www.bitdefender.com Open in urlscan Pro
2606:4700::6812:a9 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertisi...
Submission: On November 04 via api (November 4th 2024, 10:27:14 am UTC) from IN — Scanned from DE

Summary HTTP 103 Redirects Links 9 Behaviour Indicators

Summary

This website contacted 32 IPs in 4 countries across 19 domains to perform 103 HTTP transactions. The main IP is 2606:4700::6812:a9, located in United States and belongs to CLOUDFLARENET, US. The main domain is www.bitdefender.com. The Cisco Umbrella rank of the primary domain is 108746.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on October 10th 2024. Valid for: a year.

This is the only time www.bitdefender.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
21	2606:4700::68... 2606:4700::6812:a9	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3 12	2606:4700::68... 2606:4700::6812:a9de	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a02:26f0:350... 2a02:26f0:3500:18::1724:a28c	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2a02:26f0:480... 2a02:26f0:480:f9d::1e80	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	2606:4700::68... 2606:4700::6810:8bd1	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1 3	108.128.214.125 108.128.214.125	16509 (AMAZON-02) (AMAZON-02)
3	2600:1901:0:5... 2600:1901:0:5987::	15169 (GOOGLE) (GOOGLE)
1	18.66.102.85 18.66.102.85	16509 (AMAZON-02) (AMAZON-02)
6	2606:4700::68... 2606:4700::6810:7674	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:a0a8	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6810:4d8e	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700::68... 2606:4700::6812:8911	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2606:4700:440... 2606:4700:4400::6812:28f0	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2a02:26f0:350... 2a02:26f0:3500:886::f09	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
13	35.190.14.188 35.190.14.188	15169 (GOOGLE) (GOOGLE)
1	2600:9000:249... 2600:9000:2490:c200:d:199b:f700:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2600:1901:0:c... 2600:1901:0:c07c::	15169 (GOOGLE) (GOOGLE)
5	2a05:d018:56f... 2a05:d018:56f:b802:834:8d0e:be2f:5ebe	16509 (AMAZON-02) (AMAZON-02)
1	54.194.45.227 54.194.45.227	16509 (AMAZON-02) (AMAZON-02)
2	63.140.62.222 63.140.62.222	16509 (AMAZON-02) (AMAZON-02)
1 1	52.16.193.179 52.16.193.179	16509 (AMAZON-02) (AMAZON-02)
4	66.235.152.156 66.235.152.156	16509 (AMAZON-02) (AMAZON-02)
6	35.241.3.184 35.241.3.184	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	104.18.80.204 104.18.80.204	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2600:1901:0:1... 2600:1901:0:1e38::	15169 (GOOGLE) (GOOGLE)
1	34.95.108.180 34.95.108.180	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
1	2a02:26f0:350... 2a02:26f0:3500:887::f09	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
5	2a00:1450:400... 2a00:1450:4001:810::2008	15169 (GOOGLE) (GOOGLE)
1	2a02:26f0:480... 2a02:26f0:480:33::212:40cf	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a02:26f0:480... 2a02:26f0:480:a89::294d	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	142.250.184.194 142.250.184.194	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:32::36	15169 (GOOGLE) (GOOGLE)
1 2	142.250.185.226 142.250.185.226	15169 (GOOGLE) (GOOGLE)
103	32

21 2606:4700::6812:a9 (United States)

ASN13335 (CLOUDFLARENET, US)

www.bitdefender.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700::6812:a9de (United States) 3 redirects

ASN13335 (CLOUDFLARENET, US)

blogapp.bitdefender.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a02:26f0:3500:18::1724:a28c (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

consent.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a02:26f0:480:f9d::1e80 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobedtm.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:8bd1 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
js-na1.hs-scripts.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 108.128.214.125 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-108-128-214-125.eu-west-1.compute.amazonaws.com

dpm.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2600:1901:0:5987:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

app.usercentrics.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.66.102.85 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-102-85.fra56.r.cloudfront.net

api.company-target.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2606:4700::6810:7674 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cta-service-cms2.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
track.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
forms.hubspot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:a0a8 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-analytics.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6810:4d8e (United States)

ASN13335 (CLOUDFLARENET, US)

js.usemessages.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:8911 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hsleadflows.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700:4400::6812:28f0 (United States)

ASN13335 (CLOUDFLARENET, US)

js.hs-banner.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:886::f09 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

consentcdn.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

13 35.190.14.188 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 188.14.190.35.bc.googleusercontent.com

app.usercentrics.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:2490:c200:d:199b:f700:93a1 (United States)

ASN16509 (AMAZON-02, US)

euob.ofgreencolumn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1901:0:c07c:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

api.usercentrics.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a05:d018:56f:b802:834:8d0e:be2f:5ebe (Dublin, Ireland)

ASN16509 (AMAZON-02, US)

obseu.ofgreencolumn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.194.45.227 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-194-45-227.eu-west-1.compute.amazonaws.com

bitdefender.demdex.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 63.140.62.222 (United States)

ASN16509 (AMAZON-02, US)
PTR: ip-63-140-62-222.data.adobedc.net

sstats.bitdefender.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.16.193.179 (Dublin, Ireland) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: ec2-52-16-193-179.eu-west-1.compute.amazonaws.com

cm.everesttech.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 66.235.152.156 (United States)

ASN16509 (AMAZON-02, US)
PTR: ip-66-235-152-156.data.adobedc.net

starget.bitdefender.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 35.241.3.184 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 184.3.241.35.bc.googleusercontent.com

api.usercentrics.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.18.80.204 (None, )

ASN13335 (CLOUDFLARENET, US)

perf-na1.hsforms.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1901:0:1e38:: (Kansas City, United States)

ASN15169 (GOOGLE, US)

consent-api.service.consent.usercentrics.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.95.108.180 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 180.108.95.34.bc.googleusercontent.com

uct.service.usercentrics.eu	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:3500:887::f09 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

imgsct.cookiebot.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 2a00:1450:4001:810::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:33::212:40cf (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

download.bitdefender.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a02:26f0:480:a89::294d (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)

assets.adobetarget.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.184.194 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s11-in-f2.1e100.net

pagead2.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.185.226 (United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s53-in-f2.1e100.net

ade.googlesyndication.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
40	bitdefender.com 3 redirects www.bitdefender.com — Cisco Umbrella Rank: 108746 blogapp.bitdefender.com — Cisco Umbrella Rank: 729156 sstats.bitdefender.com — Cisco Umbrella Rank: 177748 starget.bitdefender.com — Cisco Umbrella Rank: 543963 download.bitdefender.com — Cisco Umbrella Rank: 32518	509 KB
27	usercentrics.eu app.usercentrics.eu — Cisco Umbrella Rank: 9082 api.usercentrics.eu — Cisco Umbrella Rank: 6675 consent-api.service.consent.usercentrics.eu — Cisco Umbrella Rank: 15140 uct.service.usercentrics.eu — Cisco Umbrella Rank: 17632	200 KB
6	ofgreencolumn.com euob.ofgreencolumn.com — Cisco Umbrella Rank: 329456 obseu.ofgreencolumn.com — Cisco Umbrella Rank: 274752	42 KB
6	hubspot.com js.hubspot.com — Cisco Umbrella Rank: 3554 api.hubspot.com — Cisco Umbrella Rank: 5132 cta-service-cms2.hubspot.com — Cisco Umbrella Rank: 3687 track.hubspot.com — Cisco Umbrella Rank: 2324 forms.hubspot.com — Cisco Umbrella Rank: 5962	29 KB
5	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 39	393 KB
4	demdex.net 1 redirects dpm.demdex.net — Cisco Umbrella Rank: 243 bitdefender.demdex.net — Cisco Umbrella Rank: 407627	2 KB
4	cookiebot.com consent.cookiebot.com — Cisco Umbrella Rank: 4618 consentcdn.cookiebot.com — Cisco Umbrella Rank: 5320 imgsct.cookiebot.com — Cisco Umbrella Rank: 5372	35 KB
3	googlesyndication.com 1 redirects pagead2.googlesyndication.com — Cisco Umbrella Rank: 116 ade.googlesyndication.com — Cisco Umbrella Rank: 365	1 KB
3	adobedtm.com assets.adobedtm.com — Cisco Umbrella Rank: 430	168 KB
2	hs-scripts.com js.hs-scripts.com — Cisco Umbrella Rank: 2500 js-na1.hs-scripts.com — Cisco Umbrella Rank: 6488	2 KB
1	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 3643
1	adobetarget.com assets.adobetarget.com — Cisco Umbrella Rank: 30037	29 KB
1	hsforms.com perf-na1.hsforms.com — Cisco Umbrella Rank: 3796	930 B
1	everesttech.net 1 redirects cm.everesttech.net — Cisco Umbrella Rank: 1371	490 B
1	hs-banner.com js.hs-banner.com — Cisco Umbrella Rank: 2172	21 KB
1	hsleadflows.net js.hsleadflows.net — Cisco Umbrella Rank: 5740	92 KB
1	usemessages.com js.usemessages.com — Cisco Umbrella Rank: 5048	26 KB
1	hs-analytics.net js.hs-analytics.net — Cisco Umbrella Rank: 2191	25 KB
1	company-target.com api.company-target.com — Cisco Umbrella Rank: 4087	1 KB
103	19

	Domain	Requested by
21	www.bitdefender.com	www.bitdefender.com
16	app.usercentrics.eu	assets.adobedtm.com app.usercentrics.eu www.bitdefender.com
12	blogapp.bitdefender.com	3 redirects www.bitdefender.com
8	api.usercentrics.eu	app.usercentrics.eu
5	www.googletagmanager.com	assets.adobedtm.com www.googletagmanager.com
5	obseu.ofgreencolumn.com	euob.ofgreencolumn.com www.bitdefender.com
4	starget.bitdefender.com	assets.adobedtm.com
3	dpm.demdex.net	1 redirects www.bitdefender.com
3	assets.adobedtm.com	www.bitdefender.com assets.adobedtm.com
2	ade.googlesyndication.com	1 redirects
2	consent-api.service.consent.usercentrics.eu	app.usercentrics.eu
2	sstats.bitdefender.com	assets.adobedtm.com
2	api.hubspot.com	js.usemessages.com
2	consent.cookiebot.com	www.bitdefender.com consent.cookiebot.com
1	region1.google-analytics.com	www.googletagmanager.com
1	pagead2.googlesyndication.com	www.googletagmanager.com
1	assets.adobetarget.com	assets.adobedtm.com
1	download.bitdefender.com
1	forms.hubspot.com	js.hsleadflows.net
1	track.hubspot.com
1	js-na1.hs-scripts.com	js.hs-analytics.net
1	imgsct.cookiebot.com
1	uct.service.usercentrics.eu	www.bitdefender.com
1	perf-na1.hsforms.com	www.bitdefender.com
1	cm.everesttech.net	1 redirects
1	bitdefender.demdex.net	assets.adobedtm.com
1	cta-service-cms2.hubspot.com	js.hubspot.com
1	euob.ofgreencolumn.com	assets.adobedtm.com
1	consentcdn.cookiebot.com	consent.cookiebot.com
1	js.hs-banner.com	js.hs-scripts.com
1	js.hsleadflows.net	js.hs-scripts.com
1	js.usemessages.com	js.hs-scripts.com
1	js.hs-analytics.net	js.hs-scripts.com
1	js.hubspot.com	js.hs-scripts.com
1	api.company-target.com	assets.adobedtm.com
1	js.hs-scripts.com	www.bitdefender.com
103	36

This site contains links to these domains. Also see Links.

Domain
blog.bitdefender.com
intellizone.bitdefender.com
www.messenger.com
api.whatsapp.com
bitdefend.me
facebook.com
twitter.com
instagram.com
www.youtube.com

Subject Issuer	Validity	Valid
*.bitdefender.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-10-10` - `2025-11-07`	a year	crt.sh
consent.cookiebot.com DigiCert TLS RSA SHA256 2020 CA1	`2024-02-28` - `2025-02-27`	a year	crt.sh
assets.adobedtm.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-09` - `2025-08-09`	a year	crt.sh
hs-scripts.com WE1	`2024-09-26` - `2024-12-25`	3 months	crt.sh
app.usercentrics.eu WR3	`2024-10-01` - `2024-12-30`	3 months	crt.sh
api.demandbase.com Go Daddy Secure Certificate Authority - G2	`2024-08-13` - `2025-09-14`	a year	crt.sh
hubspot.com WE1	`2024-10-03` - `2025-01-01`	3 months	crt.sh
hs-analytics.net WE1	`2024-10-07` - `2025-01-05`	3 months	crt.sh
usemessages.com WE1	`2024-10-06` - `2025-01-04`	3 months	crt.sh
hsleadflows.net WE1	`2024-09-29` - `2024-12-28`	3 months	crt.sh
hs-banner.com WE1	`2024-09-24` - `2024-12-23`	3 months	crt.sh
*.cookiebot.com DigiCert TLS RSA SHA256 2020 CA1	`2024-02-26` - `2025-02-26`	a year	crt.sh
*.ofgreencolumn.com Amazon RSA 2048 M03	`2024-06-18` - `2025-07-17`	a year	crt.sh
api.usercentrics.eu WR3	`2024-09-30` - `2024-12-29`	3 months	crt.sh
*.demdex.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-09-25` - `2025-10-26`	a year	crt.sh
sstats.bitdefender.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-03-07` - `2025-04-07`	a year	crt.sh
starget.bitdefender.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-10-31` - `2025-10-30`	a year	crt.sh
hsforms.com WE1	`2024-10-10` - `2025-01-08`	3 months	crt.sh
consent-api.service.consent.usercentrics.eu WR3	`2024-09-27` - `2024-12-27`	3 months	crt.sh
uct.service.usercentrics.eu WR3	`2024-09-17` - `2024-12-16`	3 months	crt.sh
*.google-analytics.com WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh
download.bitdefender.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-20` - `2025-05-19`	a year	crt.sh
assets.adobetarget.com DigiCert TLS RSA SHA256 2020 CA1	`2024-01-18` - `2025-02-17`	a year	crt.sh
*.g.doubleclick.net WR2	`2024-10-07` - `2024-12-30`	3 months	crt.sh

This page contains 5 frames:

Primary Page: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/
Frame ID: 2D69A8CCBEE5A8299C65236909F6FBC2
Requests: 93 HTTP requests in this frame

Frame: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Frame ID: 212482FAD2A74D5BB7BCE29538A617CD
Requests: 1 HTTP requests in this frame

Frame: https://bitdefender.demdex.net/dest5.html?d_nsid=0
Frame ID: A17B17AD5E2773C16C428790F4839E26
Requests: 1 HTTP requests in this frame

Frame: https://app.usercentrics.eu/browser-sdk/4.38.5/cross-domain-bridge.html
Frame ID: 3084DFC2026D43069447120FF9440929
Requests: 1 HTTP requests in this frame

Frame: https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Fwww.bitdefender.com
Frame ID: E704CCCFABCC112EDFB6DC331BF365F1
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Unmasking the SYS01 Infostealer Threat: Bitdefender Labs Tracks Global Malvertising Campaign Targeting Meta Business Pages

Detected technologies

Nuxt.js (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

<div [^>]*id="__nuxt"
/_nuxt/

Cookiebot (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

consent\.cookiebot\.com

Google AdSense (Advertising Networks) Expand

Overall confidence: 100%
Detected patterns

googlesyndication\.com/

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

HubSpot Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

js\.hs-analytics\.net/analytics

Page Statistics

103
Requests

94 %
HTTPS

64 %
IPv6

19
Domains

36
Subdomains

32
IPs

4
Countries

1573 kB
Transfer

4901 kB
Size

30
Cookies

9 Outgoing links

These are links going to different origins than the main page.

URL: https://blog.bitdefender.com/nuxt/api/en-us/rss/labs/antimalware-research/

Search URL Search Domain Scan URL

URL: https://intellizone.bitdefender.com/en/threat-search/threats/BDco7a45b4
Title: here

Search URL Search Domain Scan URL

URL: https://www.messenger.com/t/102488646283695?ref=blogapp.bitdefender.com
Title: Facebook Messenger

Search URL Search Domain Scan URL

URL: https://api.whatsapp.com/send?phone=19548585275&ref=blogapp.bitdefender.com
Title: WhatsApp

Search URL Search Domain Scan URL

URL: https://bitdefend.me/ScamioDiscord
Title: Discord

Search URL Search Domain Scan URL

URL: https://facebook.com/Bitdefender/

Search URL Search Domain Scan URL

URL: https://twitter.com/bitdefender/

Search URL Search Domain Scan URL

URL: https://instagram.com/bitdefender/

Search URL Search Domain Scan URL

URL: https://www.youtube.com/Bitdefender/

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 17

https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0E920C0F53DA9E9B0A490D45%40AdobeOrg&d_nsid=0&ts=1730716029838 HTTP 302
https://dpm.demdex.net/id/rd?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0E920C0F53DA9E9B0A490D45%40AdobeOrg&d_nsid=0&ts=1730716029838

Request Chain 39

https://cm.everesttech.net/cm/dd?d_uuid=58256175664764225393552927275058157076 HTTP 302
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZyihfgAAAMjjOgN-

Request Chain 77

https://blogapp.bitdefender.com/labs/content/images/size/w100/2023/10/npostolachi.jpg HTTP 302
https://blogapp.bitdefender.com/labs/content/images/2023/10/npostolachi.jpg

Request Chain 78

https://blogapp.bitdefender.com/labs/content/images/size/w100/2023/12/Capture.JPG HTTP 302
https://blogapp.bitdefender.com/labs/content/images/2023/12/Capture.JPG

Request Chain 83

https://blogapp.bitdefender.com/labs/content/images/size/w300/2023/01/decryptors.jpeg HTTP 302
https://blogapp.bitdefender.com/labs/content/images/2023/01/decryptors.jpeg

Request Chain 99

https://ade.googlesyndication.com/ddm/activity/src=5165113;type=na-c;cat=allpages;ord=8021047918396;npa=1;u2=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F;gdid=dMWZhNz.dOThhZD;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=denied;frm=0;gtm=45fe4au0v9171448788za200zb9190968901;gcs=G100;gcd=13p3pPp2p5l1;dma_cps=-;dma=1;tag_exp=101823848~101878899~101878944~101925629;epver=2;~oref=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages HTTP 302
https://ade.googlesyndication.com/ddm/activity/src=5165113;dc_pre=CNma6dK7wokDFT4OogMdG9ADIg;type=na-c;cat=allpages;ord=8021047918396;npa=1;u2=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F;gdid=dMWZhNz.dOThhZD;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=denied;frm=0;gtm=45fe4au0v9171448788za200zb9190968901;gcs=G100;gcd=13p3pPp2p5l1;dma_cps=-;dma=1;tag_exp=101823848~101878899~101878944~101925629;epver=2;~oref=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages

103 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ 237 KB
54 KB 390ms
363ms Document
text/html 2606:4700::6812:a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

37a43bc3ba54dd9fcbfd85ba8bae047ea0fe83f6047019632ebe9592cac77daf

Security Headers

Name

Value

Content-Security-Policy

default-src 'self'; img-src https: http: data:; style-src 'self' 'unsafe-inline' *.bitdefender.com fonts.googleapis.com www.gartner.com; script-src 'self' 'self' *.emarsys.net www.gartner.com cdnjs.cloudflare.com assets.adobedtm.com *.google.com www.gstatic.com *.hs-scripts.com consentcdn.cookiebot.com bitdefender.demdex.net consent.cookiebot.com www.googletagmanager.com *.googleadservices.com tag.demandbase.com *.doubleclick.net sentry.nmbapp.net snap.licdn.com edge.fullstory.com *.hotjar.com js.hubspot.com js.hsforms.net js.hscta.net js.hs-analytics.net js.hsleadflows.net js.hsadspixel.net js.hs-banner.com js.usemessages.com cdn.scarabresearch.com *.bing.com static.ads-twitter.com www.redditstatic.com d.impactradius-event.com connect.facebook.net *.clarity.ms *.bitdefender.com *.scarabresearch.com www.dwin1.com *.taboola.com *.outbrain.com retrack-kupona.kuponacdn.de ad4m.at *.google-analytics.com cdn.bizible.com 'unsafe-inline' 'unsafe-eval' *.cookielaw.org *.criteo.com *.googletagservices.com *.2mdn.net *.googlesyndication.com *.usercentrics.eu *.ofgreencolumn.com *.tiktok.com *.impactcdn.com; frame-ancestors 'self' https: explore.bitdefender.com; object-src 'none'; frame-src www.gartner.com *.facebook.com *.google.com consentcdn.cookiebot.com bitdefender.demdex.net 5165113.fls.doubleclick.net vars.hotjar.com www.youtube.com hal9000.redintelligence.net ad.ad-srv.net forms.hsforms.com ad4m.at ws.hotjar.com s.company-target.com td.doubleclick.net *.criteo.com *.2mdn.net *.googlesyndication.com *.usercentrics.eu *.googletagmanager.com; connect-src wss: ws.hotjar.com metrics.hotjar.io content.hotjar.io hubspot-forms-static-embed.s3.amazonaws.com forms.hsforms.com *.emarsys.net *.hubapi.com *.hubspot.com *.facebook.com assets.adobetarget.com sentry.nmbapp.net api.company-target.com *.bitdefender.com geolocation-db.com dpm.demdex.net consent.cookiebot.com *.google.com google.com *.scarabresearch.com rs.fullstory.com googleads.g.doubleclick.net consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com analytics.google.com *.clarity.ms *.doubleclick.net *.taboola.com cdn.linkedin.oribi.io vc.hotjar.io 'self' localhost blog.bitdefender-com.nmbapp.net tag-logger.demandbase.com *.bizible.com *.bizible.net px.ads.linkedin.com *.redditstatic.com *.googlesyndication.com *.cookielaw.org *.onetrust.com *.onetrust.io *.criteo.com *.reddit.com *.googleadservices.com *.usercentrics.eu *.bing.com *.ofgreencolumn.com *.tiktok.com; font-src 'self' data: www.bitdefender.com fonts.googleapis.com fonts.gstatic.com www.gartner.com; base-uri *.bitdefender.com *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.ro *.bitdefender.fr *.bitdefender.de

