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 235191
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 22:33:59 GMT
Server: Apache
ETag: "396b7-61d8d2cc583c0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: ApZYZsbfMk56gnWF-PkRKJoi4JA1e-kjPF1WOD6FD4EHDpXLVLe0aw==

GET
H2 200 en.json Show response
cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/29891b98-4435-469c-84ae-791eaa28c9e1/ 99 KB
24 KB 44ms
43ms Fetch
application/x-javascript 104.19.178.52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/consent/f85f39fc-d7aa-467a-b762-fbb722748016/29891b98-4435-469c-84ae-791eaa28c9e1/en.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.178.52 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

afb08ef7dbe14e004ba0b93079e3c465c7c6f9d1038518826c8513126aa29ba7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 24 Jul 2024 11:33:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 79898
content-md5: MNDmBGowTSZoWMGG9p6/mg==
content-length: 24015
x-ms-lease-status: unlocked
last-modified: Thu, 28 Dec 2023 19:57:06 GMT
server: cloudflare
etag: 0x8DC07DF2B168D13
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: *
x-ms-request-id: 1b52a830-301e-0056-5374-79c86c000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: public, max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a8397e00a62ac24-YYZ
expires: Thu, 25 Jul 2024 11:33:04 GMT

GET
H2 200 otFlat.json Show response
cdn.cookielaw.org/scripttemplates/6.10.0/assets/ 13 KB
4 KB 48ms
48ms Fetch
application/json 104.19.178.52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.10.0/assets/otFlat.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.178.52 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

8cdca3b36914e8a3f56390da71389944579faaae82704e53bd66f9c0387502f6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 24 Jul 2024 11:33:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: W9e0YobmEbvdB0V9OmpQkw==
age: 80435
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 3329
x-ms-lease-status: unlocked
last-modified: Thu, 03 Dec 2020 02:42:50 GMT
server: cloudflare
etag: 0x8D89735209A34D6
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: 9a92e17f-301e-0046-2672-790d04000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a8397e09aa6ac24-YYZ

GET
H2 200 otPcTab.json Show response
cdn.cookielaw.org/scripttemplates/6.10.0/assets/v2/ 45 KB
12 KB 47ms
45ms Fetch
application/json 104.19.178.52
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.cookielaw.org/scripttemplates/6.10.0/assets/v2/otPcTab.json

Requested by

Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.19.178.52 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f9b2aaabab92d9c63930432351fa3f5aa634fcb5db31b039e23465f8b4bd5a68

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-ms-blob-type: BlockBlob
date: Wed, 24 Jul 2024 11:33:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
cf-cache-status: HIT
content-md5: zNsRoM1FEmsEgJoYMCNTng==
age: 82579
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-length: 11755
x-ms-lease-status: unlocked
last-modified: Thu, 03 Dec 2020 02:42:53 GMT
server: cloudflare
etag: 0x8D897352245C4EA
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
x-ms-request-id: ecfe8c79-601e-0080-574e-79c685000000
access-control-expose-headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control: max-age=86400
x-ms-version: 2009-09-19
accept-ranges: bytes
cf-ray: 8a8397e09aaaac24-YYZ

GET
DATA 200
OK truncated
/ 817 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H2 200 launch-EN23cb8375449840dc93b13f34d935b8b9.min.js Show response
assets.adobedtm.com/ 500 KB
120 KB 203ms
59ms Script
application/x-javascript 23.220.136.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Requested by: Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/6.10.0/otBannerSdk.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.220.136.244 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-220-136-244.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 3f36cb484213cafc798ef594c00ffdc27156f0106c63b539c3464bae355fb82a

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:05 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:18 GMT
server: AkamaiNetStorage
etag: "8a4c827a8473d3eaa82e456391d2db4b:1721688797.91308"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 123001
expires: Wed, 24 Jul 2024 12:33:05 GMT

GET
H2 200 id Show response
dpm.demdex.net/ 367 B
915 B 159ms
60ms XHR
application/json 23.23.225.172
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_orgid=ED8739F75677FE917F000101%40AdobeOrg&d_nsid=0&ts=1721820784943

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/etc/designs/fortinet/adb-target/visitorapi.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

23.23.225.172 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-23-23-225-172.compute-1.amazonaws.com

Software

Resource Hash

89501d31f6143d2dd6a448458a7123b136d8001b53185ae5f8e21429f3b2fc76

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded

Response headers

dcs: dcs-prod-va6-1-v062-061d937d0.edge-va6.demdex.com 5 ms
pragma: no-cache
date: Wed, 24 Jul 2024 11:33:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
x-tid: G20qwwiTRps=
vary: Origin
content-type: application/json;charset=utf-8
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
access-control-allow-credentials: true
content-length: 310
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H2 200 dest5.html
fortinet.demdex.net/ Frame C381 0
0 144ms
44ms Document
text/html 18.213.178.132
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://fortinet.demdex.net/dest5.html?d_nsid=0

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/etc/designs/fortinet/adb-target/visitorapi.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.213.178.132 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-18-213-178-132.compute-1.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.fortinet.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Wed, 24 Jul 2024 11:33:05 GMT
dcs: dcs-prod-va6-2-v062-02a4dbb34.edge-va6.demdex.com 0 ms
expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Thu, 18 Jul 2024 10:27:08 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains
vary: accept-encoding
x-tid: wkTXfe8eRws=

GET
H2

200

ibs:dpid=411&dpuuid=ZqDmcQAAAG48PwN2
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=52104645368140463242358385974948306634
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZqDmcQAAAG48PwN2

42 B
716 B

48ms
47ms

Image
image/gif

23.23.225.172
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZqDmcQAAAG48PwN2

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Server

23.23.225.172 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-23-23-225-172.compute-1.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

dcs: dcs-prod-va6-2-v062-03113a873.edge-va6.demdex.com 2 ms
pragma: no-cache
date: Wed, 24 Jul 2024 11:33:05 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: 7bCn2dzbRoI=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

Redirect headers

Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZqDmcQAAAG48PwN2
Date: Wed, 24 Jul 2024 11:33:05 GMT
Cache-Control: no-cache
Server: AMO-cookiemap/1.1
Connection: keep-alive
Content-Length: 0
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"

POST
H2 200 delivery Show response
fortinet.tt.omtrdc.net/rest/v1/ 7 KB
3 KB 204ms
67ms XHR
application/json 63.140.39.117
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://fortinet.tt.omtrdc.net/rest/v1/delivery?client=fortinet&sessionId=aa50fe560b064624bb9859d33631b116&version=2.10.0

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/etc/designs/fortinet/adb-target/at.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.39.117 , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ip-63-140-39-117.data.adobedc.net

Software

jag /

Resource Hash

00274a2d2a7016155d4c957f6979a7b5fab60f0a8dde069029257b33a61c822c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Wed, 24 Jul 2024 11:33:05 GMT
content-encoding: gzip
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubDomains
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
server: jag
x-content-type-options: nosniff
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
content-type: application/json;charset=UTF-8
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
timing-allow-origin: *
x-xss-protection: 1; mode=block
x-request-id: f8b0cae7-0cce-4d73-b569-5ea032eb2e5a

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EPc7341b33570d4c988798fc9f0093d4b2/ 35 KB
13 KB 48ms
47ms Script
application/x-javascript 23.220.136.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPc7341b33570d4c988798fc9f0093d4b2/AppMeasurement.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.220.136.244 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-220-136-244.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: f012c00d43164a4de843ae80abefe500f8497e1123d11c965cd3b40600fe9720

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:05 GMT
content-encoding: gzip
last-modified: Mon, 04 Mar 2024 18:51:30 GMT
server: AkamaiNetStorage
etag: "964f8cb588092ac645368e7307eb73ac:1709578290.803919"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 12938
expires: Wed, 24 Jul 2024 12:33:05 GMT

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EPc7341b33570d4c988798fc9f0093d4b2/ 3 KB
2 KB 47ms
46ms Script
application/x-javascript 23.220.136.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/extensions/EPc7341b33570d4c988798fc9f0093d4b2/AppMeasurement_Module_ActivityMap.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.220.136.244 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-220-136-244.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: b90b775b65c2623322caaa52d7acf6af709ca59bdd475a54043b6308d91828c4

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:05 GMT
content-encoding: gzip
last-modified: Mon, 04 Mar 2024 18:51:31 GMT
server: AkamaiNetStorage
etag: "9cf185793291692f744c78c75da01dd8:1709578291.795602"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache
accept-ranges: bytes
timing-allow-origin: *
content-length: 1599
expires: Wed, 24 Jul 2024 12:33:05 GMT

GET
H2 200 6si.min.js Show response
j.6sc.co/ 68 KB
18 KB 201ms
42ms Script
application/javascript 23.212.248.22
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://j.6sc.co/6si.min.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.212.248.22 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-212-248-22.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

4dba9e54570483a0624219ec53864f468c9cbdf4f9c1f23821e539de7cb0c9fc

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:33:05 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Fri, 12 Jul 2024 19:23:12 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "669182a0-10e5e"
vary: Accept-Encoding
content-type: application/javascript
cache-control: private, proxy-revalidate, max-age=1800
accept-ranges: bytes
content-length: 18671
expires: Wed, 24 Jul 2024 12:03:05 GMT

GET
H2 200 0786.js Show response
script.crazyegg.com/pages/scripts/0117/ 7 KB
3 KB 197ms
40ms Script
text/javascript 104.19.148.8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/scripts/0117/0786.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.148.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 8db92e7cdc1ad40168c42e93b05d842e056d8a5b83ae96b95d2b1c546f828196

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:05 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 97430
cf-polished: origSize=6998
ce-version: 11.5.248
cf-bgj: minify
last-modified: Tue, 23 Jul 2024 08:29:15 GMT
server: cloudflare
vary: Accept-Encoding
content-type: text/javascript
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
timing-allow-origin: *
cf-ray: 8a8397e53bfaac36-YYZ

GET
H/1.1 200
OK obtp.js Show response
amplify.outbrain.com/cp/ 28 KB
9 KB 263ms
54ms Script
application/x-javascript 23.220.137.92
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://amplify.outbrain.com/cp/obtp.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.220.137.92 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-220-137-92.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 8489534bde4ad3c3cedebecd11b9babe653de6b413922ec2b877c5bfcb33ee3e

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Wed, 24 Jul 2024 11:33:05 GMT
Content-Encoding: gzip
Last-Modified: Mon, 22 Jul 2024 07:46:05 GMT
Server: AkamaiNetStorage
ETag: "7437febf15b08e005ac33eb9fc2707ae:1721634584.416148"
Vary: Accept-Encoding
Content-Type: application/x-javascript
X-RG: NA
Cache-Control: max-age=1200
X-CC: CA
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 8614
Expires: Wed, 24 Jul 2024 11:53:05 GMT

GET
H2 200 api.min.js Show response
a.opmnstr.com/app/js/ 51 KB
18 KB 191ms
46ms Script
application/javascript 37.19.207.34
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://a.opmnstr.com/app/js/api.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 37.19.207.34 Ashburn, United States, ASN60068 (CDN77 _, GB),
Reverse DNS: 37-19-207-34.bunnyinfra.net
Software: BunnyCDN-ASB1-925 /
Resource Hash: 13c309d0ebac3484b78106413ee31f46abfc690429c64ddf6ceb1b1838424ada

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:05 GMT
content-encoding: br
cdn-edgestorageid: 925
perma-cache: HIT
cdn-storageserver: NY-267
cdn-cachedat: 07/24/2024 11:33:04
cdn-pullzone: 293267
last-modified: Wed, 10 Jul 2024 18:36:03 GMT
server: BunnyCDN-ASB1-925
cdn-fileserver: 749
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"668ed493-cc71"
vary: Accept-Encoding, Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 6e1bd01f92c4c815bd1f382658d2332f
cdn-requestcountrycode: CA
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 200 bat.js Show response
bat.bing.com/ 49 KB
14 KB 202ms
65ms Script
application/javascript 204.79.197.237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

204.79.197.237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Wed, 24 Jul 2024 11:33:04 GMT
last-modified: Sat, 13 Jul 2024 20:42:16 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6A0D6E13AC914011929C3D62D9998674 Ref B: YTO01EDGE0508 Ref C: 2024-07-24T11:33:05Z
etag: "044982565d5da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 14183

GET
H2 200 RCac955f2e1e97429197e1e31aaec22e86-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 1 KB
942 B 55ms
51ms Script
application/x-javascript 23.220.136.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RCac955f2e1e97429197e1e31aaec22e86-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.220.136.244 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-220-136-244.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 7c951a4408b8eb47ecea22bc965c50addb9e027eed0d48b1248869d967967ceb

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:05 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 684
expires: Wed, 24 Jul 2024 12:33:05 GMT

GET
H2 200 RC41e16e9b16d1408cbf43b5b2e7378738-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 9 KB
2 KB 55ms
51ms Script
application/x-javascript 23.220.136.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC41e16e9b16d1408cbf43b5b2e7378738-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.220.136.244 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-220-136-244.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 9e127a551b1d872db037fb1c551f032ffb34217f160a6906918f720cae169575

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:05 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 1845
expires: Wed, 24 Jul 2024 12:33:05 GMT

GET
H2 200 RC448863e9e05a4b4880daa4a5fb7da328-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 358 B
485 B 54ms
52ms Script
application/x-javascript 23.220.136.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC448863e9e05a4b4880daa4a5fb7da328-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.220.136.244 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-220-136-244.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: c800888331e0e31f317acc8de442b6a71340d4f0d4f3db9dbb7f8e4b3172e84e

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:05 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 228
expires: Wed, 24 Jul 2024 12:33:05 GMT

GET
H2 200 RCa4add8b607f6404fbd2aba7ee4b9abad-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 703 B
684 B 56ms
54ms Script
application/x-javascript 23.220.136.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RCa4add8b607f6404fbd2aba7ee4b9abad-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.220.136.244 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-220-136-244.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: a98a9441db98144c6e8c4ab37c72e26786065a15dfb36a9231be938f76984c4f

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:05 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 426
expires: Wed, 24 Jul 2024 12:33:05 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 354 KB
117 KB 170ms
68ms Script
application/javascript 172.253.115.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-748285774&l=dataLayer

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.115.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

daca62c416db27f7a2d0f2ee342dcddee14b90b395daaac1679af0fec4a6b0a4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:05 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 119152
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 24 Jul 2024 11:33:05 GMT

GET
H2 200 RC06cd6a06a307489f80febc787462cb12-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 635 B
642 B 53ms
50ms Script
application/x-javascript 23.220.136.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC06cd6a06a307489f80febc787462cb12-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.220.136.244 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-220-136-244.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 0b2969b20d4b33763f23481f2dc0f0626a93fdd567798412bf891890047398a3

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:05 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 384
expires: Wed, 24 Jul 2024 12:33:05 GMT

GET
H/1.1 200
OK flyin-fortiguard-labs-outbreak-alerts-346x172.png
www.fortinet.com/content/dam/fortinet/images/promos/pzn/ 35 KB
37 KB 49ms
48ms Image
image/png 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.fortinet.com/content/dam/fortinet/images/promos/pzn/flyin-fortiguard-labs-outbreak-alerts-346x172.png

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

480e3b349655b6f17b20ec546c300957cad9ffd98b2d29be29db79422ededc52

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Wed, 24 Jul 2024 11:23:59 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Via: 1.1 fe40bff56d1483fa61dd95ff72f0b9c0.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
Age: 20429784
X-Vhost: publish
X-Cache: Hit from cloudfront
Connection: keep-alive
Content-Length: 36133
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 30 Nov 2023 00:50:15 GMT
Server: Apache
ETag: "8d25-60b5408ea5fc0"
X-Frame-Options: SAMEORIGIN
Content-Type: image/png
Cache-Control: max-age=684000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: tYPqdipE-m7bTHSkcH22egD7kQ5H_sPN3phnEASYJDOH0i_n1Q1u1w==