Strict-Transport-Security

max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: none
cache-control: public, max-age=1800, s-maxage=86400
cf-cache-status: DYNAMIC
cf-ray: 8dd3e8ef4d689f36-FRA
content-encoding: gzip
content-security-policy: default-src 'self'; img-src https: http: data:; style-src 'self' 'unsafe-inline' *.bitdefender.com fonts.googleapis.com www.gartner.com; script-src 'self' 'self' *.emarsys.net www.gartner.com cdnjs.cloudflare.com assets.adobedtm.com *.google.com www.gstatic.com *.hs-scripts.com consentcdn.cookiebot.com bitdefender.demdex.net consent.cookiebot.com www.googletagmanager.com *.googleadservices.com tag.demandbase.com *.doubleclick.net sentry.nmbapp.net snap.licdn.com edge.fullstory.com *.hotjar.com js.hubspot.com js.hsforms.net js.hscta.net js.hs-analytics.net js.hsleadflows.net js.hsadspixel.net js.hs-banner.com js.usemessages.com cdn.scarabresearch.com *.bing.com static.ads-twitter.com www.redditstatic.com d.impactradius-event.com connect.facebook.net *.clarity.ms *.bitdefender.com *.scarabresearch.com www.dwin1.com *.taboola.com *.outbrain.com retrack-kupona.kuponacdn.de ad4m.at *.google-analytics.com cdn.bizible.com 'unsafe-inline' 'unsafe-eval' *.cookielaw.org *.criteo.com *.googletagservices.com *.2mdn.net *.googlesyndication.com *.usercentrics.eu *.ofgreencolumn.com *.tiktok.com *.impactcdn.com; frame-ancestors 'self' https: explore.bitdefender.com; object-src 'none'; frame-src www.gartner.com *.facebook.com *.google.com consentcdn.cookiebot.com bitdefender.demdex.net 5165113.fls.doubleclick.net vars.hotjar.com www.youtube.com hal9000.redintelligence.net ad.ad-srv.net forms.hsforms.com ad4m.at ws.hotjar.com s.company-target.com td.doubleclick.net *.criteo.com *.2mdn.net *.googlesyndication.com *.usercentrics.eu *.googletagmanager.com; connect-src wss: ws.hotjar.com metrics.hotjar.io content.hotjar.io hubspot-forms-static-embed.s3.amazonaws.com forms.hsforms.com *.emarsys.net *.hubapi.com *.hubspot.com *.facebook.com assets.adobetarget.com sentry.nmbapp.net api.company-target.com *.bitdefender.com geolocation-db.com dpm.demdex.net consent.cookiebot.com *.google.com google.com *.scarabresearch.com rs.fullstory.com googleads.g.doubleclick.net consentcdn.cookiebot.com *.google-analytics.com *.analytics.google.com analytics.google.com *.clarity.ms *.doubleclick.net *.taboola.com cdn.linkedin.oribi.io vc.hotjar.io 'self' localhost blog.bitdefender-com.nmbapp.net tag-logger.demandbase.com *.bizible.com *.bizible.net px.ads.linkedin.com *.redditstatic.com *.googlesyndication.com *.cookielaw.org *.onetrust.com *.onetrust.io *.criteo.com *.reddit.com *.googleadservices.com *.usercentrics.eu *.bing.com *.ofgreencolumn.com *.tiktok.com; font-src 'self' data: www.bitdefender.com fonts.googleapis.com fonts.gstatic.com www.gartner.com; base-uri *.bitdefender.com *.bitdefender.com.au *.bitdefender.co.uk *.bitdefender.ro *.bitdefender.fr *.bitdefender.de
content-type: text/html; charset=utf-8
date: Mon, 04 Nov 2024 10:27:09 GMT
etag: "3b57f-EhH0uXZicN6eSeSVBMPBkYMrN2M"
expires: Mon, 04 Nov 2024 10:57:09 GMT
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding

GET
H2 200 Unmasking-the-SYS01-Infostealer-Threat-Bitdefender-Labs-Tracks-Global-Malvertising-Campaign-Targeting-Meta-Business-Pages.jpeg
blogapp.bitdefender.com/labs/content/images/size/w600/2024/10/ 17 KB
17 KB 94ms
42ms Image
image/jpeg 2606:4700::6812:a9de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blogapp.bitdefender.com/labs/content/images/size/w600/2024/10/Unmasking-the-SYS01-Infostealer-Threat-Bitdefender-Labs-Tracks-Global-Malvertising-Campaign-Targeting-Meta-Business-Pages.jpeg
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a9de , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 68a3a7168f0b5b42d268263b428ae09c120728fe16953a160a596aa351ed088b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: public, max-age=31536000
cf-bgj: h2pri
etag: W/"4232-192dd82d9a6"
age: 422375
cf-cache-status: HIT
cf-ray: 8dd3e8f1ecd33679-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 16946
date: Mon, 04 Nov 2024 10:27:09 GMT
content-type: image/jpeg
last-modified: Wed, 30 Oct 2024 12:59:53 GMT
x-powered-by: Express
server: cloudflare
vary: Accept-Encoding

GET
H2 200 uc.js Show response
consent.cookiebot.com/ 110 KB
34 KB 44ms
25ms Script
application/javascript 2a02:26f0:3500:18::1724:a28c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiebot.com/uc.js
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:18::1724:a28c Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: b30b70e2067e407e427ac15a978091acb030d9b2db360ea2a3ce3eec6ef474e5

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

access-control-expose-headers: Request-Context
cache-control: public, max-age=154
content-encoding: gzip
etag: "42d4c62e8219db1:0"
cross-origin-resource-policy: cross-origin
request-context: appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
expires: Mon, 04 Nov 2024 10:29:43 GMT
accept-ranges: bytes
content-length: 34533
date: Mon, 04 Nov 2024 10:27:09 GMT
content-type: application/javascript
last-modified: Tue, 08 Oct 2024 13:01:25 GMT
vary: Accept-Encoding

GET
H2 200 TagIT.v1.min.js Show response
www.bitdefender.com/scripts/ 15 KB
4 KB 57ms
54ms Script
application/x-javascript 2606:4700::6812:a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bitdefender.com/scripts/TagIT.v1.min.js?v=43
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 1789e6bf0f139fc89e73756237ae433989a6d27e7effe2d1771c06d2566f889b

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/

Response headers

cache-control: public, must-revalidate, proxy-revalidate, max-age=0
content-encoding: gzip
cf-cache-status: MISS
etag: W/"5c8b8d2d-3b83"
pragma: public
cf-ray: 8dd3e8f19f879f36-FRA
access-control-allow-origin: *
date: Mon, 04 Nov 2024 10:27:09 GMT
content-type: application/x-javascript
last-modified: Fri, 15 Mar 2019 11:31:57 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 launch-b77a56f2d5f1.min.js Show response
assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/ 543 KB
153 KB 51ms
7ms Script
application/x-javascript 2a02:26f0:480:f9d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f9d::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

AkamaiNetStorage /

Resource Hash

25f82b0775d468ef51478c9a5aa42a28b077dbfe94d9fa0c3ac5f1ba72975eb5

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: max-age=3600
timing-allow-origin: *
content-encoding: gzip
etag: "19a705835f3a0ae72bb75bcf91d2f1f8:1726835526.609658"
x-content-type-options: nosniff
expires: Mon, 04 Nov 2024 11:27:09 GMT
accept-ranges: bytes
access-control-allow-origin: https://www.bitdefender.com
content-length: 156215
date: Mon, 04 Nov 2024 10:27:09 GMT
content-type: application/x-javascript
last-modified: Fri, 20 Sep 2024 12:32:06 GMT
server: AkamaiNetStorage
vary: Accept-Encoding

GET
H2 200 341979.js Show response
js.hs-scripts.com/ 2 KB
1 KB 41ms
24ms Script
application/javascript 2606:4700::6810:8bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hs-scripts.com/341979.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b5f26298d2d62ac1e4e3223a8c05f514c9ad4ec7605dedd14bb44d698178ed64

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

access-control-max-age: 3600
content-encoding: gzip
cf-cache-status: HIT
age: 33
x-content-type-options: nosniff
expires: Mon, 04 Nov 2024 10:28:39 GMT
date: Mon, 04 Nov 2024 10:27:09 GMT
x-hubspot-correlation-id: 017de7b3-12c2-4168-b7d8-efce273e80e8
content-type: application/javascript;charset=utf-8
vary: origin, Accept-Encoding
last-modified: Mon, 04 Nov 2024 10:26:36 GMT
cache-control: public, max-age=90
access-control-allow-credentials: true
cf-ray: 8dd3e8f2190ed26a-FRA
accept-ranges: bytes
access-control-allow-origin: https://www.bitdefender.com
content-length: 674
server: cloudflare

GET
H2 200 service-worker.js Show response
www.bitdefender.com/content/dam/workers/ 132 B
565 B 811ms
810ms Script
application/javascript 2606:4700::6812:a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/content/dam/workers/service-worker.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4edd782df9a9f91a556f6334dc586c1e867e35bb47697387dd3939dff706e4ff

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/

Response headers

x-vhost: bitdefender.com
service-worker-allowed: /
etag: W/"0x8DCB15252F8A0FE"
content-encoding: gzip
cf-cache-status: MISS
x-content-type-options: nosniff
x-cache: MISS
date: Mon, 04 Nov 2024 10:27:10 GMT
content-type: application/javascript
last-modified: Wed, 31 Jul 2024 11:17:11 GMT
x-served-by: cache-fra-eddf8230091-FRA
content-disposition: attachment; filename="service-worker.js"; filename*=UTF-8''service-worker.js
x-frame-options: SAMEORIGIN
strict-transport-security: max-age=31557600
vary: Accept-Encoding
cache-control: private, max-age=600, immutable
x-timer: S1730716030.775708,VS0,VS0,VE778
referrer-policy: no-referrer-when-downgrade
cf-ray: 8dd3e8f1ffdf9f36-FRA
access-control-allow-origin: *
x-xss-protection: 1; mode=block
server: cloudflare

GET
H2 200 55d2a9d.js Show response
www.bitdefender.com/nuxt/_nuxt/ 5 KB
2 KB 38ms
36ms Script
application/javascript 2606:4700::6812:a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/nuxt/_nuxt/55d2a9d.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ba2d9de94704a49594ea54353974b96ab4cdaea5a0208810607c6ead0e631531

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, s-maxage=86400
content-encoding: gzip
cf-cache-status: HIT
etag: W/"1411-192d363fb70"
age: 425
cf-ray: 8dd3e8f19f899f36-FRA
date: Mon, 04 Nov 2024 10:27:09 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Mon, 28 Oct 2024 13:49:58 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 225fd77.js Show response
www.bitdefender.com/nuxt/_nuxt/ 242 KB
83 KB 42ms
40ms Script
application/javascript 2606:4700::6812:a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/nuxt/_nuxt/225fd77.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

1ca014a90c27521e501919e22376c6fa1c4ab07ac65ee6af1ff136b0f324e76d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, s-maxage=86400
content-encoding: gzip
cf-cache-status: HIT
etag: W/"3c9ee-192e30a9ea8"
age: 425
cf-ray: 8dd3e8f19f8a9f36-FRA
date: Mon, 04 Nov 2024 10:27:09 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Thu, 31 Oct 2024 14:46:17 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 aa81d71.js Show response
www.bitdefender.com/nuxt/_nuxt/ 12 KB
4 KB 42ms
40ms Script
application/javascript 2606:4700::6812:a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/nuxt/_nuxt/aa81d71.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9853ed7c1a8f9217de1e500ca819e18cb0f25fc313b874a32c82901515cf0923

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, s-maxage=86400
content-encoding: gzip
cf-cache-status: HIT
etag: W/"30b7-192d363fb70"
age: 425
cf-ray: 8dd3e8f19f8b9f36-FRA
date: Mon, 04 Nov 2024 10:27:09 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Mon, 28 Oct 2024 13:49:58 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 4386cc7.css
www.bitdefender.com/nuxt/_nuxt/css/ 64 KB
12 KB 41ms
40ms Stylesheet
text/css 2606:4700::6812:a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/nuxt/_nuxt/css/4386cc7.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ff4f6648acadc44920e61b0f23a8b965f54d4ad9f87977e8113f5531c8f1e1b9

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, s-maxage=86400
content-encoding: gzip
cf-cache-status: HIT
etag: W/"1007d-192e30abde8"
age: 425
cf-ray: 8dd3e8f19f839f36-FRA
date: Mon, 04 Nov 2024 10:27:09 GMT
content-type: text/css; charset=UTF-8
last-modified: Thu, 31 Oct 2024 14:46:25 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 132816f.js Show response
www.bitdefender.com/nuxt/_nuxt/ 103 KB
29 KB 39ms
37ms Script
application/javascript 2606:4700::6812:a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/nuxt/_nuxt/132816f.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

86302a35aca59f3ef924580f6d1b8b98854a6e2edf701eb70b7a454865b2c020

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, s-maxage=86400
content-encoding: gzip
cf-cache-status: HIT
etag: W/"19b89-192d812a2e8"
age: 425
cf-ray: 8dd3e8f19f8c9f36-FRA
date: Mon, 04 Nov 2024 10:27:09 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Tue, 29 Oct 2024 11:39:13 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 a948464.css
www.bitdefender.com/nuxt/_nuxt/css/ 1 KB
583 B 36ms
34ms Stylesheet
text/css 2606:4700::6812:a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/nuxt/_nuxt/css/a948464.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

831b25d2cf0066937657444e6d8366c0e51af9ac0989def0613358d48bd45b88

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, s-maxage=86400
content-encoding: gzip
cf-cache-status: HIT
etag: W/"432-1924738b640"
age: 425
cf-bgj: minify
cf-ray: 8dd3e8f19f849f36-FRA
date: Mon, 04 Nov 2024 10:27:09 GMT
content-type: text/css; charset=UTF-8
last-modified: Tue, 01 Oct 2024 08:35:52 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 49be12a.js Show response
www.bitdefender.com/nuxt/_nuxt/ 51 KB
14 KB 50ms
49ms Script
application/javascript 2606:4700::6812:a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/nuxt/_nuxt/49be12a.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

43aee67c392b46da2e0de49eec7e78255bcbd0d339f05f6eec10f26c64ecc4f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, s-maxage=86400
content-encoding: gzip
cf-cache-status: HIT
etag: W/"cd54-192d363fb70"
age: 425
cf-ray: 8dd3e8f19f8d9f36-FRA
date: Mon, 04 Nov 2024 10:27:09 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Mon, 28 Oct 2024 13:49:58 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 6e55ef7.css
www.bitdefender.com/nuxt/_nuxt/css/ 114 B
180 B 41ms
40ms Stylesheet
text/css 2606:4700::6812:a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/nuxt/_nuxt/css/6e55ef7.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6692354a1d9a4d531832e922f7e86a9e80f24562572c9dc7614a71fe5145b266

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, s-maxage=86400
content-encoding: gzip
cf-cache-status: HIT
etag: W/"72-1924738b640"
age: 425
cf-bgj: minify
cf-ray: 8dd3e8f19f869f36-FRA
date: Mon, 04 Nov 2024 10:27:09 GMT
content-type: text/css; charset=UTF-8
last-modified: Tue, 01 Oct 2024 08:35:52 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 14e1019.js Show response
www.bitdefender.com/nuxt/_nuxt/ 768 B
553 B 49ms
49ms Script
application/javascript 2606:4700::6812:a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/nuxt/_nuxt/14e1019.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3bfe30d98e1e3510f76a8f380da5af288cd6313ff2977844bf345c7f3afcefda

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, s-maxage=86400
content-encoding: gzip
cf-cache-status: HIT
etag: W/"300-192d363fb70"
age: 425
cf-ray: 8dd3e8f19f8e9f36-FRA
date: Mon, 04 Nov 2024 10:27:09 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Mon, 28 Oct 2024 13:49:58 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 cc.js Show response
consent.cookiebot.com/4a55b566-7010-4633-9b03-7ba7735be0b6/ 375 B
601 B 70ms
70ms Script
application/x-javascript 2a02:26f0:3500:18::1724:a28c
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.cookiebot.com/4a55b566-7010-4633-9b03-7ba7735be0b6/cc.js?renew=false&referer=www.bitdefender.com&dnt=false&init=false&culture=en_US
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:18::1724:a28c Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: /
Resource Hash: 018f9e1aaada6e0c449d70167f3609fd5e8d028715e9ddf56cd5e6886d5ab140

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: private, max-age=60
access-control-expose-headers: Request-Context
content-encoding: gzip
cross-origin-resource-policy: cross-origin
request-context: appId=cid-v1:89f47f4b-bed0-4db8-956b-d6e6dfac3fef
content-length: 364
date: Mon, 04 Nov 2024 10:27:09 GMT
content-type: application/x-javascript; charset=utf-8
vary: Accept-Encoding

GET
H2 200 / Show response
www.bitdefender.com/site/Main/TagIT/newsessioninit/ 33 B
683 B 94ms
93ms Script
application/javascript 2606:4700::6812:a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/site/Main/TagIT/newsessioninit/?callback=&l=en&ch=1730716031

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/scripts/TagIT.v1.min.js?v=43

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fceba08a6bbdf2598e8f6d43e71b51854337da5f880c3fff252a25b9cd10b6ae

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/

Response headers

strict-transport-security: max-age=63072000; includeSubdomains; preload
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-encoding: gzip
cf-cache-status: DYNAMIC
pragma: no-cache
cf-ray: 8dd3e8f1ffe39f36-FRA
expires: Thu, 19 Nov 1981 08:52:00 GMT
p3p: CP="NOI ADM DEV COM NAV OUR STP"
date: Mon, 04 Nov 2024 10:27:09 GMT
content-type: application/javascript
server: cloudflare

GET
H2

200

rd Show response
dpm.demdex.net/id/
Redirect Chain

https://dpm.demdex.net/id?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0E920C0F53DA9E9B0A490D45%40AdobeOrg&d_nsid=0&ts=1730716029838
https://dpm.demdex.net/id/rd?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0E920C0F53DA9E9B0A490D45%40AdobeOrg&d_nsid=0&ts=1730716029838

965 B
1 KB

43ms
43ms

XHR
application/json

108.128.214.125
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://dpm.demdex.net/id/rd?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0E920C0F53DA9E9B0A490D45%40AdobeOrg&d_nsid=0&ts=1730716029838

Requested by

Protocol

Server

108.128.214.125 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-108-128-214-125.eu-west-1.compute.amazonaws.com

Software

Resource Hash

60b95df8267d708bd8d128b4cf4b357d1deeb851baabb89f594bdc254b9f701f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
dcs: dcs-prod-irl1-1-v067-0e9fa4ffc.edge-irl1.demdex.com 13 ms
content-encoding: gzip
pragma: no-cache
access-control-allow-credentials: true
x-tid: Wbrizm8ETaM=
expires: Thu, 01 Jan 1970 00:00:00 UTC
access-control-allow-origin: https://www.bitdefender.com
content-length: 551
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date: Mon, 04 Nov 2024 10:27:10 GMT
content-type: application/json;charset=utf-8
vary: Origin

Redirect headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
location: https://dpm.demdex.net/id/rd?d_visid_ver=5.5.0&d_fieldgroup=MC&d_rtbd=json&d_ver=2&d_verify=1&d_orgid=0E920C0F53DA9E9B0A490D45%40AdobeOrg&d_nsid=0&ts=1730716029838
dcs: dcs-prod-irl1-2-v067-04498adc8.edge-irl1.demdex.com 0 ms
pragma: no-cache
access-control-allow-credentials: true
x-tid: 8835+YAmRW8=
expires: Thu, 01 Jan 1970 00:00:00 UTC
access-control-allow-origin: https://www.bitdefender.com
content-length: 0
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date: Mon, 04 Nov 2024 10:27:09 GMT
vary: Origin

GET
H2 200 AppMeasurement.min.js Show response
assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/ 35 KB
13 KB 8ms
8ms Script
application/x-javascript 2a02:26f0:480:f9d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/AppMeasurement.min.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f9d::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

AkamaiNetStorage /

Resource Hash

b3bce010c0f5a7c24a82ae511194baf67bf8c2cee737a3a118f6b9590d322b15

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: no-cache
timing-allow-origin: *
content-encoding: gzip
etag: "d8232f86c8016a8e0acaa7ecfdf72b3e:1722493571.189276"
x-content-type-options: nosniff
expires: Mon, 04 Nov 2024 11:27:09 GMT
accept-ranges: bytes
access-control-allow-origin: https://www.bitdefender.com
content-length: 13012
date: Mon, 04 Nov 2024 10:27:09 GMT
content-type: application/x-javascript
last-modified: Thu, 01 Aug 2024 06:26:11 GMT
server: AkamaiNetStorage
vary: Accept-Encoding

GET
H2 200 AppMeasurement_Module_ActivityMap.min.js Show response
assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/ 3 KB
2 KB 10ms
10ms Script
application/x-javascript 2a02:26f0:480:f9d::1e80
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/AppMeasurement_Module_ActivityMap.min.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:f9d::1e80 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

AkamaiNetStorage /

Resource Hash

9a54e6b1253d785972ccaab75a888119d13083bfb1f80343aef9454d5cd5bb6d

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: no-cache
timing-allow-origin: *
content-encoding: gzip
etag: "bb4b6453e3ab80111a2b227318d22efb:1722493571.614634"
x-content-type-options: nosniff
expires: Mon, 04 Nov 2024 11:27:09 GMT
accept-ranges: bytes
access-control-allow-origin: https://www.bitdefender.com
content-length: 1597
date: Mon, 04 Nov 2024 10:27:09 GMT
content-type: application/x-javascript
last-modified: Thu, 01 Aug 2024 06:26:11 GMT
server: AkamaiNetStorage
vary: Accept-Encoding

GET
H2 200 loader.js Show response
app.usercentrics.eu/browser-ui/latest/ 33 KB
9 KB 29ms
7ms Script
text/javascript 2600:1901:0:5987::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.usercentrics.eu/browser-ui/latest/loader.js

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:5987:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

UploadServer /

Resource Hash

0405d39301cc6b0dc7a7e672665971ec14e22b722cbdd3bd9f07b1975035617c

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

x-goog-metageneration: 2
access-control-expose-headers: Content-Type, Content-Length, Transfer-Encoding
content-encoding: gzip
x-goog-hash: crc32c=MrqANQ==, md5=cH9YE24IwbqcHG8aS41/8Q==
etag: "707f58136e08c1ba9c1c6f1a4b8d7ff1"
age: 2684
x-goog-stored-content-encoding: gzip
expires: Mon, 04 Nov 2024 10:42:25 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 8553
date: Mon, 04 Nov 2024 09:42:25 GMT
last-modified: Mon, 28 Oct 2024 13:37:56 GMT
content-type: text/javascript
x-guploader-uploadid: AHmUCY0yiZz68TgdlRu02-sOBq8lc9iov7ypH1VXf1FbgaRiIK03gnu6RWQLPEY1jF0T6oz6sx0ZR5XT
strict-transport-security: max-age=7776000
cache-control: public, max-age=3600, no-transform
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1730122676532971
content-length: 8553
server: UploadServer

POST
H2 200 ip.json Show response
api.company-target.com/api/v3/ 479 B
1 KB 94ms
59ms XHR
application/json 18.66.102.85
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://api.company-target.com/api/v3/ip.json?&page=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F&referrer=&page_title=Unmasking%20the%20SYS01%20Infostealer%20Threat%3A%20Bitdefender%20Labs%20Tracks%20Global%20Malvertising%20Campaign%20Targeting%20Meta%20Business%20Pages

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

18.66.102.85 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-18-66-102-85.fra56.r.cloudfront.net

Software

nginx /

Resource Hash

281687db3610680bd733cdea13a77c34e18e99266ad810d5fff7f3e7f7fdf53c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.bitdefender.com/

Response headers

access-control-max-age: 7200
access-control-expose-headers: x-amz-cf-id
content-encoding: gzip
identification-source: CENTRAL
access-control-allow-methods: GET, POST, OPTIONS
request-id: 1d6072eb-7688-4bb0-a4b0-237d9fdba099
expires: Sun, 03 Nov 2024 10:27:09 GMT
x-cache: Miss from cloudfront
x-amz-cf-id: KlOTOXFP7_ZjqO_nB-4M5oCrtH_Cgj6YX_nmxdzyZqN7URXkcLGGDQ==
date: Mon, 04 Nov 2024 10:27:09 GMT
content-type: application/json;charset=utf-8
vary: Accept-Encoding, Origin
access-control-allow-headers: DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
api-version: v3
access-control-allow-credentials: true
via: 1.1 cb4c4a25e4ef534686959996782c8476.cloudfront.net (CloudFront)
access-control-allow-origin: https://www.bitdefender.com
x-amz-cf-pop: FRA56-P2
server: nginx

GET
H2 200 web-interactives-embed.js Show response
js.hubspot.com/ 83 KB
25 KB 49ms
20ms Script
application/javascript 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hubspot.com/web-interactives-embed.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/341979.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cb60114d01e18846fc0570ef5b0c637ff1cf5f96b3cea88dd7a7a56bc587d726

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.bitdefender.com
Referer: https://www.bitdefender.com/

Response headers

x-request-id: bffc6702-3157-4dce-9507-1743fd0f702a
content-encoding: gzip
cf-cache-status: HIT
x-amz-version-id: CxKDbkLWIG8oARp7ZgYVTZrOz3tr7GRC
etag: W/"83516cb36bba59046b931d3496c56b0c"
age: 400
cache-tag: staticjsapp-web-interactives-embed-web-prod,staticjsapp-prod
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OcpZdMSyQJ9U22Cofsgzd%2FOoKPY960cnuMVzKac4eVf1czxXK3hT0GLDvOOZX%2FI14CAncNqEzZYqc8s00zlvtPEaNX5sfmD6%2FVeaBrMYuBeK%2F5Wd5pztyHyVwCHcUKQBdiqOkJzGj9nPTFI4"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: FaEpJWQB8mMZopRa569PBbu7lEkC4xYly5_p8ePv97f1Mn5wu-Co-g==
x-hubspot-correlation-id: bffc6702-3157-4dce-9507-1743fd0f702a
content-type: application/javascript; charset=utf-8
last-modified: Fri, 01 Nov 2024 15:51:22 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-86c46c9777-4plgg
x-envoy-upstream-service-time: 7
x-hs-target-asset: web-interactives-embed/static-2.1648/bundles/project.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
access-control-max-age: 3000
access-control-allow-methods: GET
x-hs-cache-status: MISS
date: Mon, 04 Nov 2024 10:27:09 GMT
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=web-interactives-embed/static-2.1648/bundles/project.js&cfRay=8dd3df2d3a8bb64a-FRA
via: 1.1 7375f2360b80ec8c602f04aa2cc7a57c.cloudfront.net (CloudFront)
cf-ray: 8dd3e8f2ed51d9d0-FRA
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H2 200 341979.js Show response
js.hs-analytics.net/analytics/1730715900000/ 70 KB
25 KB 56ms
37ms Script
text/javascript 2606:4700::6810:a0a8
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-analytics.net/analytics/1730715900000/341979.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/341979.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6810:a0a8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: be896bdbc5445ec366a8d0d81d4a553e900d73898461be6b79a7c0ac2236ef30

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

x-amz-server-side-encryption: AES256
x-request-id: b270d594-c9e6-427a-8c04-31c0a54b34fd
content-encoding: gzip
cf-cache-status: HIT
etag: W/"467933c77feb86162ba87357e2229dc8"
x-amz-version-id: null
age: 127
expires: Mon, 04 Nov 2024 10:30:02 GMT
x-evy-trace-listener: listener_https
date: Mon, 04 Nov 2024 10:27:09 GMT
x-hubspot-correlation-id: b270d594-c9e6-427a-8c04-31c0a54b34fd
content-type: text/javascript
last-modified: Tue, 22 Oct 2024 20:38:20 GMT
vary: origin, Accept-Encoding
x-amz-id-2: wGEfoBrlTDDyjp5RpFwyLJ3MZc//mlifndJ+tYUJA6E356EasthOwqMXgl4KoUUhOd39Spw5zFA=
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-58b4c4568d-rppc2
x-envoy-upstream-service-time: 24
access-control-allow-credentials: false
x-amz-request-id: MKH4BSXTBSAT1BZT
cf-ray: 8dd3e8f2da61dc68-FRA
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 conversations-embed.js Show response
js.usemessages.com/ 93 KB
26 KB 45ms
19ms Script
application/javascript 2606:4700::6810:4d8e
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.usemessages.com/conversations-embed.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/341979.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:4d8e , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

067c9537ec36da4afb93e9fec9bc7e656959b6623e9491f0092200db06657f1c

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

x-evy-trace-virtual-host: all
x-request-id: 1ccbb663-b198-4764-91cc-f905655fc513
content-encoding: gzip
cf-cache-status: HIT
etag: W/"437fb84b40fd41c605a366d14a984219"
x-amz-version-id: GnpHiVDEdERXJOUylwbQwpaNqjGhipG0
age: 114
cache-tag: staticjsapp-conversations-embed-web-prod,staticjsapp-prod
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-hs-cache-status: HIT
x-amz-cf-id: hjnu7CIRyA-KDaGYcvFkek01DYMTE620mQwc7AlCaYgestXEzo6p0g==
date: Mon, 04 Nov 2024 10:27:09 GMT
x-hubspot-correlation-id: 1ccbb663-b198-4764-91cc-f905655fc513
content-type: application/javascript; charset=utf-8
last-modified: Thu, 31 Oct 2024 16:46:07 UTC
vary: accept-encoding
x-evy-trace-listener: listener_https
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=600
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-86c46c9777-kd98q
x-envoy-upstream-service-time: 0
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=conversations-embed/static-1.18525/bundles/project.js&cfRay=8dd3e6253a243663-FRA
via: 1.1 a4f9ca051b97c1ac09e2af244690d376.cloudfront.net (CloudFront)
cf-ray: 8dd3e8f2e81c3734-FRA
x-evy-trace-route-configuration: listener_https/all
x-hs-target-asset: conversations-embed/static-1.18525/bundles/project.js
x-amz-cf-pop: IAD12-P3
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 leadflows.js Show response
js.hsleadflows.net/ 550 KB
92 KB 40ms
21ms Script
application/javascript 2606:4700::6812:8911
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js.hsleadflows.net/leadflows.js

Requested by

Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/341979.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:8911 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d44882ab82adeef2856a0d52fb54bb70e472be45d50aa3a16b4cb39223391a99

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.bitdefender.com
Referer: https://www.bitdefender.com/

Response headers

x-request-id: ac06f82f-4420-4475-b59e-ff6aeb2d7218
content-encoding: gzip
cf-cache-status: HIT
x-amz-version-id: 1P48dmUoAxkQ57N6qBxgDzS3oBmZAXBF
etag: W/"ce26171eff05376a1b746efbb809f7f6"
age: 84598
cache-tag: staticjsapp-lead-flows-cloudflare-web-prod,staticjsapp-prod
x-content-type-options: nosniff
x-cache: Hit from cloudfront
x-evy-trace-listener: listener_https
x-amz-cf-id: wPT1Onv_n1_R67YJh3bmtE1iKTENDVQwSlS_nYakWo7hyzEIowUPnQ==
x-hubspot-correlation-id: ac06f82f-4420-4475-b59e-ff6aeb2d7218
content-type: application/javascript; charset=utf-8
last-modified: Wed, 09 Oct 2024 10:17:06 UTC
x-amz-replication-status: COMPLETED
x-evy-trace-route-service-name: envoyset-translator
cache-control: s-maxage=86400, max-age=0
x-evy-trace-served-by-pod: iad02/app-td/envoy-proxy-86c46c9777-zl2mg
x-envoy-upstream-service-time: 5
x-hs-target-asset: lead-flows-js/static-1.1724/bundle/main/lead-flows-release.js
server: cloudflare
x-evy-trace-virtual-host: all
x-amz-server-side-encryption: AES256
access-control-max-age: 3000
access-control-allow-methods: GET
x-hs-cache-status: MISS
date: Mon, 04 Nov 2024 10:27:09 GMT
vary: Origin,Access-Control-Request-Headers,Access-Control-Request-Method,accept-encoding
content-security-policy-report-only: frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=lead-flows-js/static-1.1724/bundle/main/lead-flows-release.js&cfRay=8dcbd7910f7d367d-FRA
via: 1.1 4715507645a6516d2df35cd342cb5be0.cloudfront.net (CloudFront)
cf-ray: 8dd3e8f2d9ccd9d4-FRA
access-control-allow-origin: *
x-evy-trace-route-configuration: listener_https/all
x-amz-cf-pop: IAD12-P3

GET
H2 200 341979.js Show response
js.hs-banner.com/ 70 KB
21 KB 46ms
25ms Script
text/javascript 2606:4700:4400::6812:28f0
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://js.hs-banner.com/341979.js
Requested by: Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/341979.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:4400::6812:28f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: e762dea4a25bf3b8c1fdae8951feaa2a41c8962e3a3145996efcfb78d79333cc

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

x-evy-trace-virtual-host: all
access-control-max-age: 604800
x-request-id: 8a320c7a-e49d-4e65-95f5-a7ab9ecb6ee1
access-control-expose-headers: x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
content-encoding: gzip
cf-cache-status: HIT
etag: W/"28538b58da5874462a53c5457bef88e7"
x-amz-version-id: 9nLDsADg80vL15QrNMBBb9toGslqVvQF
age: 50
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
expires: Mon, 04 Nov 2024 10:31:19 GMT
x-evy-trace-listener: listener_https
date: Mon, 04 Nov 2024 10:27:09 GMT
x-hubspot-correlation-id: 8a320c7a-e49d-4e65-95f5-a7ab9ecb6ee1
content-type: text/javascript; charset=UTF-8
last-modified: Thu, 12 Sep 2024 08:44:46 GMT
vary: origin, Accept-Encoding
x-amz-id-2: UBFklj4k+c9H/9YY1KRz5LmZNPlR+mKgvmZHL9Voy85BgI6SwV+RhqPNZPjK8t51WOCM3EMkzD4=
access-control-allow-headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=300,public
timing-allow-origin: *
x-evy-trace-served-by-pod: iad02/analytics-js-proxy-td/envoy-proxy-58b4c4568d-mmpkf
x-envoy-upstream-service-time: 143
access-control-allow-credentials: true
x-amz-request-id: 5MTQVNHY57XEJYBM
cf-ray: 8dd3e8f2d8a4a05b-FRA
access-control-allow-origin: https://www.bitdefender.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-amz-server-side-encryption: AES256

GET
H2 200 bc-v4.min.html
consentcdn.cookiebot.com/sdk/ Frame 2124 0
0 23ms
10ms Document
text/html 2a02:26f0:3500:886::f09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://consentcdn.cookiebot.com/sdk/bc-v4.min.html
Requested by: Host: consent.cookiebot.com
URL: https://consent.cookiebot.com/uc.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:886::f09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AkamaiNetStorage /
Resource Hash

Request headers

Referer: https://www.bitdefender.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: max-age=31536000
content-encoding: gzip
content-length: 392
content-type: text/html
cross-origin-embedder-policy: require-corp
cross-origin-resource-policy: cross-origin
date: Mon, 04 Nov 2024 10:27:09 GMT
etag: "3d08665fa4c7bcf9fa2dcbbc7efe1d0f:1649057029.895163"
expires: Tue, 04 Nov 2025 10:27:09 GMT
last-modified: Mon, 04 Apr 2022 07:23:49 GMT
server: AkamaiNetStorage
server-timing: cdn-cache; desc=HIT edge; dur=1 ak_p; desc="1730716029897_388276618_758162076_21_879_6_10_255";dur=1
vary: Accept-Encoding
x-akamai-transformed: 9 - 0 pmb=mRUM,1

GET
H2 200 / Show response
www.bitdefender.com/site/Main/TagIT/getparams/ 53 B
134 B 89ms
88ms Script
application/javascript 2606:4700::6812:a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/site/Main/TagIT/getparams/?callback=TagIT_getParams_callback&callback2=&l=en&ch=1730716032

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/scripts/TagIT.v1.min.js?v=43

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

33f4a3188e5bd3946bc65cba66db7f0400a6c149acc208b4b46640af86858f61

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubdomains; preload

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/

Response headers

strict-transport-security: max-age=63072000; includeSubdomains; preload
cache-control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-encoding: gzip
cf-cache-status: DYNAMIC
pragma: no-cache
cf-ray: 8dd3e8f2d8c69f36-FRA
expires: Thu, 19 Nov 1981 08:52:00 GMT
p3p: CP="NOI ADM DEV COM NAV OUR STP"
date: Mon, 04 Nov 2024 10:27:09 GMT
content-type: application/javascript
server: cloudflare

GET
H3 200 index.module.js Show response
app.usercentrics.eu/browser-ui/3.56.0/ 440 KB
118 KB 19ms
9ms Script
text/javascript 35.190.14.188
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.usercentrics.eu/browser-ui/3.56.0/index.module.js

Requested by

Host: app.usercentrics.eu
URL: https://app.usercentrics.eu/browser-ui/latest/loader.js

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.14.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.14.190.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

0bec4f5deafe105f91bd435fd9cb91a0e245618930ed100e0cf778485209dc98

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.bitdefender.com
Referer: https://www.bitdefender.com/

Response headers

x-goog-metageneration: 2
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding: gzip
x-goog-hash: crc32c=Mmy7bw==, md5=u9tmgDDO27OQRq9/jJjb5g==
etag: "bbdb668030cedbb39046af7f8c98dbe6"
age: 310321
x-goog-stored-content-encoding: gzip
expires: Fri, 31 Oct 2025 20:15:08 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 120984
date: Thu, 31 Oct 2024 20:15:08 GMT
last-modified: Mon, 28 Oct 2024 13:37:33 GMT
content-type: text/javascript
x-guploader-uploadid: AHmUCY0d0CbjZVS64h6BPq_4RW40X5A1TagzIismt2M0nPJTIH0HNcgi26AlsIzgq9C93Y8ObVA
strict-transport-security: max-age=7776000
cache-control: public, max-age=31536000, no-transform
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1730122653023058
content-length: 120984
server: UploadServer

GET
H2 200 9890752fc19726fc8a394d54a189ae9f.js Show response
euob.ofgreencolumn.com/sxp/i/ 108 KB
40 KB 42ms
8ms Script
text/javascript 2600:9000:2490:c200:d:199b:f700:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://euob.ofgreencolumn.com/sxp/i/9890752fc19726fc8a394d54a189ae9f.js
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:2490:c200:d:199b:f700:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: Caddy /
Resource Hash: 93d68e599c87c51e08c8b7813470cd1951e2d40e903f7871bf29735c77715f02

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: max-age=43200
content-encoding: gzip
etag: "1af92-tq2XhA+G/ajGOl3TCLvUvTmFw+U"
age: 36613
via: 1.1 5c0a79476717d213b9c559bafee1c65e.cloudfront.net (CloudFront)
expires: Mon, 04 Nov 2024 12:16:56 GMT
x-cache: Hit from cloudfront
content-length: 40396
x-amz-cf-id: lh53vObz_WVTJHSuQfeERhOFH03Tf1sudwn2qniXeo0y6E1j8WV54g==
date: Mon, 04 Nov 2024 00:16:59 GMT
content-type: text/javascript; charset=utf-8
vary: Accept-Encoding
server: Caddy
x-amz-cf-pop: FRA56-P6

OPTIONS
H2 200 public
api.hubspot.com/livechat-public/v1/message/ Frame 0
0 144ms
134ms Preflight
text/plain 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://api.hubspot.com/livechat-public/v1/message/public?portalId=341979&conversations-embed=static-1.18525&mobile=false&messagesUtk=7cac53ac6bfa4731bce71e0e0cde8416&traceId=7cac53ac6bfa4731bce71e0e0cde8416

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: */*
Access-Control-Request-Headers: x-hubspot-messages-uri
Access-Control-Request-Method: GET
Origin: https://www.bitdefender.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: false
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
access-control-allow-origin: https://www.bitdefender.com
allow: HEAD,GET,OPTIONS
cf-cache-status: DYNAMIC
cf-ray: 8dd3e8f33e31d9d0-FRA
content-length: 18
content-type: text/plain; charset=utf-8
date: Mon, 04 Nov 2024 10:27:10 GMT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2XHU3jfWq8AXwKxvhqDRITrBjWIkjAr50jp9bcd%2BHhKNlZbVSjCTldZtfC9un8lEtFobaAESom1AVWM4JWlWZVGQoLxkpco7WcypvW2c%2BL5vn1sYgKCS9ckr%2FX2zllrylKAWpRSu%2F%2F19bgcELQ%3D%3D"}],"group":"cf-nel","max_age":604800}
server: cloudflare
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: origin, Accept-Encoding
x-content-type-options: nosniff
x-hubspot-correlation-id: 62e2f2f6-5dad-4f66-a1b2-12cda38e442a