GET
H2 200 www.fortinet.com.json Show response
script.crazyegg.com/pages/data-scripts/0117/0786/site/ 1 KB
746 B 101ms
37ms XHR
application/json 104.19.148.8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://script.crazyegg.com/pages/data-scripts/0117/0786/site/www.fortinet.com.json?t=1
Requested by: Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0117/0786.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.19.148.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e23a04dc769dd89005fe5ef4017bb882e5c00e59079a533602e1c0ffb3781271

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:05 GMT
content-encoding: gzip
cf-cache-status: HIT
age: 97430
ce-version: 11.5.248
content-length: 474
last-modified: Tue, 23 Jul 2024 08:29:15 GMT
server: cloudflare
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: CE-Version
cache-control: public, max-age=300, s-maxage=1209600
accept-ranges: bytes
timing-allow-origin: *
cf-ray: 8a8397e71c35ab5d-YYZ

GET
H2 200 / Show response
c.6sc.co/ 7 B
194 B 49ms
46ms XHR
text/html 23.212.248.22
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://c.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.212.248.22 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-212-248-22.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:05 GMT
access-control-max-age: 86400
access-control-allow-methods: GET,POST
content-type: text/html
access-control-allow-origin: https://www.fortinet.com
access-control-allow-credentials: true
access-control-allow-headers: *
content-length: 7

GET
H2 200 / Show response
ipv6.6sc.co/ 4 B
282 B 147ms
42ms XHR
text/html 23.222.79.235
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://ipv6.6sc.co/
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.222.79.235 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-222-79-235.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:33:05 GMT
vary: Origin
content-type: text/html
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=0, no-cache, no-store
6si-ipv6: null
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1721820785773_400445415_472623384_22_985_44_58_219";dur=1
content-length: 4
expires: Wed, 24 Jul 2024 11:33:05 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 353ms
352ms Image
image/gif 23.212.248.22
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=19a6fa31-d9d6-4a5d-8afc-99f97a44f711&session=c6236651-c82f-4fff-84a9-1d4d329e8ec2&event=a_pageload&q=%7B%22pageLoadTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A33%3A05%20GMT%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20observed%20a%20stealer%20campaign%20spreading%20multiple%20files%20that%20exploit%20CVE-2024-21412%20to%20download%20malicious%20executable%20files.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&pageViewId=d9c42d6e-122f-4c1f-8b0a-1cfda9fced45&v=1.1.22

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.212.248.22 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-212-248-22.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:33:05 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Jul 2024 11:33:05 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 352ms
351ms Image
image/gif 23.212.248.22
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=19a6fa31-d9d6-4a5d-8afc-99f97a44f711&session=c6236651-c82f-4fff-84a9-1d4d329e8ec2&event=ni%3AasyncSettingsAudit&q=%7B%22settings%22%3A%22%5B%7B%5C%22name%5C%22%3A%5C%22enableEventTracking%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2011%3A33%3A05%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setToken%5C%22%2C%5C%22value%5C%22%3A%5C%225eeecf22b2d12a77a14639dce97b7a36%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2011%3A33%3A05%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEndpoint%5C%22%2C%5C%22value%5C%22%3A%5C%22b.6sc.co%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2011%3A33%3A05%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22enableCompanyDetails%5C%22%2C%5C%22value%5C%22%3A%5C%22true%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2011%3A33%3A05%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%2C%7B%5C%22name%5C%22%3A%5C%22setEpsilonKey%5C%22%2C%5C%22value%5C%22%3A%5C%227381d1d7c753fe2d8e217c3fdc44c0f17418dcc4%5C%22%2C%5C%22dateTime%5C%22%3A%5C%22Wed%2C%2024%20Jul%202024%2011%3A33%3A05%20GMT%5C%22%2C%5C%22timeSincePageLoad%5C%22%3A%5C%220%5C%22%7D%5D%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20observed%20a%20stealer%20campaign%20spreading%20multiple%20files%20that%20exploit%20CVE-2024-21412%20to%20download%20malicious%20executable%20files.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&pageViewId=d9c42d6e-122f-4c1f-8b0a-1cfda9fced45&v=1.1.22

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.212.248.22 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-212-248-22.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:33:05 GMT
x-content-type-options: nosniff
last-modified: Fri, 21 Feb 2020 18:57:20 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "5e502810-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Jul 2024 11:33:05 GMT

GET
H2 200 api.min.css
a.omappapi.com/app/js/ 10 KB
3 KB 145ms
45ms Stylesheet
text/css 37.19.207.34
CDN77 _

General

Check archive.org

Show headers Download Go to

Full URL: https://a.omappapi.com/app/js/api.min.css
Requested by: Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 37.19.207.34 Ashburn, United States, ASN60068 (CDN77 _, GB),
Reverse DNS: 37-19-207-34.bunnyinfra.net
Software: BunnyCDN-ASB1-925 /
Resource Hash: d97ea24841d9881b6b38caf9174e468db2c6a133cc325320d5720b0783a37d06

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:05 GMT
content-encoding: br
cdn-edgestorageid: 925
perma-cache: HIT
cdn-storageserver: NY-267
cdn-cachedat: 07/24/2024 11:33:05
cdn-pullzone: 293267
last-modified: Wed, 10 Jul 2024 18:34:15 GMT
server: BunnyCDN-ASB1-925
cdn-fileserver: 388
cdn-requestpullcode: 200
cdn-proxyver: 1.04
etag: W/"668ed427-2644"
vary: Accept-Encoding, Accept-Encoding
content-type: text/css
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: efcab737-66db-4b75-ab55-ed485d5a01dd
access-control-expose-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cache-control: public, max-age=31919000
cdn-requestid: 3945d907d3b587b121a2040d771cea04
cdn-requestcountrycode: CA
access-control-allow-headers: Server, x-goog-meta-frames, Content-Length, Content-Type, Range, X-Requested-With, If-Modified-Since, If-None-Match
cdn-status: 200
cdn-requestpullsuccess: True

GET
H2 401 39852 Show response
api.omappapi.com/v2/embed/ 165 B
592 B 133ms
55ms XHR
application/json 172.66.42.248
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.omappapi.com/v2/embed/39852?d=fortinet.com
Requested by: Host: a.opmnstr.com
URL: https://a.opmnstr.com/app/js/api.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 172.66.42.248 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: b934ce9883949e7bceb88fa78a354125eefc85715f7e54da8ff529c94ebab0fe

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:05 GMT
via: 1.1 24aa8e324e88674354627a7e613effec.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
x-cache-config: 0 0
x-amz-cf-pop: YTO50-C3
x-cache: Error from cloudfront
content-length: 165
x-user-agent: standard--
server: cloudflare
vary: Accept-Encoding, User-Agent
content-type: application/json
access-control-allow-origin: *
cache-control: public, max-age=120, stale-while-revalidate=1800
cf-ray: 8a8397e76ff6ab3a-YYZ
access-control-allow-headers: X-CSRF-Token
x-amz-cf-id: ImWQ0A8RmRmRzPybH9sV08L8BanuVw67B1WLQ5Dj0TE2N0Ieccanvg==
expires: Wed, 24 Jul 2024 11:33:51 GMT

GET
H2 200 tracking.js Show response
trk.techtarget.com/ 3 KB
2 KB 130ms
54ms Script
text/javascript 172.64.151.60
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://trk.techtarget.com/tracking.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.64.151.60 San Francisco, United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0; includeSubDomains; preload

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:05 GMT
via: 1.1 google
content-encoding: br
cf-cache-status: HIT
cf-bgj: minify
last-modified: Tue, 13 Dec 2022 15:01:39 GMT
strict-transport-security: max-age=0; includeSubDomains; preload
age: 9774
server: cloudflare
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=1200
cf-ray: 8a8397e76a6339e7-YYZ
expires: Wed, 24 Jul 2024 11:53:05 GMT

GET
H/1.1 200
OK tag.js Show response
abm-tracking.demandscience.com/ 2 KB
2 KB 314ms
101ms Script
application/javascript 52.32.164.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://abm-tracking.demandscience.com/tag.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.32.164.86 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-32-164-86.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: 701769ec99138974c12369fd4acf65a7f99e9a1becbab1e16a89be9859aafc9f

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Wed, 24 Jul 2024 11:33:05 GMT
Last-Modified: Thu, 09 May 2024 12:00:49 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"82b-18f5d3a3d78"
Content-Type: application/javascript; charset=UTF-8
Cache-Control: public, max-age=0
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 2091

GET
H2 200 wid.tracker.js Show response
tmp.argusplatform.com/js/ 8 KB
3 KB 1392ms
171ms Script
text/javascript 13.107.246.40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://tmp.argusplatform.com/js/wid.tracker.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

13.107.246.40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

b697c4c8e7c22fa7e18ccef66c1bda6610f19ec8c7d1c60fb3696db54ea5362e

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preloadmax-age=31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:07 GMT
content-encoding: br
referrer-policy: same-origin
strict-transport-security: max-age=10886400; includeSubDomains; preloadmax-age=31536000
last-modified: Sat, 08 Jun 2024 11:51:22 GMT
x-content-type-options: nosniff
etag: "28476869"
vary: Accept-Encoding
x-dns-prefetch-control: off
content-type: text/javascript
x-azure-ref: 20240724T113306Z-16b7b6c7db7hp6z5754pu5ydgn00000000g00000000071w3
x-cache: CONFIG_NOCACHE
cache-control: public, must-revalidate, max-age=30
x-xss-protection: 1; mode=block

GET
H/1.1 200
OK js Show response
pixel.mathtag.com/event/ 161 B
712 B 396ms
45ms Script
text/javascript 216.200.232.253
PAEDAE-INC

General

Check archive.org

Show headers Download Go to

Full URL

https://pixel.mathtag.com/event/js?mt_id=1629896&mt_adid=260855&mt_exem=&mt_excl=&v2=&v3=&s1=&s2=&s3=&v1=en:blog:threat-research:exploiting-cve-2024-21412-stealer-campaign-unleashed

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

216.200.232.253 Frederick, United States, ASN30419 (PAEDAE-INC, US),

Reverse DNS

Software

MT3 1637 26565ec master ord ord-pixel-x56 config_version:"1994" /

Resource Hash

98192c2b3bfd0e66cff07b8ba31ff42de9182144d3e21b9ca258f13da96ee457

Security Headers

Name	Value
Strict-Transport-Security	31536000
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Wed, 24 Jul 2024 11:33:06 GMT
Strict-Transport-Security: 31536000
Referrer-Policy: strict-origin
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Server: MT3 1637 26565ec master ord ord-pixel-x56 config_version:"1994"
X-Permitted-Cross-Domain-Policies: all
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Access-Control-Allow-Origin: *
Content-Type: text/javascript
Cache-Control: no-cache
Cross-Origin-Resource-Policy: cross-origin
Connection: close
X-XSS-Protection: 0

GET
H/1.1 200
OK footer-links.json Show response
www.fortinet.com/content/dam/fortinet-blog/ 310 KB
36 KB 51ms
50ms XHR
application/json 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/content/dam/fortinet-blog/footer-links.json

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/etc.clientlibs/fortinet-blog/clientlibs/clientlib-base.min.ba4f082a77dabb2c6baf715d9eb61c22.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

9c2bfadf1fe546bd3872bf81e8477e95faff0104f3b9b888bc47cff4ffe88a36

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept: application/json, text/javascript, */*; q=0.01
Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher1uswest1-28559594
Date: Tue, 23 Jul 2024 19:13:24 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Encoding: gzip
Via: 1.1 8a66d5eadee9b730a388e117efe2af72.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
X-Vhost: publish
X-Cache: Hit from cloudfront
Age: 493677
Connection: keep-alive
Content-Length: 35378
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 18 Jul 2024 18:24:37 GMT
Server: Apache
ETag: "4d8dc-61d89b0f78340-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: application/json
Accept-Ranges: bytes
X-Amz-Cf-Id: dtB8qbfhlDKNznUaVGNRSgIBRKh1unrzu5calX1B2GUUSS2-HmEk3Q==

GET
H/1.1 200
OK unifiedPixel Show response
tr.outbrain.com/ 53 B
321 B 1160ms
45ms Fetch
image/gif 64.202.112.159
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.outbrain.com/unifiedPixel?au=false&bust=0056227160526547415&referrer=&cht=ot&marketerId=00ad3119690e692fd6990245f9741ea8f1&name=PAGE_VIEW&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&g=0&obApiVersion=1.1&obtpVersion=2.0.5

Requested by

Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

64.202.112.159 , United States, ASN22075 (AS-OUTBRAIN, US),

Reverse DNS

ny.outbrain.com

Software

Resource Hash

b51f3497b0a65f1e1e87e75f5e7e823d871c23bcf76a5ee4101783c8f939e553

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:06 GMT
cache-control: no-cache
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-traceid: cce56879af81945ef8d193a32cf76d3b
content-length: 54
content-type: image/gif;

GET
H/1.1 200
OK cachedClickId Show response
tr.outbrain.com/ 35 B
293 B 1200ms
39ms Script
application/javascript 64.202.112.159
AS-OUTBRAIN

General

Check archive.org

Show headers Download Go to

Full URL

https://tr.outbrain.com/cachedClickId?marketerId=00ad3119690e692fd6990245f9741ea8f1

Requested by

Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

64.202.112.159 , United States, ASN22075 (AS-OUTBRAIN, US),

Reverse DNS

ny.outbrain.com

Software

Resource Hash

1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:06 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-traceid: 0e5e09564a8d5696844f490706b8119e
content-length: 39
content-type: application/javascript

GET
H/1.1 200
OK 00ad3119690e692fd6990245f9741ea8f1 Show response
wave.outbrain.com/mtWavesBundler/handler/ 2 B
516 B 1197ms
65ms Script
text/html 23.220.137.92
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://wave.outbrain.com/mtWavesBundler/handler/00ad3119690e692fd6990245f9741ea8f1

Requested by

Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

23.220.137.92 Ashburn, United States, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a23-220-137-92.deploy.static.akamaitechnologies.com

Software

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
Content-Encoding: gzip
Date: Wed, 24 Jul 2024 11:33:06 GMT
ob-sent-time: 1721779125759
ETag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
Vary: Accept-Encoding
Content-Type: text/html; charset=utf-8
Access-Control-Allow-Origin: *
X-RG: NA
Cache-Control: max-age=60
X-CC: CA
Connection: keep-alive
x-traceid: 21b9ca85ac27edf64db310ca0e91a4f2
Content-Length: 22
Expires: Wed, 24 Jul 2024 11:34:06 GMT

GET
H/1.1 200
OK topics Show response
amplify.outbrain.com/ 26 B
301 B 122ms
40ms Fetch
text/html 23.220.137.92
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://amplify.outbrain.com/topics
Requested by: Host: amplify.outbrain.com
URL: https://amplify.outbrain.com/cp/obtp.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.220.137.92 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-220-137-92.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 6d0291f90718dc0537f65dc6a4f68d8e75f0a8a3a0b62836d9cf41350ecaf552

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Date: Wed, 24 Jul 2024 11:33:05 GMT
Observe-Browsing-Topics: ?1
Content-Type: text/html
Access-Control-Allow-Origin: *
X-RG: NA
Cache-Control: max-age=1200
X-CC: CA
Connection: keep-alive
Content-Length: 26
Expires: Wed, 24 Jul 2024 11:53:05 GMT

GET
H2 200 17532650.js Show response
bat.bing.com/p/action/ 334 B
406 B 68ms
65ms Script
application/javascript 204.79.197.237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/17532650.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

204.79.197.237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

c64cddc349202defdca8bcf51d8a905d5f8810cc76f08c1e6561800f1dd5708a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
date: Wed, 24 Jul 2024 11:33:05 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5A89076DCA0646EE8248C2E2AF53364D Ref B: YTO01EDGE0508 Ref C: 2024-07-24T11:33:05Z
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
cache-control: private,max-age=1800