GET
H2 200 public Show response
api.hubspot.com/livechat-public/v1/message/ 399 B
1 KB 146ms
146ms XHR
application/json 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

Requested by

Host: js.usemessages.com
URL: https://js.usemessages.com/conversations-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b37c5d6586ad70d770ed5acf7caa2372637af52fce2db6380e6146d7660add7a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
X-HubSpot-Messages-Uri: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/
Referer: https://www.bitdefender.com/

Response headers

content-encoding: gzip
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mk4fGRA9RJRryzfWti5CuEDP1Z37HPlmrYhO1GJ20OlUgpuGTKQdQ3ckoW0Ly%2F3cR0wupl8fPQCTzRZEJ6VDu6dIZoAvvvv7pGmgu%2FgLVof71bB7pWmx%2FNQ7llHooLyYLysgfQfE9MPSYGVRkw%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options: nosniff
date: Mon, 04 Nov 2024 10:27:10 GMT
x-hubspot-correlation-id: c1369a8e-08d8-4546-b0db-a8656aa3595b
content-type: application/json;charset=utf-8
vary: origin, Accept-Encoding
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent, X-HubSpot-Messages-Uri
strict-transport-security: max-age=31536000; includeSubDomains; preload
cache-control: no-cache, no-store, no-transform, must-revalidate, max-age=0
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials: false
cf-ray: 8dd3e8f4085cd9d0-FRA
access-control-allow-origin: https://www.bitdefender.com
content-length: 289
server: cloudflare

GET
H2 200 combinedConfigs Show response
cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/ 132 B
1 KB 126ms
117ms Fetch
application/json 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cta-service-cms2.hubspot.com/web-interactives/public/v1/embed/combinedConfigs?portalId=341979&currentUrl=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F

Requested by

Host: js.hubspot.com
URL: https://js.hubspot.com/web-interactives-embed.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2a9169e087b81ab0309db3e903459162c62102cafd1a24b6ee0ac25cdb048f59

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

x-robots-tag: noindex, follow
access-control-max-age: 180
x-request-id: b05cff51-64ee-402f-acba-aede4315dc8d
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BRYKCZMpeR8IHyLQk3AY4J%2BIm1%2BG%2FKuySHoKN736OZZ7MUE9GEjDFxqgKwpbOyxkdaODWJlAFW2fHFhn1lVfFT1rU23MB7szFapPsCO9WtXNpknIECZLRUO7tfweu8jSQEX%2BF5Oc%2BOVz4h%2BD%2Fo%2FfFeggbGj%2B6CHeIRc%3D"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: OPTIONS, GET
x-evy-trace-listener: listener_https
date: Mon, 04 Nov 2024 10:27:10 GMT
x-hubspot-correlation-id: b05cff51-64ee-402f-acba-aede4315dc8d
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-6c6b56f4b-jkdpv
x-envoy-upstream-service-time: 10
access-control-allow-credentials: true
cf-ray: 8dd3e8f33e49d9d0-FRA
access-control-allow-origin: https://www.bitdefender.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

OPTIONS
H2 200 SD1TKlYyWO4GcB.json
api.usercentrics.eu/ruleSet/ Frame 0
0 46ms
23ms Preflight
text/html 2600:1901:0:c07c::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.usercentrics.eu/ruleSet/SD1TKlYyWO4GcB.json

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:c07c:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

UploadServer /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.bitdefender.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-origin: *
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 04 Nov 2024 10:27:10 GMT
expires: Mon, 04 Nov 2024 10:27:10 GMT
server: UploadServer
strict-transport-security: max-age=7776000
x-client-geo-location: DE,DENW
x-guploader-uploadid: AHmUCY3thYa1maBMo_J8CiY9QgNIDZKAF7HrE_YIZElMk-BghtxMLDGMJUvicFLtEPctILamhog

GET
H2 200 SD1TKlYyWO4GcB.json Show response
api.usercentrics.eu/ruleSet/ 552 B
878 B 10ms
9ms Fetch
application/json 2600:1901:0:c07c::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://api.usercentrics.eu/ruleSet/SD1TKlYyWO4GcB.json

Requested by

Host: app.usercentrics.eu
URL: https://app.usercentrics.eu/browser-ui/3.56.0/index.module.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:c07c:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

UploadServer /

Resource Hash

a1aa30b8c2998ad91b6d0cd88fa7fa3a4c2a3e79df019cbc504e380f0aef6c47

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.bitdefender.com/

Response headers

x-goog-metageneration: 1
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding: gzip
x-goog-hash: crc32c=OfYgNQ==, md5=pEu3r9j/CLIr70/GZQNh5w==
etag: "a44bb7afd8ff08b22bef4fc6650361e7"
age: 1318
x-goog-stored-content-encoding: gzip
expires: Mon, 04 Nov 2024 10:35:12 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 349
x-client-geo-location: DE,DENW
date: Mon, 04 Nov 2024 10:05:12 GMT
last-modified: Wed, 03 Jul 2024 09:20:03 GMT
content-type: application/json
vary: Accept-Encoding
x-guploader-uploadid: AHmUCY3qUjiN1VHTrQvii2w_galrqgBZiJxH4kGzlz71zItRkF4_zyOoQP8nonHlnVSAV1hMsSw
strict-transport-security: max-age=7776000
cache-control: public, max-age=1800, s-maxage=1800
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1719998403375993
content-length: 349
server: UploadServer

POST
H2 200 ct Show response
obseu.ofgreencolumn.com/ 4 KB
2 KB 131ms
47ms XHR
application/json 2a05:d018:56f:b802:834:8d0e:be2f:5ebe
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://obseu.ofgreencolumn.com/ct
Requested by: Host: euob.ofgreencolumn.com
URL: https://euob.ofgreencolumn.com/sxp/i/9890752fc19726fc8a394d54a189ae9f.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a05:d018:56f:b802:834:8d0e:be2f:5ebe Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 2ef11b39bdbd779733b5b2b7201b81de4884bd8f37a43aab5e2ee46a613212d3

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.bitdefender.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
timing-allow-origin: https://www.bitdefender.com
content-encoding: gzip
pragma: no-cache
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.bitdefender.com
content-length: 1192
date: Mon, 04 Nov 2024 10:27:10 GMT
content-type: application/json

GET
H2 200 dest5.html
bitdefender.demdex.net/ Frame A17B 0
0 114ms
32ms Document
text/html 54.194.45.227
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://bitdefender.demdex.net/dest5.html?d_nsid=0

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

54.194.45.227 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-54-194-45-227.eu-west-1.compute.amazonaws.com

Software

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.bitdefender.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
content-encoding: gzip
content-type: text/html;charset=UTF-8
date: Mon, 04 Nov 2024 10:27:10 GMT
dcs: dcs-prod-irl1-1-v067-0473b926e.edge-irl1.demdex.com 0 ms
expires: Thu, 01 Jan 1970 00:00:00 UTC
last-modified: Wed, 16 Oct 2024 08:54:28 GMT
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
pragma: no-cache
strict-transport-security: max-age=31536000; includeSubDomains
vary: accept-encoding
x-tid: GU168dw7Q9U=

GET
H2 200 id Show response
sstats.bitdefender.com/ 48 B
464 B 94ms
20ms XHR
application/x-javascript 63.140.62.222
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sstats.bitdefender.com/id?d_visid_ver=5.5.0&d_fieldgroup=A&mcorgid=0E920C0F53DA9E9B0A490D45%40AdobeOrg&mid=58236155834717141243551065505558930643&ts=1730716030061

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.62.222 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-63-140-62-222.data.adobedc.net

Software

jag /

Resource Hash

a988415a6adfb1c6eb3248b7cc08e1d169c04632a2b390e7bf182aa734a763bc

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.bitdefender.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
x-content-type-options: nosniff
access-control-allow-origin: https://www.bitdefender.com
p3p: CP="This is not a P3P policy"
content-length: 48
date: Mon, 04 Nov 2024 10:27:10 GMT
x-xss-protection: 1; mode=block
content-type: application/x-javascript;charset=utf-8
vary: Origin
server: jag

GET
H2

200

ibs:dpid=411&dpuuid=ZyihfgAAAMjjOgN-
dpm.demdex.net/
Redirect Chain

https://cm.everesttech.net/cm/dd?d_uuid=58256175664764225393552927275058157076
https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZyihfgAAAMjjOgN-

42 B
717 B

37ms
37ms

Image
image/gif

108.128.214.125
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZyihfgAAAMjjOgN-

Requested by

Protocol

Server

108.128.214.125 Dublin, Ireland, ASN16509 (AMAZON-02, US),

Reverse DNS

ec2-108-128-214-125.eu-west-1.compute.amazonaws.com

Software

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private
dcs: dcs-prod-irl1-2-v067-010c1a5fa.edge-irl1.demdex.com 5 ms
content-encoding: gzip
pragma: no-cache
x-content-type-options: nosniff
x-tid: xZirlsVjQpA=
expires: Thu, 01 Jan 1970 00:00:00 UTC
content-length: 59
p3p: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"
date: Mon, 04 Nov 2024 10:27:10 GMT
content-type: image/gif

Redirect headers

Cache-Control: no-cache
Location: https://dpm.demdex.net/ibs:dpid=411&dpuuid=ZyihfgAAAMjjOgN-
P3P: CP="NOI NID DEVa PSAa PSDa OUR IND PUR COM NAV INT DEM"
Content-Length: 0
Date: Mon, 04 Nov 2024 10:27:10 GMT
Connection: keep-alive
Server: AMO-cookiemap/1.1

POST
H2 200 delivery Show response
starget.bitdefender.com/rest/v1/ 354 B
851 B 145ms
46ms XHR
application/json 66.235.152.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://starget.bitdefender.com/rest/v1/delivery?client=bitdefender&sessionId=4f9a548efa3a4637a10a1c34b1b1a54a&version=2.11.4

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.235.152.156 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-66-235-152-156.data.adobedc.net

Software

jag /

Resource Hash

fda7bb68be60070389cf11d11207cd670841a8525179865e5ea884e930a30a95

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.bitdefender.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-request-id: aa912735-c2c2-4be9-b6bc-0e4696678309
cache-control: no-cache, no-store, max-age=0, no-transform, private
timing-allow-origin: *
content-encoding: gzip
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
access-control-allow-credentials: true
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
access-control-allow-origin: https://www.bitdefender.com
date: Mon, 04 Nov 2024 10:27:10 GMT
x-xss-protection: 1; mode=block
content-type: application/json;charset=UTF-8
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
server: jag

GET
H3 200 languages.json Show response
api.usercentrics.eu/settings/kwvEyHMjYRQG-x/latest/ 152 B
133 B 9ms
9ms Fetch
application/json 35.241.3.184
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://api.usercentrics.eu/settings/kwvEyHMjYRQG-x/latest/languages.json

Requested by

Host: app.usercentrics.eu
URL: https://app.usercentrics.eu/browser-ui/3.56.0/index.module.js

Protocol

Security

QUIC, , AES_128_GCM

Server

35.241.3.184 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

184.3.241.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

0a25589501a065c71010f4b685f20a2a283ba910b374e2ce8148c4fcd623e9a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.bitdefender.com/

Response headers

x-goog-metageneration: 1
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding: gzip
x-goog-hash: crc32c=4sEJow==, md5=aPmXvSP/EY/QrW9PJ19q/w==
etag: "68f997bd23ff118fd0ad6f4f275f6aff"
age: 38
x-goog-stored-content-encoding: gzip
expires: Mon, 04 Nov 2024 10:27:32 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 100
x-client-geo-location: DE,DEBY
date: Mon, 04 Nov 2024 10:26:32 GMT
last-modified: Fri, 18 Oct 2024 06:31:04 GMT
content-type: application/json
vary: Accept-Encoding
x-guploader-uploadid: AHmUCY2pA5k90phPaKQ501DhwpV80DFCDqJ5xV9t0Mm0PRrvySEEezvVwDejYyQs27s9t4ctgcE4AW02Eg
strict-transport-security: max-age=7776000
cache-control: public, max-age=1800, s-maxage=60
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1729233064347146
content-length: 100
server: UploadServer

OPTIONS
H3 200 languages.json
api.usercentrics.eu/settings/kwvEyHMjYRQG-x/latest/ Frame 0
0 23ms
23ms Preflight
text/html 35.241.3.184
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://api.usercentrics.eu/settings/kwvEyHMjYRQG-x/latest/languages.json

Protocol

Security

QUIC, , AES_128_GCM

Server

35.241.3.184 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

184.3.241.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.bitdefender.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-origin: *
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 04 Nov 2024 10:27:10 GMT
expires: Mon, 04 Nov 2024 10:27:10 GMT
server: UploadServer
strict-transport-security: max-age=7776000
x-client-geo-location: DE,DEBY
x-guploader-uploadid: AHmUCY2WXCpCSaxCt-KA468d-bRHto3YP_mwsDWFvlCI5VwyvszxnDUYo2nh-CKDzpbEhV40fXs

GET
H3 200 counters.gif
perf-na1.hsforms.com/embed/v3/ 35 B
930 B 188ms
168ms Image
image/gif 104.18.80.204
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://perf-na1.hsforms.com/embed/v3/counters.gif?key=config-loaded-success&value=1

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

104.18.80.204 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

x-robots-tag: none
x-request-id: 0278b408-6623-4dd7-8678-84a85247b38d
access-control-expose-headers: X-Origin-Hublet
cf-cache-status: MISS
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=86400
x-evy-trace-listener: listener_https
date: Mon, 04 Nov 2024 10:27:10 GMT
x-hubspot-correlation-id: 0278b408-6623-4dd7-8678-84a85247b38d
content-type: image/gif
vary: origin, Accept-Encoding
last-modified: Mon, 04 Nov 2024 10:27:10 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-6c6b56f4b-kbk2w
x-envoy-upstream-service-time: 3
access-control-allow-credentials: false
cf-ray: 8dd3e8f41bf83672-FRA
accept-ranges: bytes
x-evy-trace-route-configuration: listener_https/all
content-length: 35
server: cloudflare
x-evy-trace-virtual-host: all

GET
H3 200 en.json Show response
api.usercentrics.eu/settings/kwvEyHMjYRQG-x/latest/ 41 KB
9 KB 10ms
10ms Fetch
application/json 35.241.3.184
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://api.usercentrics.eu/settings/kwvEyHMjYRQG-x/latest/en.json

Requested by

Host: app.usercentrics.eu
URL: https://app.usercentrics.eu/browser-ui/3.56.0/index.module.js

Protocol

Security

QUIC, , AES_128_GCM

Server

35.241.3.184 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

184.3.241.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

a3cddc071e1d265159ef98298be31d30532d5629ad9acba1c3f8318d2262ccbf

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.bitdefender.com/

Response headers

x-goog-metageneration: 1
access-control-expose-headers: *, Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding: gzip
x-goog-hash: crc32c=eE6wOw==, md5=nIom9/9FYz9Frxiayv3+Iw==
etag: "9c8a26f7ff45633f45af189acafdfe23"
age: 38
x-goog-stored-content-encoding: gzip
expires: Mon, 04 Nov 2024 10:27:32 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 8742
x-client-geo-location: DE,DEBY
date: Mon, 04 Nov 2024 10:26:32 GMT
last-modified: Fri, 18 Oct 2024 06:31:04 GMT
content-type: application/json
vary: Accept-Encoding
x-guploader-uploadid: AHmUCY2gaIhDKtI7bVlsGiz0zJgyMbYgxdUDsOlyVcic5xmd01fYy713pI1d4XYu1To_mhq3oRvojD4kOQ
strict-transport-security: max-age=7776000
cache-control: public, max-age=1800, s-maxage=60
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1729233064272357
content-length: 8742
server: UploadServer

OPTIONS
H3 200 en.json
api.usercentrics.eu/settings/kwvEyHMjYRQG-x/latest/ Frame 0
0 21ms
21ms Preflight
text/html 35.241.3.184
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://api.usercentrics.eu/settings/kwvEyHMjYRQG-x/latest/en.json

Protocol

Security

QUIC, , AES_128_GCM

Server

35.241.3.184 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

184.3.241.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.bitdefender.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-origin: *
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 04 Nov 2024 10:27:10 GMT
expires: Mon, 04 Nov 2024 10:27:10 GMT
server: UploadServer
strict-transport-security: max-age=7776000
x-client-geo-location: DE,DEBY
x-guploader-uploadid: AHmUCY2OAEAVnXVUmHNFxIJG00CuyDtIp_75HYkNxaDV5lkmQxxh8EhOp90ElnxgUAiW6RwpENs

GET
H2 200 cross-domain-bridge.html
app.usercentrics.eu/browser-sdk/4.38.5/ Frame 3084 0
0 21ms
8ms Document
text/html 2600:1901:0:5987::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.usercentrics.eu/browser-sdk/4.38.5/cross-domain-bridge.html

Requested by

Host: app.usercentrics.eu
URL: https://app.usercentrics.eu/browser-ui/3.56.0/index.module.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:5987:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

UploadServer /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

Referer: https://www.bitdefender.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-origin: *
access-control-expose-headers: Content-Type Content-Length Transfer-Encoding
age: 200063
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=2592000, no-transform
content-encoding: gzip
content-length: 1142
content-type: text/html
date: Sat, 02 Nov 2024 02:52:47 GMT
etag: "c694926fa8d9549789a56bd1df21b8a8"
expires: Mon, 02 Dec 2024 02:52:47 GMT
last-modified: Mon, 28 Oct 2024 13:37:13 GMT
server: UploadServer
strict-transport-security: max-age=7776000
x-goog-generation: 1730122633298226
x-goog-hash: crc32c=CXfLbw== md5=xpSSb6jZVJeJpWvR3yG4qA==
x-goog-metageneration: 2
x-goog-storage-class: STANDARD
x-goog-stored-content-encoding: gzip
x-goog-stored-content-length: 1142
x-guploader-uploadid: AHmUCY2FJkt66KX-JedNgEZ7j44dhjkpnZEi83ij5khTEqG2k-wyHU1yVhm5EQMAp3NZPO5BXogYaqF141rnN9s

GET
H2 200 1px.png
app.usercentrics.eu/session/ 489 B
822 B 11ms
10ms Image
image/png 2600:1901:0:5987::
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://app.usercentrics.eu/session/1px.png?settingsId=kwvEyHMjYRQG-x

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:5987:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

UploadServer /

Resource Hash

009a4cf1623ff76804e55d59a17f680f77d8c76ada674500997ff44cc7ac0741

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

x-goog-metageneration: 1
content-encoding: gzip
x-goog-hash: crc32c=pFwm0Q==, md5=NwKtpzuJUQF7hFHL1qllIw==
etag: "3702ada73b8951017b8451cbd6a96523"
age: 801
x-goog-stored-content-encoding: gzip
expires: Mon, 04 Nov 2024 10:43:49 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 522
date: Mon, 04 Nov 2024 10:13:49 GMT
last-modified: Fri, 08 May 2020 09:06:13 GMT
content-type: image/png
x-guploader-uploadid: AHmUCY0nS5mDEpFC84w31-psbJpgYVEr6Ygx9R-1oS-98qtJbkBaqf14yZWvi0gp-0UXXPBXSgSosT-c0g
strict-transport-security: max-age=7776000
cache-control: public,max-age=1800,no-transform
x-goog-storage-class: STANDARD
accept-ranges: bytes
x-goog-generation: 1588928773413784
content-length: 522
server: UploadServer

GET
H3 200 DefaultData-d851236d-75928269.js Show response
app.usercentrics.eu/browser-ui/3.56.0/ 2 KB
1001 B 9ms
9ms Script
text/javascript 35.190.14.188
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.usercentrics.eu/browser-ui/3.56.0/DefaultData-d851236d-75928269.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.14.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.14.190.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

fcf4ad57046af8b44b9f85d4398ca15757c54cdbdecfdfdf438266ff0bd996f8

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.bitdefender.com
Referer: https://app.usercentrics.eu/browser-ui/3.56.0/index.module.js

Response headers

x-goog-metageneration: 2
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding: gzip
x-goog-hash: crc32c=XWJu0g==, md5=SaMto8XMmp9E1vKcwePDjA==
etag: "49a32da3c5cc9a9f44d6f29cc1e3c38c"
age: 10029
x-goog-stored-content-encoding: gzip
expires: Tue, 04 Nov 2025 07:40:01 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 970
date: Mon, 04 Nov 2024 07:40:01 GMT
last-modified: Mon, 28 Oct 2024 13:37:23 GMT
content-type: text/javascript
x-guploader-uploadid: AHmUCY28fY2zE-l0ELat_h1bxgu6oGEPCqOD5hYRVBzTNyOdmbKfyuEjqvB2ZE1FqQugIYx7Gnp_kX_7qQ
strict-transport-security: max-age=7776000
cache-control: public, max-age=31536000, no-transform
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1730122643162145
content-length: 970
server: UploadServer

GET
H3 200 translations-en.json Show response
api.usercentrics.eu/translations/ 7 KB
2 KB 12ms
11ms Fetch
application/json 35.241.3.184
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://api.usercentrics.eu/translations/translations-en.json

Requested by

Host: app.usercentrics.eu
URL: https://app.usercentrics.eu/browser-ui/3.56.0/index.module.js

Protocol

Security

QUIC, , AES_128_GCM

Server

35.241.3.184 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

184.3.241.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

293c213205cd107ec18a50ae1f8a7b79915117d162cc58701a575def7c295d39

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/json
Referer: https://www.bitdefender.com/

Response headers

x-goog-metageneration: 1
access-control-expose-headers: *
content-encoding: gzip
x-goog-hash: crc32c=8/rfvQ==, md5=3gvV2wFCHwyIlwHnbgqquQ==
etag: "de0bd5db01421f0c889701e76e0aaab9"
age: 25102
x-goog-stored-content-encoding: gzip
expires: Tue, 05 Nov 2024 03:28:48 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 2491
x-client-geo-location: DE,DEBY
date: Mon, 04 Nov 2024 03:28:48 GMT
last-modified: Mon, 07 Oct 2024 11:53:10 GMT
content-type: application/json
vary: Accept-Encoding
x-guploader-uploadid: AHmUCY3wQlQofXurwYj3pjg1oaRBtj3zgSkOyss-R6tAE0UPz9TVtsP5PLngWqRuKygCbK_jsUuRVqJyKA
strict-transport-security: max-age=7776000
cache-control: public, max-age=86400, s-maxage=86400
x-goog-storage-class: MULTI_REGIONAL
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1728301990483385
content-length: 2491
server: UploadServer

OPTIONS
H3 200 translations-en.json
api.usercentrics.eu/translations/ Frame 0
0 27ms
26ms Preflight
text/html 35.241.3.184
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://api.usercentrics.eu/translations/translations-en.json

Protocol

Security

QUIC, , AES_128_GCM

Server

35.241.3.184 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

184.3.241.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: GET
Origin: https://www.bitdefender.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-methods: GET,HEAD,PUT,POST,DELETE
access-control-allow-origin: *
access-control-max-age: 3600
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-length: 0
content-type: text/html; charset=UTF-8
date: Mon, 04 Nov 2024 10:27:10 GMT
expires: Mon, 04 Nov 2024 10:27:10 GMT
server: UploadServer
strict-transport-security: max-age=7776000
x-client-geo-location: DE,DEBY
x-guploader-uploadid: AHmUCY2cmeilKKLuidhJankINIgEEV_me-4j2K4aWJM4VMWjRqh5FrA_Zo71Znddb6s1SatUpFI

GET
H2 200 tc_imp.gif
obseu.ofgreencolumn.com/tracker/ 43 B
79 B 32ms
32ms Image
image/gif 2a05:d018:56f:b802:834:8d0e:be2f:5ebe
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://obseu.ofgreencolumn.com/tracker/tc_imp.gif?e=37dfbd8ee84e001269eec034ec47899d9225c24f567d43d6da1908be6245cad7bd70a976750ef80ed89373bfe70e9c20c1e53e8d59108c692017071a10acf9f29f671fd487dc517a6d4df72c7652d36e8e63cf033105259b56565e360c59cfeb6d4d77be26bb25cb43e2916af05365ac097c7a1bda53ee14f497d7df3dbb2807ff7ecaa8556d8e0e3143714493d60264fd60b3f493a0180dec1edae97dfa2bc8169b1adc597cff3200e714561c44ca4825b6a3e5aa22a76da50eda7cf54a6863c89777256e1d0cd71ed0d906f50732e690b73255015ab2fb523c9bdc05457f54065258fcd135700e5fe6a5142c93aaf62e8ee04572032cbbc5f4c2c935e7c2db59ec489f5e2c7edfaacff4e43e82d4b16393315cd2ab9a2c1d10a13069a1944235ead8fa72d900ac45b4d719974ad9d36d9a6d279c9a26dc6c90cefab6cdb3f11338ae6bf2fbb9234e2bfb94248ee61bf711135782030ed092cfc9ccf3c837c465c78ff88876e379363a87783ad9839d4124c1e178a704a885479138be66531907833db309d1d6b878bb893fd753f185ccdc6498164466eb581357794578c0bc2cba46d4ddc832b59d64f48163df8ce4fe7e81ffe85c686a8ff9484fcabc055f4df5efed26f563cdb441abb16ce529e468cb04c94982ec6dda4862a7f7cc337c7c7d437b5c0954b5f3907e8657a54f4f5f3bbae11e9cc7461ef4bbdcb3a07e91ffeeeef28dbded591d2ef1469aa41c3f91496407c521082739b439fa340bc8f9d37f98338f3781b97f95ed4c9d3b4f72321e6e4dcd86bd8c6d3f0cc546579fc187a9acd80454edece428c88b0a2fcad800217be5838f0452eb7ed001db63b72d9100c6da0feaf86ef091e3d19b4e7eece23d7f8376a68db0b7179c6c34151995684350b7bf5e8fec14cd859ac854ce879b320e3744bf21aa05aa51b49d6a8a2f40294226607ce653929c3256bb73dda1f534c5d24b8c761eb3032869c6bcc30048ef6ff48913da0030064abf3b32cbd692029a0554e8f31adca3ac89f633c841476150ab2337588e91125dbd3fe7f9c02b8fd0ec101f2fe80e446e059716508eca984150f8706dc1d3c2189dc6b0dd583cbb37b8076d57ca4e207fcba95f46d5af9bb5e2e6649a61a41a944fd3931086adae393d84eb5cd0dcfaebd6f9d6d12616dda27429c46cc34ec401bf867eff96928b63b884c9eaaf133986ebe5fd4add46c80f47701869d682796b8927f857d6893fb10568bf2f4cc430af9c2037f636621b4480e6876ed68e1c3073442fd9c3cfe5d17bd407b1ac2e2ccfd4431a0140752b6ea031b9f97b56fea6d1d9f6ffe5d5fcbd74bda6d146742a5568237b3a1edf43&cri=XhGz7MSc90&ts=138&cb=1730716030194
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a05:d018:56f:b802:834:8d0e:be2f:5ebe Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

expires: Fri, 01 Jan 1990 00:00:00 GMT
cache-control: no-cache, no-store, must-revalidate
content-length: 43
date: Mon, 04 Nov 2024 10:27:10 GMT
pragma: no-cache
content-type: image/gif

GET
H3 200 DefaultUI-ce15e383-091a4d59.js Show response
app.usercentrics.eu/browser-ui/3.56.0/ 2 KB
789 B 9ms
9ms Script
text/javascript 35.190.14.188
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.usercentrics.eu/browser-ui/3.56.0/DefaultUI-ce15e383-091a4d59.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.14.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.14.190.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

043b96d186740cbc6123374ca605a0d64dab716490de8139c5ad850752f3035b

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.bitdefender.com
Referer: https://app.usercentrics.eu/browser-ui/3.56.0/index.module.js

Response headers

x-goog-metageneration: 2
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding: gzip
x-goog-hash: crc32c=Beo4JQ==, md5=Em0QAeYPeJr7d+FPthYoHw==
etag: "126d1001e60f789afb77e14fb616281f"
age: 201236
x-goog-stored-content-encoding: gzip
expires: Sun, 02 Nov 2025 02:33:14 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 758
date: Sat, 02 Nov 2024 02:33:14 GMT
last-modified: Mon, 28 Oct 2024 13:37:23 GMT
content-type: text/javascript
x-guploader-uploadid: AHmUCY2_vnSmCnm3Lm-PD8CkyYySDkv2vT0PwVRlQuJtmudUDy1cb6kfNR66ntkt3sHJR95uybY
strict-transport-security: max-age=7776000
cache-control: public, max-age=31536000, no-transform
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1730122643609939
content-length: 758
server: UploadServer

GET
H3 200 FirstLayerCustomization-6bbfcebc-788df697.js Show response
app.usercentrics.eu/browser-ui/3.56.0/ 3 KB
1 KB 8ms
8ms Script
text/javascript 35.190.14.188
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.usercentrics.eu/browser-ui/3.56.0/FirstLayerCustomization-6bbfcebc-788df697.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.14.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.14.190.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

1a639c6b443b17ec6c6f50d2de9487ec53d78fd91adec25c8d84f4668be31242

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.bitdefender.com
Referer: https://app.usercentrics.eu/browser-ui/3.56.0/DefaultUI-ce15e383-091a4d59.js

Response headers

x-goog-metageneration: 2
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding: gzip
x-goog-hash: crc32c=UpnfjQ==, md5=2LDc/qcgegTTxLD6UhkpRw==
etag: "d8b0dcfea7207a04d3c4b0fa52192947"
age: 310319
x-goog-stored-content-encoding: gzip
expires: Fri, 31 Oct 2025 20:15:11 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 1076
date: Thu, 31 Oct 2024 20:15:11 GMT
last-modified: Mon, 28 Oct 2024 13:37:24 GMT
content-type: text/javascript
x-guploader-uploadid: AHmUCY3yNYZG2TVw0pUF2gnQha2wVQkNdTaFG_45LhcHn8Fso-TyowaLE9rFUc4rijnzNEBAT7M
strict-transport-security: max-age=7776000
cache-control: public, max-age=31536000, no-transform
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1730122644078383
content-length: 1076
server: UploadServer

GET
H3 200 ButtonsCustomization-1f94048f-20aa0dd3.js Show response
app.usercentrics.eu/browser-ui/3.56.0/ 473 B
267 B 10ms
9ms Script
text/javascript 35.190.14.188
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.usercentrics.eu/browser-ui/3.56.0/ButtonsCustomization-1f94048f-20aa0dd3.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.14.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.14.190.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

ebbf51132ac80c2070995d82e1b1237526521386eaced499d94c36a05804141f

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.bitdefender.com
Referer: https://app.usercentrics.eu/browser-ui/3.56.0/DefaultUI-ce15e383-091a4d59.js

Response headers

x-goog-metageneration: 2
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding: gzip
x-goog-hash: crc32c=k1elSQ==, md5=xS0HojXBjZIGTVYd3VNb6g==
etag: "c52d07a235c18d92064d561ddd535bea"
age: 269548
x-goog-stored-content-encoding: gzip
expires: Sat, 01 Nov 2025 07:34:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 236
date: Fri, 01 Nov 2024 07:34:42 GMT
last-modified: Mon, 28 Oct 2024 13:37:22 GMT
content-type: text/javascript
x-guploader-uploadid: AHmUCY21P1wl7cLsw7lisNR3neDecWZ7pGAw21kvoA8E8A6K_1HYgzVBsJ1MntKKWOjhQcRtFhk
strict-transport-security: max-age=7776000
cache-control: public, max-age=31536000, no-transform
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1730122642449928
content-length: 236
server: UploadServer

GET
H3 200 SecondLayerUI-9cac3b05-6f65af64.js Show response
app.usercentrics.eu/browser-ui/3.56.0/ 567 B
354 B 12ms
12ms Script
text/javascript 35.190.14.188
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.usercentrics.eu/browser-ui/3.56.0/SecondLayerUI-9cac3b05-6f65af64.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.14.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.14.190.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

8395d72ab340a6fb7923d93b019bffa5570553f6762dc56eeb4e5ee603ae3dda

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.bitdefender.com
Referer: https://app.usercentrics.eu/browser-ui/3.56.0/DefaultUI-ce15e383-091a4d59.js

Response headers

x-goog-metageneration: 2
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding: gzip
x-goog-hash: crc32c=Jv1vrA==, md5=lRsDP24MElAPmZcJkLrX2g==
etag: "951b033f6e0c12500f99970990bad7da"
age: 312148
x-goog-stored-content-encoding: gzip
expires: Fri, 31 Oct 2025 19:44:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 318
date: Thu, 31 Oct 2024 19:44:42 GMT
last-modified: Mon, 28 Oct 2024 13:37:26 GMT
content-type: text/javascript
x-guploader-uploadid: AHmUCY03stGRJlENGrzSVGpPu8rI6RzUI8ww6PGFl3-ZZRdlnCW7SAomozE1nS7oHyS4-tq3Qg
strict-transport-security: max-age=7776000
cache-control: public, max-age=31536000, no-transform
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1730122645978523
content-length: 318
server: UploadServer

GET
H3 200 Taglogger-e8de1530-77a1d15a.js Show response
app.usercentrics.eu/browser-ui/3.56.0/ 1 KB
725 B 8ms
8ms Script
text/javascript 35.190.14.188
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.usercentrics.eu/browser-ui/3.56.0/Taglogger-e8de1530-77a1d15a.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.14.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.14.190.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

fab5cda5682da8425e7110db62aa4c2163e2bbd8e2eec76139e3b1451520fa92

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.bitdefender.com
Referer: https://app.usercentrics.eu/browser-ui/3.56.0/index.module.js

Response headers

x-goog-metageneration: 2
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding: gzip
x-goog-hash: crc32c=AmlEtA==, md5=LO8Zegi54c1kSelQAmBIZQ==
etag: "2cef197a08b9e1cd6449e95002604865"
age: 312148
x-goog-stored-content-encoding: gzip
expires: Fri, 31 Oct 2025 19:44:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 687
date: Thu, 31 Oct 2024 19:44:42 GMT
last-modified: Mon, 28 Oct 2024 13:37:26 GMT
content-type: text/javascript
x-guploader-uploadid: AHmUCY2F8VaN6OyfI6CTmuHmZDfk7rEdQsv7v-6_AVuL4yWaWw4JsGzr1N5F8EBe_a-T9X3IKeQ52oPOXg
strict-transport-security: max-age=7776000
cache-control: public, max-age=31536000, no-transform
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1730122646492664
content-length: 687
server: UploadServer

OPTIONS
H2 204 3
consent-api.service.consent.usercentrics.eu/consent/uw/ Frame 0
0 35ms
13ms Preflight
text/html 2600:1901:0:1e38::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-api.service.consent.usercentrics.eu/consent/uw/3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:1e38:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

Accept: */*
Access-Control-Request-Headers: access-control-allow-origin,content-type,x-request-id
Access-Control-Request-Method: POST
Origin: https://www.bitdefender.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: access-control-allow-origin,content-type,x-request-id
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
access-control-max-age: 86400
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
content-type: text/html
date: Mon, 04 Nov 2024 10:27:10 GMT
server: Google Frontend
strict-transport-security: max-age=7776000
vary: Origin, Access-Control-Request-Headers
via: 1.1 google
x-cloud-trace-context: 206353f76434f9a8d9d2857d0a80856b

POST
H2 201 3 Show response
consent-api.service.consent.usercentrics.eu/consent/uw/ 0
87 B 19ms
15ms Fetch
text/html 2600:1901:0:1e38::
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://consent-api.service.consent.usercentrics.eu/consent/uw/3

Requested by

Host: app.usercentrics.eu
URL: https://app.usercentrics.eu/browser-ui/3.56.0/index.module.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:0:1e38:: Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Frontend /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

X-Request-ID: 559b24da-4643-42aa-a568-12e3caa18a18
Access-Control-Allow-Origin: *
Referer: https://www.bitdefender.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept: application/json
Content-Type: application/json

Response headers

strict-transport-security: max-age=7776000
via: 1.1 google
access-control-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Mon, 04 Nov 2024 10:27:10 GMT
x-cloud-trace-context: caa3b0f8b2090c49f39f9b556e15afce
vary: Origin
server: Google Frontend
content-type: text/html

GET
H3 200 PrivacyButton-26e00a68.js Show response
app.usercentrics.eu/browser-ui/3.56.0/ 5 KB
2 KB 8ms
7ms Script
text/javascript 35.190.14.188
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.usercentrics.eu/browser-ui/3.56.0/PrivacyButton-26e00a68.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.14.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.14.190.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

b9d5cb60efaca3c6eae5d3b497e5e81d30325da6951286b161b89335d3e1f1f4

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.bitdefender.com
Referer: https://app.usercentrics.eu/browser-ui/3.56.0/index.module.js

Response headers

x-goog-metageneration: 2
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding: gzip
x-goog-hash: crc32c=Sknc5A==, md5=EUX96I6VxLIy2kq75ux7Rw==
etag: "1145fde88e95c4b232da4abbe6ec7b47"
age: 310676
x-goog-stored-content-encoding: gzip
expires: Fri, 31 Oct 2025 20:09:14 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 2448
date: Thu, 31 Oct 2024 20:09:14 GMT
last-modified: Mon, 28 Oct 2024 13:37:24 GMT
content-type: text/javascript
x-guploader-uploadid: AHmUCY1KSUp_icHGSXAOu8lCAeaowtwyfBaPetdDzb2_8eTOE6GvbIJcL28zh4ApaoJntgGPNXk
strict-transport-security: max-age=7776000
cache-control: public, max-age=31536000, no-transform
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1730122644771913
content-length: 2448
server: UploadServer

GET
H3 200 index-1fd1f8a0.js Show response
app.usercentrics.eu/browser-ui/3.56.0/ 2 KB
849 B 9ms
8ms Script
text/javascript 35.190.14.188
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.usercentrics.eu/browser-ui/3.56.0/index-1fd1f8a0.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.14.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.14.190.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

cd156e27a45444e7eaa90bda6656cf52fcd6b06b96e4abcf15717e724dbbf6a0

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.bitdefender.com
Referer: https://app.usercentrics.eu/browser-ui/3.56.0/index.module.js

Response headers

x-goog-metageneration: 2
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding: gzip
x-goog-hash: crc32c=rPecPA==, md5=nFbsqOs5acKZeW/ajmhpyA==
etag: "9c56eca8eb3969c299796fda8e6869c8"
age: 310528
x-goog-stored-content-encoding: gzip
expires: Fri, 31 Oct 2025 20:11:42 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 809
date: Thu, 31 Oct 2024 20:11:42 GMT
last-modified: Mon, 28 Oct 2024 13:37:30 GMT
content-type: text/javascript
x-guploader-uploadid: AHmUCY1N75huhozUZj2PpQ0XBD-FMjX_myT6ZvSvV8i5UsGe0Q5b69qMqn6EuUR-TDPg_127ATbM-Zcafw
strict-transport-security: max-age=7776000
cache-control: public, max-age=31536000, no-transform
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1730122650938005
content-length: 809
server: UploadServer

GET
H2 200 uct
uct.service.usercentrics.eu/ 35 B
250 B 80ms
25ms Image
image/gif 34.95.108.180
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://uct.service.usercentrics.eu/uct?v=1&sid=kwvEyHMjYRQG-x&t=1&abv=&r=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F&cb=1730716030288

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

34.95.108.180 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

180.108.95.34.bc.googleusercontent.com

Software

Google Frontend /

Resource Hash

6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

strict-transport-security: max-age=7776000
cache-control: no-store
via: 1.1 google
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 35
function-execution-id: gqfqw5fladf6
date: Mon, 04 Nov 2024 10:27:10 GMT
content-type: image/gif
x-cloud-trace-context: 90d8c622fea0eb11a09ee0ddaa2bf02d
server: Google Frontend

GET
H3 200 index-ad6779e2.js Show response
app.usercentrics.eu/browser-ui/3.56.0/ 5 KB
2 KB 11ms
11ms Script
text/javascript 35.190.14.188
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.usercentrics.eu/browser-ui/3.56.0/index-ad6779e2.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.14.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.14.190.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

9173d0d924e96a7afb4fd2acfab5ddc7dcc69f0c3a1eb5e5a68c307f52818bbe

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.bitdefender.com
Referer: https://app.usercentrics.eu/browser-ui/3.56.0/index.module.js

Response headers

x-goog-metageneration: 2
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding: gzip
x-goog-hash: crc32c=EXL2PA==, md5=T+FRMip/i4oP1FxOS7Tvmw==
etag: "4fe151322a7f8b8a0fd45c4e4bb4ef9b"
age: 309336
x-goog-stored-content-encoding: gzip
expires: Fri, 31 Oct 2025 20:31:34 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 2112
date: Thu, 31 Oct 2024 20:31:34 GMT
last-modified: Mon, 28 Oct 2024 13:37:31 GMT
content-type: text/javascript
x-guploader-uploadid: AHmUCY292G4U4J8syOMX1yNKwDOHkqrgfy04k0lxDc6TlGUt0cCrfXNBGwbPehgaubGnGpGQheVLHg3n-nxHiAk
strict-transport-security: max-age=7776000
cache-control: public, max-age=31536000, no-transform
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1730122651416522
content-length: 2112
server: UploadServer

GET
H3 200 SaveButton-08722223.js Show response
app.usercentrics.eu/browser-ui/3.56.0/ 1 KB
656 B 8ms
8ms Script
text/javascript 35.190.14.188
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.usercentrics.eu/browser-ui/3.56.0/SaveButton-08722223.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.14.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.14.190.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

6d366b46e8048e40f0cdc37d4a9f1ee555a86465a5e76d19d6b9ef85adaafb88

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.bitdefender.com
Referer: https://app.usercentrics.eu/browser-ui/3.56.0/index-ad6779e2.js