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 245 KB
87 KB 68ms
66ms Script
application/javascript 172.253.115.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-662878185&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-748285774&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.115.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

3cb0ec69b2c8d9fd0562a0573c6e197ebfffe5e0130a36afcabf14ff7794b3e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:05 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 88479
x-xss-protection: 0
last-modified: Wed, 24 Jul 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 24 Jul 2024 11:33:05 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 210 KB
76 KB 61ms
59ms Script
application/javascript 172.253.115.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-10050195&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-748285774&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.115.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

4ddd640f0c52ac4be32250b4b1659062f4d59c88c55af845614e41e792328cda

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:05 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 77287
x-xss-protection: 0
last-modified: Wed, 24 Jul 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 24 Jul 2024 11:33:05 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 226 KB
81 KB 118ms
117ms Script
application/javascript 172.253.115.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-609297413&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-748285774&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.115.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

85bc8f46e2971aa1d27f9bbc7c90c6dfabaa1f9efd62f1b233d502de5c28a4d7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:05 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 83280
x-xss-protection: 0
last-modified: Wed, 24 Jul 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 24 Jul 2024 11:33:05 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 237 KB
84 KB 106ms
105ms Script
application/javascript 172.253.115.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-729495989&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-748285774&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.115.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

21363f7dcb6a74dffdc50b0b62ba538281612396ed1a8f738d7b70f7a812604b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:05 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 86199
x-xss-protection: 0
last-modified: Wed, 24 Jul 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 24 Jul 2024 11:33:05 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 312 KB
103 KB 154ms
154ms Script
application/javascript 172.253.115.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-JH142QCQCJ&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-748285774&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

172.253.115.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

1dde2ab5816ee8b43f14ff352140279bf74aefd5054d5130053c949f4abc0d54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:05 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 105643
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Wed, 24 Jul 2024 11:33:05 GMT

GET
H2 200 details Show response
epsilon.6sense.com/v3/company/ 755 B
715 B 133ms
52ms XHR
application/json 76.223.9.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Requested by: Host: j.6sc.co
URL: https://j.6sc.co/6si.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.9.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash: 3cbadfa4978733bd5be49491780ee3fdcf1255dcfd09ebbaec113c1ddd256c5c

Request headers

Referer: https://www.fortinet.com/
Authorization: Token 7381d1d7c753fe2d8e217c3fdc44c0f17418dcc4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
X-6s-CustomID: WebTag1.0 5eeecf22b2d12a77a14639dce97b7a36

Response headers

x-trace-id: 6130450679954423069
date: Wed, 24 Jul 2024 11:33:06 GMT
content-encoding: gzip
server: nginx
vary: Origin, Accept-Encoding
content-type: application/json
x-6si-region: us-east-1a
access-control-allow-origin: https://www.fortinet.com
access-control-expose-headers: X-6si-Region
access-control-allow-credentials: true
timing-allow-origin: https://6sense.com, https://www.ssga.com
content-length: 396

OPTIONS
H2 200 details
epsilon.6sense.com/v3/company/ Frame 0
0 138ms
51ms Preflight 76.223.9.105
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://epsilon.6sense.com/v3/company/details
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 76.223.9.105 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ac3ff6aafb2cddae2.awsglobalaccelerator.com
Software: nginx /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,x-6s-customid
Access-Control-Request-Method: GET
Origin: https://www.fortinet.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: authorization,x-6s-customid
access-control-allow-methods: OPTIONS,GET
access-control-allow-origin: https://www.fortinet.com
access-control-expose-headers: X-6si-Region
access-control-max-age: 1800
date: Wed, 24 Jul 2024 11:33:06 GMT
server: nginx
timing-allow-origin: https://6sense.com, https://www.ssga.com
x-6si-region: us-east-1a
x-trace-id: 1432828598977046919

GET gif.gif
ibc-flow.techtarget.com/a/ 0
0

OPTIONS
H2 200 gif.gif
ibc-flow.techtarget.com/a/ Frame 0
0 141ms
61ms Preflight
text/html 34.111.208.231
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1247773&r=1721820785938&ref=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&version=2.4
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.111.208.231 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 231.208.111.34.bc.googleusercontent.com
Software: nginx/1.20.2 /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: ibc_rate_tier
Access-Control-Request-Method: GET
Origin: https://www.fortinet.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: ibc_header,ibc_rate_tier,User-Agent,X-Requested-With,Cache-Control,Content-Type,Range
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Wed, 24 Jul 2024 11:33:06 GMT
expires: Wed, 24 Jul 2024 11:33:06 GMT
server: nginx/1.20.2
vary: Origin
via: 1.1 google
x-guploader-uploadid: AHxI1nNhJ5Vqr0NhIgYoCWC5xvOeFMavFz-w5GthwY6xi392g7FcUuzCt90QZG7Wb0mjiOavrbc

GET
H2 204 0
bat.bing.com/action/ 0
362 B 69ms
68ms Image
text/plain 204.79.197.237
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://bat.bing.com/action/0?ti=17532650&tm=al001&Ver=2&mid=cc38109b-a85a-455a-aa21-549f2503a772&sid=7ea263e049b011ef8f9c1900ae0d6d62&vid=7ea27ee049b011efac7f75b9004e2403&vids=1&msclkid=N&pi=918639831&lg=en-CA&sw=1600&sh=1200&sc=24&tl=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&p=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&r=&lt=1032&pt=1721820783508,,,,,0,2,2,2,281,51,283,337,392,378,1017,1017,1032,,,&pn=0,0&evt=pageLoad&sv=1&cdb=AQET&rn=7919

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

204.79.197.237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 24 Jul 2024 11:33:05 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 45C1D246B837456F8F03D84D631A9B74 Ref B: YTO01EDGE0508 Ref C: 2024-07-24T11:33:05Z
x-cache: CONFIG_NOCACHE
access-control-allow-origin: *
cache-control: no-cache, must-revalidate
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 activity;src=10050195;npa=0;auiddc=1040172418.1721820786;ps=1;pcor=33135042;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe47h0v9185241837za200zb9123037237;gcd=13l3l3l3l1;d...
ad.doubleclick.net/ 42 B
65 B 229ms
170ms Image
image/gif 172.253.122.149
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ad.doubleclick.net/activity;src=10050195;npa=0;auiddc=1040172418.1721820786;ps=1;pcor=33135042;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe47h0v9185241837za200zb9123037237;gcd=13l3l3l3l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed?

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f149.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:33:06 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET activity;register_conversion=1;src=10050195;npa=0;auiddc=1040172418.1721820786;ps=1;pcor=33135042;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe47h0v9185241837za200zb91230...
ad.doubleclick.net/ 0
0

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/662878185/ 3 KB
1 KB 158ms
63ms Script
text/javascript 172.253.122.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/662878185/?random=1721820786044&cv=11&fst=1721820786044&bg=ffffff&guid=ON&async=1&gtm=45be47h0v887005625za200zb9123037237&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&hn=www.googleadservices.com&frm=0&tiba=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=1040172418.1721820786&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-662878185&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f155.1e100.net

Software

cafe /

Resource Hash

95489af8d2ac0d1075abe17ed52592e77145a5419d532e71e5f6a7103761868b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:33:06 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1452
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 fp.min.js Show response
cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/ 33 KB
15 KB 436ms
26ms Script
application/javascript 151.101.1.229
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/npm/@fingerprintjs/fingerprintjs@3/dist/fp.min.js

Requested by

Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.1.229 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Resource Hash

99dc3803d1f19c8103f79f834044b2afd4c8af5b7927efbd36b1052d528b40ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
date: Wed, 24 Jul 2024 11:33:06 GMT
x-content-type-options: nosniff
content-encoding: br
age: 42044
x-jsd-version: 3.4.2
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
content-length: 15023
x-served-by: cache-fra-etou8220049-FRA, cache-yyz4526-YYZ
x-jsd-version-type: version
etag: W/"83f4-k1lBXMQZh0ZUAAhwylRSOHXBLBY"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 site-visitors Show response
intentstream.contanuity.com/api/ 115 B
374 B 101ms
101ms Fetch
application/json 44.226.187.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://intentstream.contanuity.com/api/site-visitors?pageIdentifier=fortinet_2712

Requested by

Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.226.187.177 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-226-187-177.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

930494fef37c0c702073ceeddd12da067bba2824f8eba39e1f9a3c5332bec6b6

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubdomains

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
x-pixel-auth: true

Response headers

date: Wed, 24 Jul 2024 11:30:44 GMT
strict-transport-security: max-age=15724800; includeSubdomains
server: nginx
vary: origin
content-type: application/json; charset=utf-8
access-control-allow-origin: https://www.fortinet.com
access-control-expose-headers: WWW-Authenticate,Server-Authorization
cache-control: no-cache
accept-ranges: bytes
content-length: 115

OPTIONS
H2 200 site-visitors
intentstream.contanuity.com/api/ Frame 0
0 1322ms
97ms Preflight 44.226.187.177
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://intentstream.contanuity.com/api/site-visitors?pageIdentifier=fortinet_2712

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

44.226.187.177 Boardman, United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-44-226-187-177.us-west-2.compute.amazonaws.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15724800; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: x-pixel-auth
Access-Control-Request-Method: GET
Origin: https://www.fortinet.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Accept,Authorization,Content-Type,If-None-Match,x-pixel-auth
access-control-allow-methods: GET
access-control-allow-origin: https://www.fortinet.com
access-control-expose-headers: WWW-Authenticate,Server-Authorization
access-control-max-age: 86400
cache-control: no-cache
content-length: 0
date: Wed, 24 Jul 2024 11:30:44 GMT
server: nginx
strict-transport-security: max-age=15724800; includeSubdomains

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/609297413/ 3 KB
1 KB 93ms
62ms Script
text/javascript 172.253.122.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/609297413/?random=1721820786109&cv=11&fst=1721820786109&bg=ffffff&guid=ON&async=1&gtm=45be47h0za200zb9123037237&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&hn=www.googleadservices.com&frm=0&tiba=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=1040172418.1721820786&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-609297413&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f155.1e100.net

Software

cafe /

Resource Hash

d7e3e3eedae1cf7993e3ba97dd668fe79d1f1e98d3b691ca78bf852b325dfe70

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:33:06 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1441
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
googleads.g.doubleclick.net/pagead/viewthroughconversion/729495989/ 3 KB
1 KB 63ms
62ms Script
text/javascript 172.253.122.155
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/729495989/?random=1721820786147&cv=11&fst=1721820786147&bg=ffffff&guid=ON&async=1&gtm=45be47h0za200zb9123037237&gcd=13l3l3l3l1&dma=0&tag_exp=95250753&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&hn=www.googleadservices.com&frm=0&tiba=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=1040172418.1721820786&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view&rfmt=3&fmt=4

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-729495989&l=dataLayer&cx=c

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.122.155 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bh-in-f155.1e100.net

Software

cafe /

Resource Hash

9c8f97e1ba30315a15a5234ca04917637a554fc9aa391b89e4d0fd1d2662f550

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:33:06 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1452
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
www.google-analytics.com/g/ 0
0 158ms
52ms Fetch
text/plain 142.251.179.139
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://www.google-analytics.com/g/collect?v=2&tid=G-JH142QCQCJ&gtm=45je47h0v893708426za200zb9123037237&_p=1721820785321&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=95250753&cid=973419236.1721820786&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1721820786&sct=1&seg=0&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&dt=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=2718&_z=fetch
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-JH142QCQCJ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 142.251.179.139 Farmingdale, United States, ASN15169 (GOOGLE, US),
Reverse DNS: pd-in-f139.1e100.net
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:33:06 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.fortinet.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/609297413/ 42 B
64 B 150ms
57ms Image
image/gif 172.253.115.105
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/609297413/?random=1721820786109&cv=11&fst=1721818800000&bg=ffffff&guid=ON&async=1&gtm=45be47h0za200zb9123037237&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&hn=www.googleadservices.com&frm=0&tiba=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=1040172418.1721820786&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDaQooLkqG0LtIMRn19ilJKncTTOV05EWIYrA&random=1430679212&rmt_tld=0&ipr=y

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.105 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f105.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:33:06 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/609297413/ 42 B
64 B 150ms
61ms Image
image/gif 172.253.115.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/609297413/?random=1721820786109&cv=11&fst=1721818800000&bg=ffffff&guid=ON&async=1&gtm=45be47h0za200zb9123037237&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&hn=www.googleadservices.com&frm=0&tiba=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=1040172418.1721820786&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDaQooLkqG0LtIMRn19ilJKncTTOV05EWIYrA&random=1430679212&rmt_tld=1&ipr=y

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:33:06 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/662878185/ 42 B
64 B 147ms
58ms Image
image/gif 172.253.115.105
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/662878185/?random=1721820786044&cv=11&fst=1721818800000&bg=ffffff&guid=ON&async=1&gtm=45be47h0v887005625za200zb9123037237&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&hn=www.googleadservices.com&frm=0&tiba=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=1040172418.1721820786&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDaQooLQ-f46FyWDUhWeR_krkRu_uTNGoN8MQ&random=3943782496&rmt_tld=0&ipr=y

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.105 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f105.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:33:06 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/662878185/ 42 B
64 B 143ms
58ms Image
image/gif 172.253.115.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/662878185/?random=1721820786044&cv=11&fst=1721818800000&bg=ffffff&guid=ON&async=1&gtm=45be47h0v887005625za200zb9123037237&gcd=13l3l3l3l1&dma=0&tag_exp=0&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&hn=www.googleadservices.com&frm=0&tiba=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=1040172418.1721820786&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDaQooLQ-f46FyWDUhWeR_krkRu_uTNGoN8MQ&random=3943782496&rmt_tld=1&ipr=y

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:33:06 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.com/pagead/1p-user-list/729495989/ 42 B
64 B 144ms
61ms Image
image/gif 172.253.115.105
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/pagead/1p-user-list/729495989/?random=1721820786147&cv=11&fst=1721818800000&bg=ffffff&guid=ON&async=1&gtm=45be47h0za200zb9123037237&gcd=13l3l3l3l1&dma=0&tag_exp=95250753&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&hn=www.googleadservices.com&frm=0&tiba=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=1040172418.1721820786&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDaQooL7ifScDQYSsUYi0-CD-rs6hgsZudL8Q&random=903339776&rmt_tld=0&ipr=y

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.105 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f105.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:33:06 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 /
www.google.ca/pagead/1p-user-list/729495989/ 42 B
64 B 138ms
60ms Image
image/gif 172.253.115.94
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.ca/pagead/1p-user-list/729495989/?random=1721820786147&cv=11&fst=1721818800000&bg=ffffff&guid=ON&async=1&gtm=45be47h0za200zb9123037237&gcd=13l3l3l3l1&dma=0&tag_exp=95250753&u_w=1600&u_h=1200&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&hn=www.googleadservices.com&frm=0&tiba=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&npa=0&pscdl=noapi&auid=1040172418.1721820786&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&fdr=QA&data=event%3Dpage_view&rfmt=3&fmt=3&is_vtc=1&cid=CAQSGwDaQooL7ifScDQYSsUYi0-CD-rs6hgsZudL8Q&random=903339776&rmt_tld=1&ipr=y

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.94 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f94.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:33:06 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 s77422416509334
metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.26.0-LDQM/ 43 B
373 B 144ms
49ms Image
image/gif 63.140.38.55
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://metrics.fortinet.com/b/ss/fortinetincproduction/1/JS-2.26.0-LDQM/s77422416509334?AQB=1&ndh=1&pf=1&t=24%2F6%2F2024%204%3A33%3A6%203%20420&sdid=3794A9BCD5B8BB4D-787F6E09C54AE205&mid=52448419684402088922322882776571625282&aamlh=7&ce=UTF-8&pageName=en%3Ablog%3Athreat-research%3Aexploiting-cve-2024-21412-stealer-campaign-unleashed&g=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&cc=USD&aamb=6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y&v1=www.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&c7=Entire%20Site&c8=New&v25=52448419684402088922322882776571625282&v27=BLOG&v33=en%3Ablog%3Athreat-research%3Aexploiting-cve-2024-21412-stealer-campaign-unleashed&v35=Enabled&v92=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&v106=New%20York%20City&v107=New%20York&v108=United%20States&v126=NA&s=1600x1200&c=24&j=1.6&v=N&k=Y&bw=1600&bh=1200&mcorgid=ED8739F75677FE917F000101%40AdobeOrg&AQE=1

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.38.55 , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ip-63-140-38-55.data.adobedc.net

Software

jag /

Resource Hash

a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:33:06 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
last-modified: Thu, 25 Jul 2024 11:33:06 GMT
server: jag
etag: 3697581984651280384-4618531859843573519
vary: *
p3p: CP="This is not a P3P policy"
access-control-allow-origin: *
content-type: image/gif;charset=utf-8
cache-control: no-cache, no-store, max-age=0, no-transform, private
content-length: 43
x-xss-protection: 1; mode=block
expires: Tue, 23 Jul 2024 11:33:06 GMT

GET
H/1.1 200
OK https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed Show response
abm-tracking.demandscience.com/page-tracking/fortinet_2712/ 2 B
665 B 99ms
99ms Script
application/json 52.32.164.86
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://abm-tracking.demandscience.com/page-tracking/fortinet_2712/https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed?visitorId=a6bfe9c5e94d822489c8c4c06d71dd1f_1721820786694&&clientId=undefined&&cookieEnabled=true
Requested by: Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 52.32.164.86 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-52-32-164-86.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 24 Jul 2024 11:33:06 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Content-Length: 2
Expires: -1

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 95ms
95ms Image
image/gif 23.212.248.22
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=19a6fa31-d9d6-4a5d-8afc-99f97a44f711&session=c6236651-c82f-4fff-84a9-1d4d329e8ec2&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A33%3A06%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A33%3A05%20GMT%22%2C%22timeSpent%22%3A%221006%22%2C%22totalTimeSpent%22%3A%221006%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20observed%20a%20stealer%20campaign%20spreading%20multiple%20files%20that%20exploit%20CVE-2024-21412%20to%20download%20malicious%20executable%20files.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&pageViewId=d9c42d6e-122f-4c1f-8b0a-1cfda9fced45&v=1.1.22

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.212.248.22 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-212-248-22.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:33:06 GMT
x-content-type-options: nosniff
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Jul 2024 11:33:06 GMT

GET
H/1.1 200
OK tracking Show response
tracking.contanuity.com/ 2 B
769 B 1376ms
106ms Script
application/json 54.203.236.163
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tracking.contanuity.com/tracking?visitorId=a6bfe9c5e94d822489c8c4c06d71dd1f_1721820786694&&clientId=undefined&&cookieEnabled=true
Requested by: Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 54.203.236.163 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-54-203-236-163.us-west-2.compute.amazonaws.com
Software: nginx/1.18.0 (Ubuntu) / Express
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 24 Jul 2024 11:33:08 GMT
Server: nginx/1.18.0 (Ubuntu)
X-Powered-By: Express
ETag: W/"2-vyGp6PvFo4RvsFtPoIWeCReyIC8"
Access-Control-Allow-Methods: GET, POST, OPTIONS, PUT, PATCH, DELETE
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: private, no-cache, no-store, must-revalidate
Connection: keep-alive
Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization
Content-Length: 2
Expires: -1

GET
H2 401 / Show response
pixels.argusplatform.com/wh/track/ 205 B
468 B 1064ms
395ms XHR
application/json 13.107.246.40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://pixels.argusplatform.com/wh/track/?site_id=C6AC00C8269540D0ABFF19F1B5558B6D&visitor_id=1721820787619477472&event_type=page_request&timestamp=1721820787&page_title=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&page_url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&page_url_referer=

Requested by

Host: tmp.argusplatform.com
URL: https://tmp.argusplatform.com/js/wid.tracker.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

13.107.246.40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

2ed114345dab0a74e1c81b100e3db108ff86464854f3159d005fac67413454b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 24 Jul 2024 11:33:08 GMT
strict-transport-security: max-age=31536000
request-context: appId=cid-v1:ead16ead-3a47-42dd-aec9-91a1bbb42ff5
x-azure-ref: 20240724T113307Z-16b7b6c7db7j5n7gache3cstcg00000005q0000000007px8
x-cache: CONFIG_NOCACHE
content-type: application/json; charset=utf-8

GET
H3 200 gtm.js Show response
www.googletagmanager.com/ 178 KB
64 KB 62ms
62ms Script
application/javascript 172.253.115.97
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-M4NSPPXN

Requested by

Host: abm-tracking.demandscience.com
URL: https://abm-tracking.demandscience.com/tag.js

Protocol

Security

QUIC, , AES_128_GCM

Server

172.253.115.97 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bg-in-f97.1e100.net

Software

Google Tag Manager /

Resource Hash

505748d8fab10e86f43782b89c05ccbdb2870326077adf7202326ecc07617b92

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:07 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66003
x-xss-protection: 0
last-modified: Wed, 24 Jul 2024 09:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Wed, 24 Jul 2024 11:33:07 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
258 B 53ms
52ms Image
image/gif 23.212.248.22
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=19a6fa31-d9d6-4a5d-8afc-99f97a44f711&session=c6236651-c82f-4fff-84a9-1d4d329e8ec2&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A33%3A07%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A33%3A06%20GMT%22%2C%22timeSpent%22%3A%221004%22%2C%22totalTimeSpent%22%3A%222010%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20observed%20a%20stealer%20campaign%20spreading%20multiple%20files%20that%20exploit%20CVE-2024-21412%20to%20download%20malicious%20executable%20files.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&pageViewId=d9c42d6e-122f-4c1f-8b0a-1cfda9fced45&v=1.1.22

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.212.248.22 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-212-248-22.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:33:07 GMT
x-content-type-options: nosniff
last-modified: Sat, 05 Jun 2021 07:56:05 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "60bb2e15-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Jul 2024 11:33:07 GMT

GET

usersync
tracking.contanuity.com/
Redirect Chain

https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=a6bfe9c5e94d822489c8c4c06d71dd1f_1721820786694
https://match.prod.bidr.io/cookie-sync/contanuity?buyer_user_id=a6bfe9c5e94d822489c8c4c06d71dd1f_1721820786694&_bee_ppp=1
https://tracking.contanuity.com/usersync?bwcookie=AACa-E7NQc0AABSlH40N0w

0
0

GET
H2 200 RC190d282f2b9c4848b2ea08ca5751fa40-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 2 KB
1013 B 65ms
64ms Script
application/x-javascript 23.220.136.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC190d282f2b9c4848b2ea08ca5751fa40-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.220.136.244 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-220-136-244.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 37fd820b496a40f0f5783b425ed0c873d7913a576c0f246e869c5a2be58f787e

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:08 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 755
expires: Wed, 24 Jul 2024 12:33:08 GMT

GET
H2 200 RC7be3d22b2fd6487ca9390477738587fe-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 819 B
758 B 65ms
63ms Script
application/x-javascript 23.220.136.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC7be3d22b2fd6487ca9390477738587fe-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.220.136.244 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-220-136-244.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: c1ccdda10c297d3aeedbe2fa72700c5f49bdf9e102090c2d62775ec3c964e078

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:08 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 501
expires: Wed, 24 Jul 2024 12:33:08 GMT

GET
H2 200 RC407b573180554ea6b11eecdc31ecbd3f-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 819 B
756 B 66ms
65ms Script
application/x-javascript 23.220.136.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC407b573180554ea6b11eecdc31ecbd3f-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.220.136.244 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-220-136-244.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 985071e89e5076c1b93d2b9ba507a2e890236ef8e3eaea519c7b2bc364cf84df

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:08 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 498
expires: Wed, 24 Jul 2024 12:33:08 GMT

GET
H2 200 RC1d92f04752ae42a38e54de48cb85adf4-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 661 B
649 B 69ms
68ms Script
application/x-javascript 23.220.136.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC1d92f04752ae42a38e54de48cb85adf4-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.220.136.244 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-220-136-244.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: f41e718277c296a77a6259da8cadd84b5f195d21ea0a6eb36442de9217613c2f

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:08 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 391
expires: Wed, 24 Jul 2024 12:33:08 GMT

GET
H2 200 RCf940460311f349b5af69d075bdef61d4-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 368 B
493 B 65ms
64ms Script
application/x-javascript 23.220.136.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RCf940460311f349b5af69d075bdef61d4-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.220.136.244 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-220-136-244.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: ec425cce7010294e5d2601a098dabc3e75536351f58e07ada250c8642934fb8d

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:08 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 235
expires: Wed, 24 Jul 2024 12:33:08 GMT

GET
H2 200 RCcb6e8e438d1741e6854bf3a039a2565a-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 754 B
705 B 66ms
65ms Script
application/x-javascript 23.220.136.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RCcb6e8e438d1741e6854bf3a039a2565a-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.220.136.244 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-220-136-244.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: b5b4fea0f2608d0f0cafdee0e2b00ae659b091c6d18eda7fe291e636ba3f353c

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:08 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 447
expires: Wed, 24 Jul 2024 12:33:08 GMT

GET
H2 200 RCbbd24be21a0f4115a18f29bb3fee2a7a-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 2 KB
971 B 63ms
63ms Script
application/x-javascript 23.220.136.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RCbbd24be21a0f4115a18f29bb3fee2a7a-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.220.136.244 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-220-136-244.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 4b1dfdf84f81ccef7d37fc96dfd2358c87a40a04b20f063179f2c87fc1d3d382

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:08 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 713
expires: Wed, 24 Jul 2024 12:33:08 GMT

GET
H2 200 RCf5bd1991cad84a7294a7b609189a1fa5-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 1021 B
857 B 63ms
63ms Script
application/x-javascript 23.220.136.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RCf5bd1991cad84a7294a7b609189a1fa5-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.220.136.244 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-220-136-244.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 59faeec7cd3ce8eba6b26823c7dd41512a380a8c3329aa0ae0270a72f4645d08

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:08 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 600
expires: Wed, 24 Jul 2024 12:33:08 GMT

GET
H2 200 RCcd84e40d19c24776bef77836ab2f8df6-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 819 B
758 B 141ms
139ms Script
application/x-javascript 23.220.136.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RCcd84e40d19c24776bef77836ab2f8df6-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.220.136.244 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-220-136-244.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 3f57193ed9b7928c36cb710ac6a4af1583023f928914c094db4995420f7e3a54

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:08 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 501
expires: Wed, 24 Jul 2024 12:33:08 GMT

GET
H2 200 RC4daaa3cd330f4ee2934602a98dab7c5f-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 388 B
499 B 140ms
139ms Script
application/x-javascript 23.220.136.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC4daaa3cd330f4ee2934602a98dab7c5f-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.220.136.244 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-220-136-244.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 09edcbeb6bb1f2361271a99cb3369ee93e55c21a4985d8f5cfed37af10d6729d

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:08 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 242
expires: Wed, 24 Jul 2024 12:33:08 GMT

GET
H2 200 RC17482cd8da9b4802a76d2f1e017d90ab-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 1 KB
779 B 147ms
146ms Script
application/x-javascript 23.220.136.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC17482cd8da9b4802a76d2f1e017d90ab-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.220.136.244 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-220-136-244.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: fcce7b7353be95b84f177e00cd497eb4e485606e88cf17a5d836ee6c0f1f0f20

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:08 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 522
expires: Wed, 24 Jul 2024 12:33:08 GMT

GET
H2 200 RC5c60a51709a94068afbf065e1448b617-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 664 B
657 B 147ms
146ms Script
application/x-javascript 23.220.136.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC5c60a51709a94068afbf065e1448b617-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.220.136.244 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-220-136-244.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 262c76a939f7c2d543b0f5669d8958b82954e14e17d79ced7848cd51a36e6b1d

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:08 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 400
expires: Wed, 24 Jul 2024 12:33:08 GMT

GET
H2 200 RC0ba76d5bbb984ea6a79cd6308c48dbff-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 2 KB
981 B 147ms
146ms Script
application/x-javascript 23.220.136.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC0ba76d5bbb984ea6a79cd6308c48dbff-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.220.136.244 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-220-136-244.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 404669b3d94f951d5e005752766d9f4e60dc4f44c7aeda8b491f204f71b760af

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:08 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 723
expires: Wed, 24 Jul 2024 12:33:08 GMT

GET
H2 200 RC0829ccf7bc5a44478ae2705d4c111c37-source.min.js Show response
assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/ 966 B
809 B 147ms
146ms Script
application/x-javascript 23.220.136.244
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobedtm.com/b359cfb740b4/a792d4e6ffcd/9c00aee86889/RC0829ccf7bc5a44478ae2705d4c111c37-source.min.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.220.136.244 Ashburn, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-220-136-244.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 3aec02b24881b79afb8d121953096fd5754b07c8d26a295bcd900b0833183933

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:08 GMT
content-encoding: gzip
last-modified: Mon, 22 Jul 2024 22:53:19 GMT
server: AkamaiNetStorage
etag: "0537f9b1ee377a7339cd8f0bc0e42c40:1721688799.745653"
vary: Accept-Encoding
content-type: application/x-javascript
access-control-allow-origin: https://www.fortinet.com
cache-control: max-age=3600
accept-ranges: bytes
timing-allow-origin: *
content-length: 551
expires: Wed, 24 Jul 2024 12:33:08 GMT

GET
H/1.1 200
OK favicon.ico
www.fortinet.com/etc/designs/fortinet-blog/ 318 B
2 KB 49ms
48ms Other
image/vnd.microsoft.icon 44.199.160.6
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://www.fortinet.com/etc/designs/fortinet-blog/favicon.ico

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

44.199.160.6 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-199-160-6.compute-1.amazonaws.com

Software

Apache /

Resource Hash

d18b3c9feb76c3c1cfdcc51c732f113327e3c33fb3f63b479951f7da6ed1216f

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

X-Dispatcher: dispatcher2uswest1-28559771
Date: Fri, 12 Jul 2024 21:15:40 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains
X-Content-Type-Options: nosniff
Content-Security-Policy: frame-ancestors 'self' https://www.fortinet.com
Content-Encoding: gzip
Via: 1.1 8a66d5eadee9b730a388e117efe2af72.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: IAD61-P2
X-Vhost: publish
X-Cache: Hit from cloudfront
Age: 1088324
Connection: keep-alive
Content-Length: 133
X-XSS-Protection: 1; mode=block
Last-Modified: Thu, 22 Feb 2018 05:17:28 GMT
Server: Apache
ETag: "13e-565c628eb6a00-gzip"
X-Frame-Options: SAMEORIGIN
Vary: Accept-Encoding
Content-Type: image/vnd.microsoft.icon
Cache-Control: max-age=2000000, public
Accept-Ranges: bytes
X-Amz-Cf-Id: X_mfx30iJD5mD5_YmAO_ej4OVzMyAqvlGajFk86V01hKiGcQAXx65g==

GET
H/1.1 200
OK spx Show response
dx.mountain.com/ 23 KB
6 KB 181ms
46ms Script
application/javascript 52.7.151.245
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=32336&tdr=&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&cb=62375522723846696term=value
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 52.7.151.245 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-52-7-151-245.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: 1c5c0a7f534e64d22915d1565fd09fad5675350317d0fe591c6a07b8b0f5f820

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:08 GMT
content-encoding: gzip
server: istio-envoy
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
transfer-encoding: chunked
content-type: application/javascript;charset=utf-8
x-envoy-upstream-service-time: 2
be: spx-prod
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 165ms
46ms Script
application/javascript 146.75.28.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.28.157 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:08 GMT
content-encoding: gzip
last-modified: Fri, 15 Mar 2024 03:07:08 GMT
x-amz-server-side-encryption: AES256
etag: "bbbcf811d8437a575d796a4c1e5d4fad+gzip"
vary: Accept-Encoding,Host
x-cache: HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15412
x-served-by: cache-iad-kiad7000155-IAD