Response headers

x-goog-metageneration: 2
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding: gzip
x-goog-hash: crc32c=LU+DFA==, md5=ETsM/BHN481tGto+GFGNBw==
etag: "113b0cfc11cde3cd6d1ada3e18518d07"
age: 310722
x-goog-stored-content-encoding: gzip
expires: Fri, 31 Oct 2025 20:08:28 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 616
date: Thu, 31 Oct 2024 20:08:28 GMT
last-modified: Mon, 28 Oct 2024 13:37:25 GMT
content-type: text/javascript
x-guploader-uploadid: AHmUCY2s5XlgPzNbWilsig93TOcdHbrQCM5q0OxNy4xheJ0IW57ftmDRTDBMpbaCm9qyWA7wM_nyn9xZOA
strict-transport-security: max-age=7776000
cache-control: public, max-age=31536000, no-transform
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1730122645741737
content-length: 616
server: UploadServer

GET
H3 200 VirtualServiceItem-7d12293d.js Show response
app.usercentrics.eu/browser-ui/3.56.0/ 156 KB
48 KB 10ms
9ms Script
text/javascript 35.190.14.188
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.usercentrics.eu/browser-ui/3.56.0/VirtualServiceItem-7d12293d.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.14.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.14.190.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

0bcf79e14fc025ab07f9187810e1bf6c87db8cf16a9efd07ae31c00afaf51dcc

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.bitdefender.com
Referer: https://app.usercentrics.eu/browser-ui/3.56.0/index-ad6779e2.js

Response headers

x-goog-metageneration: 2
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding: gzip
x-goog-hash: crc32c=oqQ0fw==, md5=n+QpIS9t7ryBz3dvP1AQoQ==
etag: "9fe429212f6deebc81cf776f3f5010a1"
age: 206114
x-goog-stored-content-encoding: gzip
expires: Sun, 02 Nov 2025 01:11:56 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 48658
date: Sat, 02 Nov 2024 01:11:56 GMT
last-modified: Mon, 28 Oct 2024 13:37:27 GMT
content-type: text/javascript
x-guploader-uploadid: AHmUCY3DyQ1rdXxlJ6KJPBYQ3r1prvNSAZOAx5bKHlocoHJZ8kATPk0npSW3mI833AfZa-QRchg
strict-transport-security: max-age=7776000
cache-control: public, max-age=31536000, no-transform
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1730122647373086
content-length: 48658
server: UploadServer

GET
H3 200 DefaultTabs-7a846b85.js Show response
app.usercentrics.eu/browser-ui/3.56.0/ 4 KB
2 KB 11ms
10ms Script
text/javascript 35.190.14.188
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://app.usercentrics.eu/browser-ui/3.56.0/DefaultTabs-7a846b85.js

Requested by

Protocol

Security

QUIC, , AES_128_GCM

Server

35.190.14.188 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

188.14.190.35.bc.googleusercontent.com

Software

UploadServer /

Resource Hash

fdeb65d19f2cb906342f9a610b6fbb2b149e629d02dd02fbdb37fa79e11ac0f5

Security Headers

Name	Value
Strict-Transport-Security	max-age=7776000

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin: https://www.bitdefender.com
Referer: https://app.usercentrics.eu/browser-ui/3.56.0/index-ad6779e2.js

Response headers

x-goog-metageneration: 2
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding: gzip
x-goog-hash: crc32c=Mm0gNA==, md5=A7tmF63qFT5swm3oKKuowg==
etag: "03bb6617adea153e6cc26de828aba8c2"
age: 464347
x-goog-stored-content-encoding: gzip
expires: Thu, 30 Oct 2025 01:28:03 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length: 1697
date: Wed, 30 Oct 2024 01:28:03 GMT
last-modified: Mon, 28 Oct 2024 13:37:23 GMT
content-type: text/javascript
x-guploader-uploadid: AHmUCY1cx_892RuD21n6rUgI9leW5-sppEMSqvlp7-3jlIoamIb7KZEZQ40kLoe9SNTO_YJYOwZ6KWHXgMIhvpE
strict-transport-security: max-age=7776000
cache-control: public, max-age=31536000, no-transform
x-goog-storage-class: STANDARD
accept-ranges: bytes
access-control-allow-origin: *
x-goog-generation: 1730122643385710
content-length: 1697
server: UploadServer

GET
H2 200 6b03944.js Show response
www.bitdefender.com/nuxt/_nuxt/ 16 KB
6 KB 43ms
43ms Script
application/javascript 2606:4700::6812:a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/nuxt/_nuxt/6b03944.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/nuxt/_nuxt/55d2a9d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2d16cba05ac4b3b16e9769d2790f8097b6f1add7f41b70b1a0ad28e84a539ae6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, s-maxage=86400
content-encoding: gzip
cf-cache-status: HIT
etag: W/"3e09-192d363fb70"
age: 426
cf-ray: 8dd3e8f73d589f36-FRA
date: Mon, 04 Nov 2024 10:27:10 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Mon, 28 Oct 2024 13:49:58 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 d62fdbf.js Show response
www.bitdefender.com/nuxt/_nuxt/ 37 KB
11 KB 39ms
39ms Script
application/javascript 2606:4700::6812:a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/nuxt/_nuxt/d62fdbf.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/nuxt/_nuxt/55d2a9d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2c0ed4180c2d314541423c050801191f1b66bbb0674f4442244cdccea255281b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, s-maxage=86400
content-encoding: gzip
cf-cache-status: HIT
etag: W/"924f-192d37c03c8"
age: 426
cf-ray: 8dd3e8f73d5a9f36-FRA
date: Mon, 04 Nov 2024 10:27:10 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Mon, 28 Oct 2024 14:16:13 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 geoip Show response
www.bitdefender.com/ 64 B
157 B 20ms
20ms Fetch
application/json 2606:4700::6812:a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://www.bitdefender.com/geoip
Requested by: Host: www.bitdefender.com
URL: https://www.bitdefender.com/nuxt/_nuxt/132816f.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c59781f6f643ec6a6ef6f736f0ffef9dd1a39043e712f10c1713d8505026bb4c

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/

Response headers

cf-ray: 8dd3e8f79dae9f36-FRA
content-encoding: gzip
date: Mon, 04 Nov 2024 10:27:10 GMT
content-type: application/json;charset=UTF-8
vary: Accept-Encoding
server: cloudflare

POST
H2 204 delivery
starget.bitdefender.com/rest/v1/ 0
99 B 37ms
37ms Ping
text/plain 66.235.152.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://starget.bitdefender.com/rest/v1/delivery?client=bitdefender&sessionId=4f9a548efa3a4637a10a1c34b1b1a54a&version=2.11.4

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.235.152.156 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-66-235-152-156.data.adobedc.net

Software

jag /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8
Referer: https://www.bitdefender.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-request-id: 04682668-67e4-41d5-8a33-d3ed9d4d7780
cache-control: no-cache, no-store, max-age=0, no-transform, private
access-control-allow-credentials: true
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
access-control-allow-origin: https://www.bitdefender.com
date: Mon, 04 Nov 2024 10:27:10 GMT
x-xss-protection: 1; mode=block
vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
server: jag

POST
H2 200 delivery Show response
starget.bitdefender.com/rest/v1/ 379 B
396 B 37ms
36ms XHR
application/json 66.235.152.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://starget.bitdefender.com/rest/v1/delivery?client=bitdefender&sessionId=4f9a548efa3a4637a10a1c34b1b1a54a&version=2.11.4

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.235.152.156 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-66-235-152-156.data.adobedc.net

Software

jag /

Resource Hash

468d1b781f92af9595f1f88f4adf50781db2b2295a93bd77fb0ff364b0749783

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.bitdefender.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-request-id: 7ebba0a6-69bc-4aa3-a0ed-520008cf4ded
cache-control: no-cache, no-store, max-age=0, no-transform, private
timing-allow-origin: *
content-encoding: gzip
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
access-control-allow-credentials: true
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
access-control-allow-origin: https://www.bitdefender.com
date: Mon, 04 Nov 2024 10:27:10 GMT
x-xss-protection: 1; mode=block
content-type: application/json;charset=UTF-8
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
server: jag

POST
H2 200 delivery Show response
starget.bitdefender.com/rest/v1/ 371 B
390 B 39ms
37ms XHR
application/json 66.235.152.156
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://starget.bitdefender.com/rest/v1/delivery?client=bitdefender&sessionId=4f9a548efa3a4637a10a1c34b1b1a54a&version=2.11.4

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

66.235.152.156 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-66-235-152-156.data.adobedc.net

Software

jag /

Resource Hash

9f7b64425c74e14cd0e16bf088eb5563fec75bdf19f1c1887378f936f1b67f4b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: text/plain
Referer: https://www.bitdefender.com/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
x-request-id: fdad87c0-6b93-44a7-8b90-012be887095e
cache-control: no-cache, no-store, max-age=0, no-transform, private
timing-allow-origin: *
content-encoding: gzip
accept-ch: Sec-CH-UA, Sec-CH-UA-Arch, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version-List
access-control-allow-credentials: true
referrer-policy: strict-origin-when-cross-origin
x-content-type-options: nosniff
access-control-allow-origin: https://www.bitdefender.com
date: Mon, 04 Nov 2024 10:27:10 GMT
x-xss-protection: 1; mode=block
content-type: application/json;charset=UTF-8
vary: origin,access-control-request-method,access-control-request-headers,accept-encoding
server: jag

GET
H/1.1 200
OK 1.gif
imgsct.cookiebot.com/ 35 B
737 B 36ms
18ms Image
image/gif 2a02:26f0:3500:887::f09
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://imgsct.cookiebot.com/1.gif?dgi=4a55b566-7010-4633-9b03-7ba7735be0b6
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:3500:887::f09 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: UploadServer /
Resource Hash: 6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

x-goog-metageneration: 1
Access-Control-Expose-Headers: *
x-goog-hash: crc32c=rX4K2g==, md5=whlt6LpBLGDCKrSRr3sUCQ==
ETag: "c2196de8ba412c60c22ab491af7b1409"
x-goog-stored-content-encoding: identity
x-goog-stored-content-length: 35
Date: Mon, 04 Nov 2024 10:27:10 GMT
Last-Modified: Mon, 23 Oct 2023 11:39:32 GMT
Content-Type: image/gif
X-GUploader-UploadID: AHmUCY1P8PzLDsqAkDkaUa_F-iRPKsGbzOOLbdHrlOp4djt0MMUPIvPL1HOsLYt6aPQmfmWTqsI
Cache-Control: public,max-age=1800
x-goog-storage-class: STANDARD
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
x-goog-generation: 1698061172769999
Content-Length: 35
Server: UploadServer

GET
H2 200 341979.js Show response
js-na1.hs-scripts.com/ 2 KB
806 B 35ms
26ms Script
application/javascript 2606:4700::6810:8bd1
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://js-na1.hs-scripts.com/341979.js

Requested by

Host: js.hs-analytics.net
URL: https://js.hs-analytics.net/analytics/1730715900000/341979.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:8bd1 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

297e7d5e24e8181ed7cec1ec01d397e123dfe56245b1d00e1d6aa391a73b09c7

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

access-control-max-age: 3600
content-encoding: gzip
cf-cache-status: HIT
age: 757
x-content-type-options: nosniff
date: Mon, 04 Nov 2024 10:27:10 GMT
x-hubspot-correlation-id: 7857b7fb-fb31-4607-bd51-40585fe71914
content-type: application/javascript;charset=utf-8
vary: origin, Accept-Encoding
last-modified: Mon, 04 Nov 2024 10:14:33 GMT
access-control-allow-credentials: true
cf-ray: 8dd3e8f7fdeed26a-FRA
accept-ranges: bytes
access-control-allow-origin: https://www.bitdefender.com
content-length: 662
server: cloudflare

GET
H2 200 __ptq.gif
track.hubspot.com/ 45 B
1 KB 143ms
127ms Image
image/gif 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=3377520574&v=1.1&a=341979&rcu=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F&pu=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F&t=Unmasking+the+SYS01+Infostealer+Threat%3A+Bitdefender+Labs+Tracks+Global+Malvertising+Campaign+Targeting+Meta+Business+Pages&cts=1730716030699&vi=933b06c92b6f50bafba1e6bd039c5755&nc=true&u=27765283.933b06c92b6f50bafba1e6bd039c5755.1730716030698.1730716030698.1730716030698.1&b=27765283.1.1730716030698&cc=15

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

x-robots-tag: none
x-request-id: 54dd1f8e-9a55-40d4-849f-37f7f3877036
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KCO35g7XCM3B4baa50%2BCva26OZvpE95S2qzwHGRb%2FwdVzsDFMHlEV8z05bROIdi6%2B6gXyGdFrFOsArg1C9gv0MEvJSlAj%2FrvK8XR%2FVDghvym6Beb%2BqPVE47Ne1a6zMUM99ZlON33TA8ez4NuE8rB"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
x-evy-trace-listener: listener_https
p3p: CP="NOI CUR ADM OUR NOR STA NID"
date: Mon, 04 Nov 2024 10:27:10 GMT
x-hubspot-correlation-id: 54dd1f8e-9a55-40d4-849f-37f7f3877036
content-type: image/gif
vary: origin, Accept-Encoding
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: no-cache, no-store, no-transform
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/analytics-tracking-td/envoy-proxy-746d57b5c6-mp2rg
x-envoy-upstream-service-time: 5
access-control-allow-credentials: false
cf-ray: 8dd3e8f80883d3a2-FRA
x-evy-trace-route-configuration: listener_https/all
content-length: 45
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 json Show response
forms.hubspot.com/lead-flows-config/v1/config/ 178 B
1 KB 141ms
136ms XHR
application/json 2606:4700::6810:7674
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://forms.hubspot.com/lead-flows-config/v1/config/json?portalId=341979&utk=933b06c92b6f50bafba1e6bd039c5755&__hstc=27765283.933b06c92b6f50bafba1e6bd039c5755.1730716030698.1730716030698.1730716030698.1&__hssc=27765283.1.1730716030698&currentUrl=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F

Requested by

Host: js.hsleadflows.net
URL: https://js.hsleadflows.net/leadflows.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:7674 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2e37601196916bbd9fe11c93d75e477814b45f2aa14ed475504905b573186065

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

x-robots-tag: none
access-control-max-age: 180
x-request-id: e623cabd-34f0-474e-ba89-a1b26b740727
content-encoding: br
cf-cache-status: DYNAMIC
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=KQX4QRjfSC6CQ3lfOPhlRg8EKOcEiCoQ%2FdZjGQRCdes%2BVDK5r%2FKuHPYlnBx4UNXAr4LosF1Syrf2ws0ApGOOOiuqd5qy7LVux1ULoNVirjk%2B2qHWkPYTh4y%2BFXriZBokt4CHjhOsIp1kKwbQ2Gx%2B"}],"group":"cf-nel","max_age":604800}
x-content-type-options: nosniff
access-control-allow-methods: GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-evy-trace-listener: listener_https
date: Mon, 04 Nov 2024 10:27:10 GMT
x-hubspot-correlation-id: e623cabd-34f0-474e-ba89-a1b26b740727
content-type: application/json;charset=utf-8
vary: origin
access-control-allow-headers: Accept, Accept-Charset, Accept-Encoding, Accept-Language, Content-Type, Host, Origin, Referer, User-Agent
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name: envoyset-translator
cache-control: max-age=0, no-cache, no-store
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod: iad02/star-hubspot-td/envoy-proxy-6c6b56f4b-zvb4z
x-envoy-upstream-service-time: 29
access-control-allow-credentials: false
cf-ray: 8dd3e8f7f996d9d0-FRA
access-control-allow-origin: https://www.bitdefender.com
x-evy-trace-route-configuration: listener_https/all
server: cloudflare
x-evy-trace-virtual-host: all

GET
H2 200 BSP_3250.jpg
blogapp.bitdefender.com/labs/content/images/size/w100/2023/10/ 3 KB
3 KB 46ms
42ms Image
image/jpeg 2606:4700::6812:a9de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogapp.bitdefender.com/labs/content/images/size/w100/2023/10/BSP_3250.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a9de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

9cdb93be66690562b1a797663c008b59d98b6ef80be4ecca091743dec5dd120a

Security Headers

Name	Value
Content-Security-Policy	script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cf-bgj: h2pri
etag: W/"a46-18af495b7eb"
age: 5033785
cf-cache-status: HIT
x-content-type-options: nosniff
date: Mon, 04 Nov 2024 10:27:10 GMT
content-type: image/jpeg
vary: Accept-Encoding
last-modified: Tue, 03 Oct 2023 08:09:27 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests
cache-control: public, max-age=31536000
cf-ray: 8dd3e8f7faca3679-FRA
accept-ranges: bytes
content-length: 2630
x-powered-by: Express
server: cloudflare

GET
H2

200

npostolachi.jpg
blogapp.bitdefender.com/labs/content/images/2023/10/
Redirect Chain

https://blogapp.bitdefender.com/labs/content/images/size/w100/2023/10/npostolachi.jpg
https://blogapp.bitdefender.com/labs/content/images/2023/10/npostolachi.jpg

17 KB
17 KB

39ms
38ms

Image
image/jpeg

2606:4700::6812:a9de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blogapp.bitdefender.com/labs/content/images/2023/10/npostolachi.jpg
Protocol: H2
Server: 2606:4700::6812:a9de , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 4fc1a9ef4343f0eedc101f4b68f7b21afef2550cd06567e7efad269820b720f7

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: public, max-age=31536000
cf-bgj: h2pri
etag: W/"43c9-191b3090515"
age: 3092292
cf-cache-status: HIT
cf-ray: 8dd3e8f83b0d3679-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 17353
date: Mon, 04 Nov 2024 10:27:10 GMT
content-type: image/jpeg
last-modified: Mon, 02 Sep 2024 13:59:58 GMT
x-powered-by: Express
server: cloudflare
vary: Accept-Encoding

Redirect headers

location: /labs/content/images/2023/10/npostolachi.jpg
cf-cache-status: HIT
age: 873
cf-ray: 8dd3e8f7fad13679-FRA
access-control-allow-origin: *
content-length: 66
date: Mon, 04 Nov 2024 10:27:10 GMT
content-type: text/plain; charset=utf-8
x-powered-by: Express
vary: Accept, Accept-Encoding
server: cloudflare

GET
H2

200

Capture.JPG
blogapp.bitdefender.com/labs/content/images/2023/12/
Redirect Chain

https://blogapp.bitdefender.com/labs/content/images/size/w100/2023/12/Capture.JPG
https://blogapp.bitdefender.com/labs/content/images/2023/12/Capture.JPG

6 KB
6 KB

38ms
38ms

Image
image/jpeg

2606:4700::6812:a9de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blogapp.bitdefender.com/labs/content/images/2023/12/Capture.JPG
Protocol: H2
Server: 2606:4700::6812:a9de , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 3ef6f208d5f5a0b5b721dbc552dceeff0b7f2e3814bbd108bb9a594f4e423f62

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: public, max-age=31536000
cf-bgj: h2pri
etag: W/"170a-191b309439d"
age: 3087465
cf-cache-status: HIT
cf-ray: 8dd3e8f84b1e3679-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 5898
date: Mon, 04 Nov 2024 10:27:10 GMT
content-type: image/jpeg
last-modified: Mon, 02 Sep 2024 14:00:14 GMT
x-powered-by: Express
server: cloudflare
vary: Accept-Encoding

Redirect headers

location: /labs/content/images/2023/12/Capture.JPG
cf-cache-status: HIT
age: 589
cf-ray: 8dd3e8f7fac03679-FRA
access-control-allow-origin: *
content-length: 62
date: Mon, 04 Nov 2024 10:27:10 GMT
content-type: text/plain; charset=utf-8
x-powered-by: Express
vary: Accept, Accept-Encoding
server: cloudflare

GET
H2 200 Unmasking-the-SYS01-Infostealer-Threat-Bitdefender-Labs-Tracks-Global-Malvertising-Campaign-Targeting-Meta-Business-Pages.jpeg
blogapp.bitdefender.com/labs/content/images/size/w1000/2024/10/ 34 KB
34 KB 51ms
48ms Image
image/jpeg 2606:4700::6812:a9de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blogapp.bitdefender.com/labs/content/images/size/w1000/2024/10/Unmasking-the-SYS01-Infostealer-Threat-Bitdefender-Labs-Tracks-Global-Malvertising-Campaign-Targeting-Meta-Business-Pages.jpeg
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700::6812:a9de , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 8e108696de337035c30dce22810814d7ea29fd004d2cb11efc85c43bbacb6104

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: public, max-age=31536000
cf-bgj: h2pri
etag: W/"87ef-192dd82e2c6"
age: 422835
cf-cache-status: HIT
cf-ray: 8dd3e8f7fad33679-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 34799
date: Mon, 04 Nov 2024 10:27:10 GMT
content-type: image/jpeg
last-modified: Wed, 30 Oct 2024 12:59:55 GMT
x-powered-by: Express
server: cloudflare
vary: Accept-Encoding

GET
H2 200 minecraft-1106252_1920.jpg
blogapp.bitdefender.com/labs/content/images/size/w300/2023/06/ 12 KB
12 KB 44ms
41ms Image
image/jpeg 2606:4700::6812:a9de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogapp.bitdefender.com/labs/content/images/size/w300/2023/06/minecraft-1106252_1920.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a9de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