GET
H2

200

bounce
secure.adnxs.com/
Redirect Chain

https://secure.adnxs.com/px?id=1773420&t=2
https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1773420%26t%3D2

43 B
1 KB

46ms
43ms

Image
image/gif

68.67.160.184
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1773420%26t%3D2

Protocol

Server

68.67.160.184 Colonia, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:33:08 GMT
an-x-request-uuid: c231d8a2-1785-4f14-939e-e2872afb3fde
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 149.88.16.239; 149.88.16.239; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:33:08 GMT
an-x-request-uuid: 950838df-7412-4ba4-abab-e25b992295bf
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
location: https://secure.adnxs.com/bounce?%2Fpx%3Fid%3D1773420%26t%3D2
cache-control: no-store, no-cache, private
x-proxy-origin: 149.88.16.239; 149.88.16.239; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2

200

bounce
ib.adnxs.com/
Redirect Chain

https://ib.adnxs.com/seg?add=36113683
https://ib.adnxs.com/bounce?%2Fseg%3Fadd%3D36113683

43 B
1 KB

44ms
43ms

Image
image/gif

68.67.160.184
ASN-APPNEX

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ib.adnxs.com/bounce?%2Fseg%3Fadd%3D36113683

Protocol

Server

68.67.160.184 Colonia, United States, ASN29990 (ASN-APPNEX, US),

Reverse DNS

669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net

Software

nginx/1.23.4 /

Resource Hash

4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef

Security Headers

Name	Value
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:33:08 GMT
an-x-request-uuid: abbe32ce-c03a-4a3f-be98-cb0cd9535076
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: image/gif
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
x-proxy-origin: 149.88.16.239; 149.88.16.239; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 43
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:33:08 GMT
an-x-request-uuid: 812c9709-a4a5-4f4f-a92b-0ddd12e60b91
server: nginx/1.23.4
accept-ch: Sec-CH-UA-Full-Version-List,Sec-CH-UA-Arch,Sec-CH-UA-Model,Sec-CH-UA-Platform-Version,Sec-CH-UA-Bitness
p3p: policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
content-type: text/html; charset=utf-8
access-control-allow-origin: *
cache-control: no-store, no-cache, private
access-control-allow-credentials: true
location: https://ib.adnxs.com/bounce?%2Fseg%3Fadd%3D36113683
x-proxy-origin: 149.88.16.239; 149.88.16.239; 669.bm-nginx-loadbalancer.mgmt.nym2.adnexus.net; adnxs.com
content-length: 0
x-xss-protection: 0
expires: Sat, 15 Nov 2008 16:00:00 GMT

GET
H2 200 iztag.js Show response
tags.inzynk.io/0ulh3gex/ 21 KB
21 KB 148ms
48ms Script
application/octet-stream 13.249.39.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://tags.inzynk.io/0ulh3gex/iztag.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.249.39.85 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-249-39-85.iad89.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 178ec5d6c8298d4e308c4b7674042667ecafdbffcb5331b621985a2b11539f0e

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-amz-version-id: null
date: Tue, 23 Jul 2024 13:45:55 GMT
via: 1.1 824fe21e467658628899bdd8725649ee.cloudfront.net (CloudFront)
last-modified: Wed, 22 Nov 2023 13:20:07 GMT
server: AmazonS3
x-amz-cf-pop: IAD89-C1
age: 78437
x-amz-server-side-encryption: AES256
etag: "605a29cc08159ad81b95e2ceac549300"
x-cache: Hit from cloudfront
content-type: application/octet-stream
accept-ranges: bytes
content-length: 21193
x-amz-cf-id: 7nqftsB2nkTofVMaXDB0q5eFJ0F67Zs5bDpsnA2On5XltabD1xVnCA==

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 47ms
47ms Image
image/gif 23.212.248.22
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=19a6fa31-d9d6-4a5d-8afc-99f97a44f711&session=c6236651-c82f-4fff-84a9-1d4d329e8ec2&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A33%3A08%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A33%3A07%20GMT%22%2C%22timeSpent%22%3A%221004%22%2C%22totalTimeSpent%22%3A%223014%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20observed%20a%20stealer%20campaign%20spreading%20multiple%20files%20that%20exploit%20CVE-2024-21412%20to%20download%20malicious%20executable%20files.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&pageViewId=d9c42d6e-122f-4c1f-8b0a-1cfda9fced45&v=1.1.22

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.212.248.22 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-212-248-22.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:33:08 GMT
x-content-type-options: nosniff
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Jul 2024 11:33:08 GMT

GET
H2 401 / Show response
webtracker.argusplatform.com/wh/track/ 205 B
469 B 523ms
372ms XHR
application/json 13.107.246.40
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://webtracker.argusplatform.com/wh/track/?site_id=C6AC00C8269540D0ABFF19F1B5558B6D&visitor_id=1721820787619477472&event_type=page_request&timestamp=1721820789&page_title=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&page_url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&page_url_referer=

Requested by

Host: tmp.argusplatform.com
URL: https://tmp.argusplatform.com/js/wid.tracker.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

13.107.246.40 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

2ed114345dab0a74e1c81b100e3db108ff86464854f3159d005fac67413454b7

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

access-control-allow-origin: *
date: Wed, 24 Jul 2024 11:33:09 GMT
strict-transport-security: max-age=31536000
request-context: appId=cid-v1:ead16ead-3a47-42dd-aec9-91a1bbb42ff5
x-azure-ref: 20240724T113308Z-16b7b6c7db7fqpzmhxgrnnfkzn00000001pg000000005s0t
x-cache: CONFIG_NOCACHE
content-type: application/json; charset=utf-8

GET
H2 200 0ulh3gex Show response
analytics.inzynk.io/collect/ 171 B
436 B 459ms
142ms Script
text/plain 13.53.113.26
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.inzynk.io/collect/0ulh3gex?izcid=&iztid=&u=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&t=Exploiting+CVE-2024-21412%3A+A+Stealer+Campaign+Unleashed+%7C+FortiGuard+Labs&p=%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&d=www.fortinet.com&r=&inzynk_c=
Requested by: Host: tags.inzynk.io
URL: https://tags.inzynk.io/0ulh3gex/iztag.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 13.53.113.26 Stockholm, Sweden, ASN16509 (AMAZON-02, US),
Reverse DNS: ec2-13-53-113-26.eu-north-1.compute.amazonaws.com
Software: nginx /
Resource Hash: 8b7bf74598f10f6b52d7cb81bcec3d30d674e37d5499156c2427da4ac051b603

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:09 GMT
server: nginx
content-length: 171
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers
content-type: text/plain;charset=ISO-8859-1

GET
H2

200

exploiting-cve-2024-21412-stealer-campaign-unleashed;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=9401346431529.53
10104846.fls.doubleclick.net/activityi;dc_pre=CPfbtaTKv4cDFaLl_QUdOvYDMg;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/ Frame 1B0B
Redirect Chain

https://10104846.fls.doubleclick.net/activityi;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed;dc_lat=;d...
https://10104846.fls.doubleclick.net/activityi;dc_pre=CPfbtaTKv4cDFaLl_QUdOvYDMg;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-st...

0
0

318ms
316ms

Document
text/html

142.250.31.149
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://10104846.fls.doubleclick.net/activityi;dc_pre=CPfbtaTKv4cDFaLl_QUdOvYDMg;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=9401346431529.53?

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.250.31.149 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

bj-in-f149.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 2286
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 24 Jul 2024 11:33:10 GMT
expires: Wed, 24 Jul 2024 11:33:10 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Wed, 24 Jul 2024 11:33:09 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://10104846.fls.doubleclick.net/activityi;dc_pre=CPfbtaTKv4cDFaLl_QUdOvYDMg;src=10104846;type=sitew00;cat=sitew006;u3=https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=$%7BGDPR%7D;gdpr_consent=$%7BGDPR_CONSENT_755%7D;ord=9401346431529.53?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 224 KB
60 KB 1159ms
44ms Script
application/x-javascript 157.240.229.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.229.1 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-iad3.fbcdn.net

Software

Resource Hash

eaa003d85cb77f94fcae98396e583ce01d0c375b57235402c884ef8a792b951e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 24 Jul 2024 11:33:09 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58677
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=41, rtx=0, c=12, mss=1316, tbw=2783, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma: public
x-fb-debug: B/HniPiEem9YZm8oAuOo35sck+OuSWVWir698lLzCUkkD+yltiUGEboP72JfjaIUiAJ5Fag7loOKgozhimPZZg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 siteanalyze_6033413.js Show response
siteimproveanalytics.com/js/ 36 KB
12 KB 118ms
73ms Script
application/javascript 104.21.50.150
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://siteimproveanalytics.com/js/siteanalyze_6033413.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/launch-EN23cb8375449840dc93b13f34d935b8b9.min.js
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 104.21.50.150 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e171f597c12bd7813408cabb76395c783e04c8aa8a0a57416a120ac026e5acf5

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:08 GMT
content-encoding: gzip
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-amz-request-id: 4KQPXQZZFGH0XCGV
age: 544
alt-svc: h3=":443"; ma=86400
content-length: 11242
x-amz-id-2: euaH5Xfko3OBcX7eHpX7c63RqP7QnkSJrtC7QeHR4L1oBSPrvCMXHHCLMsY2r5DP3L4Z1l2pOt8=
last-modified: Sat, 29 Jun 2024 00:03:14 GMT
server: cloudflare
etag: "60402ae40e703f919eeaab313f154e6a"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r3LZJKY%2BX%2F3cYBRnUAZVzVJaYV1ZStMb5S7EuE7m5Nx6JY26Pm8x%2B1tDEo57LWJenKp2L%2BQXcZLLywL3zWzyutZg8eFk%2Bw9LiosgbXJekZEUfubLDHgUt8i0P8QOAlKlHCfeRkVIqkvcdIU%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
cache-control: max-age=86400, no-transform
accept-ranges: bytes
cf-ray: 8a8397fa4e14abe2-YYZ

GET is
18.210.229.244/ 0
0

GET
H2 200 adsct
t.co/i/ 43 B
251 B 591ms
202ms Image
image/gif 72.21.81.130
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=0b0e1fda-b1ed-4692-998e-c17bf5966d3d&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=cd7f9b21-9490-42c6-99a1-d64b23363f5f&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o6ezf&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.21.81.130 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-response-time: 86
date: Wed, 24 Jul 2024 11:33:08 GMT
strict-transport-security: max-age=0
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 3d0ad242dce7095e
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 37ee103a808d90fd622b941968079ed17fdd93f5f3bcb086b0b9efd080e249e5
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
214 B 215ms
75ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=0b0e1fda-b1ed-4692-998e-c17bf5966d3d&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=cd7f9b21-9490-42c6-99a1-d64b23363f5f&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o6ezf&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-response-time: 7
date: Wed, 24 Jul 2024 11:33:08 GMT
strict-transport-security: max-age=631138519
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: dce51811e43400f6
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 84e8f803cb15ca1bfb8788e7f98040febb3a8245902dc254d4bbefae46de6a02
content-length: 43

GET
H2 200 adsct
t.co/i/ 43 B
375 B 509ms
120ms Image
image/gif 72.21.81.130
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=1b40aeb5-893b-49c8-a69d-1dc4e7040634&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=cd7f9b21-9490-42c6-99a1-d64b23363f5f&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o72wb&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.21.81.130 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-response-time: 7
date: Wed, 24 Jul 2024 11:33:08 GMT
strict-transport-security: max-age=0
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 09e0419d6d57e46f
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 299e1060a605bdded6eabb5220657652aeb053f8955a7c0cee8b33d662cce81c
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
216 B 282ms
142ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=1b40aeb5-893b-49c8-a69d-1dc4e7040634&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=cd7f9b21-9490-42c6-99a1-d64b23363f5f&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=o72wb&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-response-time: 78
date: Wed, 24 Jul 2024 11:33:08 GMT
strict-transport-security: max-age=631138519
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: f00b0426df83a7b4
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 84e8f803cb15ca1bfb8788e7f98040febb3a8245902dc254d4bbefae46de6a02
content-length: 43

GET
H2 200 adsct
t.co/i/ 43 B
250 B 572ms
184ms Image
image/gif 72.21.81.130
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/i/adsct?bci=3&eci=2&event_id=2aa15aff-c447-4928-8fda-7d5ef9ccede5&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=cd7f9b21-9490-42c6-99a1-d64b23363f5f&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxlzj&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

72.21.81.130 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-response-time: 73
date: Wed, 24 Jul 2024 11:33:08 GMT
strict-transport-security: max-age=0
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 73f7754c2c80a6c8
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 233dcee2d8e6544301b95e9a1c477c4e74f46c664003c9a51a9046c7423382dc
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/i/ 43 B
392 B 213ms
74ms Image
image/gif 104.244.42.131
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/i/adsct?bci=3&eci=2&event_id=2aa15aff-c447-4928-8fda-7d5ef9ccede5&events=%5B%5B%22pageview%22%2C%7B%7D%5D%5D&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=cd7f9b21-9490-42c6-99a1-d64b23363f5f&tw_document_href=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&tw_iframe_status=0&tw_order_quantity=0&tw_sale_amount=0&txn_id=nxlzj&type=javascript&version=2.3.30

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.131 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_b /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-response-time: 6
date: Wed, 24 Jul 2024 11:33:08 GMT
strict-transport-security: max-age=631138519
server: tsa_b
content-type: image/gif;charset=utf-8
x-transaction-id: 940e1dbec13d6d98
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: 84e8f803cb15ca1bfb8788e7f98040febb3a8245902dc254d4bbefae46de6a02
content-length: 43

GET
H2 200 insight.min.js Show response
snap.licdn.com/li.lms-analytics/ 1 KB
969 B 168ms
47ms Script
application/javascript 23.218.218.181
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.min.js

Requested by

Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.218.218.181 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-218-218-181.deploy.static.akamaitechnologies.com

Software

Resource Hash

89333b6a52d61646b071d1dec1a49c6a5a734096eb5ec9183ef08b42c9cfbe50

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Wed, 24 Jul 2024 05:21:40 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=64816
accept-ranges: bytes
content-length: 759

GET
H2 200 tag.aspx Show response
ml314.com/ 37 KB
12 KB 131ms
26ms Script
application/javascript 34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/tag.aspx?246
Requested by: Host: www.fortinet.com
URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 773a28cc9ac8062b38482769d1f03d92a6487d5775d439cff1c8b5be61fdd6d7

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:01:33 GMT
via: 1.1 google
content-encoding: br
age: 1896
x-guploader-uploadid: ACJd0NphhdtPu59kINRI1K3-bzc3Y9tDd_mplSCu5x_v4nqJySB3AsLR504P0DLlqaYYlL_2a6TcsmbD3Q
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 12140
last-modified: Wed, 12 Jun 2024 23:47:10 GMT
server: UploadServer
vary: Accept-Encoding
x-goog-generation: 1718236030191817
x-goog-hash: crc32c=jdP4zA==, md5=YRx2m1aKFpugF5vA5Ps9ng==
content-type: application/javascript
cache-id: YYZ
cache-control: public,max-age=3600
x-cache-hit: hit
x-goog-stored-content-length: 37568
accept-ranges: bytes

GET
H2 200 image.aspx
6033413.global.siteimproveanalytics.io/ 34 B
149 B 1169ms
45ms Image
image/gif 54.156.91.224
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://6033413.global.siteimproveanalytics.io/image.aspx?url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&title=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&res=1600x1200&accountid=6033413&rt=5484&prev=b10cc1aa-2913-0e48-aae8-ee75b925591d&luid=fde80273-0675-87f7-2067-bb4c6f3a5def&rnd=8777
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 54.156.91.224 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-54-156-91-224.compute-1.amazonaws.com
Software: /
Resource Hash: 1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-type: image/gif
date: Wed, 24 Jul 2024 11:33:10 GMT
cache-control: max-age=0
content-length: 34
expires: Wed, 24 Jul 2024 11:33:10 UTC