94c4c63644ae78a9a0ce2307d064e5ece79caee5540a313426ba18886a8917ce

Security Headers

Name	Value
Content-Security-Policy	script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cf-bgj: h2pri
etag: W/"30ad-1889bf7b386"
age: 10647140
cf-cache-status: HIT
x-content-type-options: nosniff
date: Mon, 04 Nov 2024 10:27:10 GMT
content-type: image/jpeg
vary: Accept-Encoding
last-modified: Thu, 08 Jun 2023 17:04:41 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests
cache-control: public, max-age=31536000
cf-ray: 8dd3e8f7facb3679-FRA
accept-ranges: bytes
content-length: 12461
x-powered-by: Express
server: cloudflare

GET
H2 200 old-tv-gab6450206_1920.png
blogapp.bitdefender.com/labs/content/images/size/w300/2023/05/ 65 KB
66 KB 60ms
57ms Image
image/png 2606:4700::6812:a9de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogapp.bitdefender.com/labs/content/images/size/w300/2023/05/old-tv-gab6450206_1920.png

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a9de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

b8ba912addc89290827f18a10c8a9ba9ba58a42bcb48b527d5b8764fc2817a7e

Security Headers

Name	Value
Content-Security-Policy	script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cf-cache-status: HIT
etag: W/"10559-187dcac0112"
age: 7357207
x-content-type-options: nosniff
date: Mon, 04 Nov 2024 10:27:10 GMT
content-type: image/png
vary: Accept-Encoding
last-modified: Tue, 02 May 2023 13:34:32 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests
cache-control: public, max-age=31536000
cf-ray: 8dd3e8f7face3679-FRA
accept-ranges: bytes
content-length: 66905
x-powered-by: Express
server: cloudflare

GET
H2 200 eyespy-1.jpg
blogapp.bitdefender.com/labs/content/images/size/w300/2023/01/ 5 KB
6 KB 54ms
52ms Image
image/jpeg 2606:4700::6812:a9de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://blogapp.bitdefender.com/labs/content/images/size/w300/2023/01/eyespy-1.jpg

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a9de , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare / Express

Resource Hash

13dabe6c8ff8332773d4204c6d265bb0eb8d7b2b411d70c18e8ae380bc30791c

Security Headers

Name	Value
Content-Security-Policy	script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests
Strict-Transport-Security	max-age=31536000; includeSubdomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cf-bgj: h2pri
etag: W/"15f9-185a1638abb"
age: 5108593
cf-cache-status: HIT
x-content-type-options: nosniff
date: Mon, 04 Nov 2024 10:27:10 GMT
content-type: image/jpeg
vary: Accept-Encoding
last-modified: Wed, 11 Jan 2023 15:12:13 GMT
x-frame-options: DENY
strict-transport-security: max-age=31536000; includeSubdomains; preload
content-security-policy: script-src 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests
cache-control: public, max-age=31536000
cf-ray: 8dd3e8f7fac23679-FRA
accept-ranges: bytes
content-length: 5625
x-powered-by: Express
server: cloudflare

GET
H2

200

decryptors.jpeg
blogapp.bitdefender.com/labs/content/images/2023/01/
Redirect Chain

https://blogapp.bitdefender.com/labs/content/images/size/w300/2023/01/decryptors.jpeg
https://blogapp.bitdefender.com/labs/content/images/2023/01/decryptors.jpeg

95 KB
95 KB

37ms
36ms

Image
image/jpeg

2606:4700::6812:a9de
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://blogapp.bitdefender.com/labs/content/images/2023/01/decryptors.jpeg
Protocol: H2
Server: 2606:4700::6812:a9de , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare / Express
Resource Hash: 1096a6a85bfbd4ff3d882bb2ddbf78fa30b7bbd27390c4801004891f69dfda9a

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: public, max-age=31536000
cf-bgj: h2pri
etag: W/"17a6a-191b30929e5"
age: 2931436
cf-cache-status: HIT
cf-ray: 8dd3e8f84b1d3679-FRA
accept-ranges: bytes
access-control-allow-origin: *
content-length: 96874
date: Mon, 04 Nov 2024 10:27:10 GMT
content-type: image/jpeg
last-modified: Mon, 02 Sep 2024 14:00:07 GMT
x-powered-by: Express
server: cloudflare
vary: Accept-Encoding

Redirect headers

location: /labs/content/images/2023/01/decryptors.jpeg
cf-cache-status: HIT
age: 589
cf-ray: 8dd3e8f7fac53679-FRA
access-control-allow-origin: *
content-length: 66
date: Mon, 04 Nov 2024 10:27:10 GMT
content-type: text/plain; charset=utf-8
x-powered-by: Express
vary: Accept, Accept-Encoding
server: cloudflare

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 226 KB
82 KB 39ms
17ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-6221907&l=dataLayer

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2d39eb3267ddb560aa501c161fe1dabd61d6d6f116eb380242f1259f5f2b4a28

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Mon, 04 Nov 2024 10:27:10 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 04 Nov 2024 10:27:10 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Mon, 04 Nov 2024 09:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 82811
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 favicon-32x32.png
download.bitdefender.com/resources/images/favicon/ 568 B
761 B 70ms
9ms Other
image/png 2a02:26f0:480:33::212:40cf
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://download.bitdefender.com/resources/images/favicon/favicon-32x32.png

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:33::212:40cf Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

nginx /

Resource Hash

fab8294d35a12278bfd9179ac66940d6d77145b986fc04e5826a8521f7aa1d49

Security Headers

Name	Value
X-Frame-Options	SAMEORIGIN *.bitdefender.com

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: max-age=3098
etag: "53bea05c-238"
expires: Mon, 04 Nov 2024 11:18:48 GMT
accept-ranges: bytes
access-control-allow-origin: *
content-length: 568
date: Mon, 04 Nov 2024 10:27:10 GMT
last-modified: Thu, 10 Jul 2014 14:17:00 GMT
content-type: image/png
server: nginx
x-frame-options: SAMEORIGIN *.bitdefender.com

GET
H2 200 cf43f35.css
www.bitdefender.com/nuxt/_nuxt/css/ 279 B
305 B 43ms
42ms Stylesheet
text/css 2606:4700::6812:a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/nuxt/_nuxt/css/cf43f35.css

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/nuxt/_nuxt/55d2a9d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3f2069e4f379291c013b2ac6b33c3770c98737524f80ccdfca1ea8586169622e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, s-maxage=86400
content-encoding: gzip
cf-cache-status: HIT
etag: W/"117-1924738b640"
age: 244
cf-bgj: minify
cf-ray: 8dd3e8f80e529f36-FRA
date: Mon, 04 Nov 2024 10:27:10 GMT
content-type: text/css; charset=UTF-8
last-modified: Tue, 01 Oct 2024 08:35:52 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 bedcc18.js Show response
www.bitdefender.com/nuxt/_nuxt/ 53 KB
14 KB 64ms
64ms Script
application/javascript 2606:4700::6812:a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/nuxt/_nuxt/bedcc18.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/nuxt/_nuxt/55d2a9d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

398bc8ea8cc9d46825ff276c3feed57df8f3eecec462705f2deacb59f1ab7ce2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, s-maxage=86400
content-encoding: gzip
cf-cache-status: HIT
etag: W/"d597-192d363fb70"
age: 204
cf-ray: 8dd3e8f80e559f36-FRA
date: Mon, 04 Nov 2024 10:27:10 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Mon, 28 Oct 2024 13:49:58 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 b8b5ed9.css
www.bitdefender.com/nuxt/_nuxt/css/ 106 B
189 B 45ms
44ms Stylesheet
text/css 2606:4700::6812:a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/nuxt/_nuxt/css/b8b5ed9.css

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/nuxt/_nuxt/55d2a9d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a2207e1dfdac97cdf65dce070c145d2f8251b726777b5073bb79308e69e1a68

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, s-maxage=86400
content-encoding: gzip
cf-cache-status: HIT
etag: W/"6a-1924738b640"
age: 426
cf-bgj: minify
cf-ray: 8dd3e8f82e999f36-FRA
date: Mon, 04 Nov 2024 10:27:10 GMT
content-type: text/css; charset=UTF-8
last-modified: Tue, 01 Oct 2024 08:35:52 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 5792574.js Show response
www.bitdefender.com/nuxt/_nuxt/ 45 KB
12 KB 45ms
44ms Script
application/javascript 2606:4700::6812:a9
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://www.bitdefender.com/nuxt/_nuxt/5792574.js

Requested by

Host: www.bitdefender.com
URL: https://www.bitdefender.com/nuxt/_nuxt/55d2a9d.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:a9 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

75ded79ed5480f340280281aec92a8cf2b1a6dc33eea51d70a132b43f7c4aced

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
cache-control: public, max-age=31536000, s-maxage=86400
content-encoding: gzip
cf-cache-status: HIT
etag: W/"b41b-192d363fb70"
age: 426
cf-ray: 8dd3e8f82e9c9f36-FRA
date: Mon, 04 Nov 2024 10:27:10 GMT
content-type: application/javascript; charset=UTF-8
last-modified: Mon, 28 Oct 2024 13:49:58 GMT
vary: Accept-Encoding
server: cloudflare

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 408 KB
130 KB 29ms
28ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-6M0GWNLLWF&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6221907&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

525519f38e623a98e797c6de76256ced894bbcda1a29c2a54f4c9232396ddf62

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Mon, 04 Nov 2024 10:27:10 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 04 Nov 2024 10:27:10 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 133388
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 285 KB
98 KB 31ms
31ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=AW-1040562098&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6221907&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e15617e43b2d6ce2e35ee3668896cecee0159634b9ca497f3284d4dffd8f74d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Mon, 04 Nov 2024 10:27:10 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 04 Nov 2024 10:27:10 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Mon, 04 Nov 2024 09:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 100011
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 234 KB
83 KB 25ms
25ms Script
application/javascript 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=DC-5165113&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6221907&l=dataLayer

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

bc46f73d1e8d4bd8b50c6a6716fa62f2035aff8200b4baa5ce25dc3c304e300b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

content-encoding: br
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires: Mon, 04 Nov 2024 10:27:10 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 04 Nov 2024 10:27:10 GMT
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
last-modified: Mon, 04 Nov 2024 09:00:00 GMT
access-control-allow-headers: Cache-Control
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: private, max-age=900
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 85119
x-xss-protection: 0
server: Google Tag Manager

GET
H2 200 rules.json Show response
assets.adobetarget.com/bitdefender/production/v1/ 228 KB
29 KB 101ms
22ms Fetch
application/json 2a02:26f0:480:a89::294d
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://assets.adobetarget.com/bitdefender/production/v1/rules.json
Requested by: Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/8a93f8486ba4/62c1fd5cdcbd/launch-b77a56f2d5f1.min.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2a02:26f0:480:a89::294d Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software: AmazonS3 /
Resource Hash: a2fb0b0f7558882572b55c7be17599c384c388b51295b1e6fbd306cf99ad5e76

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

access-control-expose-headers: x-geo-country-code, x-geo-region-code, x-geo-city, x-geo-latitude, x-geo-longitude
content-encoding: gzip
etag: "1417e389c920d47b3747208004a7f947"
x-amz-version-id: 0RIq.JqUfwJfoWs7OO4UGMJE.YOglucY
access-control-allow-methods: GET
x-geo-region-code: BY
date: Mon, 04 Nov 2024 10:27:10 GMT
x-geo-country-code: DE
last-modified: Mon, 04 Nov 2024 09:29:38 GMT
vary: Accept-Encoding
content-type: application/json
x-amz-id-2: sY1F3/Ft4RlukqmAs4vFCijyCJ6dAFF3bH5YxaQnCY9t6wrXIRLUkfpuPf+uV14Bo3U2278pxZg=
access-control-allow-headers: *
x-amz-replication-status: COMPLETED
cache-control: max-age=58
x-geo-longitude: 11.07
x-amz-request-id: VGEZ1HAJ9ZTSAW6X
accept-ranges: bytes
access-control-allow-origin: *
x-geo-latitude: 49.45
content-length: 29551
server: AmazonS3
x-geo-city: NURNBERG
x-amz-server-side-encryption: AES256

POST
H2 200 s19042889123504 Show response
sstats.bitdefender.com/b/ss/bitdefenderproduction/1/JS-2.27.0-LEWM/ 43 B
309 B 23ms
21ms XHR
image/gif 63.140.62.222
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://sstats.bitdefender.com/b/ss/bitdefenderproduction/1/JS-2.27.0-LEWM/s19042889123504

Requested by

Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/extensions/EP8757b503532a44a68eee17773f6f10a0/AppMeasurement.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

63.140.62.222 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

ip-63-140-62-222.data.adobedc.net

Software

jag /

Resource Hash

55c9d2f019f9d7ddfd69b2ad0351c5617338a222362aebb02b3b98a4dbc18486

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.bitdefender.com/

Response headers

etag: 3716684375029841920-4618544617899521817
x-content-type-options: nosniff
expires: Sun, 03 Nov 2024 10:27:10 GMT
p3p: CP="This is not a P3P policy"
date: Mon, 04 Nov 2024 10:27:10 GMT
last-modified: Tue, 05 Nov 2024 10:27:10 GMT
vary: *
content-type: image/gif;charset=utf-8
strict-transport-security: max-age=31536000; includeSubDomains
cache-control: no-cache, no-store, max-age=0, no-transform, private
pragma: no-cache
access-control-allow-credentials: true
access-control-allow-origin: https://www.bitdefender.com
content-length: 43
x-xss-protection: 1; mode=block
server: jag

POST
H2 200 mon Show response
obseu.ofgreencolumn.com/ 0
41 B 33ms
31ms XHR
application/json 2a05:d018:56f:b802:834:8d0e:be2f:5ebe
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://obseu.ofgreencolumn.com/mon
Requested by: Host: euob.ofgreencolumn.com
URL: https://euob.ofgreencolumn.com/sxp/i/9890752fc19726fc8a394d54a189ae9f.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a05:d018:56f:b802:834:8d0e:be2f:5ebe Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.bitdefender.com/

Response headers

access-control-allow-origin: https://www.bitdefender.com
content-length: 0
date: Mon, 04 Nov 2024 10:27:11 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE

POST
H2 200 mon Show response
obseu.ofgreencolumn.com/ 0
16 B 31ms
29ms XHR
application/json 2a05:d018:56f:b802:834:8d0e:be2f:5ebe
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://obseu.ofgreencolumn.com/mon
Requested by: Host: euob.ofgreencolumn.com
URL: https://euob.ofgreencolumn.com/sxp/i/9890752fc19726fc8a394d54a189ae9f.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a05:d018:56f:b802:834:8d0e:be2f:5ebe Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.bitdefender.com/

Response headers

access-control-allow-origin: https://www.bitdefender.com
content-length: 0
date: Mon, 04 Nov 2024 10:27:11 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE

POST
H3 200 collect
pagead2.googlesyndication.com/ccm/ 0
0 33ms
16ms Ping
text/plain 142.250.184.194
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://pagead2.googlesyndication.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=2129505405.1730716033&npa=1&us_privacy=1YNY&gdid=dMWZhNz.dOThhZD&gtm=45fe4au0v9190968901za200&gcs=G100&gcd=13p3p3p2p5l1&dma_cps=-&dma=1&tag_exp=101823848~101878899~101878944~101925629&tft=1730716032889&tfd=3600&apve=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=DC-6221907&l=dataLayer
Protocol: H3
Security: QUIC, , AES_128_GCM
Server: 142.250.184.194 , United States, ASN15169 (GOOGLE, US),
Reverse DNS: fra24s11-in-f2.1e100.net
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

POST
H2 204 collect
region1.google-analytics.com/g/ 0
0 43ms
15ms Fetch
text/plain 2001:4860:4802:32::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-6M0GWNLLWF&gtm=45je4au0v869430580za200zb9190968901&_p=1730716030706&gcs=G100&gcd=13p3pPp2p5l1&npa=1&dma_cps=-&dma=1&tag_exp=101823848~101878899~101878944~101925629&gdid=dMWZhNz.dOThhZD&cid=388911314.1730716033&ecid=1919979181&ul=de-de&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=denied&ec_mode=a&_eu=EA&_s=1&uid=&dl=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F&sid=1730716030&sct=1&seg=0&dt=Unmasking%20the%20SYS01%20Infostealer%20Threat%3A%20Bitdefender%20Labs%20Tracks%20Global%20Malvertising%20Campaign%20Targeting%20Meta%20Business%20Pages&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&ep.optimize_id=&ep.anonymize_ip=true&ep.geoRegion=de&ep.pageSubSection=labs&ep.login_status=false&ep.source=&ep.medium=&ep.cid=&ep.page_name=blog%3Alabs%3Aantimalware-research%3Aunmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages&ep.fingerprint=&ep.siteSection=blog&ep.pageSubSubSection=antimalware-research&tfd=3631
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-6M0GWNLLWF&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: no-cache, no-store, must-revalidate
pragma: no-cache
cross-origin-resource-policy: cross-origin
access-control-allow-credentials: true
content-security-policy-report-only: script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:86:0
report-to: {"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:86:0"}],}
expires: Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin: https://www.bitdefender.com
cross-origin-opener-policy-report-only: same-origin; report-to=coop_reporting
content-length: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date: Mon, 04 Nov 2024 10:27:12 GMT
content-type: text/plain
server: Golfe2

GET
H2

200

src=5165113;dc_pre=CNma6dK7wokDFT4OogMdG9ADIg;type=na-c;cat=allpages;ord=8021047918396;npa=1;u2=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitd...
ade.googlesyndication.com/ddm/activity/
Redirect Chain

https://ade.googlesyndication.com/ddm/activity/src=5165113;type=na-c;cat=allpages;ord=8021047918396;npa=1;u2=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infosteale...
https://ade.googlesyndication.com/ddm/activity/src=5165113;dc_pre=CNma6dK7wokDFT4OogMdG9ADIg;type=na-c;cat=allpages;ord=8021047918396;npa=1;u2=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flab...

42 B
118 B

44ms
44ms

Image
image/gif

142.250.185.226
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://ade.googlesyndication.com/ddm/activity/src=5165113;dc_pre=CNma6dK7wokDFT4OogMdG9ADIg;type=na-c;cat=allpages;ord=8021047918396;npa=1;u2=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F;gdid=dMWZhNz.dOThhZD;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=denied;frm=0;gtm=45fe4au0v9171448788za200zb9190968901;gcs=G100;gcd=13p3pPp2p5l1;dma_cps=-;dma=1;tag_exp=101823848~101878899~101878944~101925629;epver=2;~oref=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages?

Protocol

Server

142.250.185.226 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s53-in-f2.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer: https://www.bitdefender.com/

Response headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
pragma: no-cache
cross-origin-resource-policy: cross-origin
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 42
date: Mon, 04 Nov 2024 10:27:13 GMT
x-xss-protection: 0
content-type: image/gif
server: cafe

Redirect headers

cache-control: no-cache, must-revalidate
timing-allow-origin: *
location: https://ade.googlesyndication.com/ddm/activity/src=5165113;dc_pre=CNma6dK7wokDFT4OogMdG9ADIg;type=na-c;cat=allpages;ord=8021047918396;npa=1;u2=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2F;gdid=dMWZhNz.dOThhZD;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=denied;frm=0;gtm=45fe4au0v9171448788za200zb9190968901;gcs=G100;gcd=13p3pPp2p5l1;dma_cps=-;dma=1;tag_exp=101823848~101878899~101878944~101925629;epver=2;~oref=https%3A%2F%2Fwww.bitdefender.com%2Fen-us%2Fblog%2Flabs%2Funmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages?
pragma: no-cache
cross-origin-resource-policy: cross-origin
follow-only-when-prerender-shown: 1
x-content-type-options: nosniff
expires: Fri, 01 Jan 1990 00:00:00 GMT
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length: 0
date: Mon, 04 Nov 2024 10:27:12 GMT
x-xss-protection: 0
content-type: text/html; charset=UTF-8
server: cafe

GET
H2 200 sw_iframe.html
www.googletagmanager.com/static/service_worker/4al0/ Frame E704 0
0 24ms
7ms Document
text/html 2a00:1450:4001:810::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/static/service_worker/4al0/sw_iframe.html?origin=https%3A%2F%2Fwww.bitdefender.com

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=AW-1040562098&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:810::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
age: 414247
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: public, max-age=31536000
content-encoding: br
content-length: 1476
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/analytics-container-tag-serving
content-type: text/html
cross-origin-opener-policy: same-origin; report-to="analytics-container-tag-serving"
cross-origin-resource-policy: cross-origin
date: Wed, 30 Oct 2024 15:23:05 GMT
expires: Thu, 30 Oct 2025 15:23:05 GMT
last-modified: Mon, 21 Oct 2024 16:58:00 GMT
report-to: {"group":"analytics-container-tag-serving","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/analytics-container-tag-serving"}]}
server: sffe
service-worker-allowed: /static/service_worker
vary: Accept-Encoding
x-content-type-options: nosniff
x-xss-protection: 0

POST
H2 200 mon Show response
obseu.ofgreencolumn.com/ 0
39 B 32ms
30ms XHR
application/json 2a05:d018:56f:b802:834:8d0e:be2f:5ebe
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://obseu.ofgreencolumn.com/mon
Requested by: Host: euob.ofgreencolumn.com
URL: https://euob.ofgreencolumn.com/sxp/i/9890752fc19726fc8a394d54a189ae9f.js
Protocol: H2
Security: TLS 1.2, ECDHE_ECDSA, AES_256_GCM
Server: 2a05:d018:56f:b802:834:8d0e:be2f:5ebe Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type: application/x-www-form-urlencoded
Referer: https://www.bitdefender.com/

Response headers

access-control-allow-origin: https://www.bitdefender.com
content-length: 0
date: Mon, 04 Nov 2024 10:27:13 GMT
content-type: application/json
access-control-allow-credentials: true
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE

Verdicts & Comments Add Verdict or Comment

102 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

30 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.bitdefender.com/	1969-12-31 23:59:59	Name: tagit_session Value: 1
www.bitdefender.com/	1969-12-31 23:59:59	Name: PHPSESSID Value: 8p7d5vs4sj630ocbuel8c5n8g6
.bitdefender.com/	1970-01-21 09:30:52	Name: bd112 Value: i44FAA%3D%3D
.bitdefender.com/	1969-12-31 23:59:59	Name: at_check Value: true
.demdex.net/	1970-01-21 05:04:28	Name: demdex Value: 58256175664764225393552927275058157076
www.bitdefender.com/	1969-12-31 23:59:59	Name: tagit_params Value: %7B%22obj%22%3A%5B%5D%7D
.bitdefender.com/	1970-01-21 02:56:40	Name: _cq_duid Value: 1.1730716030.yIuZabZBF9MLAFFA
.bitdefender.com/	1969-12-31 23:59:59	Name: _cq_suid Value: 1.1730716030.rczTTV1h10XcFiqX
.bitdefender.com/	1969-12-31 23:59:59	Name: AMCVS_0E920C0F53DA9E9B0A490D45%40AdobeOrg Value: 1
.bitdefender.com/	1970-01-21 10:21:16	Name: s_ecid Value: MCMID%7C58236155834717141243551065505558930643
obseu.ofgreencolumn.com/	1970-01-21 08:49:06	Name: cg_uuid Value: ff4effbf9d1fdea18710684f13869e62
.bitdefender.com/	1970-01-21 10:21:16	Name: mbox Value: session#4f9a548efa3a4637a10a1c34b1b1a54a#1730717891\|PC#4f9a548efa3a4637a10a1c34b1b1a54a.37_0#1793960831
.dpm.demdex.net/	1970-01-21 05:04:28	Name: dpm Value: 58256175664764225393552927275058157076
.bitdefender.com/	1970-01-21 10:21:16	Name: AMCV_0E920C0F53DA9E9B0A490D45%40AdobeOrg Value: 179643557%7CMCIDTS%7C20032%7CMCMID%7C58236155834717141243551065505558930643%7CMCAAMLH-1731320830%7C6%7CMCAAMB-1731320830%7CRKhpRz8krg2tLO6pguXWp5olkAcUniQYPHaMWWgdJ3xzPWQmdj0y%7CMCOPTOUT-1730723230s%7CNONE%7CMCAID%7CNONE%7CMCSYNCSOP%7C411-20039%7CvVersion%7C5.5.0
.hsforms.com/	1970-01-21 00:45:17	Name: __cf_bm Value: 0C2dcq3YtsBNj_Ahko767qx7SKm_ZDBVrCjsWgmXQso-1730716030-1.0.1.1-62GwWlHbXDDgURB17WHt854QZtmk4OM1N7axeCCKfjYb5HnZgMqhK_6z4wmkU5mJM6qJbxbDtjDzqPDKovDTCw
.hsforms.com/	1969-12-31 23:59:59	Name: _cfuvid Value: N_AZOz_jvy2iZlN1ieJq1soEYR0_LOZ.aeDDgxRZFvw-1730716030252-0.0.1.1-604800000
.doubleclick.net/	1970-01-21 10:06:52	Name: IDE Value: AHWqTUmszPf8eXY0zyPtDIBJJzdMCjQVdQx2t8eeuHv8QmD-DHj41F0L-XzMlTv4WpA
.demdex.net/	1970-01-21 05:04:28	Name: dextp Value: 771-1-1730716030188\|1123-1-1730716030290\|129099-1-1730716030391
.twitter.com/	1970-01-21 10:21:16	Name: personalization_id Value: "v1_xhK7wwLvikGj+mmN/mTrDg=="
.bitdefender.com/	1970-01-21 05:04:28	Name: __hstc Value: 27765283.933b06c92b6f50bafba1e6bd039c5755.1730716030698.1730716030698.1730716030698.1
.bitdefender.com/	1970-01-21 05:04:28	Name: hubspotutk Value: 933b06c92b6f50bafba1e6bd039c5755
.bitdefender.com/	1969-12-31 23:59:59	Name: __hssrc Value: 1
.bitdefender.com/	1970-01-21 00:45:17	Name: __hssc Value: 27765283.1.1730716030698
.hubspot.com/	1970-01-21 00:45:17	Name: __cf_bm Value: JI9yOiZCNBakS0_ByFUOQuSO5wlHJZ6sWow1T2oiQtQ-1730716030-1.0.1.1-jBoJtwDLcOpXTVN7Nop2bgSEo57PU9gsvkaAxbiafBm.7blLoHuu13yrf2lZjFXkG8AtPoO6HYmgLdCqB8EU7w
.hubspot.com/	1969-12-31 23:59:59	Name: _cfuvid Value: eNqAYn4A2cKEAY0p.oH6dxwo7LmTbzqRvtHEbPaVusU-1730716030840-0.0.1.1-604800000
.bitdefender.com/	1969-12-31 23:59:59	Name: s_ips Value: 1200
.bitdefender.com/	1969-12-31 23:59:59	Name: s_tp Value: 15183
.bitdefender.com/	1969-12-31 23:59:59	Name: s_ppv Value: blog%253Alabs%253Aantimalware-research%253Aunmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages%2C8%2C8%2C1200%2C1%2C12
.bitdefender.com/	1969-12-31 23:59:59	Name: s_cc Value: true
.bitdefender.com/	1970-01-21 00:55:20	Name: at_geo Value: {%22latitude%22:49.45%2C%22longitude%22:11.07%2C%22countryCode%22:%22DE%22%2C%22stateCode%22:%22BY%22%2C%22city%22:%22NURNBERG%22}

4 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
rendering	warning	URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Message: [GroupMarkerNotSet(crbug.com/242999)!:A030B00134280000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
rendering	warning	URL: https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ Message: [GroupMarkerNotSet(crbug.com/242999)!:A0301D0034280000]Automatic fallback to software WebGL has been deprecated. Please use the --enable-unsafe-swiftshader flag to opt in to lower security guarantees for trusted content.
security	error	URL: https://euob.ofgreencolumn.com/sxp/i/9890752fc19726fc8a394d54a189ae9f.js Message: Refused to create a worker from 'blob:https://www.bitdefender.com/e3039166-586d-4bdb-9b83-0e38ecff3d94' because it violates the following Content Security Policy directive: "script-src 'self' 'self' .emarsys.net www.gartner.com cdnjs.cloudflare.com assets.adobedtm.com .google.com www.gstatic.com .hs-scripts.com consentcdn.cookiebot.com bitdefender.demdex.net consent.cookiebot.com www.googletagmanager.com .googleadservices.com tag.demandbase.com .doubleclick.net sentry.nmbapp.net snap.licdn.com edge.fullstory.com .hotjar.com js.hubspot.com js.hsforms.net js.hscta.net js.hs-analytics.net js.hsleadflows.net js.hsadspixel.net js.hs-banner.com js.usemessages.com cdn.scarabresearch.com .bing.com static.ads-twitter.com www.redditstatic.com d.impactradius-event.com connect.facebook.net .clarity.ms .bitdefender.com .scarabresearch.com www.dwin1.com .taboola.com .outbrain.com retrack-kupona.kuponacdn.de ad4m.at .google-analytics.com cdn.bizible.com 'unsafe-inline' 'unsafe-eval' .cookielaw.org .criteo.com .googletagservices.com .2mdn.net .googlesyndication.com .usercentrics.eu .ofgreencolumn.com .tiktok.com .impactcdn.com". Note that 'worker-src' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://euob.ofgreencolumn.com/sxp/i/9890752fc19726fc8a394d54a189ae9f.js Message: Refused to create a worker from 'blob:https://www.bitdefender.com/49640e3a-f886-4412-b380-6a406d149a50' because it violates the following Content Security Policy directive: "script-src 'self' 'self' .emarsys.net www.gartner.com cdnjs.cloudflare.com assets.adobedtm.com .google.com www.gstatic.com .hs-scripts.com consentcdn.cookiebot.com bitdefender.demdex.net consent.cookiebot.com www.googletagmanager.com .googleadservices.com tag.demandbase.com .doubleclick.net sentry.nmbapp.net snap.licdn.com edge.fullstory.com .hotjar.com js.hubspot.com js.hsforms.net js.hscta.net js.hs-analytics.net js.hsleadflows.net js.hsadspixel.net js.hs-banner.com js.usemessages.com cdn.scarabresearch.com .bing.com static.ads-twitter.com www.redditstatic.com d.impactradius-event.com connect.facebook.net .clarity.ms .bitdefender.com .scarabresearch.com www.dwin1.com .taboola.com .outbrain.com retrack-kupona.kuponacdn.de ad4m.at .google-analytics.com cdn.bizible.com 'unsafe-inline' 'unsafe-eval' .cookielaw.org .criteo.com .googletagservices.com .2mdn.net .googlesyndication.com .usercentrics.eu .ofgreencolumn.com .tiktok.com .impactcdn.com". Note that 'worker-src' was not explicitly set, so 'script-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header

Value

Content-Security-Policy

Strict-Transport-Security

max-age=31536000; includeSubDomains

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ade.googlesyndication.com
api.company-target.com
api.hubspot.com
api.usercentrics.eu
app.usercentrics.eu
assets.adobedtm.com
assets.adobetarget.com
bitdefender.demdex.net
blogapp.bitdefender.com
cm.everesttech.net
consent-api.service.consent.usercentrics.eu
consent.cookiebot.com
consentcdn.cookiebot.com
cta-service-cms2.hubspot.com
download.bitdefender.com
dpm.demdex.net
euob.ofgreencolumn.com
forms.hubspot.com
imgsct.cookiebot.com
js-na1.hs-scripts.com
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsleadflows.net
js.hubspot.com
js.usemessages.com
obseu.ofgreencolumn.com
pagead2.googlesyndication.com
perf-na1.hsforms.com
region1.google-analytics.com
sstats.bitdefender.com
starget.bitdefender.com
track.hubspot.com
uct.service.usercentrics.eu
www.bitdefender.com
www.googletagmanager.com
104.18.80.204
108.128.214.125
142.250.184.194
142.250.185.226
18.66.102.85
2001:4860:4802:32::36
2600:1901:0:1e38::
2600:1901:0:5987::
2600:1901:0:c07c::
2600:9000:2490:c200:d:199b:f700:93a1
2606:4700:4400::6812:28f0
2606:4700::6810:4d8e
2606:4700::6810:7674
2606:4700::6810:8bd1
2606:4700::6810:a0a8
2606:4700::6812:8911
2606:4700::6812:a9
2606:4700::6812:a9de
2a00:1450:4001:810::2008
2a02:26f0:3500:18::1724:a28c
2a02:26f0:3500:886::f09
2a02:26f0:3500:887::f09
2a02:26f0:480:33::212:40cf
2a02:26f0:480:a89::294d
2a02:26f0:480:f9d::1e80
2a05:d018:56f:b802:834:8d0e:be2f:5ebe
34.95.108.180
35.190.14.188
35.241.3.184
52.16.193.179
54.194.45.227
63.140.62.222
66.235.152.156
009a4cf1623ff76804e55d59a17f680f77d8c76ada674500997ff44cc7ac0741
018f9e1aaada6e0c449d70167f3609fd5e8d028715e9ddf56cd5e6886d5ab140
0405d39301cc6b0dc7a7e672665971ec14e22b722cbdd3bd9f07b1975035617c
043b96d186740cbc6123374ca605a0d64dab716490de8139c5ad850752f3035b
067c9537ec36da4afb93e9fec9bc7e656959b6623e9491f0092200db06657f1c
0a25589501a065c71010f4b685f20a2a283ba910b374e2ce8148c4fcd623e9a5
0bcf79e14fc025ab07f9187810e1bf6c87db8cf16a9efd07ae31c00afaf51dcc
0bec4f5deafe105f91bd435fd9cb91a0e245618930ed100e0cf778485209dc98
1096a6a85bfbd4ff3d882bb2ddbf78fa30b7bbd27390c4801004891f69dfda9a
13dabe6c8ff8332773d4204c6d265bb0eb8d7b2b411d70c18e8ae380bc30791c
1789e6bf0f139fc89e73756237ae433989a6d27e7effe2d1771c06d2566f889b
1a639c6b443b17ec6c6f50d2de9487ec53d78fd91adec25c8d84f4668be31242
1ca014a90c27521e501919e22376c6fa1c4ab07ac65ee6af1ff136b0f324e76d
25f82b0775d468ef51478c9a5aa42a28b077dbfe94d9fa0c3ac5f1ba72975eb5
281687db3610680bd733cdea13a77c34e18e99266ad810d5fff7f3e7f7fdf53c
293c213205cd107ec18a50ae1f8a7b79915117d162cc58701a575def7c295d39
297e7d5e24e8181ed7cec1ec01d397e123dfe56245b1d00e1d6aa391a73b09c7
2a9169e087b81ab0309db3e903459162c62102cafd1a24b6ee0ac25cdb048f59
2c0ed4180c2d314541423c050801191f1b66bbb0674f4442244cdccea255281b
2d16cba05ac4b3b16e9769d2790f8097b6f1add7f41b70b1a0ad28e84a539ae6
2d39eb3267ddb560aa501c161fe1dabd61d6d6f116eb380242f1259f5f2b4a28
2e37601196916bbd9fe11c93d75e477814b45f2aa14ed475504905b573186065
2ef11b39bdbd779733b5b2b7201b81de4884bd8f37a43aab5e2ee46a613212d3
33f4a3188e5bd3946bc65cba66db7f0400a6c149acc208b4b46640af86858f61
37a43bc3ba54dd9fcbfd85ba8bae047ea0fe83f6047019632ebe9592cac77daf
398bc8ea8cc9d46825ff276c3feed57df8f3eecec462705f2deacb59f1ab7ce2
3bfe30d98e1e3510f76a8f380da5af288cd6313ff2977844bf345c7f3afcefda
3ef6f208d5f5a0b5b721dbc552dceeff0b7f2e3814bbd108bb9a594f4e423f62
3f2069e4f379291c013b2ac6b33c3770c98737524f80ccdfca1ea8586169622e
43aee67c392b46da2e0de49eec7e78255bcbd0d339f05f6eec10f26c64ecc4f3
468d1b781f92af9595f1f88f4adf50781db2b2295a93bd77fb0ff364b0749783
4a2207e1dfdac97cdf65dce070c145d2f8251b726777b5073bb79308e69e1a68
4edd782df9a9f91a556f6334dc586c1e867e35bb47697387dd3939dff706e4ff
4fc1a9ef4343f0eedc101f4b68f7b21afef2550cd06567e7efad269820b720f7
525519f38e623a98e797c6de76256ced894bbcda1a29c2a54f4c9232396ddf62
55c9d2f019f9d7ddfd69b2ad0351c5617338a222362aebb02b3b98a4dbc18486
60b95df8267d708bd8d128b4cf4b357d1deeb851baabb89f594bdc254b9f701f
6692354a1d9a4d531832e922f7e86a9e80f24562572c9dc7614a71fe5145b266
68a3a7168f0b5b42d268263b428ae09c120728fe16953a160a596aa351ed088b
6adc3d4c1056996e4e8b765a62604c78b1f867cceb3b15d0b9bedb7c4857f992
6d366b46e8048e40f0cdc37d4a9f1ee555a86465a5e76d19d6b9ef85adaafb88
75ded79ed5480f340280281aec92a8cf2b1a6dc33eea51d70a132b43f7c4aced
831b25d2cf0066937657444e6d8366c0e51af9ac0989def0613358d48bd45b88
8395d72ab340a6fb7923d93b019bffa5570553f6762dc56eeb4e5ee603ae3dda
86302a35aca59f3ef924580f6d1b8b98854a6e2edf701eb70b7a454865b2c020
8e108696de337035c30dce22810814d7ea29fd004d2cb11efc85c43bbacb6104
9173d0d924e96a7afb4fd2acfab5ddc7dcc69f0c3a1eb5e5a68c307f52818bbe
93d68e599c87c51e08c8b7813470cd1951e2d40e903f7871bf29735c77715f02
94c4c63644ae78a9a0ce2307d064e5ece79caee5540a313426ba18886a8917ce
9853ed7c1a8f9217de1e500ca819e18cb0f25fc313b874a32c82901515cf0923
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9a54e6b1253d785972ccaab75a888119d13083bfb1f80343aef9454d5cd5bb6d
9cdb93be66690562b1a797663c008b59d98b6ef80be4ecca091743dec5dd120a
9f7b64425c74e14cd0e16bf088eb5563fec75bdf19f1c1887378f936f1b67f4b
a1aa30b8c2998ad91b6d0cd88fa7fa3a4c2a3e79df019cbc504e380f0aef6c47
a2fb0b0f7558882572b55c7be17599c384c388b51295b1e6fbd306cf99ad5e76
a3cddc071e1d265159ef98298be31d30532d5629ad9acba1c3f8318d2262ccbf
a988415a6adfb1c6eb3248b7cc08e1d169c04632a2b390e7bf182aa734a763bc
b30b70e2067e407e427ac15a978091acb030d9b2db360ea2a3ce3eec6ef474e5
b37c5d6586ad70d770ed5acf7caa2372637af52fce2db6380e6146d7660add7a
b3bce010c0f5a7c24a82ae511194baf67bf8c2cee737a3a118f6b9590d322b15
b5f26298d2d62ac1e4e3223a8c05f514c9ad4ec7605dedd14bb44d698178ed64
b8ba912addc89290827f18a10c8a9ba9ba58a42bcb48b527d5b8764fc2817a7e
b9d5cb60efaca3c6eae5d3b497e5e81d30325da6951286b161b89335d3e1f1f4
ba2d9de94704a49594ea54353974b96ab4cdaea5a0208810607c6ead0e631531
bc46f73d1e8d4bd8b50c6a6716fa62f2035aff8200b4baa5ce25dc3c304e300b
be896bdbc5445ec366a8d0d81d4a553e900d73898461be6b79a7c0ac2236ef30
c59781f6f643ec6a6ef6f736f0ffef9dd1a39043e712f10c1713d8505026bb4c
cb60114d01e18846fc0570ef5b0c637ff1cf5f96b3cea88dd7a7a56bc587d726
cd156e27a45444e7eaa90bda6656cf52fcd6b06b96e4abcf15717e724dbbf6a0
d44882ab82adeef2856a0d52fb54bb70e472be45d50aa3a16b4cb39223391a99
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
e15617e43b2d6ce2e35ee3668896cecee0159634b9ca497f3284d4dffd8f74d2
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e762dea4a25bf3b8c1fdae8951feaa2a41c8962e3a3145996efcfb78d79333cc
ebbf51132ac80c2070995d82e1b1237526521386eaced499d94c36a05804141f
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
fab5cda5682da8425e7110db62aa4c2163e2bbd8e2eec76139e3b1451520fa92
fab8294d35a12278bfd9179ac66940d6d77145b986fc04e5826a8521f7aa1d49
fceba08a6bbdf2598e8f6d43e71b51854337da5f880c3fff252a25b9cd10b6ae
fcf4ad57046af8b44b9f85d4398ca15757c54cdbdecfdfdf438266ff0bd996f8
fda7bb68be60070389cf11d11207cd670841a8525179865e5ea884e930a30a95
fdeb65d19f2cb906342f9a610b6fbb2b149e629d02dd02fbdb37fa79e11ac0f5
ff4f6648acadc44920e61b0f23a8b965f54d4ad9f87977e8113f5531c8f1e1b9

www.bitdefender.com Open in urlscan Pro 2606:4700::6812:a9 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

103 Requests

94 %HTTPS

64 %IPv6

19 Domains

36 Subdomains

32 IPs

4 Countries

1573 kBTransfer

4901 kBSize

30 Cookies

9 Outgoing links

Redirected requests

103 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.bitdefender.com Open in urlscan Pro
2606:4700::6812:a9 Public Scan

Screenshot
Live screenshot

Full Image

103
Requests

94 %
HTTPS

64 %
IPv6

19
Domains

36
Subdomains

32
IPs

4
Countries

1573 kB
Transfer

4901 kB
Size

30
Cookies

103 HTTP transactions
0 data transactions