GET
H2 200 insight.beta.min.js Show response
snap.licdn.com/li.lms-analytics/ 40 KB
14 KB 42ms
42ms Script
application/javascript 23.218.218.181
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://snap.licdn.com/li.lms-analytics/insight.beta.min.js

Requested by

Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.218.218.181 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-218-218-181.deploy.static.akamaitechnologies.com

Software

Resource Hash

6c495fdee8fdedea958291002b9090e57e0ce477feae0ac9034f8b78c34ec65c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Mon, 22 Jul 2024 10:02:06 GMT
x-cdn: AKAM
x-amz-server-side-encryption: AES256
vary: Accept-Encoding
content-type: application/javascript;charset=utf-8
cache-control: max-age=64306
accept-ranges: bytes
content-length: 14597

GET
H2 200 utsync.ashx Show response
ml314.com/ 684 B
1 KB 82ms
78ms Script
application/javascript 34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://ml314.com/utsync.ashx?pub=&adv=&et=0&eid=54820&ct=js&pi=&fp=&clid=&if=0&ps=&cl=&mlt=&data=&&cp=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&pv=1721820789159_c2gyc7wmf&bl=en-ca&cb=5579655&return=&ht=&d=&dc=&si=1721820789159_c2gyc7wmf&cid=&s=1600x1200&rp=&v=2.7.3.180
Requested by: Host: ml314.com
URL: https://ml314.com/tag.aspx?246
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: 6cb63f111e4e72366b948be422027bd2e0e2b9f83b552afd4511fff079537c60

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:33:09 GMT
via: 1.1 google
server: Google Frontend
content-type: application/javascript
p3p: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
cache-control: no-cache, no-store, must-revalidate
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: 0

GET
H2 200 attribution_trigger Show response
px.ads.linkedin.com/ 2 B
1001 B 266ms
171ms XHR
application/json 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/attribution_trigger?pid=7120%2C2159050&time=1721820789172&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept: *
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:09 GMT
content-encoding: gzip
nel: {"report_to":"network-errors","max_age":1296000,"success_fraction":0.00066,"failure_fraction":1,"include_subdomains":true}
x-cache: CONFIG_NOCACHE
x-li-uuid: AAYd/KSDeboZ8Zxegya0GQ==
x-li-pop: afd-prod-ltx1-x
x-msedge-ref: Ref A: C49596324A944B66B9C9083E8D02815E Ref B: YTO01EDGE0808 Ref C: 2024-07-24T11:33:09Z
report-to: {"group":"network-errors","max_age":2592000,"endpoints":[{"url":"https://www.linkedin.com/li/rep"}],"include_subdomains":true}
x-li-fabric: prod-lor1
access-control-allow-origin: *
access-control-allow-methods: GET, OPTIONS
content-type: application/json
x-li-source-fabric: prod-ltx1
x-restli-protocol-version: 1.0.0
x-li-proto: http/2
access-control-allow-headers: *
x-fs-uuid: 00061dfca48379ba19f19c5e8326b419

GET
H2

200

collect
px.ads.linkedin.com/
Redirect Chain

https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050&time=1721820789172&li_adsId=90144915-fc0f-41c6-b5ed-2cafc55df137&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexpl...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050&time=1721820789172&li_adsId=90144915-fc0f-41c6-b5ed-2cafc55df137&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexpl...
https://www.linkedin.com/px/li_sync?redirect=https%3A%2F%2Fpx.ads.linkedin.com%2Fcollect%3Fv%3D2%26fmt%3Djs%26pid%3D7120%252C2159050%26time%3D1721820789172%26li_adsId%3D90144915-fc0f-41c6-b5ed-2caf...
https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050&time=1721820789172&li_adsId=90144915-fc0f-41c6-b5ed-2cafc55df137&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexpl...

0
383 B

133ms
132ms

Image
application/javascript

13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050&time=1721820789172&li_adsId=90144915-fc0f-41c6-b5ed-2cafc55df137&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&cookiesTest=true&liSync=true
Protocol: H2
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

date: Wed, 24 Jul 2024 11:33:09 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: 9EBD5A73076D41A2984810EE1BF34D1E Ref B: YTO01EDGE0818 Ref C: 2024-07-24T11:33:09Z
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-type: application/javascript
x-li-fabric: prod-lor1
x-li-proto: http/2
content-length: 0
x-li-uuid: AAYd/KSOWB4ihqZnvFybhg==

Redirect headers

strict-transport-security: max-age=31536000
content-security-policy: frame-ancestors 'self'
x-content-type-options: nosniff
date: Wed, 24 Jul 2024 11:33:09 GMT
linkedin-action: 1
x-cache: CONFIG_NOCACHE
content-length: 0
x-li-uuid: AAYd/KSMKDdpMicLm/sgtg==
pragma: no-cache
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: A27B8D5462B54321B9F436443C74E5DA Ref B: YTO01EDGE0818 Ref C: 2024-07-24T11:33:09Z
x-frame-options: sameorigin
x-li-fabric: prod-lor1
location: https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=7120%2C2159050&time=1721820789172&li_adsId=90144915-fc0f-41c6-b5ed-2cafc55df137&url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&cookiesTest=true&liSync=true
cache-control: no-cache, no-store
x-li-proto: http/2
expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H2 200 ibs:dpid=22052&dpuuid=3645797589165539338&redir=
dpm.demdex.net/ 42 B
716 B 51ms
47ms Image
image/gif 23.23.225.172
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=22052&dpuuid=3645797589165539338&redir=

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

23.23.225.172 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-23-23-225-172.compute-1.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

dcs: dcs-prod-va6-1-v062-0d483d847.edge-va6.demdex.com 3 ms
pragma: no-cache
date: Wed, 24 Jul 2024 11:33:09 GMT
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
content-encoding: gzip
x-tid: 9g/YF2fGStk=
content-type: image/gif
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-length: 59
expires: Thu, 01 Jan 1970 00:00:00 UTC

GET
H3

200

csync.ashx
ml314.com/
Redirect Chain

https://idsync.rlcdn.com/395886.gif?partner_uid=3645797589165539338
https://idsync.rlcdn.com/1000.gif?memo=CO6UGBIeChoIARCuXxoTMzY0NTc5NzU4OTE2NTUzOTMzOBAAGg0I9cyDtQYSBQjoBxAAQgBKAA
https://ml314.com/csync.ashx?fp=2036266bfbc44e8e629b951c658ba7cbbcf794bb6d6542b64edf7fd964b083f9f4cb09cee1a4f8eb&person_id=3645797589165539338&eid=50082

43 B
56 B

83ms
82ms

Image
image/gif

34.117.77.79
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ml314.com/csync.ashx?fp=2036266bfbc44e8e629b951c658ba7cbbcf794bb6d6542b64edf7fd964b083f9f4cb09cee1a4f8eb&person_id=3645797589165539338&eid=50082
Protocol: H3
Server: 34.117.77.79 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 79.77.117.34.bc.googleusercontent.com
Software: Google Frontend /
Resource Hash: b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

expires: Thu, 25 Jul 2024 11:33:09 GMT
date: Wed, 24 Jul 2024 11:33:09 GMT
via: 1.1 google
server: Google Frontend
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-type: image/gif

Redirect headers

date: Wed, 24 Jul 2024 11:33:09 GMT
via: 1.1 google
p3p: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
location: https://ml314.com/csync.ashx?fp=2036266bfbc44e8e629b951c658ba7cbbcf794bb6d6542b64edf7fd964b083f9f4cb09cee1a4f8eb&person_id=3645797589165539338&eid=50082
cache-control: no-cache, no-store
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0

GET generic
match.adsrvr.org/track/cmf/ 0
0

GET tp=BOMB
sync.crwdcntrl.net/map/c=6985/ 0
0

GET
H/1.1

200
OK

match
ps.eyeota.net/
Redirect Chain

https://ps.eyeota.net/pixel?pid=r8hrb20&t=gif
https://ps.eyeota.net/pixel/bounce/?pid=r8hrb20&t=gif
https://ml314.com/utsync.ashx?eid=50052&et=0&fp=2aisXPGqvR4NuG4ZcasN4U9YjW-bPORE0xwcW1QiSfOE&gdpr=0&gdpr_consent=&return=https%3A%2F%2Fps.eyeota.net%2Fmatch%3Fbid%3Dr8hrb20%26uid%3Dnil%26referrer_p...
https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20

70 B
440 B

45ms
45ms

Image
image/gif

18.214.54.215
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20
Protocol: HTTP/1.1
Server: 18.214.54.215 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-18-214-54-215.compute-1.amazonaws.com
Software: /
Resource Hash: de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

Content-Type: image/gif
Date: Wed, 24 Jul 2024 11:33:09 GMT
Content-Length: 70
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="http://ps.eyeota.net/w3c/p3p.xml"

Redirect headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:33:09 GMT
via: 1.1 google
server: Google Frontend
content-type: image/gif
location: https://ps.eyeota.net/match?bid=r8hrb20&uid=nil&referrer_pid=r8hrb20
p3p: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"
cache-control: no-cache, no-store, must-revalidate
x-cloud-trace-context: 7d6d1a4b55ccc685c3d2617b2ea68c9c
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 43
expires: 0,Thu, 25 Jul 2024 11:33:09 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 44ms
43ms Image
image/gif 23.212.248.22
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=19a6fa31-d9d6-4a5d-8afc-99f97a44f711&session=c6236651-c82f-4fff-84a9-1d4d329e8ec2&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A33%3A09%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A33%3A08%20GMT%22%2C%22timeSpent%22%3A%221004%22%2C%22totalTimeSpent%22%3A%224018%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20observed%20a%20stealer%20campaign%20spreading%20multiple%20files%20that%20exploit%20CVE-2024-21412%20to%20download%20malicious%20executable%20files.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&pageViewId=d9c42d6e-122f-4c1f-8b0a-1cfda9fced45&v=1.1.22

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.212.248.22 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-212-248-22.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:33:09 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Jul 2024 11:33:09 GMT

GET
H2 200 177020962864941 Show response
connect.facebook.net/signals/config/ 60 KB
12 KB 92ms
91ms Script
application/x-javascript 157.240.229.1
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/177020962864941?v=2.9.162&r=stable&domain=www.fortinet.com&hme=e67e7d148043b3a377ad0eb1c82669792a67ba5e3bb5734b69e611ae38f939ca&ex_m=68%2C115%2C102%2C106%2C59%2C3%2C95%2C67%2C15%2C92%2C85%2C49%2C52%2C163%2C166%2C178%2C174%2C175%2C177%2C28%2C96%2C51%2C74%2C176%2C158%2C161%2C171%2C172%2C179%2C124%2C39%2C33%2C136%2C14%2C48%2C184%2C183%2C126%2C17%2C38%2C1%2C41%2C63%2C64%2C65%2C69%2C89%2C16%2C13%2C91%2C88%2C87%2C103%2C50%2C105%2C37%2C104%2C29%2C25%2C159%2C162%2C133%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C55%2C60%2C62%2C72%2C97%2C26%2C73%2C8%2C7%2C77%2C46%2C20%2C99%2C98%2C100%2C93%2C9%2C19%2C18%2C82%2C54%2C80%2C32%2C71%2C0%2C90%2C31%2C79%2C84%2C45%2C44%2C83%2C36%2C4%2C86%2C78%2C42%2C34%2C81%2C2%2C35%2C61%2C40%2C101%2C43%2C76%2C66%2C107%2C58%2C57%2C30%2C94%2C56%2C53%2C47%2C75%2C70%2C23%2C108

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.229.1 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-02-iad3.fbcdn.net

Software

Resource Hash

8faa00fe604f9f30cef70e7242445d28716037d505d4b46c68768c0a3913068f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Wed, 24 Jul 2024 11:33:10 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=47, rtx=0, c=63, mss=1316, tbw=64171, tp=-1, tpl=-1, uplat=46, ullat=0
pragma: public
x-fb-debug: XtcuIeE9vXyj36LzZNF3INf/O913LcmjnL2oG6NfL9RBlsDpLPi6O72ou40pYKVcOUBFEcY85VqabAgz+yfrdA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 204 / Show response
px.ads.linkedin.com/wa/ 0
197 B 142ms
139ms XHR
text/plain 13.107.42.14
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://px.ads.linkedin.com/wa/
Requested by: Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.beta.min.js
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: *
Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Wed, 24 Jul 2024 11:33:09 GMT
x-li-pop: afd-prod-lor1-x
x-msedge-ref: Ref A: A0F54A55968B488DAE52ACE0DA036EC0 Ref B: YTO01EDGE0818 Ref C: 2024-07-24T11:33:10Z
linkedin-action: 1
vary: Origin
x-cache: CONFIG_NOCACHE
x-li-fabric: prod-lor1
access-control-allow-origin: https://www.fortinet.com
x-li-proto: http/2
access-control-allow-credentials: true
x-li-uuid: AAYd/KSQkQ5mCNBmTsBFow==

GET
H2 200 /
www.facebook.com/tr/ 0
274 B 145ms
44ms Image
text/plain 157.240.229.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=177020962864941&ev=PageView&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&rl=&if=false&ts=1721820790189&sw=1600&sh=1200&v=2.9.162&r=stable&ec=0&o=4126&fbp=fb.1.1721820790187.381053661488607253&ler=empty&cdl=API_unavailable&it=1721820790073&coo=false&exp=f0&rqm=GET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.229.35 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-02-iad3.facebook.com

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: EXCELLENT; q=0.9, rtt=42, rtx=0, c=10, mss=1316, tbw=2787, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Wed, 24 Jul 2024 11:33:10 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 409ms
309ms Image
image/png 157.240.229.35
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=177020962864941&ev=PageView&dl=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&rl=&if=false&ts=1721820790189&sw=1600&sh=1200&v=2.9.162&r=stable&ec=0&o=4126&fbp=fb.1.1721820790187.381053661488607253&ler=empty&cdl=API_unavailable&it=1721820790073&coo=false&exp=f0&rqm=FGET

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

157.240.229.35 Ashburn, United States, ASN32934 (FACEBOOK, US),

Reverse DNS

edge-star-mini-shv-02-iad3.facebook.com

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: zstd
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
date: Wed, 24 Jul 2024 11:33:10 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7395163982989472860", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=42, rtx=0, c=10, mss=1316, tbw=3105, tp=-1, tpl=-1, uplat=264, ullat=0
pragma: no-cache
x-fb-debug: sxaLCmDG7Z4z+MJwOlCRmHIvHLvG9U25X9xy7PVqe3TRsGxb08Kjji7lJezPIp9AtvFTiIK9pM9YzfBWVA41ew==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7395163982989472860"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 73ms
72ms Image
image/gif 23.212.248.22
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=19a6fa31-d9d6-4a5d-8afc-99f97a44f711&session=c6236651-c82f-4fff-84a9-1d4d329e8ec2&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A33%3A10%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A33%3A09%20GMT%22%2C%22timeSpent%22%3A%221000%22%2C%22totalTimeSpent%22%3A%225018%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20observed%20a%20stealer%20campaign%20spreading%20multiple%20files%20that%20exploit%20CVE-2024-21412%20to%20download%20malicious%20executable%20files.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&pageViewId=d9c42d6e-122f-4c1f-8b0a-1cfda9fced45&v=1.1.22

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.212.248.22 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-212-248-22.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:33:10 GMT
x-content-type-options: nosniff
last-modified: Sat, 18 Feb 2023 00:49:36 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "63f020a0-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Jul 2024 11:33:10 GMT

GET
H2 200 img.gif
b.6sc.co/v1/beacon/ 43 B
257 B 56ms
55ms Image
image/gif 23.212.248.22
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://b.6sc.co/v1/beacon/img.gif?token=5eeecf22b2d12a77a14639dce97b7a36&svisitor=null&visitor=19a6fa31-d9d6-4a5d-8afc-99f97a44f711&session=c6236651-c82f-4fff-84a9-1d4d329e8ec2&event=active_time_track&q=%7B%22currentTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A33%3A11%20GMT%22%2C%22lastTrackTime%22%3A%22Wed%2C%2024%20Jul%202024%2011%3A33%3A10%20GMT%22%2C%22timeSpent%22%3A%221001%22%2C%22totalTimeSpent%22%3A%226019%22%7D&isIframe=false&m=%7B%22description%22%3A%22FortiGuard%20Labs%20has%20observed%20a%20stealer%20campaign%20spreading%20multiple%20files%20that%20exploit%20CVE-2024-21412%20to%20download%20malicious%20executable%20files.%20Read%20more.%22%2C%22keywords%22%3A%22%22%2C%22title%22%3A%22Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs%22%7D&cb=&r=&thirdParty=%7B%7D&v2=1&pageURL=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&pageViewId=d9c42d6e-122f-4c1f-8b0a-1cfda9fced45&v=1.1.22

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.212.248.22 Ashburn, United States, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-212-248-22.deploy.static.akamaitechnologies.com

Software

nginx/1.14.0 (Ubuntu) /

Resource Hash

dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.fortinet.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 24 Jul 2024 11:33:11 GMT
x-content-type-options: nosniff
last-modified: Tue, 05 Oct 2021 22:17:52 GMT
server: nginx/1.14.0 (Ubuntu)
etag: "615ccf10-2b"
content-type: image/gif
cache-control: max-age=0, no-cache, no-store
accept-ranges: bytes
content-length: 43
expires: Wed, 24 Jul 2024 11:33:11 GMT

GET st
px.mountain.com/ 0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ibc-flow.techtarget.com
URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1247773&r=1721820785938&ref=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&version=2.4

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=10050195;npa=0;auiddc=1040172418.1721820786;ps=1;pcor=33135042;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe47h0v9185241837za200zb9123037237;gcd=13l3l3l3l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed?

Domain: tracking.contanuity.com
URL: https://tracking.contanuity.com/usersync?bwcookie=AACa-E7NQc0AABSlH40N0w

Domain: 18.210.229.244
URL: https://18.210.229.244/is

Domain: match.adsrvr.org
URL: https://match.adsrvr.org/track/cmf/generic?ttd_pid=d0tro1j&ttd_tpi=1

Domain: sync.crwdcntrl.net
URL: https://sync.crwdcntrl.net/map/c=6985/tp=BOMB?https://ml314.com/csync.ashx%3Ffp%3D%24%7Bprofile_id%7D%26eid%3D50146%26person_id%3D3645797589165539338

Domain: px.mountain.com
URL: https://px.mountain.com/st?ga_tracking_id=G-JH142QCQCJ&ga_client_id=973419236.1721820786&shpt=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&ga_info=%7B%22status%22%3A%22One%20of%20the%20required%20properties%20not%20evaluated%20(mntnis%2C%20ga_tracking_id%2C%20ga_client_id%2C%20shpt).%22%2C%22ga_tracking_id%22%3A%22G-JH142QCQCJ%22%2C%22ga_client_id%22%3A%22973419236.1721820786%22%2C%22shpt%22%3A%22Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs%22%2C%22dcm_cid%22%3A%221721820786.1%22%2C%22execution_workflow%22%3A%7B%22iteration%22%3A29%2C%22getClientIdByCookie%22%3A%22OK%22%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%7D%7D&dcm_cid=1721820786.1&available_ga=%5B%7B%22id%22%3A%22G-JH142QCQCJ%22%2C%22sess_id%22%3A%221721820786%22%7D%5D&hardcoded_ga=&dxver=4.0.0&shaid=32336&plh=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&cb=62375522723846696term%3Dvalue&shadditional=sh_conversion%3DSHBLOCK%2Cgoogletagmanager%3Dtrue%2Cga4%3Dtrue%2Cmediamath%3Dtrue%2Cappnexus%3Dtrue

Verdicts & Comments Add Verdict or Comment

147 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

63 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.fortinet.com/	1970-01-21 07:02:37	Name: cookiesession1 Value: 678A3E61AA0C2C7D077BD9233BAA0836
.fortinet.com/	1970-01-21 07:02:36	Name: OptanonConsent Value: isIABGlobal=false&datestamp=Wed+Jul+24+2024+04%3A33%3A04+GMT-0700+(Pacific+Daylight+Time)&version=6.10.0&hosts=&consentId=4717adff-93ff-4e84-9ce2-85aa3f88233d&interactionCount=0&landingPath=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&groups=C0001%3A1%2CC0002%3A1%2CC0003%3A1%2CC0004%3A1
.fortinet.com/	1969-12-31 23:59:59	Name: at_check Value: true
.demdex.net/	1970-01-21 02:36:12	Name: demdex Value: 52104645368140463242358385974948306634
.fortinet.com/	1969-12-31 23:59:59	Name: AMCVS_ED8739F75677FE917F000101%40AdobeOrg Value: 1
.fortinet.com/	1970-01-21 07:53:00	Name: mbox Value: session#aa50fe560b064624bb9859d33631b116#1721822646\|PC#aa50fe560b064624bb9859d33631b116.34_0#1785065586
.fortinet.com/	1970-01-20 22:17:02	Name: mboxEdgeCluster Value: 34
.dpm.demdex.net/	1970-01-21 02:36:12	Name: dpm Value: 52104645368140463242358385974948306634
.fortinet.com/	1970-01-21 07:53:00	Name: AMCV_ED8739F75677FE917F000101%40AdobeOrg Value: 179643557%7CMCIDTS%7C19929%7CMCMID%7C52448419684402088922322882776571625282%7CMCAAMLH-1722425585%7C7%7CMCAAMB-1722425585%7C6G1ynYcLPuiQxYZrsz_pkqfLG9yMXBpb2zX5dvJdYQJzPXImdj0y%7CMCOPTOUT-1721827985s%7CNONE%7CMCSYNCSOP%7C411-19936%7CvVersion%7C5.5.0
www.fortinet.com/	1970-01-21 07:53:00	Name: _gd_visitor Value: 19a6fa31-d9d6-4a5d-8afc-99f97a44f711
www.fortinet.com/	1970-01-20 22:17:15	Name: _gd_session Value: c6236651-c82f-4fff-84a9-1d4d329e8ec2
www.fortinet.com/	1970-01-21 07:53:00	Name: _omappvp Value: S0IGvgmsh8y5OK1IGTEQQybSiG6R85zYWZzber6QB9uVJXpPk1cHZF3KLRhJwA06Hn6E2PXCE2thgBqsdFlf3J6IbDrg7tsS
www.fortinet.com/	1970-01-20 22:17:01	Name: _omappvs Value: 1721820785728
.techtarget.com/	1970-01-20 22:17:02	Name: __cf_bm Value: FGQ_iXLH4.T0CsNZrog4Wf2X7bWZAa54vNFexpVn8Zw-1721820785-1.0.1.1-ij6ObIutWP8WCyLYydIpuc2m3Pn2dUQq8wHjIFROKo5jy7LqdFXDrZvA_5BHAz8HnOw8S0D70v8rv2i15jtBTg
.fortinet.com/	1970-01-21 00:26:36	Name: _gcl_au Value: 1.1.1040172418.1721820786
.fortinet.com/	1970-01-20 22:18:27	Name: _uetsid Value: 7ea263e049b011ef8f9c1900ae0d6d62
.fortinet.com/	1970-01-21 07:38:36	Name: _uetvid Value: 7ea27ee049b011efac7f75b9004e2403
.bing.com/	1970-01-21 07:38:36	Name: MUID Value: 2E1A9AD6778E6C9D0DE88E1076246DFC
.bat.bing.com/	1970-01-20 22:27:05	Name: MR Value: 0
.fortinet.com/	1970-01-21 07:53:00	Name: _ga_JH142QCQCJ Value: GS1.1.1721820786.1.0.1721820786.0.0.0
.fortinet.com/	1970-01-21 07:53:00	Name: _ga Value: GA1.1.973419236.1721820786
.doubleclick.net/	1970-01-21 02:36:12	Name: receive-cookie-deprecation Value: 1
.fortinet.com/	1970-01-20 22:17:02	Name: gpv_pn Value: www.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed
.fortinet.com/	1970-01-21 00:26:36	Name: s_getNewRepeat Value: 1721820786347-New
.fortinet.com/	1969-12-31 23:59:59	Name: s_cc Value: true
abm-tracking.demandscience.com/	1970-01-21 07:53:00	Name: userId Value: a6bfe9c5e94d822489c8c4c06d71dd1f_1721820786694
www.fortinet.com/	1970-01-20 22:17:01	Name: dicbo_id Value: %7B%22dicbo_fetch%22%3A1721820786997%7D
.www.fortinet.com/	1970-01-21 07:02:36	Name: WID_VISITOR_ID Value: 1721820787619477472
tracking.contanuity.com/	1970-01-21 07:53:00	Name: userId Value: a6bfe9c5e94d822489c8c4c06d71dd1f_1721820786694
tracking.contanuity.com/	1970-01-21 07:53:00	Name: clientId Value: undefined
.bidr.io/	1970-01-21 07:45:34	Name: bito Value: AACa-E7NQc0AABSlH40N0w
.bidr.io/	1970-01-21 07:45:34	Name: bitoIsSecure Value: ok
www.fortinet.com/	1970-01-20 22:27:05	Name: AWSALB Value: nA8mVrbZKty96SyqAzASenT2YghG3iOrLNG76dx/kKdWn8xlR8miKn+YPBIl5qWmem4TYu/h/OM/fDg2o4UxjlMK5o/p9zl/dEEX8ZrL49ONYNgYsv9nxCfbyVHrESGdjoyptfeC2D/sxJCuYBhdvxLMdLNd2UO+StMK50UnUEpZ8ccCgqE2p318ydKKCJXP17A8JvFIjMlLkauWZ2K3isTFPNCTHbl6
www.fortinet.com/	1970-01-20 22:27:05	Name: AWSALBCORS Value: b5+sVcvNwtqKeQfvZwYoUg1hp2uVXcTYw906TnvGah/c+dwwLu8ECql/UuBC/cjlHVPMZgepbNyx2ZTrHIzN4Y6s1OZGpuokWSGOPNF83peqqY7AjocBPlPSGG4SSnQkHalaB/xj1rXHya/r4bFrH/kdlWOtOLxqimpcsSKc90waqXl55/rEIT5kjbK8bRJvCiTpmaNfyeOSBw+plDH/oPOWQsg6is4o
.adnxs.com/	1970-01-21 07:53:00	Name: receive-cookie-deprecation Value: 1
.adnxs.com/	1970-01-21 00:26:36	Name: anj Value: dTM7k!M4/8CxrEQF']wIg2Il_F+A+#!@wnf-Te9(>wL5L!!'Q]$hs#.
www.fortinet.com/	1970-01-20 22:18:28	Name: aa_cc Value: US
www.fortinet.com/	1970-01-20 22:18:28	Name: aa_cn Value: United%20States
www.fortinet.com/	1970-01-20 22:18:28	Name: 6scexist Value: true
.adnxs.com/	1970-01-21 00:26:36	Name: XANDR_PANID Value: FqiIZCBqeT109DE1zO-g3Q8bd3NiA6Lp_YpH1yWKWZIdAe74y7ue3hrGpOvzQ65O45UYLvDkHPNYzOFNaOl_C1OcylgH7mwLzhTqdJHiORc.
.adnxs.com/	1970-01-21 00:26:36	Name: uuid2 Value: 8688254420773746238
.fortinet.com/	1970-01-21 07:53:00	Name: nmstat Value: b10cc1aa-2913-0e48-aae8-ee75b925591d
.twitter.com/	1970-01-21 07:53:00	Name: personalization_id Value: "v1_pXnWlRRUaGneUy+XdPE0SA=="
.inzynk.io/	1970-01-21 07:02:36	Name: iztid Value: 1721820798917
.ml314.com/	1970-01-21 07:02:36	Name: pi Value: 3645797589165539338
.ml314.com/	1970-01-20 22:37:10	Name: tp Value: 4%253B07%252F24%252F2024%2B11%253A33%253A09%253B0
www.fortinet.com/	1970-01-21 07:02:36	Name: izcid Value: 1721820795416
www.fortinet.com/	1970-01-21 07:02:36	Name: iztid Value: 1721820798917
.t.co/	1970-01-21 07:53:00	Name: muc_ads Value: a931823e-7a7f-4994-bed5-7c20c3cefe5b
.eyeota.net/	1970-01-21 07:02:36	Name: mako_uid Value: 190e4843acc-7a730000010a41bd
.eyeota.net/	1970-01-20 22:17:01	Name: SERVERID Value: 16829~DM
.ml314.com/	1970-01-20 22:17:00	Name: u Value: aHR0cHM6Ly93d3cuZm9ydGluZXQuY29tLw%3D%3D
.rlcdn.com/	1970-01-21 07:02:36	Name: rlas3 Value: 5MdjtZKKTLjTCapa0Q0b/na2M/vcye1csxBI3hdL9LI=
.rlcdn.com/	1970-01-20 23:43:24	Name: pxrc Value: CPXMg7UGEgUI6AcQABIFCNtOEAA=
.linkedin.com/	1970-01-21 00:26:36	Name: li_sugr Value: 6ec29c10-f74e-4203-a5ae-de416145214e
.linkedin.com/	1970-01-21 07:02:36	Name: bcookie Value: "v=2&ab23947c-a4a5-44bd-8bed-f91dc872776b"
.linkedin.com/	1970-01-20 22:18:27	Name: lidc Value: "b=OGST09:s=O:r=O:a=O:p=O:g=2883:u=1:x=1:i=1721820789:t=1721907189:v=2:sig=AQHlRXZ50ND4O2OjNWBFcSq9UXnaYfPs"
.linkedin.com/	1970-01-20 23:00:12	Name: UserMatchHistory Value: AQI_eGw0vqG6FQAAAZDkhDvqU5RJYBrAQO5h2PQFlUyupV5x-2EL-BW93Qrk9aURuKk_3M60HHpUgw
.linkedin.com/	1970-01-20 23:00:12	Name: AnalyticsSyncHistory Value: AQJcAGJDcKv5ewAAAZDkhDvq7BJeusCSx7gTTAkgiFy9ocWDYAEFT07gN0QCg0n0sAsNy2ApLOa631G-f_zceg
.www.linkedin.com/	1970-01-21 07:02:36	Name: bscookie Value: "v=1&20240724113309f8669585-1b3b-4cb9-8573-ab2fe611cbfeAQGfPTH5Q_HPcHqALRPfcSGQ374rHcZP"
.fortinet.com/	1970-01-21 00:26:36	Name: _fbp Value: fb.1.1721820790187.381053661488607253
.doubleclick.net/	1970-01-21 07:53:00	Name: IDE Value: AHWqTUn_L-HUFL9jGLRSv9g99aqCguv-Ta3ftSwgIG9gIuxBN27i5VB36vxnJR2bBqM
.doubleclick.net/	1970-01-20 23:00:12	Name: ar_debug Value: 1

5 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
network	error	URL: https://api.omappapi.com/v2/embed/39852?d=fortinet.com Message: Failed to load resource: the server responded with a status of 401 ()
javascript	error	URL: https://www.fortinet.com/blog/threat-research/exploiting-cve-2024-21412-stealer-campaign-unleashed Message: Access to XMLHttpRequest at 'https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1247773&r=1721820785938&ref=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&version=2.4' from origin 'https://www.fortinet.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
network	error	URL: https://ibc-flow.techtarget.com/a/gif.gif?actTypeId=31&cid=1247773&r=1721820785938&ref=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&version=2.4 Message: Failed to load resource: net::ERR_FAILED
network	error	URL: https://pixels.argusplatform.com/wh/track/?site_id=C6AC00C8269540D0ABFF19F1B5558B6D&visitor_id=1721820787619477472&event_type=page_request&timestamp=1721820787&page_title=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&page_url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&page_url_referer= Message: Failed to load resource: the server responded with a status of 401 ()
network	error	URL: https://webtracker.argusplatform.com/wh/track/?site_id=C6AC00C8269540D0ABFF19F1B5558B6D&visitor_id=1721820787619477472&event_type=page_request&timestamp=1721820789&page_title=Exploiting%20CVE-2024-21412%3A%20A%20Stealer%20Campaign%20Unleashed%20%7C%20FortiGuard%20Labs&page_url=https%3A%2F%2Fwww.fortinet.com%2Fblog%2Fthreat-research%2Fexploiting-cve-2024-21412-stealer-campaign-unleashed&page_url_referer= Message: Failed to load resource: the server responded with a status of 401 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	frame-ancestors 'self' https://www.fortinet.com
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

10104846.fls.doubleclick.net
18.210.229.244
6033413.global.siteimproveanalytics.io
a.omappapi.com
a.opmnstr.com
abm-tracking.demandscience.com
ad.doubleclick.net
amplify.outbrain.com
analytics.inzynk.io
analytics.twitter.com
api.omappapi.com
assets.adobedtm.com
b.6sc.co
bat.bing.com
c.6sc.co
cdn.cookielaw.org
cdn.jsdelivr.net
cm.everesttech.net
connect.facebook.net
dpm.demdex.net
dx.mountain.com
epsilon.6sense.com
fortinet.demdex.net
fortinet.tt.omtrdc.net
geolocation.onetrust.com
googleads.g.doubleclick.net
ib.adnxs.com
ibc-flow.techtarget.com
idsync.rlcdn.com
intentstream.contanuity.com
ipv6.6sc.co
j.6sc.co
match.adsrvr.org
metrics.fortinet.com
ml314.com
pixel.mathtag.com
pixels.argusplatform.com
ps.eyeota.net
px.ads.linkedin.com
px.mountain.com
script.crazyegg.com
secure.adnxs.com
siteimproveanalytics.com
snap.licdn.com
static.ads-twitter.com
sync.crwdcntrl.net
t.co
tags.inzynk.io
tmp.argusplatform.com
tr.outbrain.com
tracking.contanuity.com
trk.techtarget.com
wave.outbrain.com
webtracker.argusplatform.com
www.facebook.com
www.fortinet.com
www.google-analytics.com
www.google.ca
www.google.com
www.googletagmanager.com
www.linkedin.com
18.210.229.244
ad.doubleclick.net
ibc-flow.techtarget.com
match.adsrvr.org
px.mountain.com
sync.crwdcntrl.net
tracking.contanuity.com
104.19.148.8
104.19.178.52
104.21.50.150
104.244.42.131
13.107.246.40
13.107.42.14
13.249.39.85
13.53.113.26
142.250.31.149
142.251.179.139
146.75.28.157
151.101.1.229
157.240.229.1
157.240.229.35
172.253.115.105
172.253.115.94
172.253.115.97
172.253.122.149
172.253.122.155
172.64.151.60
172.64.155.119
172.66.42.248
18.213.178.132
18.214.54.215
204.79.197.237
216.200.232.253
23.212.248.22
23.218.218.181
23.220.136.244
23.220.137.92
23.222.79.235
23.23.225.172
34.111.208.231
34.117.77.79
35.244.154.8
37.19.207.34
44.199.160.6
44.226.187.177
52.32.164.86
52.33.109.89
52.7.151.245
54.156.91.224
54.203.236.163
63.140.38.55
63.140.39.117
64.202.112.159
68.67.160.184
72.21.81.130
76.223.9.105
00274a2d2a7016155d4c957f6979a7b5fab60f0a8dde069029257b33a61c822c
05b1d251b44fdd42bd27a73eb373440c9957297292c3f13a677eb908648486ee
09edcbeb6bb1f2361271a99cb3369ee93e55c21a4985d8f5cfed37af10d6729d
0a1309d2ccff026ab4dcf050977befc877505115e4777e240fa328b1781c63ae
0b2969b20d4b33763f23481f2dc0f0626a93fdd567798412bf891890047398a3
0c07b854855b0e2bd7839c3659defa45307e96e281b3c00571d09f213eb6a76e
0e5f18649f61dd74f9caf157048d64c16ceb0fd2e8b54ed9e3c6ff1ebf22bd24
0f03d4ff929986a3cde83681fd2560eae544f7138f59945ec6ec32c17800ca91
114ed516604e98cd030c85d1be345541019326d2f32bb784626fb13ad57f8744
13c309d0ebac3484b78106413ee31f46abfc690429c64ddf6ceb1b1838424ada
178ec5d6c8298d4e308c4b7674042667ecafdbffcb5331b621985a2b11539f0e
1c5c0a7f534e64d22915d1565fd09fad5675350317d0fe591c6a07b8b0f5f820
1d348f9f803c95305f63def9d75fd50e79e54a375e1a4a888edbbea366845580
1d7b331a045e0921f57a7aca33a2be27539027cc5b1ded6de5ad38263eddf8a3
1dde2ab5816ee8b43f14ff352140279bf74aefd5054d5130053c949f4abc0d54
1e85ec81b9800b4c443d39caca0d0926089a3ac201120db1ceb45b93789480b8
21363f7dcb6a74dffdc50b0b62ba538281612396ed1a8f738d7b70f7a812604b
262c76a939f7c2d543b0f5669d8958b82954e14e17d79ced7848cd51a36e6b1d
2ed114345dab0a74e1c81b100e3db108ff86464854f3159d005fac67413454b7
30ddee8ebf0ffd7c415585a9e3a0e8023deb80ed05b857a4427dbb75790c43bd
370df1cc8999c1e03fc1c5f7ced35334513d19233d1fc79d2c1c7f711361565d
37fd820b496a40f0f5783b425ed0c873d7913a576c0f246e869c5a2be58f787e
3aec02b24881b79afb8d121953096fd5754b07c8d26a295bcd900b0833183933
3cb0ec69b2c8d9fd0562a0573c6e197ebfffe5e0130a36afcabf14ff7794b3e5
3cbadfa4978733bd5be49491780ee3fdcf1255dcfd09ebbaec113c1ddd256c5c
3e63ed3b834f3a6961e1476a3dfadffb78212feac2bf804352a6926091b4c828
3f36cb484213cafc798ef594c00ffdc27156f0106c63b539c3464bae355fb82a
3f57193ed9b7928c36cb710ac6a4af1583023f928914c094db4995420f7e3a54
404669b3d94f951d5e005752766d9f4e60dc4f44c7aeda8b491f204f71b760af
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
480e3b349655b6f17b20ec546c300957cad9ffd98b2d29be29db79422ededc52
4b1dfdf84f81ccef7d37fc96dfd2358c87a40a04b20f063179f2c87fc1d3d382
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
4dba9e54570483a0624219ec53864f468c9cbdf4f9c1f23821e539de7cb0c9fc
4ddd640f0c52ac4be32250b4b1659062f4d59c88c55af845614e41e792328cda
505748d8fab10e86f43782b89c05ccbdb2870326077adf7202326ecc07617b92
59faeec7cd3ce8eba6b26823c7dd41512a380a8c3329aa0ae0270a72f4645d08
5b4c9abcf01dcf74e0adf075ff4d47464c62c84307ae5ebd115d45da70e6443d
663fcd2b41d75e07e72ea2622d80566bcf10f1951f7293217d5fd9c9e3e542d8
6c495fdee8fdedea958291002b9090e57e0ce477feae0ac9034f8b78c34ec65c
6cb63f111e4e72366b948be422027bd2e0e2b9f83b552afd4511fff079537c60
6d0291f90718dc0537f65dc6a4f68d8e75f0a8a3a0b62836d9cf41350ecaf552
701769ec99138974c12369fd4acf65a7f99e9a1becbab1e16a89be9859aafc9f
74234e98afe7498fb5daf1f36ac2d78acc339464f950703b8c019892f982b90b
770be267abb4fe287bf67c2fdbdf4f14556632b8e07a6d464e58ca56e3e33474
773a28cc9ac8062b38482769d1f03d92a6487d5775d439cff1c8b5be61fdd6d7
7a23e0e46e16f067271bc79c92a917c13769848457d16cdf109e4dc04c687e8f
7b1e74dd6970b56853dfd79e59ba73315051b0c59a69c6a9fd87e515650fdc80
7c951a4408b8eb47ecea22bc965c50addb9e027eed0d48b1248869d967967ceb
8489534bde4ad3c3cedebecd11b9babe653de6b413922ec2b877c5bfcb33ee3e
855f75e3c59ecf05751e400ad7f8ef021ab050a882b7c4861a187c9475c16dbc
85bc8f46e2971aa1d27f9bbc7c90c6dfabaa1f9efd62f1b233d502de5c28a4d7
8883bc0b8dd0d8b6e1f37046e643e3487484913aae5fedbb41b9c0c059ecf123
89333b6a52d61646b071d1dec1a49c6a5a734096eb5ec9183ef08b42c9cfbe50
89501d31f6143d2dd6a448458a7123b136d8001b53185ae5f8e21429f3b2fc76
895f6b9e5d37c494c7c8ebf30eade521c286b27001d256e3a37f5ac27684a57d
8998282f5a80fff5eaafdbd457dd7a81af0cd7c8696bfe032a6aeef8fe67f99f
8b7bf74598f10f6b52d7cb81bcec3d30d674e37d5499156c2427da4ac051b603
8cdca3b36914e8a3f56390da71389944579faaae82704e53bd66f9c0387502f6
8db92e7cdc1ad40168c42e93b05d842e056d8a5b83ae96b95d2b1c546f828196
8faa00fe604f9f30cef70e7242445d28716037d505d4b46c68768c0a3913068f
930494fef37c0c702073ceeddd12da067bba2824f8eba39e1f9a3c5332bec6b6
93f1175b9eb9dcdf7cc89fb8a0049b1734aead76c4e9a71ce2e74c6659dfc7a2
9453297b8c031ffe12f292174750cabd95f6069010d7dfb77e3e840f462706e1
94633716497a85d800b6e573953942c4cfe483c0dbd68fa97fd01dd97ced5d66
95489af8d2ac0d1075abe17ed52592e77145a5419d532e71e5f6a7103761868b
98192c2b3bfd0e66cff07b8ba31ff42de9182144d3e21b9ca258f13da96ee457
985071e89e5076c1b93d2b9ba507a2e890236ef8e3eaea519c7b2bc364cf84df
99dc3803d1f19c8103f79f834044b2afd4c8af5b7927efbd36b1052d528b40ae
9c2bfadf1fe546bd3872bf81e8477e95faff0104f3b9b888bc47cff4ffe88a36
9c8f97e1ba30315a15a5234ca04917637a554fc9aa391b89e4d0fd1d2662f550
9e127a551b1d872db037fb1c551f032ffb34217f160a6906918f720cae169575
a1ecbaed793a1f564c49c671f2dd0ce36f858534ef6d26b55783a06b884cc506
a98a9441db98144c6e8c4ab37c72e26786065a15dfb36a9231be938f76984c4f
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
afb08ef7dbe14e004ba0b93079e3c465c7c6f9d1038518826c8513126aa29ba7
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b51f3497b0a65f1e1e87e75f5e7e823d871c23bcf76a5ee4101783c8f939e553
b5b4fea0f2608d0f0cafdee0e2b00ae659b091c6d18eda7fe291e636ba3f353c
b64cae93d3398a9d5da33d3728f714a222df73943f87b81b7f2c49d58e2794ef
b697c4c8e7c22fa7e18ccef66c1bda6610f19ec8c7d1c60fb3696db54ea5362e
b8bd6ae17f88486fa86c4acb7f2190d93bcbdd5e223e55b46273cb0eb0a05878
b90b775b65c2623322caaa52d7acf6af709ca59bdd475a54043b6308d91828c4
b934ce9883949e7bceb88fa78a354125eefc85715f7e54da8ff529c94ebab0fe
b97c99a69a6275c8f90703cd4c0864089a74fd08383a1cc75a8a4d0c2cb60cce
bdfd8a95ffd68d8bc7149ea79a3ca8a1869fe507a42e4f7a368f626843346e89
bec82187bec72da82a4eed1c0c3624ac495ca960b7286da80815db9b5c43777e
bedf62e46e59fa272ad95971fb563c91a33501c2443058083872960861534da7
bf75adb4dce36bece1ce5451a9fb6d4fbd65ee72fc074b55ca676f2d8898da5b
c1ccdda10c297d3aeedbe2fa72700c5f49bdf9e102090c2d62775ec3c964e078
c64cddc349202defdca8bcf51d8a905d5f8810cc76f08c1e6561800f1dd5708a
c800888331e0e31f317acc8de442b6a71340d4f0d4f3db9dbb7f8e4b3172e84e
d18b3c9feb76c3c1cfdcc51c732f113327e3c33fb3f63b479951f7da6ed1216f
d1fe20aff60f91b78aabd65363112fbc84a8e7c8dd0c258bb1aae48cc4e4879c
d2afd46ac58cd7e89b3fdfd790300d69034e94151ed45acf83d7b6d5dccfdb17
d7e3e3eedae1cf7993e3ba97dd668fe79d1f1e98d3b691ca78bf852b325dfe70
d97ea24841d9881b6b38caf9174e468db2c6a133cc325320d5720b0783a37d06
daca62c416db27f7a2d0f2ee342dcddee14b90b395daaac1679af0fec4a6b0a4
db058d72d7ba8ff6ed7209af23a4458c373cc78f72c81ec1df88bb5de72a0b0b
db311174b0e3c340727b63c055cfb5b317808e909503e1bda11cc58af444f12b
dcecab1355b5c2b9ecef281322bf265ac5840b4688748586e9632b473a5fe56b
de9d3fd0eb948bd294477d0eda60a73b85caff1794803530d0463193a113da98
e0c289faa80333eff728b8bdbbf10b11dec1a6e1938a444e1cc41be6744e96d2
e171f597c12bd7813408cabb76395c783e04c8aa8a0a57416a120ac026e5acf5
e23a04dc769dd89005fe5ef4017bb882e5c00e59079a533602e1c0ffb3781271
e2d910265020b45a6878d4b62b104bc4cfbcf7554e7386d81aef7a0ae208048e
e3a54e557f40c9a8528562f5f9fe39cb3fce5ad1e3f4238ec791c17961645240
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
eaa003d85cb77f94fcae98396e583ce01d0c375b57235402c884ef8a792b951e
ebd0b0892d3b17adc658369a10ebfe9abcd4883fd08bb047fd66dd459edd4481
ec425cce7010294e5d2601a098dabc3e75536351f58e07ada250c8642934fb8d
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f012c00d43164a4de843ae80abefe500f8497e1123d11c965cd3b40600fe9720
f41e718277c296a77a6259da8cadd84b5f195d21ea0a6eb36442de9217613c2f
f9b2aaabab92d9c63930432351fa3f5aa634fcb5db31b039e23465f8b4bd5a68
fcce7b7353be95b84f177e00cd497eb4e485606e88cf17a5d836ee6c0f1f0f20
fe04a9dc88d3f3be8d4f6bc63a9a80f45a4c6d8460e7551dab849457c091920a

www.fortinet.com Open in urlscan Pro 44.199.160.6 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

159 Requests

92 %HTTPS

0 %IPv6

43 Domains

61 Subdomains

48 IPs

3 Countries

7384 kBTransfer

10864 kBSize

63 Cookies

9 Outgoing links

Redirected requests

159 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 3 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.fortinet.com Open in urlscan Pro
44.199.160.6 Public Scan

Screenshot
Live screenshot

Full Image

159
Requests

92 %
HTTPS

0 %
IPv6

43
Domains

61
Subdomains

48
IPs

3
Countries

7384 kB
Transfer

10864 kB
Size

63
Cookies

159 HTTP transactions
3 data transactions